# HG changeset patch
# User andrew
# Date 1597730494 -3600
#      Tue Aug 18 07:01:34 2020 +0100
# Node ID 3463f5a842d59f292cc7b1487e32ee702ddc22e8
# Parent  dde5ac0be7e8ef64bf06c0d49e6893b7b84e2ced
# Parent  ce1f37506608e9a032a35ab60bf2eb9c5338064d
Merge jdk8u272-b04

diff --git a/.hgtags b/.hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -1255,3 +1255,4 @@
 051a8d2a65e3b6e9718fa0aa5f29a25e772637c4 aarch64-shenandoah-jdk8u272-b02
 fb9d9cfd0523ac01c0619ff172dc9c4bd71f240f jdk8u272-b03
 8ff15320ff034a5354db4b81fe8b4e8e51822eb5 aarch64-shenandoah-jdk8u272-b03
+4d586f39fed361c94475772d9b638fb3cccd8e00 jdk8u272-b04
diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README
--- a/THIRD_PARTY_README
+++ b/THIRD_PARTY_README
@@ -3028,7 +3028,7 @@
   Apache Commons Math 3.2
   Apache Derby 10.11.1.2
   Apache Jakarta BCEL 5.1 
-  Apache Santuario XML Security for Java 1.5.4
+  Apache Santuario XML Security for Java 2.1.1
   Apache Xalan-Java 2.7.2
   Apache Xerces Java 2.10.0 
   Apache XML Resolver 1.1 
diff --git a/src/share/classes/com/sun/management/HotSpotDiagnosticMXBean.java b/src/share/classes/com/sun/management/HotSpotDiagnosticMXBean.java
--- a/src/share/classes/com/sun/management/HotSpotDiagnosticMXBean.java
+++ b/src/share/classes/com/sun/management/HotSpotDiagnosticMXBean.java
@@ -25,7 +25,6 @@
 
 package com.sun.management;
 
-import java.util.List;
 import java.lang.management.PlatformManagedObject;
 
 /**
@@ -110,7 +109,7 @@
      * @throws IllegalArgumentException if the VM option of the given name
      *                                     does not exist.
      * @throws IllegalArgumentException if the new value is invalid.
-     * @throws IllegalArgumentException if the VM option is not writeable.
+     * @throws IllegalArgumentException if the VM option is not writable.
      * @throws NullPointerException if name or value is <tt>null</tt>.
      *
      * @throws  java.lang.SecurityException
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java b/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
@@ -30,9 +30,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
@@ -61,9 +59,8 @@
     /** The namespace for CONF file **/
     public static final String CONF_NS = "http://www.xmlsecurity.org/NS/#configuration";
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Init.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(Init.class);
 
     /** Field alreadyInitialized */
     private static boolean alreadyInitialized = false;
@@ -72,7 +69,7 @@
      * Method isInitialized
      * @return true if the library is already initialized.
      */
-    public static synchronized final boolean isInitialized() {
+    public static final synchronized boolean isInitialized() {
         return Init.alreadyInitialized;
     }
 
@@ -87,16 +84,16 @@
 
         InputStream is =
             AccessController.doPrivileged(
-                new PrivilegedAction<InputStream>() {
-                    public InputStream run() {
+                (PrivilegedAction<InputStream>)
+                    () -> {
                         String cfile =
                             System.getProperty("com.sun.org.apache.xml.internal.security.resource.config");
                         if (cfile == null) {
                             return null;
                         }
-                        return getClass().getResourceAsStream(cfile);
+                        return Init.class.getResourceAsStream(cfile);
                     }
-                });
+                );
         if (is == null) {
             dynamicInit();
         } else {
@@ -117,9 +114,8 @@
         //
         I18n.init("en", "US");
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Registering default algorithms");
-        }
+        LOG.debug("Registering default algorithms");
+
         try {
             AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){
                 @Override public Void run() throws XMLSecurityException {
@@ -160,10 +156,10 @@
 
                     return null;
                 }
-           });
+            });
         } catch (PrivilegedActionException ex) {
             XMLSecurityException xse = (XMLSecurityException)ex.getException();
-            log.log(java.util.logging.Level.SEVERE, xse.getMessage(), xse);
+            LOG.error(xse.getMessage(), xse);
             xse.printStackTrace();
         }
     }
@@ -174,13 +170,7 @@
     private static void fileInit(InputStream is) {
         try {
             /* read library configuration file */
-            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
-            dbf.setNamespaceAware(true);
-            dbf.setValidating(false);
-
-            DocumentBuilder db = dbf.newDocumentBuilder();
+            DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
             Document doc = db.parse(is);
             Node config = doc.getFirstChild();
             for (; config != null; config = config.getNextSibling()) {
@@ -189,7 +179,7 @@
                 }
             }
             if (config == null) {
-                log.log(java.util.logging.Level.SEVERE, "Error in reading configuration file - Configuration element not found");
+                LOG.error("Error in reading configuration file - Configuration element not found");
                 return;
             }
             for (Node el = config.getFirstChild(); el != null; el = el.getNextSibling()) {
@@ -197,11 +187,11 @@
                     continue;
                 }
                 String tag = el.getLocalName();
-                if (tag.equals("ResourceBundles")) {
+                if ("ResourceBundles".equals(tag)) {
                     Element resource = (Element)el;
                     /* configure internationalization */
-                    Attr langAttr = resource.getAttributeNode("defaultLanguageCode");
-                    Attr countryAttr = resource.getAttributeNode("defaultCountryCode");
+                    Attr langAttr = resource.getAttributeNodeNS(null, "defaultLanguageCode");
+                    Attr countryAttr = resource.getAttributeNodeNS(null, "defaultCountryCode");
                     String languageCode =
                         (langAttr == null) ? null : langAttr.getNodeValue();
                     String countryCode =
@@ -209,45 +199,41 @@
                     I18n.init(languageCode, countryCode);
                 }
 
-                if (tag.equals("CanonicalizationMethods")) {
+                if ("CanonicalizationMethods".equals(tag)) {
                     Element[] list =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "CanonicalizationMethod");
 
-                    for (int i = 0; i < list.length; i++) {
-                        String uri = list[i].getAttributeNS(null, "URI");
+                    for (Element element : list) {
+                        String uri = element.getAttributeNS(null, "URI");
                         String javaClass =
-                            list[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         try {
                             Canonicalizer.register(uri, javaClass);
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Canonicalizer.register(" + uri + ", " + javaClass + ")");
-                            }
+                            LOG.debug("Canonicalizer.register({}, {})", uri, javaClass);
                         } catch (ClassNotFoundException e) {
                             Object exArgs[] = { uri, javaClass };
-                            log.log(java.util.logging.Level.SEVERE, I18n.translate("algorithm.classDoesNotExist", exArgs));
+                            LOG.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
                         }
                     }
                 }
 
-                if (tag.equals("TransformAlgorithms")) {
+                if ("TransformAlgorithms".equals(tag)) {
                     Element[] tranElem =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "TransformAlgorithm");
 
-                    for (int i = 0; i < tranElem.length; i++) {
-                        String uri = tranElem[i].getAttributeNS(null, "URI");
+                    for (Element element : tranElem) {
+                        String uri = element.getAttributeNS(null, "URI");
                         String javaClass =
-                            tranElem[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         try {
                             Transform.register(uri, javaClass);
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Transform.register(" + uri + ", " + javaClass + ")");
-                            }
+                            LOG.debug("Transform.register({}, {})", uri, javaClass);
                         } catch (ClassNotFoundException e) {
                             Object exArgs[] = { uri, javaClass };
 
-                            log.log(java.util.logging.Level.SEVERE, I18n.translate("algorithm.classDoesNotExist", exArgs));
+                            LOG.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
                         } catch (NoClassDefFoundError ex) {
-                            log.log(java.util.logging.Level.WARNING, "Not able to found dependencies for algorithm, I'll keep working.");
+                            LOG.warn("Not able to found dependencies for algorithm, I'll keep working.");
                         }
                     }
                 }
@@ -257,64 +243,54 @@
                     if (algorithmsNode != null) {
                         Element[] algorithms =
                             XMLUtils.selectNodes(algorithmsNode.getFirstChild(), CONF_NS, "Algorithm");
-                        for (int i = 0; i < algorithms.length; i++) {
-                            Element element = algorithms[i];
-                            String id = element.getAttribute("URI");
+                        for (Element element : algorithms) {
+                            String id = element.getAttributeNS(null, "URI");
                             JCEMapper.register(id, new JCEMapper.Algorithm(element));
                         }
                     }
                 }
 
-                if (tag.equals("SignatureAlgorithms")) {
+                if ("SignatureAlgorithms".equals(tag)) {
                     Element[] sigElems =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "SignatureAlgorithm");
 
-                    for (int i = 0; i < sigElems.length; i++) {
-                        String uri = sigElems[i].getAttributeNS(null, "URI");
+                    for (Element sigElem : sigElems) {
+                        String uri = sigElem.getAttributeNS(null, "URI");
                         String javaClass =
-                            sigElems[i].getAttributeNS(null, "JAVACLASS");
+                            sigElem.getAttributeNS(null, "JAVACLASS");
 
                         /** $todo$ handle registering */
 
                         try {
                             SignatureAlgorithm.register(uri, javaClass);
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "SignatureAlgorithm.register(" + uri + ", "
-                                          + javaClass + ")");
-                            }
+                            LOG.debug("SignatureAlgorithm.register({}, {})", uri, javaClass);
                         } catch (ClassNotFoundException e) {
                             Object exArgs[] = { uri, javaClass };
 
-                            log.log(java.util.logging.Level.SEVERE, I18n.translate("algorithm.classDoesNotExist", exArgs));
+                            LOG.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
                         }
                     }
                 }
 
-                if (tag.equals("ResourceResolvers")) {
-                    Element[]resolverElem =
+                if ("ResourceResolvers".equals(tag)) {
+                    Element[] resolverElem =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "Resolver");
 
-                    for (int i = 0; i < resolverElem.length; i++) {
+                    for (Element element : resolverElem) {
                         String javaClass =
-                            resolverElem[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         String description =
-                            resolverElem[i].getAttributeNS(null, "DESCRIPTION");
+                            element.getAttributeNS(null, "DESCRIPTION");
 
-                        if ((description != null) && (description.length() > 0)) {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass + ": "
-                                          + description);
-                            }
+                        if (description != null && description.length() > 0) {
+                            LOG.debug("Register Resolver: {}: {}", javaClass, description);
                         } else {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass
-                                          + ": For unknown purposes");
-                            }
+                            LOG.debug("Register Resolver: {}: For unknown purposes", javaClass);
                         }
                         try {
                             ResourceResolver.register(javaClass);
                         } catch (Throwable e) {
-                            log.log(java.util.logging.Level.WARNING,
+                            LOG.warn(
                                  "Cannot register:" + javaClass
                                  + " perhaps some needed jars are not installed",
                                  e
@@ -323,26 +299,20 @@
                     }
                 }
 
-                if (tag.equals("KeyResolver")){
+                if ("KeyResolver".equals(tag)){
                     Element[] resolverElem =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "Resolver");
-                    List<String> classNames = new ArrayList<String>(resolverElem.length);
-                    for (int i = 0; i < resolverElem.length; i++) {
+                    List<String> classNames = new ArrayList<>(resolverElem.length);
+                    for (Element element : resolverElem) {
                         String javaClass =
-                            resolverElem[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         String description =
-                            resolverElem[i].getAttributeNS(null, "DESCRIPTION");
+                            element.getAttributeNS(null, "DESCRIPTION");
 
-                        if ((description != null) && (description.length() > 0)) {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass + ": "
-                                          + description);
-                            }
+                        if (description != null && description.length() > 0) {
+                            LOG.debug("Register Resolver: {}: {}", javaClass, description);
                         } else {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass
-                                          + ": For unknown purposes");
-                            }
+                            LOG.debug("Register Resolver: {}: For unknown purposes", javaClass);
                         }
                         classNames.add(javaClass);
                     }
@@ -350,27 +320,22 @@
                 }
 
 
-                if (tag.equals("PrefixMappings")){
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "Now I try to bind prefixes:");
-                    }
+                if ("PrefixMappings".equals(tag)){
+                    LOG.debug("Now I try to bind prefixes:");
 
                     Element[] nl =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "PrefixMapping");
 
-                    for (int i = 0; i < nl.length; i++) {
-                        String namespace = nl[i].getAttributeNS(null, "namespace");
-                        String prefix = nl[i].getAttributeNS(null, "prefix");
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, "Now I try to bind " + prefix + " to " + namespace);
-                        }
+                    for (Element element : nl) {
+                        String namespace = element.getAttributeNS(null, "namespace");
+                        String prefix = element.getAttributeNS(null, "prefix");
+                        LOG.debug("Now I try to bind {} to {}", prefix, namespace);
                         ElementProxy.setDefaultPrefix(namespace, prefix);
                     }
                 }
             }
         } catch (Exception e) {
-            log.log(java.util.logging.Level.SEVERE, "Bad: ", e);
-            e.printStackTrace();
+            LOG.error("Bad: ", e);
         }
     }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java
@@ -40,7 +40,6 @@
      */
     public Algorithm(Document doc, String algorithmURI) {
         super(doc);
-
         this.setAlgorithmURI(algorithmURI);
     }
 
@@ -48,11 +47,11 @@
      * Constructor Algorithm
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public Algorithm(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public Algorithm(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -61,7 +60,7 @@
      * @return The URI of the algorithm
      */
     public String getAlgorithmURI() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return getLocalAttribute(Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -71,9 +70,7 @@
      */
     protected void setAlgorithmURI(String algorithmURI) {
         if (algorithmURI != null) {
-            this.constructionElement.setAttributeNS(
-                null, Constants._ATT_ALGORITHM, algorithmURI
-            );
+            setLocalAttribute(Constants._ATT_ALGORITHM, algorithmURI);
         }
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/ClassLoaderUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/ClassLoaderUtils.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/ClassLoaderUtils.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/ClassLoaderUtils.java
@@ -23,211 +23,19 @@
 
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-
-/**
- * This class is extremely useful for loading resources and classes in a fault
- * tolerant manner that works across different applications servers. Do not
- * touch this unless you're a grizzled classloading guru veteran who is going to
- * verify any change on 6 different application servers.
- */
 // NOTE! This is a duplicate of utils.ClassLoaderUtils with public
 // modifiers changed to package-private. Make sure to integrate any future
 // changes to utils.ClassLoaderUtils to this file.
 final class ClassLoaderUtils {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ClassLoaderUtils.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
 
     private ClassLoaderUtils() {
     }
 
     /**
-     * Load a given resource. <p/> This method will try to load the resource
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static URL getResource(String resourceName, Class<?> callingClass) {
-        URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url =
-                Thread.currentThread().getContextClassLoader().getResource(
-                    resourceName.substring(1)
-                );
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (url == null) {
-            url = cluClassloader.getResource(resourceName);
-        }
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url = cluClassloader.getResource(resourceName.substring(1));
-        }
-
-        if (url == null) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                url = cl.getResource(resourceName);
-            }
-        }
-
-        if (url == null) {
-            url = callingClass.getResource(resourceName);
-        }
-
-        if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResource('/' + resourceName, callingClass);
-        }
-
-        return url;
-    }
-
-    /**
-     * Load a given resources. <p/> This method will try to load the resources
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static List<URL> getResources(String resourceName, Class<?> callingClass) {
-        List<URL> ret = new ArrayList<URL>();
-        Enumeration<URL> urls = new Enumeration<URL>() {
-            public boolean hasMoreElements() {
-                return false;
-            }
-            public URL nextElement() {
-                return null;
-            }
-
-        };
-        try {
-            urls = Thread.currentThread().getContextClassLoader().getResources(resourceName);
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            //ignore
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls =
-                    Thread.currentThread().getContextClassLoader().getResources(
-                        resourceName.substring(1)
-                    );
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (!urls.hasMoreElements()) {
-            try {
-                urls = cluClassloader.getResources(resourceName);
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls = cluClassloader.getResources(resourceName.substring(1));
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                try {
-                    urls = cl.getResources(resourceName);
-                } catch (IOException e) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                    }
-                    // ignore
-                }
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            URL url = callingClass.getResource(resourceName);
-            if (url != null) {
-                ret.add(url);
-            }
-        }
-        while (urls.hasMoreElements()) {
-            ret.add(urls.nextElement());
-        }
-
-
-        if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResources('/' + resourceName, callingClass);
-        }
-        return ret;
-    }
-
-
-    /**
-     * This is a convenience method to load a resource as a stream. <p/> The
-     * algorithm used to find the resource is given in getResource()
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static InputStream getResourceAsStream(String resourceName, Class<?> callingClass) {
-        URL url = getResource(resourceName, callingClass);
-
-        try {
-            return (url != null) ? url.openStream() : null;
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            return null;
-        }
-    }
-
-    /**
-     * Load a class with a given name. <p/> It will try to load the class in the
+     * Load a class with a given name. <p></p> It will try to load the class in the
      * following order:
      * <ul>
      * <li>From Thread.currentThread().getContextClassLoader()
@@ -249,9 +57,7 @@
                 return cl.loadClass(className);
             }
         } catch (ClassNotFoundException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
             //ignore
         }
         return loadClass2(className, callingClass);
@@ -271,9 +77,7 @@
                     return callingClass.getClassLoader().loadClass(className);
                 }
             }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             throw ex;
         }
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
@@ -25,7 +25,6 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Element;
@@ -36,14 +35,13 @@
  */
 public class JCEMapper {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(JCEMapper.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(JCEMapper.class);
 
     private static Map<String, Algorithm> algorithmsMap =
         new ConcurrentHashMap<String, Algorithm>();
 
-    private static String providerName = null;
+    private static String providerName;
 
     /**
      * Method register
@@ -62,6 +60,7 @@
      * This method registers the default algorithms.
      */
     public static void registerDefaultAlgorithms() {
+        // Digest algorithms
         algorithmsMap.put(
             MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5,
             new Algorithm("", "MD5", "MessageDigest")
@@ -75,6 +74,10 @@
             new Algorithm("", "SHA-1", "MessageDigest")
         );
         algorithmsMap.put(
+            MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224,
+            new Algorithm("", "SHA-224", "MessageDigest")
+        );
+        algorithmsMap.put(
             MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256,
             new Algorithm("", "SHA-256", "MessageDigest")
         );
@@ -86,137 +89,114 @@
             MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512,
             new Algorithm("", "SHA-512", "MessageDigest")
         );
+        // Signature algorithms
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_DSA,
-            new Algorithm("", "SHA1withDSA", "Signature")
+            new Algorithm("DSA", "SHA1withDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_DSA_SHA256,
-            new Algorithm("", "SHA256withDSA", "Signature")
+            new Algorithm("DSA", "SHA256withDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5,
-            new Algorithm("", "MD5withRSA", "Signature")
+            new Algorithm("RSA", "MD5withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160,
-            new Algorithm("", "RIPEMD160withRSA", "Signature")
+            new Algorithm("RSA", "RIPEMD160withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
-            new Algorithm("", "SHA1withRSA", "Signature")
+            new Algorithm("RSA", "SHA1withRSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224,
+            new Algorithm("RSA", "SHA224withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256,
-            new Algorithm("", "SHA256withRSA", "Signature")
+            new Algorithm("RSA", "SHA256withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384,
-            new Algorithm("", "SHA384withRSA", "Signature")
+            new Algorithm("RSA", "SHA384withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512,
-            new Algorithm("", "SHA512withRSA", "Signature")
+            new Algorithm("RSA", "SHA512withRSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1_MGF1,
+            new Algorithm("RSA", "SHA1withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224_MGF1,
+            new Algorithm("RSA", "SHA224withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1,
+            new Algorithm("RSA", "SHA256withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1,
+            new Algorithm("RSA", "SHA384withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1,
+            new Algorithm("RSA", "SHA512withRSAandMGF1", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
-            new Algorithm("", "SHA1withECDSA", "Signature")
+            new Algorithm("EC", "SHA1withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224,
+            new Algorithm("EC", "SHA224withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256,
-            new Algorithm("", "SHA256withECDSA", "Signature")
+            new Algorithm("EC", "SHA256withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384,
-            new Algorithm("", "SHA384withECDSA", "Signature")
+            new Algorithm("EC", "SHA384withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
-            new Algorithm("", "SHA512withECDSA", "Signature")
+            new Algorithm("EC", "SHA512withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
+            new Algorithm("EC", "RIPEMD160withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
-            new Algorithm("", "HmacMD5", "Mac")
+            new Algorithm("", "HmacMD5", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160,
-            new Algorithm("", "HMACRIPEMD160", "Mac")
+            new Algorithm("", "HMACRIPEMD160", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
-            new Algorithm("", "HmacSHA1", "Mac")
+            new Algorithm("", "HmacSHA1", "Mac", 0, 0)
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_MAC_HMAC_SHA224,
+            new Algorithm("", "HmacSHA224", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA256,
-            new Algorithm("", "HmacSHA256", "Mac")
+            new Algorithm("", "HmacSHA256", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA384,
-            new Algorithm("", "HmacSHA384", "Mac")
+            new Algorithm("", "HmacSHA384", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA512,
-            new Algorithm("", "HmacSHA512", "Mac")
-        );
-        algorithmsMap.put(
-            XMLCipher.TRIPLEDES,
-            new Algorithm("DESede", "DESede/CBC/ISO10126Padding", "BlockEncryption", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_128,
-            new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 128)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_192,
-            new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_256,
-            new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_128_GCM,
-            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 128)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_192_GCM,
-            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_256_GCM,
-            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 256)
-        );
-        algorithmsMap.put(
-            XMLCipher.RSA_v1dot5,
-            new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
-        );
-        algorithmsMap.put(
-            XMLCipher.RSA_OAEP,
-            new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
-        );
-        algorithmsMap.put(
-            XMLCipher.RSA_OAEP_11,
-            new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
-        );
-        algorithmsMap.put(
-            XMLCipher.DIFFIE_HELLMAN,
-            new Algorithm("", "", "KeyAgreement")
-        );
-        algorithmsMap.put(
-            XMLCipher.TRIPLEDES_KeyWrap,
-            new Algorithm("DESede", "DESedeWrap", "SymmetricKeyWrap", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_128_KeyWrap,
-            new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 128)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_192_KeyWrap,
-            new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_256_KeyWrap,
-            new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 256)
+            new Algorithm("", "HmacSHA512", "Mac", 0, 0)
         );
     }
 
@@ -227,11 +207,7 @@
      * @return the JCE standard name corresponding to the given URI
      */
     public static String translateURItoJCEID(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
-        }
-
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
         if (algorithm != null) {
             return algorithm.jceName;
         }
@@ -244,11 +220,7 @@
      * @return the class name that implements this algorithm
      */
     public static String getAlgorithmClassFromURI(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
-        }
-
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
         if (algorithm != null) {
             return algorithm.algorithmClass;
         }
@@ -262,16 +234,21 @@
      * @return The length of the key used in the algorithm
      */
     public static int getKeyLengthFromURI(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
-        }
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
         if (algorithm != null) {
             return algorithm.keyLength;
         }
         return 0;
     }
 
+    public static int getIVLengthFromURI(String algorithmURI) {
+        Algorithm algorithm = getAlgorithm(algorithmURI);
+        if (algorithm != null) {
+            return algorithm.ivLength;
+        }
+        return 0;
+    }
+
     /**
      * Method getJCEKeyAlgorithmFromURI
      *
@@ -279,12 +256,38 @@
      * @return The KeyAlgorithm for the given URI.
      */
     public static String getJCEKeyAlgorithmFromURI(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
+         if (algorithm != null) {
+             return algorithm.requiredKey;
+         }
+        return null;
+    }
+
+    /**
+     * Method getJCEProviderFromURI
+     *
+     * @param algorithmURI
+     * @return The JCEProvider for the given URI.
+     */
+    public static String getJCEProviderFromURI(String algorithmURI) {
+        Algorithm algorithm = getAlgorithm(algorithmURI);
+        if (algorithm != null) {
+            return algorithm.jceProvider;
         }
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
-        if (algorithm != null) {
-            return algorithm.requiredKey;
+        return null;
+    }
+
+    /**
+     * Method getAlgorithm
+     *
+     * @param algorithmURI
+     * @return The Algorithm object for the given URI.
+     */
+    private static Algorithm getAlgorithm(String algorithmURI) {
+        LOG.debug("Request for URI {}", algorithmURI);
+
+        if (algorithmURI != null) {
+            return algorithmsMap.get(algorithmURI);
         }
         return null;
     }
@@ -301,7 +304,7 @@
      * Sets the default Provider for obtaining the security algorithms
      * @param provider the default providerId.
      * @throws SecurityException if a security manager is installed and the
-     *    caller does not have permission to set the JCE provider
+     *    caller does not have permission to register the JCE algorithm
      */
     public static void setProviderId(String provider) {
         JavaUtils.checkRegisterPermission();
@@ -317,40 +320,54 @@
         final String jceName;
         final String algorithmClass;
         final int keyLength;
+        final int ivLength;
+        final String jceProvider;
 
         /**
          * Gets data from element
          * @param el
          */
         public Algorithm(Element el) {
-            requiredKey = el.getAttribute("RequiredKey");
-            jceName = el.getAttribute("JCEName");
-            algorithmClass = el.getAttribute("AlgorithmClass");
+            requiredKey = el.getAttributeNS(null, "RequiredKey");
+            jceName = el.getAttributeNS(null, "JCEName");
+            algorithmClass = el.getAttributeNS(null, "AlgorithmClass");
+            jceProvider = el.getAttributeNS(null, "JCEProvider");
             if (el.hasAttribute("KeyLength")) {
-                keyLength = Integer.parseInt(el.getAttribute("KeyLength"));
+                keyLength = Integer.parseInt(el.getAttributeNS(null, "KeyLength"));
             } else {
                 keyLength = 0;
             }
+            if (el.hasAttribute("IVLength")) {
+                ivLength = Integer.parseInt(el.getAttributeNS(null, "IVLength"));
+            } else {
+                ivLength = 0;
+            }
         }
 
         public Algorithm(String requiredKey, String jceName) {
-            this(requiredKey, jceName, null, 0);
+            this(requiredKey, jceName, null, 0, 0);
         }
 
         public Algorithm(String requiredKey, String jceName, String algorithmClass) {
-            this(requiredKey, jceName, algorithmClass, 0);
+            this(requiredKey, jceName, algorithmClass, 0, 0);
         }
 
         public Algorithm(String requiredKey, String jceName, int keyLength) {
-            this(requiredKey, jceName, null, keyLength);
+            this(requiredKey, jceName, null, keyLength, 0);
         }
 
-        public Algorithm(String requiredKey, String jceName, String algorithmClass, int keyLength) {
+        public Algorithm(String requiredKey, String jceName, String algorithmClass, int keyLength, int ivLength) {
+            this(requiredKey, jceName, algorithmClass, keyLength, ivLength, null);
+        }
+
+        public Algorithm(String requiredKey, String jceName,
+                         String algorithmClass, int keyLength, int ivLength, String jceProvider) {
             this.requiredKey = requiredKey;
             this.jceName = jceName;
             this.algorithmClass = algorithmClass;
             this.keyLength = keyLength;
+            this.ivLength = ivLength;
+            this.jceProvider = jceProvider;
         }
     }
-
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
@@ -31,7 +31,7 @@
 import org.w3c.dom.Document;
 
 /**
- * Digest Message wrapper & selector class.
+ * Digest Message wrapper and selector class.
  *
  * <pre>
  * MessageDigestAlgorithm.getInstance()
@@ -44,6 +44,9 @@
         Constants.MoreAlgorithmsSpecNS + "md5";
     /** Digest - Required SHA1*/
     public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
+    /** Message Digest - OPTIONAL SHA224*/
+    public static final String ALGO_ID_DIGEST_SHA224 =
+        Constants.MoreAlgorithmsSpecNS + "sha224";
     /** Message Digest - RECOMMENDED SHA256*/
     public static final String ALGO_ID_DIGEST_SHA256 =
         EncryptionConstants.EncryptionSpecNS + "sha256";
@@ -121,7 +124,7 @@
      *
      * @return the actual {@link java.security.MessageDigest} algorithm object
      */
-    public java.security.MessageDigest getAlgorithm() {
+    public MessageDigest getAlgorithm() {
         return algorithm;
     }
 
@@ -134,7 +137,7 @@
      * @return the result of the {@link java.security.MessageDigest#isEqual} method
      */
     public static boolean isEqual(byte[] digesta, byte[] digestb) {
-        return java.security.MessageDigest.isEqual(digesta, digestb);
+        return MessageDigest.isEqual(digesta, digestb);
     }
 
     /**
@@ -243,12 +246,12 @@
         algorithm.update(buf, offset, len);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseNamespace() {
         return Constants.SignatureSpecNS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_DIGESTMETHOD;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
@@ -46,13 +46,11 @@
  * Allows selection of digital signature's algorithm, private keys, other
  * security parameters, and algorithm's ID.
  *
- * @author Christian Geuer-Pollmann
  */
 public class SignatureAlgorithm extends Algorithm {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureAlgorithm.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureAlgorithm.class);
 
     /** All available algorithm classes are registered here */
     private static Map<String, Class<? extends SignatureAlgorithmSpi>> algorithmHash =
@@ -75,7 +73,7 @@
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(getElement());
     }
 
     /**
@@ -93,10 +91,10 @@
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(getElement());
 
         signatureAlgorithm.engineSetHMACOutputLength(hmacOutputLength);
-        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(constructionElement);
+        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(getElement());
     }
 
     /**
@@ -107,7 +105,7 @@
      * @throws XMLSecurityException
      */
     public SignatureAlgorithm(Element element, String baseURI) throws XMLSecurityException {
-        this(element, baseURI, false);
+        this(element, baseURI, true);
     }
 
     /**
@@ -137,7 +135,7 @@
         }
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(getElement());
     }
 
     /**
@@ -148,20 +146,16 @@
         try {
             Class<? extends SignatureAlgorithmSpi> implementingClass =
                 algorithmHash.get(algorithmURI);
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
-                   + implementingClass + "\"");
+            LOG.debug("Create URI \"{}\" class \"{}\"", algorithmURI, implementingClass);
+            if (implementingClass == null) {
+                Object exArgs[] = { algorithmURI };
+                throw new XMLSignatureException("algorithms.NoSuchAlgorithmNoEx", exArgs);
             }
-            return implementingClass.newInstance();
-        }  catch (IllegalAccessException ex) {
+            SignatureAlgorithmSpi tmp = implementingClass.newInstance();
+            return tmp;
+        }  catch (IllegalAccessException | InstantiationException | NullPointerException ex) {
             Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
-        } catch (InstantiationException ex) {
-            Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
-        } catch (NullPointerException ex) {
-            Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
+            throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
         }
     }
 
@@ -311,14 +305,14 @@
      * @return the URI representation of Transformation algorithm
      */
     public final String getURI() {
-        return constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return getLocalAttribute(Constants._ATT_ALGORITHM);
     }
 
     /**
      * Registers implementing class of the SignatureAlgorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
-     * @param implementingClass <code>implementingClass</code> the implementing class of
+     * @param algorithmURI algorithmURI URI representation of {@code SignatureAlgorithm}.
+     * @param implementingClass {@code implementingClass} the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
@@ -330,9 +324,7 @@
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
         JavaUtils.checkRegisterPermission();
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
-        }
+        LOG.debug("Try to register {} {}", algorithmURI, implementingClass);
 
         // are we already registered?
         Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
@@ -349,15 +341,15 @@
             algorithmHash.put(algorithmURI, clazz);
         } catch (NullPointerException ex) {
             Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
+            throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
         }
     }
 
     /**
-     * Registers implementing class of the Transform algorithm with algorithmURI
+     * Registers implementing class of the SignatureAlgorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
-     * @param implementingClass <code>implementingClass</code> the implementing class of
+     * @param algorithmURI algorithmURI URI representation of {@code SignatureAlgorithm}.
+     * @param implementingClass {@code implementingClass} the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
@@ -368,9 +360,7 @@
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
         JavaUtils.checkRegisterPermission();
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
-        }
+        LOG.debug("Try to register {} {}", algorithmURI, implementingClass);
 
         // are we already registered?
         Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
@@ -408,6 +398,9 @@
             SignatureBaseRSA.SignatureRSARIPEMD160.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224, SignatureBaseRSA.SignatureRSASHA224.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureBaseRSA.SignatureRSASHA256.class
         );
         algorithmHash.put(
@@ -417,9 +410,27 @@
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512, SignatureBaseRSA.SignatureRSASHA512.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1_MGF1, SignatureBaseRSA.SignatureRSASHA1MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224_MGF1, SignatureBaseRSA.SignatureRSASHA224MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1, SignatureBaseRSA.SignatureRSASHA256MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1, SignatureBaseRSA.SignatureRSASHA384MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1, SignatureBaseRSA.SignatureRSASHA512MGF1.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224, SignatureECDSA.SignatureECDSASHA224.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureECDSA.SignatureECDSASHA256.class
         );
         algorithmHash.put(
@@ -429,12 +440,18 @@
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
         );
         algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160, IntegrityHmac.IntegrityHmacRIPEMD160.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_MAC_HMAC_SHA224, IntegrityHmac.IntegrityHmacSHA224.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA256, IntegrityHmac.IntegrityHmacSHA256.class
         );
         algorithmHash.put(
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java
@@ -32,9 +32,9 @@
 public abstract class SignatureAlgorithmSpi {
 
     /**
-     * Returns the URI representation of <code>Transformation algorithm</code>
+     * Returns the URI representation of {@code Transformation algorithm}
      *
-     * @return the URI representation of <code>Transformation algorithm</code>
+     * @return the URI representation of {@code Transformation algorithm}
      */
     protected abstract String engineGetURI();
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
@@ -0,0 +1,918 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.algorithms.implementations;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.*;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+public final class ECDSAUtils {
+
+    private ECDSAUtils() {
+        // complete
+    }
+
+    /**
+     * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
+     * <p></p>
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
+     * pairs; the XML Signature requires the core BigInteger values.
+     *
+     * @param asn1Bytes
+     * @return the decode bytes
+     * @throws IOException
+     * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+     * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+     */
+    public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
+
+        if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+        int offset;
+        if (asn1Bytes[1] > 0) {
+            offset = 2;
+        } else if (asn1Bytes[1] == (byte) 0x81) {
+            offset = 3;
+        } else {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+
+        byte rLength = asn1Bytes[offset + 1];
+        int i;
+
+        for (i = rLength; i > 0 && asn1Bytes[offset + 2 + rLength - i] == 0; i--); //NOPMD
+
+        byte sLength = asn1Bytes[offset + 2 + rLength + 1];
+        int j;
+
+        for (j = sLength; j > 0 && asn1Bytes[offset + 2 + rLength + 2 + sLength - j] == 0; j--); //NOPMD
+
+        int rawLen = Math.max(i, j);
+
+        if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
+                || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
+                || asn1Bytes[offset] != 2
+                || asn1Bytes[offset + 2 + rLength] != 2) {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+        byte xmldsigBytes[] = new byte[2 * rawLen];
+
+        System.arraycopy(asn1Bytes, offset + 2 + rLength - i, xmldsigBytes, rawLen - i, i);
+        System.arraycopy(asn1Bytes, offset + 2 + rLength + 2 + sLength - j, xmldsigBytes,
+                2 * rawLen - j, j);
+
+        return xmldsigBytes;
+    }
+
+    /**
+     * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
+     * <p></p>
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
+     * pairs; the XML Signature requires the core BigInteger values.
+     *
+     * @param xmldsigBytes
+     * @return the encoded ASN.1 bytes
+     * @throws IOException
+     * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+     * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+     */
+    public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
+
+        int rawLen = xmldsigBytes.length / 2;
+
+        int i;
+
+        for (i = rawLen; i > 0 && xmldsigBytes[rawLen - i] == 0; i--); //NOPMD
+
+        int j = i;
+
+        if (xmldsigBytes[rawLen - i] < 0) {
+            j += 1;
+        }
+
+        int k;
+
+        for (k = rawLen; k > 0 && xmldsigBytes[2 * rawLen - k] == 0; k--); //NOPMD
+
+        int l = k;
+
+        if (xmldsigBytes[2 * rawLen - k] < 0) {
+            l += 1;
+        }
+
+        int len = 2 + j + 2 + l;
+        if (len > 255) {
+            throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+        }
+        int offset;
+        byte asn1Bytes[];
+        if (len < 128) {
+            asn1Bytes = new byte[2 + 2 + j + 2 + l];
+            offset = 1;
+        } else {
+            asn1Bytes = new byte[3 + 2 + j + 2 + l];
+            asn1Bytes[1] = (byte) 0x81;
+            offset = 2;
+        }
+        asn1Bytes[0] = 48;
+        asn1Bytes[offset++] = (byte) len;
+        asn1Bytes[offset++] = 2;
+        asn1Bytes[offset++] = (byte) j;
+
+        System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, offset + j - i, i);
+
+        offset += j;
+
+        asn1Bytes[offset++] = 2;
+        asn1Bytes[offset++] = (byte) l;
+
+        System.arraycopy(xmldsigBytes, 2 * rawLen - k, asn1Bytes, offset + l - k, k);
+
+        return asn1Bytes;
+    }
+
+    private static final List<ECCurveDefinition> ecCurveDefinitions = new ArrayList<>();
+
+    static {
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp112r1",
+                        "1.3.132.0.6",
+                        "db7c2abf62e35e668076bead208b",
+                        "db7c2abf62e35e668076bead2088",
+                        "659ef8ba043916eede8911702b22",
+                        "09487239995a5ee76b55f9c2f098",
+                        "a89ce5af8724c0a23e0e0ff77500",
+                        "db7c2abf62e35e7628dfac6561c5",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp112r2",
+                        "1.3.132.0.7",
+                        "db7c2abf62e35e668076bead208b",
+                        "6127c24c05f38a0aaaf65c0ef02c",
+                        "51def1815db5ed74fcc34c85d709",
+                        "4ba30ab5e892b4e1649dd0928643",
+                        "adcd46f5882e3747def36e956e97",
+                        "36df0aafd8b8d7597ca10520d04b",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp128r1",
+                        "1.3.132.0.28",
+                        "fffffffdffffffffffffffffffffffff",
+                        "fffffffdfffffffffffffffffffffffc",
+                        "e87579c11079f43dd824993c2cee5ed3",
+                        "161ff7528b899b2d0c28607ca52c5b86",
+                        "cf5ac8395bafeb13c02da292dded7a83",
+                        "fffffffe0000000075a30d1b9038a115",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp128r2",
+                        "1.3.132.0.29",
+                        "fffffffdffffffffffffffffffffffff",
+                        "d6031998d1b3bbfebf59cc9bbff9aee1",
+                        "5eeefca380d02919dc2c6558bb6d8a5d",
+                        "7b6aa5d85e572983e6fb32a7cdebc140",
+                        "27b6916a894d3aee7106fe805fc34b44",
+                        "3fffffff7fffffffbe0024720613b5a3",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp160k1",
+                        "1.3.132.0.9",
+                        "fffffffffffffffffffffffffffffffeffffac73",
+                        "0000000000000000000000000000000000000000",
+                        "0000000000000000000000000000000000000007",
+                        "3b4c382ce37aa192a4019e763036f4f5dd4d7ebb",
+                        "938cf935318fdced6bc28286531733c3f03c4fee",
+                        "0100000000000000000001b8fa16dfab9aca16b6b3",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp160r1",
+                        "1.3.132.0.8",
+                        "ffffffffffffffffffffffffffffffff7fffffff",
+                        "ffffffffffffffffffffffffffffffff7ffffffc",
+                        "1c97befc54bd7a8b65acf89f81d4d4adc565fa45",
+                        "4a96b5688ef573284664698968c38bb913cbfc82",
+                        "23a628553168947d59dcc912042351377ac5fb32",
+                        "0100000000000000000001f4c8f927aed3ca752257",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp160r2",
+                        "1.3.132.0.30",
+                        "fffffffffffffffffffffffffffffffeffffac73",
+                        "fffffffffffffffffffffffffffffffeffffac70",
+                        "b4e134d3fb59eb8bab57274904664d5af50388ba",
+                        "52dcb034293a117e1f4ff11b30f7199d3144ce6d",
+                        "feaffef2e331f296e071fa0df9982cfea7d43f2e",
+                        "0100000000000000000000351ee786a818f3a1a16b",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp192k1",
+                        "1.3.132.0.31",
+                        "fffffffffffffffffffffffffffffffffffffffeffffee37",
+                        "000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000003",
+                        "db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d",
+                        "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
+                        "fffffffffffffffffffffffe26f2fc170f69466a74defd8d",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp192r1 [NIST P-192, X9.62 prime192v1]",
+                        "1.2.840.10045.3.1.1",
+                        "fffffffffffffffffffffffffffffffeffffffffffffffff",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffc",
+                        "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
+                        "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
+                        "07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
+                        "ffffffffffffffffffffffff99def836146bc9b1b4d22831",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp224k1",
+                        "1.3.132.0.32",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d",
+                        "00000000000000000000000000000000000000000000000000000000",
+                        "00000000000000000000000000000000000000000000000000000005",
+                        "a1455b334df099df30fc28a169a467e9e47075a90f7e650eb6b7a45c",
+                        "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
+                        "010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp224r1 [NIST P-224]",
+                        "1.3.132.0.33",
+                        "ffffffffffffffffffffffffffffffff000000000000000000000001",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
+                        "b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
+                        "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
+                        "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+                        "ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp256k1",
+                        "1.3.132.0.10",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
+                        "0000000000000000000000000000000000000000000000000000000000000000",
+                        "0000000000000000000000000000000000000000000000000000000000000007",
+                        "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+                        "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
+                        "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp256r1 [NIST P-256, X9.62 prime256v1]",
+                        "1.2.840.10045.3.1.7",
+                        "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+                        "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
+                        "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+                        "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+                        "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+                        "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp384r1 [NIST P-384]",
+                        "1.3.132.0.34",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc",
+                        "b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef",
+                        "aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7",
+                        "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f",
+                        "ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp521r1 [NIST P-521]",
+                        "1.3.132.0.35",
+                        "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+                        "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+                        "0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+                        "00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+                        "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+                        "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime192v2",
+                        "1.2.840.10045.3.1.2",
+                        "fffffffffffffffffffffffffffffffeffffffffffffffff",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffc",
+                        "cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953",
+                        "eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a",
+                        "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
+                        "fffffffffffffffffffffffe5fb1a724dc80418648d8dd31",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime192v3",
+                        "1.2.840.10045.3.1.3",
+                        "fffffffffffffffffffffffffffffffeffffffffffffffff",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffc",
+                        "22123dc2395a05caa7423daeccc94760a7d462256bd56916",
+                        "7d29778100c65a1da1783716588dce2b8b4aee8e228f1896",
+                        "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
+                        "ffffffffffffffffffffffff7a62d031c83f4294f640ec13",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime239v1",
+                        "1.2.840.10045.3.1.4",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
+                        "6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a",
+                        "0ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf",
+                        "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
+                        "7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime239v2",
+                        "1.2.840.10045.3.1.5",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
+                        "617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c",
+                        "38af09d98727705120c921bb5e9e26296a3cdcf2f35757a0eafd87b830e7",
+                        "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
+                        "7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime239v3",
+                        "1.2.840.10045.3.1.6",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
+                        "255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e",
+                        "6768ae8e18bb92cfcf005c949aa2c6d94853d0e660bbf854b1c9505fe95a",
+                        "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
+                        "7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect113r1",
+                        "1.3.132.0.4",
+                        "020000000000000000000000000201",
+                        "003088250ca6e7c7fe649ce85820f7",
+                        "00e8bee4d3e2260744188be0e9c723",
+                        "009d73616f35f4ab1407d73562c10f",
+                        "00a52830277958ee84d1315ed31886",
+                        "0100000000000000d9ccec8a39e56f",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect113r2",
+                        "1.3.132.0.5",
+                        "020000000000000000000000000201",
+                        "00689918dbec7e5a0dd6dfc0aa55c7",
+                        "0095e9a9ec9b297bd4bf36e059184f",
+                        "01a57a6a7b26ca5ef52fcdb8164797",
+                        "00b3adc94ed1fe674c06e695baba1d",
+                        "010000000000000108789b2496af93",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect131r1",
+                        "1.3.132.0.22",
+                        "080000000000000000000000000000010d",
+                        "07a11b09a76b562144418ff3ff8c2570b8",
+                        "0217c05610884b63b9c6c7291678f9d341",
+                        "0081baf91fdf9833c40f9c181343638399",
+                        "078c6e7ea38c001f73c8134b1b4ef9e150",
+                        "0400000000000000023123953a9464b54d",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect131r2",
+                        "1.3.132.0.23",
+                        "080000000000000000000000000000010d",
+                        "03e5a88919d7cafcbf415f07c2176573b2",
+                        "04b8266a46c55657ac734ce38f018f2192",
+                        "0356dcd8f2f95031ad652d23951bb366a8",
+                        "0648f06d867940a5366d9e265de9eb240f",
+                        "0400000000000000016954a233049ba98f",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect163k1 [NIST K-163]",
+                        "1.3.132.0.1",
+                        "0800000000000000000000000000000000000000c9",
+                        "000000000000000000000000000000000000000001",
+                        "000000000000000000000000000000000000000001",
+                        "02fe13c0537bbc11acaa07d793de4e6d5e5c94eee8",
+                        "0289070fb05d38ff58321f2e800536d538ccdaa3d9",
+                        "04000000000000000000020108a2e0cc0d99f8a5ef",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect163r1",
+                        "1.3.132.0.2",
+                        "0800000000000000000000000000000000000000c9",
+                        "07b6882caaefa84f9554ff8428bd88e246d2782ae2",
+                        "0713612dcddcb40aab946bda29ca91f73af958afd9",
+                        "0369979697ab43897789566789567f787a7876a654",
+                        "00435edb42efafb2989d51fefce3c80988f41ff883",
+                        "03ffffffffffffffffffff48aab689c29ca710279b",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect163r2 [NIST B-163]",
+                        "1.3.132.0.15",
+                        "0800000000000000000000000000000000000000c9",
+                        "000000000000000000000000000000000000000001",
+                        "020a601907b8c953ca1481eb10512f78744a3205fd",
+                        "03f0eba16286a2d57ea0991168d4994637e8343e36",
+                        "00d51fbc6c71a0094fa2cdd545b11c5c0c797324f1",
+                        "040000000000000000000292fe77e70c12a4234c33",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect193r1",
+                        "1.3.132.0.24",
+                        "02000000000000000000000000000000000000000000008001",
+                        "0017858feb7a98975169e171f77b4087de098ac8a911df7b01",
+                        "00fdfb49bfe6c3a89facadaa7a1e5bbc7cc1c2e5d831478814",
+                        "01f481bc5f0ff84a74ad6cdf6fdef4bf6179625372d8c0c5e1",
+                        "0025e399f2903712ccf3ea9e3a1ad17fb0b3201b6af7ce1b05",
+                        "01000000000000000000000000c7f34a778f443acc920eba49",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect193r2",
+                        "1.3.132.0.25",
+                        "02000000000000000000000000000000000000000000008001",
+                        "0163f35a5137c2ce3ea6ed8667190b0bc43ecd69977702709b",
+                        "00c9bb9e8927d4d64c377e2ab2856a5b16e3efb7f61d4316ae",
+                        "00d9b67d192e0367c803f39e1a7e82ca14a651350aae617e8f",
+                        "01ce94335607c304ac29e7defbd9ca01f596f927224cdecf6c",
+                        "010000000000000000000000015aab561b005413ccd4ee99d5",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect233k1 [NIST K-233]",
+                        "1.3.132.0.26",
+                        "020000000000000000000000000000000000000004000000000000000001",
+                        "000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000001",
+                        "017232ba853a7e731af129f22ff4149563a419c26bf50a4c9d6eefad6126",
+                        "01db537dece819b7f70f555a67c427a8cd9bf18aeb9b56e0c11056fae6a3",
+                        "008000000000000000000000000000069d5bb915bcd46efb1ad5f173abdf",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect233r1 [NIST B-233]",
+                        "1.3.132.0.27",
+                        "020000000000000000000000000000000000000004000000000000000001",
+                        "000000000000000000000000000000000000000000000000000000000001",
+                        "0066647ede6c332c7f8c0923bb58213b333b20e9ce4281fe115f7d8f90ad",
+                        "00fac9dfcbac8313bb2139f1bb755fef65bc391f8b36f8f8eb7371fd558b",
+                        "01006a08a41903350678e58528bebf8a0beff867a7ca36716f7e01f81052",
+                        "01000000000000000000000000000013e974e72f8a6922031d2603cfe0d7",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect239k1",
+                        "1.3.132.0.3",
+                        "800000000000000000004000000000000000000000000000000000000001",
+                        "000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000001",
+                        "29a0b6a887a983e9730988a68727a8b2d126c44cc2cc7b2a6555193035dc",
+                        "76310804f12e549bdb011c103089e73510acb275fc312a5dc6b76553f0ca",
+                        "2000000000000000000000000000005a79fec67cb6e91f1c1da800e478a5",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect283k1 [NIST K-283]",
+                        "1.3.132.0.16",
+                        "0800000000000000000000000000000000000000000000000000000000000000000010a1",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "0503213f78ca44883f1a3b8162f188e553cd265f23c1567a16876913b0c2ac2458492836",
+                        "01ccda380f1c9e318d90f95d07e5426fe87e45c0e8184698e45962364e34116177dd2259",
+                        "01ffffffffffffffffffffffffffffffffffe9ae2ed07577265dff7f94451e061e163c61",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect283r1 [NIST B-283]",
+                        "1.3.132.0.17",
+                        "0800000000000000000000000000000000000000000000000000000000000000000010a1",
+                        "000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "027b680ac8b8596da5a4af8a19a0303fca97fd7645309fa2a581485af6263e313b79a2f5",
+                        "05f939258db7dd90e1934f8c70b0dfec2eed25b8557eac9c80e2e198f8cdbecd86b12053",
+                        "03676854fe24141cb98fe6d4b20d02b4516ff702350eddb0826779c813f0df45be8112f4",
+                        "03ffffffffffffffffffffffffffffffffffef90399660fc938a90165b042a7cefadb307",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect409k1 [NIST K-409]",
+                        "1.3.132.0.36",
+                        "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+                        "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+                        "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "0060f05f658f49c1ad3ab1890f7184210efd0987e307c84c27accfb8f9f67cc2c460189eb5aaaa62ee222eb1b35540cfe9023746",
+                        "01e369050b7c4e42acba1dacbf04299c3460782f918ea427e6325165e9ea10e3da5f6c42e9c55215aa9ca27a5863ec48d8e0286b",
+                        "007ffffffffffffffffffffffffffffffffffffffffffffffffffe5f83b2d4ea20400ec4557d5ed3e3e7ca5b4b5c83b8e01e5fcf",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect409r1 [NIST B-409]",
+                        "1.3.132.0.37",
+                        "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+                        "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "0021a5c2c8ee9feb5c4b9a753b7b476b7fd6422ef1f3dd674761fa99d6ac27c8a9a197b272822f6cd57a55aa4f50ae317b13545f",
+                        "015d4860d088ddb3496b0c6064756260441cde4af1771d4db01ffe5b34e59703dc255a868a1180515603aeab60794e54bb7996a7",
+                        "0061b1cfab6be5f32bbfa78324ed106a7636b9c5a7bd198d0158aa4f5488d08f38514f1fdf4b4f40d2181b3681c364ba0273c706",
+                        "010000000000000000000000000000000000000000000000000001e2aad6a612f33307be5fa47c3c9e052f838164cd37d9a21173",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect571k1 [NIST K-571]",
+                        "1.3.132.0.38",
+                        "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "026eb7a859923fbc82189631f8103fe4ac9ca2970012d5d46024804801841ca44370958493b205e647da304db4ceb08cbbd1ba39494776fb988b47174dca88c7e2945283a01c8972",
+                        "0349dc807f4fbf374f4aeade3bca95314dd58cec9f307a54ffc61efc006d8a2c9d4979c0ac44aea74fbebbb9f772aedcb620b01a7ba7af1b320430c8591984f601cd4c143ef1c7a3",
+                        "020000000000000000000000000000000000000000000000000000000000000000000000131850e1f19a63e4b391a8db917f4138b630d84be5d639381e91deb45cfe778f637c1001",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect571r1 [NIST B-571]",
+                        "1.3.132.0.39",
+                        "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "02f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a",
+                        "0303001d34b856296c16c0d40d3cd7750a93d1d2955fa80aa5f40fc8db7b2abdbde53950f4c0d293cdd711a35b67fb1499ae60038614f1394abfa3b4c850d927e1e7769c8eec2d19",
+                        "037bf27342da639b6dccfffeb73d69d78c6c27a6009cbbca1980f8533921e8a684423e43bab08a576291af8f461bb2a8b3531d2f0485c19b16e2f1516e23dd3c1a4827af1b8ac15b",
+                        "03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb191v1",
+                        "1.2.840.10045.3.0.5",
+                        "800000000000000000000000000000000000000000000201",
+                        "2866537b676752636a68f56554e12640276b649ef7526267",
+                        "2e45ef571f00786f67b0081b9495a3d95462f5de0aa185ec",
+                        "36b3daf8a23206f9c4f299d7b21a9c369137f2c84ae1aa0d",
+                        "765be73433b3f95e332932e70ea245ca2418ea0ef98018fb",
+                        "40000000000000000000000004a20e90c39067c893bbb9a5",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb191v2",
+                        "1.2.840.10045.3.0.6",
+                        "800000000000000000000000000000000000000000000201",
+                        "401028774d7777c7b7666d1366ea432071274f89ff01e718",
+                        "0620048d28bcbd03b6249c99182b7c8cd19700c362c46a01",
+                        "3809b2b7cc1b28cc5a87926aad83fd28789e81e2c9e3bf10",
+                        "17434386626d14f3dbf01760d9213a3e1cf37aec437d668a",
+                        "20000000000000000000000050508cb89f652824e06b8173",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb191v3",
+                        "1.2.840.10045.3.0.7",
+                        "800000000000000000000000000000000000000000000201",
+                        "6c01074756099122221056911c77d77e77a777e7e7e77fcb",
+                        "71fe1af926cf847989efef8db459f66394d90f32ad3f15e8",
+                        "375d4ce24fde434489de8746e71786015009e66e38a926dd",
+                        "545a39176196575d985999366e6ad34ce0a77cd7127b06be",
+                        "155555555555555555555555610c0b196812bfb6288a3ea3",
+                        6)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb239v1",
+                        "1.2.840.10045.3.0.11",
+                        "800000000000000000000000000000000000000000000000001000000001",
+                        "32010857077c5431123a46b808906756f543423e8d27877578125778ac76",
+                        "790408f2eedaf392b012edefb3392f30f4327c0ca3f31fc383c422aa8c16",
+                        "57927098fa932e7c0a96d3fd5b706ef7e5f5c156e16b7e7c86038552e91d",
+                        "61d8ee5077c33fecf6f1a16b268de469c3c7744ea9a971649fc7a9616305",
+                        "2000000000000000000000000000000f4d42ffe1492a4993f1cad666e447",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb239v2",
+                        "1.2.840.10045.3.0.12",
+                        "800000000000000000000000000000000000000000000000001000000001",
+                        "4230017757a767fae42398569b746325d45313af0766266479b75654e65f",
+                        "5037ea654196cff0cd82b2c14a2fcf2e3ff8775285b545722f03eacdb74b",
+                        "28f9d04e900069c8dc47a08534fe76d2b900b7d7ef31f5709f200c4ca205",
+                        "5667334c45aff3b5a03bad9dd75e2c71a99362567d5453f7fa6e227ec833",
+                        "1555555555555555555555555555553c6f2885259c31e3fcdf154624522d",
+                        6)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb239v3",
+                        "1.2.840.10045.3.0.13",
+                        "800000000000000000000000000000000000000000000000001000000001",
+                        "01238774666a67766d6676f778e676b66999176666e687666d8766c66a9f",
+                        "6a941977ba9f6a435199acfc51067ed587f519c5ecb541b8e44111de1d40",
+                        "70f6e9d04d289c4e89913ce3530bfde903977d42b146d539bf1bde4e9c92",
+                        "2e5a0eaf6e5e1305b9004dce5c0ed7fe59a35608f33837c816d80b79f461",
+                        "0cccccccccccccccccccccccccccccac4912d2d9df903ef9888b8a0e4cff",
+                        0xA)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb359v1",
+                        "1.2.840.10045.3.0.18",
+                        "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
+                        "5667676a654b20754f356ea92017d946567c46675556f19556a04616b567d223a5e05656fb549016a96656a557",
+                        "2472e2d0197c49363f1fe7f5b6db075d52b6947d135d8ca445805d39bc345626089687742b6329e70680231988",
+                        "3c258ef3047767e7ede0f1fdaa79daee3841366a132e163aced4ed2401df9c6bdcde98e8e707c07a2239b1b097",
+                        "53d7e08529547048121e9c95f3791dd804963948f34fae7bf44ea82365dc7868fe57e4ae2de211305a407104bd",
+                        "01af286bca1af286bca1af286bca1af286bca1af286bc9fb8f6b85c556892c20a7eb964fe7719e74f490758d3b",
+                        0x4C)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb431r1",
+                        "1.2.840.10045.3.0.20",
+                        "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
+                        "1a827ef00dd6fc0e234caf046c6a5d8a85395b236cc4ad2cf32a0cadbdc9ddf620b0eb9906d0957f6c6feacd615468df104de296cd8f",
+                        "10d9b4a3d9047d8b154359abfb1b7f5485b04ceb868237ddc9deda982a679a5a919b626d4e50a8dd731b107a9962381fb5d807bf2618",
+                        "120fc05d3c67a99de161d2f4092622feca701be4f50f4758714e8a87bbf2a658ef8c21e7c5efe965361f6c2999c0c247b0dbd70ce6b7",
+                        "20d0af8903a96f8d5fa2c255745d3c451b302c9346d9b7e485e7bce41f6b591f3e8f6addcbb0bc4c2f947a7de1a89b625d6a598b3760",
+                        "0340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91",
+                        0x2760)
+        );
+    }
+
+    public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {
+        ECParameterSpec ecParameterSpec = ecPublicKey.getParams();
+        BigInteger order = ecParameterSpec.getOrder();
+        BigInteger affineX = ecParameterSpec.getGenerator().getAffineX();
+        BigInteger affineY = ecParameterSpec.getGenerator().getAffineY();
+        BigInteger a = ecParameterSpec.getCurve().getA();
+        BigInteger b = ecParameterSpec.getCurve().getB();
+        int h = ecParameterSpec.getCofactor();
+        ECField ecField = ecParameterSpec.getCurve().getField();
+        BigInteger field;
+        if (ecField instanceof ECFieldFp) {
+            ECFieldFp ecFieldFp = (ECFieldFp) ecField;
+            field = ecFieldFp.getP();
+        } else {
+            ECFieldF2m ecFieldF2m = (ECFieldF2m) ecField;
+            field = ecFieldF2m.getReductionPolynomial();
+        }
+
+        Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
+        while (ecCurveDefinitionIterator.hasNext()) {
+            ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
+            String oid = ecCurveDefinition.equals(field, a, b, affineX, affineY, order, h);
+            if (oid != null) {
+                return oid;
+            }
+        }
+        return null;
+    }
+
+    public static ECCurveDefinition getECCurveDefinition(String oid) {
+        Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
+        while (ecCurveDefinitionIterator.hasNext()) {
+            ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
+            if (ecCurveDefinition.getOid().equals(oid)) {
+                return ecCurveDefinition;
+            }
+        }
+        return null;
+    }
+
+    public static class ECCurveDefinition {
+
+        private final String name;
+        private final String oid;
+        private final String field;
+        private final String a;
+        private final String b;
+        private final String x;
+        private final String y;
+        private final String n;
+        private final int h;
+
+        public ECCurveDefinition(String name, String oid, String field, String a, String b, String x, String y, String n, int h) {
+            this.name = name;
+            this.oid = oid;
+            this.field = field;
+            this.a = a;
+            this.b = b;
+            this.x = x;
+            this.y = y;
+            this.n = n;
+            this.h = h;
+        }
+
+        /**
+         * returns the ec oid if parameter are equal to this definition
+         */
+        public String equals(BigInteger field, BigInteger a, BigInteger b, BigInteger x, BigInteger y, BigInteger n, int h) {
+            if (this.field.equals(field.toString(16))
+                    && this.a.equals(a.toString(16))
+                    && this.b.equals(b.toString(16))
+                    && this.x.equals(x.toString(16))
+                    && this.y.equals(y.toString(16))
+                    && this.n.equals(n.toString(16))
+                    && this.h == h) {
+                return this.oid;
+            }
+            return null;
+        }
+
+        public String getName() {
+            return name;
+        }
+
+        public String getOid() {
+            return oid;
+        }
+
+        public String getField() {
+            return field;
+        }
+
+        public String getA() {
+            return a;
+        }
+
+        public String getB() {
+            return b;
+        }
+
+        public String getX() {
+            return x;
+        }
+
+        public String getY() {
+            return y;
+        }
+
+        public String getN() {
+            return n;
+        }
+
+        public int getH() {
+            return h;
+        }
+    }
+
+    public static byte[] encodePoint(ECPoint ecPoint, EllipticCurve ellipticCurve) {
+        int size = (ellipticCurve.getField().getFieldSize() + 7) / 8;
+        byte affineXBytes[] = stripLeadingZeros(ecPoint.getAffineX().toByteArray());
+        byte affineYBytes[] = stripLeadingZeros(ecPoint.getAffineY().toByteArray());
+        byte encodedBytes[] = new byte[size * 2 + 1];
+        encodedBytes[0] = 0x04; //uncompressed
+        System.arraycopy(affineXBytes, 0, encodedBytes, size - affineXBytes.length + 1, affineXBytes.length);
+        System.arraycopy(affineYBytes, 0, encodedBytes, encodedBytes.length - affineYBytes.length, affineYBytes.length);
+        return encodedBytes;
+    }
+
+    public static ECPoint decodePoint(byte[] encodedBytes, EllipticCurve elliptiCcurve) {
+        if (encodedBytes[0] != 0x04) {
+            throw new IllegalArgumentException("Only uncompressed format is supported");
+        }
+
+        int size = (elliptiCcurve.getField().getFieldSize() + 7) / 8;
+        byte affineXBytes[] = new byte[size];
+        byte affineYBytes[] = new byte[size];
+        System.arraycopy(encodedBytes, 1, affineXBytes, 0, size);
+        System.arraycopy(encodedBytes, size + 1, affineYBytes, 0, size);
+        return new ECPoint(new BigInteger(1, affineXBytes), new BigInteger(1, affineYBytes));
+    }
+
+    public static byte[] stripLeadingZeros(byte[] bytes) {
+        int i;
+        for (i = 0; i < bytes.length - 1; i++) {
+            if (bytes[i] != 0) {
+                break;
+            }
+        }
+
+        if (i == 0) {
+            return bytes;
+        } else {
+            byte stripped[] = new byte[bytes.length - i];
+            System.arraycopy(bytes, i, stripped, 0, stripped.length);
+            return stripped;
+        }
+    }
+}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
@@ -44,21 +44,20 @@
 
 public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(IntegrityHmac.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(IntegrityHmac.class);
 
     /** Field macAlgorithm */
-    private Mac macAlgorithm = null;
+    private Mac macAlgorithm;
 
     /** Field HMACOutputLength */
-    private int HMACOutputLength = 0;
+    private int HMACOutputLength;
     private boolean HMACOutputLengthSet = false;
 
     /**
      * Method engineGetURI
      *
-     *@inheritDoc
+     *{@inheritDoc}
      */
     public abstract String engineGetURI();
 
@@ -74,9 +73,7 @@
      */
     public IntegrityHmac() throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
-        }
+        LOG.debug("Created IntegrityHmacSHA1 using {}", algorithmID);
 
         try {
             this.macAlgorithm = Mac.getInstance(algorithmID);
@@ -96,7 +93,7 @@
      * @throws XMLSignatureException
      */
     protected void engineSetParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
-        throw new XMLSignatureException("empty");
+        throw new XMLSignatureException("empty", new Object[]{"Incorrect method call"});
     }
 
     public void reset() {
@@ -116,9 +113,7 @@
     protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
             if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
-                }
+                LOG.debug("HMACOutputLength must not be less than {}", getDigestLength());
                 Object[] exArgs = { String.valueOf(getDigestLength()) };
                 throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
             } else {
@@ -126,7 +121,7 @@
                 return MessageDigestAlgorithm.isEqual(completeResult, signature);
             }
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -139,7 +134,10 @@
      */
     protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
         if (!(secretKey instanceof SecretKey)) {
-            String supplied = secretKey.getClass().getName();
+            String supplied = null;
+            if (secretKey != null) {
+                supplied = secretKey.getClass().getName();
+            }
             String needed = SecretKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -156,12 +154,10 @@
                 this.macAlgorithm = Mac.getInstance(macAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous Mac
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Mac: {}", e);
                 this.macAlgorithm = mac;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -175,16 +171,14 @@
     protected byte[] engineSign() throws XMLSignatureException {
         try {
             if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
-                }
+                LOG.debug("HMACOutputLength must not be less than {}", getDigestLength());
                 Object[] exArgs = { String.valueOf(getDigestLength()) };
                 throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
             } else {
                 return this.macAlgorithm.doFinal();
             }
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -195,19 +189,7 @@
      * @throws XMLSignatureException
      */
     protected void engineInitSign(Key secretKey) throws XMLSignatureException {
-        if (!(secretKey instanceof SecretKey)) {
-            String supplied = secretKey.getClass().getName();
-            String needed = SecretKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.macAlgorithm.init(secretKey);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
+        engineInitSign(secretKey, (AlgorithmParameterSpec)null);
     }
 
     /**
@@ -221,7 +203,10 @@
         Key secretKey, AlgorithmParameterSpec algorithmParameterSpec
     ) throws XMLSignatureException {
         if (!(secretKey instanceof SecretKey)) {
-            String supplied = secretKey.getClass().getName();
+            String supplied = null;
+            if (secretKey != null) {
+                supplied = secretKey.getClass().getName();
+            }
             String needed = SecretKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -229,11 +214,15 @@
         }
 
         try {
-            this.macAlgorithm.init(secretKey, algorithmParameterSpec);
+            if (algorithmParameterSpec == null) {
+                this.macAlgorithm.init(secretKey);
+            } else {
+                this.macAlgorithm.init(secretKey, algorithmParameterSpec);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -260,7 +249,7 @@
         try {
             this.macAlgorithm.update(input);
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -275,7 +264,7 @@
         try {
             this.macAlgorithm.update(input);
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -292,13 +281,13 @@
         try {
             this.macAlgorithm.update(buf, offset, len);
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
      * Method engineGetJCEAlgorithmString
-     * @inheritDoc
+     * {@inheritDoc}
      *
      */
     protected String engineGetJCEAlgorithmString() {
@@ -308,7 +297,7 @@
     /**
      * Method engineGetJCEAlgorithmString
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetJCEProviderName() {
         return this.macAlgorithm.getProvider().getName();
@@ -360,7 +349,7 @@
             Element HMElem =
                 XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_HMACOUTPUTLENGTH);
             Text HMText =
-                doc.createTextNode(Integer.valueOf(this.HMACOutputLength).toString());
+                doc.createTextNode("" + this.HMACOutputLength);
 
             HMElem.appendChild(HMText);
             XMLUtils.addReturnToElement(element);
@@ -385,7 +374,7 @@
 
         /**
          * Method engineGetURI
-         * @inheritDoc
+         * {@inheritDoc}
          *
          */
         public String engineGetURI() {
@@ -398,6 +387,34 @@
     }
 
     /**
+     * Class IntegrityHmacSHA224
+     */
+    public static class IntegrityHmacSHA224 extends IntegrityHmac {
+
+        /**
+         * Constructor IntegrityHmacSHA224
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacSHA224() throws XMLSignatureException {
+            super();
+        }
+
+        /**
+         * Method engineGetURI
+         *
+         * {@inheritDoc}
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_SHA224;
+        }
+
+        int getDigestLength() {
+            return 224;
+        }
+    }
+
+    /**
      * Class IntegrityHmacSHA256
      */
     public static class IntegrityHmacSHA256 extends IntegrityHmac {
@@ -414,7 +431,7 @@
         /**
          * Method engineGetURI
          *
-         * @inheritDoc
+         * {@inheritDoc}
          */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_MAC_HMAC_SHA256;
@@ -441,7 +458,7 @@
 
         /**
          * Method engineGetURI
-         * @inheritDoc
+         * {@inheritDoc}
          *
          */
         public String engineGetURI() {
@@ -469,7 +486,7 @@
 
         /**
          * Method engineGetURI
-         * @inheritDoc
+         * {@inheritDoc}
          *
          */
         public String engineGetURI() {
@@ -498,7 +515,7 @@
         /**
          * Method engineGetURI
          *
-         * @inheritDoc
+         * {@inheritDoc}
          */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
@@ -526,7 +543,7 @@
         /**
          * Method engineGetURI
          *
-         * @inheritDoc
+         * {@inheritDoc}
          */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
@@ -40,15 +40,14 @@
 
 public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureBaseRSA.class);
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-    private java.security.Signature signatureAlgorithm = null;
+    private Signature signatureAlgorithm;
 
     /**
      * Constructor SignatureRSA
@@ -58,15 +57,13 @@
     public SignatureBaseRSA() throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
-        }
+        LOG.debug("Created SignatureRSA using {}", algorithmID);
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
                 this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID, provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
             Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
@@ -79,29 +76,32 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
         try {
             this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
             return this.signatureAlgorithm.verify(signature);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
         if (!(publicKey instanceof PublicKey)) {
-            String supplied = publicKey.getClass().getName();
+            String supplied = null;
+            if (publicKey != null) {
+                supplied = publicKey.getClass().getName();
+            }
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -119,46 +119,30 @@
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Signature: {}", e);
                 this.signatureAlgorithm = sig;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
             return this.signatureAlgorithm.sign();
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
         if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
-            String needed = PrivateKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
-    }
-
-    /** @inheritDoc */
-    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-        if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
+            String supplied = null;
+            if (privateKey != null) {
+                supplied = privateKey.getClass().getName();
+            }
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -166,56 +150,65 @@
         }
 
         try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            if (secureRandom == null) {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            } else {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
+    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+        engineInitSign(privateKey, (SecureRandom)null);
+    }
+
+    /** {@inheritDoc} */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEAlgorithmString() {
         return this.signatureAlgorithm.getAlgorithm();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEProviderName() {
         return this.signatureAlgorithm.getProvider().getName();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
         throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(
         Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
     ) throws XMLSignatureException {
@@ -236,13 +229,33 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
         }
     }
 
     /**
+     * Class SignatureRSASHA224
+     */
+    public static class SignatureRSASHA224 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA224
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA224() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224;
+        }
+    }
+
+    /**
      * Class SignatureRSASHA256
      */
     public static class SignatureRSASHA256 extends SignatureBaseRSA {
@@ -256,7 +269,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
         }
@@ -276,7 +289,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
         }
@@ -296,7 +309,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
         }
@@ -316,7 +329,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160;
         }
@@ -336,9 +349,109 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
         }
     }
+
+    /**
+     * Class SignatureRSASHA1MGF1
+     */
+    public static class SignatureRSASHA1MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA1MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA1MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA224MGF1
+     */
+    public static class SignatureRSASHA224MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA224MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA224MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA256MGF1
+     */
+    public static class SignatureRSASHA256MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA256MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA256MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA384MGF1
+     */
+    public static class SignatureRSASHA384MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA384MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA384MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA512MGF1
+     */
+    public static class SignatureRSASHA512MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA512MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA512MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1;
+        }
+    }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java
@@ -33,22 +33,24 @@
 import java.security.SignatureException;
 import java.security.interfaces.DSAKey;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
+import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 
 public class SignatureDSA extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureDSA.class.getName());
+    public static final String URI = Constants.SignatureSpecNS + "dsa-sha1";
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureDSA.class);
 
     /** Field algorithm */
-    private java.security.Signature signatureAlgorithm = null;
+    private Signature signatureAlgorithm;
 
     /** size of Q */
     private int size;
@@ -56,7 +58,7 @@
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return XMLSignature.ALGO_ID_SIGNATURE_DSA;
@@ -69,9 +71,7 @@
      */
     public SignatureDSA() throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(engineGetURI());
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
-        }
+        LOG.debug("Created SignatureDSA using {}", algorithmID);
 
         String provider = JCEMapper.getProviderId();
         try {
@@ -91,25 +91,25 @@
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
         try {
             this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected boolean engineVerify(byte[] signature)
         throws XMLSignatureException {
         try {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Called DSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
             }
 
             byte[] jcebytes = JavaUtils.convertDsaXMLDSIGtoASN1(signature,
@@ -117,18 +117,21 @@
 
             return this.signatureAlgorithm.verify(jcebytes);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
         if (!(publicKey instanceof PublicKey)) {
-            String supplied = publicKey.getClass().getName();
+            String supplied = null;
+            if (publicKey != null) {
+                supplied = publicKey.getClass().getName();
+            }
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -146,18 +149,16 @@
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Signature: {}", e);
                 this.signatureAlgorithm = sig;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
         size = ((DSAKey)publicKey).getParams().getQ().bitLength();
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
@@ -165,19 +166,22 @@
 
             return JavaUtils.convertDsaASN1toXMLDSIG(jcebytes, size/8);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
         if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
+            String supplied = null;
+            if (privateKey != null) {
+                supplied = privateKey.getClass().getName();
+            }
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -185,70 +189,61 @@
         }
 
         try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            if (secureRandom == null) {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            } else {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
-        size = ((DSAKey)privateKey).getParams().getQ().bitLength();
-    }
-
-    /**
-     * @inheritDoc
-     */
-    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-        if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
-            String needed = PrivateKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
         size = ((DSAKey)privateKey).getParams().getQ().bitLength();
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
+     */
+    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+        engineInitSign(privateKey, (SecureRandom)null);
+    }
+
+    /**
+     * {@inheritDoc}
      */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
      * Method engineGetJCEAlgorithmString
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetJCEAlgorithmString() {
         return this.signatureAlgorithm.getAlgorithm();
@@ -257,7 +252,7 @@
     /**
      * Method engineGetJCEProviderName
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetJCEProviderName() {
         return this.signatureAlgorithm.getProvider().getName();
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
@@ -33,34 +33,31 @@
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 
 /**
  *
- * @author $Author: raul $
- * @author Alex Dupre
  */
 public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureECDSA.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureECDSA.class);
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-    private java.security.Signature signatureAlgorithm = null;
+    private Signature signatureAlgorithm;
 
     /**
      * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
      *
-     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
      * pairs; the XML Signature requires the core BigInteger values.
      *
      * @param asn1Bytes
@@ -71,51 +68,13 @@
      * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
      */
     public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-
-        if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
-            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-        }
-        int offset;
-        if (asn1Bytes[1] > 0) {
-            offset = 2;
-        } else if (asn1Bytes[1] == (byte) 0x81) {
-            offset = 3;
-        } else {
-            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-        }
-
-        byte rLength = asn1Bytes[offset + 1];
-        int i;
-
-        for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--);
-
-        byte sLength = asn1Bytes[offset + 2 + rLength + 1];
-        int j;
-
-        for (j = sLength;
-            (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--);
-
-        int rawLen = Math.max(i, j);
-
-        if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
-            || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
-            || asn1Bytes[offset] != 2
-            || asn1Bytes[offset + 2 + rLength] != 2) {
-            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-        }
-        byte xmldsigBytes[] = new byte[2*rawLen];
-
-        System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i, i);
-        System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes,
-                         2*rawLen - j, j);
-
-        return xmldsigBytes;
+        return ECDSAUtils.convertASN1toXMLDSIG(asn1Bytes);
     }
 
     /**
      * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
      *
-     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
      * pairs; the XML Signature requires the core BigInteger values.
      *
      * @param xmldsigBytes
@@ -126,58 +85,7 @@
      * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
      */
     public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
-
-        int rawLen = xmldsigBytes.length/2;
-
-        int i;
-
-        for (i = rawLen; (i > 0) && (xmldsigBytes[rawLen - i] == 0); i--);
-
-        int j = i;
-
-        if (xmldsigBytes[rawLen - i] < 0) {
-            j += 1;
-        }
-
-        int k;
-
-        for (k = rawLen; (k > 0) && (xmldsigBytes[2*rawLen - k] == 0); k--);
-
-        int l = k;
-
-        if (xmldsigBytes[2*rawLen - k] < 0) {
-            l += 1;
-        }
-
-        int len = 2 + j + 2 + l;
-        if (len > 255) {
-            throw new IOException("Invalid XMLDSIG format of ECDSA signature");
-        }
-        int offset;
-        byte asn1Bytes[];
-        if (len < 128) {
-            asn1Bytes = new byte[2 + 2 + j + 2 + l];
-            offset = 1;
-        } else {
-            asn1Bytes = new byte[3 + 2 + j + 2 + l];
-            asn1Bytes[1] = (byte) 0x81;
-            offset = 2;
-        }
-        asn1Bytes[0] = 48;
-        asn1Bytes[offset++] = (byte) len;
-        asn1Bytes[offset++] = 2;
-        asn1Bytes[offset++] = (byte) j;
-
-        System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i);
-
-        offset += j;
-
-        asn1Bytes[offset++] = 2;
-        asn1Bytes[offset++] = (byte) l;
-
-        System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k);
-
-        return asn1Bytes;
+        return ECDSAUtils.convertXMLDSIGtoASN1(xmldsigBytes);
     }
 
     /**
@@ -189,15 +97,13 @@
 
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
-        }
+        LOG.debug("Created SignatureECDSA using {}", algorithmID);
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
                 this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID, provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
             Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
@@ -210,38 +116,41 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
         try {
             this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
             byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
 
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Called ECDSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
             }
 
             return this.signatureAlgorithm.verify(jcebytes);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
 
         if (!(publicKey instanceof PublicKey)) {
-            String supplied = publicKey.getClass().getName();
+            String supplied = null;
+            if (publicKey != null) {
+                supplied = publicKey.getClass().getName();
+            }
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -259,50 +168,34 @@
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Signature: {}", e);
                 this.signatureAlgorithm = sig;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
             byte jcebytes[] = this.signatureAlgorithm.sign();
 
             return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
         if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
-            String needed = PrivateKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
-    }
-
-    /** @inheritDoc */
-    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-        if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
+            String supplied = null;
+            if (privateKey != null) {
+                supplied = privateKey.getClass().getName();
+            }
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -310,56 +203,65 @@
         }
 
         try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            if (secureRandom == null) {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            } else {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
+    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+        engineInitSign(privateKey, (SecureRandom)null);
+    }
+
+    /** {@inheritDoc} */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEAlgorithmString() {
         return this.signatureAlgorithm.getAlgorithm();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEProviderName() {
         return this.signatureAlgorithm.getProvider().getName();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
         throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(
         Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
     ) throws XMLSignatureException {
@@ -367,13 +269,12 @@
     }
 
     /**
-     * Class SignatureRSASHA1
+     * Class SignatureECDSASHA1
      *
-     * @author $Author: marcx $
      */
     public static class SignatureECDSASHA1 extends SignatureECDSA {
         /**
-         * Constructor SignatureRSASHA1
+         * Constructor SignatureECDSASHA1
          *
          * @throws XMLSignatureException
          */
@@ -381,21 +282,40 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
         }
     }
 
     /**
-     * Class SignatureRSASHA256
+     * Class SignatureECDSASHA224
+     */
+    public static class SignatureECDSASHA224 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSASHA224
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA224() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224;
+        }
+    }
+
+    /**
+     * Class SignatureECDSASHA256
      *
-     * @author Alex Dupre
      */
     public static class SignatureECDSASHA256 extends SignatureECDSA {
 
         /**
-         * Constructor SignatureRSASHA256
+         * Constructor SignatureECDSASHA256
          *
          * @throws XMLSignatureException
          */
@@ -403,21 +323,20 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
         }
     }
 
     /**
-     * Class SignatureRSASHA384
+     * Class SignatureECDSASHA384
      *
-     * @author Alex Dupre
      */
     public static class SignatureECDSASHA384 extends SignatureECDSA {
 
         /**
-         * Constructor SignatureRSASHA384
+         * Constructor SignatureECDSASHA384
          *
          * @throws XMLSignatureException
          */
@@ -425,21 +344,20 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
         }
     }
 
     /**
-     * Class SignatureRSASHA512
+     * Class SignatureECDSASHA512
      *
-     * @author Alex Dupre
      */
     public static class SignatureECDSASHA512 extends SignatureECDSA {
 
         /**
-         * Constructor SignatureRSASHA512
+         * Constructor SignatureECDSASHA512
          *
          * @throws XMLSignatureException
          */
@@ -447,10 +365,30 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
         }
     }
 
+    /**
+     * Class SignatureECDSARIPEMD160
+     */
+    public static class SignatureECDSARIPEMD160 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSARIPEMD160
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSARIPEMD160() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160;
+        }
+    }
+
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML> <HEAD> </HEAD> <BODY> <P>
-implementations of {@link com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi}.
-</P></BODY> </HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-algorithm factories.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java
@@ -27,7 +27,6 @@
 /**
  * Class CanonicalizationException
  *
- * @author Christian Geuer-Pollmann
  */
 public class CanonicalizationException extends XMLSecurityException {
 
@@ -44,6 +43,10 @@
         super();
     }
 
+    public CanonicalizationException(Exception ex) {
+        super(ex);
+    }
+
     /**
      * Constructor CanonicalizationException
      *
@@ -66,23 +69,33 @@
     /**
      * Constructor CanonicalizationException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public CanonicalizationException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public CanonicalizationException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor CanonicalizationException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
     public CanonicalizationException(
-        String msgID, Object exArgs[], Exception originalException
+        Exception originalException, String msgID, Object exArgs[]
     ) {
-        super(msgID, exArgs, originalException);
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public CanonicalizationException(String msgID, Object exArgs[], Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
@@ -25,13 +25,12 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments;
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_WithComments;
@@ -42,6 +41,7 @@
 import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerPhysical;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
@@ -49,12 +49,11 @@
 
 /**
  *
- * @author Christian Geuer-Pollmann
  */
 public class Canonicalizer {
 
     /** The output encoding of canonicalized data */
-    public static final String ENCODING = "UTF8";
+    public static final String ENCODING = StandardCharsets.UTF_8.name();
 
     /**
      * XPath Expression for selecting every node and continuous comments joined
@@ -103,6 +102,7 @@
         new ConcurrentHashMap<String, Class<? extends CanonicalizerSpi>>();
 
     private final CanonicalizerSpi canonicalizerSpi;
+    private boolean secureValidation;
 
     /**
      * Constructor Canonicalizer
@@ -120,7 +120,7 @@
         } catch (Exception e) {
             Object exArgs[] = { algorithmURI };
             throw new InvalidCanonicalizerException(
-                "signature.Canonicalizer.UnknownCanonicalizer", exArgs, e
+                e, "signature.Canonicalizer.UnknownCanonicalizer", exArgs
             );
         }
     }
@@ -160,7 +160,8 @@
         }
 
         canonicalizerHash.put(
-            algorithmURI, (Class<? extends CanonicalizerSpi>)Class.forName(implementingClass)
+            algorithmURI, (Class<? extends CanonicalizerSpi>)
+            ClassLoaderUtils.loadClass(implementingClass, Canonicalizer.class)
         );
     }
 
@@ -242,7 +243,7 @@
     /**
      * This method tries to canonicalize the given bytes. It's possible to even
      * canonicalize non-wellformed sequences if they are well-formed after being
-     * wrapped with a <CODE>&gt;a&lt;...&gt;/a&lt;</CODE>.
+     * wrapped with a {@code &gt;a&lt;...&gt;/a&lt;}.
      *
      * @param inputBytes
      * @return the result of the canonicalization.
@@ -254,47 +255,43 @@
     public byte[] canonicalize(byte[] inputBytes)
         throws javax.xml.parsers.ParserConfigurationException,
         java.io.IOException, org.xml.sax.SAXException, CanonicalizationException {
-        InputStream bais = new ByteArrayInputStream(inputBytes);
-        InputSource in = new InputSource(bais);
-        DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
-        dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        Document document = null;
+        try (InputStream bais = new ByteArrayInputStream(inputBytes)) {
+            InputSource in = new InputSource(bais);
 
-        dfactory.setNamespaceAware(true);
-
-        // needs to validate for ID attribute normalization
-        dfactory.setValidating(true);
-
-        DocumentBuilder db = dfactory.newDocumentBuilder();
+            // needs to validate for ID attribute normalization
+            DocumentBuilder db = XMLUtils.createDocumentBuilder(true, secureValidation);
 
-        /*
-         * for some of the test vectors from the specification,
-         * there has to be a validating parser for ID attributes, default
-         * attribute values, NMTOKENS, etc.
-         * Unfortunately, the test vectors do use different DTDs or
-         * even no DTD. So Xerces 1.3.1 fires many warnings about using
-         * ErrorHandlers.
-         *
-         * Text from the spec:
-         *
-         * The input octet stream MUST contain a well-formed XML document,
-         * but the input need not be validated. However, the attribute
-         * value normalization and entity reference resolution MUST be
-         * performed in accordance with the behaviors of a validating
-         * XML processor. As well, nodes for default attributes (declared
-         * in the ATTLIST with an AttValue but not specified) are created
-         * in each element. Thus, the declarations in the document type
-         * declaration are used to help create the canonical form, even
-         * though the document type declaration is not retained in the
-         * canonical form.
-         */
-        db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler());
+            /*
+             * for some of the test vectors from the specification,
+             * there has to be a validating parser for ID attributes, default
+             * attribute values, NMTOKENS, etc.
+             * Unfortunately, the test vectors do use different DTDs or
+             * even no DTD. So Xerces 1.3.1 fires many warnings about using
+             * ErrorHandlers.
+             *
+             * Text from the spec:
+             *
+             * The input octet stream MUST contain a well-formed XML document,
+             * but the input need not be validated. However, the attribute
+             * value normalization and entity reference resolution MUST be
+             * performed in accordance with the behaviors of a validating
+             * XML processor. As well, nodes for default attributes (declared
+             * in the ATTLIST with an AttValue but not specified) are created
+             * in each element. Thus, the declarations in the document type
+             * declaration are used to help create the canonical form, even
+             * though the document type declaration is not retained in the
+             * canonical form.
+             */
+            db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler());
 
-        Document document = db.parse(in);
+            document = db.parse(in);
+        }
         return this.canonicalizeSubtree(document);
     }
 
     /**
-     * Canonicalizes the subtree rooted by <CODE>node</CODE>.
+     * Canonicalizes the subtree rooted by {@code node}.
      *
      * @param node The node to canonicalize
      * @return the result of the c14n.
@@ -302,11 +299,12 @@
      * @throws CanonicalizationException
      */
     public byte[] canonicalizeSubtree(Node node) throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeSubTree(node);
     }
 
     /**
-     * Canonicalizes the subtree rooted by <CODE>node</CODE>.
+     * Canonicalizes the subtree rooted by {@code node}.
      *
      * @param node
      * @param inclusiveNamespaces
@@ -315,11 +313,26 @@
      */
     public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
         throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces);
     }
 
     /**
-     * Canonicalizes an XPath node set. The <CODE>xpathNodeSet</CODE> is treated
+     * Canonicalizes the subtree rooted by {@code node}.
+     *
+     * @param node
+     * @param inclusiveNamespaces
+     * @return the result of the c14n.
+     * @throws CanonicalizationException
+     */
+    public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
+        return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces, propagateDefaultNamespace);
+    }
+
+    /**
+     * Canonicalizes an XPath node set. The {@code xpathNodeSet} is treated
      * as a list of XPath nodes, not as a list of subtrees.
      *
      * @param xpathNodeSet
@@ -328,11 +341,12 @@
      */
     public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
         throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
     }
 
     /**
-     * Canonicalizes an XPath node set. The <CODE>xpathNodeSet</CODE> is treated
+     * Canonicalizes an XPath node set. The {@code xpathNodeSet} is treated
      * as a list of XPath nodes, not as a list of subtrees.
      *
      * @param xpathNodeSet
@@ -343,6 +357,7 @@
     public byte[] canonicalizeXPathNodeSet(
         NodeList xpathNodeSet, String inclusiveNamespaces
     ) throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return
             canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
     }
@@ -356,6 +371,7 @@
      */
     public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
         throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
     }
 
@@ -370,6 +386,7 @@
     public byte[] canonicalizeXPathNodeSet(
         Set<Node> xpathNodeSet, String inclusiveNamespaces
     ) throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return
             canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
     }
@@ -399,4 +416,12 @@
         canonicalizerSpi.reset = false;
     }
 
+    public boolean isSecureValidation() {
+        return secureValidation;
+    }
+
+    public void setSecureValidation(boolean secureValidation) {
+        this.secureValidation = secureValidation;
+    }
+
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java
@@ -26,9 +26,7 @@
 import java.io.OutputStream;
 import java.util.Set;
 
-import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
@@ -39,12 +37,12 @@
 /**
  * Base class which all Canonicalization algorithms extend.
  *
- * @author Christian Geuer-Pollmann
  */
 public abstract class CanonicalizerSpi {
 
     /** Reset the writer after a c14n */
     protected boolean reset = false;
+    protected boolean secureValidation;
 
     /**
      * Method canonicalize
@@ -61,17 +59,14 @@
         throws javax.xml.parsers.ParserConfigurationException, java.io.IOException,
         org.xml.sax.SAXException, CanonicalizationException {
 
-        java.io.InputStream bais = new ByteArrayInputStream(inputBytes);
-        InputSource in = new InputSource(bais);
-        DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
-        dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        Document document = null;
+        try (java.io.InputStream bais = new ByteArrayInputStream(inputBytes)) {
+            InputSource in = new InputSource(bais);
 
-        // needs to validate for ID attribute normalization
-        dfactory.setNamespaceAware(true);
+            DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
 
-        DocumentBuilder db = dfactory.newDocumentBuilder();
-
-        Document document = db.parse(in);
+            document = db.parse(in);
+        }
         return this.engineCanonicalizeSubTree(document);
     }
 
@@ -160,10 +155,31 @@
         throws CanonicalizationException;
 
     /**
+     * C14n a node tree.
+     *
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @param propagateDefaultNamespace If true the default namespace will be propagated to the c14n-ized root element
+     * @return the c14n bytes
+     * @throws CanonicalizationException
+     */
+    public abstract byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException;
+
+    /**
      * Sets the writer where the canonicalization ends. ByteArrayOutputStream if
      * none is set.
      * @param os
      */
     public abstract void setWriter(OutputStream os);
 
+    public boolean isSecureValidation() {
+        return secureValidation;
+    }
+
+    public void setSecureValidation(boolean secureValidation) {
+        this.secureValidation = secureValidation;
+    }
+
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/ClassLoaderUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/ClassLoaderUtils.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/ClassLoaderUtils.java
@@ -0,0 +1,84 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.sun.org.apache.xml.internal.security.c14n;
+
+// NOTE! This is a duplicate of utils.ClassLoaderUtils with public
+// modifiers changed to package-private. Make sure to integrate any future
+// changes to utils.ClassLoaderUtils to this file.
+final class ClassLoaderUtils {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
+
+    private ClassLoaderUtils() {
+    }
+
+    /**
+     * Load a class with a given name. <p></p> It will try to load the class in the
+     * following order:
+     * <ul>
+     * <li>From Thread.currentThread().getContextClassLoader()
+     * <li>Using the basic Class.forName()
+     * <li>From ClassLoaderUtil.class.getClassLoader()
+     * <li>From the callingClass.getClassLoader()
+     * </ul>
+     *
+     * @param className The name of the class to load
+     * @param callingClass The Class object of the calling object
+     * @throws ClassNotFoundException If the class cannot be found anywhere.
+     */
+    static Class<?> loadClass(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            ClassLoader cl = Thread.currentThread().getContextClassLoader();
+
+            if (cl != null) {
+                return cl.loadClass(className);
+            }
+        } catch (ClassNotFoundException e) {
+            LOG.debug(e.getMessage(), e);
+            //ignore
+        }
+        return loadClass2(className, callingClass);
+    }
+
+    private static Class<?> loadClass2(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            return Class.forName(className);
+        } catch (ClassNotFoundException ex) {
+            try {
+                if (ClassLoaderUtils.class.getClassLoader() != null) {
+                    return ClassLoaderUtils.class.getClassLoader().loadClass(className);
+                }
+            } catch (ClassNotFoundException exc) {
+                if (callingClass != null && callingClass.getClassLoader() != null) {
+                    return callingClass.getClassLoader().loadClass(className);
+                }
+            }
+            LOG.debug(ex.getMessage(), ex);
+            throw ex;
+        }
+    }
+}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java
@@ -61,23 +61,33 @@
     /**
      * Constructor InvalidCanonicalizerException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public InvalidCanonicalizerException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public InvalidCanonicalizerException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor InvalidCanonicalizerException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
     public InvalidCanonicalizerException(
-        String msgID, Object exArgs[], Exception originalException
+        Exception originalException, String msgID, Object exArgs[]
     ) {
-        super(msgID, exArgs, originalException);
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public InvalidCanonicalizerException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java
@@ -41,7 +41,6 @@
  *   key (an empty namespace URI is lexicographically least).
  * </UL>
  *
- * @author Christian Geuer-Pollmann
  */
 public class AttrCompare implements Comparator<Attr>, Serializable {
 
@@ -117,6 +116,6 @@
             return a;
         }
 
-        return (attr0.getLocalName()).compareTo(attr1.getLocalName());
+        return attr0.getLocalName().compareTo(attr1.getLocalName());
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java
@@ -31,9 +31,8 @@
 /**
  * Temporary swapped static functions from the normalizer Section
  *
- * @author Christian Geuer-Pollmann
  */
-public class C14nHelper {
+public final class C14nHelper {
 
     /**
      * Constructor C14nHelper
@@ -100,7 +99,7 @@
         }
 
         String nodeAttrName = attr.getNodeName();
-        boolean definesDefaultNS = nodeAttrName.equals("xmlns");
+        boolean definesDefaultNS = "xmlns".equals(nodeAttrName);
         boolean definesNonDefaultNS = nodeAttrName.startsWith("xmlns:");
 
         if ((definesDefaultNS || definesNonDefaultNS) && namespaceIsRelative(attr)) {
@@ -145,7 +144,8 @@
         if (ctxNode != null) {
             NamedNodeMap attributes = ctxNode.getAttributes();
 
-            for (int i = 0; i < attributes.getLength(); i++) {
+            int length = attributes.getLength();
+            for (int i = 0; i < length; i++) {
                 C14nHelper.assertNotRelativeNS((Attr) attributes.item(i));
             }
         } else {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML> <HEAD> </HEAD> <BODY> <P>
-helper classes for canonicalization.
-</P></BODY> </HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java
+++ /dev/null
@@ -1,687 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.c14n.implementations;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-import javax.xml.parsers.ParserConfigurationException;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
-import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
-import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
-
-/**
- * Implements <A HREF="http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/">
- * Canonical XML Version 1.1</A>, a W3C Proposed Recommendation from 29
- * January 2008.
- *
- * @author Sean Mullan
- * @author Raul Benito
- */
-public abstract class Canonicalizer11 extends CanonicalizerBase {
-
-    private static final String XMLNS_URI = Constants.NamespaceSpecNS;
-    private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Canonicalizer11.class.getName());
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
-    private boolean firstCall = true;
-
-    private static class XmlAttrStack {
-        static class XmlsStackElement {
-            int level;
-            boolean rendered = false;
-            List<Attr> nodes = new ArrayList<Attr>();
-        };
-
-        int currentLevel = 0;
-        int lastlevel = 0;
-        XmlsStackElement cur;
-        List<XmlsStackElement> levels = new ArrayList<XmlsStackElement>();
-
-        void push(int level) {
-            currentLevel = level;
-            if (currentLevel == -1) {
-                return;
-            }
-            cur = null;
-            while (lastlevel >= currentLevel) {
-                levels.remove(levels.size() - 1);
-                int newSize = levels.size();
-                if (newSize == 0) {
-                    lastlevel = 0;
-                    return;
-                }
-                lastlevel = (levels.get(newSize - 1)).level;
-            }
-        }
-
-        void addXmlnsAttr(Attr n) {
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                levels.add(cur);
-                lastlevel = currentLevel;
-            }
-            cur.nodes.add(n);
-        }
-
-        void getXmlnsAttr(Collection<Attr> col) {
-            int size = levels.size() - 1;
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                lastlevel = currentLevel;
-                levels.add(cur);
-            }
-            boolean parentRendered = false;
-            XmlsStackElement e = null;
-            if (size == -1) {
-                parentRendered = true;
-            } else {
-                e = levels.get(size);
-                if (e.rendered && e.level + 1 == currentLevel) {
-                    parentRendered = true;
-                }
-            }
-            if (parentRendered) {
-                col.addAll(cur.nodes);
-                cur.rendered = true;
-                return;
-            }
-
-            Map<String, Attr> loa = new HashMap<String, Attr>();
-            List<Attr> baseAttrs = new ArrayList<Attr>();
-            boolean successiveOmitted = true;
-            for (; size >= 0; size--) {
-                e = levels.get(size);
-                if (e.rendered) {
-                    successiveOmitted = false;
-                }
-                Iterator<Attr> it = e.nodes.iterator();
-                while (it.hasNext() && successiveOmitted) {
-                    Attr n = it.next();
-                    if (n.getLocalName().equals("base") && !e.rendered) {
-                        baseAttrs.add(n);
-                    } else if (!loa.containsKey(n.getName())) {
-                        loa.put(n.getName(), n);
-                    }
-                }
-            }
-            if (!baseAttrs.isEmpty()) {
-                Iterator<Attr> it = col.iterator();
-                String base = null;
-                Attr baseAttr = null;
-                while (it.hasNext()) {
-                    Attr n = it.next();
-                    if (n.getLocalName().equals("base")) {
-                        base = n.getValue();
-                        baseAttr = n;
-                        break;
-                    }
-                }
-                it = baseAttrs.iterator();
-                while (it.hasNext()) {
-                    Attr n = it.next();
-                    if (base == null) {
-                        base = n.getValue();
-                        baseAttr = n;
-                    } else {
-                        try {
-                            base = joinURI(n.getValue(), base);
-                        } catch (URISyntaxException ue) {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, ue.getMessage(), ue);
-                            }
-                        }
-                    }
-                }
-                if (base != null && base.length() != 0) {
-                    baseAttr.setValue(base);
-                    col.add(baseAttr);
-                }
-            }
-
-            cur.rendered = true;
-            col.addAll(loa.values());
-        }
-    };
-
-    private XmlAttrStack xmlattrStack = new XmlAttrStack();
-
-    /**
-     * Constructor Canonicalizer11
-     *
-     * @param includeComments
-     */
-    public Canonicalizer11(boolean includeComments) {
-        super(includeComments);
-    }
-
-    /**
-     * Always throws a CanonicalizationException because this is inclusive c14n.
-     *
-     * @param xpathNodeSet
-     * @param inclusiveNamespaces
-     * @return none it always fails
-     * @throws CanonicalizationException always
-     */
-    public byte[] engineCanonicalizeXPathNodeSet(
-        Set<Node> xpathNodeSet, String inclusiveNamespaces
-    ) throws CanonicalizationException {
-        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
-    }
-
-    /**
-     * Always throws a CanonicalizationException because this is inclusive c14n.
-     *
-     * @param rootNode
-     * @param inclusiveNamespaces
-     * @return none it always fails
-     * @throws CanonicalizationException
-     */
-    public byte[] engineCanonicalizeSubTree(
-        Node rootNode, String inclusiveNamespaces
-    ) throws CanonicalizationException {
-        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
-    }
-
-    /**
-     * Returns the Attr[]s to be output for the given element.
-     * <br>
-     * The code of this method is a copy of {@link #handleAttributes(Element,
-     * NameSpaceSymbTable)},
-     * whereas it takes into account that subtree-c14n is -- well --
-     * subtree-based.
-     * So if the element in question isRoot of c14n, it's parent is not in the
-     * node set, as well as all other ancestors.
-     *
-     * @param element
-     * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
-     */
-    @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        if (!element.hasAttributes() && !firstCall) {
-            return null;
-        }
-        // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
-
-        if (element.hasAttributes()) {
-            NamedNodeMap attrs = element.getAttributes();
-            int attrsLength = attrs.getLength();
-
-            for (int i = 0; i < attrsLength; i++) {
-                Attr attribute = (Attr) attrs.item(i);
-                String NUri = attribute.getNamespaceURI();
-                String NName = attribute.getLocalName();
-                String NValue = attribute.getValue();
-
-                if (!XMLNS_URI.equals(NUri)) {
-                    // It's not a namespace attr node. Add to the result and continue.
-                    result.add(attribute);
-                } else if (!(XML.equals(NName) && XML_LANG_URI.equals(NValue))) {
-                    // The default mapping for xml must not be output.
-                    Node n = ns.addMappingAndRender(NName, NValue, attribute);
-
-                    if (n != null) {
-                        // Render the ns definition
-                        result.add((Attr)n);
-                        if (C14nHelper.namespaceIsRelative(attribute)) {
-                            Object exArgs[] = {element.getTagName(), NName, attribute.getNodeValue()};
-                            throw new CanonicalizationException(
-                                "c14n.Canonicalizer.RelativeNamespace", exArgs
-                            );
-                        }
-                    }
-                }
-            }
-        }
-
-        if (firstCall) {
-            // It is the first node of the subtree
-            // Obtain all the namespaces defined in the parents, and added to the output.
-            ns.getUnrenderedNodes(result);
-            // output the attributes in the xml namespace.
-            xmlattrStack.getXmlnsAttr(result);
-            firstCall = false;
-        }
-
-        return result.iterator();
-    }
-
-    /**
-     * Returns the Attr[]s to be output for the given element.
-     * <br>
-     * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a
-     * DOM which has been prepared using
-     * {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650(
-     * org.w3c.dom.Document)}.
-     *
-     * @param element
-     * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
-     */
-    @Override
-    protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        // result will contain the attrs which have to be output
-        xmlattrStack.push(ns.getLevel());
-        boolean isRealVisible = isVisibleDO(element, ns.getLevel()) == 1;
-        final SortedSet<Attr> result = this.result;
-        result.clear();
-
-        if (element.hasAttributes()) {
-            NamedNodeMap attrs = element.getAttributes();
-            int attrsLength = attrs.getLength();
-
-            for (int i = 0; i < attrsLength; i++) {
-                Attr attribute = (Attr) attrs.item(i);
-                String NUri = attribute.getNamespaceURI();
-                String NName = attribute.getLocalName();
-                String NValue = attribute.getValue();
-
-                if (!XMLNS_URI.equals(NUri)) {
-                    //A non namespace definition node.
-                    if (XML_LANG_URI.equals(NUri)) {
-                        if (NName.equals("id")) {
-                            if (isRealVisible) {
-                                // treat xml:id like any other attribute
-                                // (emit it, but don't inherit it)
-                                result.add(attribute);
-                            }
-                        } else {
-                            xmlattrStack.addXmlnsAttr(attribute);
-                        }
-                    } else if (isRealVisible) {
-                        //The node is visible add the attribute to the list of output attributes.
-                        result.add(attribute);
-                    }
-                } else if (!XML.equals(NName) || !XML_LANG_URI.equals(NValue)) {
-                    /* except omit namespace node with local name xml, which defines
-                     * the xml prefix, if its string value is
-                     * http://www.w3.org/XML/1998/namespace.
-                     */
-                    // add the prefix binding to the ns symb table.
-                    if (isVisible(attribute))  {
-                        if (isRealVisible || !ns.removeMappingIfRender(NName)) {
-                            // The xpath select this node output it if needed.
-                            Node n = ns.addMappingAndRender(NName, NValue, attribute);
-                            if (n != null) {
-                                result.add((Attr)n);
-                                if (C14nHelper.namespaceIsRelative(attribute)) {
-                                    Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
-                                    throw new CanonicalizationException(
-                                        "c14n.Canonicalizer.RelativeNamespace", exArgs
-                                    );
-                                }
-                            }
-                        }
-                    } else {
-                        if (isRealVisible && !XMLNS.equals(NName)) {
-                            ns.removeMapping(NName);
-                        } else {
-                            ns.addMapping(NName, NValue, attribute);
-                        }
-                    }
-                }
-            }
-        }
-
-        if (isRealVisible) {
-            //The element is visible, handle the xmlns definition
-            Attr xmlns = element.getAttributeNodeNS(XMLNS_URI, XMLNS);
-            Node n = null;
-            if (xmlns == null) {
-                //No xmlns def just get the already defined.
-                n = ns.getMapping(XMLNS);
-            } else if (!isVisible(xmlns)) {
-                //There is a definition but the xmlns is not selected by the xpath.
-                //then xmlns=""
-                n = ns.addMappingAndRender(
-                        XMLNS, "", getNullNode(xmlns.getOwnerDocument()));
-            }
-            //output the xmlns def if needed.
-            if (n != null) {
-                result.add((Attr)n);
-            }
-            //Float all xml:* attributes of the unselected parent elements to this one.
-            xmlattrStack.getXmlnsAttr(result);
-            ns.getUnrenderedNodes(result);
-        }
-
-        return result.iterator();
-    }
-
-    protected void circumventBugIfNeeded(XMLSignatureInput input)
-        throws CanonicalizationException, ParserConfigurationException,
-        IOException, SAXException {
-        if (!input.isNeedsToBeExpanded()) {
-            return;
-        }
-        Document doc = null;
-        if (input.getSubNode() != null) {
-            doc = XMLUtils.getOwnerDocument(input.getSubNode());
-        } else {
-            doc = XMLUtils.getOwnerDocument(input.getNodeSet());
-        }
-        XMLUtils.circumventBug2650(doc);
-    }
-
-    protected void handleParent(Element e, NameSpaceSymbTable ns) {
-        if (!e.hasAttributes() && e.getNamespaceURI() == null) {
-            return;
-        }
-        xmlattrStack.push(-1);
-        NamedNodeMap attrs = e.getAttributes();
-        int attrsLength = attrs.getLength();
-        for (int i = 0; i < attrsLength; i++) {
-            Attr attribute = (Attr) attrs.item(i);
-            String NName = attribute.getLocalName();
-            String NValue = attribute.getNodeValue();
-
-            if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())) {
-                if (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
-                    ns.addMapping(NName, NValue, attribute);
-                }
-            } else if (!"id".equals(NName) && XML_LANG_URI.equals(attribute.getNamespaceURI())) {
-                xmlattrStack.addXmlnsAttr(attribute);
-            }
-        }
-        if (e.getNamespaceURI() != null) {
-            String NName = e.getPrefix();
-            String NValue = e.getNamespaceURI();
-            String Name;
-            if (NName == null || NName.equals("")) {
-                NName = "xmlns";
-                Name = "xmlns";
-            } else {
-                Name = "xmlns:" + NName;
-            }
-            Attr n = e.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", Name);
-            n.setValue(NValue);
-            ns.addMapping(NName, NValue, n);
-        }
-    }
-
-    private static String joinURI(String baseURI, String relativeURI) throws URISyntaxException {
-        String bscheme = null;
-        String bauthority = null;
-        String bpath = "";
-        String bquery = null;
-
-        // pre-parse the baseURI
-        if (baseURI != null) {
-            if (baseURI.endsWith("..")) {
-                baseURI = baseURI + "/";
-            }
-            URI base = new URI(baseURI);
-            bscheme = base.getScheme();
-            bauthority = base.getAuthority();
-            bpath = base.getPath();
-            bquery = base.getQuery();
-        }
-
-        URI r = new URI(relativeURI);
-        String rscheme = r.getScheme();
-        String rauthority = r.getAuthority();
-        String rpath = r.getPath();
-        String rquery = r.getQuery();
-
-        String tscheme, tauthority, tpath, tquery;
-        if (rscheme != null && rscheme.equals(bscheme)) {
-            rscheme = null;
-        }
-        if (rscheme != null) {
-            tscheme = rscheme;
-            tauthority = rauthority;
-            tpath = removeDotSegments(rpath);
-            tquery = rquery;
-        } else {
-            if (rauthority != null) {
-                tauthority = rauthority;
-                tpath = removeDotSegments(rpath);
-                tquery = rquery;
-            } else {
-                if (rpath.length() == 0) {
-                    tpath = bpath;
-                    if (rquery != null) {
-                        tquery = rquery;
-                    } else {
-                        tquery = bquery;
-                    }
-                } else {
-                    if (rpath.startsWith("/")) {
-                        tpath = removeDotSegments(rpath);
-                    } else {
-                        if (bauthority != null && bpath.length() == 0) {
-                            tpath = "/" + rpath;
-                        } else {
-                            int last = bpath.lastIndexOf('/');
-                            if (last == -1) {
-                                tpath = rpath;
-                            } else {
-                                tpath = bpath.substring(0, last+1) + rpath;
-                            }
-                        }
-                        tpath = removeDotSegments(tpath);
-                    }
-                    tquery = rquery;
-                }
-                tauthority = bauthority;
-            }
-            tscheme = bscheme;
-        }
-        return new URI(tscheme, tauthority, tpath, tquery, null).toString();
-    }
-
-    private static String removeDotSegments(String path) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "STEP   OUTPUT BUFFER\t\tINPUT BUFFER");
-        }
-
-        // 1. The input buffer is initialized with the now-appended path
-        // components then replace occurrences of "//" in the input buffer
-        // with "/" until no more occurrences of "//" are in the input buffer.
-        String input = path;
-        while (input.indexOf("//") > -1) {
-            input = input.replaceAll("//", "/");
-        }
-
-        // Initialize the output buffer with the empty string.
-        StringBuilder output = new StringBuilder();
-
-        // If the input buffer starts with a root slash "/" then move this
-        // character to the output buffer.
-        if (input.charAt(0) == '/') {
-            output.append("/");
-            input = input.substring(1);
-        }
-
-        printStep("1 ", output.toString(), input);
-
-        // While the input buffer is not empty, loop as follows
-        while (input.length() != 0) {
-            // 2A. If the input buffer begins with a prefix of "./",
-            // then remove that prefix from the input buffer
-            // else if the input buffer begins with a prefix of "../", then
-            // if also the output does not contain the root slash "/" only,
-            // then move this prefix to the end of the output buffer else
-            // remove that prefix
-            if (input.startsWith("./")) {
-                input = input.substring(2);
-                printStep("2A", output.toString(), input);
-            } else if (input.startsWith("../")) {
-                input = input.substring(3);
-                if (!output.toString().equals("/")) {
-                    output.append("../");
-                }
-                printStep("2A", output.toString(), input);
-                // 2B. if the input buffer begins with a prefix of "/./" or "/.",
-                // where "." is a complete path segment, then replace that prefix
-                // with "/" in the input buffer; otherwise,
-            } else if (input.startsWith("/./")) {
-                input = input.substring(2);
-                printStep("2B", output.toString(), input);
-            } else if (input.equals("/.")) {
-                // FIXME: what is complete path segment?
-                input = input.replaceFirst("/.", "/");
-                printStep("2B", output.toString(), input);
-                // 2C. if the input buffer begins with a prefix of "/../" or "/..",
-                // where ".." is a complete path segment, then replace that prefix
-                // with "/" in the input buffer and if also the output buffer is
-                // empty, last segment in the output buffer equals "../" or "..",
-                // where ".." is a complete path segment, then append ".." or "/.."
-                // for the latter case respectively to the output buffer else
-                // remove the last segment and its preceding "/" (if any) from the
-                // output buffer and if hereby the first character in the output
-                // buffer was removed and it was not the root slash then delete a
-                // leading slash from the input buffer; otherwise,
-            } else if (input.startsWith("/../")) {
-                input = input.substring(3);
-                if (output.length() == 0) {
-                    output.append("/");
-                } else if (output.toString().endsWith("../")) {
-                    output.append("..");
-                } else if (output.toString().endsWith("..")) {
-                    output.append("/..");
-                } else {
-                    int index = output.lastIndexOf("/");
-                    if (index == -1) {
-                        output = new StringBuilder();
-                        if (input.charAt(0) == '/') {
-                            input = input.substring(1);
-                        }
-                    } else {
-                        output = output.delete(index, output.length());
-                    }
-                }
-                printStep("2C", output.toString(), input);
-            } else if (input.equals("/..")) {
-                // FIXME: what is complete path segment?
-                input = input.replaceFirst("/..", "/");
-                if (output.length() == 0) {
-                    output.append("/");
-                } else if (output.toString().endsWith("../")) {
-                    output.append("..");
-                } else if (output.toString().endsWith("..")) {
-                    output.append("/..");
-                } else {
-                    int index = output.lastIndexOf("/");
-                    if (index == -1) {
-                        output = new StringBuilder();
-                        if (input.charAt(0) == '/') {
-                            input = input.substring(1);
-                        }
-                    } else {
-                        output = output.delete(index, output.length());
-                    }
-                }
-                printStep("2C", output.toString(), input);
-                // 2D. if the input buffer consists only of ".", then remove
-                // that from the input buffer else if the input buffer consists
-                // only of ".." and if the output buffer does not contain only
-                // the root slash "/", then move the ".." to the output buffer
-                // else delte it.; otherwise,
-            } else if (input.equals(".")) {
-                input = "";
-                printStep("2D", output.toString(), input);
-            } else if (input.equals("..")) {
-                if (!output.toString().equals("/")) {
-                    output.append("..");
-                }
-                input = "";
-                printStep("2D", output.toString(), input);
-                // 2E. move the first path segment (if any) in the input buffer
-                // to the end of the output buffer, including the initial "/"
-                // character (if any) and any subsequent characters up to, but not
-                // including, the next "/" character or the end of the input buffer.
-            } else {
-                int end = -1;
-                int begin = input.indexOf('/');
-                if (begin == 0) {
-                    end = input.indexOf('/', 1);
-                } else {
-                    end = begin;
-                    begin = 0;
-                }
-                String segment;
-                if (end == -1) {
-                    segment = input.substring(begin);
-                    input = "";
-                } else {
-                    segment = input.substring(begin, end);
-                    input = input.substring(end);
-                }
-                output.append(segment);
-                printStep("2E", output.toString(), input);
-            }
-        }
-
-        // 3. Finally, if the only or last segment of the output buffer is
-        // "..", where ".." is a complete path segment not followed by a slash
-        // then append a slash "/". The output buffer is returned as the result
-        // of remove_dot_segments
-        if (output.toString().endsWith("..")) {
-            output.append("/");
-            printStep("3 ", output.toString(), input);
-        }
-
-        return output.toString();
-    }
-
-    private static void printStep(String step, String output, String input) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, " " + step + ":   " + output);
-            if (output.length() == 0) {
-                log.log(java.util.logging.Level.FINE, "\t\t\t\t" + input);
-            } else {
-                log.log(java.util.logging.Level.FINE, "\t\t\t" + input);
-            }
-        }
-    }
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java
@@ -25,12 +25,11 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Sean Mullan
  */
-public class Canonicalizer11_OmitComments extends Canonicalizer11 {
+public class Canonicalizer11_OmitComments extends Canonicalizer20010315 {
 
     public Canonicalizer11_OmitComments() {
-        super(false);
+        super(false, true);
     }
 
     public final String engineGetURI() {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java
@@ -25,12 +25,11 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Sean Mullan
  */
-public class Canonicalizer11_WithComments extends Canonicalizer11 {
+public class Canonicalizer11_WithComments extends Canonicalizer20010315 {
 
     public Canonicalizer11_WithComments() {
-        super(true);
+        super(true, true);
     }
 
     public final String engineGetURI() {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java
@@ -23,11 +23,7 @@
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
+import java.io.OutputStream;
 import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
@@ -38,9 +34,9 @@
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
@@ -51,97 +47,13 @@
  * Implements <A HREF="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">Canonical
  * XML Version 1.0</A>, a W3C Recommendation from 15 March 2001.
  *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
  */
 public abstract class Canonicalizer20010315 extends CanonicalizerBase {
-    private static final String XMLNS_URI = Constants.NamespaceSpecNS;
-    private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
 
     private boolean firstCall = true;
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
-    private static class XmlAttrStack {
-        static class XmlsStackElement {
-            int level;
-            boolean rendered = false;
-            List<Attr> nodes = new ArrayList<Attr>();
-        };
-
-        int currentLevel = 0;
-        int lastlevel = 0;
-        XmlsStackElement cur;
-        List<XmlsStackElement> levels = new ArrayList<XmlsStackElement>();
-
-        void push(int level) {
-            currentLevel = level;
-            if (currentLevel == -1) {
-                return;
-            }
-            cur = null;
-            while (lastlevel >= currentLevel) {
-                levels.remove(levels.size() - 1);
-                int newSize = levels.size();
-                if (newSize == 0) {
-                    lastlevel = 0;
-                    return;
-                }
-                lastlevel = (levels.get(newSize - 1)).level;
-            }
-        }
-
-        void addXmlnsAttr(Attr n) {
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                levels.add(cur);
-                lastlevel = currentLevel;
-            }
-            cur.nodes.add(n);
-        }
-
-        void getXmlnsAttr(Collection<Attr> col) {
-            int size = levels.size() - 1;
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                lastlevel = currentLevel;
-                levels.add(cur);
-            }
-            boolean parentRendered = false;
-            XmlsStackElement e = null;
-            if (size == -1) {
-                parentRendered = true;
-            } else {
-                e = levels.get(size);
-                if (e.rendered && e.level + 1 == currentLevel) {
-                    parentRendered = true;
-                }
-            }
-            if (parentRendered) {
-                col.addAll(cur.nodes);
-                cur.rendered = true;
-                return;
-            }
-
-            Map<String, Attr> loa = new HashMap<String, Attr>();
-            for (; size >= 0; size--) {
-                e = levels.get(size);
-                Iterator<Attr> it = e.nodes.iterator();
-                while (it.hasNext()) {
-                    Attr n = it.next();
-                    if (!loa.containsKey(n.getName())) {
-                        loa.put(n.getName(), n);
-                    }
-                }
-            }
-
-            cur.rendered = true;
-            col.addAll(loa.values());
-        }
-
-    }
-
-    private XmlAttrStack xmlattrStack = new XmlAttrStack();
+    private final XmlAttrStack xmlattrStack;
+    private final boolean c14n11;
 
     /**
      * Constructor Canonicalizer20010315
@@ -149,9 +61,22 @@
      * @param includeComments
      */
     public Canonicalizer20010315(boolean includeComments) {
+        this(includeComments, false);
+    }
+
+    /**
+     * Constructor Canonicalizer20010315
+     *
+     * @param includeComments
+     * @param c14n11 Whether this is a Canonical XML 1.1 implementation or not
+     */
+    public Canonicalizer20010315(boolean includeComments, boolean c14n11) {
         super(includeComments);
+        xmlattrStack = new XmlAttrStack(c14n11);
+        this.c14n11 = c14n11;
     }
 
+
     /**
      * Always throws a CanonicalizationException because this is inclusive c14n.
      *
@@ -183,28 +108,44 @@
     }
 
     /**
-     * Returns the Attr[]s to be output for the given element.
+     * Always throws a CanonicalizationException because this is inclusive c14n.
+     *
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @return none it always fails
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException {
+
+        /** $todo$ well, should we throw UnsupportedOperationException ? */
+        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
+    }
+
+    /**
+     * Output the Attr[]s for the given element.
      * <br>
-     * The code of this method is a copy of {@link #handleAttributes(Element,
-     * NameSpaceSymbTable)},
+     * The code of this method is a copy of {@link #outputAttributes(Element,
+     * NameSpaceSymbTable, Map<String, byte[]>)},
      * whereas it takes into account that subtree-c14n is -- well -- subtree-based.
      * So if the element in question isRoot of c14n, it's parent is not in the
      * node set, as well as all other ancestors.
      *
      * @param element
      * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
     @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributesSubtree(Element element, NameSpaceSymbTable ns,
+                                           Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         if (!element.hasAttributes() && !firstCall) {
-            return null;
+            return;
         }
         // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         if (element.hasAttributes()) {
             NamedNodeMap attrs = element.getAttributes();
@@ -246,11 +187,15 @@
             firstCall = false;
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     /**
-     * Returns the Attr[]s to be output for the given element.
+     * Output the Attr[]s for the given element.
      * <br>
      * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a DOM which has
      * been prepared using {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650(
@@ -258,17 +203,17 @@
      *
      * @param element
      * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
     @Override
-    protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributes(Element element, NameSpaceSymbTable ns,
+                                    Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         // result will contain the attrs which have to be output
         xmlattrStack.push(ns.getLevel());
         boolean isRealVisible = isVisibleDO(element, ns.getLevel()) == 1;
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         if (element.hasAttributes()) {
             NamedNodeMap attrs = element.getAttributes();
@@ -283,7 +228,15 @@
                 if (!XMLNS_URI.equals(NUri)) {
                     //A non namespace definition node.
                     if (XML_LANG_URI.equals(NUri)) {
-                        xmlattrStack.addXmlnsAttr(attribute);
+                        if (c14n11 && "id".equals(NName)) {
+                            if (isRealVisible) {
+                                // treat xml:id like any other attribute
+                                // (emit it, but don't inherit it)
+                                result.add(attribute);
+                            }
+                        } else {
+                            xmlattrStack.addXmlnsAttr(attribute);
+                        }
                     } else if (isRealVisible) {
                         //The node is visible add the attribute to the list of output attributes.
                         result.add(attribute);
@@ -339,7 +292,11 @@
             ns.getUnrenderedNodes(result);
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     protected void circumventBugIfNeeded(XMLSignatureInput input)
@@ -369,11 +326,12 @@
             String NName = attribute.getLocalName();
             String NValue = attribute.getNodeValue();
 
-            if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())) {
-                if (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
+            if (XMLNS_URI.equals(attribute.getNamespaceURI())) {
+                if (!XML.equals(NName) || !XML_LANG_URI.equals(NValue)) {
                     ns.addMapping(NName, NValue, attribute);
                 }
-            } else if (XML_LANG_URI.equals(attribute.getNamespaceURI())) {
+            } else if (XML_LANG_URI.equals(attribute.getNamespaceURI())
+                && (!c14n11 || c14n11 && !"id".equals(NName))) {
                 xmlattrStack.addXmlnsAttr(attribute);
             }
         }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java
@@ -23,7 +23,8 @@
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
 import java.io.IOException;
-import java.util.Iterator;
+import java.io.OutputStream;
+import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
@@ -33,9 +34,9 @@
 import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
@@ -45,31 +46,25 @@
 /**
  * Implements &quot; <A
  * HREF="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">Exclusive XML
- * Canonicalization, Version 1.0 </A>&quot; <BR />
+ * Canonicalization, Version 1.0 </A>&quot; <p></p>
  * Credits: During restructuring of the Canonicalizer framework, Ren??
  * Kollmorgen from Software AG submitted an implementation of ExclC14n which
  * fitted into the old architecture and which based heavily on my old (and slow)
  * implementation of "Canonical XML". A big "thank you" to Ren?? for this.
- * <BR />
+ * <p></p>
  * <i>THIS </i> implementation is a complete rewrite of the algorithm.
  *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
- * @version $Revision: 1147448 $
- * @see <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/ Exclusive#">
- *          XML Canonicalization, Version 1.0</a>
+ * @see <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">
+ *          Exclusive XML Canonicalization, Version 1.0</a>
  */
 public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
 
-    private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
-    private static final String XMLNS_URI = Constants.NamespaceSpecNS;
-
     /**
-      * This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
-      * the inclusive namespaces.
-      */
+     * This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
+     * the inclusive namespaces.
+     */
     private SortedSet<String> inclusiveNSSet;
-
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
+    private boolean propagateDefaultNamespace = false;
 
     /**
      * Constructor Canonicalizer20010315Excl
@@ -82,7 +77,7 @@
 
     /**
      * Method engineCanonicalizeSubTree
-     * @inheritDoc
+     * {@inheritDoc}
      * @param rootNode
      *
      * @throws CanonicalizationException
@@ -94,7 +89,7 @@
 
     /**
      * Method engineCanonicalizeSubTree
-     *  @inheritDoc
+     *  {@inheritDoc}
      * @param rootNode
      * @param inclusiveNamespaces
      *
@@ -108,6 +103,22 @@
 
     /**
      * Method engineCanonicalizeSubTree
+     *  {@inheritDoc}
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @param propagateDefaultNamespace If true the default namespace will be propagated to the c14n-ized root element
+     *
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace
+    ) throws CanonicalizationException {
+        this.propagateDefaultNamespace = propagateDefaultNamespace;
+        return engineCanonicalizeSubTree(rootNode, inclusiveNamespaces, null);
+    }
+
+    /**
+     * Method engineCanonicalizeSubTree
      * @param rootNode
      * @param inclusiveNamespaces
      * @param excl A element to exclude from the c14n process.
@@ -137,7 +148,7 @@
 
     /**
      * Method engineCanonicalizeXPathNodeSet
-     * @inheritDoc
+     * {@inheritDoc}
      * @param xpathNodeSet
      * @param inclusiveNamespaces
      * @throws CanonicalizationException
@@ -150,11 +161,11 @@
     }
 
     @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributesSubtree(Element element, NameSpaceSymbTable ns,
+                                           Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         // The prefix visibly utilized (in the attribute or in the name) in
         // the element
@@ -193,6 +204,13 @@
                 }
             }
         }
+        if (propagateDefaultNamespace && ns.getLevel() == 1 &&
+                inclusiveNSSet.contains(XMLNS) &&
+                ns.getMappingWithoutRendered(XMLNS) == null) {
+                ns.removeMapping(XMLNS);
+                ns.addMapping(
+                    XMLNS, "", getNullNode(element.getOwnerDocument()));
+        }
         String prefix = null;
         if (element.getNamespaceURI() != null
             && !(element.getPrefix() == null || element.getPrefix().length() == 0)) {
@@ -209,20 +227,22 @@
             }
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     /**
-     * @inheritDoc
-     * @param element
-     * @throws CanonicalizationException
+     * {@inheritDoc}
      */
     @Override
-    protected final Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributes(Element element, NameSpaceSymbTable ns,
+                                    Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         // The prefix visibly utilized (in the attribute or in the name) in
         // the element
@@ -312,7 +332,11 @@
             }
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     protected void circumventBugIfNeeded(XMLSignatureInput input)
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclOmitComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclOmitComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclOmitComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclOmitComments.java
@@ -33,12 +33,12 @@
         super(false);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return false;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java
@@ -37,12 +37,12 @@
         super(true);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return true;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315OmitComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315OmitComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315OmitComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315OmitComments.java
@@ -25,7 +25,6 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Christian Geuer-Pollmann
  */
 public class Canonicalizer20010315OmitComments extends Canonicalizer20010315 {
 
@@ -37,12 +36,12 @@
         super(false);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return false;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java
@@ -25,7 +25,6 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Christian Geuer-Pollmann
  */
 public class Canonicalizer20010315WithComments extends Canonicalizer20010315 {
 
@@ -36,12 +35,12 @@
         super(true);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return true;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java
@@ -46,8 +46,9 @@
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Comment;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Document;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.w3c.dom.ProcessingInstruction;
@@ -55,12 +56,14 @@
 
 /**
  * Abstract base class for canonicalization algorithms.
- *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
+ * Please note that these implementations are NOT thread safe - please see the following JIRA for more information:
+ * https://issues.apache.org/jira/browse/SANTUARIO-463
  */
 public abstract class CanonicalizerBase extends CanonicalizerSpi {
     public static final String XML = "xml";
     public static final String XMLNS = "xmlns";
+    public static final String XMLNS_URI = Constants.NamespaceSpecNS;
+    public static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
 
     protected static final AttrCompare COMPARE = new AttrCompare();
 
@@ -96,9 +99,9 @@
     private Node excludeNode;
     private OutputStream writer = new ByteArrayOutputStream();
 
-    /**
-     * The null xmlns definition.
-     */
+   /**
+    * The null xmlns definition.
+    */
     private Attr nullNode;
 
     /**
@@ -112,7 +115,7 @@
 
     /**
      * Method engineCanonicalizeSubTree
-     * @inheritDoc
+     * {@inheritDoc}
      * @param rootNode
      * @throws CanonicalizationException
      */
@@ -123,7 +126,7 @@
 
     /**
      * Method engineCanonicalizeXPathNodeSet
-     * @inheritDoc
+     * {@inheritDoc}
      * @param xpathNodeSet
      * @throws CanonicalizationException
      */
@@ -161,14 +164,12 @@
                 }
             }
             return null;
-        } catch (CanonicalizationException ex) {
-            throw new CanonicalizationException("empty", ex);
         } catch (ParserConfigurationException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (IOException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (SAXException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 
@@ -179,6 +180,10 @@
         this.writer = writer;
     }
 
+    protected OutputStream getWriter() {
+        return writer;
+    }
+
     /**
      * Canonicalizes a Subtree node.
      *
@@ -224,9 +229,9 @@
             return null;
 
         } catch (UnsupportedEncodingException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (IOException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 
@@ -243,7 +248,7 @@
     protected final void canonicalizeSubTree(
         Node currentNode, NameSpaceSymbTable ns, Node endnode, int documentLevel
     ) throws CanonicalizationException, IOException {
-        if (isVisibleInt(currentNode) == -1) {
+        if (currentNode == null || isVisibleInt(currentNode) == -1) {
             return;
         }
         Node sibling = null;
@@ -251,7 +256,7 @@
         final OutputStream writer = this.writer;
         final Node excludeNode = this.excludeNode;
         final boolean includeComments = this.includeComments;
-        Map<String, byte[]> cache = new HashMap<String, byte[]>();
+        Map<String, byte[]> cache = new HashMap<>();
         do {
             switch (currentNode.getNodeType()) {
 
@@ -259,7 +264,8 @@
             case Node.NOTATION_NODE :
             case Node.ATTRIBUTE_NODE :
                 // illegal node type during traversal
-                throw new CanonicalizationException("empty");
+                throw new CanonicalizationException("empty",
+                                                    new Object[]{"illegal node type during traversal"});
 
             case Node.DOCUMENT_FRAGMENT_NODE :
             case Node.DOCUMENT_NODE :
@@ -294,14 +300,8 @@
                 String name = currentElement.getTagName();
                 UtfHelpper.writeByte(name, writer, cache);
 
-                Iterator<Attr> attrs = this.handleAttributesSubtree(currentElement, ns);
-                if (attrs != null) {
-                    //we output all Attrs which are available
-                    while (attrs.hasNext()) {
-                        Attr attr = attrs.next();
-                        outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
-                    }
-                }
+                outputAttributesSubtree(currentElement, ns, cache);
+
                 writer.write('>');
                 sibling = currentNode.getFirstChild();
                 if (sibling == null) {
@@ -373,9 +373,9 @@
             }
             return null;
         } catch (UnsupportedEncodingException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (IOException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 
@@ -403,9 +403,8 @@
         }
         Node sibling = null;
         Node parentNode = null;
-        OutputStream writer = this.writer;
         int documentLevel = NODE_BEFORE_DOCUMENT_ELEMENT;
-        Map<String, byte[]> cache = new HashMap<String, byte[]>();
+        Map<String, byte[]> cache = new HashMap<>();
         do {
             switch (currentNode.getNodeType()) {
 
@@ -413,7 +412,8 @@
             case Node.NOTATION_NODE :
             case Node.ATTRIBUTE_NODE :
                 // illegal node type during traversal
-                throw new CanonicalizationException("empty");
+                throw new CanonicalizationException("empty",
+                                                    new Object[]{"illegal node type during traversal"});
 
             case Node.DOCUMENT_FRAGMENT_NODE :
             case Node.DOCUMENT_NODE :
@@ -422,7 +422,7 @@
                 break;
 
             case Node.COMMENT_NODE :
-                if (this.includeComments && (isVisibleDO(currentNode, ns.getLevel()) == 1)) {
+                if (this.includeComments && isVisibleDO(currentNode, ns.getLevel()) == 1) {
                     outputCommentToWriter((Comment) currentNode, writer, documentLevel);
                 }
                 break;
@@ -438,8 +438,8 @@
                 if (isVisible(currentNode)) {
                     outputTextToWriter(currentNode.getNodeValue(), writer);
                     for (Node nextSibling = currentNode.getNextSibling();
-                        (nextSibling != null) && ((nextSibling.getNodeType() == Node.TEXT_NODE)
-                            || (nextSibling.getNodeType() == Node.CDATA_SECTION_NODE));
+                        nextSibling != null && (nextSibling.getNodeType() == Node.TEXT_NODE
+                            || nextSibling.getNodeType() == Node.CDATA_SECTION_NODE);
                         nextSibling = nextSibling.getNextSibling()) {
                         outputTextToWriter(nextSibling.getNodeValue(), writer);
                         currentNode = nextSibling;
@@ -458,7 +458,7 @@
                     sibling = currentNode.getNextSibling();
                     break;
                 }
-                currentNodeIsVisible = (i == 1);
+                currentNodeIsVisible = i == 1;
                 if (currentNodeIsVisible) {
                     ns.outputNodePush();
                     writer.write('<');
@@ -468,14 +468,8 @@
                     ns.push();
                 }
 
-                Iterator<Attr> attrs = handleAttributes(currentElement,ns);
-                if (attrs != null) {
-                    //we output all Attrs which are available
-                    while (attrs.hasNext()) {
-                        Attr attr = attrs.next();
-                        outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
-                    }
-                }
+                outputAttributes(currentElement, ns, cache);
+
                 if (currentNodeIsVisible) {
                     writer.write('>');
                 }
@@ -535,13 +529,13 @@
         if (nodeFilter != null) {
             Iterator<NodeFilter> it = nodeFilter.iterator();
             while (it.hasNext()) {
-                int i = (it.next()).isNodeIncludeDO(currentNode, level);
+                int i = it.next().isNodeIncludeDO(currentNode, level);
                 if (i != 1) {
                     return i;
                 }
             }
         }
-        if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
+        if (this.xpathNodeSet != null && !this.xpathNodeSet.contains(currentNode)) {
             return 0;
         }
         return 1;
@@ -551,13 +545,13 @@
         if (nodeFilter != null) {
             Iterator<NodeFilter> it = nodeFilter.iterator();
             while (it.hasNext()) {
-                int i = (it.next()).isNodeInclude(currentNode);
+                int i = it.next().isNodeInclude(currentNode);
                 if (i != 1) {
                     return i;
                 }
             }
         }
-        if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
+        if (this.xpathNodeSet != null && !this.xpathNodeSet.contains(currentNode)) {
             return 0;
         }
         return 1;
@@ -572,7 +566,7 @@
                 }
             }
         }
-        if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
+        if (this.xpathNodeSet != null && !this.xpathNodeSet.contains(currentNode)) {
             return false;
         }
         return true;
@@ -621,7 +615,7 @@
             return;
         }
         //Obtain all the parents of the element
-        List<Element> parents = new ArrayList<Element>();
+        List<Element> parents = new ArrayList<>();
         Node parent = n1;
         while (parent != null && Node.ELEMENT_NODE == parent.getNodeType()) {
             parents.add((Element)parent);
@@ -634,35 +628,34 @@
             handleParent(ele, ns);
         }
         parents.clear();
-        Attr nsprefix;
-        if (((nsprefix = ns.getMappingWithoutRendered(XMLNS)) != null)
-                && "".equals(nsprefix.getValue())) {
+        Attr nsprefix = ns.getMappingWithoutRendered(XMLNS);
+        if (nsprefix != null && "".equals(nsprefix.getValue())) {
             ns.addMappingAndRender(
                     XMLNS, "", getNullNode(nsprefix.getOwnerDocument()));
         }
     }
 
     /**
-     * Obtain the attributes to output for this node in XPathNodeSet c14n.
+     * Output the attributes for this node in XPathNodeSet c14n.
      *
      * @param element
      * @param ns
-     * @return the attributes nodes to output.
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
-    abstract Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException;
+    abstract void outputAttributes(Element element, NameSpaceSymbTable ns, Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException;
 
     /**
-     * Obtain the attributes to output for this node in a Subtree c14n.
+     * Output the attributes for this node in a Subtree c14n.
      *
      * @param element
      * @param ns
-     * @return the attributes nodes to output.
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
-    abstract Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException;
+    abstract void outputAttributesSubtree(Element element, NameSpaceSymbTable ns, Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException;
 
     abstract void circumventBugIfNeeded(XMLSignatureInput input)
         throws CanonicalizationException, ParserConfigurationException, IOException, SAXException;
@@ -672,13 +665,13 @@
      *
      * The string value of the node is modified by replacing
      * <UL>
-     * <LI>all ampersands (&) with <CODE>&amp;amp;</CODE></LI>
-     * <LI>all open angle brackets (<) with <CODE>&amp;lt;</CODE></LI>
-     * <LI>all quotation mark characters with <CODE>&amp;quot;</CODE></LI>
-     * <LI>and the whitespace characters <CODE>#x9</CODE>, #xA, and #xD, with character
+     * <LI>all ampersands with {@code &amp;amp;}</LI>
+     * <LI>all open angle brackets with {@code &amp;lt;}</LI>
+     * <LI>all quotation mark characters with {@code &amp;quot;}</LI>
+     * <LI>and the whitespace characters {@code #x9}, #xA, and #xD, with character
      * references. The character references are written in uppercase
-     * hexadecimal with no leading zeroes (for example, <CODE>#xD</CODE> is represented
-     * by the character reference <CODE>&amp;#xD;</CODE>)</LI>
+     * hexadecimal with no leading zeroes (for example, {@code #xD} is represented
+     * by the character reference {@code &amp;#xD;})</LI>
      * </UL>
      *
      * @param name
@@ -697,7 +690,8 @@
         final int length = value.length();
         int i = 0;
         while (i < length) {
-            char c = value.charAt(i++);
+            int c = value.codePointAt(i);
+            i += Character.charCount(c);
 
             switch (c) {
 
@@ -729,7 +723,7 @@
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
                 continue;
             }
@@ -757,15 +751,16 @@
         final String target = currentPI.getTarget();
         int length = target.length();
 
-        for (int i = 0; i < length; i++) {
-            char c = target.charAt(i);
+        for (int i = 0; i < length; ) {
+            int c = target.codePointAt(i);
+            i += Character.charCount(c);
             if (c == 0x0D) {
                 writer.write(XD.clone());
             } else {
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
             }
         }
@@ -777,12 +772,13 @@
         if (length > 0) {
             writer.write(' ');
 
-            for (int i = 0; i < length; i++) {
-                char c = data.charAt(i);
+            for (int i = 0; i < length; ) {
+                int c = data.codePointAt(i);
+                i += Character.charCount(c);
                 if (c == 0x0D) {
                     writer.write(XD.clone());
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
             }
         }
@@ -811,15 +807,16 @@
         final String data = currentComment.getData();
         final int length = data.length();
 
-        for (int i = 0; i < length; i++) {
-            char c = data.charAt(i);
+        for (int i = 0; i < length; ) {
+            int c = data.codePointAt(i);
+            i += Character.charCount(c);
             if (c == 0x0D) {
                 writer.write(XD.clone());
             } else {
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
             }
         }
@@ -842,8 +839,9 @@
     ) throws IOException {
         final int length = text.length();
         byte[] toWrite;
-        for (int i = 0; i < length; i++) {
-            char c = text.charAt(i);
+        for (int i = 0; i < length; ) {
+            int c = text.codePointAt(i);
+            i += Character.charCount(c);
 
             switch (c) {
 
@@ -867,7 +865,7 @@
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
                 continue;
             }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerPhysical.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerPhysical.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerPhysical.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerPhysical.java
@@ -24,7 +24,7 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.Iterator;
+import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
@@ -36,6 +36,7 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Comment;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
@@ -54,8 +55,6 @@
  */
 public class CanonicalizerPhysical extends CanonicalizerBase {
 
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
     /**
      * Constructor Canonicalizer20010315
      */
@@ -94,31 +93,43 @@
     }
 
     /**
-     * Returns the Attr[]s to be output for the given element.
+     * Always throws a CanonicalizationException.
+     *
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @return none it always fails
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException {
+
+        /** $todo$ well, should we throw UnsupportedOperationException ? */
+        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
+    }
+
+    /**
+     * Output the Attr[]s for the given element.
      * <br>
-     * The code of this method is a copy of {@link #handleAttributes(Element,
-     * NameSpaceSymbTable)},
+     * The code of this method is a copy of {@link #outputAttributes(Element,
+     * NameSpaceSymbTable, Map<String, byte[]>)},
      * whereas it takes into account that subtree-c14n is -- well -- subtree-based.
      * So if the element in question isRoot of c14n, it's parent is not in the
      * node set, as well as all other ancestors.
      *
      * @param element
      * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
     @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        if (!element.hasAttributes()) {
-            return null;
-        }
+    protected void outputAttributesSubtree(Element element, NameSpaceSymbTable ns,
+                                           Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
+        if (element.hasAttributes()) {
+            // result will contain all the attrs declared directly on that element
+            SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
-        // result will contain all the attrs declared directly on that element
-        final SortedSet<Attr> result = this.result;
-        result.clear();
-
-        if (element.hasAttributes()) {
             NamedNodeMap attrs = element.getAttributes();
             int attrsLength = attrs.getLength();
 
@@ -126,22 +137,19 @@
                 Attr attribute = (Attr) attrs.item(i);
                 result.add(attribute);
             }
+
+            OutputStream writer = getWriter();
+            //we output all Attrs which are available
+            for (Attr attr : result) {
+                outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+            }
         }
-
-        return result.iterator();
     }
 
-    /**
-     * Returns the Attr[]s to be output for the given element.
-     *
-     * @param element
-     * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
-     */
     @Override
-    protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributes(Element element, NameSpaceSymbTable ns,
+                                    Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
 
         /** $todo$ well, should we throw UnsupportedOperationException ? */
         throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
@@ -157,12 +165,12 @@
         // nothing to do
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_PHYSICAL;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return true;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java
@@ -35,7 +35,6 @@
  * A stack based Symbol Table.
  *<br>For speed reasons all the symbols are introduced in the same map,
  * and at the same time in a list so it can be removed when the frame is pop back.
- * @author Raul Benito
  */
 public class NameSpaceSymbTable {
 
@@ -59,7 +58,7 @@
      * Default constractor
      **/
     public NameSpaceSymbTable() {
-        level = new ArrayList<SymbMap>();
+        level = new ArrayList<>();
         //Insert the default binding for xmlns.
         symb = (SymbMap) initialMap.clone();
     }
@@ -74,7 +73,7 @@
         while (it.hasNext()) {
             NameSpaceSymbEntry n = it.next();
             //put them rendered?
-            if ((!n.rendered) && (n.n != null)) {
+            if (!n.rendered && n.n != null) {
                 n = (NameSpaceSymbEntry) n.clone();
                 needsClone();
                 symb.put(n.prefix, n);
@@ -123,7 +122,7 @@
             if (size == 0) {
                 cloned = false;
             } else {
-                cloned = (level.get(size - 1) != symb);
+                cloned = level.get(size - 1) != symb;
             }
         } else {
             cloned = false;
@@ -191,7 +190,7 @@
      **/
     public boolean addMapping(String prefix, String uri, Attr n) {
         NameSpaceSymbEntry ob = symb.get(prefix);
-        if ((ob != null) && uri.equals(ob.uri)) {
+        if (ob != null && uri.equals(ob.uri)) {
             //If we have it previously defined. Don't keep working.
             return false;
         }
@@ -203,7 +202,7 @@
             //We have a previous definition store it for the pop.
             //Check if a previous definition(not the inmidiatly one) has been rendered.
             ne.lastrendered = ob.lastrendered;
-            if ((ob.lastrendered != null) && (ob.lastrendered.equals(uri))) {
+            if (ob.lastrendered != null && ob.lastrendered.equals(uri)) {
                 //Yes it is. Mark as rendered.
                 ne.rendered = true;
             }
@@ -222,7 +221,7 @@
     public Node addMappingAndRender(String prefix, String uri, Attr n) {
         NameSpaceSymbEntry ob = symb.get(prefix);
 
-        if ((ob != null) && uri.equals(ob.uri)) {
+        if (ob != null && uri.equals(ob.uri)) {
             if (!ob.rendered) {
                 ob = (NameSpaceSymbEntry) ob.clone();
                 needsClone();
@@ -234,11 +233,11 @@
             return null;
         }
 
-        NameSpaceSymbEntry ne = new NameSpaceSymbEntry(uri,n,true,prefix);
+        NameSpaceSymbEntry ne = new NameSpaceSymbEntry(uri, n, true, prefix);
         ne.lastrendered = uri;
         needsClone();
         symb.put(prefix, ne);
-        if ((ob != null) && (ob.lastrendered != null) && (ob.lastrendered.equals(uri))) {
+        if (ob != null && ob.lastrendered != null && ob.lastrendered.equals(uri)) {
             ne.rendered = true;
             return null;
         }
@@ -304,7 +303,7 @@
         this.prefix = prefix;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public Object clone() {
         try {
             return super.clone();
@@ -312,7 +311,7 @@
             return null;
         }
     }
-};
+}
 
 class SymbMap implements Cloneable {
     int free = 23;
@@ -329,7 +328,7 @@
         Object oldKey = keys[index];
         keys[index] = key;
         entries[index] = value;
-        if ((oldKey == null || !oldKey.equals(key)) && (--free == 0)) {
+        if ((oldKey == null || !oldKey.equals(key)) && --free == 0) {
             free = entries.length;
             int newCapacity = free << 2;
             rehash(newCapacity);
@@ -337,9 +336,9 @@
     }
 
     List<NameSpaceSymbEntry> entrySet() {
-        List<NameSpaceSymbEntry> a = new ArrayList<NameSpaceSymbEntry>();
+        List<NameSpaceSymbEntry> a = new ArrayList<>();
         for (int i = 0;i < entries.length;i++) {
-            if ((entries[i] != null) && !("".equals(entries[i].uri))) {
+            if (entries[i] != null && !"".equals(entries[i].uri)) {
                 a.add(entries[i]);
             }
         }
@@ -353,21 +352,21 @@
         int index = (obj.hashCode() & 0x7fffffff) % length;
         Object cur = set[index];
 
-        if (cur == null || (cur.equals(obj))) {
+        if (cur == null || cur.equals(obj)) {
             return index;
         }
         length--;
         do {
             index = index == length ? 0 : ++index;
             cur = set[index];
-        } while (cur != null && (!cur.equals(obj)));
+        } while (cur != null && !cur.equals(obj));
         return index;
     }
 
     /**
      * rehashes the map to the new capacity.
      *
-     * @param newCapacity an <code>int</code> value
+     * @param newCapacity an {@code int} value
      */
     protected void rehash(int newCapacity) {
         int oldCapacity = keys.length;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java
@@ -24,11 +24,27 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Map;
 
-public class UtfHelpper {
+public final class UtfHelpper {
 
-    static final void writeByte(
+    /**
+     * Revert to the old behavior (version 2 or before), i.e. surrogate pairs characters becomes
+     * '??' in output. Set system property com.sun.org.apache.xml.internal.security.c14n.oldUtf8=true if you want
+     * to verify signatures generated by version 2 or before that contains 32 bit chars in the
+     * XML document.
+     */
+    private static final boolean OLD_UTF8 =
+        AccessController.doPrivileged((PrivilegedAction<Boolean>)
+            () -> Boolean.getBoolean("com.sun.org.apache.xml.internal.security.c14n.oldUtf8"));
+
+    private UtfHelpper() {
+        // complete
+    }
+
+    public static void writeByte(
         final String str,
         final OutputStream out,
         Map<String, byte[]> cache
@@ -42,12 +58,73 @@
         out.write(result);
     }
 
-    static final void writeCharToUtf8(final char c, final OutputStream out) throws IOException {
+    public static void writeCodePointToUtf8(final int c, final OutputStream out) throws IOException {
+        if (!Character.isValidCodePoint(c) || c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
+            // valid code point: c >= 0x0000 && c <= 0x10FFFF
+            out.write(0x3f);
+            return;
+        }
+        if (OLD_UTF8 && c >= Character.MIN_SUPPLEMENTARY_CODE_POINT) {
+            // version 2 or before output 2 question mark characters for 32 bit chars
+            out.write(0x3f);
+            out.write(0x3f);
+            return;
+        }
+
+        if (c < 0x80) {
+            // 0x00000000 - 0x0000007F
+            // 0xxxxxxx
+            out.write(c);
+            return;
+        }
+        byte extraByte = 0;
+        if (c < 0x800) {
+            // 0x00000080 - 0x000007FF
+            // 110xxxxx 10xxxxxx
+            extraByte = 1;
+        } else if (c < 0x10000) {
+            // 0x00000800 - 0x0000FFFF
+            // 1110xxxx 10xxxxxx 10xxxxxx
+            extraByte = 2;
+        } else if (c < 0x200000) {
+            // 0x00010000 - 0x001FFFFF
+            // 11110xxx 10xxxxx 10xxxxxx 10xxxxxx
+            extraByte = 3;
+        } else if (c < 0x4000000) {
+            // 0x00200000 - 0x03FFFFFF
+            // 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+            // already outside valid Character range, just for completeness
+            extraByte = 4;
+        } else if (c <= 0x7FFFFFFF) {
+            // 0x04000000 - 0x7FFFFFFF
+            // 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+            // already outside valid Character range, just for completeness
+            extraByte = 5;
+        } else {
+            // 0x80000000 - 0xFFFFFFFF
+            // case not possible as java has no unsigned int
+            out.write(0x3f);
+            return;
+        }
+
+        byte write;
+        int shift = 6 * extraByte;
+        write = (byte)((0xFE << (6 - extraByte)) | (c >>> shift));
+        out.write(write);
+        for (int i = extraByte - 1; i >= 0; i--) {
+            shift -= 6;
+            write = (byte)(0x80 | ((c >>> shift) & 0x3F));
+            out.write(write);
+        }
+    }
+
+    @Deprecated
+    public static void writeCharToUtf8(final char c, final OutputStream out) throws IOException {
         if (c < 0x80) {
             out.write(c);
             return;
         }
-        if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {
+        if (c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
             //No Surrogates in sun java
             out.write(0x3f);
             return;
@@ -59,7 +136,7 @@
             ch = (char)(c>>>12);
             write = 0xE0;
             if (ch > 0) {
-                write |= (ch & 0x0F);
+                write |= ch & 0x0F;
             }
             out.write(write);
             write = 0x80;
@@ -70,104 +147,149 @@
         }
         ch = (char)(c>>>6);
         if (ch > 0) {
-            write |= (ch & bias);
+            write |= ch & bias;
         }
         out.write(write);
         out.write(0x80 | ((c) & 0x3F));
 
     }
 
-    static final void writeStringToUtf8(
-        final String str,
-        final OutputStream out
-    ) throws IOException{
+    public static void writeStringToUtf8(
+        final String str, final OutputStream out
+    ) throws IOException {
         final int length = str.length();
         int i = 0;
-        char c;
+        int c;
         while (i < length) {
-            c = str.charAt(i++);
+            c = str.codePointAt(i);
+            i += Character.charCount(c);
+            if (!Character.isValidCodePoint(c) || c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
+                // valid code point: c >= 0x0000 && c <= 0x10FFFF
+                out.write(0x3f);
+                continue;
+            }
+            if (OLD_UTF8 && c >= Character.MIN_SUPPLEMENTARY_CODE_POINT) {
+                // version 2 or before output 2 question mark characters for 32 bit chars
+                out.write(0x3f);
+                out.write(0x3f);
+                continue;
+            }
             if (c < 0x80)  {
                 out.write(c);
                 continue;
             }
-            if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {
-                //No Surrogates in sun java
+            byte extraByte = 0;
+            if (c < 0x800) {
+                // 0x00000080 - 0x000007FF
+                // 110xxxxx 10xxxxxx
+                extraByte = 1;
+            } else if (c < 0x10000) {
+                // 0x00000800 - 0x0000FFFF
+                // 1110xxxx 10xxxxxx 10xxxxxx
+                extraByte = 2;
+            } else if (c < 0x200000) {
+                // 0x00010000 - 0x001FFFFF
+                // 11110xxx 10xxxxx 10xxxxxx 10xxxxxx
+                extraByte = 3;
+            } else if (c < 0x4000000) {
+                // 0x00200000 - 0x03FFFFFF
+                // 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 4;
+            } else if (c <= 0x7FFFFFFF) {
+                // 0x04000000 - 0x7FFFFFFF
+                // 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 5;
+            } else {
+                // 0x80000000 - 0xFFFFFFFF
+                // case not possible as java has no unsigned int
                 out.write(0x3f);
                 continue;
             }
-            char ch;
-            int bias;
-            int write;
-            if (c > 0x07FF) {
-                ch = (char)(c>>>12);
-                write = 0xE0;
-                if (ch > 0) {
-                    write |= (ch & 0x0F);
-                }
+            byte write;
+            int shift = 6 * extraByte;
+            write = (byte)((0xFE << (6 - extraByte)) | (c >>> shift));
+            out.write(write);
+            for (int j = extraByte - 1; j >= 0; j--) {
+                shift -= 6;
+                write = (byte)(0x80 | ((c >>> shift) & 0x3F));
                 out.write(write);
-                write = 0x80;
-                bias = 0x3F;
-            } else {
-                write = 0xC0;
-                bias = 0x1F;
             }
-            ch = (char)(c>>>6);
-            if (ch > 0) {
-                write |= (ch & bias);
-            }
-            out.write(write);
-            out.write(0x80 | ((c) & 0x3F));
 
         }
 
     }
 
-    public static final byte[] getStringInUtf8(final String str) {
+    public static byte[] getStringInUtf8(final String str) {
         final int length = str.length();
         boolean expanded = false;
         byte[] result = new byte[length];
         int i = 0;
         int out = 0;
-        char c;
+        int c;
         while (i < length) {
-            c = str.charAt(i++);
+            c = str.codePointAt(i);
+            i += Character.charCount(c);
+            if (!Character.isValidCodePoint(c) || c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
+                // valid code point: c >= 0x0000 && c <= 0x10FFFF
+                result[out++] = (byte)0x3f;
+                continue;
+            }
+            if (OLD_UTF8 && c >= Character.MIN_SUPPLEMENTARY_CODE_POINT) {
+                // version 2 or before output 2 question mark characters for 32 bit chars
+                result[out++] = (byte)0x3f;
+                result[out++] = (byte)0x3f;
+                continue;
+            }
             if (c < 0x80) {
                 result[out++] = (byte)c;
                 continue;
             }
-            if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {
-                //No Surrogates in sun java
-                result[out++] = 0x3f;
-                continue;
-            }
             if (!expanded) {
-                byte newResult[] = new byte[3*length];
+                byte newResult[] = new byte[6*length];
                 System.arraycopy(result, 0, newResult, 0, out);
                 result = newResult;
                 expanded = true;
             }
-            char ch;
-            int bias;
+            byte extraByte = 0;
+            if (c < 0x800) {
+                // 0x00000080 - 0x000007FF
+                // 110xxxxx 10xxxxxx
+                extraByte = 1;
+            } else if (c < 0x10000) {
+                // 0x00000800 - 0x0000FFFF
+                // 1110xxxx 10xxxxxx 10xxxxxx
+                extraByte = 2;
+            } else if (c < 0x200000) {
+                // 0x00010000 - 0x001FFFFF
+                // 11110xxx 10xxxxx 10xxxxxx 10xxxxxx
+                extraByte = 3;
+            } else if (c < 0x4000000) {
+                // 0x00200000 - 0x03FFFFFF
+                // 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 4;
+            } else if (c <= 0x7FFFFFFF) {
+                // 0x04000000 - 0x7FFFFFFF
+                // 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 5;
+            } else {
+                // 0x80000000 - 0xFFFFFFFF
+                // case not possible as java has no unsigned int
+                result[out++] = 0x3f;
+                continue;
+            }
             byte write;
-            if (c > 0x07FF) {
-                ch = (char)(c>>>12);
-                write = (byte)0xE0;
-                if (ch > 0) {
-                    write |= (ch & 0x0F);
-                }
+            int shift = 6 * extraByte;
+            write = (byte)((0xFE << (6 - extraByte)) | (c >>> shift));
+            result[out++] = write;
+            for (int j = extraByte - 1; j >= 0; j--) {
+                shift -= 6;
+                write = (byte)(0x80 | ((c >>> shift) & 0x3F));
                 result[out++] = write;
-                write = (byte)0x80;
-                bias = 0x3F;
-            } else {
-                write = (byte)0xC0;
-                bias = 0x1F;
             }
-            ch = (char)(c>>>6);
-            if (ch > 0) {
-                write |= (ch & bias);
-            }
-            result[out++] = write;
-            result[out++] = (byte)(0x80 | ((c) & 0x3F));
         }
         if (expanded) {
             byte newResult[] = new byte[out];
@@ -176,5 +298,4 @@
         }
         return result;
     }
-
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/XmlAttrStack.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/XmlAttrStack.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/XmlAttrStack.java
@@ -0,0 +1,412 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Attr;
+
+/**
+ * An XmlAttrStack that is shared between the Canonical XML 1.0 and 1.1 implementations.
+ */
+class XmlAttrStack {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XmlAttrStack.class);
+
+    static class XmlsStackElement {
+        int level;
+        boolean rendered = false;
+        List<Attr> nodes = new ArrayList<>();
+    }
+
+    private int currentLevel = 0;
+    private int lastlevel = 0;
+    private XmlsStackElement cur;
+    private List<XmlsStackElement> levels = new ArrayList<>();
+    private boolean c14n11;
+
+    public XmlAttrStack(boolean c14n11) {
+        this.c14n11 = c14n11;
+    }
+
+    void push(int level) {
+        currentLevel = level;
+        if (currentLevel == -1) {
+            return;
+        }
+        cur = null;
+        while (lastlevel >= currentLevel) {
+            levels.remove(levels.size() - 1);
+            int newSize = levels.size();
+            if (newSize == 0) {
+                lastlevel = 0;
+                return;
+            }
+            lastlevel = levels.get(newSize - 1).level;
+        }
+    }
+
+    void addXmlnsAttr(Attr n) {
+        if (cur == null) {
+            cur = new XmlsStackElement();
+            cur.level = currentLevel;
+            levels.add(cur);
+            lastlevel = currentLevel;
+        }
+        cur.nodes.add(n);
+    }
+
+    void getXmlnsAttr(Collection<Attr> col) {
+        int size = levels.size() - 1;
+        if (cur == null) {
+            cur = new XmlsStackElement();
+            cur.level = currentLevel;
+            lastlevel = currentLevel;
+            levels.add(cur);
+        }
+        boolean parentRendered = false;
+        XmlsStackElement e = null;
+        if (size == -1) {
+            parentRendered = true;
+        } else {
+            e = levels.get(size);
+            if (e.rendered && e.level + 1 == currentLevel) {
+                parentRendered = true;
+            }
+        }
+        if (parentRendered) {
+            col.addAll(cur.nodes);
+            cur.rendered = true;
+            return;
+        }
+
+        Map<String, Attr> loa = new HashMap<>();
+        if (c14n11) {
+            List<Attr> baseAttrs = new ArrayList<>();
+            boolean successiveOmitted = true;
+            for (; size >= 0; size--) {
+                e = levels.get(size);
+                if (e.rendered) {
+                    successiveOmitted = false;
+                }
+                Iterator<Attr> it = e.nodes.iterator();
+                while (it.hasNext() && successiveOmitted) {
+                    Attr n = it.next();
+                    if (n.getLocalName().equals("base") && !e.rendered) {
+                        baseAttrs.add(n);
+                    } else if (!loa.containsKey(n.getName())) {
+                        loa.put(n.getName(), n);
+                    }
+                }
+            }
+            if (!baseAttrs.isEmpty()) {
+                Iterator<Attr> it = col.iterator();
+                String base = null;
+                Attr baseAttr = null;
+                while (it.hasNext()) {
+                    Attr n = it.next();
+                    if (n.getLocalName().equals("base")) {
+                        base = n.getValue();
+                        baseAttr = n;
+                        break;
+                    }
+                }
+                it = baseAttrs.iterator();
+                while (it.hasNext()) {
+                    Attr n = it.next();
+                    if (base == null) {
+                        base = n.getValue();
+                        baseAttr = n;
+                    } else {
+                        try {
+                            base = joinURI(n.getValue(), base);
+                        } catch (URISyntaxException ue) {
+                            LOG.debug(ue.getMessage(), ue);
+                        }
+                    }
+                }
+                if (base != null && base.length() != 0) {
+                    baseAttr.setValue(base);
+                    col.add(baseAttr);
+                }
+            }
+        } else {
+            for (; size >= 0; size--) {
+                e = levels.get(size);
+                Iterator<Attr> it = e.nodes.iterator();
+                while (it.hasNext()) {
+                    Attr n = it.next();
+                    if (!loa.containsKey(n.getName())) {
+                        loa.put(n.getName(), n);
+                    }
+                }
+            }
+        }
+
+        cur.rendered = true;
+        col.addAll(loa.values());
+    }
+
+    private static String joinURI(String baseURI, String relativeURI) throws URISyntaxException {
+        String bscheme = null;
+        String bauthority = null;
+        String bpath = "";
+        String bquery = null;
+
+        // pre-parse the baseURI
+        if (baseURI != null) {
+            if (baseURI.endsWith("..")) {
+                baseURI = baseURI + "/";
+            }
+            URI base = new URI(baseURI);
+            bscheme = base.getScheme();
+            bauthority = base.getAuthority();
+            bpath = base.getPath();
+            bquery = base.getQuery();
+        }
+
+        URI r = new URI(relativeURI);
+        String rscheme = r.getScheme();
+        String rauthority = r.getAuthority();
+        String rpath = r.getPath();
+        String rquery = r.getQuery();
+
+        String tscheme, tauthority, tpath, tquery;
+        if (rscheme != null && rscheme.equals(bscheme)) {
+            rscheme = null;
+        }
+        if (rscheme != null) {
+            tscheme = rscheme;
+            tauthority = rauthority;
+            tpath = removeDotSegments(rpath);
+            tquery = rquery;
+        } else {
+            if (rauthority != null) {
+                tauthority = rauthority;
+                tpath = removeDotSegments(rpath);
+                tquery = rquery;
+            } else {
+                if (rpath.length() == 0) {
+                    tpath = bpath;
+                    if (rquery != null) {
+                        tquery = rquery;
+                    } else {
+                        tquery = bquery;
+                    }
+                } else {
+                    if (rpath.startsWith("/")) {
+                        tpath = removeDotSegments(rpath);
+                    } else {
+                        if (bauthority != null && bpath.length() == 0) {
+                            tpath = "/" + rpath;
+                        } else {
+                            int last = bpath.lastIndexOf('/');
+                            if (last == -1) {
+                                tpath = rpath;
+                            } else {
+                                tpath = bpath.substring(0, last+1) + rpath;
+                            }
+                        }
+                        tpath = removeDotSegments(tpath);
+                    }
+                    tquery = rquery;
+                }
+                tauthority = bauthority;
+            }
+            tscheme = bscheme;
+        }
+        return new URI(tscheme, tauthority, tpath, tquery, null).toString();
+    }
+
+    private static String removeDotSegments(String path) {
+        LOG.debug("STEP OUTPUT BUFFER\t\tINPUT BUFFER");
+
+        // 1. The input buffer is initialized with the now-appended path
+        // components then replace occurrences of "//" in the input buffer
+        // with "/" until no more occurrences of "//" are in the input buffer.
+        String input = path;
+        while (input.indexOf("//") > -1) {
+            input = input.replaceAll("//", "/");
+        }
+
+        // Initialize the output buffer with the empty string.
+        StringBuilder output = new StringBuilder();
+
+        // If the input buffer starts with a root slash "/" then move this
+        // character to the output buffer.
+        if (input.charAt(0) == '/') {
+            output.append("/");
+            input = input.substring(1);
+        }
+
+        printStep("1 ", output.toString(), input);
+
+        // While the input buffer is not empty, loop as follows
+        while (input.length() != 0) {
+            // 2A. If the input buffer begins with a prefix of "./",
+            // then remove that prefix from the input buffer
+            // else if the input buffer begins with a prefix of "../", then
+            // if also the output does not contain the root slash "/" only,
+            // then move this prefix to the end of the output buffer else
+            // remove that prefix
+            if (input.startsWith("./")) {
+                input = input.substring(2);
+                printStep("2A", output.toString(), input);
+            } else if (input.startsWith("../")) {
+                input = input.substring(3);
+                if (!output.toString().equals("/")) {
+                    output.append("../");
+                }
+                printStep("2A", output.toString(), input);
+                // 2B. if the input buffer begins with a prefix of "/./" or "/.",
+                // where "." is a complete path segment, then replace that prefix
+                // with "/" in the input buffer; otherwise,
+            } else if (input.startsWith("/./")) {
+                input = input.substring(2);
+                printStep("2B", output.toString(), input);
+            } else if (input.equals("/.")) {
+                // FIXME: what is complete path segment?
+                input = input.replaceFirst("/.", "/");
+                printStep("2B", output.toString(), input);
+                // 2C. if the input buffer begins with a prefix of "/../" or "/..",
+                // where ".." is a complete path segment, then replace that prefix
+                // with "/" in the input buffer and if also the output buffer is
+                // empty, last segment in the output buffer equals "../" or "..",
+                // where ".." is a complete path segment, then append ".." or "/.."
+                // for the latter case respectively to the output buffer else
+                // remove the last segment and its preceding "/" (if any) from the
+                // output buffer and if hereby the first character in the output
+                // buffer was removed and it was not the root slash then delete a
+                // leading slash from the input buffer; otherwise,
+            } else if (input.startsWith("/../")) {
+                input = input.substring(3);
+                if (output.length() == 0) {
+                    output.append("/");
+                } else if (output.toString().endsWith("../")) {
+                    output.append("..");
+                } else if (output.toString().endsWith("..")) {
+                    output.append("/..");
+                } else {
+                    int index = output.lastIndexOf("/");
+                    if (index == -1) {
+                        output = new StringBuilder();
+                        if (input.charAt(0) == '/') {
+                            input = input.substring(1);
+                        }
+                    } else {
+                        output = output.delete(index, output.length());
+                    }
+                }
+                printStep("2C", output.toString(), input);
+            } else if (input.equals("/..")) {
+                // FIXME: what is complete path segment?
+                input = input.replaceFirst("/..", "/");
+                if (output.length() == 0) {
+                    output.append("/");
+                } else if (output.toString().endsWith("../")) {
+                    output.append("..");
+                } else if (output.toString().endsWith("..")) {
+                    output.append("/..");
+                } else {
+                    int index = output.lastIndexOf("/");
+                    if (index == -1) {
+                        output = new StringBuilder();
+                        if (input.charAt(0) == '/') {
+                            input = input.substring(1);
+                        }
+                    } else {
+                        output = output.delete(index, output.length());
+                    }
+                }
+                printStep("2C", output.toString(), input);
+                // 2D. if the input buffer consists only of ".", then remove
+                // that from the input buffer else if the input buffer consists
+                // only of ".." and if the output buffer does not contain only
+                // the root slash "/", then move the ".." to the output buffer
+                // else delte it.; otherwise,
+            } else if (input.equals(".")) {
+                input = "";
+                printStep("2D", output.toString(), input);
+            } else if (input.equals("..")) {
+                if (!output.toString().equals("/")) {
+                    output.append("..");
+                }
+                input = "";
+                printStep("2D", output.toString(), input);
+                // 2E. move the first path segment (if any) in the input buffer
+                // to the end of the output buffer, including the initial "/"
+                // character (if any) and any subsequent characters up to, but not
+                // including, the next "/" character or the end of the input buffer.
+            } else {
+                int end = -1;
+                int begin = input.indexOf('/');
+                if (begin == 0) {
+                    end = input.indexOf('/', 1);
+                } else {
+                    end = begin;
+                    begin = 0;
+                }
+                String segment;
+                if (end == -1) {
+                    segment = input.substring(begin);
+                    input = "";
+                } else {
+                    segment = input.substring(begin, end);
+                    input = input.substring(end);
+                }
+                output.append(segment);
+                printStep("2E", output.toString(), input);
+            }
+        }
+
+        // 3. Finally, if the only or last segment of the output buffer is
+        // "..", where ".." is a complete path segment not followed by a slash
+        // then append a slash "/". The output buffer is returned as the result
+        // of remove_dot_segments
+        if (output.toString().endsWith("..")) {
+            output.append("/");
+            printStep("3 ", output.toString(), input);
+        }
+
+        return output.toString();
+    }
+
+    private static void printStep(String step, String output, String input) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(" " + step + ":   " + output);
+            if (output.length() == 0) {
+                LOG.debug("\t\t\t\t" + input);
+            } else {
+                LOG.debug("\t\t\t" + input);
+            }
+        }
+    }
+}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML> <HEAD> </HEAD> <BODY> <P>
-canonicalization implementations.
-</P></BODY> </HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-Canonicalization related material and algorithms.
-</P></BODY></HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AbstractSerializer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AbstractSerializer.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AbstractSerializer.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Map;
-
-import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- *
- * An abstract class for common Serializer functionality
- */
-public abstract class AbstractSerializer implements Serializer {
-
-    protected Canonicalizer canon;
-
-    public void setCanonicalizer(Canonicalizer canon) {
-        this.canon = canon;
-    }
-
-    /**
-     * Returns a <code>String</code> representation of the specified
-     * <code>Element</code>.
-     * <p/>
-     * Refer also to comments about setup of format.
-     *
-     * @param element the <code>Element</code> to serialize.
-     * @return the <code>String</code> representation of the serilaized
-     *   <code>Element</code>.
-     * @throws Exception
-     */
-    public String serialize(Element element) throws Exception {
-        return canonSerialize(element);
-    }
-
-    /**
-     * Returns a <code>byte[]</code> representation of the specified
-     * <code>Element</code>.
-     *
-     * @param element the <code>Element</code> to serialize.
-     * @return the <code>byte[]</code> representation of the serilaized
-     *   <code>Element</code>.
-     * @throws Exception
-     */
-    public byte[] serializeToByteArray(Element element) throws Exception {
-        return canonSerializeToByteArray(element);
-    }
-
-    /**
-     * Returns a <code>String</code> representation of the specified
-     * <code>NodeList</code>.
-     * <p/>
-     * This is a special case because the NodeList may represent a
-     * <code>DocumentFragment</code>. A document fragment may be a
-     * non-valid XML document (refer to appropriate description of
-     * W3C) because it my start with a non-element node, e.g. a text
-     * node.
-     * <p/>
-     * The methods first converts the node list into a document fragment.
-     * Special care is taken to not destroy the current document, thus
-     * the method clones the nodes (deep cloning) before it appends
-     * them to the document fragment.
-     * <p/>
-     * Refer also to comments about setup of format.
-     *
-     * @param content the <code>NodeList</code> to serialize.
-     * @return the <code>String</code> representation of the serialized
-     *   <code>NodeList</code>.
-     * @throws Exception
-     */
-    public String serialize(NodeList content) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        for (int i = 0; i < content.getLength(); i++) {
-            canon.canonicalizeSubtree(content.item(i));
-        }
-        String ret = baos.toString("UTF-8");
-        baos.reset();
-        return ret;
-    }
-
-    /**
-     * Returns a <code>byte[]</code> representation of the specified
-     * <code>NodeList</code>.
-     *
-     * @param content the <code>NodeList</code> to serialize.
-     * @return the <code>byte[]</code> representation of the serialized
-     *   <code>NodeList</code>.
-     * @throws Exception
-     */
-    public byte[] serializeToByteArray(NodeList content) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        for (int i = 0; i < content.getLength(); i++) {
-            canon.canonicalizeSubtree(content.item(i));
-        }
-        return baos.toByteArray();
-    }
-
-    /**
-     * Use the Canonicalizer to serialize the node
-     * @param node
-     * @return the canonicalization of the node
-     * @throws Exception
-     */
-    public String canonSerialize(Node node) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        canon.canonicalizeSubtree(node);
-        String ret = baos.toString("UTF-8");
-        baos.reset();
-        return ret;
-    }
-
-    /**
-     * Use the Canonicalizer to serialize the node
-     * @param node
-     * @return the (byte[]) canonicalization of the node
-     * @throws Exception
-     */
-    public byte[] canonSerializeToByteArray(Node node) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        canon.canonicalizeSubtree(node);
-        return baos.toByteArray();
-    }
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public abstract Node deserialize(String source, Node ctx) throws XMLEncryptionException;
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public abstract Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException;
-
-    protected static byte[] createContext(byte[] source, Node ctx) throws XMLEncryptionException {
-        // Create the context to parse the document against
-        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
-        try {
-            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream, "UTF-8");
-            outputStreamWriter.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?><dummy");
-
-            // Run through each node up to the document node and find any xmlns: nodes
-            Map<String, String> storedNamespaces = new HashMap<String, String>();
-            Node wk = ctx;
-            while (wk != null) {
-                NamedNodeMap atts = wk.getAttributes();
-                if (atts != null) {
-                    for (int i = 0; i < atts.getLength(); ++i) {
-                        Node att = atts.item(i);
-                        String nodeName = att.getNodeName();
-                        if ((nodeName.equals("xmlns") || nodeName.startsWith("xmlns:"))
-                                && !storedNamespaces.containsKey(att.getNodeName())) {
-                            outputStreamWriter.write(" ");
-                            outputStreamWriter.write(nodeName);
-                            outputStreamWriter.write("=\"");
-                            outputStreamWriter.write(att.getNodeValue());
-                            outputStreamWriter.write("\"");
-                            storedNamespaces.put(nodeName, att.getNodeValue());
-                        }
-                    }
-                }
-                wk = wk.getParentNode();
-            }
-            outputStreamWriter.write(">");
-            outputStreamWriter.flush();
-            byteArrayOutputStream.write(source);
-
-            outputStreamWriter.write("</dummy>");
-            outputStreamWriter.close();
-
-            return byteArrayOutputStream.toByteArray();
-        } catch (UnsupportedEncodingException e) {
-            throw new XMLEncryptionException("empty", e);
-        } catch (IOException e) {
-            throw new XMLEncryptionException("empty", e);
-        }
-    }
-
-    protected static String createContext(String source, Node ctx) {
-        // Create the context to parse the document against
-        StringBuilder sb = new StringBuilder();
-        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><dummy");
-
-        // Run through each node up to the document node and find any xmlns: nodes
-        Map<String, String> storedNamespaces = new HashMap<String, String>();
-        Node wk = ctx;
-        while (wk != null) {
-            NamedNodeMap atts = wk.getAttributes();
-            if (atts != null) {
-                for (int i = 0; i < atts.getLength(); ++i) {
-                    Node att = atts.item(i);
-                    String nodeName = att.getNodeName();
-                    if ((nodeName.equals("xmlns") || nodeName.startsWith("xmlns:"))
-                        && !storedNamespaces.containsKey(att.getNodeName())) {
-                        sb.append(" " + nodeName + "=\"" + att.getNodeValue() + "\"");
-                        storedNamespaces.put(nodeName, att.getNodeValue());
-                    }
-                }
-            }
-            wk = wk.getParentNode();
-        }
-        sb.append(">" + source + "</dummy>");
-        return sb.toString();
-    }
-
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
-import org.w3c.dom.Element;
-
-/**
- * A Key Agreement algorithm provides for the derivation of a shared secret key
- * based on a shared secret computed from certain types of compatible public
- * keys from both the sender and the recipient. Information from the originator
- * to determine the secret is indicated by an optional OriginatorKeyInfo
- * parameter child of an {@code AgreementMethod} element while that
- * associated with the recipient is indicated by an optional RecipientKeyInfo. A
- * shared key is derived from this shared secret by a method determined by the
- * Key Agreement algorithm.
- * <p>
- * <b>Note:</b> XML Encryption does not provide an on-line key agreement
- * negotiation protocol. The {@code AgreementMethod} element can be used by
- * the originator to identify the keys and computational procedure that were
- * used to obtain a shared encryption key. The method used to obtain or select
- * the keys or algorithm used for the agreement computation is beyond the scope
- * of this specification.
- * <p>
- * The {@code AgreementMethod} element appears as the content of a
- * {@code ds:KeyInfo} since, like other {@code ds:KeyInfo} children,
- * it yields a key. This {@code ds:KeyInfo} is in turn a child of an
- * {@code EncryptedData} or {@code EncryptedKey} element. The
- * Algorithm attribute and KeySize child of the {@code EncryptionMethod}
- * element under this {@code EncryptedData} or {@code EncryptedKey}
- * element are implicit parameters to the key agreement computation. In cases
- * where this {@code EncryptionMethod} algorithm {@code URI} is
- * insufficient to determine the key length, a KeySize MUST have been included.
- * In addition, the sender may place a KA-Nonce element under
- * {@code AgreementMethod} to assure that different keying material is
- * generated even for repeated agreements using the same sender and recipient
- * public keys.
- * <p>
- * If the agreed key is being used to wrap a key, then
- * {@code AgreementMethod} would appear inside a {@code ds:KeyInfo}
- * inside an {@code EncryptedKey} element.
- * <p>
- * The Schema for AgreementMethod is as follows:
- * <pre>{@code
- * <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
- * <complexType name="AgreementMethodType" mixed="true">
- *     <sequence>
- *         <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
- *         <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
- *         <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- *         <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- *         <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- *     </sequence>
- *     <attribute name="Algorithm" type="anyURI" use="required"/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface AgreementMethod {
-
-    /**
-     * Returns a {@code byte} array.
-     * @return a {@code byte} array.
-     */
-    byte[] getKANonce();
-
-    /**
-     * Sets the KANonce.jj
-     * @param kanonce
-     */
-    void setKANonce(byte[] kanonce);
-
-    /**
-     * Returns additional information regarding the {@code AgreementMethod}.
-     * @return additional information regarding the {@code AgreementMethod}.
-     */
-    Iterator<Element> getAgreementMethodInformation();
-
-    /**
-     * Adds additional {@code AgreementMethod} information.
-     *
-     * @param info a {@code Element} that represents additional information
-     * specified by
-     *   <pre>{@code
-     *     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-     *   }</pre>
-     */
-    void addAgreementMethodInformation(Element info);
-
-    /**
-     * Removes additional {@code AgreementMethod} information.
-     *
-     * @param info a {@code Element} that represents additional information
-     * specified by
-     *   <pre>{@code
-     *     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-     *   }</pre>
-     */
-    void revoveAgreementMethodInformation(Element info);
-
-    /**
-     * Returns information relating to the originator's shared secret.
-     *
-     * @return information relating to the originator's shared secret.
-     */
-    KeyInfo getOriginatorKeyInfo();
-
-    /**
-     * Sets the information relating to the originator's shared secret.
-     *
-     * @param keyInfo information relating to the originator's shared secret.
-     */
-    void setOriginatorKeyInfo(KeyInfo keyInfo);
-
-    /**
-     * Returns information relating to the recipient's shared secret.
-     *
-     * @return information relating to the recipient's shared secret.
-     */
-    KeyInfo getRecipientKeyInfo();
-
-    /**
-     * Sets the information relating to the recipient's shared secret.
-     *
-     * @param keyInfo information relating to the recipient's shared secret.
-     */
-    void setRecipientKeyInfo(KeyInfo keyInfo);
-
-    /**
-     * Returns the algorithm URI of this {@code CryptographicMethod}.
-     *
-     * @return the algorithm URI of this {@code CryptographicMethod}
-     */
-    String getAlgorithm();
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherData.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherData.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * {@code CipherData} provides encrypted data. It must either contain the
- * encrypted octet sequence as base64 encoded text of the
- * {@code CipherValue} element, or provide a reference to an external
- * location containing the encrypted octet sequence via the
- * {@code CipherReference} element.
- * <p>
- * The schema definition is as follows:
- * <pre>{@code
- * <element name='CipherData' type='xenc:CipherDataType'/>
- * <complexType name='CipherDataType'>
- *     <choice>
- *         <element name='CipherValue' type='base64Binary'/>
- *         <element ref='xenc:CipherReference'/>
- *     </choice>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface CipherData {
-
-    /** VALUE_TYPE ASN */
-    int VALUE_TYPE = 0x00000001;
-
-    /** REFERENCE_TYPE ASN */
-    int REFERENCE_TYPE = 0x00000002;
-
-    /**
-     * Returns the type of encrypted data contained in the
-     * {@code CipherData}.
-     *
-     * @return {@code VALUE_TYPE} if the encrypted data is contained as
-     *   {@code CipherValue} or {@code REFERENCE_TYPE} if the
-     *   encrypted data is contained as {@code CipherReference}.
-     */
-    int getDataType();
-
-    /**
-     * Returns the cipher value as a base64 encoded {@code byte} array.
-     *
-     * @return the {@code CipherData}'s value.
-     */
-    CipherValue getCipherValue();
-
-    /**
-     * Sets the {@code CipherData}'s value.
-     *
-     * @param value the value of the {@code CipherData}.
-     * @throws XMLEncryptionException
-     */
-    void setCipherValue(CipherValue value) throws XMLEncryptionException;
-
-    /**
-     * Returns a reference to an external location containing the encrypted
-     * octet sequence ({@code byte} array).
-     *
-     * @return the reference to an external location containing the encrypted
-     * octet sequence.
-     */
-    CipherReference getCipherReference();
-
-    /**
-     * Sets the {@code CipherData}'s reference.
-     *
-     * @param reference an external location containing the encrypted octet sequence.
-     * @throws XMLEncryptionException
-     */
-    void setCipherReference(CipherReference reference) throws XMLEncryptionException;
-}
-
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import org.w3c.dom.Attr;
-
-/**
- * {@code CipherReference} identifies a source which, when processed,
- * yields the encrypted octet sequence.
- * <p>
- * The actual value is obtained as follows. The {@code CipherReference URI}
- * contains an identifier that is dereferenced. Should the
- * Transforms, the data resulting from dereferencing the {@code URI} is
- * transformed as specified so as to yield the intended cipher value. For
- * example, if the value is base64 encoded within an XML document; the
- * transforms could specify an XPath expression followed by a base64 decoding so
- * as to extract the octets.
- * <p>
- * The syntax of the {@code URI} and Transforms is similar to that of
- * [XML-DSIG]. However, there is a difference between signature and encryption
- * processing. In [XML-DSIG] both generation and validation processing start
- * with the same source data and perform that transform in the same order. In
- * encryption, the decryptor has only the cipher data and the specified
- * transforms are enumerated for the decryptor, in the order necessary to obtain
- * the octets. Consequently, because it has different semantics Transforms is in
- * the &xenc; namespace.
- * <p>
- * The schema definition is as follows:
- * <pre>{@code
- * <element name='CipherReference' type='xenc:CipherReferenceType'/>
- * <complexType name='CipherReferenceType'>
- *     <sequence>
- *         <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
- *     </sequence>
- *     <attribute name='URI' type='anyURI' use='required'/>
- * </complexType>
- * }<pre>
- *
- * @author Axl Mattheus
- */
-public interface CipherReference {
-    /**
-     * Returns an {@code URI} that contains an identifier that should be
-     * dereferenced.
-     * @return an {@code URI} that contains an identifier that should be
-     * dereferenced.
-     */
-    String getURI();
-
-    /**
-     * Gets the URI as an Attribute node.  Used to meld the CipherReference
-     * with the XMLSignature ResourceResolvers
-     * @return the URI as an Attribute node
-     */
-    Attr getURIAsAttr();
-
-    /**
-     * Returns the {@code Transforms} that specifies how to transform the
-     * {@code URI} to yield the appropriate cipher value.
-     *
-     * @return the transform that specifies how to transform the reference to
-     *   yield the intended cipher value.
-     */
-    Transforms getTransforms();
-
-    /**
-     * Sets the {@code Transforms} that specifies how to transform the
-     * {@code URI} to yield the appropriate cipher value.
-     *
-     * @param transforms the set of {@code Transforms} that specifies how
-     *   to transform the reference to yield the intended cipher value.
-     */
-    void setTransforms(Transforms transforms);
-}
-
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherValue.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherValue.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherValue.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * <code>CipherValue</code> is the wrapper for cipher text.
- *
- * @author Axl Mattheus
- */
-public interface CipherValue {
-    /**
-     * Returns the Base 64 encoded, encrypted octets that is the
-     * <code>CipherValue</code>.
-     *
-     * @return cipher value.
-     */
-    String getValue();
-
-    /**
-     * Sets the Base 64 encoded, encrypted octets that is the
-     * <code>CipherValue</code>.
-     *
-     * @param value the cipher value.
-     */
-    void setValue(String value);
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/DocumentSerializer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/DocumentSerializer.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/DocumentSerializer.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.StringReader;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- */
-public class DocumentSerializer extends AbstractSerializer {
-
-    protected DocumentBuilderFactory dbf;
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException {
-        byte[] fragment = createContext(source, ctx);
-        return deserialize(ctx, new InputSource(new ByteArrayInputStream(fragment)));
-    }
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public Node deserialize(String source, Node ctx) throws XMLEncryptionException {
-        String fragment = createContext(source, ctx);
-        return deserialize(ctx, new InputSource(new StringReader(fragment)));
-    }
-
-    /**
-     * @param ctx
-     * @param inputSource
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    private Node deserialize(Node ctx, InputSource inputSource) throws XMLEncryptionException {
-        try {
-            if (dbf == null) {
-                dbf = DocumentBuilderFactory.newInstance();
-                dbf.setNamespaceAware(true);
-                dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-                dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
-                dbf.setValidating(false);
-            }
-            DocumentBuilder db = dbf.newDocumentBuilder();
-            Document d = db.parse(inputSource);
-
-            Document contextDocument = null;
-            if (Node.DOCUMENT_NODE == ctx.getNodeType()) {
-                contextDocument = (Document)ctx;
-            } else {
-                contextDocument = ctx.getOwnerDocument();
-            }
-
-            Element fragElt =
-                    (Element) contextDocument.importNode(d.getDocumentElement(), true);
-            DocumentFragment result = contextDocument.createDocumentFragment();
-            Node child = fragElt.getFirstChild();
-            while (child != null) {
-                fragElt.removeChild(child);
-                result.appendChild(child);
-                child = fragElt.getFirstChild();
-            }
-            return result;
-        } catch (SAXException se) {
-            throw new XMLEncryptionException("empty", se);
-        } catch (ParserConfigurationException pce) {
-            throw new XMLEncryptionException("empty", pce);
-        } catch (IOException ioe) {
-            throw new XMLEncryptionException("empty", ioe);
-        }
-    }
-
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedData.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedData.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * The {@code EncryptedData} element is the core element in the syntax. Not
- * only does its {@code CipherData} child contain the encrypted data, but
- * it's also the element that replaces the encrypted element, or serves as the
- * new document root.
- * <p>
- * It's schema definition is as follows:
- * <p>
- * <pre>{@code
- * <element name='EncryptedData' type='xenc:EncryptedDataType'/>
- * <complexType name='EncryptedDataType'>
- *     <complexContent>
- *         <extension base='xenc:EncryptedType'/>
- *     </complexContent>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedData extends EncryptedType {
-}
-
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedKey.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedKey.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedKey.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * The {@code EncryptedKey} element is used to transport encryption keys
- * from the originator to a known recipient(s). It may be used as a stand-alone
- * XML document, be placed within an application document, or appear inside an
- * {@code EncryptedData} element as a child of a {@code ds:KeyInfo}
- * element. The key value is always encrypted to the recipient(s). When
- * {@code EncryptedKey} is decrypted the resulting octets are made
- * available to the {@code EncryptionMethod} algorithm without any
- * additional processing.
- * <p>
- * Its schema definition is as follows:
- * <pre>{@code
- * <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
- * <complexType name='EncryptedKeyType'>
- *     <complexContent>
- *         <extension base='xenc:EncryptedType'>
- *             <sequence>
- *                 <element ref='xenc:ReferenceList' minOccurs='0'/>
- *                 <element name='CarriedKeyName' type='string' minOccurs='0'/>
- *             </sequence>
- *             <attribute name='Recipient' type='string' use='optional'/>
- *         </extension>
- *     </complexContent>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedKey extends EncryptedType {
-
-    /**
-     * Returns a hint as to which recipient this encrypted key value is intended for.
-     *
-     * @return the recipient of the {@code EncryptedKey}.
-     */
-    String getRecipient();
-
-    /**
-     * Sets the recipient for this {@code EncryptedKey}.
-     *
-     * @param recipient the recipient for this {@code EncryptedKey}.
-     */
-    void setRecipient(String recipient);
-
-    /**
-     * Returns pointers to data and keys encrypted using this key. The reference
-     * list may contain multiple references to {@code EncryptedKey} and
-     * {@code EncryptedData} elements. This is done using
-     * {@code KeyReference} and {@code DataReference} elements
-     * respectively.
-     *
-     * @return an {@code Iterator} over all the {@code ReferenceList}s
-     *   contained in this {@code EncryptedKey}.
-     */
-    ReferenceList getReferenceList();
-
-    /**
-     * Sets the {@code ReferenceList} to the {@code EncryptedKey}.
-     *
-     * @param list a list of pointers to data elements encrypted using this key.
-     */
-    void setReferenceList(ReferenceList list);
-
-    /**
-     * Returns a user readable name with the key value. This may then be used to
-     * reference the key using the {@code ds:KeyName} element within
-     * {@code ds:KeyInfo}. The same {@code CarriedKeyName} label,
-     * unlike an ID type, may occur multiple times within a single document. The
-     * value of the key is to be the same in all {@code EncryptedKey}
-     * elements identified with the same {@code CarriedKeyName} label
-     * within a single XML document.
-     * <br>
-     * <b>Note</b> that because whitespace is significant in the value of
-     * the {@code ds:KeyName} element, whitespace is also significant in
-     * the value of the {@code CarriedKeyName} element.
-     *
-     * @return over all the carried names contained in
-     *   this {@code EncryptedKey}.
-     */
-    String getCarriedName();
-
-    /**
-     * Sets the carried name.
-     *
-     * @param name the carried name.
-     */
-    void setCarriedName(String name);
-}
-
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedType.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedType.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedType.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
-
-/**
- * EncryptedType is the abstract type from which {@code EncryptedData} and
- * {@code EncryptedKey} are derived. While these two latter element types
- * are very similar with respect to their content models, a syntactical
- * distinction is useful to processing.
- * <p>
- * Its schema definition is as follows:
- * <pre>{@code
- * <complexType name='EncryptedType' abstract='true'>
- *     <sequence>
- *         <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
- *             minOccurs='0'/>
- *         <element ref='ds:KeyInfo' minOccurs='0'/>
- *         <element ref='xenc:CipherData'/>
- *         <element ref='xenc:EncryptionProperties' minOccurs='0'/>
- *     </sequence>
- *     <attribute name='Id' type='ID' use='optional'/>
- *     <attribute name='Type' type='anyURI' use='optional'/>
- *     <attribute name='MimeType' type='string' use='optional'/>
- *     <attribute name='Encoding' type='anyURI' use='optional'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedType {
-
-    /**
-     * Returns a {@code String} providing for the standard method of
-     * assigning an id to the element within the document context.
-     *
-     * @return the id for the {@code EncryptedType}.
-     */
-    String getId();
-
-    /**
-     * Sets the id.
-     *
-     * @param id
-     */
-    void setId(String id);
-
-    /**
-     * Returns an {@code URI} identifying type information about the
-     * plaintext form of the encrypted content. While optional, this
-     * specification takes advantage of it for mandatory processing described in
-     * Processing Rules: Decryption (section 4.2). If the
-     * {@code EncryptedData} element contains data of Type 'element' or
-     * element 'content', and replaces that data in an XML document context, it
-     * is strongly recommended the Type attribute be provided. Without this
-     * information, the decryptor will be unable to automatically restore the
-     * XML document to its original cleartext form.
-     *
-     * @return the identifier for the type of information in plaintext form of
-     *   encrypted content.
-     */
-    String getType();
-
-    /**
-     * Sets the type.
-     *
-     * @param type an {@code URI} identifying type information about the
-     *   plaintext form of the encrypted content.
-     */
-    void setType(String type);
-
-    /**
-     * Returns a {@code String} which describes the media type of the data
-     * which has been encrypted. The value of this attribute has values defined
-     * by [MIME]. For example, if the data that is encrypted is a base64 encoded
-     * PNG, the transfer Encoding may be specified as
-     * 'http://www.w3.org/2000/09/xmldsig#base64' and the MimeType as
-     * 'image/png'.
-     * <br>
-     * This attribute is purely advisory; no validation of the MimeType
-     * information is required and it does not indicate the encryption
-     * application must do any additional processing. Note, this information may
-     * not be necessary if it is already bound to the identifier in the Type
-     * attribute. For example, the Element and Content types defined in this
-     * specification are always UTF-8 encoded text.
-     *
-     * @return the media type of the data which was encrypted.
-     */
-    String getMimeType();
-
-    /**
-     * Sets the mime type.
-     *
-     * @param type a {@code String} which describes the media type of the
-     *   data which has been encrypted.
-     */
-    void setMimeType(String type);
-
-    /**
-     * Return an {@code URI} representing the encoding of the
-     * {@code EncryptedType}.
-     *
-     * @return the encoding of this {@code EncryptedType}.
-     */
-    String getEncoding();
-
-    /**
-     * Sets the {@code URI} representing the encoding of the
-     * {@code EncryptedType}.
-     *
-     * @param encoding
-     */
-    void setEncoding(String encoding);
-
-    /**
-     * Returns an {@code EncryptionMethod} that describes the encryption
-     * algorithm applied to the cipher data. If the element is absent, the
-     * encryption algorithm must be known by the recipient or the decryption
-     * will fail.
-     *
-     * @return the method used to encrypt the cipher data.
-     */
-    EncryptionMethod getEncryptionMethod();
-
-    /**
-     * Sets the {@code EncryptionMethod} used to encrypt the cipher data.
-     *
-     * @param method the {@code EncryptionMethod}.
-     */
-    void setEncryptionMethod(EncryptionMethod method);
-
-    /**
-     * Returns the {@code ds:KeyInfo}, that carries information about the
-     * key used to encrypt the data. Subsequent sections of this specification
-     * define new elements that may appear as children of
-     * {@code ds:KeyInfo}.
-     *
-     * @return information about the key that encrypted the cipher data.
-     */
-    KeyInfo getKeyInfo();
-
-    /**
-     * Sets the encryption key information.
-     *
-     * @param info the {@code ds:KeyInfo}, that carries information about
-     *   the key used to encrypt the data.
-     */
-    void setKeyInfo(KeyInfo info);
-
-    /**
-     * Returns the {@code CipherReference} that contains the
-     * {@code CipherValue} or {@code CipherReference} with the
-     * encrypted data.
-     *
-     * @return the cipher data for the encrypted type.
-     */
-    CipherData getCipherData();
-
-    /**
-     * Returns additional information concerning the generation of the
-     * {@code EncryptedType}.
-     *
-     * @return information relating to the generation of the
-     *   {@code EncryptedType}.
-     */
-    EncryptionProperties getEncryptionProperties();
-
-    /**
-     * Sets the {@code EncryptionProperties} that supplies additional
-     * information about the generation of the {@code EncryptedType}.
-     *
-     * @param properties
-     */
-    void setEncryptionProperties(EncryptionProperties properties);
-}
-
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-import org.w3c.dom.Element;
-
-/**
- * {@code EncryptionMethod} describes the encryption algorithm applied to
- * the cipher data. If the element is absent, the encryption algorithm must be
- * known by the recipient or the decryption will fail.
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <complexType name='EncryptionMethodType' mixed='true'>
- *     <sequence>
- *         <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
- *         <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
- *         <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- *     </sequence>
- *     <attribute name='Algorithm' type='anyURI' use='required'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionMethod {
-    /**
-     * Returns the algorithm applied to the cipher data.
-     *
-     * @return the encryption algorithm.
-     */
-    String getAlgorithm();
-
-    /**
-     * Returns the key size of the key of the algorithm applied to the cipher
-     * data.
-     *
-     * @return the key size.
-     */
-    int getKeySize();
-
-    /**
-     * Sets the size of the key of the algorithm applied to the cipher data.
-     *
-     * @param size the key size.
-     */
-    void setKeySize(int size);
-
-    /**
-     * Returns the OAEP parameters of the algorithm applied applied to the
-     * cipher data.
-     *
-     * @return the OAEP parameters.
-     */
-    byte[] getOAEPparams();
-
-    /**
-     * Sets the OAEP parameters.
-     *
-     * @param parameters the OAEP parameters.
-     */
-    void setOAEPparams(byte[] parameters);
-
-    /**
-     * Set the Digest Algorithm to use
-     * @param digestAlgorithm the Digest Algorithm to use
-     */
-    void setDigestAlgorithm(String digestAlgorithm);
-
-    /**
-     * Get the Digest Algorithm to use
-     * @return the Digest Algorithm to use
-     */
-    String getDigestAlgorithm();
-
-    /**
-     * Set the MGF Algorithm to use
-     * @param mgfAlgorithm the MGF Algorithm to use
-     */
-    void setMGFAlgorithm(String mgfAlgorithm);
-
-    /**
-     * Get the MGF Algorithm to use
-     * @return the MGF Algorithm to use
-     */
-    String getMGFAlgorithm();
-
-    /**
-     * Returns an iterator over all the additional elements contained in the
-     * {@code EncryptionMethod}.
-     *
-     * @return an {@code Iterator} over all the additional information
-     *   about the {@code EncryptionMethod}.
-     */
-    Iterator<Element> getEncryptionMethodInformation();
-
-    /**
-     * Adds encryption method information.
-     *
-     * @param information additional encryption method information.
-     */
-    void addEncryptionMethodInformation(Element information);
-
-    /**
-     * Removes encryption method information.
-     *
-     * @param information the information to remove from the
-     *   {@code EncryptionMethod}.
-     */
-    void removeEncryptionMethodInformation(Element information);
-}
-
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperties.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperties.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperties.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-
-/**
- * {@code EncryptionProperties} can hold additional information concerning
- * the generation of the {@code EncryptedData} or
- * {@code EncryptedKey}. This information is wraped int an
- * {@code EncryptionProperty} element. Examples of additional information
- * is e.g., a date/time stamp or the serial number of cryptographic hardware
- * used during encryption).
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
- * <complexType name='EncryptionPropertiesType'>
- *     <sequence>
- *         <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
- *     </sequence>
- *     <attribute name='Id' type='ID' use='optional'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionProperties {
-
-    /**
-     * Returns the {@code EncryptionProperties}' id.
-     *
-     * @return the id.
-     */
-    String getId();
-
-    /**
-     * Sets the id.
-     *
-     * @param id the id.
-     */
-    void setId(String id);
-
-    /**
-     * Returns an {@code Iterator} over all the
-     * {@code EncryptionPropterty} elements contained in this
-     * {@code EncryptionProperties}.
-     *
-     * @return an {@code Iterator} over all the encryption properties.
-     */
-    Iterator<EncryptionProperty> getEncryptionProperties();
-
-    /**
-     * Adds an {@code EncryptionProperty}.
-     *
-     * @param property
-     */
-    void addEncryptionProperty(EncryptionProperty property);
-
-    /**
-     * Removes the specified {@code EncryptionProperty}.
-     *
-     * @param property
-     */
-    void removeEncryptionProperty(EncryptionProperty property);
-}
-
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperty.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperty.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperty.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-import org.w3c.dom.Element;
-
-/**
- * Additional information items concerning the generation of the
- * {@code EncryptedData} or {@code EncryptedKey} can be placed in an
- * {@code EncryptionProperty} element (e.g., date/time stamp or the serial
- * number of cryptographic hardware used during encryption). The Target
- * attribute identifies the {@code EncryptedType} structure being
- * described. anyAttribute permits the inclusion of attributes from the XML
- * namespace to be included (i.e., {@code xml:space},
- * {@code xml:lang}, and {@code xml:base}).
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
- * <complexType name='EncryptionPropertyType' mixed='true'>
- *     <choice maxOccurs='unbounded'>
- *         <any namespace='##other' processContents='lax'/>
- *     </choice>
- *     <attribute name='Target' type='anyURI' use='optional'/>
- *     <attribute name='Id' type='ID' use='optional'/>
- *     <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionProperty {
-
-    /**
-     * Returns the {@code EncryptedType} being described.
-     *
-     * @return the {@code EncryptedType} being described by this
-     *   {@code EncryptionProperty}.
-     */
-    String getTarget();
-
-    /**
-     * Sets the target.
-     *
-     * @param target
-     */
-    void setTarget(String target);
-
-    /**
-     * Returns the id of the {@CODE EncryptionProperty}.
-     *
-     * @return the id.
-     */
-    String getId();
-
-    /**
-     * Sets the id.
-     *
-     * @param id
-     */
-    void setId(String id);
-
-    /**
-     * Returns the attribute's value in the {@code xml} namespace.
-     *
-     * @param attribute
-     * @return the attribute's value.
-     */
-    String getAttribute(String attribute);
-
-    /**
-     * Set the attribute value.
-     *
-     * @param attribute the attribute's name.
-     * @param value the attribute's value.
-     */
-    void setAttribute(String attribute, String value);
-
-    /**
-     * Returns the properties of the {@CODE EncryptionProperty}.
-     *
-     * @return an {@code Iterator} over all the additional encryption
-     *   information contained in this class.
-     */
-    Iterator<Element> getEncryptionInformation();
-
-    /**
-     * Adds encryption information.
-     *
-     * @param information the additional encryption information.
-     */
-    void addEncryptionInformation(Element information);
-
-    /**
-     * Removes encryption information.
-     *
-     * @param information the information to remove.
-     */
-    void removeEncryptionInformation(Element information);
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Reference.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Reference.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Reference.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-import org.w3c.dom.Element;
-
-/**
- * A wrapper for a pointer from a key value of an {@code EncryptedKey} to
- * items encrypted by that key value ({@code EncryptedData} or
- * {@code EncryptedKey} elements).
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <complexType name='ReferenceType'>
- *     <sequence>
- *         <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- *     </sequence>
- *     <attribute name='URI' type='anyURI' use='required'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- * @see ReferenceList
- */
-public interface Reference {
-    /**
-     * Returns the {@code Element} tag name for this {@code Reference}.
-     *
-     * @return the tag name of this {@code Reference}.
-     */
-    String getType();
-
-    /**
-     * Returns a {@code URI} that points to an {@code Element} that
-     * were encrypted using the key defined in the enclosing
-     * {@code EncryptedKey} element.
-     *
-     * @return an Uniform Resource Identifier that qualifies an
-     *   {@code EncryptedType}.
-     */
-    String getURI();
-
-    /**
-     * Sets a {@code URI} that points to an {@code Element} that
-     * were encrypted using the key defined in the enclosing
-     * {@code EncryptedKey} element.
-     *
-     * @param uri the Uniform Resource Identifier that qualifies an
-     *   {@code EncryptedType}.
-     */
-    void setURI(String uri);
-
-    /**
-     * Returns an {@code Iterator} over all the child elements contained in
-     * this {@code Reference} that will aid the recipient in retrieving the
-     * {@code EncryptedKey} and/or {@code EncryptedData} elements.
-     * These could include information such as XPath transforms, decompression
-     * transforms, or information on how to retrieve the elements from a
-     * document storage facility.
-     *
-     * @return child elements.
-     */
-    Iterator<Element> getElementRetrievalInformation();
-
-    /**
-     * Adds retrieval information.
-     *
-     * @param info
-     */
-    void addElementRetrievalInformation(Element info);
-
-    /**
-     * Removes the specified retrieval information.
-     *
-     * @param info
-     */
-    void removeElementRetrievalInformation(Element info);
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/ReferenceList.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/ReferenceList.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/ReferenceList.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-
-/**
- * {@code ReferenceList} is an element that contains pointers from a key
- * value of an {@code EncryptedKey} to items encrypted by that key value
- * ({@code EncryptedData} or {@code EncryptedKey} elements).
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <element name='ReferenceList'>
- *     <complexType>
- *         <choice minOccurs='1' maxOccurs='unbounded'>
- *             <element name='DataReference' type='xenc:ReferenceType'/>
- *             <element name='KeyReference' type='xenc:ReferenceType'/>
- *         </choice>
- *     </complexType>
- * </element>
- * }</pre>
- *
- * @author Axl Mattheus
- * @see Reference
- */
-public interface ReferenceList {
-
-    /** DATA TAG */
-    int DATA_REFERENCE = 0x00000001;
-
-    /** KEY TAG */
-    int KEY_REFERENCE  = 0x00000002;
-
-    /**
-     * Adds a reference to this reference list.
-     *
-     * @param reference the reference to add.
-     * @throws IllegalAccessException if the {@code Reference} is not an
-     *   instance of {@code DataReference} or {@code KeyReference}.
-     */
-    void add(Reference reference);
-
-    /**
-     * Removes a reference from the {@code ReferenceList}.
-     *
-     * @param reference the reference to remove.
-     */
-    void remove(Reference reference);
-
-    /**
-     * Returns the size of the {@code ReferenceList}.
-     *
-     * @return the size of the {@code ReferenceList}.
-     */
-    int size();
-
-    /**
-     * Indicates if the {@code ReferenceList} is empty.
-     *
-     * @return {@code <b>true</b>} if the {@code ReferenceList} is
-     *     empty, else {@code <b>false</b>}.
-     */
-    boolean isEmpty();
-
-    /**
-     * Returns an {@code Iterator} over all the {@code Reference}s
-     * contained in this {@code ReferenceList}.
-     *
-     * @return Iterator.
-     */
-    Iterator<Reference> getReferences();
-
-    /**
-     * {@code DataReference} factory method. Returns a
-     * {@code DataReference}.
-     * @param uri
-     * @return a {@code DataReference}.
-     */
-    Reference newDataReference(String uri);
-
-    /**
-     * {@code KeyReference} factory method. Returns a
-     * {@code KeyReference}.
-     * @param uri
-     * @return a {@code KeyReference}.
-     */
-    Reference newKeyReference(String uri);
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Serializer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Serializer.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Serializer.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- */
-public interface Serializer {
-
-    /**
-     * Set the Canonicalizer object to use.
-     */
-    void setCanonicalizer(Canonicalizer canon);
-
-    /**
-     * Returns a <code>byte[]</code> representation of the specified
-     * <code>Element</code>.
-     *
-     * @param element the <code>Element</code> to serialize.
-     * @return the <code>byte[]</code> representation of the serilaized
-     *   <code>Element</code>.
-     * @throws Exception
-     */
-    byte[] serializeToByteArray(Element element) throws Exception;
-
-    /**
-     * Returns a <code>byte[]</code> representation of the specified
-     * <code>NodeList</code>.
-     *
-     * @param content the <code>NodeList</code> to serialize.
-     * @return the <code>byte[]</code> representation of the serialized
-     *   <code>NodeList</code>.
-     * @throws Exception
-     */
-    byte[] serializeToByteArray(NodeList content) throws Exception;
-
-    /**
-     * Use the Canonicalizer to serialize the node
-     * @param node
-     * @return the (byte[]) canonicalization of the node
-     * @throws Exception
-     */
-    byte[] canonSerializeToByteArray(Node node) throws Exception;
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException;
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Transforms.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Transforms.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/Transforms.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * A container for {@code ds:Transform}s.
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <complexType name='TransformsType'>
- *     <sequence>
- *         <element ref='ds:Transform' maxOccurs='unbounded'/>
- *     </sequence>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- * @see com.sun.org.apache.xml.internal.security.encryption.CipherReference
- */
-public interface Transforms {
-    /**
-     * Temporary method to turn the XMLEncryption Transforms class
-     * into a DS class.  The main logic is currently implemented in the
-     * DS class, so we need to get to get the base class.
-     * <p>
-     * <b>Note</b> This will be removed in future versions
-     */
-    com.sun.org.apache.xml.internal.security.transforms.Transforms getDSTransforms();
-
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java
+++ /dev/null
@@ -1,3539 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
-import java.security.spec.MGF1ParameterSpec;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.OAEPParameterSpec;
-import javax.crypto.spec.PSource;
-
-import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
-import com.sun.org.apache.xml.internal.security.algorithms.MessageDigestAlgorithm;
-import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
-import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
-import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
-import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException;
-import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi;
-import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.EncryptedKeyResolver;
-import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-import com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException;
-import com.sun.org.apache.xml.internal.security.transforms.TransformationException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
-import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * <code>XMLCipher</code> encrypts and decrypts the contents of
- * <code>Document</code>s, <code>Element</code>s and <code>Element</code>
- * contents. It was designed to resemble <code>javax.crypto.Cipher</code> in
- * order to facilitate understanding of its functioning.
- *
- * @author Axl Mattheus (Sun Microsystems)
- * @author Christian Geuer-Pollmann
- */
-public class XMLCipher {
-
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLCipher.class.getName());
-
-    /** Triple DES EDE (192 bit key) in CBC mode */
-    public static final String TRIPLEDES =
-        EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
-
-    /** AES 128 Cipher */
-    public static final String AES_128 =
-        EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
-
-    /** AES 256 Cipher */
-    public static final String AES_256 =
-        EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-
-    /** AES 192 Cipher */
-    public static final String AES_192 =
-        EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
-
-    /** AES 128 GCM Cipher */
-    public static final String AES_128_GCM =
-        EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM;
-
-    /** AES 192 GCM Cipher */
-    public static final String AES_192_GCM =
-        EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM;
-
-    /** AES 256 GCM Cipher */
-    public static final String AES_256_GCM =
-        EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
-
-    /** RSA 1.5 Cipher */
-    public static final String RSA_v1dot5 =
-        EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
-
-    /** RSA OAEP Cipher */
-    public static final String RSA_OAEP =
-        EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-
-    /** RSA OAEP Cipher */
-    public static final String RSA_OAEP_11 =
-        EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP_11;
-
-    /** DIFFIE_HELLMAN Cipher */
-    public static final String DIFFIE_HELLMAN =
-        EncryptionConstants.ALGO_ID_KEYAGREEMENT_DH;
-
-    /** Triple DES EDE (192 bit key) in CBC mode KEYWRAP*/
-    public static final String TRIPLEDES_KeyWrap =
-        EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES;
-
-    /** AES 128 Cipher KeyWrap */
-    public static final String AES_128_KeyWrap =
-        EncryptionConstants.ALGO_ID_KEYWRAP_AES128;
-
-    /** AES 256 Cipher KeyWrap */
-    public static final String AES_256_KeyWrap =
-        EncryptionConstants.ALGO_ID_KEYWRAP_AES256;
-
-    /** AES 192 Cipher KeyWrap */
-    public static final String AES_192_KeyWrap =
-        EncryptionConstants.ALGO_ID_KEYWRAP_AES192;
-
-    /** SHA1 Cipher */
-    public static final String SHA1 =
-        Constants.ALGO_ID_DIGEST_SHA1;
-
-    /** SHA256 Cipher */
-    public static final String SHA256 =
-        MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256;
-
-    /** SHA512 Cipher */
-    public static final String SHA512 =
-        MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512;
-
-    /** RIPEMD Cipher */
-    public static final String RIPEMD_160 =
-        MessageDigestAlgorithm.ALGO_ID_DIGEST_RIPEMD160;
-
-    /** XML Signature NS */
-    public static final String XML_DSIG =
-        Constants.SignatureSpecNS;
-
-    /** N14C_XML */
-    public static final String N14C_XML =
-        Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
-
-    /** N14C_XML with comments*/
-    public static final String N14C_XML_WITH_COMMENTS =
-        Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
-
-    /** N14C_XML exclusive */
-    public static final String EXCL_XML_N14C =
-        Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
-
-    /** N14C_XML exclusive with comments*/
-    public static final String EXCL_XML_N14C_WITH_COMMENTS =
-        Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
-
-    /** N14C_PHYSICAL preserve the physical representation*/
-    public static final String PHYSICAL_XML_N14C =
-        Canonicalizer.ALGO_ID_C14N_PHYSICAL;
-
-    /** Base64 encoding */
-    public static final String BASE64_ENCODING =
-        com.sun.org.apache.xml.internal.security.transforms.Transforms.TRANSFORM_BASE64_DECODE;
-
-    /** ENCRYPT Mode */
-    public static final int ENCRYPT_MODE = Cipher.ENCRYPT_MODE;
-
-    /** DECRYPT Mode */
-    public static final int DECRYPT_MODE = Cipher.DECRYPT_MODE;
-
-    /** UNWRAP Mode */
-    public static final int UNWRAP_MODE  = Cipher.UNWRAP_MODE;
-
-    /** WRAP Mode */
-    public static final int WRAP_MODE    = Cipher.WRAP_MODE;
-
-    private static final String ENC_ALGORITHMS = TRIPLEDES + "\n" +
-    AES_128 + "\n" + AES_256 + "\n" + AES_192 + "\n" + RSA_v1dot5 + "\n" +
-    RSA_OAEP + "\n" + RSA_OAEP_11 + "\n" + TRIPLEDES_KeyWrap + "\n" +
-    AES_128_KeyWrap + "\n" + AES_256_KeyWrap + "\n" + AES_192_KeyWrap + "\n" +
-    AES_128_GCM + "\n" + AES_192_GCM + "\n" + AES_256_GCM + "\n";
-
-    /** Cipher created during initialisation that is used for encryption */
-    private Cipher contextCipher;
-
-    /** Mode that the XMLCipher object is operating in */
-    private int cipherMode = Integer.MIN_VALUE;
-
-    /** URI of algorithm that is being used for cryptographic operation */
-    private String algorithm = null;
-
-    /** Cryptographic provider requested by caller */
-    private String requestedJCEProvider = null;
-
-    /** Holds c14n to serialize, if initialized then _always_ use this c14n to serialize */
-    private Canonicalizer canon;
-
-    /** Used for creation of DOM nodes in WRAP and ENCRYPT modes */
-    private Document contextDocument;
-
-    /** Instance of factory used to create XML Encryption objects */
-    private Factory factory;
-
-    /** Serializer class for going to/from UTF-8 */
-    private Serializer serializer;
-
-    /** Local copy of user's key */
-    private Key key;
-
-    /** Local copy of the kek (used to decrypt EncryptedKeys during a
-     *  DECRYPT_MODE operation */
-    private Key kek;
-
-    // The EncryptedKey being built (part of a WRAP operation) or read
-    // (part of an UNWRAP operation)
-    private EncryptedKey ek;
-
-    // The EncryptedData being built (part of a WRAP operation) or read
-    // (part of an UNWRAP operation)
-    private EncryptedData ed;
-
-    private SecureRandom random;
-
-    private boolean secureValidation;
-
-    private String digestAlg;
-
-    /** List of internal KeyResolvers for DECRYPT and UNWRAP modes. */
-    private List<KeyResolverSpi> internalKeyResolvers;
-
-    /**
-     * Set the Serializer algorithm to use
-     */
-    public void setSerializer(Serializer serializer) {
-        this.serializer = serializer;
-        serializer.setCanonicalizer(this.canon);
-    }
-
-    /**
-     * Get the Serializer algorithm to use
-     */
-    public Serializer getSerializer() {
-        return serializer;
-    }
-
-    /**
-     * Creates a new <code>XMLCipher</code>.
-     *
-     * @param transformation    the name of the transformation, e.g.,
-     *                          <code>XMLCipher.TRIPLEDES</code>. If null the XMLCipher can only
-     *                          be used for decrypt or unwrap operations where the encryption method
-     *                          is defined in the <code>EncryptionMethod</code> element.
-     * @param provider          the JCE provider that supplies the transformation,
-     *                          if null use the default provider.
-     * @param canon             the name of the c14n algorithm, if
-     *                          <code>null</code> use standard serializer
-     * @param digestMethod      An optional digestMethod to use.
-     */
-    private XMLCipher(
-        String transformation,
-        String provider,
-        String canonAlg,
-        String digestMethod
-    ) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Constructing XMLCipher...");
-        }
-
-        factory = new Factory();
-
-        algorithm = transformation;
-        requestedJCEProvider = provider;
-        digestAlg = digestMethod;
-
-        // Create a canonicalizer - used when serializing DOM to octets
-        // prior to encryption (and for the reverse)
-
-        try {
-            if (canonAlg == null) {
-                // The default is to preserve the physical representation.
-                this.canon = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_PHYSICAL);
-            } else {
-                this.canon = Canonicalizer.getInstance(canonAlg);
-            }
-        } catch (InvalidCanonicalizerException ice) {
-            throw new XMLEncryptionException("empty", ice);
-        }
-
-        if (serializer == null) {
-            serializer = new DocumentSerializer();
-        }
-        serializer.setCanonicalizer(this.canon);
-
-        if (transformation != null) {
-            contextCipher = constructCipher(transformation, digestMethod);
-        }
-    }
-
-    /**
-     * Checks to ensure that the supplied algorithm is valid.
-     *
-     * @param algorithm the algorithm to check.
-     * @return true if the algorithm is valid, otherwise false.
-     * @since 1.0.
-     */
-    private static boolean isValidEncryptionAlgorithm(String algorithm) {
-        return (
-            algorithm.equals(TRIPLEDES) ||
-            algorithm.equals(AES_128) ||
-            algorithm.equals(AES_256) ||
-            algorithm.equals(AES_192) ||
-            algorithm.equals(AES_128_GCM) ||
-            algorithm.equals(AES_192_GCM) ||
-            algorithm.equals(AES_256_GCM) ||
-            algorithm.equals(RSA_v1dot5) ||
-            algorithm.equals(RSA_OAEP) ||
-            algorithm.equals(RSA_OAEP_11) ||
-            algorithm.equals(TRIPLEDES_KeyWrap) ||
-            algorithm.equals(AES_128_KeyWrap) ||
-            algorithm.equals(AES_256_KeyWrap) ||
-            algorithm.equals(AES_192_KeyWrap)
-        );
-    }
-
-    /**
-     * Validate the transformation argument of getInstance or getProviderInstance
-     *
-     * @param transformation the name of the transformation, e.g.,
-     *   <code>XMLCipher.TRIPLEDES</code> which is shorthand for
-     *   &quot;http://www.w3.org/2001/04/xmlenc#tripledes-cbc&quot;
-     */
-    private static void validateTransformation(String transformation) {
-        if (null == transformation) {
-            throw new NullPointerException("Transformation unexpectedly null...");
-        }
-        if (!isValidEncryptionAlgorithm(transformation)) {
-            log.log(java.util.logging.Level.WARNING, "Algorithm non-standard, expected one of " + ENC_ALGORITHMS);
-        }
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements the specified
-     * transformation and operates on the specified context document.
-     * <p>
-     * If the default provider package supplies an implementation of the
-     * requested transformation, an instance of Cipher containing that
-     * implementation is returned. If the transformation is not available in
-     * the default provider package, other provider packages are searched.
-     * <p>
-     * <b>NOTE<sub>1</sub>:</b> The transformation name does not follow the same
-     * pattern as that outlined in the Java Cryptography Extension Reference
-     * Guide but rather that specified by the XML Encryption Syntax and
-     * Processing document. The rational behind this is to make it easier for a
-     * novice at writing Java Encryption software to use the library.
-     * <p>
-     * <b>NOTE<sub>2</sub>:</b> <code>getInstance()</code> does not follow the
-     * same pattern regarding exceptional conditions as that used in
-     * <code>javax.crypto.Cipher</code>. Instead, it only throws an
-     * <code>XMLEncryptionException</code> which wraps an underlying exception.
-     * The stack trace from the exception should be self explanatory.
-     *
-     * @param transformation the name of the transformation, e.g.,
-     *   <code>XMLCipher.TRIPLEDES</code> which is shorthand for
-     *   &quot;http://www.w3.org/2001/04/xmlenc#tripledes-cbc&quot;
-     * @throws XMLEncryptionException
-     * @return the XMLCipher
-     * @see javax.crypto.Cipher#getInstance(java.lang.String)
-     */
-    public static XMLCipher getInstance(String transformation) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with transformation");
-        }
-        validateTransformation(transformation);
-        return new XMLCipher(transformation, null, null, null);
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements the specified
-     * transformation, operates on the specified context document and serializes
-     * the document with the specified canonicalization algorithm before it
-     * encrypts the document.
-     * <p>
-     *
-     * @param transformation    the name of the transformation
-     * @param canon             the name of the c14n algorithm, if <code>null</code> use
-     *                          standard serializer
-     * @return the XMLCipher
-     * @throws XMLEncryptionException
-     */
-    public static XMLCipher getInstance(String transformation, String canon)
-        throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with transformation and c14n algorithm");
-        }
-        validateTransformation(transformation);
-        return new XMLCipher(transformation, null, canon, null);
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements the specified
-     * transformation, operates on the specified context document and serializes
-     * the document with the specified canonicalization algorithm before it
-     * encrypts the document.
-     * <p>
-     *
-     * @param transformation    the name of the transformation
-     * @param canon             the name of the c14n algorithm, if <code>null</code> use
-     *                          standard serializer
-     * @param digestMethod      An optional digestMethod to use
-     * @return the XMLCipher
-     * @throws XMLEncryptionException
-     */
-    public static XMLCipher getInstance(String transformation, String canon, String digestMethod)
-        throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with transformation and c14n algorithm");
-        }
-        validateTransformation(transformation);
-        return new XMLCipher(transformation, null, canon, digestMethod);
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements the specified
-     * transformation and operates on the specified context document.
-     *
-     * @param transformation    the name of the transformation
-     * @param provider          the JCE provider that supplies the transformation
-     * @return the XMLCipher
-     * @throws XMLEncryptionException
-     */
-    public static XMLCipher getProviderInstance(String transformation, String provider)
-        throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with transformation and provider");
-        }
-        if (null == provider) {
-            throw new NullPointerException("Provider unexpectedly null..");
-        }
-        validateTransformation(transformation);
-        return new XMLCipher(transformation, provider, null, null);
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements the specified
-     * transformation, operates on the specified context document and serializes
-     * the document with the specified canonicalization algorithm before it
-     * encrypts the document.
-     * <p>
-     *
-     * @param transformation    the name of the transformation
-     * @param provider          the JCE provider that supplies the transformation
-     * @param canon             the name of the c14n algorithm, if <code>null</code> use standard
-     *                          serializer
-     * @return the XMLCipher
-     * @throws XMLEncryptionException
-     */
-    public static XMLCipher getProviderInstance(
-        String transformation, String provider, String canon
-    ) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with transformation, provider and c14n algorithm");
-        }
-        if (null == provider) {
-            throw new NullPointerException("Provider unexpectedly null..");
-        }
-        validateTransformation(transformation);
-        return new XMLCipher(transformation, provider, canon, null);
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements the specified
-     * transformation, operates on the specified context document and serializes
-     * the document with the specified canonicalization algorithm before it
-     * encrypts the document.
-     * <p>
-     *
-     * @param transformation    the name of the transformation
-     * @param provider          the JCE provider that supplies the transformation
-     * @param canon             the name of the c14n algorithm, if <code>null</code> use standard
-     *                          serializer
-     * @param digestMethod      An optional digestMethod to use
-     * @return the XMLCipher
-     * @throws XMLEncryptionException
-     */
-    public static XMLCipher getProviderInstance(
-        String transformation, String provider, String canon, String digestMethod
-    ) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with transformation, provider and c14n algorithm");
-        }
-        if (null == provider) {
-            throw new NullPointerException("Provider unexpectedly null..");
-        }
-        validateTransformation(transformation);
-        return new XMLCipher(transformation, provider, canon, digestMethod);
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements no specific
-     * transformation, and can therefore only be used for decrypt or
-     * unwrap operations where the encryption method is defined in the
-     * <code>EncryptionMethod</code> element.
-     *
-     * @return The XMLCipher
-     * @throws XMLEncryptionException
-     */
-    public static XMLCipher getInstance() throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with no arguments");
-        }
-        return new XMLCipher(null, null, null, null);
-    }
-
-    /**
-     * Returns an <code>XMLCipher</code> that implements no specific
-     * transformation, and can therefore only be used for decrypt or
-     * unwrap operations where the encryption method is defined in the
-     * <code>EncryptionMethod</code> element.
-     *
-     * Allows the caller to specify a provider that will be used for
-     * cryptographic operations.
-     *
-     * @param provider          the JCE provider that supplies the transformation
-     * @return the XMLCipher
-     * @throws XMLEncryptionException
-     */
-    public static XMLCipher getProviderInstance(String provider) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Getting XMLCipher with provider");
-        }
-        return new XMLCipher(null, provider, null, null);
-    }
-
-    /**
-     * Initializes this cipher with a key.
-     * <p>
-     * The cipher is initialized for one of the following four operations:
-     * encryption, decryption, key wrapping or key unwrapping, depending on the
-     * value of opmode.
-     *
-     * For WRAP and ENCRYPT modes, this also initialises the internal
-     * EncryptedKey or EncryptedData (with a CipherValue)
-     * structure that will be used during the ensuing operations.  This
-     * can be obtained (in order to modify KeyInfo elements etc. prior to
-     * finalising the encryption) by calling
-     * {@link #getEncryptedData} or {@link #getEncryptedKey}.
-     *
-     * @param opmode the operation mode of this cipher (this is one of the
-     *   following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
-     * @param key
-     * @see javax.crypto.Cipher#init(int, java.security.Key)
-     * @throws XMLEncryptionException
-     */
-    public void init(int opmode, Key key) throws XMLEncryptionException {
-        // sanity checks
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Initializing XMLCipher...");
-        }
-
-        ek = null;
-        ed = null;
-
-        switch (opmode) {
-
-        case ENCRYPT_MODE :
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "opmode = ENCRYPT_MODE");
-            }
-            ed = createEncryptedData(CipherData.VALUE_TYPE, "NO VALUE YET");
-            break;
-        case DECRYPT_MODE :
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "opmode = DECRYPT_MODE");
-            }
-            break;
-        case WRAP_MODE :
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "opmode = WRAP_MODE");
-            }
-            ek = createEncryptedKey(CipherData.VALUE_TYPE, "NO VALUE YET");
-            break;
-        case UNWRAP_MODE :
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "opmode = UNWRAP_MODE");
-            }
-            break;
-        default :
-            log.log(java.util.logging.Level.SEVERE, "Mode unexpectedly invalid");
-            throw new XMLEncryptionException("Invalid mode in init");
-        }
-
-        cipherMode = opmode;
-        this.key = key;
-    }
-
-    /**
-     * Set whether secure validation is enabled or not. The default is false.
-     */
-    public void setSecureValidation(boolean secureValidation) {
-        this.secureValidation = secureValidation;
-    }
-
-    /**
-     * This method is used to add a custom {@link KeyResolverSpi} to an XMLCipher.
-     * These KeyResolvers are used in KeyInfo objects in DECRYPT and
-     * UNWRAP modes.
-     *
-     * @param keyResolver
-     */
-    public void registerInternalKeyResolver(KeyResolverSpi keyResolver) {
-        if (internalKeyResolvers == null) {
-            internalKeyResolvers = new ArrayList<KeyResolverSpi>();
-        }
-        internalKeyResolvers.add(keyResolver);
-    }
-
-    /**
-     * Get the EncryptedData being built
-     * <p>
-     * Returns the EncryptedData being built during an ENCRYPT operation.
-     * This can then be used by applications to add KeyInfo elements and
-     * set other parameters.
-     *
-     * @return The EncryptedData being built
-     */
-    public EncryptedData getEncryptedData() {
-        // Sanity checks
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Returning EncryptedData");
-        }
-        return ed;
-    }
-
-    /**
-     * Get the EncryptedData being build
-     *
-     * Returns the EncryptedData being built during an ENCRYPT operation.
-     * This can then be used by applications to add KeyInfo elements and
-     * set other parameters.
-     *
-     * @return The EncryptedData being built
-     */
-    public EncryptedKey getEncryptedKey() {
-        // Sanity checks
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Returning EncryptedKey");
-        }
-        return ek;
-    }
-
-    /**
-     * Set a Key Encryption Key.
-     * <p>
-     * The Key Encryption Key (KEK) is used for encrypting/decrypting
-     * EncryptedKey elements.  By setting this separately, the XMLCipher
-     * class can know whether a key applies to the data part or wrapped key
-     * part of an encrypted object.
-     *
-     * @param kek The key to use for de/encrypting key data
-     */
-
-    public void setKEK(Key kek) {
-        this.kek = kek;
-    }
-
-    /**
-     * Martial an EncryptedData
-     *
-     * Takes an EncryptedData object and returns a DOM Element that
-     * represents the appropriate <code>EncryptedData</code>
-     * <p>
-     * <b>Note:</b> This should only be used in cases where the context
-     * document has been passed in via a call to doFinal.
-     *
-     * @param encryptedData EncryptedData object to martial
-     * @return the DOM <code>Element</code> representing the passed in
-     * object
-     */
-    public Element martial(EncryptedData encryptedData) {
-        return factory.toElement(encryptedData);
-    }
-
-    /**
-     * Martial an EncryptedData
-     *
-     * Takes an EncryptedData object and returns a DOM Element that
-     * represents the appropriate <code>EncryptedData</code>
-     *
-     * @param context The document that will own the returned nodes
-     * @param encryptedData EncryptedData object to martial
-     * @return the DOM <code>Element</code> representing the passed in
-     * object
-     */
-    public Element martial(Document context, EncryptedData encryptedData) {
-        contextDocument = context;
-        return factory.toElement(encryptedData);
-    }
-
-    /**
-     * Martial an EncryptedKey
-     *
-     * Takes an EncryptedKey object and returns a DOM Element that
-     * represents the appropriate <code>EncryptedKey</code>
-     *
-     * <p>
-     * <b>Note:</b> This should only be used in cases where the context
-     * document has been passed in via a call to doFinal.
-     *
-     * @param encryptedKey EncryptedKey object to martial
-     * @return the DOM <code>Element</code> representing the passed in
-     * object
-     */
-    public Element martial(EncryptedKey encryptedKey) {
-        return factory.toElement(encryptedKey);
-    }
-
-    /**
-     * Martial an EncryptedKey
-     *
-     * Takes an EncryptedKey object and returns a DOM Element that
-     * represents the appropriate <code>EncryptedKey</code>
-     *
-     * @param context The document that will own the created nodes
-     * @param encryptedKey EncryptedKey object to martial
-     * @return the DOM <code>Element</code> representing the passed in
-     * object
-     */
-    public Element martial(Document context, EncryptedKey encryptedKey) {
-        contextDocument = context;
-        return factory.toElement(encryptedKey);
-    }
-
-    /**
-     * Martial a ReferenceList
-     *
-     * Takes a ReferenceList object and returns a DOM Element that
-     * represents the appropriate <code>ReferenceList</code>
-     *
-     * <p>
-     * <b>Note:</b> This should only be used in cases where the context
-     * document has been passed in via a call to doFinal.
-     *
-     * @param referenceList ReferenceList object to martial
-     * @return the DOM <code>Element</code> representing the passed in
-     * object
-     */
-    public Element martial(ReferenceList referenceList) {
-        return factory.toElement(referenceList);
-    }
-
-    /**
-     * Martial a ReferenceList
-     *
-     * Takes a ReferenceList object and returns a DOM Element that
-     * represents the appropriate <code>ReferenceList</code>
-     *
-     * @param context The document that will own the created nodes
-     * @param referenceList ReferenceList object to martial
-     * @return the DOM <code>Element</code> representing the passed in
-     * object
-     */
-    public Element martial(Document context, ReferenceList referenceList) {
-        contextDocument = context;
-        return factory.toElement(referenceList);
-    }
-
-    /**
-     * Encrypts an <code>Element</code> and replaces it with its encrypted
-     * counterpart in the context <code>Document</code>, that is, the
-     * <code>Document</code> specified when one calls
-     * {@link #getInstance(String) getInstance}.
-     *
-     * @param element the <code>Element</code> to encrypt.
-     * @return the context <code>Document</code> with the encrypted
-     *   <code>Element</code> having replaced the source <code>Element</code>.
-     *  @throws Exception
-     */
-    private Document encryptElement(Element element) throws Exception{
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Encrypting element...");
-        }
-        if (null == element) {
-            log.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
-        }
-        if (cipherMode != ENCRYPT_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
-        }
-
-        if (algorithm == null) {
-            throw new XMLEncryptionException("XMLCipher instance without transformation specified");
-        }
-        encryptData(contextDocument, element, false);
-
-        Element encryptedElement = factory.toElement(ed);
-
-        Node sourceParent = element.getParentNode();
-        sourceParent.replaceChild(encryptedElement, element);
-
-        return contextDocument;
-    }
-
-    /**
-     * Encrypts a <code>NodeList</code> (the contents of an
-     * <code>Element</code>) and replaces its parent <code>Element</code>'s
-     * content with this the resulting <code>EncryptedType</code> within the
-     * context <code>Document</code>, that is, the <code>Document</code>
-     * specified when one calls
-     * {@link #getInstance(String) getInstance}.
-     *
-     * @param element the <code>NodeList</code> to encrypt.
-     * @return the context <code>Document</code> with the encrypted
-     *   <code>NodeList</code> having replaced the content of the source
-     *   <code>Element</code>.
-     * @throws Exception
-     */
-    private Document encryptElementContent(Element element) throws /* XMLEncryption */Exception {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Encrypting element content...");
-        }
-        if (null == element) {
-            log.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
-        }
-        if (cipherMode != ENCRYPT_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
-        }
-
-        if (algorithm == null) {
-            throw new XMLEncryptionException("XMLCipher instance without transformation specified");
-        }
-        encryptData(contextDocument, element, true);
-
-        Element encryptedElement = factory.toElement(ed);
-
-        removeContent(element);
-        element.appendChild(encryptedElement);
-
-        return contextDocument;
-    }
-
-    /**
-     * Process a DOM <code>Document</code> node. The processing depends on the
-     * initialization parameters of {@link #init(int, Key) init()}.
-     *
-     * @param context the context <code>Document</code>.
-     * @param source the <code>Document</code> to be encrypted or decrypted.
-     * @return the processed <code>Document</code>.
-     * @throws Exception to indicate any exceptional conditions.
-     */
-    public Document doFinal(Document context, Document source) throws /* XMLEncryption */Exception {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Processing source document...");
-        }
-        if (null == context) {
-            log.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
-        }
-        if (null == source) {
-            log.log(java.util.logging.Level.SEVERE, "Source document unexpectedly null...");
-        }
-
-        contextDocument = context;
-
-        Document result = null;
-
-        switch (cipherMode) {
-        case DECRYPT_MODE:
-            result = decryptElement(source.getDocumentElement());
-            break;
-        case ENCRYPT_MODE:
-            result = encryptElement(source.getDocumentElement());
-            break;
-        case UNWRAP_MODE:
-        case WRAP_MODE:
-            break;
-        default:
-            throw new XMLEncryptionException("empty", new IllegalStateException());
-        }
-
-        return result;
-    }
-
-    /**
-     * Process a DOM <code>Element</code> node. The processing depends on the
-     * initialization parameters of {@link #init(int, Key) init()}.
-     *
-     * @param context the context <code>Document</code>.
-     * @param element the <code>Element</code> to be encrypted.
-     * @return the processed <code>Document</code>.
-     * @throws Exception to indicate any exceptional conditions.
-     */
-    public Document doFinal(Document context, Element element) throws /* XMLEncryption */Exception {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Processing source element...");
-        }
-        if (null == context) {
-            log.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
-        }
-        if (null == element) {
-            log.log(java.util.logging.Level.SEVERE, "Source element unexpectedly null...");
-        }
-
-        contextDocument = context;
-
-        Document result = null;
-
-        switch (cipherMode) {
-        case DECRYPT_MODE:
-            result = decryptElement(element);
-            break;
-        case ENCRYPT_MODE:
-            result = encryptElement(element);
-            break;
-        case UNWRAP_MODE:
-        case WRAP_MODE:
-            break;
-        default:
-            throw new XMLEncryptionException("empty", new IllegalStateException());
-        }
-
-        return result;
-    }
-
-    /**
-     * Process the contents of a DOM <code>Element</code> node. The processing
-     * depends on the initialization parameters of
-     * {@link #init(int, Key) init()}.
-     *
-     * @param context the context <code>Document</code>.
-     * @param element the <code>Element</code> which contents is to be
-     *   encrypted.
-     * @param content
-     * @return the processed <code>Document</code>.
-     * @throws Exception to indicate any exceptional conditions.
-     */
-    public Document doFinal(Document context, Element element, boolean content)
-        throws /* XMLEncryption*/ Exception {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Processing source element...");
-        }
-        if (null == context) {
-            log.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
-        }
-        if (null == element) {
-            log.log(java.util.logging.Level.SEVERE, "Source element unexpectedly null...");
-        }
-
-        contextDocument = context;
-
-        Document result = null;
-
-        switch (cipherMode) {
-        case DECRYPT_MODE:
-            if (content) {
-                result = decryptElementContent(element);
-            } else {
-                result = decryptElement(element);
-            }
-            break;
-        case ENCRYPT_MODE:
-            if (content) {
-                result = encryptElementContent(element);
-            } else {
-                result = encryptElement(element);
-            }
-            break;
-        case UNWRAP_MODE:
-        case WRAP_MODE:
-            break;
-        default:
-            throw new XMLEncryptionException("empty", new IllegalStateException());
-        }
-
-        return result;
-    }
-
-    /**
-     * Returns an <code>EncryptedData</code> interface. Use this operation if
-     * you want to have full control over the contents of the
-     * <code>EncryptedData</code> structure.
-     *
-     * This does not change the source document in any way.
-     *
-     * @param context the context <code>Document</code>.
-     * @param element the <code>Element</code> that will be encrypted.
-     * @return the <code>EncryptedData</code>
-     * @throws Exception
-     */
-    public EncryptedData encryptData(Document context, Element element) throws
-        /* XMLEncryption */Exception {
-        return encryptData(context, element, false);
-    }
-
-    /**
-     * Returns an <code>EncryptedData</code> interface. Use this operation if
-     * you want to have full control over the serialization of the element
-     * or element content.
-     *
-     * This does not change the source document in any way.
-     *
-     * @param context the context <code>Document</code>.
-     * @param type a URI identifying type information about the plaintext form
-     *    of the encrypted content (may be <code>null</code>)
-     * @param serializedData the serialized data
-     * @return the <code>EncryptedData</code>
-     * @throws Exception
-     */
-    public EncryptedData encryptData(
-        Document context, String type, InputStream serializedData
-    ) throws Exception {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Encrypting element...");
-        }
-        if (null == context) {
-            log.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
-        }
-        if (null == serializedData) {
-            log.log(java.util.logging.Level.SEVERE, "Serialized data unexpectedly null...");
-        }
-        if (cipherMode != ENCRYPT_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
-        }
-
-        return encryptData(context, null, type, serializedData);
-    }
-
-    /**
-     * Returns an <code>EncryptedData</code> interface. Use this operation if
-     * you want to have full control over the contents of the
-     * <code>EncryptedData</code> structure.
-     *
-     * This does not change the source document in any way.
-     *
-     * @param context the context <code>Document</code>.
-     * @param element the <code>Element</code> that will be encrypted.
-     * @param contentMode <code>true</code> to encrypt element's content only,
-     *    <code>false</code> otherwise
-     * @return the <code>EncryptedData</code>
-     * @throws Exception
-     */
-    public EncryptedData encryptData(
-        Document context, Element element, boolean contentMode
-    ) throws /* XMLEncryption */ Exception {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Encrypting element...");
-        }
-        if (null == context) {
-            log.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
-        }
-        if (null == element) {
-            log.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
-        }
-        if (cipherMode != ENCRYPT_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
-        }
-
-        if (contentMode) {
-            return encryptData(context, element, EncryptionConstants.TYPE_CONTENT, null);
-        } else {
-            return encryptData(context, element, EncryptionConstants.TYPE_ELEMENT, null);
-        }
-    }
-
-    private EncryptedData encryptData(
-        Document context, Element element, String type, InputStream serializedData
-    ) throws /* XMLEncryption */ Exception {
-        contextDocument = context;
-
-        if (algorithm == null) {
-            throw new XMLEncryptionException("XMLCipher instance without transformation specified");
-        }
-
-        byte[] serializedOctets = null;
-        if (serializedData == null) {
-            if (type.equals(EncryptionConstants.TYPE_CONTENT)) {
-                NodeList children = element.getChildNodes();
-                if (null != children) {
-                    serializedOctets = serializer.serializeToByteArray(children);
-                } else {
-                    Object exArgs[] = { "Element has no content." };
-                    throw new XMLEncryptionException("empty", exArgs);
-                }
-            } else {
-                serializedOctets = serializer.serializeToByteArray(element);
-            }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Serialized octets:\n" + new String(serializedOctets, "UTF-8"));
-            }
-        }
-
-        byte[] encryptedBytes = null;
-
-        // Now create the working cipher if none was created already
-        Cipher c;
-        if (contextCipher == null) {
-            c = constructCipher(algorithm, null);
-        } else {
-            c = contextCipher;
-        }
-        // Now perform the encryption
-
-        try {
-            // The Spec mandates a 96-bit IV for GCM algorithms
-            if (AES_128_GCM.equals(algorithm) || AES_192_GCM.equals(algorithm)
-                || AES_256_GCM.equals(algorithm)) {
-                if (random == null) {
-                    random = SecureRandom.getInstance("SHA1PRNG");
-                }
-                byte[] temp = new byte[12];
-                random.nextBytes(temp);
-                IvParameterSpec paramSpec = new IvParameterSpec(temp);
-                c.init(cipherMode, key, paramSpec);
-            } else {
-                c.init(cipherMode, key);
-            }
-        } catch (InvalidKeyException ike) {
-            throw new XMLEncryptionException("empty", ike);
-        } catch (NoSuchAlgorithmException ex) {
-            throw new XMLEncryptionException("empty", ex);
-        }
-
-        try {
-            if (serializedData != null) {
-                int numBytes;
-                byte[] buf = new byte[8192];
-                ByteArrayOutputStream baos = new ByteArrayOutputStream();
-                while ((numBytes = serializedData.read(buf)) != -1) {
-                    byte[] data = c.update(buf, 0, numBytes);
-                    baos.write(data);
-                }
-                baos.write(c.doFinal());
-                encryptedBytes = baos.toByteArray();
-            } else {
-                encryptedBytes = c.doFinal(serializedOctets);
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
-                        Integer.toString(c.getOutputSize(serializedOctets.length)));
-                }
-            }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Actual cipher.outputSize = "
-                             + Integer.toString(encryptedBytes.length));
-            }
-        } catch (IllegalStateException ise) {
-            throw new XMLEncryptionException("empty", ise);
-        } catch (IllegalBlockSizeException ibse) {
-            throw new XMLEncryptionException("empty", ibse);
-        } catch (BadPaddingException bpe) {
-            throw new XMLEncryptionException("empty", bpe);
-        } catch (UnsupportedEncodingException uee) {
-            throw new XMLEncryptionException("empty", uee);
-        }
-
-        // Now build up to a properly XML Encryption encoded octet stream
-        // IvParameterSpec iv;
-        byte[] iv = c.getIV();
-        byte[] finalEncryptedBytes = new byte[iv.length + encryptedBytes.length];
-        System.arraycopy(iv, 0, finalEncryptedBytes, 0, iv.length);
-        System.arraycopy(encryptedBytes, 0, finalEncryptedBytes, iv.length, encryptedBytes.length);
-        String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
-
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
-            log.log(java.util.logging.Level.FINE, "Encrypted octets length = " + base64EncodedEncryptedOctets.length());
-        }
-
-        try {
-            CipherData cd = ed.getCipherData();
-            CipherValue cv = cd.getCipherValue();
-            // cv.setValue(base64EncodedEncryptedOctets.getBytes());
-            cv.setValue(base64EncodedEncryptedOctets);
-
-            if (type != null) {
-                ed.setType(new URI(type).toString());
-            }
-            EncryptionMethod method =
-                factory.newEncryptionMethod(new URI(algorithm).toString());
-            method.setDigestAlgorithm(digestAlg);
-            ed.setEncryptionMethod(method);
-        } catch (URISyntaxException ex) {
-            throw new XMLEncryptionException("empty", ex);
-        }
-        return ed;
-    }
-
-    /**
-     * Returns an <code>EncryptedData</code> interface. Use this operation if
-     * you want to load an <code>EncryptedData</code> structure from a DOM
-     * structure and manipulate the contents.
-     *
-     * @param context the context <code>Document</code>.
-     * @param element the <code>Element</code> that will be loaded
-     * @throws XMLEncryptionException
-     * @return the <code>EncryptedData</code>
-     */
-    public EncryptedData loadEncryptedData(Document context, Element element)
-        throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Loading encrypted element...");
-        }
-        if (null == context) {
-            throw new NullPointerException("Context document unexpectedly null...");
-        }
-        if (null == element) {
-            throw new NullPointerException("Element unexpectedly null...");
-        }
-        if (cipherMode != DECRYPT_MODE) {
-            throw new XMLEncryptionException("XMLCipher unexpectedly not in DECRYPT_MODE...");
-        }
-
-        contextDocument = context;
-        ed = factory.newEncryptedData(element);
-
-        return ed;
-    }
-
-    /**
-     * Returns an <code>EncryptedKey</code> interface. Use this operation if
-     * you want to load an <code>EncryptedKey</code> structure from a DOM
-     * structure and manipulate the contents.
-     *
-     * @param context the context <code>Document</code>.
-     * @param element the <code>Element</code> that will be loaded
-     * @return the <code>EncryptedKey</code>
-     * @throws XMLEncryptionException
-     */
-    public EncryptedKey loadEncryptedKey(Document context, Element element)
-        throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Loading encrypted key...");
-        }
-        if (null == context) {
-            throw new NullPointerException("Context document unexpectedly null...");
-        }
-        if (null == element) {
-            throw new NullPointerException("Element unexpectedly null...");
-        }
-        if (cipherMode != UNWRAP_MODE && cipherMode != DECRYPT_MODE) {
-            throw new XMLEncryptionException(
-                "XMLCipher unexpectedly not in UNWRAP_MODE or DECRYPT_MODE..."
-            );
-        }
-
-        contextDocument = context;
-        ek = factory.newEncryptedKey(element);
-        return ek;
-    }
-
-    /**
-     * Returns an <code>EncryptedKey</code> interface. Use this operation if
-     * you want to load an <code>EncryptedKey</code> structure from a DOM
-     * structure and manipulate the contents.
-     *
-     * Assumes that the context document is the document that owns the element
-     *
-     * @param element the <code>Element</code> that will be loaded
-     * @return the <code>EncryptedKey</code>
-     * @throws XMLEncryptionException
-     */
-    public EncryptedKey loadEncryptedKey(Element element) throws XMLEncryptionException {
-        return loadEncryptedKey(element.getOwnerDocument(), element);
-    }
-
-    /**
-     * Encrypts a key to an EncryptedKey structure
-     *
-     * @param doc the Context document that will be used to general DOM
-     * @param key Key to encrypt (will use previously set KEK to
-     * perform encryption
-     * @return the <code>EncryptedKey</code>
-     * @throws XMLEncryptionException
-     */
-    public EncryptedKey encryptKey(Document doc, Key key) throws XMLEncryptionException {
-        return encryptKey(doc, key, null, null);
-    }
-
-    /**
-     * Encrypts a key to an EncryptedKey structure
-     *
-     * @param doc the Context document that will be used to general DOM
-     * @param key Key to encrypt (will use previously set KEK to
-     * perform encryption
-     * @param mgfAlgorithm The xenc11 MGF Algorithm to use
-     * @param oaepParams The OAEPParams to use
-     * @return the <code>EncryptedKey</code>
-     * @throws XMLEncryptionException
-     */
-    public EncryptedKey encryptKey(
-        Document doc,
-        Key key,
-        String mgfAlgorithm,
-        byte[] oaepParams
-    ) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Encrypting key ...");
-        }
-
-        if (null == key) {
-            log.log(java.util.logging.Level.SEVERE, "Key unexpectedly null...");
-        }
-        if (cipherMode != WRAP_MODE) {
-            log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");
-        }
-        if (algorithm == null) {
-            throw new XMLEncryptionException("XMLCipher instance without transformation specified");
-        }
-
-        contextDocument = doc;
-
-        byte[] encryptedBytes = null;
-        Cipher c;
-
-        if (contextCipher == null) {
-            // Now create the working cipher
-            c = constructCipher(algorithm, null);
-        } else {
-            c = contextCipher;
-        }
-        // Now perform the encryption
-
-        try {
-            // Should internally generate an IV
-            // todo - allow user to set an IV
-            OAEPParameterSpec oaepParameters =
-                constructOAEPParameters(
-                    algorithm, digestAlg, mgfAlgorithm, oaepParams
-                );
-            if (oaepParameters == null) {
-                c.init(Cipher.WRAP_MODE, this.key);
-            } else {
-                c.init(Cipher.WRAP_MODE, this.key, oaepParameters);
-            }
-            encryptedBytes = c.wrap(key);
-        } catch (InvalidKeyException ike) {
-            throw new XMLEncryptionException("empty", ike);
-        } catch (IllegalBlockSizeException ibse) {
-            throw new XMLEncryptionException("empty", ibse);
-        } catch (InvalidAlgorithmParameterException e) {
-            throw new XMLEncryptionException("empty", e);
-        }
-
-        String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
-            log.log(java.util.logging.Level.FINE, "Encrypted key octets length = " + base64EncodedEncryptedOctets.length());
-        }
-
-        CipherValue cv = ek.getCipherData().getCipherValue();
-        cv.setValue(base64EncodedEncryptedOctets);
-
-        try {
-            EncryptionMethod method = factory.newEncryptionMethod(new URI(algorithm).toString());
-            method.setDigestAlgorithm(digestAlg);
-            method.setMGFAlgorithm(mgfAlgorithm);
-            method.setOAEPparams(oaepParams);
-            ek.setEncryptionMethod(method);
-        } catch (URISyntaxException ex) {
-            throw new XMLEncryptionException("empty", ex);
-        }
-        return ek;
-    }
-
-    /**
-     * Decrypt a key from a passed in EncryptedKey structure
-     *
-     * @param encryptedKey Previously loaded EncryptedKey that needs
-     * to be decrypted.
-     * @param algorithm Algorithm for the decryption
-     * @return a key corresponding to the given type
-     * @throws XMLEncryptionException
-     */
-    public Key decryptKey(EncryptedKey encryptedKey, String algorithm)
-        throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
-        }
-
-        if (cipherMode != UNWRAP_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
-        }
-
-        if (algorithm == null) {
-            throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
-        }
-
-        if (key == null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
-            }
-
-            KeyInfo ki = encryptedKey.getKeyInfo();
-            if (ki != null) {
-                ki.setSecureValidation(secureValidation);
-                try {
-                    String keyWrapAlg = encryptedKey.getEncryptionMethod().getAlgorithm();
-                    String keyType = JCEMapper.getJCEKeyAlgorithmFromURI(keyWrapAlg);
-                    if ("RSA".equals(keyType)) {
-                        key = ki.getPrivateKey();
-                    } else {
-                        key = ki.getSecretKey();
-                    }
-                }
-                catch (Exception e) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                    }
-                }
-            }
-            if (key == null) {
-                log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptKey called without a KEK and cannot resolve");
-                throw new XMLEncryptionException("Unable to decrypt without a KEK");
-            }
-        }
-
-        // Obtain the encrypted octets
-        XMLCipherInput cipherInput = new XMLCipherInput(encryptedKey);
-        cipherInput.setSecureValidation(secureValidation);
-        byte[] encryptedBytes = cipherInput.getBytes();
-
-        String jceKeyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithm);
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "JCE Key Algorithm: " + jceKeyAlgorithm);
-        }
-
-        Cipher c;
-        if (contextCipher == null) {
-            // Now create the working cipher
-            c =
-                constructCipher(
-                    encryptedKey.getEncryptionMethod().getAlgorithm(),
-                    encryptedKey.getEncryptionMethod().getDigestAlgorithm()
-                );
-        } else {
-            c = contextCipher;
-        }
-
-        Key ret;
-
-        try {
-            EncryptionMethod encMethod = encryptedKey.getEncryptionMethod();
-            OAEPParameterSpec oaepParameters =
-                constructOAEPParameters(
-                    encMethod.getAlgorithm(), encMethod.getDigestAlgorithm(),
-                    encMethod.getMGFAlgorithm(), encMethod.getOAEPparams()
-                );
-            if (oaepParameters == null) {
-                c.init(Cipher.UNWRAP_MODE, key);
-            } else {
-                c.init(Cipher.UNWRAP_MODE, key, oaepParameters);
-            }
-            ret = c.unwrap(encryptedBytes, jceKeyAlgorithm, Cipher.SECRET_KEY);
-        } catch (InvalidKeyException ike) {
-            throw new XMLEncryptionException("empty", ike);
-        } catch (NoSuchAlgorithmException nsae) {
-            throw new XMLEncryptionException("empty", nsae);
-        } catch (InvalidAlgorithmParameterException e) {
-            throw new XMLEncryptionException("empty", e);
-        }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
-        }
-
-        return ret;
-    }
-
-    /**
-     * Construct an OAEPParameterSpec object from the given parameters
-     */
-    private OAEPParameterSpec constructOAEPParameters(
-        String encryptionAlgorithm,
-        String digestAlgorithm,
-        String mgfAlgorithm,
-        byte[] oaepParams
-    ) {
-        if (XMLCipher.RSA_OAEP.equals(encryptionAlgorithm)
-            || XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
-
-            String jceDigestAlgorithm = "SHA-1";
-            if (digestAlgorithm != null) {
-                jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
-            }
-
-            PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
-            if (oaepParams != null) {
-                pSource = new PSource.PSpecified(oaepParams);
-            }
-
-            MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
-            if (XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
-                if (EncryptionConstants.MGF1_SHA256.equals(mgfAlgorithm)) {
-                    mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
-                } else if (EncryptionConstants.MGF1_SHA384.equals(mgfAlgorithm)) {
-                    mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
-                } else if (EncryptionConstants.MGF1_SHA512.equals(mgfAlgorithm)) {
-                    mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
-                }
-            }
-            return new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
-        }
-
-        return null;
-    }
-
-    /**
-     * Construct a Cipher object
-     */
-    private Cipher constructCipher(String algorithm, String digestAlgorithm) throws XMLEncryptionException {
-        String jceAlgorithm = JCEMapper.translateURItoJCEID(algorithm);
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
-        }
-
-        Cipher c;
-        try {
-            if (requestedJCEProvider == null) {
-                c = Cipher.getInstance(jceAlgorithm);
-            } else {
-                c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
-            }
-        } catch (NoSuchAlgorithmException nsae) {
-            // Check to see if an RSA OAEP MGF-1 with SHA-1 algorithm was requested
-            // Some JDKs don't support RSA/ECB/OAEPPadding
-            if (XMLCipher.RSA_OAEP.equals(algorithm)
-                && (digestAlgorithm == null
-                    || MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1.equals(digestAlgorithm))) {
-                try {
-                    if (requestedJCEProvider == null) {
-                        c = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
-                    } else {
-                        c = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding", requestedJCEProvider);
-                    }
-                } catch (Exception ex) {
-                    throw new XMLEncryptionException("empty", ex);
-                }
-            } else {
-                throw new XMLEncryptionException("empty", nsae);
-            }
-        } catch (NoSuchProviderException nspre) {
-            throw new XMLEncryptionException("empty", nspre);
-        } catch (NoSuchPaddingException nspae) {
-            throw new XMLEncryptionException("empty", nspae);
-        }
-
-        return c;
-    }
-
-    /**
-     * Decrypt a key from a passed in EncryptedKey structure.  This version
-     * is used mainly internally, when  the cipher already has an
-     * EncryptedData loaded.  The algorithm URI will be read from the
-     * EncryptedData
-     *
-     * @param encryptedKey Previously loaded EncryptedKey that needs
-     * to be decrypted.
-     * @return a key corresponding to the given type
-     * @throws XMLEncryptionException
-     */
-    public Key decryptKey(EncryptedKey encryptedKey) throws XMLEncryptionException {
-        return decryptKey(encryptedKey, ed.getEncryptionMethod().getAlgorithm());
-    }
-
-    /**
-     * Removes the contents of a <code>Node</code>.
-     *
-     * @param node the <code>Node</code> to clear.
-     */
-    private static void removeContent(Node node) {
-        while (node.hasChildNodes()) {
-            node.removeChild(node.getFirstChild());
-        }
-    }
-
-    /**
-     * Decrypts <code>EncryptedData</code> in a single-part operation.
-     *
-     * @param element the <code>EncryptedData</code> to decrypt.
-     * @return the <code>Node</code> as a result of the decrypt operation.
-     * @throws XMLEncryptionException
-     */
-    private Document decryptElement(Element element) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Decrypting element...");
-        }
-
-        if (cipherMode != DECRYPT_MODE) {
-            log.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
-        }
-
-        byte[] octets = decryptToByteArray(element);
-
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Decrypted octets:\n" + new String(octets));
-        }
-
-        Node sourceParent = element.getParentNode();
-        Node decryptedNode = serializer.deserialize(octets, sourceParent);
-
-        // The de-serialiser returns a node whose children we need to take on.
-        if (sourceParent != null && Node.DOCUMENT_NODE == sourceParent.getNodeType()) {
-            // If this is a content decryption, this may have problems
-            contextDocument.removeChild(contextDocument.getDocumentElement());
-            contextDocument.appendChild(decryptedNode);
-        } else if (sourceParent != null) {
-            sourceParent.replaceChild(decryptedNode, element);
-        }
-
-        return contextDocument;
-    }
-
-    /**
-     *
-     * @param element
-     * @return the <code>Node</code> as a result of the decrypt operation.
-     * @throws XMLEncryptionException
-     */
-    private Document decryptElementContent(Element element) throws XMLEncryptionException {
-        Element e =
-            (Element) element.getElementsByTagNameNS(
-                EncryptionConstants.EncryptionSpecNS,
-                EncryptionConstants._TAG_ENCRYPTEDDATA
-            ).item(0);
-
-        if (null == e) {
-            throw new XMLEncryptionException("No EncryptedData child element.");
-        }
-
-        return decryptElement(e);
-    }
-
-    /**
-     * Decrypt an EncryptedData element to a byte array.
-     *
-     * When passed in an EncryptedData node, returns the decryption
-     * as a byte array.
-     *
-     * Does not modify the source document.
-     * @param element
-     * @return the bytes resulting from the decryption
-     * @throws XMLEncryptionException
-     */
-    public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
-        }
-
-        if (cipherMode != DECRYPT_MODE) {
-            log.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
-        }
-
-        EncryptedData encryptedData = factory.newEncryptedData(element);
-
-        if (key == null) {
-            KeyInfo ki = encryptedData.getKeyInfo();
-            if (ki != null) {
-                try {
-                    // Add an EncryptedKey resolver
-                    String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
-                    EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
-                    if (internalKeyResolvers != null) {
-                        int size = internalKeyResolvers.size();
-                        for (int i = 0; i < size; i++) {
-                            resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
-                        }
-                    }
-                    ki.registerInternalKeyResolver(resolver);
-                    ki.setSecureValidation(secureValidation);
-                    key = ki.getSecretKey();
-                } catch (KeyResolverException kre) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, kre.getMessage(), kre);
-                    }
-                }
-            }
-
-            if (key == null) {
-                log.log(java.util.logging.Level.SEVERE,
-                    "XMLCipher::decryptElement called without a key and unable to resolve"
-                );
-                throw new XMLEncryptionException("encryption.nokey");
-            }
-        }
-
-        // Obtain the encrypted octets
-        XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
-        cipherInput.setSecureValidation(secureValidation);
-        byte[] encryptedBytes = cipherInput.getBytes();
-
-        // Now create the working cipher
-        String jceAlgorithm =
-            JCEMapper.translateURItoJCEID(encryptedData.getEncryptionMethod().getAlgorithm());
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
-        }
-
-        Cipher c;
-        try {
-            if (requestedJCEProvider == null) {
-                c = Cipher.getInstance(jceAlgorithm);
-            } else {
-                c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
-            }
-        } catch (NoSuchAlgorithmException nsae) {
-            throw new XMLEncryptionException("empty", nsae);
-        } catch (NoSuchProviderException nspre) {
-            throw new XMLEncryptionException("empty", nspre);
-        } catch (NoSuchPaddingException nspae) {
-            throw new XMLEncryptionException("empty", nspae);
-        }
-
-        // Calculate the IV length and copy out
-
-        // For now, we only work with Block ciphers, so this will work.
-        // This should probably be put into the JCE mapper.
-
-        int ivLen = c.getBlockSize();
-        String alg = encryptedData.getEncryptionMethod().getAlgorithm();
-        if (AES_128_GCM.equals(alg) || AES_192_GCM.equals(alg) || AES_256_GCM.equals(alg)) {
-            ivLen = 12;
-        }
-        byte[] ivBytes = new byte[ivLen];
-
-        // You may be able to pass the entire piece in to IvParameterSpec
-        // and it will only take the first x bytes, but no way to be certain
-        // that this will work for every JCE provider, so lets copy the
-        // necessary bytes into a dedicated array.
-
-        System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
-        IvParameterSpec iv = new IvParameterSpec(ivBytes);
-
-        try {
-            c.init(cipherMode, key, iv);
-        } catch (InvalidKeyException ike) {
-            throw new XMLEncryptionException("empty", ike);
-        } catch (InvalidAlgorithmParameterException iape) {
-            throw new XMLEncryptionException("empty", iape);
-        }
-
-        try {
-            return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
-        } catch (IllegalBlockSizeException ibse) {
-            throw new XMLEncryptionException("empty", ibse);
-        } catch (BadPaddingException bpe) {
-            throw new XMLEncryptionException("empty", bpe);
-        }
-    }
-
-    /*
-     * Expose the interface for creating XML Encryption objects
-     */
-
-    /**
-     * Creates an <code>EncryptedData</code> <code>Element</code>.
-     *
-     * The newEncryptedData and newEncryptedKey methods create fairly complete
-     * elements that are immediately useable.  All the other create* methods
-     * return bare elements that still need to be built upon.
-     *<p>
-     * An EncryptionMethod will still need to be added however
-     *
-     * @param type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of
-     * CipherData this EncryptedData will contain.
-     * @param value the Base 64 encoded, encrypted text to wrap in the
-     *   <code>EncryptedData</code> or the URI to set in the CipherReference
-     * (usage will depend on the <code>type</code>
-     * @return the <code>EncryptedData</code> <code>Element</code>.
-     *
-     * <!--
-     * <EncryptedData Id[OPT] Type[OPT] MimeType[OPT] Encoding[OPT]>
-     *     <EncryptionMethod/>[OPT]
-     *     <ds:KeyInfo>[OPT]
-     *         <EncryptedKey/>[OPT]
-     *         <AgreementMethod/>[OPT]
-     *         <ds:KeyName/>[OPT]
-     *         <ds:RetrievalMethod/>[OPT]
-     *         <ds:[MUL]/>[OPT]
-     *     </ds:KeyInfo>
-     *     <CipherData>[MAN]
-     *         <CipherValue/> XOR <CipherReference/>
-     *     </CipherData>
-     *     <EncryptionProperties/>[OPT]
-     * </EncryptedData>
-     * -->
-     * @throws XMLEncryptionException
-     */
-    public EncryptedData createEncryptedData(int type, String value) throws XMLEncryptionException {
-        EncryptedData result = null;
-        CipherData data = null;
-
-        switch (type) {
-        case CipherData.REFERENCE_TYPE:
-            CipherReference cipherReference = factory.newCipherReference(value);
-            data = factory.newCipherData(type);
-            data.setCipherReference(cipherReference);
-            result = factory.newEncryptedData(data);
-            break;
-        case CipherData.VALUE_TYPE:
-            CipherValue cipherValue = factory.newCipherValue(value);
-            data = factory.newCipherData(type);
-            data.setCipherValue(cipherValue);
-            result = factory.newEncryptedData(data);
-        }
-
-        return result;
-    }
-
-    /**
-     * Creates an <code>EncryptedKey</code> <code>Element</code>.
-     *
-     * The newEncryptedData and newEncryptedKey methods create fairly complete
-     * elements that are immediately useable.  All the other create* methods
-     * return bare elements that still need to be built upon.
-     *<p>
-     * An EncryptionMethod will still need to be added however
-     *
-     * @param type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of
-     * CipherData this EncryptedData will contain.
-     * @param value the Base 64 encoded, encrypted text to wrap in the
-     *   <code>EncryptedKey</code> or the URI to set in the CipherReference
-     * (usage will depend on the <code>type</code>
-     * @return the <code>EncryptedKey</code> <code>Element</code>.
-     *
-     * <!--
-     * <EncryptedKey Id[OPT] Type[OPT] MimeType[OPT] Encoding[OPT]>
-     *     <EncryptionMethod/>[OPT]
-     *     <ds:KeyInfo>[OPT]
-     *         <EncryptedKey/>[OPT]
-     *         <AgreementMethod/>[OPT]
-     *         <ds:KeyName/>[OPT]
-     *         <ds:RetrievalMethod/>[OPT]
-     *         <ds:[MUL]/>[OPT]
-     *     </ds:KeyInfo>
-     *     <CipherData>[MAN]
-     *         <CipherValue/> XOR <CipherReference/>
-     *     </CipherData>
-     *     <EncryptionProperties/>[OPT]
-     * </EncryptedData>
-     * -->
-     * @throws XMLEncryptionException
-     */
-    public EncryptedKey createEncryptedKey(int type, String value) throws XMLEncryptionException {
-        EncryptedKey result = null;
-        CipherData data = null;
-
-        switch (type) {
-        case CipherData.REFERENCE_TYPE:
-            CipherReference cipherReference = factory.newCipherReference(value);
-            data = factory.newCipherData(type);
-            data.setCipherReference(cipherReference);
-            result = factory.newEncryptedKey(data);
-            break;
-        case CipherData.VALUE_TYPE:
-            CipherValue cipherValue = factory.newCipherValue(value);
-            data = factory.newCipherData(type);
-            data.setCipherValue(cipherValue);
-            result = factory.newEncryptedKey(data);
-        }
-
-        return result;
-    }
-
-    /**
-     * Create an AgreementMethod object
-     *
-     * @param algorithm Algorithm of the agreement method
-     * @return a new <code>AgreementMethod</code>
-     */
-    public AgreementMethod createAgreementMethod(String algorithm) {
-        return factory.newAgreementMethod(algorithm);
-    }
-
-    /**
-     * Create a CipherData object
-     *
-     * @param type Type of this CipherData (either VALUE_TUPE or
-     * REFERENCE_TYPE)
-     * @return a new <code>CipherData</code>
-     */
-    public CipherData createCipherData(int type) {
-        return factory.newCipherData(type);
-    }
-
-    /**
-     * Create a CipherReference object
-     *
-     * @param uri The URI that the reference will refer
-     * @return a new <code>CipherReference</code>
-     */
-    public CipherReference createCipherReference(String uri) {
-        return factory.newCipherReference(uri);
-    }
-
-    /**
-     * Create a CipherValue element
-     *
-     * @param value The value to set the ciphertext to
-     * @return a new <code>CipherValue</code>
-     */
-    public CipherValue createCipherValue(String value) {
-        return factory.newCipherValue(value);
-    }
-
-    /**
-     * Create an EncryptionMethod object
-     *
-     * @param algorithm Algorithm for the encryption
-     * @return a new <code>EncryptionMethod</code>
-     */
-    public EncryptionMethod createEncryptionMethod(String algorithm) {
-        return factory.newEncryptionMethod(algorithm);
-    }
-
-    /**
-     * Create an EncryptionProperties element
-     * @return a new <code>EncryptionProperties</code>
-     */
-    public EncryptionProperties createEncryptionProperties() {
-        return factory.newEncryptionProperties();
-    }
-
-    /**
-     * Create a new EncryptionProperty element
-     * @return a new <code>EncryptionProperty</code>
-     */
-    public EncryptionProperty createEncryptionProperty() {
-        return factory.newEncryptionProperty();
-    }
-
-    /**
-     * Create a new ReferenceList object
-     * @param type ReferenceList.DATA_REFERENCE or ReferenceList.KEY_REFERENCE
-     * @return a new <code>ReferenceList</code>
-     */
-    public ReferenceList createReferenceList(int type) {
-        return factory.newReferenceList(type);
-    }
-
-    /**
-     * Create a new Transforms object
-     * <p>
-     * <b>Note</b>: A context document <i>must</i> have been set
-     * elsewhere (possibly via a call to doFinal).  If not, use the
-     * createTransforms(Document) method.
-     * @return a new <code>Transforms</code>
-     */
-    public Transforms createTransforms() {
-        return factory.newTransforms();
-    }
-
-    /**
-     * Create a new Transforms object
-     *
-     * Because the handling of Transforms is currently done in the signature
-     * code, the creation of a Transforms object <b>requires</b> a
-     * context document.
-     *
-     * @param doc Document that will own the created Transforms node
-     * @return a new <code>Transforms</code>
-     */
-    public Transforms createTransforms(Document doc) {
-        return factory.newTransforms(doc);
-    }
-
-    /**
-     *
-     * @author Axl Mattheus
-     */
-    private class Factory {
-        /**
-         * @param algorithm
-         * @return a new AgreementMethod
-         */
-        AgreementMethod newAgreementMethod(String algorithm)  {
-            return new AgreementMethodImpl(algorithm);
-        }
-
-        /**
-         * @param type
-         * @return a new CipherData
-         *
-         */
-        CipherData newCipherData(int type) {
-            return new CipherDataImpl(type);
-        }
-
-        /**
-         * @param uri
-         * @return a new CipherReference
-         */
-        CipherReference newCipherReference(String uri)  {
-            return new CipherReferenceImpl(uri);
-        }
-
-        /**
-         * @param value
-         * @return a new CipherValue
-         */
-        CipherValue newCipherValue(String value) {
-            return new CipherValueImpl(value);
-        }
-
-        /*
-        CipherValue newCipherValue(byte[] value) {
-            return new CipherValueImpl(value);
-        }
-         */
-
-        /**
-         * @param data
-         * @return a new EncryptedData
-         */
-        EncryptedData newEncryptedData(CipherData data) {
-            return new EncryptedDataImpl(data);
-        }
-
-        /**
-         * @param data
-         * @return a new EncryptedKey
-         */
-        EncryptedKey newEncryptedKey(CipherData data) {
-            return new EncryptedKeyImpl(data);
-        }
-
-        /**
-         * @param algorithm
-         * @return a new EncryptionMethod
-         */
-        EncryptionMethod newEncryptionMethod(String algorithm) {
-            return new EncryptionMethodImpl(algorithm);
-        }
-
-        /**
-         * @return a new EncryptionProperties
-         */
-        EncryptionProperties newEncryptionProperties() {
-            return new EncryptionPropertiesImpl();
-        }
-
-        /**
-         * @return a new EncryptionProperty
-         */
-        EncryptionProperty newEncryptionProperty() {
-            return new EncryptionPropertyImpl();
-        }
-
-        /**
-         * @param type ReferenceList.DATA_REFERENCE or ReferenceList.KEY_REFERENCE
-         * @return a new ReferenceList
-         */
-        ReferenceList newReferenceList(int type) {
-            return new ReferenceListImpl(type);
-        }
-
-        /**
-         * @return a new Transforms
-         */
-        Transforms newTransforms() {
-            return new TransformsImpl();
-        }
-
-        /**
-         * @param doc
-         * @return a new Transforms
-         */
-        Transforms newTransforms(Document doc) {
-            return new TransformsImpl(doc);
-        }
-
-        /**
-         * @param element
-         * @return a new CipherData
-         * @throws XMLEncryptionException
-         */
-        CipherData newCipherData(Element element) throws XMLEncryptionException {
-            if (null == element) {
-                throw new NullPointerException("element is null");
-            }
-
-            int type = 0;
-            Element e = null;
-            if (element.getElementsByTagNameNS(
-                EncryptionConstants.EncryptionSpecNS,
-                EncryptionConstants._TAG_CIPHERVALUE).getLength() > 0
-            ) {
-                type = CipherData.VALUE_TYPE;
-                e = (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_CIPHERVALUE).item(0);
-            } else if (element.getElementsByTagNameNS(
-                EncryptionConstants.EncryptionSpecNS,
-                EncryptionConstants._TAG_CIPHERREFERENCE).getLength() > 0) {
-                type = CipherData.REFERENCE_TYPE;
-                e = (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_CIPHERREFERENCE).item(0);
-            }
-
-            CipherData result = newCipherData(type);
-            if (type == CipherData.VALUE_TYPE) {
-                result.setCipherValue(newCipherValue(e));
-            } else if (type == CipherData.REFERENCE_TYPE) {
-                result.setCipherReference(newCipherReference(e));
-            }
-
-            return result;
-        }
-
-        /**
-         * @param element
-         * @return a new CipherReference
-         * @throws XMLEncryptionException
-         *
-         */
-        CipherReference newCipherReference(Element element) throws XMLEncryptionException {
-
-            Attr uriAttr =
-                element.getAttributeNodeNS(null, EncryptionConstants._ATT_URI);
-            CipherReference result = new CipherReferenceImpl(uriAttr);
-
-            // Find any Transforms
-            NodeList transformsElements =
-                element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_TRANSFORMS);
-            Element transformsElement = (Element) transformsElements.item(0);
-
-            if (transformsElement != null) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Creating a DSIG based Transforms element");
-                }
-                try {
-                    result.setTransforms(new TransformsImpl(transformsElement));
-                } catch (XMLSignatureException xse) {
-                    throw new XMLEncryptionException("empty", xse);
-                } catch (InvalidTransformException ite) {
-                    throw new XMLEncryptionException("empty", ite);
-                } catch (XMLSecurityException xse) {
-                    throw new XMLEncryptionException("empty", xse);
-                }
-            }
-
-            return result;
-        }
-
-        /**
-         * @param element
-         * @return a new CipherValue
-         */
-        CipherValue newCipherValue(Element element) {
-            String value = XMLUtils.getFullTextChildrenFromElement(element);
-
-            return newCipherValue(value);
-        }
-
-        /**
-         * @param element
-         * @return a new EncryptedData
-         * @throws XMLEncryptionException
-         *
-         */
-        EncryptedData newEncryptedData(Element element) throws XMLEncryptionException {
-            EncryptedData result = null;
-
-            NodeList dataElements =
-                element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
-
-            // Need to get the last CipherData found, as earlier ones will
-            // be for elements in the KeyInfo lists
-
-            Element dataElement =
-                (Element) dataElements.item(dataElements.getLength() - 1);
-
-            CipherData data = newCipherData(dataElement);
-
-            result = newEncryptedData(data);
-
-            result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
-            result.setType(element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
-            result.setMimeType(element.getAttributeNS(null, EncryptionConstants._ATT_MIMETYPE));
-            result.setEncoding( element.getAttributeNS(null, Constants._ATT_ENCODING));
-
-            Element encryptionMethodElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_ENCRYPTIONMETHOD).item(0);
-            if (null != encryptionMethodElement) {
-                result.setEncryptionMethod(newEncryptionMethod(encryptionMethodElement));
-            }
-
-            // BFL 16/7/03 - simple implementation
-            // TODO: Work out how to handle relative URI
-
-            Element keyInfoElement =
-                (Element) element.getElementsByTagNameNS(
-                    Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
-            if (null != keyInfoElement) {
-                KeyInfo ki = newKeyInfo(keyInfoElement);
-                result.setKeyInfo(ki);
-            }
-
-            // TODO: Implement
-            Element encryptionPropertiesElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_ENCRYPTIONPROPERTIES).item(0);
-            if (null != encryptionPropertiesElement) {
-                result.setEncryptionProperties(
-                    newEncryptionProperties(encryptionPropertiesElement)
-                );
-            }
-
-            return result;
-        }
-
-        /**
-         * @param element
-         * @return a new EncryptedKey
-         * @throws XMLEncryptionException
-         */
-        EncryptedKey newEncryptedKey(Element element) throws XMLEncryptionException {
-            EncryptedKey result = null;
-            NodeList dataElements =
-                element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
-            Element dataElement =
-                (Element) dataElements.item(dataElements.getLength() - 1);
-
-            CipherData data = newCipherData(dataElement);
-            result = newEncryptedKey(data);
-
-            result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
-            result.setType(element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
-            result.setMimeType(element.getAttributeNS(null, EncryptionConstants._ATT_MIMETYPE));
-            result.setEncoding(element.getAttributeNS(null, Constants._ATT_ENCODING));
-            result.setRecipient(element.getAttributeNS(null, EncryptionConstants._ATT_RECIPIENT));
-
-            Element encryptionMethodElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_ENCRYPTIONMETHOD).item(0);
-            if (null != encryptionMethodElement) {
-                result.setEncryptionMethod(newEncryptionMethod(encryptionMethodElement));
-            }
-
-            Element keyInfoElement =
-                (Element) element.getElementsByTagNameNS(
-                    Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
-            if (null != keyInfoElement) {
-                KeyInfo ki = newKeyInfo(keyInfoElement);
-                result.setKeyInfo(ki);
-            }
-
-            // TODO: Implement
-            Element encryptionPropertiesElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_ENCRYPTIONPROPERTIES).item(0);
-            if (null != encryptionPropertiesElement) {
-                result.setEncryptionProperties(
-                    newEncryptionProperties(encryptionPropertiesElement)
-                );
-            }
-
-            Element referenceListElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_REFERENCELIST).item(0);
-            if (null != referenceListElement) {
-                result.setReferenceList(newReferenceList(referenceListElement));
-            }
-
-            Element carriedNameElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_CARRIEDKEYNAME).item(0);
-            if (null != carriedNameElement) {
-                result.setCarriedName(carriedNameElement.getFirstChild().getNodeValue());
-            }
-
-            return result;
-        }
-
-        /**
-         * @param element
-         * @return a new KeyInfo
-         * @throws XMLEncryptionException
-         */
-        KeyInfo newKeyInfo(Element element) throws XMLEncryptionException {
-            try {
-                KeyInfo ki = new KeyInfo(element, null);
-                ki.setSecureValidation(secureValidation);
-                if (internalKeyResolvers != null) {
-                    int size = internalKeyResolvers.size();
-                    for (int i = 0; i < size; i++) {
-                        ki.registerInternalKeyResolver(internalKeyResolvers.get(i));
-                    }
-                }
-                return ki;
-            } catch (XMLSecurityException xse) {
-                throw new XMLEncryptionException("Error loading Key Info", xse);
-            }
-        }
-
-        /**
-         * @param element
-         * @return a new EncryptionMethod
-         */
-        EncryptionMethod newEncryptionMethod(Element element) {
-            String encAlgorithm = element.getAttributeNS(null, EncryptionConstants._ATT_ALGORITHM);
-            EncryptionMethod result = newEncryptionMethod(encAlgorithm);
-
-            Element keySizeElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_KEYSIZE).item(0);
-            if (null != keySizeElement) {
-                result.setKeySize(
-                    Integer.valueOf(
-                        keySizeElement.getFirstChild().getNodeValue()).intValue());
-            }
-
-            Element oaepParamsElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_OAEPPARAMS).item(0);
-            if (null != oaepParamsElement) {
-                try {
-                    String oaepParams = oaepParamsElement.getFirstChild().getNodeValue();
-                    result.setOAEPparams(Base64.decode(oaepParams.getBytes("UTF-8")));
-                } catch(UnsupportedEncodingException e) {
-                    throw new RuntimeException("UTF-8 not supported", e);
-                } catch (Base64DecodingException e) {
-                    throw new RuntimeException("BASE-64 decoding error", e);
-                }
-            }
-
-            Element digestElement =
-                (Element) element.getElementsByTagNameNS(
-                    Constants.SignatureSpecNS, Constants._TAG_DIGESTMETHOD).item(0);
-            if (digestElement != null) {
-                String digestAlgorithm = digestElement.getAttributeNS(null, "Algorithm");
-                result.setDigestAlgorithm(digestAlgorithm);
-            }
-
-            Element mgfElement =
-                (Element) element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpec11NS, EncryptionConstants._TAG_MGF).item(0);
-            if (mgfElement != null && !XMLCipher.RSA_OAEP.equals(algorithm)) {
-                String mgfAlgorithm = mgfElement.getAttributeNS(null, "Algorithm");
-                result.setMGFAlgorithm(mgfAlgorithm);
-            }
-
-            // TODO: Make this mess work
-            // <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
-
-            return result;
-        }
-
-        /**
-         * @param element
-         * @return a new EncryptionProperties
-         */
-        EncryptionProperties newEncryptionProperties(Element element) {
-            EncryptionProperties result = newEncryptionProperties();
-
-            result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
-
-            NodeList encryptionPropertyList =
-                element.getElementsByTagNameNS(
-                    EncryptionConstants.EncryptionSpecNS,
-                    EncryptionConstants._TAG_ENCRYPTIONPROPERTY);
-            for (int i = 0; i < encryptionPropertyList.getLength(); i++) {
-                Node n = encryptionPropertyList.item(i);
-                if (null != n) {
-                    result.addEncryptionProperty(newEncryptionProperty((Element) n));
-                }
-            }
-
-            return result;
-        }
-
-        /**
-         * @param element
-         * @return a new EncryptionProperty
-         */
-        EncryptionProperty newEncryptionProperty(Element element) {
-            EncryptionProperty result = newEncryptionProperty();
-
-            result.setTarget(element.getAttributeNS(null, EncryptionConstants._ATT_TARGET));
-            result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
-            // TODO: Make this lot work...
-            // <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
-
-            // TODO: Make this work...
-            // <any namespace='##other' processContents='lax'/>
-
-            return result;
-        }
-
-        /**
-         * @param element
-         * @return a new ReferenceList
-         */
-        ReferenceList newReferenceList(Element element) {
-            int type = 0;
-            if (null != element.getElementsByTagNameNS(
-                EncryptionConstants.EncryptionSpecNS,
-                EncryptionConstants._TAG_DATAREFERENCE).item(0)) {
-                type = ReferenceList.DATA_REFERENCE;
-            } else if (null != element.getElementsByTagNameNS(
-                EncryptionConstants.EncryptionSpecNS,
-                EncryptionConstants._TAG_KEYREFERENCE).item(0)) {
-                type = ReferenceList.KEY_REFERENCE;
-            }
-
-            ReferenceList result = new ReferenceListImpl(type);
-            NodeList list = null;
-            switch (type) {
-            case ReferenceList.DATA_REFERENCE:
-                list =
-                    element.getElementsByTagNameNS(
-                        EncryptionConstants.EncryptionSpecNS,
-                        EncryptionConstants._TAG_DATAREFERENCE);
-                for (int i = 0; i < list.getLength() ; i++) {
-                    String uri = ((Element) list.item(i)).getAttribute("URI");
-                    result.add(result.newDataReference(uri));
-                }
-                break;
-            case ReferenceList.KEY_REFERENCE:
-                list =
-                    element.getElementsByTagNameNS(
-                        EncryptionConstants.EncryptionSpecNS,
-                        EncryptionConstants._TAG_KEYREFERENCE);
-                for (int i = 0; i < list.getLength() ; i++) {
-                    String uri = ((Element) list.item(i)).getAttribute("URI");
-                    result.add(result.newKeyReference(uri));
-                }
-            }
-
-            return result;
-        }
-
-        /**
-         * @param encryptedData
-         * @return the XML Element form of that EncryptedData
-         */
-        Element toElement(EncryptedData encryptedData) {
-            return ((EncryptedDataImpl) encryptedData).toElement();
-        }
-
-        /**
-         * @param encryptedKey
-         * @return the XML Element form of that EncryptedKey
-         */
-        Element toElement(EncryptedKey encryptedKey) {
-            return ((EncryptedKeyImpl) encryptedKey).toElement();
-        }
-
-        /**
-         * @param referenceList
-         * @return the XML Element form of that ReferenceList
-         */
-        Element toElement(ReferenceList referenceList) {
-            return ((ReferenceListImpl) referenceList).toElement();
-        }
-
-        private class AgreementMethodImpl implements AgreementMethod {
-            private byte[] kaNonce = null;
-            private List<Element> agreementMethodInformation = null;
-            private KeyInfo originatorKeyInfo = null;
-            private KeyInfo recipientKeyInfo = null;
-            private String algorithmURI = null;
-
-            /**
-             * @param algorithm
-             */
-            public AgreementMethodImpl(String algorithm) {
-                agreementMethodInformation = new LinkedList<Element>();
-                URI tmpAlgorithm = null;
-                try {
-                    tmpAlgorithm = new URI(algorithm);
-                } catch (URISyntaxException ex) {
-                    throw (IllegalArgumentException)
-                    new IllegalArgumentException().initCause(ex);
-                }
-                algorithmURI = tmpAlgorithm.toString();
-            }
-
-            /** @inheritDoc */
-            public byte[] getKANonce() {
-                return kaNonce;
-            }
-
-            /** @inheritDoc */
-            public void setKANonce(byte[] kanonce) {
-                kaNonce = kanonce;
-            }
-
-            /** @inheritDoc */
-            public Iterator<Element> getAgreementMethodInformation() {
-                return agreementMethodInformation.iterator();
-            }
-
-            /** @inheritDoc */
-            public void addAgreementMethodInformation(Element info) {
-                agreementMethodInformation.add(info);
-            }
-
-            /** @inheritDoc */
-            public void revoveAgreementMethodInformation(Element info) {
-                agreementMethodInformation.remove(info);
-            }
-
-            /** @inheritDoc */
-            public KeyInfo getOriginatorKeyInfo() {
-                return originatorKeyInfo;
-            }
-
-            /** @inheritDoc */
-            public void setOriginatorKeyInfo(KeyInfo keyInfo) {
-                originatorKeyInfo = keyInfo;
-            }
-
-            /** @inheritDoc */
-            public KeyInfo getRecipientKeyInfo() {
-                return recipientKeyInfo;
-            }
-
-            /** @inheritDoc */
-            public void setRecipientKeyInfo(KeyInfo keyInfo) {
-                recipientKeyInfo = keyInfo;
-            }
-
-            /** @inheritDoc */
-            public String getAlgorithm() {
-                return algorithmURI;
-            }
-        }
-
-        private class CipherDataImpl implements CipherData {
-            private static final String valueMessage =
-                "Data type is reference type.";
-            private static final String referenceMessage =
-                "Data type is value type.";
-            private CipherValue cipherValue = null;
-            private CipherReference cipherReference = null;
-            private int cipherType = Integer.MIN_VALUE;
-
-            /**
-             * @param type
-             */
-            public CipherDataImpl(int type) {
-                cipherType = type;
-            }
-
-            /** @inheritDoc */
-            public CipherValue getCipherValue() {
-                return cipherValue;
-            }
-
-            /** @inheritDoc */
-            public void setCipherValue(CipherValue value) throws XMLEncryptionException {
-
-                if (cipherType == REFERENCE_TYPE) {
-                    throw new XMLEncryptionException(
-                        "empty", new UnsupportedOperationException(valueMessage)
-                    );
-                }
-
-                cipherValue = value;
-            }
-
-            /** @inheritDoc */
-            public CipherReference getCipherReference() {
-                return cipherReference;
-            }
-
-            /** @inheritDoc */
-            public void setCipherReference(CipherReference reference) throws
-            XMLEncryptionException {
-                if (cipherType == VALUE_TYPE) {
-                    throw new XMLEncryptionException(
-                        "empty", new UnsupportedOperationException(referenceMessage)
-                    );
-                }
-
-                cipherReference = reference;
-            }
-
-            /** @inheritDoc */
-            public int getDataType() {
-                return cipherType;
-            }
-
-            Element toElement() {
-                Element result =
-                    XMLUtils.createElementInEncryptionSpace(
-                        contextDocument, EncryptionConstants._TAG_CIPHERDATA
-                    );
-                if (cipherType == VALUE_TYPE) {
-                    result.appendChild(((CipherValueImpl) cipherValue).toElement());
-                } else if (cipherType == REFERENCE_TYPE) {
-                    result.appendChild(((CipherReferenceImpl) cipherReference).toElement());
-                }
-
-                return result;
-            }
-        }
-
-        private class CipherReferenceImpl implements CipherReference {
-            private String referenceURI = null;
-            private Transforms referenceTransforms = null;
-            private Attr referenceNode = null;
-
-            /**
-             * @param uri
-             */
-            public CipherReferenceImpl(String uri) {
-                /* Don't check validity of URI as may be "" */
-                referenceURI = uri;
-                referenceNode = null;
-            }
-
-            /**
-             * @param uri
-             */
-            public CipherReferenceImpl(Attr uri) {
-                referenceURI = uri.getNodeValue();
-                referenceNode = uri;
-            }
-
-            /** @inheritDoc */
-            public String getURI() {
-                return referenceURI;
-            }
-
-            /** @inheritDoc */
-            public Attr getURIAsAttr() {
-                return referenceNode;
-            }
-
-            /** @inheritDoc */
-            public Transforms getTransforms() {
-                return referenceTransforms;
-            }
-
-            /** @inheritDoc */
-            public void setTransforms(Transforms transforms) {
-                referenceTransforms = transforms;
-            }
-
-            Element toElement() {
-                Element result =
-                    XMLUtils.createElementInEncryptionSpace(
-                        contextDocument, EncryptionConstants._TAG_CIPHERREFERENCE
-                    );
-                result.setAttributeNS(null, EncryptionConstants._ATT_URI, referenceURI);
-                if (null != referenceTransforms) {
-                    result.appendChild(((TransformsImpl) referenceTransforms).toElement());
-                }
-
-                return result;
-            }
-        }
-
-        private class CipherValueImpl implements CipherValue {
-            private String cipherValue = null;
-
-            /**
-             * @param value
-             */
-            public CipherValueImpl(String value) {
-                cipherValue = value;
-            }
-
-            /** @inheritDoc */
-            public String getValue() {
-                return cipherValue;
-            }
-
-            /** @inheritDoc */
-            public void setValue(String value) {
-                cipherValue = value;
-            }
-
-            Element toElement() {
-                Element result =
-                    XMLUtils.createElementInEncryptionSpace(
-                        contextDocument, EncryptionConstants._TAG_CIPHERVALUE
-                    );
-                result.appendChild(contextDocument.createTextNode(cipherValue));
-
-                return result;
-            }
-        }
-
-        private class EncryptedDataImpl extends EncryptedTypeImpl implements EncryptedData {
-
-            /**
-             * @param data
-             */
-            public EncryptedDataImpl(CipherData data) {
-                super(data);
-            }
-
-            Element toElement() {
-                Element result =
-                    ElementProxy.createElementForFamily(
-                        contextDocument, EncryptionConstants.EncryptionSpecNS,
-                        EncryptionConstants._TAG_ENCRYPTEDDATA
-                    );
-
-                if (null != super.getId()) {
-                    result.setAttributeNS(null, EncryptionConstants._ATT_ID, super.getId());
-                }
-                if (null != super.getType()) {
-                    result.setAttributeNS(null, EncryptionConstants._ATT_TYPE, super.getType());
-                }
-                if (null != super.getMimeType()) {
-                    result.setAttributeNS(
-                        null, EncryptionConstants._ATT_MIMETYPE, super.getMimeType()
-                    );
-                }
-                if (null != super.getEncoding()) {
-                    result.setAttributeNS(
-                        null, EncryptionConstants._ATT_ENCODING, super.getEncoding()
-                    );
-                }
-                if (null != super.getEncryptionMethod()) {
-                    result.appendChild(
-                        ((EncryptionMethodImpl)super.getEncryptionMethod()).toElement()
-                    );
-                }
-                if (null != super.getKeyInfo()) {
-                    result.appendChild(super.getKeyInfo().getElement().cloneNode(true));
-                }
-
-                result.appendChild(((CipherDataImpl) super.getCipherData()).toElement());
-                if (null != super.getEncryptionProperties()) {
-                    result.appendChild(((EncryptionPropertiesImpl)
-                        super.getEncryptionProperties()).toElement());
-                }
-
-                return result;
-            }
-        }
-
-        private class EncryptedKeyImpl extends EncryptedTypeImpl implements EncryptedKey {
-            private String keyRecipient = null;
-            private ReferenceList referenceList = null;
-            private String carriedName = null;
-
-            /**
-             * @param data
-             */
-            public EncryptedKeyImpl(CipherData data) {
-                super(data);
-            }
-
-            /** @inheritDoc */
-            public String getRecipient() {
-                return keyRecipient;
-            }
-
-            /** @inheritDoc */
-            public void setRecipient(String recipient) {
-                keyRecipient = recipient;
-            }
-
-            /** @inheritDoc */
-            public ReferenceList getReferenceList() {
-                return referenceList;
-            }
-
-            /** @inheritDoc */
-            public void setReferenceList(ReferenceList list) {
-                referenceList = list;
-            }
-
-            /** @inheritDoc */
-            public String getCarriedName() {
-                return carriedName;
-            }
-
-            /** @inheritDoc */
-            public void setCarriedName(String name) {
-                carriedName = name;
-            }
-
-            Element toElement() {
-                Element result =
-                    ElementProxy.createElementForFamily(
-                        contextDocument, EncryptionConstants.EncryptionSpecNS,
-                        EncryptionConstants._TAG_ENCRYPTEDKEY
-                    );
-
-                if (null != super.getId()) {
-                    result.setAttributeNS(null, EncryptionConstants._ATT_ID, super.getId());
-                }
-                if (null != super.getType()) {
-                    result.setAttributeNS(null, EncryptionConstants._ATT_TYPE, super.getType());
-                }
-                if (null != super.getMimeType()) {
-                    result.setAttributeNS(
-                        null, EncryptionConstants._ATT_MIMETYPE, super.getMimeType()
-                    );
-                }
-                if (null != super.getEncoding()) {
-                    result.setAttributeNS(null, Constants._ATT_ENCODING, super.getEncoding());
-                }
-                if (null != getRecipient()) {
-                    result.setAttributeNS(
-                        null, EncryptionConstants._ATT_RECIPIENT, getRecipient()
-                    );
-                }
-                if (null != super.getEncryptionMethod()) {
-                    result.appendChild(((EncryptionMethodImpl)
-                        super.getEncryptionMethod()).toElement());
-                }
-                if (null != super.getKeyInfo()) {
-                    result.appendChild(super.getKeyInfo().getElement().cloneNode(true));
-                }
-                result.appendChild(((CipherDataImpl) super.getCipherData()).toElement());
-                if (null != super.getEncryptionProperties()) {
-                    result.appendChild(((EncryptionPropertiesImpl)
-                        super.getEncryptionProperties()).toElement());
-                }
-                if (referenceList != null && !referenceList.isEmpty()) {
-                    result.appendChild(((ReferenceListImpl)getReferenceList()).toElement());
-                }
-                if (null != carriedName) {
-                    Element element =
-                        ElementProxy.createElementForFamily(
-                            contextDocument,
-                            EncryptionConstants.EncryptionSpecNS,
-                            EncryptionConstants._TAG_CARRIEDKEYNAME
-                        );
-                    Node node = contextDocument.createTextNode(carriedName);
-                    element.appendChild(node);
-                    result.appendChild(element);
-                }
-
-                return result;
-            }
-        }
-
-        private abstract class EncryptedTypeImpl {
-            private String id =  null;
-            private String type = null;
-            private String mimeType = null;
-            private String encoding = null;
-            private EncryptionMethod encryptionMethod = null;
-            private KeyInfo keyInfo = null;
-            private CipherData cipherData = null;
-            private EncryptionProperties encryptionProperties = null;
-
-            /**
-             * Constructor.
-             * @param data
-             */
-            protected EncryptedTypeImpl(CipherData data) {
-                cipherData = data;
-            }
-
-            /**
-             *
-             * @return the Id
-             */
-            public String getId() {
-                return id;
-            }
-
-            /**
-             *
-             * @param id
-             */
-            public void setId(String id) {
-                this.id = id;
-            }
-
-            /**
-             *
-             * @return the type
-             */
-            public String getType() {
-                return type;
-            }
-
-            /**
-             *
-             * @param type
-             */
-            public void setType(String type) {
-                if (type == null || type.length() == 0) {
-                    this.type = null;
-                } else {
-                    URI tmpType = null;
-                    try {
-                        tmpType = new URI(type);
-                    } catch (URISyntaxException ex) {
-                        throw (IllegalArgumentException)
-                        new IllegalArgumentException().initCause(ex);
-                    }
-                    this.type = tmpType.toString();
-                }
-            }
-
-            /**
-             *
-             * @return the MimeType
-             */
-            public String getMimeType() {
-                return mimeType;
-            }
-            /**
-             *
-             * @param type
-             */
-            public void setMimeType(String type) {
-                mimeType = type;
-            }
-
-            /**
-             *
-             * @return the encoding
-             */
-            public String getEncoding() {
-                return encoding;
-            }
-
-            /**
-             *
-             * @param encoding
-             */
-            public void setEncoding(String encoding) {
-                if (encoding == null || encoding.length() == 0) {
-                    this.encoding = null;
-                } else {
-                    URI tmpEncoding = null;
-                    try {
-                        tmpEncoding = new URI(encoding);
-                    } catch (URISyntaxException ex) {
-                        throw (IllegalArgumentException)
-                        new IllegalArgumentException().initCause(ex);
-                    }
-                    this.encoding = tmpEncoding.toString();
-                }
-            }
-
-            /**
-             *
-             * @return the EncryptionMethod
-             */
-            public EncryptionMethod getEncryptionMethod() {
-                return encryptionMethod;
-            }
-
-            /**
-             *
-             * @param method
-             */
-            public void setEncryptionMethod(EncryptionMethod method) {
-                encryptionMethod = method;
-            }
-
-            /**
-             *
-             * @return the KeyInfo
-             */
-            public KeyInfo getKeyInfo() {
-                return keyInfo;
-            }
-
-            /**
-             *
-             * @param info
-             */
-            public void setKeyInfo(KeyInfo info) {
-                keyInfo = info;
-            }
-
-            /**
-             *
-             * @return the CipherData
-             */
-            public CipherData getCipherData() {
-                return cipherData;
-            }
-
-            /**
-             *
-             * @return the EncryptionProperties
-             */
-            public EncryptionProperties getEncryptionProperties() {
-                return encryptionProperties;
-            }
-
-            /**
-             *
-             * @param properties
-             */
-            public void setEncryptionProperties(EncryptionProperties properties) {
-                encryptionProperties = properties;
-            }
-        }
-
-        private class EncryptionMethodImpl implements EncryptionMethod {
-            private String algorithm = null;
-            private int keySize = Integer.MIN_VALUE;
-            private byte[] oaepParams = null;
-            private List<Element> encryptionMethodInformation = null;
-            private String digestAlgorithm = null;
-            private String mgfAlgorithm = null;
-
-            /**
-             * Constructor.
-             * @param algorithm
-             */
-            public EncryptionMethodImpl(String algorithm) {
-                URI tmpAlgorithm = null;
-                try {
-                    tmpAlgorithm = new URI(algorithm);
-                } catch (URISyntaxException ex) {
-                    throw (IllegalArgumentException)
-                    new IllegalArgumentException().initCause(ex);
-                }
-                this.algorithm = tmpAlgorithm.toString();
-                encryptionMethodInformation = new LinkedList<Element>();
-            }
-
-            /** @inheritDoc */
-            public String getAlgorithm() {
-                return algorithm;
-            }
-
-            /** @inheritDoc */
-            public int getKeySize() {
-                return keySize;
-            }
-
-            /** @inheritDoc */
-            public void setKeySize(int size) {
-                keySize = size;
-            }
-
-            /** @inheritDoc */
-            public byte[] getOAEPparams() {
-                return oaepParams;
-            }
-
-            /** @inheritDoc */
-            public void setOAEPparams(byte[] params) {
-                oaepParams = params;
-            }
-
-            /** @inheritDoc */
-            public void setDigestAlgorithm(String digestAlgorithm) {
-                this.digestAlgorithm = digestAlgorithm;
-            }
-
-            /** @inheritDoc */
-            public String getDigestAlgorithm() {
-                return digestAlgorithm;
-            }
-
-            /** @inheritDoc */
-            public void setMGFAlgorithm(String mgfAlgorithm) {
-                this.mgfAlgorithm = mgfAlgorithm;
-            }
-
-            /** @inheritDoc */
-            public String getMGFAlgorithm() {
-                return mgfAlgorithm;
-            }
-
-            /** @inheritDoc */
-            public Iterator<Element> getEncryptionMethodInformation() {
-                return encryptionMethodInformation.iterator();
-            }
-
-            /** @inheritDoc */
-            public void addEncryptionMethodInformation(Element info) {
-                encryptionMethodInformation.add(info);
-            }
-
-            /** @inheritDoc */
-            public void removeEncryptionMethodInformation(Element info) {
-                encryptionMethodInformation.remove(info);
-            }
-
-            Element toElement() {
-                Element result =
-                    XMLUtils.createElementInEncryptionSpace(
-                        contextDocument, EncryptionConstants._TAG_ENCRYPTIONMETHOD
-                    );
-                result.setAttributeNS(null, EncryptionConstants._ATT_ALGORITHM, algorithm);
-                if (keySize > 0) {
-                    result.appendChild(
-                        XMLUtils.createElementInEncryptionSpace(
-                            contextDocument, EncryptionConstants._TAG_KEYSIZE
-                    ).appendChild(contextDocument.createTextNode(String.valueOf(keySize))));
-                }
-                if (null != oaepParams) {
-                    Element oaepElement =
-                        XMLUtils.createElementInEncryptionSpace(
-                            contextDocument, EncryptionConstants._TAG_OAEPPARAMS
-                        );
-                    oaepElement.appendChild(contextDocument.createTextNode(Base64.encode(oaepParams)));
-                    result.appendChild(oaepElement);
-                }
-                if (digestAlgorithm != null) {
-                    Element digestElement =
-                        XMLUtils.createElementInSignatureSpace(contextDocument, Constants._TAG_DIGESTMETHOD);
-                    digestElement.setAttributeNS(null, "Algorithm", digestAlgorithm);
-                    result.appendChild(digestElement);
-                }
-                if (mgfAlgorithm != null) {
-                    Element mgfElement =
-                        XMLUtils.createElementInEncryption11Space(
-                            contextDocument, EncryptionConstants._TAG_MGF
-                        );
-                    mgfElement.setAttributeNS(null, "Algorithm", mgfAlgorithm);
-                    mgfElement.setAttributeNS(
-                        Constants.NamespaceSpecNS,
-                        "xmlns:" + ElementProxy.getDefaultPrefix(EncryptionConstants.EncryptionSpec11NS),
-                        EncryptionConstants.EncryptionSpec11NS
-                    );
-                    result.appendChild(mgfElement);
-                }
-                Iterator<Element> itr = encryptionMethodInformation.iterator();
-                while (itr.hasNext()) {
-                    result.appendChild(itr.next());
-                }
-
-                return result;
-            }
-        }
-
-        private class EncryptionPropertiesImpl implements EncryptionProperties {
-            private String id = null;
-            private List<EncryptionProperty> encryptionProperties = null;
-
-            /**
-             * Constructor.
-             */
-            public EncryptionPropertiesImpl() {
-                encryptionProperties = new LinkedList<EncryptionProperty>();
-            }
-
-            /** @inheritDoc */
-            public String getId() {
-                return id;
-            }
-
-            /** @inheritDoc */
-            public void setId(String id) {
-                this.id = id;
-            }
-
-            /** @inheritDoc */
-            public Iterator<EncryptionProperty> getEncryptionProperties() {
-                return encryptionProperties.iterator();
-            }
-
-            /** @inheritDoc */
-            public void addEncryptionProperty(EncryptionProperty property) {
-                encryptionProperties.add(property);
-            }
-
-            /** @inheritDoc */
-            public void removeEncryptionProperty(EncryptionProperty property) {
-                encryptionProperties.remove(property);
-            }
-
-            Element toElement() {
-                Element result =
-                    XMLUtils.createElementInEncryptionSpace(
-                        contextDocument, EncryptionConstants._TAG_ENCRYPTIONPROPERTIES
-                    );
-                if (null != id) {
-                    result.setAttributeNS(null, EncryptionConstants._ATT_ID, id);
-                }
-                Iterator<EncryptionProperty> itr = getEncryptionProperties();
-                while (itr.hasNext()) {
-                    result.appendChild(((EncryptionPropertyImpl)itr.next()).toElement());
-                }
-
-                return result;
-            }
-        }
-
-        private class EncryptionPropertyImpl implements EncryptionProperty {
-            private String target = null;
-            private String id = null;
-            private Map<String, String> attributeMap = new HashMap<String, String>();
-            private List<Element> encryptionInformation = null;
-
-            /**
-             * Constructor.
-             */
-            public EncryptionPropertyImpl() {
-                encryptionInformation = new LinkedList<Element>();
-            }
-
-            /** @inheritDoc */
-            public String getTarget() {
-                return target;
-            }
-
-            /** @inheritDoc */
-            public void setTarget(String target) {
-                if (target == null || target.length() == 0) {
-                    this.target = null;
-                } else if (target.startsWith("#")) {
-                    /*
-                     * This is a same document URI reference. Do not parse,
-                     * because it has no scheme.
-                     */
-                    this.target = target;
-                } else {
-                    URI tmpTarget = null;
-                    try {
-                        tmpTarget = new URI(target);
-                    } catch (URISyntaxException ex) {
-                        throw (IllegalArgumentException)
-                        new IllegalArgumentException().initCause(ex);
-                    }
-                    this.target = tmpTarget.toString();
-                }
-            }
-
-            /** @inheritDoc */
-            public String getId() {
-                return id;
-            }
-
-            /** @inheritDoc */
-            public void setId(String id) {
-                this.id = id;
-            }
-
-            /** @inheritDoc */
-            public String getAttribute(String attribute) {
-                return attributeMap.get(attribute);
-            }
-
-            /** @inheritDoc */
-            public void setAttribute(String attribute, String value) {
-                attributeMap.put(attribute, value);
-            }
-
-            /** @inheritDoc */
-            public Iterator<Element> getEncryptionInformation() {
-                return encryptionInformation.iterator();
-            }
-
-            /** @inheritDoc */
-            public void addEncryptionInformation(Element info) {
-                encryptionInformation.add(info);
-            }
-
-            /** @inheritDoc */
-            public void removeEncryptionInformation(Element info) {
-                encryptionInformation.remove(info);
-            }
-
-            Element toElement() {
-                Element result =
-                    XMLUtils.createElementInEncryptionSpace(
-                        contextDocument, EncryptionConstants._TAG_ENCRYPTIONPROPERTY
-                    );
-                if (null != target) {
-                    result.setAttributeNS(null, EncryptionConstants._ATT_TARGET, target);
-                }
-                if (null != id) {
-                    result.setAttributeNS(null, EncryptionConstants._ATT_ID, id);
-                }
-                // TODO: figure out the anyAttribyte stuff...
-                // TODO: figure out the any stuff...
-
-                return result;
-            }
-        }
-
-        private class TransformsImpl extends com.sun.org.apache.xml.internal.security.transforms.Transforms
-            implements Transforms {
-
-            /**
-             * Construct Transforms
-             */
-            public TransformsImpl() {
-                super(contextDocument);
-            }
-
-            /**
-             *
-             * @param doc
-             */
-            public TransformsImpl(Document doc) {
-                if (doc == null) {
-                    throw new RuntimeException("Document is null");
-                }
-
-                this.doc = doc;
-                this.constructionElement =
-                    createElementForFamilyLocal(
-                        this.doc, this.getBaseNamespace(), this.getBaseLocalName()
-                    );
-            }
-
-            /**
-             *
-             * @param element
-             * @throws XMLSignatureException
-             * @throws InvalidTransformException
-             * @throws XMLSecurityException
-             * @throws TransformationException
-             */
-            public TransformsImpl(Element element)
-                throws XMLSignatureException, InvalidTransformException,
-                    XMLSecurityException, TransformationException {
-                super(element, "");
-            }
-
-            /**
-             *
-             * @return the XML Element form of that Transforms
-             */
-            public Element toElement() {
-                if (doc == null) {
-                    doc = contextDocument;
-                }
-
-                return getElement();
-            }
-
-            /** @inheritDoc */
-            public com.sun.org.apache.xml.internal.security.transforms.Transforms getDSTransforms() {
-                return this;
-            }
-
-            // Over-ride the namespace
-            /** @inheritDoc */
-            public String getBaseNamespace() {
-                return EncryptionConstants.EncryptionSpecNS;
-            }
-        }
-
-        private class ReferenceListImpl implements ReferenceList {
-            private Class<?> sentry;
-            private List<Reference> references;
-
-            /**
-             * Constructor.
-             * @param type
-             */
-            public ReferenceListImpl(int type) {
-                if (type == ReferenceList.DATA_REFERENCE) {
-                    sentry = DataReference.class;
-                } else if (type == ReferenceList.KEY_REFERENCE) {
-                    sentry = KeyReference.class;
-                } else {
-                    throw new IllegalArgumentException();
-                }
-                references = new LinkedList<Reference>();
-            }
-
-            /** @inheritDoc */
-            public void add(Reference reference) {
-                if (!reference.getClass().equals(sentry)) {
-                    throw new IllegalArgumentException();
-                }
-                references.add(reference);
-            }
-
-            /** @inheritDoc */
-            public void remove(Reference reference) {
-                if (!reference.getClass().equals(sentry)) {
-                    throw new IllegalArgumentException();
-                }
-                references.remove(reference);
-            }
-
-            /** @inheritDoc */
-            public int size() {
-                return references.size();
-            }
-
-            /** @inheritDoc */
-            public boolean isEmpty() {
-                return references.isEmpty();
-            }
-
-            /** @inheritDoc */
-            public Iterator<Reference> getReferences() {
-                return references.iterator();
-            }
-
-            Element toElement() {
-                Element result =
-                    ElementProxy.createElementForFamily(
-                        contextDocument,
-                        EncryptionConstants.EncryptionSpecNS,
-                        EncryptionConstants._TAG_REFERENCELIST
-                    );
-                Iterator<Reference> eachReference = references.iterator();
-                while (eachReference.hasNext()) {
-                    Reference reference = eachReference.next();
-                    result.appendChild(((ReferenceImpl) reference).toElement());
-                }
-                return result;
-            }
-
-            /** @inheritDoc */
-            public Reference newDataReference(String uri) {
-                return new DataReference(uri);
-            }
-
-            /** @inheritDoc */
-            public Reference newKeyReference(String uri) {
-                return new KeyReference(uri);
-            }
-
-            /**
-             * <code>ReferenceImpl</code> is an implementation of
-             * <code>Reference</code>.
-             *
-             * @see Reference
-             */
-            private abstract class ReferenceImpl implements Reference {
-                private String uri;
-                private List<Element> referenceInformation;
-
-                ReferenceImpl(String uri) {
-                    this.uri = uri;
-                    referenceInformation = new LinkedList<Element>();
-                }
-
-                /** @inheritDoc */
-                public abstract String getType();
-
-                /** @inheritDoc */
-                public String getURI() {
-                    return uri;
-                }
-
-                /** @inheritDoc */
-                public Iterator<Element> getElementRetrievalInformation() {
-                    return referenceInformation.iterator();
-                }
-
-                /** @inheritDoc */
-                public void setURI(String uri) {
-                    this.uri = uri;
-                }
-
-                /** @inheritDoc */
-                public void removeElementRetrievalInformation(Element node) {
-                    referenceInformation.remove(node);
-                }
-
-                /** @inheritDoc */
-                public void addElementRetrievalInformation(Element node) {
-                    referenceInformation.add(node);
-                }
-
-                /**
-                 * @return the XML Element form of that Reference
-                 */
-                public Element toElement() {
-                    String tagName = getType();
-                    Element result =
-                        ElementProxy.createElementForFamily(
-                            contextDocument,
-                            EncryptionConstants.EncryptionSpecNS,
-                            tagName
-                        );
-                    result.setAttribute(EncryptionConstants._ATT_URI, uri);
-
-                    // TODO: Need to martial referenceInformation
-                    // Figure out how to make this work..
-                    // <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-
-                    return result;
-                }
-            }
-
-            private class DataReference extends ReferenceImpl {
-
-                DataReference(String uri) {
-                    super(uri);
-                }
-
-                /** @inheritDoc */
-                public String getType() {
-                    return EncryptionConstants._TAG_DATAREFERENCE;
-                }
-            }
-
-            private class KeyReference extends ReferenceImpl {
-
-                KeyReference(String uri) {
-                    super(uri);
-                }
-
-                /** @inheritDoc */
-                public String getType() {
-                    return EncryptionConstants._TAG_KEYREFERENCE;
-                }
-            }
-        }
-    }
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.io.IOException;
-
-import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
-import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
-import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
-import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.transforms.TransformationException;
-import org.w3c.dom.Attr;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
-
-/**
- * <code>XMLCipherInput</code> is used to wrap input passed into the
- * XMLCipher encryption operations.
- *
- * In decryption mode, it takes a <code>CipherData</code> object and allows
- * callers to dereference the CipherData into the encrypted bytes that it
- * actually represents.  This takes care of all base64 encoding etc.
- *
- * While primarily an internal class, this can be used by applications to
- * quickly and easily retrieve the encrypted bytes from an EncryptedType
- * object
- *
- * @author Berin Lautenbach
- */
-public class XMLCipherInput {
-
-    private static java.util.logging.Logger logger =
-        java.util.logging.Logger.getLogger(XMLCipherInput.class.getName());
-
-    /** The data we are working with */
-    private CipherData cipherData;
-
-    /** MODES */
-    private int mode;
-
-    private boolean secureValidation;
-
-    /**
-     * Constructor for processing encrypted octets
-     *
-     * @param data The <code>CipherData</code> object to read the bytes from
-     * @throws XMLEncryptionException {@link XMLEncryptionException}
-     */
-    public XMLCipherInput(CipherData data) throws XMLEncryptionException {
-        cipherData = data;
-        mode = XMLCipher.DECRYPT_MODE;
-        if (cipherData == null) {
-            throw new XMLEncryptionException("CipherData is null");
-        }
-    }
-
-    /**
-     * Constructor for processing encrypted octets
-     *
-     * @param input The <code>EncryptedType</code> object to read
-     * the bytes from.
-     * @throws XMLEncryptionException {@link XMLEncryptionException}
-     */
-    public XMLCipherInput(EncryptedType input) throws XMLEncryptionException {
-        cipherData = ((input == null) ? null : input.getCipherData());
-        mode = XMLCipher.DECRYPT_MODE;
-        if (cipherData == null) {
-            throw new XMLEncryptionException("CipherData is null");
-        }
-    }
-
-    /**
-     * Set whether secure validation is enabled or not. The default is false.
-     */
-    public void setSecureValidation(boolean secureValidation) {
-        this.secureValidation = secureValidation;
-    }
-
-    /**
-     * Dereferences the input and returns it as a single byte array.
-     *
-     * @throws XMLEncryptionException
-     * @return The decripted bytes.
-     */
-    public byte[] getBytes() throws XMLEncryptionException {
-        if (mode == XMLCipher.DECRYPT_MODE) {
-            return getDecryptBytes();
-        }
-        return null;
-    }
-
-    /**
-     * Internal method to get bytes in decryption mode
-     * @return the decrypted bytes
-     * @throws XMLEncryptionException
-     */
-    private byte[] getDecryptBytes() throws XMLEncryptionException {
-        String base64EncodedEncryptedOctets = null;
-
-        if (cipherData.getDataType() == CipherData.REFERENCE_TYPE) {
-            // Fun time!
-            if (logger.isLoggable(java.util.logging.Level.FINE)) {
-                logger.log(java.util.logging.Level.FINE, "Found a reference type CipherData");
-            }
-            CipherReference cr = cipherData.getCipherReference();
-
-            // Need to wrap the uri in an Attribute node so that we can
-            // Pass to the resource resolvers
-
-            Attr uriAttr = cr.getURIAsAttr();
-            XMLSignatureInput input = null;
-
-            try {
-                ResourceResolver resolver =
-                    ResourceResolver.getInstance(uriAttr, null, secureValidation);
-                input = resolver.resolve(uriAttr, null, secureValidation);
-            } catch (ResourceResolverException ex) {
-                throw new XMLEncryptionException("empty", ex);
-            }
-
-            if (input != null) {
-                if (logger.isLoggable(java.util.logging.Level.FINE)) {
-                    logger.log(java.util.logging.Level.FINE, "Managed to resolve URI \"" + cr.getURI() + "\"");
-                }
-            } else {
-                if (logger.isLoggable(java.util.logging.Level.FINE)) {
-                    logger.log(java.util.logging.Level.FINE, "Failed to resolve URI \"" + cr.getURI() + "\"");
-                }
-            }
-
-            // Lets see if there are any transforms
-            Transforms transforms = cr.getTransforms();
-            if (transforms != null) {
-                if (logger.isLoggable(java.util.logging.Level.FINE)) {
-                    logger.log(java.util.logging.Level.FINE, "Have transforms in cipher reference");
-                }
-                try {
-                    com.sun.org.apache.xml.internal.security.transforms.Transforms dsTransforms =
-                        transforms.getDSTransforms();
-                    dsTransforms.setSecureValidation(secureValidation);
-                    input = dsTransforms.performTransforms(input);
-                } catch (TransformationException ex) {
-                    throw new XMLEncryptionException("empty", ex);
-                }
-            }
-
-            try {
-                return input.getBytes();
-            } catch (IOException ex) {
-                throw new XMLEncryptionException("empty", ex);
-            } catch (CanonicalizationException ex) {
-                throw new XMLEncryptionException("empty", ex);
-            }
-
-            // retrieve the cipher text
-        } else if (cipherData.getDataType() == CipherData.VALUE_TYPE) {
-            base64EncodedEncryptedOctets = cipherData.getCipherValue().getValue();
-        } else {
-            throw new XMLEncryptionException("CipherData.getDataType() returned unexpected value");
-        }
-
-        if (logger.isLoggable(java.util.logging.Level.FINE)) {
-            logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
-        }
-
-        try {
-            return Base64.decode(base64EncodedEncryptedOctets);
-        } catch (Base64DecodingException bde) {
-            throw new XMLEncryptionException("empty", bde);
-        }
-    }
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherParameters.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherParameters.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherParameters.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * Constants
- */
-public interface XMLCipherParameters {
-
-    String AES_128 =
-        "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
-
-    String AES_256 =
-        "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
-
-    String AES_192 =
-        "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
-
-    String RSA_1_5 =
-        "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
-
-    String RSA_OAEP =
-        "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
-
-    String DIFFIE_HELLMAN =
-        "http://www.w3.org/2001/04/xmlenc#dh";
-
-    String TRIPLEDES_KEYWRAP =
-        "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
-
-    String AES_128_KEYWRAP =
-        "http://www.w3.org/2001/04/xmlenc#kw-aes128";
-
-    String AES_256_KEYWRAP =
-        "http://www.w3.org/2001/04/xmlenc#kw-aes256";
-
-    String AES_192_KEYWRAP =
-        "http://www.w3.org/2001/04/xmlenc#kw-aes192";
-
-    String SHA1 =
-        "http://www.w3.org/2000/09/xmldsig#sha1";
-
-    String SHA256 =
-        "http://www.w3.org/2001/04/xmlenc#sha256";
-
-    String SHA512 =
-        "http://www.w3.org/2001/04/xmlenc#sha512";
-
-    String RIPEMD_160 =
-        "http://www.w3.org/2001/04/xmlenc#ripemd160";
-
-    String XML_DSIG =
-        "http://www.w3.org/2000/09/xmldsig#";
-
-    String N14C_XML =
-        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
-
-    String N14C_XML_CMMNTS =
-        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
-
-    String EXCL_XML_N14C =
-        "http://www.w3.org/2001/10/xml-exc-c14n#";
-
-    String EXCL_XML_N14C_CMMNTS =
-        "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLEncryptionException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLEncryptionException.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLEncryptionException.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-
-/**
- *
- */
-public class XMLEncryptionException extends XMLSecurityException {
-    /**
-     *
-     */
-    private static final long serialVersionUID = 1L;
-
-    /**
-     *
-     *
-     */
-    public XMLEncryptionException() {
-        super();
-    }
-
-    /**
-     *
-     * @param msgID
-     */
-    public XMLEncryptionException(String msgID) {
-        super(msgID);
-    }
-
-    /**
-     *
-     * @param msgID
-     * @param exArgs
-     */
-    public XMLEncryptionException(String msgID, Object exArgs[]) {
-        super(msgID, exArgs);
-    }
-
-    /**
-     *
-     * @param msgID
-     * @param originalException
-     */
-    public XMLEncryptionException(String msgID, Exception originalException) {
-        super(msgID, originalException);
-
-    }
-
-    /**
-     *
-     * @param msgID
-     * @param exArgs
-     * @param originalException
-     */
-    public XMLEncryptionException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
-    }
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/package.html
+++ /dev/null
@@ -1,25 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-  <title></title>
-</head>
-<body>
-Provides classes for implementing XML Encryption applications. There are two
-main families of classes in this package. The first group of classes is an
-XML Schema to Java mapping of &nbsp;the complex types and elements of the
-XML Encryption Schema as outllined at <a
- href="http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/">XML Encrtypyion
-Specification</a>. The second group of classes are used to perform encryption
-operations, and to manipulate the first group of classes. The most important
-classes in this second group is <code><a
- href="file://./com/sun/org/apache/xml/internal/security/encryption/XMLCipher.html">XMLCipher</a></code>,
-<code><a
- href="file://./com/sun/org/apache/xml/internal/security/encryption/XMLEncryptionFactory.html">XMLEncryptionFactory</a></code>
-and <code>XMLSerializer</code>. <code>XMLCipher</code> was designed to resemble
-<code>javax.crypto.Cipher</code>. The aforementioned classes were desinged
-with ease-of-use and configurability in mind. Becuase of this, the programmer
-may at times be exposed to lower level programming tasks. This library strives
-to be as simple as possible to use, but no simpler.<br>
-<br>
-</body>
-</html>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/AlgorithmAlreadyRegisteredException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/AlgorithmAlreadyRegisteredException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/AlgorithmAlreadyRegisteredException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/AlgorithmAlreadyRegisteredException.java
@@ -58,24 +58,34 @@
     /**
      * Constructor AlgorithmAlreadyRegisteredException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public AlgorithmAlreadyRegisteredException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public AlgorithmAlreadyRegisteredException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor AlgorithmAlreadyRegisteredException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
     public AlgorithmAlreadyRegisteredException(
-        String msgID, Object exArgs[], Exception originalException
+        Exception originalException, String msgID, Object exArgs[]
     ) {
-        super(msgID, exArgs, originalException);
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public AlgorithmAlreadyRegisteredException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/Base64DecodingException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/Base64DecodingException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/Base64DecodingException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/Base64DecodingException.java
@@ -25,7 +25,6 @@
 /**
  * This Exception is thrown if decoding of Base64 data fails.
  *
- * @author Christian Geuer-Pollmann
  */
 public class Base64DecodingException extends XMLSecurityException {
 
@@ -61,22 +60,32 @@
     /**
      * Constructor Base64DecodingException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public Base64DecodingException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public Base64DecodingException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor Base64DecodingException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public Base64DecodingException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public Base64DecodingException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public Base64DecodingException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityException.java
@@ -22,18 +22,15 @@
  */
 package com.sun.org.apache.xml.internal.security.exceptions;
 
-import java.io.PrintStream;
-import java.io.PrintWriter;
 import java.text.MessageFormat;
 
-import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.I18n;
 
 /**
  * The mother of all Exceptions in this bundle. It allows exceptions to have
  * their messages translated to the different locales.
  *
- * The <code>xmlsecurity_en.properties</code> file contains this line:
+ * The {@code xmlsecurity_en.properties} file contains this line:
  * <pre>
  * xml.WrongElement = Can't create a {0} from a {1} element
  * </pre>
@@ -47,7 +44,7 @@
  * }
  * </pre>
  *
- * Additionally, if another Exception has been caught, we can supply it, too>
+ * Additionally, if another Exception has been caught, we can supply it, too
  * <pre>
  * try {
  *    ...
@@ -59,7 +56,6 @@
  * </pre>
  *
  *
- * @author Christian Geuer-Pollmann
  */
 public class XMLSecurityException extends Exception {
 
@@ -98,7 +94,7 @@
      * @param msgID
      * @param exArgs
      */
-    public XMLSecurityException(String msgID, Object exArgs[]) {
+    public XMLSecurityException(String msgID, Object[] exArgs) {
 
         super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs));
 
@@ -112,11 +108,7 @@
      */
     public XMLSecurityException(Exception originalException) {
 
-        super("Missing message ID to locate message string in resource bundle \""
-              + Constants.exceptionMessagesResourceBundleBase
-              + "\". Original Exception was a "
-              + originalException.getClass().getName() + " and message "
-              + originalException.getMessage(), originalException);
+        super(originalException.getMessage(), originalException);
     }
 
     /**
@@ -125,12 +117,17 @@
      * @param msgID
      * @param originalException
      */
-    public XMLSecurityException(String msgID, Exception originalException) {
+    public XMLSecurityException(Exception originalException, String msgID) {
         super(I18n.getExceptionMessage(msgID, originalException), originalException);
 
         this.msgID = msgID;
     }
 
+    @Deprecated
+    public XMLSecurityException(String msgID, Exception originalException) {
+        this(originalException, msgID);
+    }
+
     /**
      * Constructor XMLSecurityException
      *
@@ -138,12 +135,18 @@
      * @param exArgs
      * @param originalException
      */
-    public XMLSecurityException(String msgID, Object exArgs[], Exception originalException) {
+    public XMLSecurityException(Exception originalException, String msgID, Object[] exArgs) {
         super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs), originalException);
 
         this.msgID = msgID;
     }
 
+    @Deprecated
+    public XMLSecurityException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
+    }
+
+
     /**
      * Method getMsgID
      *
@@ -156,7 +159,7 @@
         return msgID;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String toString() {
         String s = this.getClass().getName();
         String message = super.getLocalizedMessage();
@@ -185,24 +188,6 @@
     }
 
     /**
-     * Method printStackTrace
-     *
-     * @param printwriter
-     */
-    public void printStackTrace(PrintWriter printwriter) {
-        super.printStackTrace(printwriter);
-    }
-
-    /**
-     * Method printStackTrace
-     *
-     * @param printstream
-     */
-    public void printStackTrace(PrintStream printstream) {
-        super.printStackTrace(printstream);
-    }
-
-    /**
      * Method getOriginalException
      *
      * @return the original exception
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityRuntimeException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityRuntimeException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityRuntimeException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityRuntimeException.java
@@ -22,8 +22,6 @@
  */
 package com.sun.org.apache.xml.internal.security.exceptions;
 
-import java.io.PrintStream;
-import java.io.PrintWriter;
 import java.text.MessageFormat;
 
 import com.sun.org.apache.xml.internal.security.utils.Constants;
@@ -33,7 +31,7 @@
  * The mother of all runtime Exceptions in this bundle. It allows exceptions to have
  * their messages translated to the different locales.
  *
- * The <code>xmlsecurity_en.properties</code> file contains this line:
+ * The {@code xmlsecurity_en.properties} file contains this line:
  * <pre>
  * xml.WrongElement = Can't create a {0} from a {1} element
  * </pre>
@@ -47,7 +45,7 @@
  * }
  * </pre>
  *
- * Additionally, if another Exception has been caught, we can supply it, too>
+ * Additionally, if another Exception has been caught, we can supply it, too
  * <pre>
  * try {
  *    ...
@@ -59,7 +57,6 @@
  * </pre>
  *
  *
- * @author Christian Geuer-Pollmann
  */
 public class XMLSecurityRuntimeException extends RuntimeException {
 
@@ -134,7 +131,7 @@
      * @param originalException
      */
     public XMLSecurityRuntimeException(String msgID, Object exArgs[], Exception originalException) {
-        super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs));
+        super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs), originalException);
 
         this.msgID = msgID;
     }
@@ -151,7 +148,7 @@
         return msgID;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String toString() {
         String s = this.getClass().getName();
         String message = super.getLocalizedMessage();
@@ -170,34 +167,6 @@
     }
 
     /**
-     * Method printStackTrace
-     *
-     */
-    public void printStackTrace() {
-        synchronized (System.err) {
-            super.printStackTrace(System.err);
-        }
-    }
-
-    /**
-     * Method printStackTrace
-     *
-     * @param printwriter
-     */
-    public void printStackTrace(PrintWriter printwriter) {
-        super.printStackTrace(printwriter);
-    }
-
-    /**
-     * Method printStackTrace
-     *
-     * @param printstream
-     */
-    public void printStackTrace(PrintStream printstream) {
-        super.printStackTrace(printstream);
-    }
-
-    /**
      * Method getOriginalException
      *
      * @return the original exception
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/exceptions/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-general exceptions used by this library.
-</P></BODY></HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java
@@ -61,24 +61,34 @@
     /**
      * Constructor ContentHandlerAlreadyRegisteredException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public ContentHandlerAlreadyRegisteredException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public ContentHandlerAlreadyRegisteredException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor ContentHandlerAlreadyRegisteredException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
     public ContentHandlerAlreadyRegisteredException(
-        String msgID, Object exArgs[], Exception originalException
+        Exception originalException, String msgID, Object exArgs[]
     ) {
-        super(msgID, exArgs, originalException);
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public ContentHandlerAlreadyRegisteredException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
@@ -31,9 +31,6 @@
 
 import javax.crypto.SecretKey;
 
-import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
-import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
-import com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.keys.content.DEREncodedKeyValue;
 import com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference;
@@ -52,6 +49,7 @@
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
@@ -59,55 +57,52 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * This class stand for KeyInfo Element that may contain keys, names,
  * certificates and other public key management information,
  * such as in-band key distribution or key agreement data.
- * <BR />
+ * <p></p>
  * KeyInfo Element has two basic functions:
  * One is KeyResolve for getting the public key in signature validation processing.
  * the other one is toElement for getting the element in signature generation processing.
- * <BR />
- * The <CODE>lengthXXX()</CODE> methods provide access to the internal Key
+ * <p></p>
+ * The {@code lengthXXX()} methods provide access to the internal Key
  * objects:
  * <UL>
- * <LI>If the <CODE>KeyInfo</CODE> was constructed from an Element
- * (Signature verification), the <CODE>lengthXXX()</CODE> methods searches
- * for child elements of <CODE>ds:KeyInfo</CODE> for known types. </LI>
- * <LI>If the <CODE>KeyInfo</CODE> was constructed from scratch (during
- * Signature generation), the <CODE>lengthXXX()</CODE> methods return the number
- * of <CODE>XXXs</CODE> objects already passed to the KeyInfo</LI>
+ * <LI>If the {@code KeyInfo} was constructed from an Element
+ * (Signature verification), the {@code lengthXXX()} methods searches
+ * for child elements of {@code ds:KeyInfo} for known types. </LI>
+ * <LI>If the {@code KeyInfo} was constructed from scratch (during
+ * Signature generation), the {@code lengthXXX()} methods return the number
+ * of {@code XXXs} objects already passed to the KeyInfo</LI>
  * </UL>
- * <BR />
- * The <CODE>addXXX()</CODE> methods are used for adding Objects of the
- * appropriate type to the <CODE>KeyInfo</CODE>. This is used during signature
+ * <p></p>
+ * The {@code addXXX()} methods are used for adding Objects of the
+ * appropriate type to the {@code KeyInfo}. This is used during signature
  * generation.
- * <BR />
- * The <CODE>itemXXX(int i)</CODE> methods return the i'th object of the
+ * <p></p>
+ * The {@code itemXXX(int i)} methods return the i'th object of the
  * corresponding type.
- * <BR />
- * The <CODE>containsXXX()</CODE> methods return <I>whether</I> the KeyInfo
+ * <p></p>
+ * The {@code containsXXX()} methods return <I>whether</I> the KeyInfo
  * contains the corresponding type.
  *
  */
 public class KeyInfo extends SignatureElementProxy {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(KeyInfo.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyInfo.class);
 
     // We need at least one StorageResolver otherwise
     // the KeyResolvers would not be called.
     // The default StorageResolver is null.
 
-    private List<X509Data> x509Datas = null;
-    private List<EncryptedKey> encryptedKeys = null;
+    private List<X509Data> x509Datas;
 
     private static final List<StorageResolver> nullList;
     static {
-        List<StorageResolver> list = new ArrayList<StorageResolver>(1);
+        List<StorageResolver> list = new ArrayList<>(1);
         list.add(null);
         nullList = java.util.Collections.unmodifiableList(list);
     }
@@ -118,7 +113,7 @@
     /**
      * Stores the individual (per-KeyInfo) {@link KeyResolverSpi}s
      */
-    private List<KeyResolverSpi> internalKeyResolvers = new ArrayList<KeyResolverSpi>();
+    private List<KeyResolverSpi> internalKeyResolvers = new ArrayList<>();
 
     private boolean secureValidation;
 
@@ -128,8 +123,14 @@
      */
     public KeyInfo(Document doc) {
         super(doc);
+        addReturnToSelf();
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        String prefix = ElementProxy.getDefaultPrefix(this.getBaseNamespace());
+        if (prefix != null && prefix.length() > 0) {
+            getElement().setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix,
+                                        this.getBaseNamespace());
+        }
+
     }
 
     /**
@@ -156,24 +157,23 @@
     }
 
     /**
-     * Sets the <code>Id</code> attribute
+     * Sets the {@code Id} attribute
      *
-     * @param Id ID
+     * @param id ID
      */
     public void setId(String id) {
         if (id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+            setLocalIdAttribute(Constants._ATT_ID, id);
         }
     }
 
     /**
-     * Returns the <code>Id</code> attribute
+     * Returns the {@code Id} attribute
      *
-     * @return the <code>Id</code> attribute
+     * @return the {@code Id} attribute
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
     /**
@@ -182,7 +182,7 @@
      * @param keynameString
      */
     public void addKeyName(String keynameString) {
-        this.add(new KeyName(this.doc, keynameString));
+        this.add(new KeyName(getDocument(), keynameString));
     }
 
     /**
@@ -191,8 +191,8 @@
      * @param keyname
      */
     public void add(KeyName keyname) {
-        this.constructionElement.appendChild(keyname.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(keyname);
+        addReturnToSelf();
     }
 
     /**
@@ -201,7 +201,7 @@
      * @param pk
      */
     public void addKeyValue(PublicKey pk) {
-        this.add(new KeyValue(this.doc, pk));
+        this.add(new KeyValue(getDocument(), pk));
     }
 
     /**
@@ -210,7 +210,7 @@
      * @param unknownKeyValueElement
      */
     public void addKeyValue(Element unknownKeyValueElement) {
-        this.add(new KeyValue(this.doc, unknownKeyValueElement));
+        this.add(new KeyValue(getDocument(), unknownKeyValueElement));
     }
 
     /**
@@ -219,7 +219,7 @@
      * @param dsakeyvalue
      */
     public void add(DSAKeyValue dsakeyvalue) {
-        this.add(new KeyValue(this.doc, dsakeyvalue));
+        this.add(new KeyValue(getDocument(), dsakeyvalue));
     }
 
     /**
@@ -228,7 +228,7 @@
      * @param rsakeyvalue
      */
     public void add(RSAKeyValue rsakeyvalue) {
-        this.add(new KeyValue(this.doc, rsakeyvalue));
+        this.add(new KeyValue(getDocument(), rsakeyvalue));
     }
 
     /**
@@ -237,7 +237,7 @@
      * @param pk
      */
     public void add(PublicKey pk) {
-        this.add(new KeyValue(this.doc, pk));
+        this.add(new KeyValue(getDocument(), pk));
     }
 
     /**
@@ -246,8 +246,8 @@
      * @param keyvalue
      */
     public void add(KeyValue keyvalue) {
-        this.constructionElement.appendChild(keyvalue.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(keyvalue);
+        addReturnToSelf();
     }
 
     /**
@@ -256,7 +256,7 @@
      * @param mgmtdata
      */
     public void addMgmtData(String mgmtdata) {
-        this.add(new MgmtData(this.doc, mgmtdata));
+        this.add(new MgmtData(getDocument(), mgmtdata));
     }
 
     /**
@@ -265,8 +265,8 @@
      * @param mgmtdata
      */
     public void add(MgmtData mgmtdata) {
-        this.constructionElement.appendChild(mgmtdata.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(mgmtdata);
+        addReturnToSelf();
     }
 
     /**
@@ -275,8 +275,8 @@
      * @param pgpdata
      */
     public void add(PGPData pgpdata) {
-        this.constructionElement.appendChild(pgpdata.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(pgpdata);
+        addReturnToSelf();
     }
 
     /**
@@ -287,7 +287,7 @@
      * @param Type
      */
     public void addRetrievalMethod(String uri, Transforms transforms, String Type) {
-        this.add(new RetrievalMethod(this.doc, uri, transforms, Type));
+        this.add(new RetrievalMethod(getDocument(), uri, transforms, Type));
     }
 
     /**
@@ -296,8 +296,8 @@
      * @param retrievalmethod
      */
     public void add(RetrievalMethod retrievalmethod) {
-        this.constructionElement.appendChild(retrievalmethod.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(retrievalmethod);
+        addReturnToSelf();
     }
 
     /**
@@ -306,8 +306,8 @@
      * @param spkidata
      */
     public void add(SPKIData spkidata) {
-        this.constructionElement.appendChild(spkidata.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(spkidata);
+        addReturnToSelf();
     }
 
     /**
@@ -317,27 +317,11 @@
      */
     public void add(X509Data x509data) {
         if (x509Datas == null) {
-            x509Datas = new ArrayList<X509Data>();
+            x509Datas = new ArrayList<>();
         }
         x509Datas.add(x509data);
-        this.constructionElement.appendChild(x509data.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
-    }
-
-    /**
-     * Method addEncryptedKey
-     *
-     * @param encryptedKey
-     * @throws XMLEncryptionException
-     */
-
-    public void add(EncryptedKey encryptedKey) throws XMLEncryptionException {
-        if (encryptedKeys == null) {
-            encryptedKeys = new ArrayList<EncryptedKey>();
-        }
-        encryptedKeys.add(encryptedKey);
-        XMLCipher cipher = XMLCipher.getInstance();
-        this.constructionElement.appendChild(cipher.martial(encryptedKey));
+        appendSelf(x509data);
+        addReturnToSelf();
     }
 
     /**
@@ -347,7 +331,7 @@
      * @throws XMLSecurityException
      */
     public void addDEREncodedKeyValue(PublicKey pk) throws XMLSecurityException {
-        this.add(new DEREncodedKeyValue(this.doc, pk));
+        this.add(new DEREncodedKeyValue(getDocument(), pk));
     }
 
     /**
@@ -356,8 +340,8 @@
      * @param derEncodedKeyValue
      */
     public void add(DEREncodedKeyValue derEncodedKeyValue) {
-        this.constructionElement.appendChild(derEncodedKeyValue.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(derEncodedKeyValue);
+        addReturnToSelf();
     }
 
     /**
@@ -367,7 +351,7 @@
      * @throws XMLSecurityException
      */
     public void addKeyInfoReference(String URI) throws XMLSecurityException {
-        this.add(new KeyInfoReference(this.doc, URI));
+        this.add(new KeyInfoReference(getDocument(), URI));
     }
 
     /**
@@ -376,8 +360,8 @@
      * @param keyInfoReference
      */
     public void add(KeyInfoReference keyInfoReference) {
-        this.constructionElement.appendChild(keyInfoReference.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(keyInfoReference);
+        addReturnToSelf();
     }
 
     /**
@@ -386,8 +370,8 @@
      * @param element
      */
     public void addUnknownElement(Element element) {
-        this.constructionElement.appendChild(element);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(element);
+        addReturnToSelf();
     }
 
     /**
@@ -481,19 +465,17 @@
      */
     public int lengthUnknownElement() {
         int res = 0;
-        NodeList nl = this.constructionElement.getChildNodes();
-
-        for (int i = 0; i < nl.getLength(); i++) {
-            Node current = nl.item(i);
-
+        Node childNode = getElement().getFirstChild();
+        while (childNode != null) {
             /**
              * $todo$ using this method, we don't see unknown Elements
              *  from Signature NS; revisit
              */
-            if ((current.getNodeType() == Node.ELEMENT_NODE)
-                && current.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
+            if (childNode.getNodeType() == Node.ELEMENT_NODE
+                && childNode.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
                 res++;
             }
+            childNode = childNode.getNextSibling();
         }
 
         return res;
@@ -509,7 +491,7 @@
     public KeyName itemKeyName(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_KEYNAME, i);
+                getFirstChild(), Constants._TAG_KEYNAME, i);
 
         if (e != null) {
             return new KeyName(e, this.baseURI);
@@ -527,7 +509,7 @@
     public KeyValue itemKeyValue(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_KEYVALUE, i);
+                getFirstChild(), Constants._TAG_KEYVALUE, i);
 
         if (e != null) {
             return new KeyValue(e, this.baseURI);
@@ -545,7 +527,7 @@
     public MgmtData itemMgmtData(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_MGMTDATA, i);
+                getFirstChild(), Constants._TAG_MGMTDATA, i);
 
         if (e != null) {
             return new MgmtData(e, this.baseURI);
@@ -563,7 +545,7 @@
     public PGPData itemPGPData(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_PGPDATA, i);
+                getFirstChild(), Constants._TAG_PGPDATA, i);
 
         if (e != null) {
             return new PGPData(e, this.baseURI);
@@ -581,7 +563,7 @@
     public RetrievalMethod itemRetrievalMethod(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_RETRIEVALMETHOD, i);
+                getFirstChild(), Constants._TAG_RETRIEVALMETHOD, i);
 
         if (e != null) {
             return new RetrievalMethod(e, this.baseURI);
@@ -599,7 +581,7 @@
     public SPKIData itemSPKIData(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_SPKIDATA, i);
+                getFirstChild(), Constants._TAG_SPKIDATA, i);
 
         if (e != null) {
             return new SPKIData(e, this.baseURI);
@@ -620,7 +602,7 @@
         }
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_X509DATA, i);
+                getFirstChild(), Constants._TAG_X509DATA, i);
 
         if (e != null) {
             return new X509Data(e, this.baseURI);
@@ -629,29 +611,6 @@
     }
 
     /**
-     * Method itemEncryptedKey
-     *
-     * @param i
-     * @return the asked EncryptedKey element, null if the index is too big
-     * @throws XMLSecurityException
-     */
-    public EncryptedKey itemEncryptedKey(int i) throws XMLSecurityException {
-        if (encryptedKeys != null) {
-            return encryptedKeys.get(i);
-        }
-        Element e =
-            XMLUtils.selectXencNode(
-                this.constructionElement.getFirstChild(), EncryptionConstants._TAG_ENCRYPTEDKEY, i);
-
-        if (e != null) {
-            XMLCipher cipher = XMLCipher.getInstance();
-            cipher.init(XMLCipher.UNWRAP_MODE, null);
-            return cipher.loadEncryptedKey(e);
-        }
-        return null;
-    }
-
-    /**
      * Method itemDEREncodedKeyValue
      *
      * @param i
@@ -661,7 +620,7 @@
     public DEREncodedKeyValue itemDEREncodedKeyValue(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDs11Node(
-                this.constructionElement.getFirstChild(), Constants._TAG_DERENCODEDKEYVALUE, i);
+                getFirstChild(), Constants._TAG_DERENCODEDKEYVALUE, i);
 
         if (e != null) {
             return new DEREncodedKeyValue(e, this.baseURI);
@@ -679,7 +638,7 @@
     public KeyInfoReference itemKeyInfoReference(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDs11Node(
-                this.constructionElement.getFirstChild(), Constants._TAG_KEYINFOREFERENCE, i);
+                getFirstChild(), Constants._TAG_KEYINFOREFERENCE, i);
 
         if (e != null) {
             return new KeyInfoReference(e, this.baseURI);
@@ -694,24 +653,22 @@
      * @return the element number of the unknown elements
      */
     public Element itemUnknownElement(int i) {
-        NodeList nl = this.constructionElement.getChildNodes();
         int res = 0;
-
-        for (int j = 0; j < nl.getLength(); j++) {
-            Node current = nl.item(j);
-
+        Node childNode = getElement().getFirstChild();
+        while (childNode != null) {
             /**
              * $todo$ using this method, we don't see unknown Elements
              *  from Signature NS; revisit
              */
-            if ((current.getNodeType() == Node.ELEMENT_NODE)
-                && current.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
+            if (childNode.getNodeType() == Node.ELEMENT_NODE
+                && childNode.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
                 res++;
 
                 if (res == i) {
-                    return (Element) current;
+                    return (Element) childNode;
                 }
             }
+            childNode = childNode.getNextSibling();
         }
 
         return null;
@@ -723,7 +680,7 @@
      * @return true if the element has no descendants.
      */
     public boolean isEmpty() {
-        return this.constructionElement.getFirstChild() == null;
+        return getFirstChild() == null;
     }
 
     /**
@@ -826,28 +783,20 @@
         PublicKey pk = this.getPublicKeyFromInternalResolvers();
 
         if (pk != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a key using the per-KeyInfo key resolvers");
-            }
+            LOG.debug("I could find a key using the per-KeyInfo key resolvers");
 
             return pk;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a key using the per-KeyInfo key resolvers");
-        }
+        LOG.debug("I couldn't find a key using the per-KeyInfo key resolvers");
 
         pk = this.getPublicKeyFromStaticResolvers();
 
         if (pk != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a key using the system-wide key resolvers");
-            }
+            LOG.debug("I could find a key using the system-wide key resolvers");
 
             return pk;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a key using the system-wide key resolvers");
-        }
+        LOG.debug("I couldn't find a key using the system-wide key resolvers");
 
         return null;
     }
@@ -863,7 +812,7 @@
         while (it.hasNext()) {
             KeyResolverSpi keyResolver = it.next();
             keyResolver.setSecureValidation(secureValidation);
-            Node currentChild = this.constructionElement.getFirstChild();
+            Node currentChild = getFirstChild();
             String uri = this.getBaseURI();
             while (currentChild != null) {
                 if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
@@ -892,11 +841,9 @@
      */
     PublicKey getPublicKeyFromInternalResolvers() throws KeyResolverException {
         for (KeyResolverSpi keyResolver : internalKeyResolvers) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
-            }
+            LOG.debug("Try {}", keyResolver.getClass().getName());
             keyResolver.setSecureValidation(secureValidation);
-            Node currentChild = this.constructionElement.getFirstChild();
+            Node currentChild = getFirstChild();
             String uri = this.getBaseURI();
             while (currentChild != null)      {
                 if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
@@ -929,29 +876,21 @@
         X509Certificate cert = this.getX509CertificateFromInternalResolvers();
 
         if (cert != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a X509Certificate using the per-KeyInfo key resolvers");
-            }
+            LOG.debug("I could find a X509Certificate using the per-KeyInfo key resolvers");
 
             return cert;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a X509Certificate using the per-KeyInfo key resolvers");
-        }
+        LOG.debug("I couldn't find a X509Certificate using the per-KeyInfo key resolvers");
 
         // Then use the system-wide Resolvers
         cert = this.getX509CertificateFromStaticResolvers();
 
         if (cert != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a X509Certificate using the system-wide key resolvers");
-            }
+            LOG.debug("I could find a X509Certificate using the system-wide key resolvers");
 
             return cert;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a X509Certificate using the system-wide key resolvers");
-        }
+        LOG.debug("I couldn't find a X509Certificate using the system-wide key resolvers");
 
         return null;
     }
@@ -966,12 +905,9 @@
      */
     X509Certificate getX509CertificateFromStaticResolvers()
         throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE,
-                "Start getX509CertificateFromStaticResolvers() with " + KeyResolver.length()
-                + " resolvers"
-            );
-        }
+        LOG.debug(
+            "Start getX509CertificateFromStaticResolvers() with {} resolvers", KeyResolver.length()
+        );
         String uri = this.getBaseURI();
         Iterator<KeyResolverSpi> it = KeyResolver.iterator();
         while (it.hasNext()) {
@@ -988,7 +924,7 @@
     private X509Certificate applyCurrentResolver(
         String uri, KeyResolverSpi keyResolver
     ) throws KeyResolverException {
-        Node currentChild = this.constructionElement.getFirstChild();
+        Node currentChild = getFirstChild();
         while (currentChild != null)      {
             if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
                 for (StorageResolver storage : storageResolvers) {
@@ -1015,17 +951,13 @@
      */
     X509Certificate getX509CertificateFromInternalResolvers()
         throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE,
-                "Start getX509CertificateFromInternalResolvers() with "
-                + this.lengthInternalKeyResolver() + " resolvers"
-            );
-        }
+        LOG.debug(
+            "Start getX509CertificateFromInternalResolvers() with {} resolvers",
+            + this.lengthInternalKeyResolver()
+        );
         String uri = this.getBaseURI();
         for (KeyResolverSpi keyResolver : internalKeyResolvers) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
-            }
+            LOG.debug("Try {}", keyResolver.getClass().getName());
             keyResolver.setSecureValidation(secureValidation);
             X509Certificate cert = applyCurrentResolver(uri, keyResolver);
             if (cert != null) {
@@ -1045,28 +977,20 @@
         SecretKey sk = this.getSecretKeyFromInternalResolvers();
 
         if (sk != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a secret key using the per-KeyInfo key resolvers");
-            }
+            LOG.debug("I could find a secret key using the per-KeyInfo key resolvers");
 
             return sk;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a secret key using the per-KeyInfo key resolvers");
-        }
+        LOG.debug("I couldn't find a secret key using the per-KeyInfo key resolvers");
 
         sk = this.getSecretKeyFromStaticResolvers();
 
         if (sk != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a secret key using the system-wide key resolvers");
-            }
+            LOG.debug("I could find a secret key using the system-wide key resolvers");
 
             return sk;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a secret key using the system-wide key resolvers");
-        }
+        LOG.debug("I couldn't find a secret key using the system-wide key resolvers");
 
         return null;
     }
@@ -1083,7 +1007,7 @@
             KeyResolverSpi keyResolver = it.next();
             keyResolver.setSecureValidation(secureValidation);
 
-            Node currentChild = this.constructionElement.getFirstChild();
+            Node currentChild = getFirstChild();
             String uri = this.getBaseURI();
             while (currentChild != null)      {
                 if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
@@ -1113,11 +1037,9 @@
 
     SecretKey getSecretKeyFromInternalResolvers() throws KeyResolverException {
         for (KeyResolverSpi keyResolver : internalKeyResolvers) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
-            }
+            LOG.debug("Try {}", keyResolver.getClass().getName());
             keyResolver.setSecureValidation(secureValidation);
-            Node currentChild = this.constructionElement.getFirstChild();
+            Node currentChild = getFirstChild();
             String uri = this.getBaseURI();
             while (currentChild != null)      {
                 if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
@@ -1148,25 +1070,17 @@
         PrivateKey pk = this.getPrivateKeyFromInternalResolvers();
 
         if (pk != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a private key using the per-KeyInfo key resolvers");
-            }
+            LOG.debug("I could find a private key using the per-KeyInfo key resolvers");
             return pk;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a secret key using the per-KeyInfo key resolvers");
-        }
+        LOG.debug("I couldn't find a secret key using the per-KeyInfo key resolvers");
 
         pk = this.getPrivateKeyFromStaticResolvers();
         if (pk != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I could find a private key using the system-wide key resolvers");
-            }
+            LOG.debug("I could find a private key using the system-wide key resolvers");
             return pk;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I couldn't find a private key using the system-wide key resolvers");
-        }
+        LOG.debug("I couldn't find a private key using the system-wide key resolvers");
 
         return null;
     }
@@ -1183,7 +1097,7 @@
             KeyResolverSpi keyResolver = it.next();
             keyResolver.setSecureValidation(secureValidation);
 
-            Node currentChild = this.constructionElement.getFirstChild();
+            Node currentChild = getFirstChild();
             String uri = this.getBaseURI();
             while (currentChild != null)      {
                 if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
@@ -1212,11 +1126,9 @@
      */
     PrivateKey getPrivateKeyFromInternalResolvers() throws KeyResolverException {
         for (KeyResolverSpi keyResolver : internalKeyResolvers) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
-            }
+            LOG.debug("Try {}", keyResolver.getClass().getName());
             keyResolver.setSecureValidation(secureValidation);
-            Node currentChild = this.constructionElement.getFirstChild();
+            Node currentChild = getFirstChild();
             String uri = this.getBaseURI();
             while (currentChild != null) {
                 if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
@@ -1274,13 +1186,13 @@
     public void addStorageResolver(StorageResolver storageResolver) {
         if (storageResolvers == nullList) {
             // Replace the default null StorageResolver
-            storageResolvers = new ArrayList<StorageResolver>();
+            storageResolvers = new ArrayList<>();
         }
         this.storageResolvers.add(storageResolver);
     }
 
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_KEYINFO;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyUtils.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyUtils.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyUtils.java
@@ -32,11 +32,10 @@
 import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
 
 /**
- * Utility class for for <CODE>com.sun.org.apache.xml.internal.security.keys</CODE> package.
+ * Utility class for {@code com.sun.org.apache.xml.internal.security.keys} package.
  *
- * @author $Author: coheigea $
  */
-public class KeyUtils {
+public final class KeyUtils {
 
     private KeyUtils() {
         // no instantiation
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
@@ -35,9 +35,8 @@
 import org.w3c.dom.Element;
 
 /**
- * Provides content model support for the <code>dsig11:DEREncodedKeyvalue</code> element.
+ * Provides content model support for the {@code dsig11:DEREncodedKeyvalue} element.
  *
- * @author Brent Putman (putmanb@georgetown.edu)
  */
 public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent {
 
@@ -48,11 +47,11 @@
      * Constructor DEREncodedKeyValue
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public DEREncodedKeyValue(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public DEREncodedKeyValue(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -72,7 +71,7 @@
      * Constructor DEREncodedKeyValue
      *
      * @param doc
-     * @param base64EncodedKey
+     * @param encodedKey
      */
     public DEREncodedKeyValue(Document doc, byte[] encodedKey) {
         super(doc);
@@ -81,29 +80,24 @@
     }
 
     /**
-     * Sets the <code>Id</code> attribute
+     * Sets the {@code Id} attribute
      *
-     * @param Id ID
+     * @param id ID
      */
     public void setId(String id) {
-        if (id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
-        } else {
-            this.constructionElement.removeAttributeNS(null, Constants._ATT_ID);
-        }
+        setLocalIdAttribute(Constants._ATT_ID, id);
     }
 
     /**
-     * Returns the <code>Id</code> attribute
+     * Returns the {@code Id} attribute
      *
-     * @return the <code>Id</code> attribute
+     * @return the {@code Id} attribute
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_DERENCODEDKEYVALUE;
     }
@@ -126,9 +120,9 @@
                 if (publicKey != null) {
                     return publicKey;
                 }
-            } catch (NoSuchAlgorithmException e) {
+            } catch (NoSuchAlgorithmException e) { //NOPMD
                 // Do nothing, try the next type
-            } catch (InvalidKeySpecException e) {
+            } catch (InvalidKeySpecException e) { //NOPMD
                 // Do nothing, try the next type
             }
         }
@@ -148,10 +142,10 @@
             return keySpec.getEncoded();
         } catch (NoSuchAlgorithmException e) {
             Object exArgs[] = { publicKey.getAlgorithm(), publicKey.getFormat(), publicKey.getClass().getName() };
-            throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedPublicKey", exArgs, e);
+            throw new XMLSecurityException(e, "DEREncodedKeyValue.UnsupportedPublicKey", exArgs);
         } catch (InvalidKeySpecException e) {
             Object exArgs[] = { publicKey.getAlgorithm(), publicKey.getFormat(), publicKey.getClass().getName() };
-            throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedPublicKey", exArgs, e);
+            throw new XMLSecurityException(e, "DEREncodedKeyValue.UnsupportedPublicKey", exArgs);
         }
     }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java
@@ -25,7 +25,6 @@
 /**
  * Empty interface just to identify Elements that can be children of ds:KeyInfo.
  *
- * @author $Author: coheigea $
  */
 public interface KeyInfoContent {
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoReference.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoReference.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoReference.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoReference.java
@@ -30,9 +30,8 @@
 import org.w3c.dom.Element;
 
 /**
- * Provides content model support for the <code>dsig11:KeyInfoReference</code> element.
+ * Provides content model support for the {@code dsig11:KeyInfoReference} element.
  *
- * @author Brent Putman (putmanb@georgetown.edu)
  */
 public class KeyInfoReference extends Signature11ElementProxy implements KeyInfoContent {
 
@@ -40,7 +39,7 @@
      * Constructor RetrievalMethod
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
     public KeyInfoReference(Element element, String baseURI) throws XMLSecurityException {
@@ -51,12 +50,12 @@
      * Constructor RetrievalMethod
      *
      * @param doc
-     * @param URI
+     * @param uri
      */
-    public KeyInfoReference(Document doc, String URI) {
+    public KeyInfoReference(Document doc, String uri) {
         super(doc);
 
-        this.constructionElement.setAttributeNS(null, Constants._ATT_URI, URI);
+        setLocalAttribute(Constants._ATT_URI, uri);
     }
 
     /**
@@ -65,7 +64,7 @@
      * @return the URI attribute
      */
     public Attr getURIAttr() {
-        return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_URI);
+        return getElement().getAttributeNodeNS(null, Constants._ATT_URI);
     }
 
     /**
@@ -78,29 +77,24 @@
     }
 
     /**
-     * Sets the <code>Id</code> attribute
+     * Sets the {@code Id} attribute
      *
-     * @param Id ID
+     * @param id ID
      */
     public void setId(String id) {
-        if (id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
-        } else {
-            this.constructionElement.removeAttributeNS(null, Constants._ATT_ID);
-        }
+        setLocalIdAttribute(Constants._ATT_ID, id);
     }
 
     /**
-     * Returns the <code>Id</code> attribute
+     * Returns the {@code Id} attribute
      *
-     * @return the <code>Id</code> attribute
+     * @return the {@code Id} attribute
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_KEYINFOREFERENCE;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java
@@ -29,7 +29,6 @@
 import org.w3c.dom.Element;
 
 /**
- * @author $Author: coheigea $
  */
 public class KeyName extends SignatureElementProxy implements KeyInfoContent {
 
@@ -37,11 +36,11 @@
      * Constructor KeyName
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public KeyName(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public KeyName(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -65,7 +64,7 @@
         return this.getTextFromTextChild();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_KEYNAME;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
@@ -41,7 +41,6 @@
  * keys values represented as PCDATA or element types from an external
  * namespace.
  *
- * @author $Author: coheigea $
  */
 public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
 
@@ -54,9 +53,9 @@
     public KeyValue(Document doc, DSAKeyValue dsaKeyValue) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
-        this.constructionElement.appendChild(dsaKeyValue.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
+        appendSelf(dsaKeyValue);
+        addReturnToSelf();
     }
 
     /**
@@ -68,9 +67,9 @@
     public KeyValue(Document doc, RSAKeyValue rsaKeyValue) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
-        this.constructionElement.appendChild(rsaKeyValue.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
+        appendSelf(rsaKeyValue);
+        addReturnToSelf();
     }
 
     /**
@@ -82,9 +81,9 @@
     public KeyValue(Document doc, Element unknownKeyValue) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
-        this.constructionElement.appendChild(unknownKeyValue);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
+        appendSelf(unknownKeyValue);
+        addReturnToSelf();
     }
 
     /**
@@ -96,18 +95,22 @@
     public KeyValue(Document doc, PublicKey pk) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
 
         if (pk instanceof java.security.interfaces.DSAPublicKey) {
-            DSAKeyValue dsa = new DSAKeyValue(this.doc, pk);
+            DSAKeyValue dsa = new DSAKeyValue(getDocument(), pk);
 
-            this.constructionElement.appendChild(dsa.getElement());
-            XMLUtils.addReturnToElement(this.constructionElement);
+            appendSelf(dsa);
+            addReturnToSelf();
         } else if (pk instanceof java.security.interfaces.RSAPublicKey) {
-            RSAKeyValue rsa = new RSAKeyValue(this.doc, pk);
+            RSAKeyValue rsa = new RSAKeyValue(getDocument(), pk);
 
-            this.constructionElement.appendChild(rsa.getElement());
-            XMLUtils.addReturnToElement(this.constructionElement);
+            appendSelf(rsa);
+            addReturnToSelf();
+        } else {
+            String error = "The given PublicKey type " + pk + " is not supported. Only DSAPublicKey and "
+                + "RSAPublicKey types are currently supported";
+            throw new IllegalArgumentException(error);
         }
     }
 
@@ -115,11 +118,11 @@
      * Constructor KeyValue
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public KeyValue(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public KeyValue(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -131,7 +134,7 @@
     public PublicKey getPublicKey() throws XMLSecurityException {
         Element rsa =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_RSAKEYVALUE, 0);
+                getFirstChild(), Constants._TAG_RSAKEYVALUE, 0);
 
         if (rsa != null) {
             RSAKeyValue kv = new RSAKeyValue(rsa, this.baseURI);
@@ -140,7 +143,7 @@
 
         Element dsa =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_DSAKEYVALUE, 0);
+                getFirstChild(), Constants._TAG_DSAKEYVALUE, 0);
 
         if (dsa != null) {
             DSAKeyValue kv = new DSAKeyValue(dsa, this.baseURI);
@@ -150,7 +153,7 @@
         return null;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_KEYVALUE;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java
@@ -29,7 +29,6 @@
 import org.w3c.dom.Element;
 
 /**
- * @author $Author: coheigea $
  */
 public class MgmtData extends SignatureElementProxy implements KeyInfoContent {
 
@@ -37,12 +36,12 @@
      * Constructor MgmtData
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public MgmtData(Element element, String BaseURI)
+    public MgmtData(Element element, String baseURI)
         throws XMLSecurityException {
-        super(element, BaseURI);
+        super(element, baseURI);
     }
 
     /**
@@ -66,7 +65,7 @@
         return this.getTextFromTextChild();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_MGMTDATA;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java
@@ -28,7 +28,6 @@
 import org.w3c.dom.Element;
 
 /**
- * @author $Author: coheigea $
  * $todo$ Implement
  */
 public class PGPData extends SignatureElementProxy implements KeyInfoContent {
@@ -37,14 +36,14 @@
      * Constructor PGPData
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public PGPData(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public PGPData(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_PGPDATA;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java
@@ -35,17 +35,17 @@
 public class RetrievalMethod extends SignatureElementProxy implements KeyInfoContent {
 
     /** DSA retrieval */
-    public static final String TYPE_DSA     = Constants.SignatureSpecNS + "DSAKeyValue";
+    public static final String TYPE_DSA = Constants.SignatureSpecNS + "DSAKeyValue";
     /** RSA retrieval */
-    public static final String TYPE_RSA     = Constants.SignatureSpecNS + "RSAKeyValue";
+    public static final String TYPE_RSA = Constants.SignatureSpecNS + "RSAKeyValue";
     /** PGP retrieval */
-    public static final String TYPE_PGP     = Constants.SignatureSpecNS + "PGPData";
+    public static final String TYPE_PGP = Constants.SignatureSpecNS + "PGPData";
     /** SPKI retrieval */
-    public static final String TYPE_SPKI    = Constants.SignatureSpecNS + "SPKIData";
+    public static final String TYPE_SPKI = Constants.SignatureSpecNS + "SPKIData";
     /** MGMT retrieval */
-    public static final String TYPE_MGMT    = Constants.SignatureSpecNS + "MgmtData";
+    public static final String TYPE_MGMT = Constants.SignatureSpecNS + "MgmtData";
     /** X509 retrieval */
-    public static final String TYPE_X509    = Constants.SignatureSpecNS + "X509Data";
+    public static final String TYPE_X509 = Constants.SignatureSpecNS + "X509Data";
     /** RAWX509 retrieval */
     public static final String TYPE_RAWX509 = Constants.SignatureSpecNS + "rawX509Certificate";
 
@@ -53,11 +53,11 @@
      * Constructor RetrievalMethod
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public RetrievalMethod(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public RetrievalMethod(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -71,15 +71,15 @@
     public RetrievalMethod(Document doc, String URI, Transforms transforms, String Type) {
         super(doc);
 
-        this.constructionElement.setAttributeNS(null, Constants._ATT_URI, URI);
+        setLocalAttribute(Constants._ATT_URI, URI);
 
         if (Type != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_TYPE, Type);
+            setLocalAttribute(Constants._ATT_TYPE, Type);
         }
 
         if (transforms != null) {
-            this.constructionElement.appendChild(transforms.getElement());
-            XMLUtils.addReturnToElement(this.constructionElement);
+            appendSelf(transforms);
+            addReturnToSelf();
         }
     }
 
@@ -89,7 +89,7 @@
      * @return the URI attribute
      */
     public Attr getURIAttr() {
-        return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_URI);
+        return getElement().getAttributeNodeNS(null, Constants._ATT_URI);
     }
 
     /**
@@ -98,12 +98,12 @@
      * @return URI string
      */
     public String getURI() {
-        return this.getURIAttr().getNodeValue();
+        return getLocalAttribute(Constants._ATT_URI);
     }
 
     /** @return the type*/
     public String getType() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_TYPE);
+        return getLocalAttribute(Constants._ATT_TYPE);
     }
 
     /**
@@ -116,7 +116,7 @@
         try {
             Element transformsElem =
                 XMLUtils.selectDsNode(
-                    this.constructionElement.getFirstChild(), Constants._TAG_TRANSFORMS, 0);
+                    getFirstChild(), Constants._TAG_TRANSFORMS, 0);
 
             if (transformsElem != null) {
                 return new Transforms(transformsElem, this.baseURI);
@@ -124,11 +124,11 @@
 
             return null;
         } catch (XMLSignatureException ex) {
-            throw new XMLSecurityException("empty", ex);
+            throw new XMLSecurityException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_RETRIEVALMETHOD;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java
@@ -28,7 +28,6 @@
 import org.w3c.dom.Element;
 
 /**
- * @author $Author: coheigea $
  * $todo$ implement
  */
 public class SPKIData extends SignatureElementProxy implements KeyInfoContent {
@@ -37,15 +36,15 @@
      * Constructor SPKIData
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public SPKIData(Element element, String BaseURI)
+    public SPKIData(Element element, String baseURI)
         throws XMLSecurityException {
-        super(element, BaseURI);
+        super(element, baseURI);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_SPKIDATA;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java
@@ -41,9 +41,8 @@
 
 public class X509Data extends SignatureElementProxy implements KeyInfoContent {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(X509Data.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(X509Data.class);
 
     /**
      * Constructor X509Data
@@ -53,7 +52,7 @@
     public X509Data(Document doc) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
     }
 
     /**
@@ -66,17 +65,15 @@
     public X509Data(Element element, String baseURI) throws XMLSecurityException {
         super(element, baseURI);
 
-        Node sibling = this.constructionElement.getFirstChild();
-        while (sibling != null) {
-            if (sibling.getNodeType() != Node.ELEMENT_NODE) {
-                sibling = sibling.getNextSibling();
-                continue;
-            }
-            return;
+        Node sibling = getFirstChild();
+        while (sibling != null && sibling.getNodeType() != Node.ELEMENT_NODE) {
+            sibling = sibling.getNextSibling();
         }
-        /* No Elements found */
-        Object exArgs[] = { "Elements", Constants._TAG_X509DATA };
-        throw new XMLSecurityException("xml.WrongContent", exArgs);
+        if (sibling == null || sibling.getNodeType() != Node.ELEMENT_NODE) {
+            /* No Elements found */
+            Object exArgs[] = { "Elements", Constants._TAG_X509DATA };
+            throw new XMLSecurityException("xml.WrongContent", exArgs);
+        }
     }
 
     /**
@@ -86,7 +83,7 @@
      * @param X509SerialNumber
      */
     public void addIssuerSerial(String X509IssuerName, BigInteger X509SerialNumber) {
-        this.add(new XMLX509IssuerSerial(this.doc, X509IssuerName, X509SerialNumber));
+        this.add(new XMLX509IssuerSerial(getDocument(), X509IssuerName, X509SerialNumber));
     }
 
     /**
@@ -96,7 +93,7 @@
      * @param X509SerialNumber
      */
     public void addIssuerSerial(String X509IssuerName, String X509SerialNumber) {
-        this.add(new XMLX509IssuerSerial(this.doc, X509IssuerName, X509SerialNumber));
+        this.add(new XMLX509IssuerSerial(getDocument(), X509IssuerName, X509SerialNumber));
     }
 
     /**
@@ -106,7 +103,7 @@
      * @param X509SerialNumber
      */
     public void addIssuerSerial(String X509IssuerName, int X509SerialNumber) {
-        this.add(new XMLX509IssuerSerial(this.doc, X509IssuerName, X509SerialNumber));
+        this.add(new XMLX509IssuerSerial(getDocument(), X509IssuerName, X509SerialNumber));
     }
 
     /**
@@ -116,8 +113,8 @@
      */
     public void add(XMLX509IssuerSerial xmlX509IssuerSerial) {
 
-        this.constructionElement.appendChild(xmlX509IssuerSerial.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(xmlX509IssuerSerial);
+        addReturnToSelf();
     }
 
     /**
@@ -126,7 +123,7 @@
      * @param skiBytes
      */
     public void addSKI(byte[] skiBytes) {
-        this.add(new XMLX509SKI(this.doc, skiBytes));
+        this.add(new XMLX509SKI(getDocument(), skiBytes));
     }
 
     /**
@@ -137,7 +134,7 @@
      */
     public void addSKI(X509Certificate x509certificate)
         throws XMLSecurityException {
-        this.add(new XMLX509SKI(this.doc, x509certificate));
+        this.add(new XMLX509SKI(getDocument(), x509certificate));
     }
 
     /**
@@ -146,8 +143,8 @@
      * @param xmlX509SKI
      */
     public void add(XMLX509SKI xmlX509SKI) {
-        this.constructionElement.appendChild(xmlX509SKI.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(xmlX509SKI);
+        addReturnToSelf();
     }
 
     /**
@@ -156,7 +153,7 @@
      * @param subjectName
      */
     public void addSubjectName(String subjectName) {
-        this.add(new XMLX509SubjectName(this.doc, subjectName));
+        this.add(new XMLX509SubjectName(getDocument(), subjectName));
     }
 
     /**
@@ -165,7 +162,7 @@
      * @param x509certificate
      */
     public void addSubjectName(X509Certificate x509certificate) {
-        this.add(new XMLX509SubjectName(this.doc, x509certificate));
+        this.add(new XMLX509SubjectName(getDocument(), x509certificate));
     }
 
     /**
@@ -174,8 +171,8 @@
      * @param xmlX509SubjectName
      */
     public void add(XMLX509SubjectName xmlX509SubjectName) {
-        this.constructionElement.appendChild(xmlX509SubjectName.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(xmlX509SubjectName);
+        addReturnToSelf();
     }
 
     /**
@@ -186,7 +183,7 @@
      */
     public void addCertificate(X509Certificate x509certificate)
         throws XMLSecurityException {
-        this.add(new XMLX509Certificate(this.doc, x509certificate));
+        this.add(new XMLX509Certificate(getDocument(), x509certificate));
     }
 
     /**
@@ -195,7 +192,7 @@
      * @param x509certificateBytes
      */
     public void addCertificate(byte[] x509certificateBytes) {
-        this.add(new XMLX509Certificate(this.doc, x509certificateBytes));
+        this.add(new XMLX509Certificate(getDocument(), x509certificateBytes));
     }
 
     /**
@@ -204,8 +201,8 @@
      * @param xmlX509Certificate
      */
     public void add(XMLX509Certificate xmlX509Certificate) {
-        this.constructionElement.appendChild(xmlX509Certificate.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(xmlX509Certificate);
+        addReturnToSelf();
     }
 
     /**
@@ -214,7 +211,7 @@
      * @param crlBytes
      */
     public void addCRL(byte[] crlBytes) {
-        this.add(new XMLX509CRL(this.doc, crlBytes));
+        this.add(new XMLX509CRL(getDocument(), crlBytes));
     }
 
     /**
@@ -223,8 +220,8 @@
      * @param xmlX509CRL
      */
     public void add(XMLX509CRL xmlX509CRL) {
-        this.constructionElement.appendChild(xmlX509CRL.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(xmlX509CRL);
+        addReturnToSelf();
     }
 
     /**
@@ -236,27 +233,27 @@
      */
     public void addDigest(X509Certificate x509certificate, String algorithmURI)
         throws XMLSecurityException {
-        this.add(new XMLX509Digest(this.doc, x509certificate, algorithmURI));
+        this.add(new XMLX509Digest(getDocument(), x509certificate, algorithmURI));
     }
 
     /**
      * Method addDigest
      *
-     * @param x509CertificateDigestByes
+     * @param x509CertificateDigestBytes
      * @param algorithmURI
      */
-    public void addDigest(byte[] x509certificateDigestBytes, String algorithmURI) {
-        this.add(new XMLX509Digest(this.doc, x509certificateDigestBytes, algorithmURI));
+    public void addDigest(byte[] x509CertificateDigestBytes, String algorithmURI) {
+        this.add(new XMLX509Digest(getDocument(), x509CertificateDigestBytes, algorithmURI));
     }
 
     /**
      * Method add
      *
-     * @param XMLX509Digest
+     * @param xmlX509Digest
      */
     public void add(XMLX509Digest xmlX509Digest) {
-        this.constructionElement.appendChild(xmlX509Digest.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(xmlX509Digest);
+        addReturnToSelf();
     }
 
     /**
@@ -265,8 +262,8 @@
      * @param element
      */
     public void addUnknownElement(Element element) {
-        this.constructionElement.appendChild(element);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(element);
+        addReturnToSelf();
     }
 
     /**
@@ -330,9 +327,9 @@
      */
     public int lengthUnknownElement() {
         int result = 0;
-        Node n = this.constructionElement.getFirstChild();
-        while (n != null){
-            if ((n.getNodeType() == Node.ELEMENT_NODE)
+        Node n = getFirstChild();
+        while (n != null) {
+            if (n.getNodeType() == Node.ELEMENT_NODE
                 && !n.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
                 result++;
             }
@@ -352,7 +349,7 @@
     public XMLX509IssuerSerial itemIssuerSerial(int i) throws XMLSecurityException {
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_X509ISSUERSERIAL, i);
+                getFirstChild(), Constants._TAG_X509ISSUERSERIAL, i);
 
         if (e != null) {
             return new XMLX509IssuerSerial(e, this.baseURI);
@@ -371,7 +368,7 @@
 
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_X509SKI, i);
+                getFirstChild(), Constants._TAG_X509SKI, i);
 
         if (e != null) {
             return new XMLX509SKI(e, this.baseURI);
@@ -390,7 +387,7 @@
 
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_X509SUBJECTNAME, i);
+                getFirstChild(), Constants._TAG_X509SUBJECTNAME, i);
 
         if (e != null) {
             return new XMLX509SubjectName(e, this.baseURI);
@@ -402,14 +399,14 @@
      * Method itemCertificate
      *
      * @param i
-     * @return the X509Certifacte, null if not present
+     * @return the X509Certificate, null if not present
      * @throws XMLSecurityException
      */
     public XMLX509Certificate itemCertificate(int i) throws XMLSecurityException {
 
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_X509CERTIFICATE, i);
+                getFirstChild(), Constants._TAG_X509CERTIFICATE, i);
 
         if (e != null) {
             return new XMLX509Certificate(e, this.baseURI);
@@ -428,7 +425,7 @@
 
         Element e =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_X509CRL, i);
+                getFirstChild(), Constants._TAG_X509CRL, i);
 
         if (e != null) {
             return new XMLX509CRL(e, this.baseURI);
@@ -447,7 +444,7 @@
 
         Element e =
             XMLUtils.selectDs11Node(
-                this.constructionElement.getFirstChild(), Constants._TAG_X509DIGEST, i);
+                getFirstChild(), Constants._TAG_X509DIGEST, i);
 
         if (e != null) {
             return new XMLX509Digest(e, this.baseURI);
@@ -463,9 +460,7 @@
      * TODO implement
      **/
     public Element itemUnknownElement(int i) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "itemUnknownElement not implemented:" + i);
-        }
+        LOG.debug("itemUnknownElement not implemented: {}", i);
         return null;
     }
 
@@ -532,7 +527,7 @@
         return this.lengthUnknownElement() > 0;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_X509DATA;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java
@@ -27,6 +27,7 @@
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
+import java.security.interfaces.DSAParams;
 import java.security.interfaces.DSAPublicKey;
 import java.security.spec.DSAPublicKeySpec;
 import java.security.spec.InvalidKeySpecException;
@@ -35,7 +36,6 @@
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.I18n;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -64,7 +64,7 @@
     public DSAKeyValue(Document doc, BigInteger P, BigInteger Q, BigInteger G, BigInteger Y) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
         this.addBigIntegerElement(P, Constants._TAG_P);
         this.addBigIntegerElement(Q, Constants._TAG_Q);
         this.addBigIntegerElement(G, Constants._TAG_G);
@@ -81,12 +81,13 @@
     public DSAKeyValue(Document doc, Key key) throws IllegalArgumentException {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
 
-        if (key instanceof java.security.interfaces.DSAPublicKey) {
-            this.addBigIntegerElement(((DSAPublicKey) key).getParams().getP(), Constants._TAG_P);
-            this.addBigIntegerElement(((DSAPublicKey) key).getParams().getQ(), Constants._TAG_Q);
-            this.addBigIntegerElement(((DSAPublicKey) key).getParams().getG(), Constants._TAG_G);
+        if (key instanceof DSAPublicKey) {
+            DSAParams params = ((DSAPublicKey) key).getParams();
+            this.addBigIntegerElement(params.getP(), Constants._TAG_P);
+            this.addBigIntegerElement(params.getQ(), Constants._TAG_Q);
+            this.addBigIntegerElement(params.getG(), Constants._TAG_G);
             this.addBigIntegerElement(((DSAPublicKey) key).getY(), Constants._TAG_Y);
         } else {
             Object exArgs[] = { Constants._TAG_DSAKEYVALUE, key.getClass().getName() };
@@ -95,7 +96,7 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public PublicKey getPublicKey() throws XMLSecurityException {
         try {
             DSAPublicKeySpec pkspec =
@@ -118,13 +119,13 @@
 
             return pk;
         } catch (NoSuchAlgorithmException ex) {
-            throw new XMLSecurityException("empty", ex);
+            throw new XMLSecurityException(ex);
         } catch (InvalidKeySpecException ex) {
-            throw new XMLSecurityException("empty", ex);
+            throw new XMLSecurityException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_DSAKEYVALUE;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java
@@ -35,7 +35,6 @@
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.I18n;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -45,11 +44,11 @@
      * Constructor RSAKeyValue
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public RSAKeyValue(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public RSAKeyValue(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -62,7 +61,7 @@
     public RSAKeyValue(Document doc, BigInteger modulus, BigInteger exponent) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
         this.addBigIntegerElement(modulus, Constants._TAG_MODULUS);
         this.addBigIntegerElement(exponent, Constants._TAG_EXPONENT);
     }
@@ -77,9 +76,9 @@
     public RSAKeyValue(Document doc, Key key) throws IllegalArgumentException {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
 
-        if (key instanceof java.security.interfaces.RSAPublicKey ) {
+        if (key instanceof RSAPublicKey ) {
             this.addBigIntegerElement(
                 ((RSAPublicKey) key).getModulus(), Constants._TAG_MODULUS
             );
@@ -93,7 +92,7 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public PublicKey getPublicKey() throws XMLSecurityException {
         try {
             KeyFactory rsaFactory = KeyFactory.getInstance("RSA");
@@ -111,13 +110,13 @@
 
             return pk;
         } catch (NoSuchAlgorithmException ex) {
-            throw new XMLSecurityException("empty", ex);
+            throw new XMLSecurityException(ex);
         } catch (InvalidKeySpecException ex) {
-            throw new XMLSecurityException("empty", ex);
+            throw new XMLSecurityException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_RSAKEYVALUE;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-basic handlers for elements that can occur inside <CODE>ds:KeyValue</CODE>.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-basic handlers for elements that can occur inside <CODE>ds:KeyInfo</CODE>.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java
@@ -34,11 +34,11 @@
      * Constructor XMLX509CRL
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public XMLX509CRL(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public XMLX509CRL(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -63,7 +63,7 @@
         return this.getBytesFromTextChild();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_X509CRL;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java
@@ -23,6 +23,8 @@
 package com.sun.org.apache.xml.internal.security.keys.content.x509;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.PublicKey;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -44,11 +46,11 @@
      * Constructor X509Certificate
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public XMLX509Certificate(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public XMLX509Certificate(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -77,7 +79,7 @@
         try {
             this.addBase64Text(x509certificate.getEncoded());
         } catch (java.security.cert.CertificateEncodingException ex) {
-            throw new XMLSecurityException("empty", ex);
+            throw new XMLSecurityException(ex);
         }
     }
 
@@ -98,22 +100,20 @@
      * @throws XMLSecurityException
      */
     public X509Certificate getX509Certificate() throws XMLSecurityException {
-        try {
-            byte certbytes[] = this.getCertificateBytes();
+        byte certbytes[] = this.getCertificateBytes();
+        try (InputStream is = new ByteArrayInputStream(certbytes)) {
             CertificateFactory certFact =
                 CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
             X509Certificate cert =
-                (X509Certificate) certFact.generateCertificate(
-                    new ByteArrayInputStream(certbytes)
-                );
+                (X509Certificate) certFact.generateCertificate(is);
 
             if (cert != null) {
                 return cert;
             }
 
             return null;
-        } catch (CertificateException ex) {
-            throw new XMLSecurityException("empty", ex);
+        } catch (CertificateException | IOException ex) {
+            throw new XMLSecurityException(ex);
         }
     }
 
@@ -123,7 +123,7 @@
      * @return the publickey
      * @throws XMLSecurityException
      */
-    public PublicKey getPublicKey() throws XMLSecurityException {
+    public PublicKey getPublicKey() throws XMLSecurityException, IOException {
         X509Certificate cert = this.getX509Certificate();
 
         if (cert != null) {
@@ -133,7 +133,7 @@
         return null;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public boolean equals(Object obj) {
         if (!(obj instanceof XMLX509Certificate)) {
             return false;
@@ -154,14 +154,12 @@
                 result = 31 * result + bytes[i];
             }
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
         }
         return result;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_X509CERTIFICATE;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java
@@ -25,7 +25,6 @@
 /**
  * Just used for tagging contents that are allowed inside a ds:X509Data Element.
  *
- * @author $Author: coheigea $
  */
 public interface XMLX509DataContent {
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Digest.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Digest.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Digest.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Digest.java
@@ -34,9 +34,8 @@
 import org.w3c.dom.Element;
 
 /**
- * Provides content model support for the <code>dsig11:X509Digest</code> element.
+ * Provides content model support for the {@code dsig11:X509Digest} element.
  *
- * @author Brent Putman (putmanb@georgetown.edu)
  */
 public class XMLX509Digest extends Signature11ElementProxy implements XMLX509DataContent {
 
@@ -44,11 +43,11 @@
      * Constructor XMLX509Digest
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public XMLX509Digest(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public XMLX509Digest(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -61,7 +60,7 @@
     public XMLX509Digest(Document doc, byte[] digestBytes, String algorithmURI) {
         super(doc);
         this.addBase64Text(digestBytes);
-        this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
+        setLocalAttribute(Constants._ATT_ALGORITHM, algorithmURI);
     }
 
     /**
@@ -75,7 +74,7 @@
     public XMLX509Digest(Document doc, X509Certificate x509certificate, String algorithmURI) throws XMLSecurityException {
         super(doc);
         this.addBase64Text(getDigestBytesFromCert(x509certificate, algorithmURI));
-        this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
+        setLocalAttribute(Constants._ATT_ALGORITHM, algorithmURI);
     }
 
     /**
@@ -84,7 +83,7 @@
      * @return the Algorithm attribute
      */
     public Attr getAlgorithmAttr() {
-        return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_ALGORITHM);
+        return getElement().getAttributeNodeNS(null, Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -118,21 +117,21 @@
     public static byte[] getDigestBytesFromCert(X509Certificate cert, String algorithmURI) throws XMLSecurityException {
         String jcaDigestAlgorithm = JCEMapper.translateURItoJCEID(algorithmURI);
         if (jcaDigestAlgorithm == null) {
-            Object exArgs[] = { algorithmURI };
-            throw new XMLSecurityException("XMLX509Digest.UnknownDigestAlgorithm", exArgs);
+                Object exArgs[] = { algorithmURI };
+                throw new XMLSecurityException("XMLX509Digest.UnknownDigestAlgorithm", exArgs);
         }
 
         try {
-            MessageDigest md = MessageDigest.getInstance(jcaDigestAlgorithm);
-            return md.digest(cert.getEncoded());
-        } catch (Exception e) {
-            Object exArgs[] = { jcaDigestAlgorithm };
-            throw new XMLSecurityException("XMLX509Digest.FailedDigest", exArgs);
-        }
+                        MessageDigest md = MessageDigest.getInstance(jcaDigestAlgorithm);
+                        return md.digest(cert.getEncoded());
+                } catch (Exception e) {
+                Object exArgs[] = { jcaDigestAlgorithm };
+                        throw new XMLSecurityException("XMLX509Digest.FailedDigest", exArgs);
+                }
 
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_X509DIGEST;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java
@@ -29,15 +29,13 @@
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.RFC2253Parser;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 public class XMLX509IssuerSerial extends SignatureElementProxy implements XMLX509DataContent {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLX509IssuerSerial.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XMLX509IssuerSerial.class);
 
     /**
      * Constructor XMLX509IssuerSerial
@@ -59,7 +57,7 @@
      */
     public XMLX509IssuerSerial(Document doc, String x509IssuerName, BigInteger x509SerialNumber) {
         super(doc);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
         addTextElement(x509IssuerName, Constants._TAG_X509ISSUERNAME);
         addTextElement(x509SerialNumber.toString(), Constants._TAG_X509SERIALNUMBER);
     }
@@ -108,9 +106,7 @@
     public BigInteger getSerialNumber() {
         String text =
             this.getTextFromChildElement(Constants._TAG_X509SERIALNUMBER, Constants.SignatureSpecNS);
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "X509SerialNumber text: " + text);
-        }
+        LOG.debug("X509SerialNumber text: {}", text);
 
         return new BigInteger(text);
     }
@@ -135,7 +131,7 @@
         );
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public boolean equals(Object obj) {
         if (!(obj instanceof XMLX509IssuerSerial)) {
             return false;
@@ -154,7 +150,7 @@
         return result;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_X509ISSUERSERIAL;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java
@@ -24,9 +24,9 @@
 
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
+import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
@@ -40,20 +40,19 @@
  */
 public class XMLX509SKI extends SignatureElementProxy implements XMLX509DataContent {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLX509SKI.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XMLX509SKI.class);
 
     /**
-     * <CODE>SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)</CODE>:
+     * {@code SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)}:
      * This extension identifies the public key being certified. It enables
      * distinct keys used by the same subject to be differentiated
      * (e.g., as key updating occurs).
-     * <BR />
+     * <p></p>
      * A key identifier shall be unique with respect to all key identifiers
      * for the subject with which it is used. This extension is always non-critical.
      */
-    public static final String SKI_OID = "2.5.29.14";
+    public static final String SKI_OID = "2.5.29.14"; //NOPMD
 
     /**
      * Constructor X509SKI
@@ -83,11 +82,11 @@
      * Constructor XMLX509SKI
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public XMLX509SKI(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public XMLX509SKI(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -113,7 +112,7 @@
         throws XMLSecurityException {
 
         if (cert.getVersion() < 3) {
-            Object exArgs[] = { Integer.valueOf(cert.getVersion()) };
+            Object exArgs[] = { cert.getVersion() };
             throw new XMLSecurityException("certificate.noSki.lowVersion", exArgs);
         }
 
@@ -138,14 +137,14 @@
 
         System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(skidValue));
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Base64 of SKI is " + Base64.getMimeEncoder().encodeToString(skidValue));
         }
 
         return skidValue;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public boolean equals(Object obj) {
         if (!(obj instanceof XMLX509SKI)) {
             return false;
@@ -168,15 +167,13 @@
                 result = 31 * result + bytes[i];
             }
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
         }
         return result;
 
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_X509SKI;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java
@@ -32,7 +32,6 @@
 import org.w3c.dom.Element;
 
 /**
- * @author $Author: coheigea $
  */
 public class XMLX509SubjectName extends SignatureElementProxy implements XMLX509DataContent {
 
@@ -40,12 +39,12 @@
      * Constructor X509SubjectName
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public XMLX509SubjectName(Element element, String BaseURI)
+    public XMLX509SubjectName(Element element, String baseURI)
         throws XMLSecurityException {
-        super(element, BaseURI);
+        super(element, baseURI);
     }
 
     /**
@@ -80,7 +79,7 @@
         return RFC2253Parser.normalize(this.getTextFromTextChild());
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public boolean equals(Object obj) {
         if (!(obj instanceof XMLX509SubjectName)) {
             return false;
@@ -99,7 +98,7 @@
         return result;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_X509SUBJECTNAME;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-basic handlers for elements that can occur inside <CODE>ds:X509Data</CODE>.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/ClassLoaderUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/ClassLoaderUtils.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/ClassLoaderUtils.java
@@ -0,0 +1,84 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.sun.org.apache.xml.internal.security.keys.keyresolver;
+
+// NOTE! This is a duplicate of utils.ClassLoaderUtils with public
+// modifiers changed to package-private. Make sure to integrate any future
+// changes to utils.ClassLoaderUtils to this file.
+final class ClassLoaderUtils {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
+
+    private ClassLoaderUtils() {
+    }
+
+    /**
+     * Load a class with a given name. <p></p> It will try to load the class in the
+     * following order:
+     * <ul>
+     * <li>From Thread.currentThread().getContextClassLoader()
+     * <li>Using the basic Class.forName()
+     * <li>From ClassLoaderUtil.class.getClassLoader()
+     * <li>From the callingClass.getClassLoader()
+     * </ul>
+     *
+     * @param className The name of the class to load
+     * @param callingClass The Class object of the calling object
+     * @throws ClassNotFoundException If the class cannot be found anywhere.
+     */
+    static Class<?> loadClass(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            ClassLoader cl = Thread.currentThread().getContextClassLoader();
+
+            if (cl != null) {
+                return cl.loadClass(className);
+            }
+        } catch (ClassNotFoundException e) {
+            LOG.debug(e.getMessage(), e);
+            //ignore
+        }
+        return loadClass2(className, callingClass);
+    }
+
+    private static Class<?> loadClass2(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            return Class.forName(className);
+        } catch (ClassNotFoundException ex) {
+            try {
+                if (ClassLoaderUtils.class.getClassLoader() != null) {
+                    return ClassLoaderUtils.class.getClassLoader().loadClass(className);
+                }
+            } catch (ClassNotFoundException exc) {
+                if (callingClass != null && callingClass.getClassLoader() != null) {
+                    return callingClass.getClassLoader().loadClass(className);
+                }
+            }
+            LOG.debug(ex.getMessage(), ex);
+            throw ex;
+        }
+    }
+}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java
@@ -61,21 +61,31 @@
     /**
      * Constructor InvalidKeyResolverException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public InvalidKeyResolverException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public InvalidKeyResolverException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor InvalidKeyResolverException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public InvalidKeyResolverException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public InvalidKeyResolverException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public InvalidKeyResolverException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
@@ -52,9 +52,8 @@
  */
 public class KeyResolver {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(KeyResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyResolver.class);
 
     /** Field resolverVector */
     private static List<KeyResolver> resolverVector = new CopyOnWriteArrayList<KeyResolver>();
@@ -96,16 +95,14 @@
         for (KeyResolver resolver : resolverVector) {
             if (resolver == null) {
                 Object exArgs[] = {
-                                   (((element != null)
-                                       && (element.getNodeType() == Node.ELEMENT_NODE))
-                                       ? element.getTagName() : "null")
+                                   element != null
+                                       && element.getNodeType() == Node.ELEMENT_NODE
+                                       ? element.getTagName() : "null"
                 };
 
                 throw new KeyResolverException("utils.resolver.noClass", exArgs);
             }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
-            }
+            LOG.debug("check resolvability by class {}", resolver.getClass());
 
             X509Certificate cert = resolver.resolveX509Certificate(element, baseURI, storage);
             if (cert != null) {
@@ -114,8 +111,8 @@
         }
 
         Object exArgs[] = {
-                           (((element != null) && (element.getNodeType() == Node.ELEMENT_NODE))
-                           ? element.getTagName() : "null")
+                           element != null && element.getNodeType() == Node.ELEMENT_NODE
+                           ? element.getTagName() : "null"
                           };
 
         throw new KeyResolverException("utils.resolver.noClass", exArgs);
@@ -137,16 +134,14 @@
         for (KeyResolver resolver : resolverVector) {
             if (resolver == null) {
                 Object exArgs[] = {
-                                   (((element != null)
-                                       && (element.getNodeType() == Node.ELEMENT_NODE))
-                                       ? element.getTagName() : "null")
+                                   element != null
+                                       && element.getNodeType() == Node.ELEMENT_NODE
+                                       ? element.getTagName() : "null"
                 };
 
                 throw new KeyResolverException("utils.resolver.noClass", exArgs);
             }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
-            }
+            LOG.debug("check resolvability by class {}", resolver.getClass());
 
             PublicKey cert = resolver.resolvePublicKey(element, baseURI, storage);
             if (cert != null) {
@@ -155,8 +150,8 @@
         }
 
         Object exArgs[] = {
-                           (((element != null) && (element.getNodeType() == Node.ELEMENT_NODE))
-                           ? element.getTagName() : "null")
+                           element != null && element.getNodeType() == Node.ELEMENT_NODE
+                           ? element.getTagName() : "null"
                           };
 
         throw new KeyResolverException("utils.resolver.noClass", exArgs);
@@ -183,7 +178,7 @@
         throws ClassNotFoundException, IllegalAccessException, InstantiationException {
         JavaUtils.checkRegisterPermission();
         KeyResolverSpi keyResolverSpi =
-            (KeyResolverSpi) Class.forName(className).newInstance();
+            (KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
         keyResolverSpi.setGlobalResolver(globalResolver);
         register(keyResolverSpi, false);
     }
@@ -207,7 +202,10 @@
         KeyResolverSpi keyResolverSpi = null;
         Exception ex = null;
         try {
-            keyResolverSpi = (KeyResolverSpi) Class.forName(className).newInstance();
+            KeyResolverSpi tmp = (KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
+            keyResolverSpi = tmp;
+            keyResolverSpi.setGlobalResolver(globalResolver);
+            register(keyResolverSpi, true);
         } catch (ClassNotFoundException e) {
             ex = e;
         } catch (IllegalAccessException e) {
@@ -220,8 +218,6 @@
             throw (IllegalArgumentException) new
             IllegalArgumentException("Invalid KeyResolver class name").initCause(ex);
         }
-        keyResolverSpi.setGlobalResolver(globalResolver);
-        register(keyResolverSpi, true);
     }
 
     /**
@@ -270,10 +266,10 @@
     public static void registerClassNames(List<String> classNames)
         throws ClassNotFoundException, IllegalAccessException, InstantiationException {
         JavaUtils.checkRegisterPermission();
-        List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size());
+        List<KeyResolver> keyResolverList = new ArrayList<>(classNames.size());
         for (String className : classNames) {
             KeyResolverSpi keyResolverSpi =
-                (KeyResolverSpi) Class.forName(className).newInstance();
+                (KeyResolverSpi)ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
             keyResolverSpi.setGlobalResolver(false);
             keyResolverList.add(new KeyResolver(keyResolverSpi));
         }
@@ -285,7 +281,7 @@
      */
     public static void registerDefaultResolvers() {
 
-        List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>();
+        List<KeyResolver> keyResolverList = new ArrayList<>();
         keyResolverList.add(new KeyResolver(new RSAKeyValueResolver()));
         keyResolverList.add(new KeyResolver(new DSAKeyValueResolver()));
         keyResolverList.add(new KeyResolver(new X509CertificateResolver()));
@@ -414,7 +410,7 @@
         public void remove() {
             throw new UnsupportedOperationException("Can't remove resolvers using the iterator");
         }
-    };
+    }
 
     public static Iterator<KeyResolverSpi> iterator() {
         return new ResolverIterator(resolverVector);
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java
@@ -39,6 +39,10 @@
         super();
     }
 
+    public KeyResolverException(Exception ex) {
+        super(ex);
+    }
+
     /**
      * Constructor KeyResolverException
      *
@@ -61,21 +65,31 @@
     /**
      * Constructor KeyResolverException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public KeyResolverException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public KeyResolverException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor KeyResolverException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public KeyResolverException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public KeyResolverException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public KeyResolverException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
@@ -22,15 +22,23 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.keyresolver;
 
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.HashMap;
 
 import javax.crypto.SecretKey;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.ParserConfigurationException;
 
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
 
 /**
  * This class is an abstract class for a child KeyInfo Element.
@@ -45,7 +53,7 @@
 public abstract class KeyResolverSpi {
 
     /** Field properties */
-    protected java.util.Map<String, String> properties = null;
+    protected java.util.Map<String, String> properties;
 
     protected boolean globalResolver = false;
 
@@ -84,7 +92,7 @@
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
         throw new UnsupportedOperationException();
-    };
+    }
 
     /**
      * Method engineLookupAndResolvePublicKey
@@ -107,17 +115,17 @@
     }
 
     private KeyResolverSpi cloneIfNeeded() throws KeyResolverException {
-        KeyResolverSpi tmp = this;
         if (globalResolver) {
             try {
-                tmp = getClass().newInstance();
+                KeyResolverSpi tmp = getClass().newInstance();
+                return tmp;
             } catch (InstantiationException e) {
-                throw new KeyResolverException("", e);
+                throw new KeyResolverException(e, "");
             } catch (IllegalAccessException e) {
-                throw new KeyResolverException("", e);
+                throw new KeyResolverException(e, "");
             }
         }
-        return tmp;
+        return this;
     }
 
     /**
@@ -134,7 +142,7 @@
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException{
         throw new UnsupportedOperationException();
-    };
+    }
 
     /**
      * Method engineLookupResolveX509Certificate
@@ -170,7 +178,7 @@
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException{
         throw new UnsupportedOperationException();
-    };
+    }
 
     /**
      * Method engineLookupAndResolveSecretKey
@@ -221,7 +229,7 @@
      */
     public void engineSetProperty(String key, String value) {
         if (properties == null) {
-            properties = new HashMap<String, String>();
+            properties = new HashMap<>();
         }
         properties.put(key, value);
     }
@@ -258,4 +266,27 @@
         this.globalResolver = globalResolver;
     }
 
+
+    /**
+     * Parses a byte array and returns the parsed Element.
+     *
+     * @param bytes
+     * @return the Document Element after parsing bytes
+     * @throws KeyResolverException if something goes wrong
+     */
+    protected static Element getDocFromBytes(byte[] bytes, boolean secureValidation) throws KeyResolverException {
+        DocumentBuilder db = null;
+        try (InputStream is = new ByteArrayInputStream(bytes)) {
+            db = XMLUtils.createDocumentBuilder(false, secureValidation);
+            Document doc = db.parse(is);
+            return doc.getDocumentElement();
+        } catch (SAXException ex) {
+            throw new KeyResolverException(ex);
+        } catch (IOException ex) {
+            throw new KeyResolverException(ex);
+        } catch (ParserConfigurationException ex) {
+            throw new KeyResolverException(ex);
+        }
+    }
+
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
@@ -2,6 +2,24 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
 
 import java.security.PrivateKey;
@@ -21,28 +39,24 @@
 
 /**
  * KeyResolverSpi implementation which resolves public keys from a
- * <code>dsig11:DEREncodedKeyValue</code> element.
+ * {@code dsig11:DEREncodedKeyValue} element.
  *
- * @author Brent Putman (putmanb@georgetown.edu)
  */
 public class DEREncodedKeyValueResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(DEREncodedKeyValueResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DEREncodedKeyValueResolver.class);
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
         return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_DERENCODEDKEYVALUE);
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-        }
+        LOG.debug("Can I resolve {}", element.getTagName());
 
         if (!engineCanResolve(element, baseURI, storage)) {
             return null;
@@ -52,27 +66,25 @@
             DEREncodedKeyValue derKeyValue = new DEREncodedKeyValue(element, baseURI);
             return derKeyValue.getPublicKey();
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
-            }
+            LOG.debug("XMLSecurityException", e);
         }
 
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
         return null;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
@@ -35,21 +35,20 @@
 
 public class DSAKeyValueResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(DSAKeyValueResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DSAKeyValueResolver.class);
 
 
     /**
      * Method engineResolvePublicKey
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      * @return null if no {@link PublicKey} could be obtained
      */
     public PublicKey engineLookupAndResolvePublicKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) {
         if (element == null) {
             return null;
@@ -71,14 +70,12 @@
         }
 
         try {
-            DSAKeyValue dsaKeyValue = new DSAKeyValue(dsaKeyElement, BaseURI);
+            DSAKeyValue dsaKeyValue = new DSAKeyValue(dsaKeyElement, baseURI);
             PublicKey pk = dsaKeyValue.getPublicKey();
 
             return pk;
         } catch (XMLSecurityException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             //do nothing
         }
 
@@ -86,16 +83,16 @@
     }
 
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public X509Certificate engineLookupResolveX509Certificate(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) {
         return null;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) {
         return null;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
-
-import java.security.Key;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-
-import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
-import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
-import com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException;
-import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi;
-import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
-import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * The <code>EncryptedKeyResolver</code> is not a generic resolver.  It can
- * only be for specific instantiations, as the key being unwrapped will
- * always be of a particular type and will always have been wrapped by
- * another key which needs to be recursively resolved.
- *
- * The <code>EncryptedKeyResolver</code> can therefore only be instantiated
- * with an algorithm.  It can also be instantiated with a key (the KEK) or
- * will search the static KeyResolvers to find the appropriate key.
- *
- * @author Berin Lautenbach
- */
-public class EncryptedKeyResolver extends KeyResolverSpi {
-
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(EncryptedKeyResolver.class.getName());
-
-    private Key kek;
-    private String algorithm;
-    private List<KeyResolverSpi> internalKeyResolvers;
-
-    /**
-     * Constructor for use when a KEK needs to be derived from a KeyInfo
-     * list
-     * @param algorithm
-     */
-    public EncryptedKeyResolver(String algorithm) {
-        kek = null;
-        this.algorithm = algorithm;
-    }
-
-    /**
-     * Constructor used for when a KEK has been set
-     * @param algorithm
-     * @param kek
-     */
-    public EncryptedKeyResolver(String algorithm, Key kek) {
-        this.algorithm = algorithm;
-        this.kek = kek;
-    }
-
-    /**
-     * This method is used to add a custom {@link KeyResolverSpi} to help
-     * resolve the KEK.
-     *
-     * @param realKeyResolver
-     */
-    public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) {
-        if (internalKeyResolvers == null) {
-            internalKeyResolvers = new ArrayList<KeyResolverSpi>();
-        }
-        internalKeyResolvers.add(realKeyResolver);
-    }
-
-    /** @inheritDoc */
-    public PublicKey engineLookupAndResolvePublicKey(
-        Element element, String BaseURI, StorageResolver storage
-    ) {
-        return null;
-    }
-
-    /** @inheritDoc */
-    public X509Certificate engineLookupResolveX509Certificate(
-        Element element, String BaseURI, StorageResolver storage
-    ) {
-        return null;
-    }
-
-    /** @inheritDoc */
-    public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
-        Element element, String BaseURI, StorageResolver storage
-    ) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
-        }
-
-        if (element == null) {
-            return null;
-        }
-
-        SecretKey key = null;
-        boolean isEncryptedKey =
-            XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
-        if (isEncryptedKey) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
-            }
-            try {
-                XMLCipher cipher = XMLCipher.getInstance();
-                cipher.init(XMLCipher.UNWRAP_MODE, kek);
-                if (internalKeyResolvers != null) {
-                    int size = internalKeyResolvers.size();
-                    for (int i = 0; i < size; i++) {
-                        cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
-                    }
-                }
-                EncryptedKey ek = cipher.loadEncryptedKey(element);
-                key = (SecretKey) cipher.decryptKey(ek, algorithm);
-            } catch (XMLEncryptionException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-            }
-        }
-
-        return key;
-    }
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
@@ -2,19 +2,33 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 
 import javax.crypto.SecretKey;
-import javax.xml.XMLConstants;
 import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
@@ -29,34 +43,29 @@
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
 import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
 /**
  * KeyResolverSpi implementation which resolves public keys, private keys, secret keys, and X.509 certificates from a
- * <code>dsig11:KeyInfoReference</code> element.
+ * {@code dsig11:KeyInfoReference} element.
  *
- * @author Brent Putman (putmanb@georgetown.edu)
  */
 public class KeyInfoReferenceResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(KeyInfoReferenceResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyInfoReferenceResolver.class);
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
         return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_KEYINFOREFERENCE);
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-        }
+        LOG.debug("Can I resolve {}", element.getTagName());
 
         if (!engineCanResolve(element, baseURI, storage)) {
             return null;
@@ -68,21 +77,17 @@
                 return referent.getPublicKey();
             }
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
-            }
+            LOG.debug("XMLSecurityException", e);
         }
 
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-        }
+        LOG.debug("Can I resolve {}", element.getTagName());
 
         if (!engineCanResolve(element, baseURI, storage)) {
             return null;
@@ -94,21 +99,17 @@
                 return referent.getX509Certificate();
             }
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
-            }
+            LOG.debug("XMLSecurityException", e);
         }
 
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-        }
+        LOG.debug("Can I resolve {}", element.getTagName());
 
         if (!engineCanResolve(element, baseURI, storage)) {
             return null;
@@ -120,21 +121,17 @@
                 return referent.getSecretKey();
             }
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
-            }
+            LOG.debug("XMLSecurityException", e);
         }
 
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-        }
+        LOG.debug("Can I resolve " + element.getTagName());
 
         if (!engineCanResolve(element, baseURI, storage)) {
             return null;
@@ -146,9 +143,7 @@
                 return referent.getPrivateKey();
             }
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
-            }
+            LOG.debug("XMLSecurityException", e);
         }
 
         return null;
@@ -173,14 +168,12 @@
         try {
             referentElement = obtainReferenceElement(resource);
         } catch (Exception e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
-            }
+            LOG.debug("XMLSecurityException", e);
             return null;
         }
 
         if (referentElement == null) {
-            log.log(java.util.logging.Level.FINE, "De-reference of KeyInfoReference URI returned null: " + uriAttr.getValue());
+            LOG.debug("De-reference of KeyInfoReference URI returned null: {}", uriAttr.getValue());
             return null;
         }
 
@@ -224,21 +217,20 @@
      * @param uri
      * @param baseURI
      * @param secureValidation
-     * @return
+     * @return the XML signature input represented by the specified URI.
      * @throws XMLSecurityException
      */
     private XMLSignatureInput resolveInput(Attr uri, String baseURI, boolean secureValidation)
         throws XMLSecurityException {
         ResourceResolver resRes = ResourceResolver.getInstance(uri, baseURI, secureValidation);
-        XMLSignatureInput resource = resRes.resolve(uri, baseURI, secureValidation);
-        return resource;
+        return resRes.resolve(uri, baseURI, secureValidation);
     }
 
     /**
      * Resolve the Element effectively represented by the XML signature input source.
      *
      * @param resource
-     * @return
+     * @return the Element effectively represented by the XML signature input source.
      * @throws CanonicalizationException
      * @throws ParserConfigurationException
      * @throws IOException
@@ -253,38 +245,13 @@
         if (resource.isElement()){
             e = (Element) resource.getSubNode();
         } else if (resource.isNodeSet()) {
-            log.log(java.util.logging.Level.FINE, "De-reference of KeyInfoReference returned an unsupported NodeSet");
+            LOG.debug("De-reference of KeyInfoReference returned an unsupported NodeSet");
             return null;
         } else {
             // Retrieved resource is a byte stream
             byte inputBytes[] = resource.getBytes();
-            e = getDocFromBytes(inputBytes);
+            e = getDocFromBytes(inputBytes, this.secureValidation);
         }
         return e;
     }
-
-    /**
-     * Parses a byte array and returns the parsed Element.
-     *
-     * @param bytes
-     * @return the Document Element after parsing bytes
-     * @throws KeyResolverException if something goes wrong
-     */
-    private Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
-        try {
-            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-            dbf.setNamespaceAware(true);
-            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-            DocumentBuilder db = dbf.newDocumentBuilder();
-            Document doc = db.parse(new ByteArrayInputStream(bytes));
-            return doc.getDocumentElement();
-        } catch (SAXException ex) {
-            throw new KeyResolverException("empty", ex);
-        } catch (IOException ex) {
-            throw new KeyResolverException("empty", ex);
-        } catch (ParserConfigurationException ex) {
-            throw new KeyResolverException("empty", ex);
-        }
-    }
-
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/PrivateKeyResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/PrivateKeyResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/PrivateKeyResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/PrivateKeyResolver.java
@@ -2,6 +2,24 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
 
 import java.security.Key;
@@ -34,9 +52,9 @@
  * For a KeyName hint, the KeyName must match the alias of a PrivateKey entry within the KeyStore.
  */
 public class PrivateKeyResolver extends KeyResolverSpi {
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(PrivateKeyResolver.class.getName());
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(PrivateKeyResolver.class);
 
     private KeyStore keyStore;
     private char[] password;
@@ -53,11 +71,11 @@
      * This method returns whether the KeyResolverSpi is able to perform the requested action.
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      * @return whether the KeyResolverSpi is able to perform the requested action.
      */
-    public boolean engineCanResolve(Element element, String BaseURI, StorageResolver storage) {
+    public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
         if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)
             || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
             return true;
@@ -70,27 +88,27 @@
      * Method engineLookupAndResolvePublicKey
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      * @return null if no {@link PublicKey} could be obtained
      * @throws KeyResolverException
      */
     public PublicKey engineLookupAndResolvePublicKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
         return null;
     }
 
     /**
      * Method engineResolveX509Certificate
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      * @throws KeyResolverException
      */
     public X509Certificate engineLookupResolveX509Certificate(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
         return null;
     }
@@ -99,21 +117,21 @@
      * Method engineResolveSecretKey
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
      *
      * @throws KeyResolverException
      */
     public SecretKey engineResolveSecretKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
         return null;
     }
 
     /**
      * Method engineResolvePrivateKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -123,9 +141,7 @@
     public PrivateKey engineLookupAndResolvePrivateKey(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
 
         if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
             PrivateKey privKey = resolveX509Data(element, baseURI);
@@ -133,7 +149,7 @@
                 return privKey;
             }
         } else if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve KeyName?");
+            LOG.debug("Can I resolve KeyName?");
             String keyName = element.getFirstChild().getNodeValue();
 
             try {
@@ -142,16 +158,16 @@
                     return (PrivateKey) key;
                 }
             } catch (Exception e) {
-                log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
+                LOG.debug("Cannot recover the key", e);
             }
         }
 
-        log.log(java.util.logging.Level.FINE, "I can't");
+        LOG.debug("I can't");
         return null;
     }
 
     private PrivateKey resolveX509Data(Element element, String baseURI) {
-        log.log(java.util.logging.Level.FINE, "Can I resolve X509Data?");
+        LOG.debug("Can I resolve X509Data?");
 
         try {
             X509Data x509Data = new X509Data(element, baseURI);
@@ -192,9 +208,9 @@
                 }
             }
         } catch (XMLSecurityException e) {
-            log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
+            LOG.debug("XMLSecurityException", e);
         } catch (KeyStoreException e) {
-            log.log(java.util.logging.Level.FINE, "KeyStoreException", e);
+            LOG.debug("KeyStoreException", e);
         }
 
         return null;
@@ -204,7 +220,7 @@
      * Search for a private key entry in the KeyStore with the same Subject Key Identifier
      */
     private PrivateKey resolveX509SKI(XMLX509SKI x509SKI) throws XMLSecurityException, KeyStoreException {
-        log.log(java.util.logging.Level.FINE, "Can I resolve X509SKI?");
+        LOG.debug("Can I resolve X509SKI?");
 
         Enumeration<String> aliases = keyStore.aliases();
         while (aliases.hasMoreElements()) {
@@ -216,7 +232,7 @@
                     XMLX509SKI certSKI = new XMLX509SKI(x509SKI.getDocument(), (X509Certificate) cert);
 
                     if (certSKI.equals(x509SKI)) {
-                        log.log(java.util.logging.Level.FINE, "match !!! ");
+                        LOG.debug("match !!! ");
 
                         try {
                             Key key = keyStore.getKey(alias, password);
@@ -224,7 +240,7 @@
                                 return (PrivateKey) key;
                             }
                         } catch (Exception e) {
-                            log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
+                            LOG.debug("Cannot recover the key", e);
                             // Keep searching
                         }
                     }
@@ -239,7 +255,7 @@
      * Search for a private key entry in the KeyStore with the same Issuer/Serial Number pair.
      */
     private PrivateKey resolveX509IssuerSerial(XMLX509IssuerSerial x509Serial) throws KeyStoreException {
-        log.log(java.util.logging.Level.FINE, "Can I resolve X509IssuerSerial?");
+        LOG.debug("Can I resolve X509IssuerSerial?");
 
         Enumeration<String> aliases = keyStore.aliases();
         while (aliases.hasMoreElements()) {
@@ -252,7 +268,7 @@
                         new XMLX509IssuerSerial(x509Serial.getDocument(), (X509Certificate) cert);
 
                     if (certSerial.equals(x509Serial)) {
-                        log.log(java.util.logging.Level.FINE, "match !!! ");
+                        LOG.debug("match !!! ");
 
                         try {
                             Key key = keyStore.getKey(alias, password);
@@ -260,7 +276,7 @@
                                 return (PrivateKey) key;
                             }
                         } catch (Exception e) {
-                            log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
+                            LOG.debug("Cannot recover the key", e);
                             // Keep searching
                         }
                     }
@@ -275,7 +291,7 @@
      * Search for a private key entry in the KeyStore with the same Subject Name.
      */
     private PrivateKey resolveX509SubjectName(XMLX509SubjectName x509SubjectName) throws KeyStoreException {
-        log.log(java.util.logging.Level.FINE, "Can I resolve X509SubjectName?");
+        LOG.debug("Can I resolve X509SubjectName?");
 
         Enumeration<String> aliases = keyStore.aliases();
         while (aliases.hasMoreElements()) {
@@ -288,7 +304,7 @@
                         new XMLX509SubjectName(x509SubjectName.getDocument(), (X509Certificate) cert);
 
                     if (certSN.equals(x509SubjectName)) {
-                        log.log(java.util.logging.Level.FINE, "match !!! ");
+                        LOG.debug("match !!! ");
 
                         try {
                             Key key = keyStore.getKey(alias, password);
@@ -296,7 +312,7 @@
                                 return (PrivateKey) key;
                             }
                         } catch (Exception e) {
-                            log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
+                            LOG.debug("Cannot recover the key", e);
                             // Keep searching
                         }
                     }
@@ -313,7 +329,7 @@
     private PrivateKey resolveX509Certificate(
         XMLX509Certificate x509Cert
     ) throws XMLSecurityException, KeyStoreException {
-        log.log(java.util.logging.Level.FINE, "Can I resolve X509Certificate?");
+        LOG.debug("Can I resolve X509Certificate?");
         byte[] x509CertBytes = x509Cert.getCertificateBytes();
 
         Enumeration<String> aliases = keyStore.aliases();
@@ -328,10 +344,11 @@
                     try {
                         certBytes = cert.getEncoded();
                     } catch (CertificateEncodingException e1) {
+                        LOG.debug("Cannot recover the key", e1);
                     }
 
                     if (certBytes != null && Arrays.equals(certBytes, x509CertBytes)) {
-                        log.log(java.util.logging.Level.FINE, "match !!! ");
+                        LOG.debug("match !!! ");
 
                         try {
                             Key key = keyStore.getKey(alias, password);
@@ -340,7 +357,7 @@
                             }
                         }
                         catch (Exception e) {
-                            log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
+                            LOG.debug("Cannot recover the key", e);
                             // Keep searching
                         }
                     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
@@ -36,18 +36,15 @@
 
 public class RSAKeyValueResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(RSAKeyValueResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(RSAKeyValueResolver.class);
 
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public PublicKey engineLookupAndResolvePublicKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-        }
+        LOG.debug("Can I resolve {}", element.getTagName());
         if (element == null) {
             return null;
         }
@@ -68,28 +65,26 @@
         }
 
         try {
-            RSAKeyValue rsaKeyValue = new RSAKeyValue(rsaKeyElement, BaseURI);
+            RSAKeyValue rsaKeyValue = new RSAKeyValue(rsaKeyElement, baseURI);
 
             return rsaKeyValue.getPublicKey();
         } catch (XMLSecurityException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
-            }
+            LOG.debug("XMLSecurityException", ex);
         }
 
         return null;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public X509Certificate engineLookupResolveX509Certificate(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) {
         return null;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) {
         return null;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
@@ -24,6 +24,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.security.PublicKey;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -34,9 +35,6 @@
 import java.util.ListIterator;
 import java.util.Set;
 
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
@@ -53,7 +51,6 @@
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
 import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
@@ -67,17 +64,15 @@
  * RetrievalMethodResolver cannot handle itself, resolving of the extracted
  * element is delegated back to the KeyResolver mechanism.
  *
- * @author $Author: raul $ modified by Dave Garcia
  */
 public class RetrievalMethodResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(RetrievalMethodResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(RetrievalMethodResolver.class);
 
     /**
      * Method engineResolvePublicKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -102,58 +97,46 @@
                 }
                 return null;
              }
-             Element e = obtainReferenceElement(resource);
+             Element e = obtainReferenceElement(resource, secureValidation);
 
              // Check to make sure that the reference is not to another RetrievalMethod
              // which points to this element
              if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
                  if (secureValidation) {
-                     String error = "Error: It is forbidden to have one RetrievalMethod "
-                         + "point to another with secure validation";
-                     if (log.isLoggable(java.util.logging.Level.FINE)) {
-                         log.log(java.util.logging.Level.FINE, error);
+                     if (LOG.isDebugEnabled()) {
+                         String error = "Error: It is forbidden to have one RetrievalMethod "
+                             + "point to another with secure validation";
+                         LOG.debug(error);
                      }
                      return null;
                  }
                  RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
                  XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
-                 Element e2 = obtainReferenceElement(resource2);
+                 Element e2 = obtainReferenceElement(resource2, secureValidation);
                  if (e2 == element) {
-                     if (log.isLoggable(java.util.logging.Level.FINE)) {
-                         log.log(java.util.logging.Level.FINE, "Error: Can't have RetrievalMethods pointing to each other");
-                     }
+                     LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
                      return null;
                  }
              }
 
              return resolveKey(e, baseURI, storage);
          } catch (XMLSecurityException ex) {
-             if (log.isLoggable(java.util.logging.Level.FINE)) {
-                 log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
-             }
+             LOG.debug("XMLSecurityException", ex);
          } catch (CertificateException ex) {
-             if (log.isLoggable(java.util.logging.Level.FINE)) {
-                 log.log(java.util.logging.Level.FINE, "CertificateException", ex);
-             }
+             LOG.debug("CertificateException", ex);
          } catch (IOException ex) {
-             if (log.isLoggable(java.util.logging.Level.FINE)) {
-                 log.log(java.util.logging.Level.FINE, "IOException", ex);
-             }
+             LOG.debug("IOException", ex);
          } catch (ParserConfigurationException e) {
-             if (log.isLoggable(java.util.logging.Level.FINE)) {
-                 log.log(java.util.logging.Level.FINE, "ParserConfigurationException", e);
-             }
+             LOG.debug("ParserConfigurationException", e);
          } catch (SAXException e) {
-             if (log.isLoggable(java.util.logging.Level.FINE)) {
-                 log.log(java.util.logging.Level.FINE, "SAXException", e);
-             }
+             LOG.debug("SAXException", e);
          }
          return null;
     }
 
     /**
      * Method engineResolveX509Certificate
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -172,51 +155,39 @@
                 return getRawCertificate(resource);
             }
 
-            Element e = obtainReferenceElement(resource);
+            Element e = obtainReferenceElement(resource, secureValidation);
 
             // Check to make sure that the reference is not to another RetrievalMethod
             // which points to this element
             if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
                 if (secureValidation) {
-                    String error = "Error: It is forbidden to have one RetrievalMethod "
-                        + "point to another with secure validation";
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, error);
+                    if (LOG.isDebugEnabled()) {
+                        String error = "Error: It is forbidden to have one RetrievalMethod "
+                            + "point to another with secure validation";
+                        LOG.debug(error);
                     }
                     return null;
                 }
                 RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
                 XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
-                Element e2 = obtainReferenceElement(resource2);
+                Element e2 = obtainReferenceElement(resource2, secureValidation);
                 if (e2 == element) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "Error: Can't have RetrievalMethods pointing to each other");
-                    }
+                    LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
                     return null;
                 }
             }
 
             return resolveCertificate(e, baseURI, storage);
         } catch (XMLSecurityException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
-            }
+            LOG.debug("XMLSecurityException", ex);
         } catch (CertificateException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "CertificateException", ex);
-            }
+            LOG.debug("CertificateException", ex);
         } catch (IOException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "IOException", ex);
-            }
+            LOG.debug("IOException", ex);
         } catch (ParserConfigurationException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "ParserConfigurationException", e);
-            }
+            LOG.debug("ParserConfigurationException", e);
         } catch (SAXException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "SAXException", e);
-            }
+            LOG.debug("SAXException", e);
         }
         return null;
     }
@@ -226,14 +197,14 @@
      * @param e
      * @param baseURI
      * @param storage
-     * @return
+     * @return a x509Certificate from the given information
      * @throws KeyResolverException
      */
     private static X509Certificate resolveCertificate(
         Element e, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Now we have a {" + e.getNamespaceURI() + "}"
                 + e.getLocalName() + " Element");
         }
         // An element has been provided
@@ -248,14 +219,14 @@
      * @param e
      * @param baseURI
      * @param storage
-     * @return
+     * @return a PublicKey from the given information
      * @throws KeyResolverException
      */
     private static PublicKey resolveKey(
         Element e, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Now we have a {" + e.getNamespaceURI() + "}"
                 + e.getLocalName() + " Element");
         }
         // An element has been provided
@@ -265,7 +236,7 @@
         return null;
     }
 
-    private static Element obtainReferenceElement(XMLSignatureInput resource)
+    private static Element obtainReferenceElement(XMLSignatureInput resource, boolean secureValidation)
         throws CanonicalizationException, ParserConfigurationException,
         IOException, SAXException, KeyResolverException {
         Element e;
@@ -277,11 +248,9 @@
         } else {
             // Retrieved resource is an inputStream
             byte inputBytes[] = resource.getBytes();
-            e = getDocFromBytes(inputBytes);
+            e = getDocFromBytes(inputBytes, secureValidation);
             // otherwise, we parse the resource, create an Element and delegate
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
-            }
+            LOG.debug("we have to parse {} bytes", inputBytes.length);
         }
         return e;
     }
@@ -292,14 +261,14 @@
         // if the resource stores a raw certificate, we have to handle it
         CertificateFactory certFact =
             CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
-        X509Certificate cert = (X509Certificate)
-            certFact.generateCertificate(new ByteArrayInputStream(inputBytes));
-        return cert;
+        try (InputStream is = new ByteArrayInputStream(inputBytes)) {
+            return (X509Certificate) certFact.generateCertificate(is);
+        }
     }
 
     /**
      * Resolves the input from the given retrieval method
-     * @return
+     * @return the input from the given retrieval method
      * @throws XMLSecurityException
      */
     private static XMLSignatureInput resolveInput(
@@ -311,41 +280,15 @@
         ResourceResolver resRes = ResourceResolver.getInstance(uri, baseURI, secureValidation);
         XMLSignatureInput resource = resRes.resolve(uri, baseURI, secureValidation);
         if (transforms != null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "We have Transforms");
-            }
+            LOG.debug("We have Transforms");
             resource = transforms.performTransforms(resource);
         }
         return resource;
     }
 
     /**
-     * Parses a byte array and returns the parsed Element.
-     *
-     * @param bytes
-     * @return the Document Element after parsing bytes
-     * @throws KeyResolverException if something goes wrong
-     */
-    private static Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
-        try {
-            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-            dbf.setNamespaceAware(true);
-            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-            DocumentBuilder db = dbf.newDocumentBuilder();
-            Document doc = db.parse(new ByteArrayInputStream(bytes));
-            return doc.getDocumentElement();
-        } catch (SAXException ex) {
-            throw new KeyResolverException("empty", ex);
-        } catch (IOException ex) {
-            throw new KeyResolverException("empty", ex);
-        } catch (ParserConfigurationException ex) {
-            throw new KeyResolverException("empty", ex);
-        }
-    }
-
-    /**
      * Method engineResolveSecretKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -366,7 +309,7 @@
                 break;
             }
         }
-        List<Node> parents = new ArrayList<Node>();
+        List<Node> parents = new ArrayList<>();
 
         // Obtain all the parents of the elemnt
         while (e != null) {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SecretKeyResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SecretKeyResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SecretKeyResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SecretKeyResolver.java
@@ -2,6 +2,24 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
 
 import java.security.Key;
@@ -23,9 +41,8 @@
  */
 public class SecretKeyResolver extends KeyResolverSpi
 {
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SecretKeyResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SecretKeyResolver.class);
 
     private KeyStore keyStore;
     private char[] password;
@@ -67,7 +84,7 @@
 
     /**
      * Method engineResolveX509Certificate
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -92,9 +109,7 @@
     public SecretKey engineResolveSecretKey(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
 
         if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
             String keyName = element.getFirstChild().getNodeValue();
@@ -104,17 +119,17 @@
                     return (SecretKey) key;
                 }
             } catch (Exception e) {
-                log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
+                LOG.debug("Cannot recover the key", e);
             }
         }
 
-        log.log(java.util.logging.Level.FINE, "I can't");
+        LOG.debug("I can't");
         return null;
     }
 
     /**
      * Method engineResolvePrivateKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SingleKeyResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SingleKeyResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SingleKeyResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SingleKeyResolver.java
@@ -2,6 +2,24 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
 
 import java.security.PrivateKey;
@@ -18,11 +36,9 @@
 /**
  * Resolves a single Key based on the KeyName.
  */
-public class SingleKeyResolver extends KeyResolverSpi
-{
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SingleKeyResolver.class.getName());
+public class SingleKeyResolver extends KeyResolverSpi {
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SingleKeyResolver.class);
 
     private String keyName;
     private PublicKey publicKey;
@@ -63,7 +79,7 @@
      * This method returns whether the KeyResolverSpi is able to perform the requested action.
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      * @return whether the KeyResolverSpi is able to perform the requested action.
      */
@@ -83,9 +99,7 @@
     public PublicKey engineLookupAndResolvePublicKey(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
 
         if (publicKey != null
             && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
@@ -95,13 +109,13 @@
             }
         }
 
-        log.log(java.util.logging.Level.FINE, "I can't");
+        LOG.debug("I can't");
         return null;
     }
 
     /**
      * Method engineResolveX509Certificate
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -126,9 +140,7 @@
     public SecretKey engineResolveSecretKey(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
 
         if (secretKey != null
             && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
@@ -138,13 +150,13 @@
             }
         }
 
-        log.log(java.util.logging.Level.FINE, "I can't");
+        LOG.debug("I can't");
         return null;
     }
 
     /**
      * Method engineResolvePrivateKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -154,9 +166,7 @@
     public PrivateKey engineLookupAndResolvePrivateKey(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
 
         if (privateKey != null
             && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
@@ -166,7 +176,7 @@
             }
         }
 
-        log.log(java.util.logging.Level.FINE, "I can't");
+        LOG.debug("I can't");
         return null;
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java
@@ -36,31 +36,29 @@
 
 /**
  * Resolves Certificates which are directly contained inside a
- * <CODE>ds:X509Certificate</CODE> Element.
+ * {@code ds:X509Certificate} Element.
  *
- * @author $Author: coheigea $
  */
 public class X509CertificateResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(X509CertificateResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(X509CertificateResolver.class);
 
     /**
      * Method engineResolvePublicKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      *
      * @throws KeyResolverException
      */
     public PublicKey engineLookupAndResolvePublicKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
 
         X509Certificate cert =
-            this.engineLookupResolveX509Certificate(element, BaseURI, storage);
+            this.engineLookupResolveX509Certificate(element, baseURI, storage);
 
         if (cert != null) {
             return cert.getPublicKey();
@@ -71,32 +69,32 @@
 
     /**
      * Method engineResolveX509Certificate
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      *
      * @throws KeyResolverException
      */
     public X509Certificate engineLookupResolveX509Certificate(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
 
         try {
             Element[] els =
                 XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509CERTIFICATE);
-            if ((els == null) || (els.length == 0)) {
+            if (els == null || els.length == 0) {
                 Element el =
                     XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_X509DATA, 0);
                 if (el != null) {
-                    return engineLookupResolveX509Certificate(el, BaseURI, storage);
+                    return engineLookupResolveX509Certificate(el, baseURI, storage);
                 }
                 return null;
             }
 
             // populate Object array
             for (int i = 0; i < els.length; i++) {
-                XMLX509Certificate xmlCert = new XMLX509Certificate(els[i], BaseURI);
+                XMLX509Certificate xmlCert = new XMLX509Certificate(els[i], baseURI);
                 X509Certificate cert = xmlCert.getX509Certificate();
                 if (cert != null) {
                     return cert;
@@ -104,22 +102,20 @@
             }
             return null;
         } catch (XMLSecurityException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
-            }
-            throw new KeyResolverException("generic.EmptyMessage", ex);
+            LOG.debug("Security Exception", ex);
+            throw new KeyResolverException(ex);
         }
     }
 
     /**
      * Method engineResolveSecretKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      */
     public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
-        Element element, String BaseURI, StorageResolver storage
+        Element element, String baseURI, StorageResolver storage
     ) {
         return null;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509DigestResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509DigestResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509DigestResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509DigestResolver.java
@@ -2,6 +2,24 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
 
 import java.security.PublicKey;
@@ -24,17 +42,15 @@
 
 /**
  * KeyResolverSpi implementation which resolves public keys and X.509 certificates from a
- * <code>dsig11:X509Digest</code> element.
+ * {@code dsig11:X509Digest} element.
  *
- * @author Brent Putman (putmanb@georgetown.edu)
  */
 public class X509DigestResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(X509DigestResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(X509DigestResolver.class);
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
         if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
             try {
@@ -48,7 +64,7 @@
         }
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
 
@@ -61,13 +77,11 @@
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-        }
+        LOG.debug("Can I resolve {}", element.getTagName());
 
         if (!engineCanResolve(element, baseURI, storage)) {
             return null;
@@ -76,15 +90,13 @@
         try {
             return resolveCertificate(element, baseURI, storage);
         } catch (XMLSecurityException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
-            }
+            LOG.debug("XMLSecurityException", e);
         }
 
         return null;
     }
 
-    /** {@inheritDoc}. */
+    /** {{@inheritDoc}}. */
     public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
         throws KeyResolverException {
         return null;
@@ -96,7 +108,7 @@
      * @param element
      * @param baseURI
      * @param storage
-     * @return
+     * @return the certificate represented by the digest.
      * @throws XMLSecurityException
      */
     private X509Certificate resolveCertificate(Element element, String baseURI, StorageResolver storage)
@@ -128,9 +140,7 @@
                     byte[] certDigestBytes = XMLX509Digest.getDigestBytesFromCert(cert, keyInfoDigest.getAlgorithm());
 
                     if (Arrays.equals(keyInfoDigest.getDigestBytes(), certDigestBytes)) {
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, "Found certificate with: " + cert.getSubjectX500Principal().getName());
-                        }
+                        LOG.debug("Found certificate with: {}", cert.getSubjectX500Principal().getName());
                         return cert;
                     }
 
@@ -138,7 +148,7 @@
             }
 
         } catch (XMLSecurityException ex) {
-            throw new KeyResolverException("empty", ex);
+            throw new KeyResolverException(ex);
         }
 
         return null;
@@ -154,9 +164,7 @@
         if (storage == null) {
             Object exArgs[] = { Constants._TAG_X509DIGEST };
             KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "", ex);
-            }
+            LOG.debug("", ex);
             throw ex;
         }
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
@@ -39,12 +39,11 @@
 
 public class X509IssuerSerialResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(X509IssuerSerialResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(X509IssuerSerialResolver.class);
 
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public PublicKey engineLookupAndResolvePublicKey(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
@@ -59,26 +58,20 @@
         return null;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public X509Certificate engineLookupResolveX509Certificate(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
 
         X509Data x509data = null;
         try {
             x509data = new X509Data(element, baseURI);
         } catch (XMLSignatureException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I can't");
-            }
+            LOG.debug("I can't");
             return null;
         } catch (XMLSecurityException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I can't");
-            }
+            LOG.debug("I can't");
             return null;
         }
 
@@ -91,9 +84,7 @@
                 KeyResolverException ex =
                     new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
 
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "", ex);
-                }
+                LOG.debug("", ex);
                 throw ex;
             }
 
@@ -104,44 +95,32 @@
                 X509Certificate cert = (X509Certificate)storageIterator.next();
                 XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
 
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: " + certSerial.getIssuerName());
-                    log.log(java.util.logging.Level.FINE, "Found Certificate Serial: " + certSerial.getSerialNumber().toString());
-                }
+                LOG.debug("Found Certificate Issuer: {}", certSerial.getIssuerName());
+                LOG.debug("Found Certificate Serial: {}", certSerial.getSerialNumber().toString());
 
                 for (int i = 0; i < noOfISS; i++) {
                     XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
 
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "Found Element Issuer:     "
-                                  + xmliss.getIssuerName());
-                        log.log(java.util.logging.Level.FINE, "Found Element Serial:     "
-                                  + xmliss.getSerialNumber().toString());
-                    }
+                    LOG.debug("Found Element Issuer:     {}", xmliss.getIssuerName());
+                    LOG.debug("Found Element Serial:     {}", xmliss.getSerialNumber().toString());
 
                     if (certSerial.equals(xmliss)) {
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, "match !!! ");
-                        }
+                        LOG.debug("match !!! ");
                         return cert;
                     }
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "no match...");
-                    }
+                    LOG.debug("no match...");
                 }
             }
 
             return null;
         } catch (XMLSecurityException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
-            }
+            LOG.debug("XMLSecurityException", ex);
 
-            throw new KeyResolverException("generic.EmptyMessage", ex);
+            throw new KeyResolverException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
         Element element, String baseURI, StorageResolver storage
     ) {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SKIResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SKIResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SKIResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SKIResolver.java
@@ -39,9 +39,8 @@
 
 public class X509SKIResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(X509SKIResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(X509SKIResolver.class);
 
 
     /**
@@ -69,7 +68,7 @@
 
     /**
      * Method engineResolveX509Certificate
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -79,13 +78,9 @@
     public X509Certificate engineLookupResolveX509Certificate(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
         if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I can't");
-            }
+            LOG.debug("I can't");
             return null;
         }
         /** Field _x509childObject[] */
@@ -94,10 +89,8 @@
         Element x509childNodes[] = null;
         x509childNodes = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SKI);
 
-        if (!((x509childNodes != null) && (x509childNodes.length > 0))) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I can't");
-            }
+        if (!(x509childNodes != null && x509childNodes.length > 0)) {
+            LOG.debug("I can't");
             return null;
         }
         try {
@@ -106,9 +99,7 @@
                 KeyResolverException ex =
                     new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
 
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "", ex);
-                }
+                LOG.debug("", ex);
 
                 throw ex;
             }
@@ -126,16 +117,14 @@
 
                 for (int i = 0; i < x509childObject.length; i++) {
                     if (certSKI.equals(x509childObject[i])) {
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, "Return PublicKey from " + cert.getSubjectX500Principal().getName());
-                        }
+                        LOG.debug("Return PublicKey from {}", cert.getSubjectX500Principal().getName());
 
                         return cert;
                     }
                 }
             }
         } catch (XMLSecurityException ex) {
-            throw new KeyResolverException("empty", ex);
+            throw new KeyResolverException(ex);
         }
 
         return null;
@@ -143,7 +132,7 @@
 
     /**
      * Method engineResolveSecretKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
@@ -39,16 +39,15 @@
 
 public class X509SubjectNameResolver extends KeyResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(X509SubjectNameResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(X509SubjectNameResolver.class);
 
 
     /**
      * Method engineResolvePublicKey
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @param storage
      * @return null if no {@link PublicKey} could be obtained
      * @throws KeyResolverException
@@ -69,7 +68,7 @@
 
     /**
      * Method engineResolveX509Certificate
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
@@ -79,26 +78,19 @@
     public X509Certificate engineLookupResolveX509Certificate(
         Element element, String baseURI, StorageResolver storage
     ) throws KeyResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-        }
+        LOG.debug("Can I resolve {}?", element.getTagName());
         Element[] x509childNodes = null;
         XMLX509SubjectName x509childObject[] = null;
 
         if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I can't");
-            }
+            LOG.debug("I can't");
             return null;
         }
         x509childNodes =
             XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SUBJECTNAME);
 
-        if (!((x509childNodes != null)
-            && (x509childNodes.length > 0))) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I can't");
-            }
+        if (!(x509childNodes != null && x509childNodes.length > 0)) {
+            LOG.debug("I can't");
             return null;
         }
 
@@ -108,9 +100,7 @@
                 KeyResolverException ex =
                     new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
 
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "", ex);
-                }
+                LOG.debug("", ex);
 
                 throw ex;
             }
@@ -127,42 +117,31 @@
                 XMLX509SubjectName certSN =
                     new XMLX509SubjectName(element.getOwnerDocument(), cert);
 
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Found Certificate SN: " + certSN.getSubjectName());
-                }
+                LOG.debug("Found Certificate SN: {}", certSN.getSubjectName());
 
                 for (int i = 0; i < x509childObject.length; i++) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "Found Element SN:     "
-                              + x509childObject[i].getSubjectName());
-                    }
+                    LOG.debug("Found Element SN:     {}", x509childObject[i].getSubjectName());
 
                     if (certSN.equals(x509childObject[i])) {
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, "match !!! ");
-                        }
+                        LOG.debug("match !!! ");
 
                         return cert;
                     }
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "no match...");
-                    }
+                    LOG.debug("no match...");
                 }
             }
 
             return null;
         } catch (XMLSecurityException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
-            }
+            LOG.debug("XMLSecurityException", ex);
 
-            throw new KeyResolverException("generic.EmptyMessage", ex);
+            throw new KeyResolverException(ex);
         }
     }
 
     /**
      * Method engineResolveSecretKey
-     * @inheritDoc
+     * {@inheritDoc}
      * @param element
      * @param baseURI
      * @param storage
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-implementations for retrieval of certificates and public keys from elements.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-the resolver framework for retrieval of certificates and public keys from elements.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-general key related material.
-</P></BODY></HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java
@@ -38,12 +38,11 @@
  */
 public class StorageResolver {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(StorageResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(StorageResolver.class);
 
     /** Field storageResolvers */
-    private List<StorageResolverSpi> storageResolvers = null;
+    private List<StorageResolverSpi> storageResolvers;
 
     /**
      * Constructor StorageResolver
@@ -67,7 +66,7 @@
      */
     public void add(StorageResolverSpi resolver) {
         if (storageResolvers == null) {
-            storageResolvers = new ArrayList<StorageResolverSpi>();
+            storageResolvers = new ArrayList<>();
         }
         this.storageResolvers.add(resolver);
     }
@@ -90,7 +89,7 @@
         try {
             this.add(new KeyStoreResolver(keyStore));
         } catch (StorageResolverException ex) {
-            log.log(java.util.logging.Level.SEVERE, "Could not add KeyStore because of: ", ex);
+            LOG.error("Could not add KeyStore because of: ", ex);
         }
     }
 
@@ -142,7 +141,7 @@
             currentResolver = findNextResolver();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public boolean hasNext() {
             if (currentResolver == null) {
                 return false;
@@ -153,10 +152,10 @@
             }
 
             currentResolver = findNextResolver();
-            return (currentResolver != null);
+            return currentResolver != null;
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public Certificate next() {
             if (hasNext()) {
                 return currentResolver.next();
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java
@@ -40,6 +40,10 @@
         super();
     }
 
+    public StorageResolverException(Exception ex) {
+        super(ex);
+    }
+
     /**
      * Constructor StorageResolverException
      *
@@ -62,22 +66,31 @@
     /**
      * Constructor StorageResolverException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public StorageResolverException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public StorageResolverException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor StorageResolverException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public StorageResolverException(String msgID, Object exArgs[],
-                                    Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public StorageResolverException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public StorageResolverException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
@@ -23,9 +23,11 @@
 package com.sun.org.apache.xml.internal.security.keys.storage.implementations;
 
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
@@ -33,12 +35,12 @@
 import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Iterator;
 import java.util.List;
 
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolverException;
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolverSpi;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 
 /**
  * This {@link StorageResolverSpi} makes all raw (binary) {@link X509Certificate}s
@@ -47,17 +49,16 @@
  */
 public class CertsInFilesystemDirectoryResolver extends StorageResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(
-            CertsInFilesystemDirectoryResolver.class.getName()
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(
+            CertsInFilesystemDirectoryResolver.class
         );
 
     /** Field merlinsCertificatesDir */
-    private String merlinsCertificatesDir = null;
+    private String merlinsCertificatesDir;
 
     /** Field certs */
-    private List<X509Certificate> certs = new ArrayList<X509Certificate>();
+    private List<X509Certificate> certs = new ArrayList<>();
 
     /**
      * @param directoryName
@@ -78,14 +79,16 @@
     private void readCertsFromHarddrive() throws StorageResolverException {
 
         File certDir = new File(this.merlinsCertificatesDir);
-        List<String> al = new ArrayList<String>();
+        List<String> al = new ArrayList<>();
         String[] names = certDir.list();
 
-        for (int i = 0; i < names.length; i++) {
-            String currentFileName = names[i];
+        if (names != null) {
+            for (int i = 0; i < names.length; i++) {
+                String currentFileName = names[i];
 
-            if (currentFileName.endsWith(".crt")) {
-                al.add(names[i]);
+                if (currentFileName.endsWith(".crt")) {
+                    al.add(names[i]);
+                }
             }
         }
 
@@ -94,24 +97,17 @@
         try {
             cf = CertificateFactory.getInstance("X.509");
         } catch (CertificateException ex) {
-            throw new StorageResolverException("empty", ex);
-        }
-
-        if (cf == null) {
-            throw new StorageResolverException("empty");
+            throw new StorageResolverException(ex);
         }
 
         for (int i = 0; i < al.size(); i++) {
             String filename = certDir.getAbsolutePath() + File.separator + al.get(i);
-            File file = new File(filename);
             boolean added = false;
             String dn = null;
 
-            FileInputStream fis = null;
-            try {
-                fis = new FileInputStream(file);
+            try (InputStream inputStream = Files.newInputStream(Paths.get(filename))) {
                 X509Certificate cert =
-                    (X509Certificate) cf.generateCertificate(fis);
+                    (X509Certificate) cf.generateCertificate(inputStream);
 
                 //add to ArrayList
                 cert.checkValidity();
@@ -120,40 +116,34 @@
                 dn = cert.getSubjectX500Principal().getName();
                 added = true;
             } catch (FileNotFoundException ex) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Could not add certificate from file " + filename, ex);
                 }
             } catch (CertificateNotYetValidException ex) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Could not add certificate from file " + filename, ex);
                 }
             } catch (CertificateExpiredException ex) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Could not add certificate from file " + filename, ex);
                 }
             } catch (CertificateException ex) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Could not add certificate from file " + filename, ex);
                 }
-            } finally {
-                try {
-                    if (fis != null) {
-                        fis.close();
-                    }
-                } catch (IOException ex) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
-                    }
+            } catch (IOException ex) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Could not add certificate from file " + filename, ex);
                 }
             }
 
-            if (added && log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Added certificate: " + dn);
+            if (added) {
+                LOG.debug("Added certificate: {}", dn);
             }
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public Iterator<Certificate> getIterator() {
         return new FilesystemIterator(this.certs);
     }
@@ -164,10 +154,10 @@
     private static class FilesystemIterator implements Iterator<Certificate> {
 
         /** Field certs */
-        List<X509Certificate> certs = null;
+        private List<X509Certificate> certs;
 
         /** Field i */
-        int i;
+        private int i;
 
         /**
          * Constructor FilesystemIterator
@@ -179,12 +169,12 @@
             this.i = 0;
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public boolean hasNext() {
-            return (this.i < this.certs.size());
+            return this.i < this.certs.size();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public Certificate next() {
             return this.certs.get(this.i++);
         }
@@ -217,7 +207,7 @@
 
             System.out.println();
             System.out.println("Base64(SKI())=                 \""
-                               + Base64.encode(ski) + "\"");
+                               + Base64.getMimeEncoder().encodeToString(ski) + "\"");
             System.out.println("cert.getSerialNumber()=        \""
                                + cert.getSerialNumber().toString() + "\"");
             System.out.println("cert.getSubjectX500Principal().getName()= \""
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java
@@ -39,7 +39,7 @@
 public class KeyStoreResolver extends StorageResolverSpi {
 
     /** Field keyStore */
-    private KeyStore keyStore = null;
+    private KeyStore keyStore;
 
     /**
      * Constructor KeyStoreResolver
@@ -53,11 +53,11 @@
         try {
             keyStore.aliases();
         } catch (KeyStoreException ex) {
-            throw new StorageResolverException("generic.EmptyMessage", ex);
+            throw new StorageResolverException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public Iterator<Certificate> getIterator() {
         return new KeyStoreIterator(this.keyStore);
     }
@@ -98,16 +98,16 @@
             }
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public boolean hasNext() {
             if (nextCert == null) {
                 nextCert = findNextCert();
             }
 
-            return (nextCert != null);
+            return nextCert != null;
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public Certificate next() {
             if (nextCert == null) {
                 // maybe caller did not call hasNext()
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java
@@ -36,7 +36,7 @@
 public class SingleCertificateResolver extends StorageResolverSpi {
 
     /** Field certificate */
-    private X509Certificate certificate = null;
+    private X509Certificate certificate;
 
     /**
      * @param x509cert the single {@link X509Certificate}
@@ -45,7 +45,7 @@
         this.certificate = x509cert;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public Iterator<Certificate> getIterator() {
         return new InternalIterator(this.certificate);
     }
@@ -70,12 +70,12 @@
             this.certificate = x509cert;
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public boolean hasNext() {
             return !this.alreadyReturned;
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public Certificate next() {
             if (this.alreadyReturned) {
                 throw new NoSuchElementException();
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-implementations of resolvers for retrieval for certificates and public keys from user-specified locations.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-a resolver framework for certificates and public keys from user-specified locations.
-</P></BODY></HTML>
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/package.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<HTML>
-  <HEAD> 
-	 <TITLE>com.sun.org.apache.xml.internal.security</TITLE> 
-  </HEAD> 
-  <BODY> 
-	 <H1>Canonical XML and XML Signature Implementation</H1> 
-	 <H2>Needs the following packages</H2> 
-	 <UL> 
-		<LI>Xerces v2.0.0 <A HREF="http://xml.apache.org/dist/xerces-j/">http://xml.apache.org/dist/xerces-j/</A></LI>
-		<LI>Xalan 2.2.0 <A HREF="http://xml.apache.org/dist/xalan-j/">http://xml.apache.org/dist/xalan-j/</A></LI>
-		<LI>JUnit 3.7 <A HREF="http://download.sourceforge.net/junit/junit3.7.zip">http://download.sourceforge.net/junit/junit3.5.zip</A></LI>
-		<LI>Jakarta Log4J 1.1.2 <A HREF="http://jakarta.apache.org/log4j/">http://jakarta.apache.org/log4j/</A></LI>
-		<LI>ANT <A HREF="http://jakarta.apache.org/builds/jakarta-ant/release/">http://jakarta.apache.org/builds/jakarta-ant/release/</A></LI> 
-	 </UL>
-	 <H1>Packages</H1> 
-	 <UL> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.algorithms} contains algorithm factories </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.c14n} contains Canonicalization related material and algorithms </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.exceptions} contains all exceptions used by this library </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.keys} contains key related material </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.samples} contains some sample applications and non-standard transforms </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.signature} contains the XML Signature specific classes </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.transforms} XML Signature transformations </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.utils} contains all utility classes </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.test} JUnit test cases </LI> 
-		<LI>{@link com.sun.org.apache.xml.internal.security.temp} is the playground for messing around </LI> 
-	 </UL> 
-	 <H2>Support</H2> 
-	 <P>See <A HREF="http://xml.apache.org/security/">the xml-security project</A> for further assistence</P> 
-	 <H2>Author</H2> 
-	 <P>Christian Geuer-Pollmann geuer-pollmann@nue.et-inf.uni-siegen.de<BR> 
-	    University of Siegen<BR> 
-	    Institute for Data Communications Systems<BR> 
-	 </P> 
-     </BODY>
-</HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml b/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml
@@ -1,5 +1,23 @@
 <?xml version="1.0"?>
 <!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<!--
 <!DOCTYPE Configuration SYSTEM "config.dtd">
 -->
 <!-- This configuration file is used for configuration of the com.sun.org.apache.xml.internal.security package -->
@@ -14,10 +32,12 @@
                               JAVACLASS="com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315ExclOmitComments"/>
       <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
                               JAVACLASS="com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315ExclWithComments"/>
-      <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11"
-                              JAVACLASS="com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments"/>
-      <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
-                              JAVACLASS="com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_WithComments"/>
+      <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11"
+                              JAVACLASS="com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments"/>
+      <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
+                              JAVACLASS="com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_WithComments"/>
+      <CanonicalizationMethod URI="http://santuario.apache.org/c14n/physical"
+                              JAVACLASS="com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerPhysical"/>
    </CanonicalizationMethods>
    <TransformAlgorithms>
       <!-- Base64 -->
@@ -67,21 +87,41 @@
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160" />
+      <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA224" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />
+                          
+      <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160MGF1" />
+      <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1MGF1" />
+      <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA224MGF1" />
+      <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256MGF1" />
+      <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384MGF1" />
+      <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512MGF1" />
+                          
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" />
+      <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA224" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" />
-
+      <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+                          JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA$SignatureECDSARIPEMD160" />
+                          
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" />
       <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
@@ -114,6 +154,12 @@
                     AlgorithmClass="MessageDigest"
                     RequirementLevel="REQUIRED"
                     JCEName="SHA-1"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha224"
+                    Description="SHA-224 message digest"
+                    AlgorithmClass="MessageDigest"
+                    RequirementLevel="OPTIONAL"
+                    JCEName="SHA-224"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256"
                     Description="SHA-1 message digest with 256 bit"
@@ -139,6 +185,7 @@
                     Description="Digital Signature Algorithm with SHA-1 message digest"
                     AlgorithmClass="Signature"
                     RequirementLevel="REQUIRED"
+                    RequiredKey="DSA"
                     JCEName="SHA1withDSA"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
@@ -146,6 +193,7 @@
                     AlgorithmClass="Signature"
                     RequirementLevel="NOT RECOMMENDED"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="RSA"
                     JCEName="MD5withRSA"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
@@ -153,19 +201,30 @@
                     AlgorithmClass="Signature"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="RSA"
                     JCEName="RIPEMD160withRSA"/>
 
          <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
                     Description="RSA Signature with SHA-1 message digest"
                     AlgorithmClass="Signature"
                     RequirementLevel="RECOMMENDED"
+                    RequiredKey="RSA"
                     JCEName="SHA1withRSA"/>
 
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha2224"
+                    Description="RSA Signature with SHA-2224 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="RSA"
+                    JCEName="SHA224withRSA"/>
+                    
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
                     Description="RSA Signature with SHA-256 message digest"
                     AlgorithmClass="Signature"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="RSA"
                     JCEName="SHA256withRSA"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
@@ -173,6 +232,7 @@
                     AlgorithmClass="Signature"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="RSA"
                     JCEName="SHA384withRSA"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
@@ -180,8 +240,48 @@
                     AlgorithmClass="Signature"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="RSA"
                     JCEName="SHA512withRSA"/>
                     
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
+                    Description="RSASSA-PSS Signature with SHA-1 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="RECOMMENDED"
+                    RequiredKey="RSA"
+                    JCEName="SHA1withRSAandMGF1"/>
+
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
+                    Description="RSASSA-PSS Signature with SHA-224 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+                    RequiredKey="RSA"
+                    JCEName="SHA224withRSAandMGF1"/>
+
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
+                    Description="RSASSA-PSS Signature with SHA-256 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+                    RequiredKey="RSA"
+                    JCEName="SHA256withRSAandMGF1"/>
+
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
+                    Description="RSASSA-PSS Signature with SHA-384 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+                    RequiredKey="RSA"
+                    JCEName="SHA384withRSAandMGF1"/>
+
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
+                    Description="RSASSA-PSS Signature with SHA-512 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
+                    RequiredKey="RSA"
+                    JCEName="SHA512withRSAandMGF1"/>
+                    
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
                     Description="ECDSA Signature with SHA-1 message digest"
                     AlgorithmClass="Signature"
@@ -189,11 +289,20 @@
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
                     JCEName="SHA1withECDSA"/>
 
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+                    Description="ECDSA Signature with SHA-224 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="EC"
+                    JCEName="SHA224withECDSA"/>
+                    
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
                     Description="ECDSA Signature with SHA-256 message digest"
                     AlgorithmClass="Signature"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="EC"
                     JCEName="SHA256withECDSA"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
@@ -201,6 +310,7 @@
                     AlgorithmClass="Signature"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    RequiredKey="EC"
                     JCEName="SHA384withECDSA"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
@@ -209,13 +319,22 @@
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
                     JCEName="SHA512withECDSA"/>
-
+                    
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
+                    Description="ECDSA Signature with RIPEMD-160 message digest"
+                    AlgorithmClass="Signature"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="https://tools.ietf.org/html/rfc6931"
+                    RequiredKey="EC"
+                    JCEName="RIPEMD160withECDSA"/>
+                    
          <!-- MAC Algorithms -->
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
                     Description="Message Authentication code using MD5"
                     AlgorithmClass="Mac"
                     RequirementLevel="NOT RECOMMENDED"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    KeyLength="0"
                     JCEName="HmacMD5"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
@@ -223,19 +342,30 @@
                     AlgorithmClass="Mac"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    KeyLength="0"
                     JCEName="HMACRIPEMD160"/>
 
          <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
                     Description="Message Authentication code using SHA1"
                     AlgorithmClass="Mac"
                     RequirementLevel="REQUIRED"
+                    KeyLength="0"
                     JCEName="HmacSHA1"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
+                    Description="Message Authentication code using SHA-224"
+                    AlgorithmClass="Mac"
+                    RequirementLevel="OPTIONAL"
+                    SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    KeyLength="0"
+                    JCEName="HmacSHA224"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
                     Description="Message Authentication code using SHA-256"
                     AlgorithmClass="Mac"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    KeyLength="0"
                     JCEName="HmacSHA256"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
@@ -243,6 +373,7 @@
                     AlgorithmClass="Mac"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    KeyLength="0"
                     JCEName="HmacSHA384"/>
 
          <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
@@ -250,6 +381,7 @@
                     AlgorithmClass="Mac"
                     RequirementLevel="OPTIONAL"
                     SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+                    KeyLength="0"
                     JCEName="HmacSHA512"/>
 
          <!-- Block encryption Algorithms -->
@@ -258,6 +390,7 @@
                     AlgorithmClass="BlockEncryption"
                     RequirementLevel="REQUIRED"
                     KeyLength="192"
+                    IVLength="64"
                     RequiredKey="DESede"
                     JCEName="DESede/CBC/ISO10126Padding"/>
 
@@ -266,6 +399,7 @@
                     AlgorithmClass="BlockEncryption"
                     RequirementLevel="REQUIRED"
                     KeyLength="128"
+                    IVLength="128"
                     RequiredKey="AES"
                     JCEName="AES/CBC/ISO10126Padding"/>
 
@@ -274,6 +408,7 @@
                     AlgorithmClass="BlockEncryption"
                     RequirementLevel="OPTIONAL"
                     KeyLength="192"
+                    IVLength="128"
                     RequiredKey="AES"
                     JCEName="AES/CBC/ISO10126Padding"/>
 
@@ -282,6 +417,7 @@
                     AlgorithmClass="BlockEncryption"
                     RequirementLevel="REQUIRED"
                     KeyLength="256"
+                    IVLength="128"
                     RequiredKey="AES"
                     JCEName="AES/CBC/ISO10126Padding"/>
                     
@@ -290,6 +426,7 @@
                    AlgorithmClass="BlockEncryption"
                    RequirementLevel="OPTIONAL"
                    KeyLength="128"
+                   IVLength="96"
                    RequiredKey="AES"
                    JCEName="AES/GCM/NoPadding"/>
                    
@@ -298,6 +435,7 @@
                    AlgorithmClass="BlockEncryption"
                    RequirementLevel="OPTIONAL"
                    KeyLength="192"
+                   IVLength="96"
                    RequiredKey="AES"
                    JCEName="AES/GCM/NoPadding"/>
 
@@ -306,8 +444,45 @@
                    AlgorithmClass="BlockEncryption"
                    RequirementLevel="OPTIONAL"
                    KeyLength="256"
+                   IVLength="96"
                    RequiredKey="AES"
                    JCEName="AES/GCM/NoPadding"/>
+                   
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#seed128-cbc"
+                    Description="Block encryption using SEED with a key length of 128 bit"
+                    AlgorithmClass="BlockEncryption"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="128"
+                    IVLength="128"
+                    RequiredKey="SEED"
+                    JCEName="SEED/CBC/ISO10126Padding"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc"
+                    Description="Block encryption using Camellia with a key length of 128 bit"
+                    AlgorithmClass="BlockEncryption"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="128"
+                    IVLength="128"
+                    RequiredKey="Camellia"
+                    JCEName="Camellia/CBC/ISO10126Padding"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc"
+                    Description="Block encryption using Camellia with a key length of 192 bit"
+                    AlgorithmClass="BlockEncryption"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="192"
+                    IVLength="128"
+                    RequiredKey="Camellia"
+                    JCEName="Camellia/CBC/ISO10126Padding"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc"
+                    Description="Block encryption using Camellia with a key length of 256 bit"
+                    AlgorithmClass="BlockEncryption"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="256"
+                    IVLength="128"
+                    RequiredKey="Camellia"
+                    JCEName="Camellia/CBC/ISO10126Padding"/>
          
          <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
                     Description="Key Transport RSA-v1.5"
@@ -366,6 +541,38 @@
                     KeyLength="256"
                     RequiredKey="AES"
                     JCEName="AESWrap"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia128"
+                    Description="Symmetric Key Wrap using CAMELLIA with a key length of 128 bit"
+                    AlgorithmClass="SymmetricKeyWrap"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="128"
+                    RequiredKey="Camellia"
+                    JCEName="CamelliaWrap"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia192"
+                    Description="Symmetric Key Wrap using CAMELLIA with a key length of 192 bit"
+                    AlgorithmClass="SymmetricKeyWrap"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="192"
+                    RequiredKey="Camellia"
+                    JCEName="CamelliaWrap"/>
+                    
+         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#kw-camellia256"
+                    Description="Symmetric Key Wrap using CAMELLIA with a key length of 256 bit"
+                    AlgorithmClass="SymmetricKeyWrap"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="256"
+                    RequiredKey="Camellia"
+                    JCEName="CamelliaWrap"/>
+                    
+         <Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#kw-seed128"
+                    Description="Symmetric Key Wrap using SEED with a key length of 128 bit"
+                    AlgorithmClass="SymmetricKeyWrap"
+                    RequirementLevel="OPTIONAL"
+                    KeyLength="128"
+                    RequiredKey="SEED"
+                    JCEName="SEEDWrap"/>
 
       </Algorithms>
    </JCEAlgorithmMappings>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/resource/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML> <HEAD> </HEAD> <BODY> <P>
-software configuration and internationalization ({@link com.sun.org.apache.xml.internal.security.utils.I18n}).
-</P></BODY> </HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties b/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties
@@ -1,126 +1,196 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+
 algorithm.alreadyRegistered = URI {0} wurde bereits an die Klasse {1} gebunden
-algorithm.classDoesNotExist = Kann URI {0} nicht für Klasse {1} registrieren weil sie nicht existiert
+algorithm.classDoesNotExist = Kann URI {0} nicht f\u00fcr Klasse {1} registrieren weil sie nicht existiert
 algorithm.ClassDoesNotExist = Klasse {0} existiert nicht
-algorithm.extendsWrongClass = Kann URI {0} nicht für Klasse {1} registrieren weil sie nicht {2} extended
-algorithms.CannotUseAlgorithmParameterSpecOnDSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating DSA signatures.
-algorithms.CannotUseAlgorithmParameterSpecOnRSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating RSA signatures.
-algorithms.CannotUseSecureRandomOnMAC = Sorry, but you cannot use a SecureRandom object for creating MACs.
-algorithms.HMACOutputLengthMin = HMACOutputLength must not be less than {0}
-algorithms.HMACOutputLengthOnlyForHMAC = A HMACOutputLength can only be specified for HMAC integrity algorithms
-algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verfügbar. Original Nachricht war: {1}
-algorithms.NoSuchMap = The algorithm URI "{0}" could not be mapped to a JCE algorithm
-algorithms.NoSuchProvider = The specified Provider {0} does not exist. Original Message was: {1}
-algorithms.operationOnlyVerification = A public key can only used for verification of a signature.
-algorithms.WrongKeyForThisOperation = Sorry, you supplied the wrong key type for this operation! You supplied a {0} but a {1} is needed.
-attributeValueIllegal = The attribute {0} has value {1} but must be {2}
-c14n.Canonicalizer.Exception = Exception während Kanonisierung:  Original Nachricht war {0}
-c14n.Canonicalizer.IllegalNode = Unzulässiger NodeType {0}, NodeName lautete {1}
-c14n.Canonicalizer.NoSuchCanonicalizer = Kein Canonicalizer mit dem URI {0} gefunden
-c14n.Canonicalizer.ParserConfigurationException = ParserConfigurationException während Kanonisierung:  Original Nachricht war {0}
+algorithm.extendsWrongClass = Kann URI {0} nicht f\u00fcr Klasse {1} registrieren weil sie nicht von {2} abgeleitet ist
+algorithms.CannotUseAlgorithmParameterSpecOnDSA = AlgorithmParameterSpec kann nicht f\u00fcr DSA Signaturen benutzt werden.
+algorithms.CannotUseAlgorithmParameterSpecOnRSA = AlgorithmParameterSpec kann nicht f\u00fcr RSA Signaturen benutzt werden.
+algorithms.CannotUseSecureRandomOnMAC = SecureRandom kann nicht f\u00fcr MAC's angewandt werden.
+algorithms.HMACOutputLengthMin = HMACOutputLength darf nicht kleiner als {0} sein
+algorithms.HMACOutputLengthOnlyForHMAC = Die HMACOutputLength kann nur bei HMAC integrit\u00e4ts Algorithmen angegeben werden
+algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar.
+algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. Original Nachricht war\: {1}
+algorithms.NoSuchMap = Algorithmus URI "{0}" konnte auf keinen JCE Algorithmus gemappt werden
+algorithms.NoSuchProvider = Der angegebene Provider {0} existiert nicht. Original Nachricht war\: {1}
+algorithms.operationOnlyVerification = Ein \u00f6ffentlicher Schl\u00fcssel (public key) kann nur zur Verifizierung einer Signatur verwendet werden.
+algorithms.WrongKeyForThisOperation = Der angegebene Schl\u00fcssel-Typ kann nicht f\u00fcr diese Operation verwendet werden. Angegeben wurde {0} aber ein {1} wird ben\u00f6tigt.
+attributeValueIllegal = Das Attribut {0} hat den Wert {1} muss aber {2} sein.
+c14n.Canonicalizer.Exception = Fehler w\u00e4hrend der Kanonisierung\:  Original Nachricht war {0}
+c14n.Canonicalizer.IllegalNode = Unzul\u00e4ssiger NodeType {0}, NodeName lautete {1}
+c14n.Canonicalizer.NoSuchCanonicalizer = Kein Kanonisierer mit dem URI {0} gefunden
+c14n.Canonicalizer.ParserConfigurationException = ParserConfigurationException w\u00e4hrend der Kanonisierung\:  Original Nachricht war {0}
 c14n.Canonicalizer.RelativeNamespace = Das Element {0} hat einen relativen Namespace: {1}="{2}"
-c14n.Canonicalizer.SAXException = SAXException während Kanonisierung:  Original Nachricht war {0}
-c14n.Canonicalizer.TraversalNotSupported = Das DOM Dokument unterstützt keine Traversal {0}
-c14n.Canonicalizer.UnsupportedEncoding = Unbekannte Kodierung {0}
-c14n.Canonicalizer.UnsupportedOperation = This canonicalizer does not support this operation
-c14n.XMLUtils.circumventBug2650forgotten = The tree has not been prepared for canonicalization using XMLUtils#circumventBug2650(Document)
-certificate.noSki.lowVersion = Certificate cannot contain a SubjectKeyIdentifier because it is only X509v{0}
-certificate.noSki.notOctetString = Certificates SubjectKeyIdentifier is not a OctetString
-certificate.noSki.null = Certificate does not contain a SubjectKeyIdentifier
-defaultNamespaceCannotBeSetHere = Default namespace cannot be set here
-ElementProxy.nullElement = Kann einen ElementProxy aus einem null Argument erzeugen
+c14n.Canonicalizer.SAXException = SAXException w\u00e4hrend der Kanonisierung\:  Original Nachricht war {0}
+c14n.Canonicalizer.TraversalNotSupported = Das DOM Dokument unterst\u00fctzt keine Traversal {0}
+c14n.Canonicalizer.UnsupportedEncoding = Nicht unterst\u00fctzte Kodierung {0}
+c14n.Canonicalizer.UnsupportedOperation = Der Kanonisierer unterst\u00fctzt diese Operation nicht
+c14n.XMLUtils.circumventBug2650forgotten = Die Baumstruktur wurde nicht vorbereitet f\u00fcr die Kanonisierung mit XMLUtils\#circumventBug2650(Document)
+certificate.noSki.lowVersion = Das Zertifikat dard kein SubjectKeyIdentifier enthalten da es nur ein X509v{0} ist
+certificate.noSki.notOctetString = Der SubjectKeyIdentifier des Zertifikates ist kein "OctetString"
+certificate.noSki.null = Das Zertifikat enth\u00e4lt kein SubjectKeyIdentifier
+defaultNamespaceCannotBeSetHere = Standard Namespace kann hier nicht gesetzt werden
+ElementProxy.nullElement = Kann keinen ElementProxy aus einem null Argument erzeugen
 empty = {0}
 encryption.algorithmCannotBeUsedForEncryptedData = encryption.algorithmCannotBeUsedForEncryptedData {0}
 encryption.algorithmCannotEatInitParams = encryption.algorithmCannotEatInitParams
 encryption.algorithmCannotEncryptDecrypt = encryption.algorithmCannotEncryptDecrypt
 encryption.algorithmCannotWrapUnWrap = encryption.algorithmCannotWrapUnWrap
-encryption.ExplicitKeySizeMismatch = The xenc:KeySize element requests a key size of {0} bit but the algorithm implements {1} bit
-encryption.nonceLongerThanDecryptedPlaintext = The given nonce is longer than the available plaintext. I Cannot strip away this.
-encryption.RSAOAEP.dataHashWrong = data hash wrong
-encryption.RSAOAEP.dataStartWrong = data wrong start {0}
-encryption.RSAOAEP.dataTooShort = data too short
-encryption.RSAPKCS15.blockTruncated = block truncated
-encryption.RSAPKCS15.noDataInBlock = no data in block
-encryption.RSAPKCS15.unknownBlockType = unknown block type
-encryption.nokey = No Key Encryption Key loaded and cannot determine using key resolvers
-endorsed.jdk1.4.0 = Since it seems that nobody reads our installation notes, we must do it in the exception messages. Hope you read them. You did NOT use the endorsed mechanism from JDK 1.4 properly; look at <http://xml.apache.org/security/Java/installation.html> how to solve this problem.
-errorMessages.InvalidDigestValueException = Ungültige Signatur: Reference Validation fehlgeschlagen.
-errorMessages.InvalidSignatureValueException = Ungültige Signatur: Core Validation fehlgeschlagen.
+encryption.ExplicitKeySizeMismatch = Das xenc\:KeySize Element fordert eine Schl\u00fcssel-L\u00e4nge von {0} bits aber der Algorithmus besitzt {1} bits
+encryption.nonceLongerThanDecryptedPlaintext = Das angegebene "Nonce" ist l\u00e4nger als der verf\u00fcgbare Plaintext.
+encryption.RSAOAEP.dataHashWrong = Falscher Hash-Wert
+encryption.RSAOAEP.dataStartWrong = Falscher Start Input {0}
+encryption.RSAOAEP.dataTooShort = Zu wenig Input
+encryption.RSAPKCS15.blockTruncated = Block abgeschnitten
+encryption.RSAPKCS15.noDataInBlock = Im Block sind keine Daten enthalten
+encryption.RSAPKCS15.unknownBlockType = Unbekannter Block Typ
+encryption.nokey = Es ist kein verschl\u00fcsselungs Schl\u00fcssel geladen und es konnte kein Schl\u00fcssel mit Hilfe der "key resolvers" gefunden werden.
+endorsed.jdk1.4.0 = Leider scheint niemand unsere Installations-Anleitung zu lesen, deshalb m\u00fcssen wir es \u00fcber die Exception machen\: Du hast den "endorsing" Mechanismus vom JDK 1.4 nicht richtig angewandt. Schaue unter <http\://xml.apache.org/security/Java/installation.html> nach wie man das Problem l\u00f6st.
+errorMessages.InvalidDigestValueException = Ung\u00fcltige Signatur\: Referen-Validierung fehlgeschlagen.
+errorMessages.InvalidSignatureValueException = Ung\u00fcltige Signatur\: Core Validierung fehlgeschlagen.
 errorMessages.IOException = Datei oder Resource kann nicht gelesen werden.
-errorMessages.MissingKeyFailureException = Verifizieren fehlgeschlagen, weil der öffentliche Schlüssel (public key) nicht verfügbar ist. Resourcen via addResource() hinzufügen und erneut verifizieren.
-errorMessages.MissingResourceFailureException = Verifizieren fehlgeschlagen, weil Resourcen nicht verfügbar sind. Resourcen via addResource() hinzufügen und erneut verifizieren.
+errorMessages.MissingKeyFailureException = Verifizierung fehlgeschlagen, weil der \u00f6ffentliche Schl\u00fcssel (public key) nicht verf\u00fcgbar ist. Resourcen via addResource() hinzuf\u00fcgen und erneut versuchen.
+errorMessages.MissingResourceFailureException = Verifizierung fehlgeschlagen, weil Resourcen nicht verf\u00fcgbar sind. Resourcen via addResource() hinzuf\u00fcgen und erneut versuchen.
 errorMessages.NoSuchAlgorithmException = Unbekannter Algorithmus {0}
-errorMessages.NotYetImplementedException = Funktionalität noch nicht implementiert.
-errorMessages.XMLSignatureException = Verifizieren aus unbekanntem Grund fehlgeschlagen.
+errorMessages.NotYetImplementedException = Funktionalit\u00e4t noch nicht implementiert.
+errorMessages.XMLSignatureException = Verifizierung aus unbekanntem Grund fehlgeschlagen.
 decoding.divisible.four = It should be divisible by four
-decoding.general = Error while decoding
-FileKeyStorageImpl.addToDefaultFromRemoteNotImplemented = Method addToDefaultFromRemote() not yet implemented.
-FileKeyStorageImpl.NoCert.Context = Not found such a X509Certificate including context {0}
-FileKeyStorageImpl.NoCert.IssNameSerNo = Not found such a X509Certificate with IssuerName {0} and serial number {1}
-FileKeyStorageImpl.NoCert.SubjName = Not found such a X509Certificate including SubjectName {0}
-generic.dontHaveConstructionElement = I do not have a construction Element
+decoding.general = Fehler beim Decodieren
+FileKeyStorageImpl.addToDefaultFromRemoteNotImplemented = Methode addToDefaultFromRemote() wurde noch nicht implementiert.
+FileKeyStorageImpl.NoCert.Context = Kein X509-Zertifikat mit Kontext {0} gefunden
+FileKeyStorageImpl.NoCert.IssNameSerNo = Kein X509-Zertifikat mit IssuerName {0} und serial number {1} gefunden
+FileKeyStorageImpl.NoCert.SubjName = Kein X509-Zertifikat mit SubjectName {0} gefunden
+generic.dontHaveConstructionElement = Konstruktions-Element fehlt
 generic.EmptyMessage = {0}
 generic.NotYetImplemented = {0} Leider noch nicht implementiert ;-((
-java.security.InvalidKeyException = Ungültiger Schlüssel
-java.security.NoSuchProviderException = Unbekannter oder nicht unterstützter Provider
-java.security.UnknownKeyType = Unbekannter oder nicht unterstützter Key type {0}
-KeyInfo.needKeyResolver = Es müssen mehrere KeyResolver registriert sein
-KeyInfo.nokey = Kann keinen Schlüssel aus {0} gewinnen
-KeyInfo.noKey = Kann keinen öffentlichen Schlüssel finden
-KeyInfo.wrongNumberOfObject = Benötige {0} keyObjects
+java.security.InvalidKeyException = Ung\u00fcltiger Schl\u00fcssel
+java.security.NoSuchProviderException = Unbekannter oder nicht unterst\u00fctzter Provider
+java.security.UnknownKeyType = Unbekannter oder nicht unterst\u00fctzter Schl\u00fcssel-Typ {0}
+KeyInfo.error = Error loading Key Info
+KeyInfo.needKeyResolver = Es m\u00fcssen mehrere KeyResolver registriert sein
+KeyInfo.nokey = Kann keinen Schl\u00fcssel aus {0} gewinnen
+KeyInfo.noKey = Kann keinen \u00f6ffentlichen Schl\u00fcssel finden
+KeyInfo.wrongNumberOfObject = Ben\u00f6tige {0} keyObjects
 KeyInfo.wrongUse = Dieses Objekt wird verwendet, um {0} zu gewinnen
-keyResolver.alreadyRegistered = Die Klasse {1} wurde bereits registriert für {0}
-KeyResolver.needStorageResolver = Need a StorageResolver to retrieve a Certificate from a {0}
+keyResolver.alreadyRegistered = Die Klasse {1} wurde bereits registriert f\u00fcr {0}
+KeyResolver.needStorageResolver = Es wird ein StorageResolver ben\u00f6tigt um ein Zertifikat aus {0} zu holen
 KeyResoverSpiImpl.cannotGetCert = Cannot get the Certificate that include or in {1} in implement class {0}
 KeyResoverSpiImpl.elementGeneration = Cannot make {1} element in implement class {0}
 KeyResoverSpiImpl.getPoublicKey = Cannot get the public key from implement class {0}
 KeyResoverSpiImpl.InvalidElement = Cannot set (2) Element in implement class {0}
-KeyResoverSpiImpl.keyStore = KeyStorage error in implement class {0}
-KeyResoverSpiImpl.need.Element = {1} type of Element is needed in implement class {0}
+KeyResoverSpiImpl.keyStore = KeyStorage Fehler in der implementierenden Klasse {0}
+KeyResoverSpiImpl.need.Element = Es wird der Typ {1} ben\u00f6tigt in der implementierenden Klasse {0}
 KeyResoverSpiImpl.wrongCRLElement = Cannot make CRL from {1} in implement class {0}
 KeyResoverSpiImpl.wrongKeyObject =  Need {1} type of KeyObject for generation Element in implement class{0}
 KeyResoverSpiImpl.wrongNumberOfObject = Need {1} keyObject in implement class {0}
-KeyStore.alreadyRegistered = {0} Class has already been registered for {1}
-KeyStore.register = {1} type class register error  in class {0}
-KeyStore.registerStore.register = Registeration error for type {0}
-KeyValue.IllegalArgument = Cannot create a {0} from {1}
-namespacePrefixAlreadyUsedByOtherURI = Namespace {0} already used by other URI {1}
+KeyStore.alreadyRegistered = Klasse {0} bereits registriert f\u00fcr {1}
+KeyStore.register = {1} type class register error in class {0}
+KeyStore.registerStore.register = Registrierungsfehler f\u00fcr Typ {0}
+KeyValue.IllegalArgument = Kann kein {0} aus {1} erzeugen
+namespacePrefixAlreadyUsedByOtherURI = Namespace {0} wird bereits von einer anderen URI {1} gebraucht
 notYetInitialized = Das Modul {0} ist noch nicht initialisiert
 prefix.AlreadyAssigned = Sie binden den Prefix {0} an den Namespace {1} aber er ist bereits an {2} zugewiesen
-signature.Canonicalizer.UnknownCanonicalizer = Unbekannter Canonicalizer. Kein Handler installiert für URI {0}
-signature.DSA.invalidFormat = Invalid ASN.1 encoding of the DSA signature
-signature.Generation.signBeforeGetValue = You have to XMLSignature.sign(java.security.PrivateKey) first
-signature.Reference.ForbiddenResolver = It is forbidden to access resolver {0} when secure validation is enabled
-signature.signatureAlgorithm = It is forbidden to use algorithm {0} when secure validation is enabled
+signature.Canonicalizer.UnknownCanonicalizer = Unbekannter Kanonisierer. Kein Handler installiert f\u00fcr URI {0}
+signature.DSA.invalidFormat = Ung\u00fcltige ASN.1 Kodierung der DSA Signatur
+signature.Generation.signBeforeGetValue = Es muss zuerst XMLSignature.sign(java.security.PrivateKey) aufgerufen werden
+signature.Reference.ForbiddenResolver = Der "Resolver" {0} ist bei aktivierter "secure validation" nicht erlaubt
+signature.Reference.NoDigestMethod = A Signature Reference Element must contain a DigestMethod child
+signature.Reference.NoDigestValue = A Signature Reference Element must contain a DigestValue child
+signature.signatureAlgorithm = Der Algorithmus {0} ist bei aktivierter "secure validation" nicht erlaubt
 signature.signaturePropertyHasNoTarget = Das Target Attribut der SignatureProperty muss gesetzt sein
-signature.tooManyReferences = {0} references are contained in the Manifest, maximum {1} are allowed with secure validation
-signature.tooManyTransforms = {0} transforms are contained in the Reference, maximum {1} are allowed with secure validation
-signature.Transform.ErrorDuringTransform = Während der Transformation {0} trat eine {1} auf.
-signature.Transform.ForbiddenTransform = Transform {0} is forbidden when secure validation is enabled
+signature.tooManyReferences = Das Manifest enth\u00e4lt {0} Referenzen, bei aktivierter "secure validation" sind aber maximal {1} erlaubt
+signature.tooManyTransforms = Die Referenz enth\u00e4lt {0} Transformationen, bei aktivierter "secure validation" sind aber maximal {1} erlaubt
+signature.Transform.ErrorDuringTransform = W\u00e4hrend der Transformation {0} trat eine {1} auf.
+signature.Transform.ForbiddenTransform = Die Transformation {0} ist bei aktivierter "secure validation" nicht erlaubt
 signature.Transform.NotYetImplemented = Transform {0} noch nicht implementiert
-signature.Transform.NullPointerTransform = Null pointer als URI übergeben. Programmierfehler?
-signature.Transform.UnknownTransform = Unbekannte Transformation. Kein Handler installiert für URI {0}
-signature.Util.BignumNonPositive = bigInteger.signum() muß positiv sein
-signature.Util.NonTextNode = Kein Text Node
-signature.Util.TooManyChilds = Zu viele Child-Elemente vom Type {0} in {1}
+signature.Transform.NullPointerTransform = Null pointer als URI \u00fcbergeben. Programmierfehler?
+signature.Transform.UnknownTransform = Unbekannte Transformation. Kein Handler installiert f\u00fcr URI {0}
+signature.Util.BignumNonPositive = bigInteger.signum() muss positiv sein
+signature.Util.NonTextNode = Keine Text Node
+signature.Util.TooManyChilds = Zu viele Kind-Elemente vom Typ {0} in {1}
 signature.Verification.certificateError = Zertifikatsfehler
-signature.Verification.IndexOutOfBounds = Index {0} illegal. We only have {1} References
+signature.Verification.IndexOutOfBounds = Index {0} illegal. Es sind nur {1} Referenzen vorhanden
 signature.Verification.internalError = Interner Fehler
-signature.Verification.InvalidDigestOrReference = Ungültiger Digest Wert oder Reference Element {0}
-signature.Verification.keyStore = Öffnen des KeyStore fehlgeschlagen
-signature.Verification.MissingID = Cannot resolve element with ID {0}
-signature.Verification.MissingResources = Kann die externe Resource {0} nicht auflösen
-signature.Verification.MultipleIDs = Multiple Elements with the same ID {0} were detected
-signature.Verification.NoSignatureElement = Input Dokument enthält kein {0} Element mit dem Namespace {1}
-signature.Verification.Reference.NoInput = Die Reference für den URI {0} hat keinen XMLSignatureInput erhalten.
+signature.Verification.InvalidDigestOrReference = Ung\u00fcltiger Digest Wert der Referenz {0}
+signature.Verification.keyStore = \u00d6ffnen des KeyStore fehlgeschlagen
+signature.Verification.MissingID = Element mit der ID {0} nicht gefunden
+signature.Verification.MissingResources = Kann die externe Resource {0} nicht aufl\u00f6sen
+signature.Verification.MultipleIDs = Mehrere Elemente mit der ID {0} gefunden
+signature.Verification.NoSignatureElement = Input Dokument enth\u00e4lt kein {0} Element mit dem Namespace {1}
+signature.Verification.Reference.NoInput = Die Referenz f\u00fcr den URI {0} hat keinen XMLSignatureInput erhalten.
 signature.Verification.SignatureError = Signatur Fehler
 signature.XMLSignatureInput.MissingConstuctor = Kann aus der Klasse {0} keinen XMLSignatureInput erzeugen
-signature.XMLSignatureInput.SerializeDOM = Input mit einem DOM Dokument initialisiert. Muß mit C14N serialisiert werden
-transform.Init.IllegalContextArgument = Unzulässiges Kontext Argument der Klasse {0}. Muss String, org.w3c.dom.NodeList oder java.io.InputStream sein.
+signature.XMLSignatureInput.SerializeDOM = Input mit einem DOM Dokument initialisiert. Muss mit C14N serialisiert werden
+transform.Init.IllegalContextArgument = Unzul\u00e4ssiges Kontext Argument der Klasse {0}. Muss String, org.w3c.dom.NodeList oder java.io.InputStream sein.
 transform.init.NotInitialized =
 transform.init.wrongURI = Initialisiert mit dem falschen URI. Das sollte nie passieren. Die Transformation implementiert {0} aber {1} wurde bei der Instantiierung verwendet.
-utils.Base64.IllegalBitlength = Ungültige Bytelänge; Muss ein vielfaches von 4 sein
-utils.resolver.noClass = Could not find a resolver for URI {0} and Base {1}
+utils.Base64.IllegalBitlength = Ung\u00fcltige Byte-L\u00e4nge; Muss ein vielfaches von 4 sein
+utils.resolver.noClass = Keinen Resolver f\u00fcr URI {0} und Base {1} gefunden
 xml.WrongContent = Kann {0} nicht finden in {1}
 xml.WrongElement = Kann kein {0} aus einem {1} Element erzeugen
 xpath.funcHere.documentsDiffer = Der XPath ist nicht im selben Dokument wie der Kontext Node
-xpath.funcHere.noXPathContext = Try to evaluate an XPath which uses the here() function but XPath is not inside an ds:XPath Element. XPath was : {0}
+xpath.funcHere.noXPathContext = Versuch einer XPath-Evaluierung welcher die Funktion here() benutzt aber der XPath ist nicht innerhalb eines ds\:XPath Elements. XPath \: {0}
+signature.Transform.node = Aktuelle Node\: {0}
+signature.Transform.nodeAndType = Aktuelle Node\: {0}, Typ\: {1}
+signature.XMLSignatureInput.nodesetReference = Das Node-Set der Referenz konnte nicht konvertieren werden
+transform.envelopedSignatureTransformNotInSignatureElement = Enveloped Transform konnte kein Signatur Element finden
+Base64Decoding = Fehler bei der Decodierung
+secureProcessing.MaximumAllowedTransformsPerReference = Die Referenz enth\u00e4lt {0} Transformationen. Es sind aber maximal {1} erlaubt. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedTransformsPerReference" erh\u00f6ht werden.
+secureProcessing.MaximumAllowedReferencesPerManifest = Das Manifest enh\u00e4lt {0} Referenzen. Es sind aber maximal {1} erlaubt. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedReferencesPerManifest" erh\u00f6ht werden.
+secureProcessing.DoNotThrowExceptionForManifests = Signatur-Manifests werden nicht unterst\u00fctzt. Das werfen dieser Exception kann durch das Konfigurations-Property "DoNotThrowExceptionForManifests" verhindert werden.
+secureProcessing.AllowMD5Algorithm = Vom Einsatz des MD5 Algorithmus wird strengstens abgeraten. Trotzdem kann er \u00fcber das Konfigurations-Property "AllowMD5Algorithm" erlaubt werden.
+secureProcessing.AllowNotSameDocumentReferences = Externe Referenzen gefunden. Die Verarbeitung von externen Referenzen ist standardm\u00e4ssig ausgeschaltet. Es kann \u00fcber das Konfigurations-Property "AllowNotSameDocumentReferences" aktiviert werden.
+secureProcessing.MaximumAllowedXMLStructureDepth = Die Maximum erlaubte Dokumenten-Tiefe von ({0}) wurde erreicht. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedXMLStructureDepth" erh\u00f6ht werden.
+secureProcessing.inputStreamLimitReached = Maximal erlaubte Anzahl bytes ({0}) erreicht.
+stax.duplicateActions=Doppelte Actions sind nicht erlaubt.
+stax.missingSecurityProperties = SecurityProperties darf nicht null sein\!
+stax.noOutputAction = Keine ausgehenden "Actions" definiert.
+stax.noKey = Kein Schl\u00fcssel geladen und es konnte kein Schl\u00fcssel gefunden werden f\u00fcr {0}
+stax.keyNotFound = Schl\u00fcssel nicht gefunden.
+stax.unsupportedKeyValue = Kein oder ung\u00fcltiger KeyValue.
+stax.emptyReferenceURI = Referenz enth\u00e4lt kein URI Attribut.
+stax.encryption.unprocessedReferences = Es wurden nicht alle Verschl\u00fcsselungs-Referenzen verarbeitet...
+stax.signature.unprocessedReferences = Es wurden nicht alle Signatur-Referenzen verarbeitet...
+stax.unsupportedToken = {0} nicht unterst\u00fctzt.
+stax.xmlStructureSizeExceeded = Maximal erlaubte ({0}) XML-Struktur Tiefe erreicht.
+stax.unexpectedXMLEvent = Unerwarteter StAX-Event\: {0}
+stax.encryption.noEncAlgo = xenc\:EncryptedKey enth\u00e4lt kein xenc\:EncryptionMethod/@Algorithm.
+stax.encryption.noCipherValue = EncryptedKey enth\u00e4lt kein xenc\:CipherData/xenc\:CipherValue.
+stax.unsecuredMessage = Ungesicherte Nachricht. Weder ein Signatur- noch ein EncryptedData- Element wurde gefunden.
+stax.signature.signedInfoMissing = SignedInfo Element fehlt.
+stax.signature.signatureMethodMissing = Signature method fehlt.
+stax.signature.canonicalizationMethodMissing = Signature canonicalization method fehlt.
+stax.signature.signatureValueMissing = Signature value fehlt.
+stax.signature.publicKeyOrCertificateMissing = Weder ein Zertifikat noch ein public-key wurde konfiguriert.
+stax.encryption.encryptionKeyMissing = Kein Schl\u00fcssel f\u00fcr die Verschl\u00fcsselung wurde konfiguriert.
+stax.unsupportedKeyTransp = Der public-key Algorithmus ist zu kurz um den symmetrischen Schl\u00fcssel zu verschl\u00fcsseln.
+stax.recursiveKeyReference = Rekursive Schl\u00fcssel referenzierung detektiert.
+stax.ecParametersNotSupported = ECParameters werden nicht unterst\u00fctzt.
+stax.namedCurveMissing = NamedCurve fehlt.
+stax.encryption.securePartNotFound = Part zum Verschl\u00fcsseln nicht gefunden: {0}
+stax.signature.securePartNotFound = Part zum Signieren nicht gefunden: {0}
+stax.multipleSignaturesNotSupported = Mehrere Signaturen werden nicht unterstützt.
+stax.signature.keyNameMissing = KeyName nicht konfiguriert.
+stax.keyNotFoundForName = Kein Schl\u00fcssel für Schl\u00fcsselname konfiguriert: {0}
+stax.keyTypeNotSupported = Key vom Typ {0} nicht f\u00fcr einen Key-Namenssuche unterst\u00fctzt
+stax.idsetbutnotgenerated = An Id attribute is specified, but Id generation is disabled
+stax.idgenerationdisablewithmultipleparts = Id generation must not be disabled when multiple parts need signing
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties b/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties
@@ -1,3 +1,24 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+
 algorithm.alreadyRegistered = URI {0} already assigned to class {1}
 algorithm.classDoesNotExist = Cannot register URI {0} to class {1} because this class does not exist in CLASSPATH
 algorithm.ClassDoesNotExist = Class {0} does not exist
@@ -5,8 +26,9 @@
 algorithms.CannotUseAlgorithmParameterSpecOnDSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating DSA signatures.
 algorithms.CannotUseAlgorithmParameterSpecOnRSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating RSA signatures.
 algorithms.CannotUseSecureRandomOnMAC = Sorry, but you cannot use a SecureRandom object for creating MACs.
-algorithms.HMACOutputLengthMin = HMACOutputLength must not be less than {0}
+algorithms.HMACOutputLengthMin = HMACOutputLength must not be less than {0}
 algorithms.HMACOutputLengthOnlyForHMAC = A HMACOutputLength can only be specified for HMAC integrity algorithms
+algorithms.NoSuchAlgorithmNoEx = The requested algorithm {0} does not exist.
 algorithms.NoSuchAlgorithm = The requested algorithm {0} does not exist. Original Message was: {1}
 algorithms.NoSuchMap = The algorithm URI "{0}" could not be mapped to a JCE algorithm
 algorithms.NoSuchProvider = The specified Provider {0} does not exist. Original Message was: {1}
@@ -63,7 +85,8 @@
 java.security.InvalidKeyException = Invalid key
 java.security.NoSuchProviderException = Unknown or unsupported provider
 java.security.UnknownKeyType = Unknown or unsupported key type {0}
-KeyInfo.needKeyResolver = More than one keyResovler have to be registered
+KeyInfo.error = Error loading Key Info
+KeyInfo.needKeyResolver = More than one keyResolver have to be registered
 KeyInfo.nokey = Cannot get key from {0}
 KeyInfo.noKey = Cannot get the public key
 KeyInfo.wrongNumberOfObject = Need {0} keyObjects
@@ -80,8 +103,8 @@
 KeyResoverSpiImpl.wrongKeyObject =  Need {1} type of KeyObject for generation Element in implement class{0}
 KeyResoverSpiImpl.wrongNumberOfObject = Need {1} keyObject in implement class {0}
 KeyStore.alreadyRegistered = {0} Class has already been registered for {1}
-KeyStore.register = {1} type class register error  in class {0}
-KeyStore.registerStore.register = Registeration error for type {0}
+KeyStore.register = {1} type class register error in class {0}
+KeyStore.registerStore.register = Registration error for type {0}
 KeyValue.IllegalArgument = Cannot create a {0} from {1}
 namespacePrefixAlreadyUsedByOtherURI = Namespace prefix {0} already used by other URI {1}
 notYetInitialized = The module {0} is not yet initialized
@@ -90,6 +113,8 @@
 signature.DSA.invalidFormat = Invalid ASN.1 encoding of the DSA signature
 signature.Generation.signBeforeGetValue = You have to XMLSignature.sign(java.security.PrivateKey) first
 signature.Reference.ForbiddenResolver = It is forbidden to access resolver {0} when secure validation is enabled
+signature.Reference.NoDigestMethod = A Signature Reference Element must contain a DigestMethod child
+signature.Reference.NoDigestValue = A Signature Reference Element must contain a DigestValue child
 signature.signatureAlgorithm = It is forbidden to use algorithm {0} when secure validation is enabled
 signature.signaturePropertyHasNoTarget = The Target attribute of the SignatureProperty must be set
 signature.tooManyReferences = {0} references are contained in the Manifest, maximum {1} are allowed with secure validation
@@ -121,7 +146,7 @@
 transform.Init.IllegalContextArgument = Invalid context argument of class {0}. Must be String, org.w3c.dom.NodeList or java.io.InputStream.
 transform.init.NotInitialized =
 transform.init.wrongURI = Initialized with wrong URI. How could this happen? We implement {0} but {1} was used during initialization
-transform.envelopedSignatureTransformNotInSignatureElement = Enveloped Transform cannot find Signature element
+transform.envelopedSignatureTransformNotInSignatureElement = Enveloped Transform cannot find Signature element
 utils.Base64.IllegalBitlength = Illegal byte length; Data to be decoded must be a multiple of 4
 Base64Decoding = Error while decoding
 utils.resolver.noClass = Could not find a resolver for URI {0} and Base {1}
@@ -129,3 +154,43 @@
 xml.WrongElement = Cannot create a {0} from a {1} element
 xpath.funcHere.documentsDiffer = The XPath is not in the same document as the context node
 xpath.funcHere.noXPathContext = Try to evaluate an XPath which uses the here() function but XPath is not inside an ds:XPath Element. XPath was : {0}
+secureProcessing.MaximumAllowedTransformsPerReference = {0} transforms are contained in the Reference, maximum {1} are allowed. You can raise the maximum via the \"MaximumAllowedTransformsPerReference\" property in the configuration.
+secureProcessing.MaximumAllowedReferencesPerManifest = {0} references are contained in the Manifest, maximum {1} are allowed. You can raise the maximum via the \"MaximumAllowedReferencesPerManifest\" property in the configuration.
+secureProcessing.DoNotThrowExceptionForManifests = Signature Manifests are not supported. You can disable throwing of an exception via the \"DoNotThrowExceptionForManifests\" property in the configuration.
+secureProcessing.AllowMD5Algorithm = The use of MD5 algorithm is strongly discouraged. Nonetheless can it be enabled via the \"AllowMD5Algorithm\" property in the configuration.
+secureProcessing.AllowNotSameDocumentReferences = External references found. Processing of external references is disabled by default. You can enable it via the \"AllowNotSameDocumentReferences\" property in the configuration.
+secureProcessing.MaximumAllowedXMLStructureDepth = Maximum depth ({0}) of the XML structure reached. You can raise the maximum via the \"MaximumAllowedXMLStructureDepth\" property in the configuration.
+secureProcessing.inputStreamLimitReached = Maximum byte count ({0}) reached.
+stax.duplicateActions = Duplicate Actions are not allowed.
+stax.missingSecurityProperties = SecurityProperties must not be null!
+stax.noOutputAction = No outgoing actions specified.
+stax.noKey = Key could not be resolved and no key was loaded for {0}
+stax.keyNotFound = Key not found.
+stax.unsupportedKeyValue = No or unsupported key in KeyValue.
+stax.emptyReferenceURI = Reference is missing an URI attribute.
+stax.encryption.unprocessedReferences = Some encryption references were not processed...
+stax.signature.unprocessedReferences = Some signature references were not processed...
+stax.unsupportedToken = {0} not supported.
+stax.xmlStructureSizeExceeded = Maximum ({0}) allowed XML Structure size exceeded.
+stax.unexpectedXMLEvent = Unexpected StAX-Event\: {0}
+stax.encryption.noEncAlgo = xenc:EncryptedKey does not contain xenc:EncryptionMethod/@Algorithm.
+stax.encryption.noCipherValue = EncryptedKey does not contain xenc:CipherData/xenc:CipherValue.
+stax.unsecuredMessage = Unsecured message. Neither a Signature nor a EncryptedData element found.
+stax.signature.signedInfoMissing = SignedInfo Element is missing.
+stax.signature.signatureMethodMissing = Signature method is missing.
+stax.signature.canonicalizationMethodMissing = Signature canonicalization method is missing.
+stax.signature.signatureValueMissing = Signature value is missing.
+stax.signature.publicKeyOrCertificateMissing = Certificate or public key not configured.
+stax.encryption.encryptionKeyMissing = Key for encryption not configured.
+stax.unsupportedKeyTransp = public key algorithm too weak to encrypt symmetric key.
+stax.recursiveKeyReference = Recursive key reference detected.
+stax.ecParametersNotSupported = ECParameters not supported.
+stax.namedCurveMissing = NamedCurve is missing.
+stax.encryption.securePartNotFound = Part to encrypt not found: {0}
+stax.signature.securePartNotFound = Part to sign not found: {0}
+stax.multipleSignaturesNotSupported = Multiple signatures are not supported.
+stax.signature.keyNameMissing = KeyName not configured.
+stax.keyNotFoundForName = No key configured for KeyName: {0}
+stax.keyTypeNotSupported = Key of type {0} not supported for a KeyName lookup
+stax.idsetbutnotgenerated = An Id attribute is specified, but Id generation is disabled
+stax.idgenerationdisablewithmultipleparts = Id generation must not be disabled when multiple parts need signing
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidDigestValueException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidDigestValueException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidDigestValueException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidDigestValueException.java
@@ -27,7 +27,6 @@
  * Additional human readable info is passed to the constructor -- this being the benefit
  * of raising an exception or returning a value.
  *
- * @author Christian Geuer-Pollmann
  */
 public class InvalidDigestValueException extends XMLSignatureException {
 
@@ -66,21 +65,31 @@
     /**
      * Constructor InvalidDigestValueException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public InvalidDigestValueException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public InvalidDigestValueException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor InvalidDigestValueException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public InvalidDigestValueException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public InvalidDigestValueException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public InvalidDigestValueException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidSignatureValueException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidSignatureValueException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidSignatureValueException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidSignatureValueException.java
@@ -26,7 +26,6 @@
  * Raised if testing the signature value over <i>DigestValue</i> fails because of invalid signature.
  *
  * @see InvalidDigestValueException  MissingKeyFailureException  MissingResourceFailureException
- * @author Christian Geuer-Pollmann
  */
 public class InvalidSignatureValueException extends XMLSignatureException {
 
@@ -65,21 +64,31 @@
     /**
      * Constructor InvalidSignatureValueException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public InvalidSignatureValueException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public InvalidSignatureValueException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor InvalidSignatureValueException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public InvalidSignatureValueException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public InvalidSignatureValueException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public InvalidSignatureValueException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java
@@ -50,8 +50,8 @@
 import org.xml.sax.SAXException;
 
 /**
- * Handles <code>&lt;ds:Manifest&gt;</code> elements.
- * <p> This element holds the <code>Reference</code> elements</p>
+ * Handles {@code &lt;ds:Manifest&gt;} elements.
+ * <p> This element holds the {@code Reference} elements</p>
  */
 public class Manifest extends SignatureElementProxy {
 
@@ -60,36 +60,35 @@
      */
     public static final int MAXIMUM_REFERENCE_COUNT = 30;
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Manifest.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(Manifest.class);
 
     /** Field references */
     private List<Reference> references;
     private Element[] referencesEl;
 
     /** Field verificationResults[] */
-    private boolean verificationResults[] = null;
+    private boolean[] verificationResults;
 
     /** Field resolverProperties */
-    private Map<String, String> resolverProperties = null;
+    private Map<String, String> resolverProperties;
 
     /** Field perManifestResolvers */
-    private List<ResourceResolver> perManifestResolvers = null;
+    private List<ResourceResolver> perManifestResolvers;
 
     private boolean secureValidation;
 
     /**
      * Constructs {@link Manifest}
      *
-     * @param doc the {@link Document} in which <code>XMLsignature</code> is placed
+     * @param doc the {@link Document} in which {@code XMLsignature} is placed
      */
     public Manifest(Document doc) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
 
-        this.references = new ArrayList<Reference>();
+        this.references = new ArrayList<>();
     }
 
     /**
@@ -100,7 +99,7 @@
      * @throws XMLSecurityException
      */
     public Manifest(Element element, String baseURI) throws XMLSecurityException {
-        this(element, baseURI, false);
+        this(element, baseURI, true);
 
     }
     /**
@@ -125,7 +124,7 @@
         // check out Reference children
         this.referencesEl =
             XMLUtils.selectDsNodes(
-                this.constructionElement.getFirstChild(), Constants._TAG_REFERENCE
+                getFirstChild(), Constants._TAG_REFERENCE
             );
         int le = this.referencesEl.length;
         if (le == 0) {
@@ -143,7 +142,7 @@
         }
 
         // create List
-        this.references = new ArrayList<Reference>(le);
+        this.references = new ArrayList<>(le);
 
         for (int i = 0; i < le; i++) {
             Element refElem = referencesEl[i];
@@ -156,12 +155,12 @@
     }
 
     /**
-     * This <code>addDocument</code> method is used to add a new resource to the
+     * This {@code addDocument} method is used to add a new resource to the
      * signed info. A {@link com.sun.org.apache.xml.internal.security.signature.Reference} is built
      * from the supplied values.
      *
      * @param baseURI the URI of the resource where the XML instance was stored
-     * @param referenceURI <code>URI</code> attribute in <code>Reference</code> for specifying
+     * @param referenceURI {@code URI} attribute in {@code Reference} for specifying
      * where data is
      * @param transforms com.sun.org.apache.xml.internal.security.signature.Transforms object with an ordered
      * list of transformations to be performed.
@@ -176,7 +175,7 @@
     ) throws XMLSignatureException {
         // the this.doc is handed implicitly by the this.getOwnerDocument()
         Reference ref =
-            new Reference(this.doc, baseURI, referenceURI, this, transforms, digestURI);
+            new Reference(getDocument(), baseURI, referenceURI, this, transforms, digestURI);
 
         if (referenceId != null) {
             ref.setId(referenceId);
@@ -190,8 +189,8 @@
         this.references.add(ref);
 
         // add the Element of the Reference object to the Manifest/SignedInfo
-        this.constructionElement.appendChild(ref.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(ref);
+        addReturnToSelf();
     }
 
     /**
@@ -221,11 +220,11 @@
     }
 
     /**
-     * Return the <it>i</it><sup>th</sup> reference. Valid <code>i</code>
-     * values are 0 to <code>{link@ getSize}-1</code>.
+     * Return the <i>i</i><sup>th</sup> reference. Valid {@code i}
+     * values are 0 to {@code {link@ getSize}-1}.
      *
      * @param i Index of the requested {@link Reference}
-     * @return the <it>i</it><sup>th</sup> reference
+     * @return the <i>i</i><sup>th</sup> reference
      * @throws XMLSecurityException
      */
     public Reference item(int i) throws XMLSecurityException {
@@ -241,24 +240,23 @@
     }
 
     /**
-     * Sets the <code>Id</code> attribute
+     * Sets the {@code Id} attribute
      *
-     * @param Id the <code>Id</code> attribute in <code>ds:Manifest</code>
+     * @param Id the {@code Id} attribute in {@code ds:Manifest}
      */
     public void setId(String Id) {
         if (Id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+            setLocalIdAttribute(Constants._ATT_ID, Id);
         }
     }
 
     /**
-     * Returns the <code>Id</code> attribute
+     * Returns the {@code Id} attribute
      *
-     * @return the <code>Id</code> attribute in <code>ds:Manifest</code>
+     * @return the {@code Id} attribute in {@code ds:Manifest}
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
     /**
@@ -267,8 +265,8 @@
      *
      * <p>This step loops through all {@link Reference}s and does verify the hash
      * values. If one or more verifications fail, the method returns
-     * <code>false</code>. If <i>all</i> verifications are successful,
-     * it returns <code>true</code>. The results of the individual reference
+     * {@code false}. If <i>all</i> verifications are successful,
+     * it returns {@code true}. The results of the individual reference
      * validations are available by using the {@link #getVerificationResult(int)} method
      *
      * @return true if all References verify, false if one or more do not verify.
@@ -291,8 +289,8 @@
      *
      * <p>This step loops through all {@link Reference}s and does verify the hash
      * values. If one or more verifications fail, the method returns
-     * <code>false</code>. If <i>all</i> verifications are successful,
-     * it returns <code>true</code>. The results of the individual reference
+     * {@code false}. If <i>all</i> verifications are successful,
+     * it returns {@code true}. The results of the individual reference
      * validations are available by using the {@link #getVerificationResult(int)} method
      *
      * @param followManifests
@@ -310,16 +308,14 @@
         if (referencesEl == null) {
             this.referencesEl =
                 XMLUtils.selectDsNodes(
-                    this.constructionElement.getFirstChild(), Constants._TAG_REFERENCE
+                    getFirstChild(), Constants._TAG_REFERENCE
                 );
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "verify " + referencesEl.length + " References");
-            log.log(java.util.logging.Level.FINE, "I am " + (followManifests
-                ? "" : "not") + " requested to follow nested Manifests");
-        }
+        LOG.debug("verify {} References", referencesEl.length);
+        LOG.debug("I am {} requested to follow nested Manifests", (followManifests
+            ? "" : "not"));
         if (referencesEl.length == 0) {
-            throw new XMLSecurityException("empty");
+            throw new XMLSecurityException("empty", new Object[]{"References are empty"});
         }
         if (secureValidation && referencesEl.length > MAXIMUM_REFERENCE_COUNT) {
             Object exArgs[] = { referencesEl.length, MAXIMUM_REFERENCE_COUNT };
@@ -344,15 +340,11 @@
                 if (!currentRefVerified) {
                     verify = false;
                 }
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "The Reference has Type " + currentRef.getType());
-                }
+                LOG.debug("The Reference has Type {}", currentRef.getType());
 
                 // was verification successful till now and do we want to verify the Manifest?
                 if (verify && followManifests && currentRef.typeIsReferenceToManifest()) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "We have to follow a nested Manifest");
-                    }
+                    LOG.debug("We have to follow a nested Manifest");
 
                     try {
                         XMLSignatureInput signedManifestNodes =
@@ -361,10 +353,10 @@
                         Manifest referencedManifest = null;
                         Iterator<Node> nlIterator = nl.iterator();
 
-                        findManifest: while (nlIterator.hasNext()) {
+                        while (nlIterator.hasNext()) {
                             Node n = nlIterator.next();
 
-                            if ((n.getNodeType() == Node.ELEMENT_NODE)
+                            if (n.getNodeType() == Node.ELEMENT_NODE
                                 && ((Element) n).getNamespaceURI().equals(Constants.SignatureSpecNS)
                                 && ((Element) n).getLocalName().equals(Constants._TAG_MANIFEST)
                             ) {
@@ -373,11 +365,9 @@
                                         new Manifest(
                                              (Element)n, signedManifestNodes.getSourceURI(), secureValidation
                                         );
-                                    break findManifest;
+                                    break;
                                 } catch (XMLSecurityException ex) {
-                                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                        log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-                                    }
+                                    LOG.debug(ex.getMessage(), ex);
                                     // Hm, seems not to be a ds:Manifest
                                 }
                             }
@@ -386,7 +376,8 @@
                         if (referencedManifest == null) {
                             // The Reference stated that it points to a ds:Manifest
                             // but we did not find a ds:Manifest in the signed area
-                            throw new MissingResourceFailureException("empty", currentRef);
+                            throw new MissingResourceFailureException(currentRef, "empty",
+                                                                      new Object[]{"No Manifest found"});
                         }
 
                         referencedManifest.perManifestResolvers = this.perManifestResolvers;
@@ -398,25 +389,23 @@
                         if (!referencedManifestValid) {
                             verify = false;
 
-                            log.log(java.util.logging.Level.WARNING, "The nested Manifest was invalid (bad)");
+                            LOG.warn("The nested Manifest was invalid (bad)");
                         } else {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "The nested Manifest was valid (good)");
-                            }
+                            LOG.debug("The nested Manifest was valid (good)");
                         }
                     } catch (IOException ex) {
-                        throw new ReferenceNotInitializedException("empty", ex);
+                        throw new ReferenceNotInitializedException(ex);
                     } catch (ParserConfigurationException ex) {
-                        throw new ReferenceNotInitializedException("empty", ex);
+                        throw new ReferenceNotInitializedException(ex);
                     } catch (SAXException ex) {
-                        throw new ReferenceNotInitializedException("empty", ex);
+                        throw new ReferenceNotInitializedException(ex);
                     }
                 }
             } catch (ReferenceNotInitializedException ex) {
                 Object exArgs[] = { currentRef.getURI() };
 
                 throw new MissingResourceFailureException(
-                    "signature.Verification.Reference.NoInput", exArgs, ex, currentRef
+                    ex, currentRef, "signature.Verification.Reference.NoInput", exArgs
                 );
             }
         }
@@ -448,21 +437,21 @@
      * @throws XMLSecurityException
      */
     public boolean getVerificationResult(int index) throws XMLSecurityException {
-        if ((index < 0) || (index > this.getLength() - 1)) {
+        if (index < 0 || index > this.getLength() - 1) {
             Object exArgs[] = { Integer.toString(index), Integer.toString(this.getLength()) };
             Exception e =
                 new IndexOutOfBoundsException(
                     I18n.translate("signature.Verification.IndexOutOfBounds", exArgs)
                 );
 
-            throw new XMLSecurityException("generic.EmptyMessage", e);
+            throw new XMLSecurityException(e);
         }
 
         if (this.verificationResults == null) {
             try {
                 this.verifyReferences();
             } catch (Exception ex) {
-                throw new XMLSecurityException("generic.EmptyMessage", ex);
+                throw new XMLSecurityException(ex);
             }
         }
 
@@ -470,8 +459,8 @@
     }
 
     /**
-     * Adds Resource Resolver for retrieving resources at specified <code>URI</code> attribute
-     * in <code>reference</code> element
+     * Adds Resource Resolver for retrieving resources at specified {@code URI} attribute
+     * in {@code reference} element
      *
      * @param resolver {@link ResourceResolver} can provide the implemenatin subclass of
      * {@link ResourceResolverSpi} for retrieving resource.
@@ -481,14 +470,14 @@
             return;
         }
         if (perManifestResolvers == null) {
-            perManifestResolvers = new ArrayList<ResourceResolver>();
+            perManifestResolvers = new ArrayList<>();
         }
         this.perManifestResolvers.add(resolver);
     }
 
     /**
-     * Adds Resource Resolver for retrieving resources at specified <code>URI</code> attribute
-     * in <code>reference</code> element
+     * Adds Resource Resolver for retrieving resources at specified {@code URI} attribute
+     * in {@code reference} element
      *
      * @param resolverSpi the implementation subclass of {@link ResourceResolverSpi} for
      * retrieving the resource.
@@ -498,7 +487,7 @@
             return;
         }
         if (perManifestResolvers == null) {
-            perManifestResolvers = new ArrayList<ResourceResolver>();
+            perManifestResolvers = new ArrayList<>();
         }
         perManifestResolvers.add(new ResourceResolver(resolverSpi));
     }
@@ -528,7 +517,7 @@
      */
     public void setResolverProperty(String key, String value) {
         if (resolverProperties == null) {
-            resolverProperties = new HashMap<String, String>(10);
+            resolverProperties = new HashMap<>(10);
         }
         this.resolverProperties.put(key, value);
     }
@@ -555,13 +544,13 @@
         try {
             return this.getReferencedContentAfterTransformsItem(i).getBytes();
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (CanonicalizationException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (InvalidCanonicalizerException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (XMLSecurityException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -601,9 +590,13 @@
     /**
      * Method getBaseLocalName
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public String getBaseLocalName() {
         return Constants._TAG_MANIFEST;
     }
+
+    public boolean isSecureValidation() {
+        return secureValidation;
+    }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/MissingResourceFailureException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/MissingResourceFailureException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/MissingResourceFailureException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/MissingResourceFailureException.java
@@ -27,7 +27,6 @@
  * testing the signature fails because of uninitialized
  * {@link com.sun.org.apache.xml.internal.security.signature.Reference}s.
  *
- * @author Christian Geuer-Pollmann
  * @see ReferenceNotInitializedException
  */
 public class MissingResourceFailureException extends XMLSignatureException {
@@ -38,65 +37,89 @@
     private static final long serialVersionUID = 1L;
 
     /** Field uninitializedReference */
-    private Reference uninitializedReference = null;
+    private Reference uninitializedReference;
 
     /**
      * MissingKeyResourceFailureException constructor.
+     * @param reference
      * @param msgID
-     * @param reference
      * @see #getReference
      */
-    public MissingResourceFailureException(String msgID, Reference reference) {
+    public MissingResourceFailureException(Reference reference, String msgID) {
         super(msgID);
 
         this.uninitializedReference = reference;
     }
 
+    @Deprecated
+    public MissingResourceFailureException(String msgID, Reference reference) {
+        this(reference, msgID);
+    }
+
     /**
      * Constructor MissingResourceFailureException
      *
+     * @param reference
      * @param msgID
      * @param exArgs
-     * @param reference
      * @see #getReference
      */
-    public MissingResourceFailureException(String msgID, Object exArgs[], Reference reference) {
+    public MissingResourceFailureException(Reference reference, String msgID, Object exArgs[]) {
         super(msgID, exArgs);
 
         this.uninitializedReference = reference;
     }
 
-    /**
-     * Constructor MissingResourceFailureException
-     *
-     * @param msgID
-     * @param originalException
-     * @param reference
-     * @see #getReference
-     */
-    public MissingResourceFailureException(
-        String msgID, Exception originalException, Reference reference
-    ) {
-        super(msgID, originalException);
-
-        this.uninitializedReference = reference;
+    @Deprecated
+    public MissingResourceFailureException(String msgID, Object exArgs[], Reference reference) {
+        this(reference, msgID, exArgs);
     }
 
     /**
      * Constructor MissingResourceFailureException
      *
-     * @param msgID
-     * @param exArgs
      * @param originalException
      * @param reference
+     * @param msgID
      * @see #getReference
      */
     public MissingResourceFailureException(
+        Exception originalException, Reference reference, String msgID
+    ) {
+        super(originalException, msgID);
+
+        this.uninitializedReference = reference;
+    }
+
+    @Deprecated
+    public MissingResourceFailureException(
+        String msgID, Exception originalException, Reference reference
+    ) {
+        this(originalException, reference, msgID);
+    }
+
+    /**
+     * Constructor MissingResourceFailureException
+     *
+     * @param originalException
+     * @param reference
+     * @param msgID
+     * @param exArgs
+     * @see #getReference
+     */
+    public MissingResourceFailureException(
+        Exception originalException, Reference reference, String msgID, Object exArgs[]
+    ) {
+        super(originalException, msgID, exArgs);
+
+        this.uninitializedReference = reference;
+    }
+
+    @Deprecated
+    public MissingResourceFailureException(
         String msgID, Object exArgs[], Exception originalException, Reference reference
     ) {
-        super(msgID, exArgs, originalException);
-
-        this.uninitializedReference = reference;
+        this(originalException, reference, msgID, exArgs);
     }
 
     /**
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/NodeFilter.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/NodeFilter.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/NodeFilter.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/NodeFilter.java
@@ -33,8 +33,8 @@
      * Tells if a node must be output in c14n.
      * @param n
      * @return 1 if the node should be output.
-     *         0 if node must not be output,
-     *         -1 if the node and all it's child must not be output.
+     *            0 if node must not be output,
+     *           -1 if the node and all it's child must not be output.
      *
      */
     int isNodeInclude(Node n);
@@ -47,8 +47,8 @@
      * @param n
      * @param level the relative level in the tree
      * @return 1 if the node should be output.
-     *         0 if node must not be output,
-     *         -1 if the node and all it's child must not be output.
+     *            0 if node must not be output,
+     *           -1 if the node and all it's child must not be output.
      */
     int isNodeIncludeDO(Node n, int level);
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ObjectContainer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ObjectContainer.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ObjectContainer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ObjectContainer.java
@@ -31,10 +31,9 @@
 
 
 /**
- * Handles <code>&lt;ds:Object&gt;</code> elements
- * <code>Object<code> {@link Element} supply facility which can contain any kind data
+ * Handles {@code &lt;ds:Object&gt;} elements
+ * {@code Object} {@link Element} supply facility which can contain any kind data
  *
- * @author Christian Geuer-Pollmann
  * $todo$ if we remove childen, the boolean values are not updated
  */
 public class ObjectContainer extends SignatureElementProxy {
@@ -42,7 +41,7 @@
     /**
      * Constructs {@link ObjectContainer}
      *
-     * @param doc the {@link Document} in which <code>Object</code> element is placed
+     * @param doc the {@link Document} in which {@code Object} element is placed
      */
     public ObjectContainer(Document doc) {
         super(doc);
@@ -51,7 +50,7 @@
     /**
      * Constructs {@link ObjectContainer} from {@link Element}
      *
-     * @param element is <code>Object</code> element
+     * @param element is {@code Object} element
      * @param baseURI the URI of the resource where the XML instance was stored
      * @throws XMLSecurityException
      */
@@ -60,64 +59,63 @@
     }
 
     /**
-     * Sets the <code>Id</code> attribute
+     * Sets the {@code Id} attribute
      *
-     * @param Id <code>Id</code> attribute
+     * @param Id {@code Id} attribute
      */
     public void setId(String Id) {
         if (Id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+            setLocalIdAttribute(Constants._ATT_ID, Id);
         }
     }
 
     /**
-     * Returns the <code>Id</code> attribute
+     * Returns the {@code Id} attribute
      *
-     * @return the <code>Id</code> attribute
+     * @return the {@code Id} attribute
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
     /**
-     * Sets the <code>MimeType</code> attribute
+     * Sets the {@code MimeType} attribute
      *
-     * @param MimeType the <code>MimeType</code> attribute
+     * @param MimeType the {@code MimeType} attribute
      */
     public void setMimeType(String MimeType) {
         if (MimeType != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_MIMETYPE, MimeType);
+            setLocalAttribute(Constants._ATT_MIMETYPE, MimeType);
         }
     }
 
     /**
-     * Returns the <code>MimeType</code> attribute
+     * Returns the {@code MimeType} attribute
      *
-     * @return the <code>MimeType</code> attribute
+     * @return the {@code MimeType} attribute
      */
     public String getMimeType() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_MIMETYPE);
+        return getLocalAttribute(Constants._ATT_MIMETYPE);
     }
 
     /**
-     * Sets the <code>Encoding</code> attribute
+     * Sets the {@code Encoding} attribute
      *
-     * @param Encoding the <code>Encoding</code> attribute
+     * @param Encoding the {@code Encoding} attribute
      */
     public void setEncoding(String Encoding) {
         if (Encoding != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ENCODING, Encoding);
+            setLocalAttribute(Constants._ATT_ENCODING, Encoding);
         }
     }
 
     /**
-     * Returns the <code>Encoding</code> attribute
+     * Returns the {@code Encoding} attribute
      *
-     * @return the <code>Encoding</code> attribute
+     * @return the {@code Encoding} attribute
      */
     public String getEncoding() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ENCODING);
+        return getLocalAttribute(Constants._ATT_ENCODING);
     }
 
     /**
@@ -127,10 +125,11 @@
      * @return the new node in the tree.
      */
     public Node appendChild(Node node) {
-        return this.constructionElement.appendChild(node);
+        appendSelf(node);
+        return node;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_OBJECT;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java
@@ -26,14 +26,15 @@
 import java.io.OutputStream;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.Base64;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 
+import com.sun.org.apache.xml.internal.security.algorithms.Algorithm;
 import com.sun.org.apache.xml.internal.security.algorithms.MessageDigestAlgorithm;
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.signature.reference.ReferenceData;
 import com.sun.org.apache.xml.internal.security.signature.reference.ReferenceNodeSetData;
@@ -44,7 +45,6 @@
 import com.sun.org.apache.xml.internal.security.transforms.TransformationException;
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.DigesterOutputStream;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
@@ -59,11 +59,11 @@
 import org.w3c.dom.Text;
 
 /**
- * Handles <code>&lt;ds:Reference&gt;</code> elements.
+ * Handles {@code &lt;ds:Reference&gt;} elements.
  *
  * This includes:
  *
- * Constructs a <CODE>ds:Reference</CODE> from an {@link org.w3c.dom.Element}.
+ * Construct a {@code ds:Reference} from an {@link org.w3c.dom.Element}.
  *
  * <p>Create a new reference</p>
  * <pre>
@@ -100,7 +100,6 @@
  *  &lt;/complexType&gt;
  * </pre>
  *
- * @author Christian Geuer-Pollmann
  * @see ObjectContainer
  * @see Manifest
  */
@@ -124,16 +123,12 @@
      * will be added if necessary when generating the signature. See section
      * 3.1.1 of http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ for more info.
      */
-    private static boolean useC14N11 = (
-        AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-            public Boolean run() {
-                return Boolean.valueOf(Boolean.getBoolean("com.sun.org.apache.xml.internal.security.useC14N11"));
-            }
-        })).booleanValue();
+    private static boolean useC14N11 =
+        AccessController.doPrivileged((PrivilegedAction<Boolean>)
+            () -> Boolean.getBoolean("com.sun.org.apache.xml.internal.security.useC14N11"));
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Reference.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(Reference.class);
 
     private Manifest manifest;
     private XMLSignatureInput transformsOutput;
@@ -149,7 +144,7 @@
     /**
      * Constructor Reference
      *
-     * @param doc the {@link Document} in which <code>XMLsignature</code> is placed
+     * @param doc the {@link Document} in which {@code XMLsignature} is placed
      * @param baseURI the URI of the resource where the XML instance will be stored
      * @param referenceURI URI indicate where is data which will digested
      * @param manifest
@@ -165,7 +160,7 @@
     ) throws XMLSignatureException {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
 
         this.baseURI = baseURI;
         this.manifest = manifest;
@@ -178,29 +173,39 @@
         // this.manifest.appendChild(this.doc.createTextNode("\n"));
 
         if (transforms != null) {
-            this.transforms=transforms;
-            this.constructionElement.appendChild(transforms.getElement());
-            XMLUtils.addReturnToElement(this.constructionElement);
+            this.transforms = transforms;
+            appendSelf(transforms);
+            addReturnToSelf();
         }
-        MessageDigestAlgorithm mda =
-            MessageDigestAlgorithm.getInstance(this.doc, messageDigestAlgorithm);
+
+        // Create DigestMethod Element without actually instantiating a MessageDigest Object
+        Algorithm digestAlgorithm = new Algorithm(getDocument(), messageDigestAlgorithm) {
+            public String getBaseNamespace() {
+                return Constants.SignatureSpecNS;
+            }
 
-        digestMethodElem = mda.getElement();
-        this.constructionElement.appendChild(digestMethodElem);
-        XMLUtils.addReturnToElement(this.constructionElement);
+            public String getBaseLocalName() {
+                return Constants._TAG_DIGESTMETHOD;
+            }
+        };
+
+        digestMethodElem = digestAlgorithm.getElement();
+
+        appendSelf(digestMethodElem);
+        addReturnToSelf();
 
         digestValueElement =
-            XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_DIGESTVALUE);
+            XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_DIGESTVALUE);
 
-        this.constructionElement.appendChild(digestValueElement);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(digestValueElement);
+        addReturnToSelf();
     }
 
 
     /**
      * Build a {@link Reference} from an {@link Element}
      *
-     * @param element <code>Reference</code> element
+     * @param element {@code Reference} element
      * @param baseURI the URI of the resource where the XML instance was stored
      * @param manifest is the {@link Manifest} of {@link SignedInfo} in which the Reference occurs.
      * We need this because the Manifest has the individual {@link ResourceResolver}s which have
@@ -208,13 +213,13 @@
      * @throws XMLSecurityException
      */
     protected Reference(Element element, String baseURI, Manifest manifest) throws XMLSecurityException {
-        this(element, baseURI, manifest, false);
+        this(element, baseURI, manifest, true);
     }
 
     /**
      * Build a {@link Reference} from an {@link Element}
      *
-     * @param element <code>Reference</code> element
+     * @param element {@code Reference} element
      * @param baseURI the URI of the resource where the XML instance was stored
      * @param manifest is the {@link Manifest} of {@link SignedInfo} in which the Reference occurs.
      * @param secureValidation whether secure validation is enabled or not
@@ -228,7 +233,8 @@
         this.secureValidation = secureValidation;
         this.baseURI = baseURI;
         Element el = XMLUtils.getNextElement(element.getFirstChild());
-        if (Constants._TAG_TRANSFORMS.equals(el.getLocalName())
+
+        if (el != null && Constants._TAG_TRANSFORMS.equals(el.getLocalName())
             && Constants.SignatureSpecNS.equals(el.getNamespaceURI())) {
             transforms = new Transforms(el, this.baseURI);
             transforms.setSecureValidation(secureValidation);
@@ -239,8 +245,16 @@
             }
             el = XMLUtils.getNextElement(el.getNextSibling());
         }
+
         digestMethodElem = el;
+        if (digestMethodElem == null) {
+            throw new XMLSecurityException("signature.Reference.NoDigestMethod");
+        }
+
         digestValueElement = XMLUtils.getNextElement(digestMethodElem.getNextSibling());
+        if (digestValueElement == null) {
+            throw new XMLSecurityException("signature.Reference.NoDigestValue");
+        }
         this.manifest = manifest;
     }
 
@@ -259,7 +273,7 @@
 
         String uri = digestMethodElem.getAttributeNS(null, Constants._ATT_ALGORITHM);
 
-        if (uri == null) {
+        if ("".equals(uri)) {
             return null;
         }
 
@@ -269,82 +283,81 @@
             throw new XMLSignatureException("signature.signatureAlgorithm", exArgs);
         }
 
-        return MessageDigestAlgorithm.getInstance(this.doc, uri);
+        return MessageDigestAlgorithm.getInstance(getDocument(), uri);
     }
 
     /**
-     * Sets the <code>URI</code> of this <code>Reference</code> element
+     * Sets the {@code URI} of this {@code Reference} element
      *
-     * @param uri the <code>URI</code> of this <code>Reference</code> element
+     * @param uri the {@code URI} of this {@code Reference} element
      */
     public void setURI(String uri) {
         if (uri != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_URI, uri);
+            setLocalAttribute(Constants._ATT_URI, uri);
         }
     }
 
     /**
-     * Returns the <code>URI</code> of this <code>Reference</code> element
+     * Returns the {@code URI} of this {@code Reference} element
      *
-     * @return URI the <code>URI</code> of this <code>Reference</code> element
+     * @return URI the {@code URI} of this {@code Reference} element
      */
     public String getURI() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_URI);
+        return getLocalAttribute(Constants._ATT_URI);
     }
 
     /**
-     * Sets the <code>Id</code> attribute of this <code>Reference</code> element
+     * Sets the {@code Id} attribute of this {@code Reference} element
      *
-     * @param id the <code>Id</code> attribute of this <code>Reference</code> element
+     * @param id the {@code Id} attribute of this {@code Reference} element
      */
     public void setId(String id) {
         if (id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+            setLocalIdAttribute(Constants._ATT_ID, id);
         }
     }
 
     /**
-     * Returns the <code>Id</code> attribute of this <code>Reference</code> element
+     * Returns the {@code Id} attribute of this {@code Reference} element
      *
-     * @return Id the <code>Id</code> attribute of this <code>Reference</code> element
+     * @return Id the {@code Id} attribute of this {@code Reference} element
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
     /**
-     * Sets the <code>type</code> atttibute of the Reference indicate whether an
-     * <code>ds:Object</code>, <code>ds:SignatureProperty</code>, or <code>ds:Manifest</code>
+     * Sets the {@code type} atttibute of the Reference indicate whether an
+     * {@code ds:Object}, {@code ds:SignatureProperty}, or {@code ds:Manifest}
      * element.
      *
-     * @param type the <code>type</code> attribute of the Reference
+     * @param type the {@code type} attribute of the Reference
      */
     public void setType(String type) {
         if (type != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_TYPE, type);
+            setLocalAttribute(Constants._ATT_TYPE, type);
         }
     }
 
     /**
-     * Return the <code>type</code> atttibute of the Reference indicate whether an
-     * <code>ds:Object</code>, <code>ds:SignatureProperty</code>, or <code>ds:Manifest</code>
+     * Return the {@code type} atttibute of the Reference indicate whether an
+     * {@code ds:Object}, {@code ds:SignatureProperty}, or {@code ds:Manifest}
      * element
      *
-     * @return the <code>type</code> attribute of the Reference
+     * @return the {@code type} attribute of the Reference
      */
     public String getType() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_TYPE);
+        return getLocalAttribute(Constants._ATT_TYPE);
     }
 
     /**
      * Method isReferenceToObject
      *
-     * This returns true if the <CODE>Type</CODE> attribute of the
-     * <CODE>Reference</CODE> element points to a <CODE>#Object</CODE> element
+     * This returns true if the {@code Type} attribute of the
+     * {@code Reference} element points to a {@code #Object} element
      *
      * @return true if the Reference type indicates that this Reference points to an
-     * <code>Object</code>
+     * {@code Object}
      */
     public boolean typeIsReferenceToObject() {
         if (Reference.OBJECT_URI.equals(this.getType())) {
@@ -357,8 +370,8 @@
     /**
      * Method isReferenceToManifest
      *
-     * This returns true if the <CODE>Type</CODE> attribute of the
-     * <CODE>Reference</CODE> element points to a <CODE>#Manifest</CODE> element
+     * This returns true if the {@code Type} attribute of the
+     * {@code Reference} element points to a {@code #Manifest} element
      *
      * @return true if the Reference type indicates that this Reference points to a
      * {@link Manifest}
@@ -383,8 +396,8 @@
             n = n.getNextSibling();
         }
 
-        String base64codedValue = Base64.encode(digestValue);
-        Text t = this.doc.createTextNode(base64codedValue);
+        String base64codedValue = Base64.getMimeEncoder().encodeToString(digestValue);
+        Text t = createText(base64codedValue);
 
         digestValueElement.appendChild(t);
     }
@@ -410,7 +423,7 @@
         throws ReferenceNotInitializedException {
         try {
             Attr uriAttr =
-                this.constructionElement.getAttributeNodeNS(null, Constants._ATT_URI);
+                getElement().getAttributeNodeNS(null, Constants._ATT_URI);
 
             ResourceResolver resolver =
                 ResourceResolver.getInstance(
@@ -420,7 +433,7 @@
 
             return resolver.resolve(uriAttr, this.baseURI, secureValidation);
         }  catch (ResourceResolverException ex) {
-            throw new ReferenceNotInitializedException("empty", ex);
+            throw new ReferenceNotInitializedException(ex);
         }
     }
 
@@ -442,15 +455,15 @@
 
             return output;
         } catch (ResourceResolverException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (CanonicalizationException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (InvalidCanonicalizerException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (TransformationException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (XMLSecurityException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -483,35 +496,37 @@
             Transforms transforms = this.getTransforms();
 
             if (transforms != null) {
-                doTransforms: for (int i = 0; i < transforms.getLength(); i++) {
+                for (int i = 0; i < transforms.getLength(); i++) {
                     Transform t = transforms.item(i);
                     String uri = t.getURI();
 
                     if (uri.equals(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)
                         || uri.equals(Transforms.TRANSFORM_C14N_EXCL_WITH_COMMENTS)
                         || uri.equals(Transforms.TRANSFORM_C14N_OMIT_COMMENTS)
-                        || uri.equals(Transforms.TRANSFORM_C14N_WITH_COMMENTS)) {
-                        break doTransforms;
+                        || uri.equals(Transforms.TRANSFORM_C14N_WITH_COMMENTS)
+                        || uri.equals(Transforms.TRANSFORM_C14N11_OMIT_COMMENTS)
+                        || uri.equals(Transforms.TRANSFORM_C14N11_WITH_COMMENTS)) {
+                        break;
                     }
 
                     output = t.performTransform(output, null);
                 }
 
-            output.setSourceURI(input.getSourceURI());
+                output.setSourceURI(input.getSourceURI());
             }
             return output;
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (ResourceResolverException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (CanonicalizationException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (InvalidCanonicalizerException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (TransformationException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (XMLSecurityException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -528,23 +543,23 @@
             Transform c14nTransform = null;
 
             if (transforms != null) {
-                doTransforms: for (int i = 0; i < transforms.getLength(); i++) {
+                for (int i = 0; i < transforms.getLength(); i++) {
                     Transform t = transforms.item(i);
                     String uri = t.getURI();
 
                     if (uri.equals(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)
                         || uri.equals(Transforms.TRANSFORM_C14N_EXCL_WITH_COMMENTS)) {
                         c14nTransform = t;
-                        break doTransforms;
+                        break;
                     }
                 }
             }
 
-            Set<String> inclusiveNamespaces = new HashSet<String>();
+            Set<String> inclusiveNamespaces = new HashSet<>();
             if (c14nTransform != null
-                && (c14nTransform.length(
+                && c14nTransform.length(
                     InclusiveNamespaces.ExclusiveCanonicalizationNamespace,
-                    InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1)) {
+                    InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1) {
 
                 // there is one InclusiveNamespaces element
                 InclusiveNamespaces in =
@@ -562,11 +577,11 @@
 
             return nodes.getHTMLRepresentation(inclusiveNamespaces);
         } catch (TransformationException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (InvalidTransformException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (XMLSecurityException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -588,7 +603,7 @@
 
     /**
      * This method returns the {@link XMLSignatureInput} which is referenced by the
-     * <CODE>URI</CODE> Attribute.
+     * {@code URI} Attribute.
      * @param os where to write the transformation can be null.
      * @return the element to digest
      *
@@ -605,7 +620,7 @@
             this.transformsOutput = output;
             return output;
         } catch (XMLSecurityException ex) {
-            throw new ReferenceNotInitializedException("empty", ex);
+            throw new ReferenceNotInitializedException(ex);
         }
     }
 
@@ -622,14 +637,17 @@
 
                             Iterator<Node> sIterator = s.iterator();
 
+                            @Override
                             public boolean hasNext() {
                                 return sIterator.hasNext();
                             }
 
+                            @Override
                             public Node next() {
                                 return sIterator.next();
                             }
 
+                            @Override
                             public void remove() {
                                 throw new UnsupportedOperationException();
                             }
@@ -637,8 +655,8 @@
                     }
                 };
             } catch (Exception e) {
-                // log a warning
-                log.log(java.util.logging.Level.WARNING, "cannot cache dereferenced data: " + e);
+                // LOG a warning
+                LOG.warn("cannot cache dereferenced data: " + e);
             }
         } else if (input.isElement()) {
             referenceData = new ReferenceSubTreeData
@@ -649,8 +667,8 @@
                     (input.getOctetStream(), input.getSourceURI(),
                         input.getMIMEType());
             } catch (IOException ioe) {
-                // log a warning
-                log.log(java.util.logging.Level.WARNING, "cannot cache dereferenced data: " + ioe);
+                // LOG a warning
+                LOG.warn("cannot cache dereferenced data: " + ioe);
             }
         }
     }
@@ -683,9 +701,9 @@
             XMLSignatureInput output = this.dereferenceURIandPerformTransforms(null);
             return output.getBytes();
         } catch (IOException ex) {
-            throw new ReferenceNotInitializedException("empty", ex);
+            throw new ReferenceNotInitializedException(ex);
         } catch (CanonicalizationException ex) {
-            throw new ReferenceNotInitializedException("empty", ex);
+            throw new ReferenceNotInitializedException(ex);
         }
     }
 
@@ -700,22 +718,25 @@
      */
     private byte[] calculateDigest(boolean validating)
         throws ReferenceNotInitializedException, XMLSignatureException {
-        OutputStream os = null;
-        try {
-            MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
+        XMLSignatureInput input = this.getContentsBeforeTransformation();
+        if (input.isPreCalculatedDigest()) {
+            return getPreCalculatedDigest(input);
+        }
 
-            mda.reset();
-            DigesterOutputStream diOs = new DigesterOutputStream(mda);
-            os = new UnsyncBufferedOutputStream(diOs);
+        MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
+        mda.reset();
+
+        try (DigesterOutputStream diOs = new DigesterOutputStream(mda);
+            OutputStream os = new UnsyncBufferedOutputStream(diOs)) {
             XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);
             // if signing and c14n11 property == true explicitly add
             // C14N11 transform if needed
             if (Reference.useC14N11 && !validating && !output.isOutputStreamSet()
                 && !output.isOctetStream()) {
                 if (transforms == null) {
-                    transforms = new Transforms(this.doc);
+                    transforms = new Transforms(getDocument());
                     transforms.setSecureValidation(secureValidation);
-                    this.constructionElement.insertBefore(transforms.getElement(), digestMethodElem);
+                    getElement().insertBefore(transforms.getElement(), digestMethodElem);
                 }
                 transforms.addTransform(Transforms.TRANSFORM_C14N11_OMIT_COMMENTS);
                 output.updateOutputStream(os, true);
@@ -733,28 +754,34 @@
 
             return diOs.getDigestValue();
         } catch (XMLSecurityException ex) {
-            throw new ReferenceNotInitializedException("empty", ex);
+            throw new ReferenceNotInitializedException(ex);
         } catch (IOException ex) {
-            throw new ReferenceNotInitializedException("empty", ex);
-        } finally {
-            if (os != null) {
-                try {
-                    os.close();
-                } catch (IOException ex) {
-                    throw new ReferenceNotInitializedException("empty", ex);
-                }
-            }
+            throw new ReferenceNotInitializedException(ex);
         }
     }
 
     /**
+     * Get the pre-calculated digest value from the XMLSignatureInput.
+     *
+     * @param input XMLSignature
+     * @return a pre-calculated digest value.
+     * @throws ReferenceNotInitializedException if there is an error decoding digest value
+     * in Base64. Properly encoded pre-calculated digest value must be set.
+     */
+    private byte[] getPreCalculatedDigest(XMLSignatureInput input)
+            throws ReferenceNotInitializedException {
+        LOG.debug("Verifying element with pre-calculated digest");
+        String preCalculatedDigest = input.getPreCalculatedDigest();
+        return Base64.getMimeDecoder().decode(preCalculatedDigest);
+    }
+
+    /**
      * Returns the digest value.
      *
      * @return the digest value.
-     * @throws Base64DecodingException if Reference contains no proper base64 encoded data.
      * @throws XMLSecurityException if the Reference does not contain a DigestValue element
      */
-    public byte[] getDigestValue() throws Base64DecodingException, XMLSecurityException {
+    public byte[] getDigestValue() throws XMLSecurityException {
         if (digestValueElement == null) {
             // The required element is not in the XML!
             Object[] exArgs ={ Constants._TAG_DIGESTVALUE, Constants.SignatureSpecNS };
@@ -762,7 +789,8 @@
                 "signature.Verification.NoSignatureElement", exArgs
             );
         }
-        return Base64.decode(digestValueElement);
+        String content = XMLUtils.getFullTextChildrenFromElement(digestValueElement);
+        return Base64.getMimeDecoder().decode(content);
     }
 
 
@@ -780,13 +808,11 @@
         boolean equal = MessageDigestAlgorithm.isEqual(elemDig, calcDig);
 
         if (!equal) {
-            log.log(java.util.logging.Level.WARNING, "Verification failed for URI \"" + this.getURI() + "\"");
-            log.log(java.util.logging.Level.WARNING, "Expected Digest: " + Base64.encode(elemDig));
-            log.log(java.util.logging.Level.WARNING, "Actual Digest: " + Base64.encode(calcDig));
+            LOG.warn("Verification failed for URI \"" + this.getURI() + "\"");
+            LOG.warn("Expected Digest: " + Base64.getMimeEncoder().encodeToString(elemDig));
+            LOG.warn("Actual Digest: " + Base64.getMimeEncoder().encodeToString(calcDig));
         } else {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Verification successful for URI \"" + this.getURI() + "\"");
-            }
+            LOG.debug("Verification successful for URI \"{}\"", this.getURI());
         }
 
         return equal;
@@ -794,7 +820,7 @@
 
     /**
      * Method getBaseLocalName
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public String getBaseLocalName() {
         return Constants._TAG_REFERENCE;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ReferenceNotInitializedException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ReferenceNotInitializedException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ReferenceNotInitializedException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/ReferenceNotInitializedException.java
@@ -26,7 +26,6 @@
  * Raised if verifying a {@link com.sun.org.apache.xml.internal.security.signature.Reference} fails
  * because of an uninitialized {@link com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput}
  *
- * @author Christian Geuer-Pollmann
  */
 public class ReferenceNotInitializedException extends XMLSignatureException {
 
@@ -43,6 +42,10 @@
         super();
     }
 
+    public ReferenceNotInitializedException(Exception ex) {
+        super(ex);
+    }
+
     /**
      * Constructor ReferenceNotInitializedException
      *
@@ -65,21 +68,31 @@
     /**
      * Constructor ReferenceNotInitializedException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public ReferenceNotInitializedException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public ReferenceNotInitializedException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor ReferenceNotInitializedException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public ReferenceNotInitializedException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public ReferenceNotInitializedException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public ReferenceNotInitializedException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperties.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperties.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperties.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperties.java
@@ -31,12 +31,11 @@
 import org.w3c.dom.Element;
 
 /**
- * Handles <code>&lt;ds:SignatureProperties&gt;</code> elements
- * This Element holds {@link SignatureProperty} that contian additional information items
+ * Handles {@code &lt;ds:SignatureProperties&gt;} elements
+ * This Element holds {@link SignatureProperty} properties that contain additional information items
  * concerning the generation of the signature.
  * for example, data-time stamp, serial number of cryptographic hardware.
  *
- * @author Christian Geuer-Pollmann
  */
 public class SignatureProperties extends SignatureElementProxy {
 
@@ -48,17 +47,17 @@
     public SignatureProperties(Document doc) {
         super(doc);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
     }
 
     /**
      * Constructs {@link SignatureProperties} from {@link Element}
-     * @param element <code>SignatureProperties</code> element
-     * @param BaseURI the URI of the resource where the XML instance was stored
+     * @param element {@code SignatureProperties} element
+     * @param baseURI the URI of the resource where the XML instance was stored
      * @throws XMLSecurityException
      */
-    public SignatureProperties(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public SignatureProperties(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
 
         Attr attr = element.getAttributeNodeNS(null, "Id");
         if (attr != null) {
@@ -68,7 +67,7 @@
         int length = getLength();
         for (int i = 0; i < length; i++) {
             Element propertyElem =
-                XMLUtils.selectDsNode(this.constructionElement, Constants._TAG_SIGNATUREPROPERTY, i);
+                XMLUtils.selectDsNode(getElement(), Constants._TAG_SIGNATUREPROPERTY, i);
             Attr propertyAttr = propertyElem.getAttributeNodeNS(null, "Id");
             if (propertyAttr != null) {
                 propertyElem.setIdAttributeNode(propertyAttr, true);
@@ -83,52 +82,51 @@
      */
     public int getLength() {
         Element[] propertyElems =
-            XMLUtils.selectDsNodes(this.constructionElement, Constants._TAG_SIGNATUREPROPERTY);
+            XMLUtils.selectDsNodes(getElement(), Constants._TAG_SIGNATUREPROPERTY);
 
         return propertyElems.length;
     }
 
     /**
-     * Return the <it>i</it><sup>th</sup> SignatureProperty. Valid <code>i</code>
-     * values are 0 to <code>{link@ getSize}-1</code>.
+     * Return the <i>i</i><sup>th</sup> SignatureProperty. Valid {@code i}
+     * values are 0 to {@code {link@ getSize}-1}.
      *
      * @param i Index of the requested {@link SignatureProperty}
-     * @return the <it>i</it><sup>th</sup> SignatureProperty
+     * @return the <i>i</i><sup>th</sup> SignatureProperty
      * @throws XMLSignatureException
      */
     public SignatureProperty item(int i) throws XMLSignatureException {
         try {
             Element propertyElem =
-                XMLUtils.selectDsNode(this.constructionElement, Constants._TAG_SIGNATUREPROPERTY, i);
+                XMLUtils.selectDsNode(getElement(), Constants._TAG_SIGNATUREPROPERTY, i);
 
             if (propertyElem == null) {
                 return null;
             }
             return new SignatureProperty(propertyElem, this.baseURI);
         } catch (XMLSecurityException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * Sets the <code>Id</code> attribute
+     * Sets the {@code Id} attribute
      *
-     * @param Id the <code>Id</code> attribute
+     * @param Id the {@code Id} attribute
      */
     public void setId(String Id) {
         if (Id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+            setLocalIdAttribute(Constants._ATT_ID, Id);
         }
     }
 
     /**
-     * Returns the <code>Id</code> attribute
+     * Returns the {@code Id} attribute
      *
-     * @return the <code>Id</code> attribute
+     * @return the {@code Id} attribute
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
     /**
@@ -137,11 +135,11 @@
      * @param sp
      */
     public void addSignatureProperty(SignatureProperty sp) {
-        this.constructionElement.appendChild(sp.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(sp);
+        addReturnToSelf();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_SIGNATUREPROPERTIES;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperty.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperty.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperty.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperty.java
@@ -30,19 +30,18 @@
 import org.w3c.dom.Node;
 
 /**
- * Handles <code>&lt;ds:SignatureProperty&gt;</code> elements
+ * Handles {@code &lt;ds:SignatureProperty&gt;} elements
  * Additional information item concerning the generation of the signature(s) can
  * be placed in this Element
  *
- * @author Christian Geuer-Pollmann
  */
 public class SignatureProperty extends SignatureElementProxy {
 
     /**
-     * Constructs{@link SignatureProperty} using specified <code>target</code> attribute
+     * Constructs{@link SignatureProperty} using specified {@code target} attribute
      *
-     * @param doc the {@link Document} in which <code>XMLsignature</code> is placed
-     * @param target the <code>target</code> attribute references the <code>Signature</code>
+     * @param doc the {@link Document} in which {@code XMLsignature} is placed
+     * @param target the {@code target} attribute references the {@code Signature}
      * element to which the property applies SignatureProperty
      */
     public SignatureProperty(Document doc, String target) {
@@ -50,13 +49,13 @@
     }
 
     /**
-     * Constructs {@link SignatureProperty} using sepcified <code>target</code> attribute and
-     * <code>id</code> attribute
+     * Constructs {@link SignatureProperty} using sepcified {@code target} attribute and
+     * {@code id} attribute
      *
-     * @param doc the {@link Document} in which <code>XMLsignature</code> is placed
-     * @param target the <code>target</code> attribute references the <code>Signature</code>
+     * @param doc the {@link Document} in which {@code XMLsignature} is placed
+     * @param target the {@code target} attribute references the {@code Signature}
      *  element to which the property applies
-     * @param id the <code>id</code> will be specified by {@link Reference#getURI} in validation
+     * @param id the {@code id} will be specified by {@link Reference#getURI} in validation
      */
     public SignatureProperty(Document doc, String target, String id) {
         super(doc);
@@ -67,53 +66,52 @@
 
     /**
      * Constructs a {@link SignatureProperty} from an {@link Element}
-     * @param element <code>SignatureProperty</code> element
-     * @param BaseURI the URI of the resource where the XML instance was stored
+     * @param element {@code SignatureProperty} element
+     * @param baseURI the URI of the resource where the XML instance was stored
      * @throws XMLSecurityException
      */
-    public SignatureProperty(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public SignatureProperty(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
-     *   Sets the <code>id</code> attribute
+     *   Sets the {@code id} attribute
      *
-     *   @param id the <code>id</code> attribute
+     *   @param id the {@code id} attribute
      */
     public void setId(String id) {
         if (id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+            setLocalIdAttribute(Constants._ATT_ID, id);
         }
     }
 
     /**
-     * Returns the <code>id</code> attribute
+     * Returns the {@code id} attribute
      *
-     * @return the <code>id</code> attribute
+     * @return the {@code id} attribute
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
     /**
-     * Sets the <code>target</code> attribute
+     * Sets the {@code target} attribute
      *
-     * @param target the <code>target</code> attribute
+     * @param target the {@code target} attribute
      */
     public void setTarget(String target) {
         if (target != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_TARGET, target);
+            setLocalAttribute(Constants._ATT_TARGET, target);
         }
     }
 
     /**
-     * Returns the <code>target</code> attribute
+     * Returns the {@code target} attribute
      *
-     * @return the <code>target</code> attribute
+     * @return the {@code target} attribute
      */
     public String getTarget() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_TARGET);
+        return getLocalAttribute(Constants._ATT_TARGET);
     }
 
     /**
@@ -123,10 +121,11 @@
      * @return the node in this element.
      */
     public Node appendChild(Node node) {
-        return this.constructionElement.appendChild(node);
+        appendSelf(node);
+        return node;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_SIGNATUREPROPERTY;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java
@@ -24,10 +24,11 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
+
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
-import javax.xml.XMLConstants;
 import javax.xml.parsers.ParserConfigurationException;
 
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
@@ -35,28 +36,27 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
+import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
-import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
 
 /**
- * Handles <code>&lt;ds:SignedInfo&gt;</code> elements
- * This <code>SignedInfo<code> element includes the canonicalization algorithm,
+ * Handles {@code &lt;ds:SignedInfo&gt;} elements
+ * This {@code SignedInfo} element includes the canonicalization algorithm,
  * a signature algorithm, and one or more references.
  *
- * @author Christian Geuer-Pollmann
  */
 public class SignedInfo extends Manifest {
 
     /** Field signatureAlgorithm */
-    private SignatureAlgorithm signatureAlgorithm = null;
+    private SignatureAlgorithm signatureAlgorithm;
 
     /** Field c14nizedBytes           */
-    private byte[] c14nizedBytes = null;
+    private byte[] c14nizedBytes;
 
     private Element c14nMethod;
     private Element signatureMethod;
@@ -65,7 +65,7 @@
      * Overwrites {@link Manifest#addDocument} because it creates another
      * Element.
      *
-     * @param doc the {@link Document} in which <code>XMLsignature</code> will
+     * @param doc the {@link Document} in which {@code XMLsignature} will
      *    be placed
      * @throws XMLSecurityException
      */
@@ -78,7 +78,7 @@
      * Constructs {@link SignedInfo} using given Canonicalization algorithm and
      * Signature algorithm.
      *
-     * @param doc <code>SignedInfo</code> is placed in this document
+     * @param doc {@code SignedInfo} is placed in this document
      * @param signatureMethodURI URI representation of the Digest and
      *    Signature algorithm
      * @param canonicalizationMethodURI URI representation of the
@@ -94,7 +94,7 @@
     /**
      * Constructor SignedInfo
      *
-     * @param doc <code>SignedInfo</code> is placed in this document
+     * @param doc {@code SignedInfo} is placed in this document
      * @param signatureMethodURI URI representation of the Digest and
      *    Signature algorithm
      * @param hMACOutputLength
@@ -109,22 +109,22 @@
         super(doc);
 
         c14nMethod =
-            XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_CANONICALIZATIONMETHOD);
+            XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_CANONICALIZATIONMETHOD);
 
         c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, canonicalizationMethodURI);
-        this.constructionElement.appendChild(c14nMethod);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(c14nMethod);
+        addReturnToSelf();
 
         if (hMACOutputLength > 0) {
             this.signatureAlgorithm =
-                new SignatureAlgorithm(this.doc, signatureMethodURI, hMACOutputLength);
+                new SignatureAlgorithm(getDocument(), signatureMethodURI, hMACOutputLength);
         } else {
-            this.signatureAlgorithm = new SignatureAlgorithm(this.doc, signatureMethodURI);
+            this.signatureAlgorithm = new SignatureAlgorithm(getDocument(), signatureMethodURI);
         }
 
         signatureMethod = this.signatureAlgorithm.getElement();
-        this.constructionElement.appendChild(signatureMethod);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(signatureMethod);
+        addReturnToSelf();
     }
 
     /**
@@ -139,22 +139,22 @@
         super(doc);
         // Check this?
         this.c14nMethod = canonicalizationMethodElem;
-        this.constructionElement.appendChild(c14nMethod);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(c14nMethod);
+        addReturnToSelf();
 
         this.signatureAlgorithm =
             new SignatureAlgorithm(signatureMethodElem, null);
 
         signatureMethod = this.signatureAlgorithm.getElement();
-        this.constructionElement.appendChild(signatureMethod);
+        appendSelf(signatureMethod);
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
     }
 
     /**
      * Build a {@link SignedInfo} from an {@link Element}
      *
-     * @param element <code>SignedInfo</code>
+     * @param element {@code SignedInfo}
      * @param baseURI the URI of the resource where the XML instance was stored
      * @throws XMLSecurityException
      * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">
@@ -163,13 +163,13 @@
      * Answer</A>
      */
     public SignedInfo(Element element, String baseURI) throws XMLSecurityException {
-        this(element, baseURI, false);
+        this(element, baseURI, true);
     }
 
     /**
      * Build a {@link SignedInfo} from an {@link Element}
      *
-     * @param element <code>SignedInfo</code>
+     * @param element {@code SignedInfo}
      * @param baseURI the URI of the resource where the XML instance was stored
      * @param secureValidation whether secure validation is enabled or not
      * @throws XMLSecurityException
@@ -182,7 +182,7 @@
         Element element, String baseURI, boolean secureValidation
     ) throws XMLSecurityException {
         // Parse the Reference children and Id attribute in the Manifest
-        super(reparseSignedInfoElem(element), baseURI, secureValidation);
+        super(reparseSignedInfoElem(element, secureValidation), baseURI, secureValidation);
 
         c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
         signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling());
@@ -190,7 +190,7 @@
             new SignatureAlgorithm(signatureMethod, this.getBaseURI(), secureValidation);
     }
 
-    private static Element reparseSignedInfoElem(Element element)
+    private static Element reparseSignedInfoElem(Element element, boolean secureValidation)
         throws XMLSecurityException {
         /*
          * If a custom canonicalizationMethod is used, canonicalize
@@ -212,27 +212,24 @@
             try {
                 Canonicalizer c14nizer =
                     Canonicalizer.getInstance(c14nMethodURI);
+                c14nizer.setSecureValidation(secureValidation);
 
                 byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);
-                javax.xml.parsers.DocumentBuilderFactory dbf =
-                    javax.xml.parsers.DocumentBuilderFactory.newInstance();
-                dbf.setNamespaceAware(true);
-                dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-                javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
-                Document newdoc =
-                    db.parse(new ByteArrayInputStream(c14nizedBytes));
-                Node imported =
-                    element.getOwnerDocument().importNode(newdoc.getDocumentElement(), true);
-
-                element.getParentNode().replaceChild(imported, element);
-
-                return (Element) imported;
+                javax.xml.parsers.DocumentBuilder db =
+                    XMLUtils.createDocumentBuilder(false, secureValidation);
+                try (InputStream is = new ByteArrayInputStream(c14nizedBytes)) {
+                    Document newdoc = db.parse(is);
+                    Node imported = element.getOwnerDocument().importNode(
+                            newdoc.getDocumentElement(), true);
+                    element.getParentNode().replaceChild(imported, element);
+                    return (Element) imported;
+                }
             } catch (ParserConfigurationException ex) {
-                throw new XMLSecurityException("empty", ex);
+                throw new XMLSecurityException(ex);
             } catch (IOException ex) {
-                throw new XMLSecurityException("empty", ex);
+                throw new XMLSecurityException(ex);
             } catch (SAXException ex) {
-                throw new XMLSecurityException("empty", ex);
+                throw new XMLSecurityException(ex);
             }
         }
         return element;
@@ -253,7 +250,7 @@
     /**
      * Tests core validation process
      *
-     * @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too
+     * @param followManifests defines whether the verification process has to verify referenced {@code ds:Manifest}s, too
      * @return true if verification was successful
      * @throws MissingResourceFailureException
      * @throws XMLSecurityException
@@ -266,7 +263,7 @@
     /**
      * Returns getCanonicalizedOctetStream
      *
-     * @return the canonicalization result octet stream of <code>SignedInfo</code> element
+     * @return the canonicalization result octet stream of {@code SignedInfo} element
      * @throws CanonicalizationException
      * @throws InvalidCanonicalizerException
      * @throws XMLSecurityException
@@ -276,9 +273,14 @@
         if (this.c14nizedBytes == null) {
             Canonicalizer c14nizer =
                 Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
+            c14nizer.setSecureValidation(isSecureValidation());
 
-            this.c14nizedBytes =
-                c14nizer.canonicalizeSubtree(this.constructionElement);
+            String inclusiveNamespaces = this.getInclusiveNamespaces();
+            if (inclusiveNamespaces == null) {
+                this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement());
+            } else {
+                this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);
+            }
         }
 
         // make defensive copy
@@ -297,13 +299,14 @@
         if (this.c14nizedBytes == null) {
             Canonicalizer c14nizer =
                 Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
+            c14nizer.setSecureValidation(isSecureValidation());
             c14nizer.setWriter(os);
             String inclusiveNamespaces = this.getInclusiveNamespaces();
 
             if (inclusiveNamespaces == null) {
-                c14nizer.canonicalizeSubtree(this.constructionElement);
+                c14nizer.canonicalizeSubtree(getElement());
             } else {
-                c14nizer.canonicalizeSubtree(this.constructionElement, inclusiveNamespaces);
+                c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);
             }
         } else {
             try {
@@ -358,13 +361,13 @@
         return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString());
     }
 
-    protected SignatureAlgorithm getSignatureAlgorithm() {
+    public SignatureAlgorithm getSignatureAlgorithm() {
         return signatureAlgorithm;
     }
 
     /**
      * Method getBaseLocalName
-     * @inheritDoc
+     * {@inheritDoc}
      *
      */
     public String getBaseLocalName() {
@@ -372,7 +375,7 @@
     }
 
     public String getInclusiveNamespaces() {
-        String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        String c14nMethodURI = getCanonicalizationMethodURI();
         if (!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") ||
             c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) {
             return null;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
@@ -27,6 +27,7 @@
 import java.security.Key;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 
 import javax.crypto.SecretKey;
 
@@ -34,12 +35,10 @@
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
 import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.I18n;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
@@ -52,11 +51,10 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 import org.w3c.dom.Text;
 
 /**
- * Handles <code>&lt;ds:Signature&gt;</code> elements.
+ * Handles {@code &lt;ds:Signature&gt;} elements.
  * This is the main class that deals with creating and verifying signatures.
  *
  * <p>There are 2 types of constructors for this class. The ones that take a
@@ -105,6 +103,10 @@
     public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 =
         Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160";
 
+    /** Signature - Optional RSAwithSHA224 */
+    public static final String ALGO_ID_SIGNATURE_RSA_SHA224 =
+        Constants.MoreAlgorithmsSpecNS + "rsa-sha224";
+
     /** Signature - Optional RSAwithSHA256 */
     public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =
         Constants.MoreAlgorithmsSpecNS + "rsa-sha256";
@@ -117,6 +119,26 @@
     public static final String ALGO_ID_SIGNATURE_RSA_SHA512 =
         Constants.MoreAlgorithmsSpecNS + "rsa-sha512";
 
+    /** Signature - Optional RSAwithSHA1andMGF1 */
+    public static final String ALGO_ID_SIGNATURE_RSA_SHA1_MGF1 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha1-rsa-MGF1";
+
+    /** Signature - Optional RSAwithSHA224andMGF1 */
+    public static final String ALGO_ID_SIGNATURE_RSA_SHA224_MGF1 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha224-rsa-MGF1";
+
+    /** Signature - Optional RSAwithSHA256andMGF1 */
+    public static final String ALGO_ID_SIGNATURE_RSA_SHA256_MGF1 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha256-rsa-MGF1";
+
+    /** Signature - Optional RSAwithSHA384andMGF1 */
+    public static final String ALGO_ID_SIGNATURE_RSA_SHA384_MGF1 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha384-rsa-MGF1";
+
+    /** Signature - Optional RSAwithSHA512andMGF1 */
+    public static final String ALGO_ID_SIGNATURE_RSA_SHA512_MGF1 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha512-rsa-MGF1";
+
     /** HMAC - NOT Recommended HMAC-MD5 */
     public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
         Constants.MoreAlgorithmsSpecNS + "hmac-md5";
@@ -125,6 +147,10 @@
     public static final String ALGO_ID_MAC_HMAC_RIPEMD160 =
         Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160";
 
+    /** HMAC - Optional HMAC-SHA2224 */
+    public static final String ALGO_ID_MAC_HMAC_SHA224 =
+        Constants.MoreAlgorithmsSpecNS + "hmac-sha224";
+
     /** HMAC - Optional HMAC-SHA256 */
     public static final String ALGO_ID_MAC_HMAC_SHA256 =
         Constants.MoreAlgorithmsSpecNS + "hmac-sha256";
@@ -141,6 +167,10 @@
     public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 =
         "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
 
+    /**Signature - Optional ECDSAwithSHA224 */
+    public static final String ALGO_ID_SIGNATURE_ECDSA_SHA224 =
+        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";
+
     /**Signature - Optional ECDSAwithSHA256 */
     public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 =
         "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
@@ -153,9 +183,12 @@
     public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 =
         "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLSignature.class.getName());
+    /**Signature - Optional ECDSAwithRIPEMD160 */
+    public static final String ALGO_ID_SIGNATURE_ECDSA_RIPEMD160 =
+        "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160";
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XMLSignature.class);
 
     /** ds:Signature.ds:SignedInfo element */
     private SignedInfo signedInfo;
@@ -177,9 +210,9 @@
     private int state = MODE_SIGN;
 
     /**
-     * This creates a new <CODE>ds:Signature</CODE> Element and adds an empty
-     * <CODE>ds:SignedInfo</CODE>.
-     * The <code>ds:SignedInfo</code> is initialized with the specified Signature
+     * This creates a new {@code ds:Signature} Element and adds an empty
+     * {@code ds:SignedInfo}.
+     * The {@code ds:SignedInfo} is initialized with the specified Signature
      * algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED
      * by the spec. This method's main use is for creating a new signature.
      *
@@ -250,31 +283,31 @@
 
         String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
         if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
-            this.constructionElement.setAttributeNS(
+            getElement().setAttributeNS(
                 Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
             );
         } else {
-            this.constructionElement.setAttributeNS(
+            getElement().setAttributeNS(
                 Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
             );
         }
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
 
         this.baseURI = baseURI;
         this.signedInfo =
             new SignedInfo(
-                this.doc, signatureMethodURI, hmacOutputLength, canonicalizationMethodURI
+                getDocument(), signatureMethodURI, hmacOutputLength, canonicalizationMethodURI
             );
 
-        this.constructionElement.appendChild(this.signedInfo.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(this.signedInfo);
+        addReturnToSelf();
 
         // create an empty SignatureValue; this is filled by setSignatureValueElement
         signatureValueElement =
-            XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
+            XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_SIGNATUREVALUE);
 
-        this.constructionElement.appendChild(signatureValueElement);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(signatureValueElement);
+        addReturnToSelf();
     }
 
     /**
@@ -295,29 +328,29 @@
 
         String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
         if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
-            this.constructionElement.setAttributeNS(
+            getElement().setAttributeNS(
                 Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
             );
         } else {
-            this.constructionElement.setAttributeNS(
+            getElement().setAttributeNS(
                 Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
             );
         }
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
 
         this.baseURI = baseURI;
         this.signedInfo =
-            new SignedInfo(this.doc, SignatureMethodElem, CanonicalizationMethodElem);
+            new SignedInfo(getDocument(), SignatureMethodElem, CanonicalizationMethodElem);
 
-        this.constructionElement.appendChild(this.signedInfo.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(this.signedInfo);
+        addReturnToSelf();
 
         // create an empty SignatureValue; this is filled by setSignatureValueElement
         signatureValueElement =
-            XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
+            XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_SIGNATUREVALUE);
 
-        this.constructionElement.appendChild(signatureValueElement);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(signatureValueElement);
+        addReturnToSelf();
     }
 
     /**
@@ -331,7 +364,7 @@
      */
     public XMLSignature(Element element, String baseURI)
         throws XMLSignatureException, XMLSecurityException {
-        this(element, baseURI, false);
+        this(element, baseURI, true);
     }
 
     /**
@@ -382,8 +415,8 @@
 
         // If it exists use it, but it's not mandatory
         if (keyInfoElem != null
-            && keyInfoElem.getNamespaceURI().equals(Constants.SignatureSpecNS)
-            && keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) {
+            && Constants.SignatureSpecNS.equals(keyInfoElem.getNamespaceURI())
+            && Constants._TAG_KEYINFO.equals(keyInfoElem.getLocalName())) {
             this.keyInfo = new KeyInfo(keyInfoElem, baseURI);
             this.keyInfo.setSecureValidation(secureValidation);
         }
@@ -397,20 +430,19 @@
                 objectElem.setIdAttributeNode(objectAttr, true);
             }
 
-            NodeList nodes = objectElem.getChildNodes();
-            int length = nodes.getLength();
+            Node firstChild = objectElem.getFirstChild();
             // Register Ids of the Object child elements
-            for (int i = 0; i < length; i++) {
-                Node child = nodes.item(i);
-                if (child.getNodeType() == Node.ELEMENT_NODE) {
-                    Element childElem = (Element)child;
+            while (firstChild != null) {
+                if (firstChild.getNodeType() == Node.ELEMENT_NODE) {
+                    Element childElem = (Element)firstChild;
                     String tag = childElem.getLocalName();
-                    if (tag.equals("Manifest")) {
+                    if ("Manifest".equals(tag)) {
                         new Manifest(childElem, baseURI);
-                    } else if (tag.equals("SignatureProperties")) {
+                    } else if ("SignatureProperties".equals(tag)) {
                         new SignatureProperties(childElem, baseURI);
                     }
                 }
+                firstChild = firstChild.getNextSibling();
             }
 
             objectElem = XMLUtils.getNextElement(objectElem.getNextSibling());
@@ -420,30 +452,29 @@
     }
 
     /**
-     * Sets the <code>Id</code> attribute
+     * Sets the {@code Id} attribute
      *
      * @param id Id value for the id attribute on the Signature Element
      */
     public void setId(String id) {
         if (id != null) {
-            this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
-            this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
+            setLocalIdAttribute(Constants._ATT_ID, id);
         }
     }
 
     /**
-     * Returns the <code>Id</code> attribute
+     * Returns the {@code Id} attribute
      *
-     * @return the <code>Id</code> attribute
+     * @return the {@code Id} attribute
      */
     public String getId() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
+        return getLocalAttribute(Constants._ATT_ID);
     }
 
     /**
-     * Returns the completely parsed <code>SignedInfo</code> object.
+     * Returns the completely parsed {@code SignedInfo} object.
      *
-     * @return the completely parsed <code>SignedInfo</code> object.
+     * @return the completely parsed {@code SignedInfo} object.
      */
     public SignedInfo getSignedInfo() {
         return this.signedInfo;
@@ -457,11 +488,8 @@
      * @throws XMLSignatureException If there is no content
      */
     public byte[] getSignatureValue() throws XMLSignatureException {
-        try {
-            return Base64.decode(signatureValueElement);
-        } catch (Base64DecodingException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
+        String content = XMLUtils.getFullTextChildrenFromElement(signatureValueElement);
+        return Base64.getMimeDecoder().decode(content);
     }
 
     /**
@@ -476,13 +504,13 @@
             signatureValueElement.removeChild(signatureValueElement.getFirstChild());
         }
 
-        String base64codedValue = Base64.encode(bytes);
+        String base64codedValue = Base64.getMimeEncoder().encodeToString(bytes);
 
         if (base64codedValue.length() > 76 && !XMLUtils.ignoreLineBreaks()) {
             base64codedValue = "\n" + base64codedValue + "\n";
         }
 
-        Text t = this.doc.createTextNode(base64codedValue);
+        Text t = createText(base64codedValue);
         signatureValueElement.appendChild(t);
     }
 
@@ -499,23 +527,23 @@
         if (this.state == MODE_SIGN && this.keyInfo == null) {
 
             // create the KeyInfo
-            this.keyInfo = new KeyInfo(this.doc);
+            this.keyInfo = new KeyInfo(getDocument());
 
             // get the Element from KeyInfo
             Element keyInfoElement = this.keyInfo.getElement();
             Element firstObject =
                 XMLUtils.selectDsNode(
-                    this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, 0
+                    getElement().getFirstChild(), Constants._TAG_OBJECT, 0
                 );
 
             if (firstObject != null) {
                 // add it before the object
-                this.constructionElement.insertBefore(keyInfoElement, firstObject);
-                XMLUtils.addReturnBeforeChild(this.constructionElement, firstObject);
+                getElement().insertBefore(keyInfoElement, firstObject);
+                XMLUtils.addReturnBeforeChild(getElement(), firstObject);
             } else {
                 // add it as the last element to the signature
-                this.constructionElement.appendChild(keyInfoElement);
-                XMLUtils.addReturnToElement(this.constructionElement);
+                appendSelf(keyInfoElement);
+                addReturnToSelf();
             }
         }
 
@@ -523,7 +551,7 @@
     }
 
     /**
-     * Appends an Object (not a <code>java.lang.Object</code> but an Object
+     * Appends an Object (not a {@code java.lang.Object} but an Object
      * element) to the Signature. Please note that this is only possible
      * when signing.
      *
@@ -537,25 +565,25 @@
         //  "signature.operationOnlyBeforeSign");
         //}
 
-        this.constructionElement.appendChild(object.getElement());
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(object);
+        addReturnToSelf();
         //} catch (XMLSecurityException ex) {
-        // throw new XMLSignatureException("empty", ex);
+        // throw new XMLSignatureException(ex);
         //}
     }
 
     /**
-     * Returns the <code>i<code>th <code>ds:Object</code> child of the signature
-     * or null if no such <code>ds:Object</code> element exists.
+     * Returns the {@code i}th {@code ds:Object} child of the signature
+     * or null if no such {@code ds:Object} element exists.
      *
      * @param i
-     * @return the <code>i<code>th <code>ds:Object</code> child of the signature
-     * or null if no such <code>ds:Object</code> element exists.
+     * @return the {@code i}th {@code ds:Object} child of the signature
+     * or null if no such {@code ds:Object} element exists.
      */
     public ObjectContainer getObjectItem(int i) {
         Element objElem =
             XMLUtils.selectDsNode(
-                this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, i
+                getFirstChild(), Constants._TAG_OBJECT, i
             );
 
         try {
@@ -566,9 +594,9 @@
     }
 
     /**
-     * Returns the number of all <code>ds:Object</code> elements.
+     * Returns the number of all {@code ds:Object} elements.
      *
-     * @return the number of all <code>ds:Object</code> elements.
+     * @return the number of all {@code ds:Object} elements.
      */
     public int getObjectLength() {
         return this.length(Constants.SignatureSpecNS, Constants._TAG_OBJECT);
@@ -590,44 +618,33 @@
             );
         }
 
-        try {
-            //Create a SignatureAlgorithm object
-            SignedInfo si = this.getSignedInfo();
-            SignatureAlgorithm sa = si.getSignatureAlgorithm();
-            OutputStream so = null;
-            try {
-                // initialize SignatureAlgorithm for signing
-                sa.initSign(signingKey);
+        //Create a SignatureAlgorithm object
+        SignedInfo si = this.getSignedInfo();
+        SignatureAlgorithm sa = si.getSignatureAlgorithm();
+        try (SignerOutputStream output = new SignerOutputStream(sa);
+            OutputStream so = new UnsyncBufferedOutputStream(output)) {
 
-                // generate digest values for all References in this SignedInfo
-                si.generateDigestValues();
-                so = new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
-                // get the canonicalized bytes from SignedInfo
-                si.signInOctetStream(so);
-            } catch (XMLSecurityException ex) {
-                throw ex;
-            } finally {
-                if (so != null) {
-                    try {
-                        so.close();
-                    } catch (IOException ex) {
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-                        }
-                    }
-                }
-            }
+            // generate digest values for all References in this SignedInfo
+            si.generateDigestValues();
+
+            // initialize SignatureAlgorithm for signing
+            sa.initSign(signingKey);
+
+            // get the canonicalized bytes from SignedInfo
+            si.signInOctetStream(so);
 
             // set them on the SignatureValue element
             this.setSignatureValueElement(sa.sign());
         } catch (XMLSignatureException ex) {
             throw ex;
         } catch (CanonicalizationException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (InvalidCanonicalizerException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (XMLSecurityException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
+        } catch (IOException ex) {
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -699,28 +716,23 @@
             //create a SignatureAlgorithms from the SignatureMethod inside
             //SignedInfo. This is used to validate the signature.
             SignatureAlgorithm sa = si.getSignatureAlgorithm();
+            LOG.debug("signatureMethodURI = {}", sa.getAlgorithmURI());
+            LOG.debug("jceSigAlgorithm = {}", sa.getJCEAlgorithmString());
+            LOG.debug("jceSigProvider = {}", sa.getJCEProviderName());
+            LOG.debug("PublicKey = {}", pk);
+
             byte sigBytes[] = null;
-            try {
+            try (SignerOutputStream so = new SignerOutputStream(sa);
+                OutputStream bos = new UnsyncBufferedOutputStream(so)) {
+
                 sa.initVerify(pk);
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "signatureMethodURI = " + sa.getAlgorithmURI());
-                    log.log(java.util.logging.Level.FINE, "jceSigAlgorithm    = " + sa.getJCEAlgorithmString());
-                    log.log(java.util.logging.Level.FINE, "jceSigProvider     = " + sa.getJCEProviderName());
-                    log.log(java.util.logging.Level.FINE, "PublicKey = " + pk);
-                }
 
                 // Get the canonicalized (normalized) SignedInfo
-                SignerOutputStream so = new SignerOutputStream(sa);
-                OutputStream bos = new UnsyncBufferedOutputStream(so);
-
                 si.signInOctetStream(bos);
-                bos.close();
                 // retrieve the byte[] from the stored signature
                 sigBytes = this.getSignatureValue();
             } catch (IOException ex) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-                }
+                LOG.debug(ex.getMessage(), ex);
                 // Impossible...
             } catch (XMLSecurityException ex) {
                 throw ex;
@@ -729,7 +741,7 @@
             // have SignatureAlgorithm sign the input bytes and compare them to
             // the bytes that were stored in the signature.
             if (!sa.verify(sigBytes)) {
-                log.log(java.util.logging.Level.WARNING, "Signature verification failed.");
+                LOG.warn("Signature verification failed.");
                 return false;
             }
 
@@ -737,7 +749,7 @@
         } catch (XMLSignatureException ex) {
             throw ex;
         } catch (XMLSecurityException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -820,7 +832,7 @@
      * @throws XMLSecurityException
      */
     public void addKeyInfo(X509Certificate cert) throws XMLSecurityException {
-        X509Data x509data = new X509Data(this.doc);
+        X509Data x509data = new X509Data(getDocument());
 
         x509data.addCertificate(cert);
         this.getKeyInfo().add(x509data);
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureException.java
@@ -28,7 +28,6 @@
  * All XML Signature related exceptions inherit herefrom.
  *
  * @see MissingResourceFailureException InvalidDigestValueException InvalidSignatureValueException
- * @author Christian Geuer-Pollmann
  */
 public class XMLSignatureException extends XMLSecurityException {
 
@@ -45,6 +44,10 @@
         super();
     }
 
+    public XMLSignatureException(Exception ex) {
+        super(ex);
+    }
+
     /**
      * Constructor XMLSignatureException
      *
@@ -67,21 +70,31 @@
     /**
      * Constructor XMLSignatureException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public XMLSignatureException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public XMLSignatureException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor XMLSignatureException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public XMLSignatureException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public XMLSignatureException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public XMLSignatureException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java
@@ -27,20 +27,19 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
 
-import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
-import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase;
+import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments;
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315OmitComments;
-import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments;
+import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityRuntimeException;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
@@ -51,7 +50,6 @@
 /**
  * Class XMLSignatureInput
  *
- * @author Christian Geuer-Pollmann
  * $todo$ check whether an XMLSignatureInput can be _both_, octet stream _and_ node set?
  */
 public class XMLSignatureInput {
@@ -68,19 +66,19 @@
      * Some InputStreams do not support the {@link java.io.InputStream#reset}
      * method, so we read it in completely and work on our Proxy.
      */
-    private InputStream inputOctetStreamProxy = null;
+    private InputStream inputOctetStreamProxy;
     /**
      * The original NodeSet for this XMLSignatureInput
      */
-    private Set<Node> inputNodeSet = null;
+    private Set<Node> inputNodeSet;
     /**
      * The original Element
      */
-    private Node subNode = null;
+    private Node subNode;
     /**
      * Exclude Node *for enveloped transformations*
      */
-    private Node excludeNode = null;
+    private Node excludeNode;
     /**
      *
      */
@@ -90,7 +88,8 @@
     /**
      * A cached bytes
      */
-    private byte[] bytes = null;
+    private byte[] bytes;
+    private boolean secureValidation;
 
     /**
      * Some Transforms may require explicit MIME type, charset (IANA registered
@@ -101,22 +100,25 @@
      * Transform algorithm and should be described in the specification for the
      * algorithm.
      */
-    private String mimeType = null;
+    private String mimeType;
 
     /**
      * Field sourceURI
      */
-    private String sourceURI = null;
+    private String sourceURI;
 
     /**
      * Node Filter list.
      */
-    private List<NodeFilter> nodeFilters = new ArrayList<NodeFilter>();
+    private List<NodeFilter> nodeFilters = new ArrayList<>();
 
     private boolean needsToBeExpanded = false;
-    private OutputStream outputStream = null;
+    private OutputStream outputStream;
 
-    private DocumentBuilderFactory dfactory;
+    /**
+     * Pre-calculated digest value of the object in base64.
+     */
+    private String preCalculatedDigest;
 
     /**
      * Construct a XMLSignatureInput from an octet array.
@@ -132,7 +134,7 @@
     }
 
     /**
-     * Constructs a <code>XMLSignatureInput</code> from an octet stream. The
+     * Constructs a {@code XMLSignatureInput} from an octet stream. The
      * stream is directly read.
      *
      * @param inputOctetStream
@@ -161,6 +163,15 @@
     }
 
     /**
+     * Construct a {@code XMLSignatureInput} from a known digest value in Base64.
+     * This makes it possible to compare the element digest with the provided digest value.
+     * @param preCalculatedDigest digest value in base64.
+     */
+    public XMLSignatureInput(String preCalculatedDigest) {
+        this.preCalculatedDigest = preCalculatedDigest;
+    }
+
+    /**
      * Check if the structure needs to be expanded.
      * @return true if so.
      */
@@ -286,8 +297,7 @@
      * @return true if the object has been set up with a Node set
      */
     public boolean isNodeSet() {
-        return ((inputOctetStreamProxy == null
-            && inputNodeSet != null) || isNodeSet);
+        return inputOctetStreamProxy == null && inputNodeSet != null || isNodeSet;
     }
 
     /**
@@ -296,8 +306,8 @@
      * @return true if the object has been set up with an Element
      */
     public boolean isElement() {
-        return (inputOctetStreamProxy == null && subNode != null
-            && inputNodeSet == null && !isNodeSet);
+        return inputOctetStreamProxy == null && subNode != null
+            && inputNodeSet == null && !isNodeSet;
     }
 
     /**
@@ -306,8 +316,8 @@
      * @return true if the object has been set up with an octet stream
      */
     public boolean isOctetStream() {
-        return ((inputOctetStreamProxy != null || bytes != null)
-          && (inputNodeSet == null && subNode == null));
+        return (inputOctetStreamProxy != null || bytes != null)
+          && inputNodeSet == null && subNode == null;
     }
 
     /**
@@ -327,7 +337,15 @@
      * @return true is the object has been set up with an octet stream
      */
     public boolean isByteArray() {
-        return (bytes != null && (this.inputNodeSet == null && subNode == null));
+        return bytes != null && this.inputNodeSet == null && subNode == null;
+    }
+
+    /**
+     * Determines if the object has been set up with a pre-calculated digest.
+     * @return
+     */
+    public boolean isPreCalculatedDigest() {
+        return preCalculatedDigest != null;
     }
 
     /**
@@ -377,7 +395,7 @@
 
     /**
      * Method toString
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public String toString() {
         if (isNodeSet()) {
@@ -556,13 +574,7 @@
 
     void convertToNodes() throws CanonicalizationException,
         ParserConfigurationException, IOException, SAXException {
-        if (dfactory == null) {
-            dfactory = DocumentBuilderFactory.newInstance();
-            dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-            dfactory.setValidating(false);
-            dfactory.setNamespaceAware(true);
-        }
-        DocumentBuilder db = dfactory.newDocumentBuilder();
+        DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
         // select all nodes, also the comments.
         try {
             db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler());
@@ -570,16 +582,20 @@
             Document doc = db.parse(this.getOctetStream());
             this.subNode = doc;
         } catch (SAXException ex) {
+            byte[] result = null;
             // if a not-wellformed nodeset exists, put a container around it...
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
 
-            baos.write("<container>".getBytes("UTF-8"));
-            baos.write(this.getBytes());
-            baos.write("</container>".getBytes("UTF-8"));
+                baos.write("<container>".getBytes(StandardCharsets.UTF_8));
+                baos.write(this.getBytes());
+                baos.write("</container>".getBytes(StandardCharsets.UTF_8));
 
-            byte result[] = baos.toByteArray();
-            Document document = db.parse(new ByteArrayInputStream(result));
-            this.subNode = document.getDocumentElement().getFirstChild().getFirstChild();
+                result = baos.toByteArray();
+            }
+            try (InputStream is = new ByteArrayInputStream(result)) {
+                Document document = db.parse(is);
+                this.subNode = document.getDocumentElement().getFirstChild().getFirstChild();
+            }
         } finally {
             if (this.inputOctetStreamProxy != null) {
                 this.inputOctetStreamProxy.close();
@@ -589,4 +605,15 @@
         }
     }
 
+    public boolean isSecureValidation() {
+        return secureValidation;
+    }
+
+    public void setSecureValidation(boolean secureValidation) {
+        this.secureValidation = secureValidation;
+    }
+
+    public String getPreCalculatedDigest() {
+        return preCalculatedDigest;
+    }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInputDebugger.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInputDebugger.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInputDebugger.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInputDebugger.java
@@ -48,11 +48,8 @@
 
     private Set<String> inclusiveNamespaces;
 
-    /** Field doc */
-    private Document doc = null;
-
     /** Field writer */
-    private Writer writer = null;
+    private Writer writer;
 
     /** The HTML Prefix* */
     static final String HTMLPrefix =
@@ -148,27 +145,26 @@
      * @throws XMLSignatureException
      */
     public String getHTMLRepresentation() throws XMLSignatureException {
-        if ((this.xpathNodeSet == null) || (this.xpathNodeSet.size() == 0)) {
+        if (this.xpathNodeSet == null || this.xpathNodeSet.isEmpty()) {
             return HTMLPrefix + "<blink>no node set, sorry</blink>" + HTMLSuffix;
         }
 
         // get only a single node as anchor to fetch the owner document
         Node n = this.xpathNodeSet.iterator().next();
 
-        this.doc = XMLUtils.getOwnerDocument(n);
+        Document doc = XMLUtils.getOwnerDocument(n);
 
         try {
             this.writer = new StringWriter();
 
-            this.canonicalizeXPathNodeSet(this.doc);
+            this.canonicalizeXPathNodeSet(doc);
             this.writer.close();
 
             return this.writer.toString();
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } finally {
             this.xpathNodeSet = null;
-            this.doc = null;
             this.writer = null;
         }
     }
@@ -191,7 +187,7 @@
         case Node.NOTATION_NODE:
         case Node.DOCUMENT_FRAGMENT_NODE:
         case Node.ATTRIBUTE_NODE:
-            throw new XMLSignatureException("empty");
+            throw new XMLSignatureException("empty", new Object[]{"An incorrect node was provided for c14n: " + currentNodeType});
         case Node.DOCUMENT_NODE:
             this.writer.write(HTMLPrefix);
 
@@ -258,9 +254,9 @@
             outputTextToWriter(currentNode.getNodeValue());
 
             for (Node nextSibling = currentNode.getNextSibling();
-                (nextSibling != null)
-                && ((nextSibling.getNodeType() == Node.TEXT_NODE)
-                    || (nextSibling.getNodeType() == Node.CDATA_SECTION_NODE));
+                nextSibling != null
+                && (nextSibling.getNodeType() == Node.TEXT_NODE
+                    || nextSibling.getNodeType() == Node.CDATA_SECTION_NODE);
                 nextSibling = nextSibling.getNextSibling()) {
                 /*
                  * The XPath data model allows to select only the first of a
@@ -412,13 +408,13 @@
      *
      * The string value of the node is modified by replacing
      * <UL>
-     * <LI>all ampersands (&) with <CODE>&amp;amp;</CODE></LI>
-     * <LI>all open angle brackets (<) with <CODE>&amp;lt;</CODE></LI>
-     * <LI>all quotation mark characters with <CODE>&amp;quot;</CODE></LI>
-     * <LI>and the whitespace characters <CODE>#x9</CODE>, #xA, and #xD,
+     * <LI>all ampersands (&) with {@code &amp;amp;}</LI>
+     * <LI>all open angle brackets (<) with {@code &amp;lt;}</LI>
+     * <LI>all quotation mark characters with {@code &amp;quot;}</LI>
+     * <LI>and the whitespace characters {@code #x9}, #xA, and #xD,
      * with character references. The character references are written in
-     * uppercase hexadecimal with no leading zeroes (for example, <CODE>#xD</CODE>
-     * is represented by the character reference <CODE>&amp;#xD;</CODE>)</LI>
+     * uppercase hexadecimal with no leading zeroes (for example, {@code #xD}
+     * is represented by the character reference {@code &amp;#xD;})</LI>
      * </UL>
      *
      * @param name
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-XML Signature specific classes.
-</P></BODY></HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceData.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceData.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceData.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceNodeSetData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceNodeSetData.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceNodeSetData.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceNodeSetData.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
@@ -33,20 +33,20 @@
 import org.w3c.dom.Node;
 
 /**
- * An abstract representation of a <code>ReferenceData</code> type containing a node-set.
+ * An abstract representation of a {@code ReferenceData} type containing a node-set.
  */
 public interface ReferenceNodeSetData extends ReferenceData {
 
     /**
      * Returns a read-only iterator over the nodes contained in this
-     * <code>NodeSetData</code> in
+     * {@code NodeSetData} in
      * <a href="http://www.w3.org/TR/1999/REC-xpath-19991116#dt-document-order">
      * document order</a>. Attempts to modify the returned iterator
-     * via the <code>remove</code> method throw
-     * <code>UnsupportedOperationException</code>.
+     * via the {@code remove} method throw
+     * {@code UnsupportedOperationException}.
      *
-     * @return an <code>Iterator</code> over the nodes in this
-     *    <code>NodeSetData</code> in document order
+     * @return an {@code Iterator} over the nodes in this
+     *    {@code NodeSetData} in document order
      */
     Iterator<Node> iterator();
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceOctetStreamData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceOctetStreamData.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceOctetStreamData.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceOctetStreamData.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
@@ -31,7 +31,7 @@
 import java.io.InputStream;
 
 /**
- * A representation of a <code>ReferenceData</code> type containing an OctetStream.
+ * A representation of a {@code ReferenceData} type containing an OctetStream.
  */
 public class ReferenceOctetStreamData implements ReferenceData {
     private InputStream octetStream;
@@ -39,11 +39,11 @@
     private String mimeType;
 
     /**
-     * Creates a new <code>ReferenceOctetStreamData</code>.
+     * Creates a new {@code ReferenceOctetStreamData}.
      *
      * @param octetStream the input stream containing the octets
-     * @throws NullPointerException if <code>octetStream</code> is
-     *    <code>null</code>
+     * @throws NullPointerException if {@code octetStream} is
+     *    {@code null}
      */
     public ReferenceOctetStreamData(InputStream octetStream) {
         if (octetStream == null) {
@@ -53,15 +53,15 @@
     }
 
     /**
-     * Creates a new <code>ReferenceOctetStreamData</code>.
+     * Creates a new {@code ReferenceOctetStreamData}.
      *
      * @param octetStream the input stream containing the octets
      * @param uri the URI String identifying the data object (may be
-     *    <code>null</code>)
+     *    {@code null})
      * @param mimeType the MIME type associated with the data object (may be
-     *    <code>null</code>)
-     * @throws NullPointerException if <code>octetStream</code> is
-     *    <code>null</code>
+     *    {@code null})
+     * @throws NullPointerException if {@code octetStream} is
+     *    {@code null}
      */
     public ReferenceOctetStreamData(InputStream octetStream, String uri,
         String mimeType) {
@@ -74,9 +74,9 @@
     }
 
     /**
-     * Returns the input stream of this <code>ReferenceOctetStreamData</code>.
+     * Returns the input stream of this {@code ReferenceOctetStreamData}.
      *
-     * @return the input stream of this <code>ReferenceOctetStreamData</code>.
+     * @return the input stream of this {@code ReferenceOctetStreamData}.
      */
     public InputStream getOctetStream() {
         return octetStream;
@@ -84,9 +84,9 @@
 
     /**
      * Returns the URI String identifying the data object represented by this
-     * <code>ReferenceOctetStreamData</code>.
+     * {@code ReferenceOctetStreamData}.
      *
-     * @return the URI String or <code>null</code> if not applicable
+     * @return the URI String or {@code null} if not applicable
      */
     public String getURI() {
         return uri;
@@ -94,9 +94,9 @@
 
     /**
      * Returns the MIME type associated with the data object represented by this
-     * <code>ReferenceOctetStreamData</code>.
+     * {@code ReferenceOctetStreamData}.
      *
-     * @return the MIME type or <code>null</code> if not applicable
+     * @return the MIME type or {@code null} if not applicable
      */
     public String getMimeType() {
         return mimeType;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceSubTreeData.java b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceSubTreeData.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceSubTreeData.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceSubTreeData.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
@@ -37,7 +37,7 @@
 import org.w3c.dom.Node;
 
 /**
- * A representation of a <code>ReferenceNodeSetData</code> type containing a node-set.
+ * A representation of a {@code ReferenceNodeSetData} type containing a node-set.
  * This is a subtype of NodeSetData that represents a dereferenced
  * same-document URI as the root of a subdocument. The main reason is
  * for efficiency and performance, as some transforms can operate
@@ -109,11 +109,11 @@
          * Dereferences a same-document URI fragment.
          *
          * @param node the node (document or element) referenced by the
-         *        URI fragment. If null, returns an empty set.
+         *     URI fragment. If null, returns an empty set.
          * @return a set of nodes (minus any comment nodes)
          */
         private List<Node> dereferenceSameDocumentURI(Node node) {
-            List<Node> nodeSet = new ArrayList<Node>();
+            List<Node> nodeSet = new ArrayList<>();
             if (node != null) {
                 nodeSetMinusCommentNodes(node, nodeSet, null);
             }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/ClassLoaderUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/ClassLoaderUtils.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/ClassLoaderUtils.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/ClassLoaderUtils.java
@@ -23,211 +23,19 @@
 
 package com.sun.org.apache.xml.internal.security.transforms;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-
-/**
- * This class is extremely useful for loading resources and classes in a fault
- * tolerant manner that works across different applications servers. Do not
- * touch this unless you're a grizzled classloading guru veteran who is going to
- * verify any change on 6 different application servers.
- */
 // NOTE! This is a duplicate of utils.ClassLoaderUtils with public
 // modifiers changed to package-private. Make sure to integrate any future
 // changes to utils.ClassLoaderUtils to this file.
 final class ClassLoaderUtils {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ClassLoaderUtils.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
 
     private ClassLoaderUtils() {
     }
 
     /**
-     * Load a given resource. <p/> This method will try to load the resource
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static URL getResource(String resourceName, Class<?> callingClass) {
-        URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url =
-                Thread.currentThread().getContextClassLoader().getResource(
-                    resourceName.substring(1)
-                );
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (url == null) {
-            url = cluClassloader.getResource(resourceName);
-        }
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url = cluClassloader.getResource(resourceName.substring(1));
-        }
-
-        if (url == null) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                url = cl.getResource(resourceName);
-            }
-        }
-
-        if (url == null) {
-            url = callingClass.getResource(resourceName);
-        }
-
-        if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResource('/' + resourceName, callingClass);
-        }
-
-        return url;
-    }
-
-    /**
-     * Load a given resources. <p/> This method will try to load the resources
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static List<URL> getResources(String resourceName, Class<?> callingClass) {
-        List<URL> ret = new ArrayList<URL>();
-        Enumeration<URL> urls = new Enumeration<URL>() {
-            public boolean hasMoreElements() {
-                return false;
-            }
-            public URL nextElement() {
-                return null;
-            }
-
-        };
-        try {
-            urls = Thread.currentThread().getContextClassLoader().getResources(resourceName);
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            //ignore
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls =
-                    Thread.currentThread().getContextClassLoader().getResources(
-                        resourceName.substring(1)
-                    );
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (!urls.hasMoreElements()) {
-            try {
-                urls = cluClassloader.getResources(resourceName);
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls = cluClassloader.getResources(resourceName.substring(1));
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                try {
-                    urls = cl.getResources(resourceName);
-                } catch (IOException e) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                    }
-                    // ignore
-                }
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            URL url = callingClass.getResource(resourceName);
-            if (url != null) {
-                ret.add(url);
-            }
-        }
-        while (urls.hasMoreElements()) {
-            ret.add(urls.nextElement());
-        }
-
-
-        if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResources('/' + resourceName, callingClass);
-        }
-        return ret;
-    }
-
-
-    /**
-     * This is a convenience method to load a resource as a stream. <p/> The
-     * algorithm used to find the resource is given in getResource()
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static InputStream getResourceAsStream(String resourceName, Class<?> callingClass) {
-        URL url = getResource(resourceName, callingClass);
-
-        try {
-            return (url != null) ? url.openStream() : null;
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            return null;
-        }
-    }
-
-    /**
-     * Load a class with a given name. <p/> It will try to load the class in the
+     * Load a class with a given name. <p></p> It will try to load the class in the
      * following order:
      * <ul>
      * <li>From Thread.currentThread().getContextClassLoader()
@@ -249,9 +57,7 @@
                 return cl.loadClass(className);
             }
         } catch (ClassNotFoundException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
             //ignore
         }
         return loadClass2(className, callingClass);
@@ -271,9 +77,7 @@
                     return callingClass.getClassLoader().loadClass(className);
                 }
             }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             throw ex;
         }
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/InvalidTransformException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/InvalidTransformException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/InvalidTransformException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/InvalidTransformException.java
@@ -26,7 +26,6 @@
 
 /**
  *
- * @author Christian Geuer-Pollmann
  */
 public class InvalidTransformException extends XMLSecurityException {
 
@@ -68,8 +67,13 @@
      * @param msgId
      * @param originalException
      */
-    public InvalidTransformException(String msgId, Exception originalException) {
-        super(msgId, originalException);
+    public InvalidTransformException(Exception originalException, String msgId) {
+        super(originalException, msgId);
+    }
+
+    @Deprecated
+    public InvalidTransformException(String msgID, Exception originalException) {
+        this(originalException, msgID);
     }
 
     /**
@@ -79,7 +83,12 @@
      * @param exArgs
      * @param originalException
      */
-    public InvalidTransformException(String msgId, Object exArgs[], Exception originalException) {
-        super(msgId, exArgs, originalException);
+    public InvalidTransformException(Exception originalException, String msgId, Object exArgs[]) {
+        super(originalException, msgId, exArgs);
+    }
+
+    @Deprecated
+    public InvalidTransformException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
@@ -55,36 +55,35 @@
 import org.xml.sax.SAXException;
 
 /**
- * Implements the behaviour of the <code>ds:Transform</code> element.
+ * Implements the behaviour of the {@code ds:Transform} element.
  *
- * This <code>Transform</code>(Factory) class acts as the Factory and Proxy of
+ * This {@code Transform}(Factory) class acts as the Factory and Proxy of
  * the implementing class that supports the functionality of <a
  * href=http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg>a Transform
  * algorithm</a>.
  * Implements the Factory and Proxy pattern for ds:Transform algorithms.
  *
- * @author Christian Geuer-Pollmann
  * @see Transforms
  * @see TransformSpi
  */
 public final class Transform extends SignatureElementProxy {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Transform.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(Transform.class);
 
     /** All available Transform classes are registered here */
     private static Map<String, Class<? extends TransformSpi>> transformSpiHash =
         new ConcurrentHashMap<String, Class<? extends TransformSpi>>();
 
     private final TransformSpi transformSpi;
+    private boolean secureValidation;
 
     /**
      * Generates a Transform object that implements the specified
-     * <code>Transform algorithm</code> URI.
+     * {@code Transform algorithm} URI.
      *
      * @param doc the proxy {@link Document}
-     * @param algorithmURI <code>Transform algorithm</code> URI representation,
+     * @param algorithmURI {@code Transform algorithm} URI representation,
      * such as specified in
      * <a href=http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg>Transform algorithm </a>
      * @throws InvalidTransformException
@@ -95,12 +94,12 @@
 
     /**
      * Generates a Transform object that implements the specified
-     * <code>Transform algorithm</code> URI.
+     * {@code Transform algorithm} URI.
      *
-     * @param algorithmURI <code>Transform algorithm</code> URI representation,
+     * @param algorithmURI {@code Transform algorithm} URI representation,
      * such as specified in
      * <a href=http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg>Transform algorithm </a>
-     * @param contextChild the child element of <code>Transform</code> element
+     * @param contextChild the child element of {@code Transform} element
      * @param doc the proxy {@link Document}
      * @throws InvalidTransformException
      */
@@ -123,10 +122,10 @@
     /**
      * Constructs {@link Transform}
      *
-     * @param doc the {@link Document} in which <code>Transform</code> will be
+     * @param doc the {@link Document} in which {@code Transform} will be
      * placed
-     * @param algorithmURI URI representation of <code>Transform algorithm</code>
-     * @param contextNodes the child node list of <code>Transform</code> element
+     * @param algorithmURI URI representation of {@code Transform algorithm}
+     * @param contextNodes the child node list of {@code Transform} element
      * @throws InvalidTransformException
      */
     public Transform(Document doc, String algorithmURI, NodeList contextNodes)
@@ -136,15 +135,15 @@
     }
 
     /**
-     * @param element <code>ds:Transform</code> element
-     * @param BaseURI the URI of the resource where the XML instance was stored
+     * @param element {@code ds:Transform} element
+     * @param baseURI the URI of the resource where the XML instance was stored
      * @throws InvalidTransformException
      * @throws TransformationException
      * @throws XMLSecurityException
      */
-    public Transform(Element element, String BaseURI)
+    public Transform(Element element, String baseURI)
         throws InvalidTransformException, TransformationException, XMLSecurityException {
-        super(element, BaseURI);
+        super(element, baseURI);
 
         // retrieve Algorithm Attribute from ds:Transform
         String algorithmURI = element.getAttributeNS(null, Constants._ATT_ALGORITHM);
@@ -164,12 +163,12 @@
         } catch (InstantiationException ex) {
             Object exArgs[] = { algorithmURI };
             throw new InvalidTransformException(
-                "signature.Transform.UnknownTransform", exArgs, ex
+                ex, "signature.Transform.UnknownTransform", exArgs
             );
         } catch (IllegalAccessException ex) {
             Object exArgs[] = { algorithmURI };
             throw new InvalidTransformException(
-                "signature.Transform.UnknownTransform", exArgs, ex
+                ex, "signature.Transform.UnknownTransform", exArgs
             );
         }
     }
@@ -177,8 +176,8 @@
     /**
      * Registers implementing class of the Transform algorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>
-     * @param implementingClass <code>implementingClass</code> the implementing
+     * @param algorithmURI algorithmURI URI representation of {@code Transform algorithm}
+     * @param implementingClass {@code implementingClass} the implementing
      * class of {@link TransformSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
      * is already registered
@@ -205,8 +204,8 @@
     /**
      * Registers implementing class of the Transform algorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>
-     * @param implementingClass <code>implementingClass</code> the implementing
+     * @param algorithmURI algorithmURI URI representation of {@code Transform algorithm}
+     * @param implementingClass {@code implementingClass} the implementing
      * class of {@link TransformSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
      * is already registered
@@ -270,7 +269,7 @@
      * @return the URI representation of Transformation algorithm
      */
     public String getURI() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return getLocalAttribute(Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -311,21 +310,22 @@
         XMLSignatureInput result = null;
 
         try {
+            transformSpi.secureValidation = secureValidation;
             result = transformSpi.enginePerformTransform(input, os, this);
         } catch (ParserConfigurationException ex) {
             Object exArgs[] = { this.getURI(), "ParserConfigurationException" };
             throw new CanonicalizationException(
-                "signature.Transform.ErrorDuringTransform", exArgs, ex);
+                ex, "signature.Transform.ErrorDuringTransform", exArgs);
         } catch (SAXException ex) {
             Object exArgs[] = { this.getURI(), "SAXException" };
             throw new CanonicalizationException(
-                "signature.Transform.ErrorDuringTransform", exArgs, ex);
+                ex, "signature.Transform.ErrorDuringTransform", exArgs);
         }
 
         return result;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_TRANSFORM;
     }
@@ -336,7 +336,7 @@
     private TransformSpi initializeTransform(String algorithmURI, NodeList contextNodes)
         throws InvalidTransformException {
 
-        this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
+        setLocalAttribute(Constants._ATT_ALGORITHM, algorithmURI);
 
         Class<? extends TransformSpi> transformSpiClass = transformSpiHash.get(algorithmURI);
         if (transformSpiClass == null) {
@@ -349,28 +349,34 @@
         } catch (InstantiationException ex) {
             Object exArgs[] = { algorithmURI };
             throw new InvalidTransformException(
-                "signature.Transform.UnknownTransform", exArgs, ex
+                ex, "signature.Transform.UnknownTransform", exArgs
             );
         } catch (IllegalAccessException ex) {
             Object exArgs[] = { algorithmURI };
             throw new InvalidTransformException(
-                "signature.Transform.UnknownTransform", exArgs, ex
+                ex, "signature.Transform.UnknownTransform", exArgs
             );
         }
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
-                      + newTransformSpi.getClass() + "\"");
-            log.log(java.util.logging.Level.FINE, "The NodeList is " + contextNodes);
-        }
+        LOG.debug("Create URI \"{}\" class \"{}\"", algorithmURI, newTransformSpi.getClass());
+        LOG.debug("The NodeList is {}", contextNodes);
 
         // give it to the current document
         if (contextNodes != null) {
-            for (int i = 0; i < contextNodes.getLength(); i++) {
-                this.constructionElement.appendChild(contextNodes.item(i).cloneNode(true));
+            int length = contextNodes.getLength();
+            for (int i = 0; i < length; i++) {
+                appendSelf(contextNodes.item(i).cloneNode(true));
             }
         }
         return newTransformSpi;
     }
 
+    public boolean isSecureValidation() {
+        return secureValidation;
+    }
+
+    public void setSecureValidation(boolean secureValidation) {
+        this.secureValidation = secureValidation;
+    }
+
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformSpi.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformSpi.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformSpi.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformSpi.java
@@ -36,10 +36,11 @@
  * have to be overridden are the
  * {@link #enginePerformTransform(XMLSignatureInput, Transform)} method.
  *
- * @author Christian Geuer-Pollmann
  */
 public abstract class TransformSpi {
 
+    protected boolean secureValidation;
+
     /**
      * The mega method which MUST be implemented by the Transformation Algorithm.
      *
@@ -104,9 +105,9 @@
     }
 
     /**
-     * Returns the URI representation of <code>Transformation algorithm</code>
+     * Returns the URI representation of {@code Transformation algorithm}
      *
-     * @return the URI representation of <code>Transformation algorithm</code>
+     * @return the URI representation of {@code Transformation algorithm}
      */
     protected abstract String engineGetURI();
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformationException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformationException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformationException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformationException.java
@@ -26,7 +26,6 @@
 
 /**
  *
- * @author Christian Geuer-Pollmann
  */
 public class TransformationException extends XMLSecurityException {
     /**
@@ -42,6 +41,10 @@
         super();
     }
 
+    public TransformationException(Exception ex) {
+        super(ex);
+    }
+
     /**
      * Constructor TransformationException
      *
@@ -64,21 +67,31 @@
     /**
      * Constructor TransformationException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public TransformationException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public TransformationException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor TransformationException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
-    public TransformationException(String msgID, Object exArgs[], Exception originalException) {
-        super(msgID, exArgs, originalException);
+    public TransformationException(Exception originalException, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public TransformationException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java
@@ -43,11 +43,10 @@
  * Holder of the {@link com.sun.org.apache.xml.internal.security.transforms.Transform} steps to
  * be performed on the data.
  * The input to the first Transform is the result of dereferencing the
- * <code>URI</code> attribute of the <code>Reference</code> element.
+ * {@code URI} attribute of the {@code Reference} element.
  * The output from the last Transform is the input for the
- * <code>DigestMethod algorithm</code>
+ * {@code DigestMethod algorithm}
  *
- * @author Christian Geuer-Pollmann
  * @see Transform
  * @see com.sun.org.apache.xml.internal.security.signature.Reference
  */
@@ -101,43 +100,42 @@
     public static final String TRANSFORM_XPATH2FILTER
         = "http://www.w3.org/2002/06/xmldsig-filter2";
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Transforms.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(Transforms.class);
 
     private Element[] transforms;
 
-    protected Transforms() { };
+    protected Transforms() { }
 
     private boolean secureValidation;
 
     /**
      * Constructs {@link Transforms}.
      *
-     * @param doc the {@link Document} in which <code>XMLSignature</code> will
+     * @param doc the {@link Document} in which {@code XMLSignature} will
      * be placed
      */
     public Transforms(Document doc) {
         super(doc);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
     }
 
     /**
      * Constructs {@link Transforms} from {@link Element} which is
-     * <code>Transforms</code> Element
+     * {@code Transforms} Element
      *
-     * @param element  is <code>Transforms</code> element
-     * @param BaseURI the URI where the XML instance was stored
+     * @param element  is {@code Transforms} element
+     * @param baseURI the URI where the XML instance was stored
      * @throws DOMException
      * @throws InvalidTransformException
      * @throws TransformationException
      * @throws XMLSecurityException
      * @throws XMLSignatureException
      */
-    public Transforms(Element element, String BaseURI)
+    public Transforms(Element element, String baseURI)
         throws DOMException, XMLSignatureException, InvalidTransformException,
             TransformationException, XMLSecurityException {
-        super(element, BaseURI);
+        super(element, baseURI);
 
         int numberOfTransformElems = this.getLength();
 
@@ -157,7 +155,7 @@
     }
 
     /**
-     * Adds the <code>Transform</code> with the specified <code>Transform
+     * Adds the {@code Transform} with the specified <code>Transform
      * algorithm URI</code>
      *
      * @param transformURI the URI form of transform that indicates which
@@ -166,20 +164,18 @@
      */
     public void addTransform(String transformURI) throws TransformationException {
         try {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
-            }
+            LOG.debug("Transforms.addTransform({})", transformURI);
 
-            Transform transform = new Transform(this.doc, transformURI);
+            Transform transform = new Transform(getDocument(), transformURI);
 
             this.addTransform(transform);
         } catch (InvalidTransformException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         }
     }
 
     /**
-     * Adds the <code>Transform</code> with the specified <code>Transform
+     * Adds the {@code Transform} with the specified <code>Transform
      * algorithm URI</code>
      *
      * @param transformURI the URI form of transform that indicates which
@@ -190,20 +186,18 @@
     public void addTransform(String transformURI, Element contextElement)
        throws TransformationException {
         try {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
-            }
+            LOG.debug("Transforms.addTransform({})", transformURI);
 
-            Transform transform = new Transform(this.doc, transformURI, contextElement);
+            Transform transform = new Transform(getDocument(), transformURI, contextElement);
 
             this.addTransform(transform);
         } catch (InvalidTransformException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         }
     }
 
     /**
-     * Adds the <code>Transform</code> with the specified <code>Transform
+     * Adds the {@code Transform} with the specified <code>Transform
      * algorithm URI</code>.
      *
      * @param transformURI the URI form of transform that indicates which
@@ -215,10 +209,10 @@
        throws TransformationException {
 
         try {
-            Transform transform = new Transform(this.doc, transformURI, contextNodes);
+            Transform transform = new Transform(getDocument(), transformURI, contextNodes);
             this.addTransform(transform);
         } catch (InvalidTransformException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         }
     }
 
@@ -228,22 +222,20 @@
      * @param transform {@link Transform} object
      */
     private void addTransform(Transform transform) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transform.getURI() + ")");
-        }
+        LOG.debug("Transforms.addTransform({})", transform.getURI());
 
         Element transformElement = transform.getElement();
 
-        this.constructionElement.appendChild(transformElement);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendSelf(transformElement);
+        addReturnToSelf();
     }
 
     /**
-     * Applies all included <code>Transform</code>s to xmlSignatureInput and
+     * Applies all included {@code Transform}s to xmlSignatureInput and
      * returns the result of these transformations.
      *
-     * @param xmlSignatureInput the input for the <code>Transform</code>s
-     * @return the result of the <code>Transforms</code>
+     * @param xmlSignatureInput the input for the {@code Transform}s
+     * @return the result of the {@code Transforms}
      * @throws TransformationException
      */
     public XMLSignatureInput performTransforms(
@@ -253,12 +245,12 @@
     }
 
     /**
-     * Applies all included <code>Transform</code>s to xmlSignatureInput and
+     * Applies all included {@code Transform}s to xmlSignatureInput and
      * returns the result of these transformations.
      *
-     * @param xmlSignatureInput the input for the <code>Transform</code>s
+     * @param xmlSignatureInput the input for the {@code Transform}s
      * @param os where to output the last transformation.
-     * @return the result of the <code>Transforms</code>
+     * @return the result of the {@code Transforms}
      * @throws TransformationException
      */
     public XMLSignatureInput performTransforms(
@@ -268,26 +260,24 @@
             int last = this.getLength() - 1;
             for (int i = 0; i < last; i++) {
                 Transform t = this.item(i);
-                String uri = t.getURI();
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Perform the (" + i + ")th " + uri + " transform");
-                }
+                LOG.debug("Perform the ({})th {} transform", i, t.getURI());
                 checkSecureValidation(t);
                 xmlSignatureInput = t.performTransform(xmlSignatureInput);
             }
             if (last >= 0) {
                 Transform t = this.item(last);
+                LOG.debug("Perform the ({})th {} transform", last, t.getURI());
                 checkSecureValidation(t);
                 xmlSignatureInput = t.performTransform(xmlSignatureInput, os);
             }
 
             return xmlSignatureInput;
         } catch (IOException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (CanonicalizationException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (InvalidCanonicalizerException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         }
     }
 
@@ -300,6 +290,7 @@
                 "signature.Transform.ForbiddenTransform", exArgs
             );
         }
+        transform.setSecureValidation(secureValidation);
     }
 
     /**
@@ -308,34 +299,34 @@
      * @return the number of transformations
      */
     public int getLength() {
-        if (transforms == null) {
-            transforms =
-                XMLUtils.selectDsNodes(this.constructionElement.getFirstChild(), "Transform");
-        }
+        initTransforms();
         return transforms.length;
     }
 
     /**
-     * Return the <it>i</it><sup>th</sup> <code>{@link Transform}</code>.
-     * Valid <code>i</code> values are 0 to <code>{@link #getLength}-1</code>.
+     * Return the <i>i</i><sup>th</sup> {@code {@link Transform}}.
+     * Valid {@code i} values are 0 to {@code {@link #getLength}-1}.
      *
      * @param i index of {@link Transform} to return
-     * @return the <it>i</it><sup>th</sup> Transform
+     * @return the <i>i</i><sup>th</sup> Transform
      * @throws TransformationException
      */
     public Transform item(int i) throws TransformationException {
         try {
-            if (transforms == null) {
-                transforms =
-                    XMLUtils.selectDsNodes(this.constructionElement.getFirstChild(), "Transform");
-            }
+            initTransforms();
             return new Transform(transforms[i], this.baseURI);
         } catch (XMLSecurityException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         }
     }
 
-    /** @inheritDoc */
+    private void initTransforms() {
+        if (transforms == null) {
+            transforms = XMLUtils.selectDsNodes(getFirstChild(), "Transform");
+        }
+    }
+
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_TRANSFORMS;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/FuncHere.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/FuncHere.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/FuncHere.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/FuncHere.java
@@ -71,9 +71,7 @@
      * @return the xobject
      * @throws javax.xml.transform.TransformerException
      */
-    @Override
-    public XObject execute(XPathContext xctxt)
-        throws javax.xml.transform.TransformerException {
+    public XObject execute(XPathContext xctxt) throws TransformerException {
 
         Node xpathOwnerNode = (Node) xctxt.getOwnerObject();
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java
@@ -22,30 +22,29 @@
  */
 package com.sun.org.apache.xml.internal.security.transforms.implementations;
 
-import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.util.Base64;
 
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.transforms.Transform;
 import com.sun.org.apache.xml.internal.security.transforms.TransformSpi;
 import com.sun.org.apache.xml.internal.security.transforms.TransformationException;
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.Text;
 import org.xml.sax.SAXException;
 
+import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
+
 /**
- * Implements the <CODE>http://www.w3.org/2000/09/xmldsig#base64</CODE> decoding
+ * Implements the {@code http://www.w3.org/2000/09/xmldsig#base64} decoding
  * transform.
  *
  * <p>The normative specification for base64 decoding transforms is
@@ -58,7 +57,7 @@
  * <p>This transform requires an octet stream for input.
  * If an XPath node-set (or sufficiently functional alternative) is
  * given as input, then it is converted to an octet stream by
- * performing operations logically equivalent to 1) applying an XPath
+ * performing operations LOGically equivalent to 1) applying an XPath
  * transform with expression self::text(), then 2) taking the string-value
  * of the node-set. Thus, if an XML element is identified by a barename
  * XPointer in the Reference URI, and its content consists solely of base64
@@ -67,8 +66,6 @@
  * elements as well as any descendant comments and processing instructions.
  * The output of this transform is an octet stream.</p>
  *
- * @author Christian Geuer-Pollmann
- * @see com.sun.org.apache.xml.internal.security.utils.Base64
  */
 public class TransformBase64Decode extends TransformSpi {
 
@@ -79,7 +76,7 @@
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return TransformBase64Decode.implementedTransformURI;
@@ -90,7 +87,7 @@
      *
      * @param input
      * @return {@link XMLSignatureInput} as the result of transformation
-     * @inheritDoc
+     * {@inheritDoc}
      * @throws CanonicalizationException
      * @throws IOException
      * @throws TransformationException
@@ -104,64 +101,70 @@
     protected XMLSignatureInput enginePerformTransform(
         XMLSignatureInput input, OutputStream os, Transform transformObject
     ) throws IOException, CanonicalizationException, TransformationException {
-        try {
-            if (input.isElement()) {
-                Node el = input.getSubNode();
-                if (input.getSubNode().getNodeType() == Node.TEXT_NODE) {
-                    el = el.getParentNode();
-                }
-                StringBuilder sb = new StringBuilder();
-                traverseElement((Element)el, sb);
-                if (os == null) {
-                    byte[] decodedBytes = Base64.decode(sb.toString());
-                    return new XMLSignatureInput(decodedBytes);
-                }
-                Base64.decode(sb.toString(), os);
-                XMLSignatureInput output = new XMLSignatureInput((byte[])null);
-                output.setOutputStream(os);
+        if (input.isElement()) {
+            Node el = input.getSubNode();
+            if (input.getSubNode().getNodeType() == Node.TEXT_NODE) {
+                el = el.getParentNode();
+            }
+            StringBuilder sb = new StringBuilder();
+            traverseElement((Element)el, sb);
+            if (os == null) {
+                byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
+                XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
+                output.setSecureValidation(secureValidation);
+                return output;
+            }
+            byte[] bytes = Base64.getMimeDecoder().decode(sb.toString());
+            os.write(bytes);
+            XMLSignatureInput output = new XMLSignatureInput((byte[])null);
+            output.setSecureValidation(secureValidation);
+            output.setOutputStream(os);
+            return output;
+        }
+
+        if (input.isOctetStream() || input.isNodeSet()) {
+            if (os == null) {
+                byte[] base64Bytes = input.getBytes();
+                byte[] decodedBytes = Base64.getMimeDecoder().decode(base64Bytes);
+                XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
+                output.setSecureValidation(secureValidation);
                 return output;
             }
-
-            if (input.isOctetStream() || input.isNodeSet()) {
-                if (os == null) {
-                    byte[] base64Bytes = input.getBytes();
-                    byte[] decodedBytes = Base64.decode(base64Bytes);
-                    return new XMLSignatureInput(decodedBytes);
-                }
-                if (input.isByteArray() || input.isNodeSet()) {
-                    Base64.decode(input.getBytes(), os);
-                } else {
-                    Base64.decode(new BufferedInputStream(input.getOctetStreamReal()), os);
-                }
-                XMLSignatureInput output = new XMLSignatureInput((byte[])null);
-                output.setOutputStream(os);
-                return output;
+            if (input.isByteArray() || input.isNodeSet()) {
+                byte[] bytes = Base64.getMimeDecoder().decode(input.getBytes());
+                os.write(bytes);
+            } else {
+                byte[] inputBytes = JavaUtils.getBytesFromStream(input.getOctetStreamReal());
+                byte[] bytes = Base64.getMimeDecoder().decode(inputBytes);
+                os.write(bytes);
             }
+            XMLSignatureInput output = new XMLSignatureInput((byte[])null);
+            output.setSecureValidation(secureValidation);
+            output.setOutputStream(os);
+            return output;
+        }
 
-            try {
-                //Exceptional case there is current not text case testing this(Before it was a
-                //a common case).
-                DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-                dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-                Document doc =
-                    dbf.newDocumentBuilder().parse(input.getOctetStream());
+        try {
+            //Exceptional case there is current not text case testing this(Before it was a
+            //a common case).
+            Document doc =
+                XMLUtils.createDocumentBuilder(false, secureValidation).parse(input.getOctetStream());
 
-                Element rootNode = doc.getDocumentElement();
-                StringBuilder sb = new StringBuilder();
-                traverseElement(rootNode, sb);
-                byte[] decodedBytes = Base64.decode(sb.toString());
-                return new XMLSignatureInput(decodedBytes);
-            } catch (ParserConfigurationException e) {
-                throw new TransformationException("c14n.Canonicalizer.Exception",e);
-            } catch (SAXException e) {
-                throw new TransformationException("SAX exception", e);
-            }
-        } catch (Base64DecodingException e) {
-            throw new TransformationException("Base64Decoding", e);
+            Element rootNode = doc.getDocumentElement();
+            StringBuilder sb = new StringBuilder();
+            traverseElement(rootNode, sb);
+            byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
+            XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
+            output.setSecureValidation(secureValidation);
+            return output;
+        } catch (ParserConfigurationException e) {
+            throw new TransformationException(e, "c14n.Canonicalizer.Exception");
+        } catch (SAXException e) {
+            throw new TransformationException(e, "SAX exception");
         }
     }
 
-    void traverseElement(org.w3c.dom.Element node, StringBuilder sb) {
+    void traverseElement(Element node, StringBuilder sb) {
         Node sibling = node.getFirstChild();
         while (sibling != null) {
             switch (sibling.getNodeType()) {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N.java
@@ -32,10 +32,9 @@
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 
 /**
- * Implements the <CODE>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</CODE>
+ * Implements the {@code http://www.w3.org/TR/2001/REC-xml-c14n-20010315}
  * transform.
  *
- * @author Christian Geuer-Pollmann
  */
 public class TransformC14N extends TransformSpi {
 
@@ -44,7 +43,7 @@
         Transforms.TRANSFORM_C14N_OMIT_COMMENTS;
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return TransformC14N.implementedTransformURI;
@@ -54,12 +53,14 @@
         XMLSignatureInput input, OutputStream os, Transform transformObject
     ) throws CanonicalizationException {
         Canonicalizer20010315OmitComments c14n = new Canonicalizer20010315OmitComments();
+        c14n.setSecureValidation(secureValidation);
         if (os != null) {
             c14n.setWriter(os);
         }
         byte[] result = null;
         result = c14n.engineCanonicalize(input);
         XMLSignatureInput output = new XMLSignatureInput(result);
+        output.setSecureValidation(secureValidation);
         if (os != null) {
             output.setOutputStream(os);
         }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11.java
@@ -32,10 +32,9 @@
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 
 /**
- * Implements the <CODE>http://www.w3.org/2006/12/xml-c14n11</CODE>
+ * Implements the {@code http://www.w3.org/2006/12/xml-c14n11}
  * (C14N 1.1) transform.
  *
- * @author Sean Mullan
  */
 public class TransformC14N11 extends TransformSpi {
 
@@ -47,12 +46,14 @@
         XMLSignatureInput input, OutputStream os, Transform transform
     ) throws CanonicalizationException {
         Canonicalizer11_OmitComments c14n = new Canonicalizer11_OmitComments();
+        c14n.setSecureValidation(secureValidation);
         if (os != null) {
             c14n.setWriter(os);
         }
         byte[] result = null;
         result = c14n.engineCanonicalize(input);
         XMLSignatureInput output = new XMLSignatureInput(result);
+        output.setSecureValidation(secureValidation);
         if (os != null) {
             output.setOutputStream(os);
         }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11_WithComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11_WithComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11_WithComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11_WithComments.java
@@ -32,10 +32,9 @@
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 
 /**
- * Implements the <CODE>http://www.w3.org/2006/12/xml-c14n-11#WithComments</CODE>
+ * Implements the {@code http://www.w3.org/2006/12/xml-c14n-11#WithComments}
  * (C14N 1.1 With Comments) transform.
  *
- * @author Sean Mullan
  */
 public class TransformC14N11_WithComments extends TransformSpi {
 
@@ -48,6 +47,7 @@
     ) throws CanonicalizationException {
 
         Canonicalizer11_WithComments c14n = new Canonicalizer11_WithComments();
+        c14n.setSecureValidation(secureValidation);
         if (os != null) {
             c14n.setWriter(os);
         }
@@ -55,6 +55,7 @@
         byte[] result = null;
         result = c14n.engineCanonicalize(input);
         XMLSignatureInput output = new XMLSignatureInput(result);
+        output.setSecureValidation(secureValidation);
         if (os != null) {
             output.setOutputStream(os);
         }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusive.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusive.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusive.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusive.java
@@ -48,7 +48,7 @@
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return implementedTransformURI;
@@ -79,18 +79,20 @@
 
             Canonicalizer20010315ExclOmitComments c14n =
                 new Canonicalizer20010315ExclOmitComments();
+            c14n.setSecureValidation(secureValidation);
             if (os != null) {
                 c14n.setWriter(os);
             }
             byte[] result = c14n.engineCanonicalize(input, inclusiveNamespaces);
 
             XMLSignatureInput output = new XMLSignatureInput(result);
+            output.setSecureValidation(secureValidation);
             if (os != null) {
                 output.setOutputStream(os);
             }
             return output;
         } catch (XMLSecurityException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusiveWithComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusiveWithComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusiveWithComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusiveWithComments.java
@@ -36,10 +36,9 @@
 import org.w3c.dom.Element;
 
 /**
- * Implements the <CODE>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</CODE>
+ * Implements the {@code http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments}
  * transform.
  *
- * @author Christian Geuer-Pollmann
  */
 public class TransformC14NExclusiveWithComments extends TransformSpi {
 
@@ -49,7 +48,7 @@
 
     /**
      * Method engineGetURI
-     *@inheritDoc
+     *{@inheritDoc}
      *
      */
     protected String engineGetURI() {
@@ -82,15 +81,17 @@
 
             Canonicalizer20010315ExclWithComments c14n =
                 new Canonicalizer20010315ExclWithComments();
+            c14n.setSecureValidation(secureValidation);
             if (os != null) {
                 c14n.setWriter(os);
             }
             byte[] result = c14n.engineCanonicalize(input, inclusiveNamespaces);
             XMLSignatureInput output = new XMLSignatureInput(result);
+            output.setSecureValidation(secureValidation);
 
             return output;
         } catch (XMLSecurityException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NWithComments.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NWithComments.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NWithComments.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NWithComments.java
@@ -32,10 +32,9 @@
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 
 /**
- * Implements the <CODE>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</CODE>
+ * Implements the {@code http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments}
  * transform.
  *
- * @author Christian Geuer-Pollmann
  */
 public class TransformC14NWithComments extends TransformSpi {
 
@@ -43,17 +42,18 @@
     public static final String implementedTransformURI =
         Transforms.TRANSFORM_C14N_WITH_COMMENTS;
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetURI() {
         return implementedTransformURI;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected XMLSignatureInput enginePerformTransform(
         XMLSignatureInput input, OutputStream os, Transform transformObject
     ) throws CanonicalizationException {
 
         Canonicalizer20010315WithComments c14n = new Canonicalizer20010315WithComments();
+        c14n.setSecureValidation(secureValidation);
         if (os != null) {
             c14n.setWriter(os);
         }
@@ -61,6 +61,7 @@
         byte[] result = null;
         result = c14n.engineCanonicalize(input);
         XMLSignatureInput output = new XMLSignatureInput(result);
+        output.setSecureValidation(secureValidation);
         if (os != null) {
             output.setOutputStream(os);
         }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformEnvelopedSignature.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformEnvelopedSignature.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformEnvelopedSignature.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformEnvelopedSignature.java
@@ -36,10 +36,9 @@
 import org.w3c.dom.Node;
 
 /**
- * Implements the <CODE>http://www.w3.org/2000/09/xmldsig#enveloped-signature</CODE>
+ * Implements the {@code http://www.w3.org/2000/09/xmldsig#enveloped-signature}
  * transform.
  *
- * @author Christian Geuer-Pollmann
  */
 public class TransformEnvelopedSignature extends TransformSpi {
 
@@ -50,14 +49,14 @@
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return implementedTransformURI;
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected XMLSignatureInput enginePerformTransform(
         XMLSignatureInput input, OutputStream os, Transform transformObject
@@ -136,7 +135,7 @@
                 return -1;
             }
             return 1;
-            //return !XMLUtils.isDescendantOrSelf(exclude,n);
+            //return !XMLUtils.isDescendantOrSelf(exclude, n);
         }
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath.java
@@ -44,10 +44,9 @@
 /**
  * Class TransformXPath
  *
- * Implements the <CODE>http://www.w3.org/TR/1999/REC-xpath-19991116</CODE>
+ * Implements the {@code http://www.w3.org/TR/1999/REC-xpath-19991116}
  * transform.
  *
- * @author Christian Geuer-Pollmann
  * @see <a href="http://www.w3.org/TR/1999/REC-xpath-19991116">XPath</a>
  *
  */
@@ -59,7 +58,7 @@
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return implementedTransformURI;
@@ -67,7 +66,7 @@
 
     /**
      * Method enginePerformTransform
-     * @inheritDoc
+     * {@inheritDoc}
      * @param input
      *
      * @throws TransformationException
@@ -96,14 +95,14 @@
 
                 throw new TransformationException("xml.WrongContent", exArgs);
             }
-            Node xpathnode = xpathElement.getChildNodes().item(0);
-            String str = XMLUtils.getStrFromNode(xpathnode);
-            input.setNeedsToBeExpanded(needsCircumvent(str));
+            Node xpathnode = xpathElement.getFirstChild();
             if (xpathnode == null) {
                 throw new DOMException(
                     DOMException.HIERARCHY_REQUEST_ERR, "Text must be in ds:Xpath"
                 );
             }
+            String str = XMLUtils.getStrFromNode(xpathnode);
+            input.setNeedsToBeExpanded(needsCircumvent(str));
 
             XPathFactory xpathFactory = XPathFactory.newInstance();
             XPathAPI xpathAPIInstance = xpathFactory.newXPathAPI();
@@ -111,7 +110,7 @@
             input.setNodeSet(true);
             return input;
         } catch (DOMException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         }
     }
 
@@ -120,7 +119,7 @@
      * @return true if needs to be circumvent for bug.
      */
     private boolean needsCircumvent(String str) {
-        return (str.indexOf("namespace") != -1) || (str.indexOf("name()") != -1);
+        return str.indexOf("namespace") != -1 || str.indexOf("name()") != -1;
     }
 
     static class XPathNodeFilter implements NodeFilter {
@@ -151,7 +150,7 @@
                 Object[] eArgs = {currentNode};
                 throw new XMLSecurityRuntimeException("signature.Transform.node", eArgs, e);
             } catch (Exception e) {
-                Object[] eArgs = {currentNode, Short.valueOf(currentNode.getNodeType())};
+                Object[] eArgs = {currentNode, currentNode.getNodeType()};
                 throw new XMLSecurityRuntimeException("signature.Transform.nodeAndType",eArgs, e);
             }
         }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath2Filter.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath2Filter.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath2Filter.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath2Filter.java
@@ -66,7 +66,7 @@
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return implementedTransformURI;
@@ -74,7 +74,7 @@
 
     /**
      * Method enginePerformTransform
-     * @inheritDoc
+     * {@inheritDoc}
      * @param input
      *
      * @throws TransformationException
@@ -83,9 +83,9 @@
         XMLSignatureInput input, OutputStream os, Transform transformObject
     ) throws TransformationException {
         try {
-            List<NodeList> unionNodes = new ArrayList<NodeList>();
-            List<NodeList> subtractNodes = new ArrayList<NodeList>();
-            List<NodeList> intersectNodes = new ArrayList<NodeList>();
+            List<NodeList> unionNodes = new ArrayList<>();
+            List<NodeList> subtractNodes = new ArrayList<>();
+            List<NodeList> intersectNodes = new ArrayList<>();
 
             Element[] xpathElements =
                 XMLUtils.selectNodes(
@@ -139,21 +139,21 @@
             input.setNodeSet(true);
             return input;
         } catch (TransformerException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (DOMException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (CanonicalizationException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (InvalidCanonicalizerException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (XMLSecurityException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (SAXException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (IOException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         } catch (ParserConfigurationException ex) {
-            throw new TransformationException("empty", ex);
+            throw new TransformationException(ex);
         }
     }
 }
@@ -208,7 +208,7 @@
     public int isNodeIncludeDO(Node n, int level) {
         int result = 1;
         if (hasSubtractFilter) {
-            if ((inSubtract == -1) || (level <= inSubtract)) {
+            if (inSubtract == -1 || level <= inSubtract) {
                 if (inList(n, subtractNodes)) {
                     inSubtract = level;
                 } else {
@@ -220,7 +220,7 @@
             }
         }
         if (result != -1 && hasIntersectFilter
-            && ((inIntersect == -1) || (level <= inIntersect))) {
+            && (inIntersect == -1 || level <= inIntersect)) {
             if (!inList(n, intersectNodes)) {
                 inIntersect = -1;
                 result = 0;
@@ -236,13 +236,13 @@
             return 1;
         }
         if (hasUnionFilter) {
-            if ((inUnion == -1) && inList(n, unionNodes)) {
+            if (inUnion == -1 && inList(n, unionNodes)) {
                 inUnion = level;
             }
             if (inUnion != -1) {
                 return 1;
             }
-            result=0;
+            result = 0;
         }
 
         return result;
@@ -282,7 +282,7 @@
     }
 
     private static Set<Node> convertNodeListToSet(List<NodeList> l) {
-        Set<Node> result = new HashSet<Node>();
+        Set<Node> result = new HashSet<>();
         for (NodeList rootNodes : l) {
             int length = rootNodes.getLength();
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPointer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPointer.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPointer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPointer.java
@@ -33,7 +33,6 @@
 /**
  * Class TransformXPointer
  *
- * @author Christian Geuer-Pollmann
  */
 public class TransformXPointer extends TransformSpi {
 
@@ -42,7 +41,7 @@
         Transforms.TRANSFORM_XPOINTER;
 
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetURI() {
         return implementedTransformURI;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java
@@ -25,6 +25,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
 
 import javax.xml.XMLConstants;
@@ -49,10 +50,9 @@
 /**
  * Class TransformXSLT
  *
- * Implements the <CODE>http://www.w3.org/TR/1999/REC-xslt-19991116</CODE>
+ * Implements the {@code http://www.w3.org/TR/1999/REC-xslt-19991116}
  * transform.
  *
- * @author Christian Geuer-Pollmann
  */
 public class TransformXSLT extends TransformSpi {
 
@@ -60,17 +60,17 @@
     public static final String implementedTransformURI =
         Transforms.TRANSFORM_XSLT;
 
-    static final String XSLTSpecNS              = "http://www.w3.org/1999/XSL/Transform";
+    static final String XSLTSpecNS = "http://www.w3.org/1999/XSL/Transform";
     static final String defaultXSLTSpecNSprefix = "xslt";
-    static final String XSLTSTYLESHEET          = "stylesheet";
+    static final String XSLTSTYLESHEET = "stylesheet";
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(TransformXSLT.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(TransformXSLT.class);
 
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return implementedTransformURI;
@@ -101,8 +101,6 @@
              * attempt to convert it to octets (apply Canonical XML]) as described
              * in the Reference Processing Model (section 4.3.3.2).
              */
-            Source xmlSource =
-                new StreamSource(new ByteArrayInputStream(input.getBytes()));
             Source stylesheet;
 
             /*
@@ -114,15 +112,16 @@
              * so we convert the stylesheet to byte[] and use this as input stream
              */
             {
-                ByteArrayOutputStream os = new ByteArrayOutputStream();
-                Transformer transformer = tFactory.newTransformer();
-                DOMSource source = new DOMSource(xsltElement);
-                StreamResult result = new StreamResult(os);
+                try (ByteArrayOutputStream os = new ByteArrayOutputStream()) {
+                    Transformer transformer = tFactory.newTransformer();
+                    DOMSource source = new DOMSource(xsltElement);
+                    StreamResult result = new StreamResult(os);
 
-                transformer.transform(source, result);
+                    transformer.transform(source, result);
 
-                stylesheet =
-                    new StreamSource(new ByteArrayInputStream(os.toByteArray()));
+                    stylesheet =
+                        new StreamSource(new ByteArrayInputStream(os.toByteArray()));
+                }
             }
 
             Transformer transformer = tFactory.newTransformer(stylesheet);
@@ -135,33 +134,34 @@
             try {
                 transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", "\n");
             } catch (Exception e) {
-                log.log(java.util.logging.Level.WARNING, "Unable to set Xalan line-separator property: " + e.getMessage());
+                LOG.warn("Unable to set Xalan line-separator property: " + e.getMessage());
             }
 
-            if (baos == null) {
-                ByteArrayOutputStream baos1 = new ByteArrayOutputStream();
-                StreamResult outputTarget = new StreamResult(baos1);
+            try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
+                Source xmlSource = new StreamSource(is);
+                if (baos == null) {
+                    try (ByteArrayOutputStream baos1 = new ByteArrayOutputStream()) {
+                        StreamResult outputTarget = new StreamResult(baos1);
+                        transformer.transform(xmlSource, outputTarget);
+                        XMLSignatureInput output = new XMLSignatureInput(baos1.toByteArray());
+                        output.setSecureValidation(secureValidation);
+                        return output;
+                    }
+                }
+                StreamResult outputTarget = new StreamResult(baos);
+
                 transformer.transform(xmlSource, outputTarget);
-                return new XMLSignatureInput(baos1.toByteArray());
             }
-            StreamResult outputTarget = new StreamResult(baos);
-
-            transformer.transform(xmlSource, outputTarget);
             XMLSignatureInput output = new XMLSignatureInput((byte[])null);
+            output.setSecureValidation(secureValidation);
             output.setOutputStream(baos);
             return output;
         } catch (XMLSecurityException ex) {
-            Object exArgs[] = { ex.getMessage() };
-
-            throw new TransformationException("generic.EmptyMessage", exArgs, ex);
+            throw new TransformationException(ex);
         } catch (TransformerConfigurationException ex) {
-            Object exArgs[] = { ex.getMessage() };
-
-            throw new TransformationException("generic.EmptyMessage", exArgs, ex);
+            throw new TransformationException(ex);
         } catch (TransformerException ex) {
-            Object exArgs[] = { ex.getMessage() };
-
-            throw new TransformationException("generic.EmptyMessage", exArgs, ex);
+            throw new TransformationException(ex);
         }
     }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-implementations of XML Signature transforms.
-</P></BODY></HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-the framework for XML Signature transforms.
-</P></BODY></HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/InclusiveNamespaces.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/InclusiveNamespaces.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/InclusiveNamespaces.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/InclusiveNamespaces.java
@@ -35,11 +35,10 @@
 /**
  * This Object serves as Content for the ds:Transforms for exclusive
  * Canonicalization.
- * <BR />
+ * <p></p>
  * It implements the {@link Element} interface
  * and can be used directly in a DOM tree.
  *
- * @author Christian Geuer-Pollmann
  */
 public class InclusiveNamespaces extends ElementProxy implements TransformParam {
 
@@ -82,27 +81,27 @@
 
         StringBuilder sb = new StringBuilder();
         for (String prefix : prefixList) {
-            if (prefix.equals("xmlns")) {
+            if ("xmlns".equals(prefix)) {
                 sb.append("#default ");
             } else {
-                sb.append(prefix + " ");
+                sb.append(prefix);
+                sb.append(" ");
             }
         }
 
-        this.constructionElement.setAttributeNS(
-            null, InclusiveNamespaces._ATT_EC_PREFIXLIST, sb.toString().trim());
+        setLocalAttribute(InclusiveNamespaces._ATT_EC_PREFIXLIST, sb.toString().trim());
     }
 
     /**
      * Constructor InclusiveNamespaces
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public InclusiveNamespaces(Element element, String BaseURI)
+    public InclusiveNamespaces(Element element, String baseURI)
         throws XMLSecurityException {
-        super(element, BaseURI);
+        super(element, baseURI);
     }
 
     /**
@@ -111,21 +110,21 @@
      * @return The Inclusive Namespace string
      */
     public String getInclusiveNamespaces() {
-        return this.constructionElement.getAttributeNS(null, InclusiveNamespaces._ATT_EC_PREFIXLIST);
+        return getLocalAttribute(InclusiveNamespaces._ATT_EC_PREFIXLIST);
     }
 
     /**
-     * Decodes the <code>inclusiveNamespaces</code> String and returns all
-     * selected namespace prefixes as a Set. The <code>#default</code>
+     * Decodes the {@code inclusiveNamespaces} String and returns all
+     * selected namespace prefixes as a Set. The {@code #default}
      * namespace token is represented as an empty namespace prefix
-     * (<code>"xmlns"</code>).
-     * <BR/>
-     * The String <code>inclusiveNamespaces=" xenc    ds #default"</code>
+     * ({@code "xmlns"}).
+     * <BR>
+     * The String {@code inclusiveNamespaces=" xenc    ds #default"}
      * is returned as a Set containing the following Strings:
      * <UL>
-     * <LI><code>xmlns</code></LI>
-     * <LI><code>xenc</code></LI>
-     * <LI><code>ds</code></LI>
+     * <LI>{@code xmlns}</LI>
+     * <LI>{@code xenc}</LI>
+     * <LI>{@code ds}</LI>
      * </UL>
      *
      * @param inclusiveNamespaces
@@ -134,7 +133,7 @@
     public static SortedSet<String> prefixStr2Set(String inclusiveNamespaces) {
         SortedSet<String> prefixes = new TreeSet<String>();
 
-        if ((inclusiveNamespaces == null) || (inclusiveNamespaces.length() == 0)) {
+        if (inclusiveNamespaces == null || inclusiveNamespaces.length() == 0) {
             return prefixes;
         }
 
@@ -153,7 +152,7 @@
     /**
      * Method getBaseNamespace
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public String getBaseNamespace() {
         return InclusiveNamespaces.ExclusiveCanonicalizationNamespace;
@@ -162,7 +161,7 @@
     /**
      * Method getBaseLocalName
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public String getBaseLocalName() {
         return InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer.java
@@ -36,7 +36,6 @@
  * Implements the parameters for the <A
  * HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0</A>.
  *
- * @author $Author: coheigea $
  * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
  */
 public class XPath2FilterContainer extends ElementProxy implements TransformParam {
@@ -90,24 +89,22 @@
     private XPath2FilterContainer(Document doc, String xpath2filter, String filterType) {
         super(doc);
 
-        this.constructionElement.setAttributeNS(
-            null, XPath2FilterContainer._ATT_FILTER, filterType);
-        this.constructionElement.appendChild(doc.createTextNode(xpath2filter));
+        setLocalAttribute(XPath2FilterContainer._ATT_FILTER, filterType);
+        appendSelf(createText(xpath2filter));
     }
 
     /**
      * Constructor XPath2FilterContainer
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    private XPath2FilterContainer(Element element, String BaseURI) throws XMLSecurityException {
+    private XPath2FilterContainer(Element element, String baseURI) throws XMLSecurityException {
 
-        super(element, BaseURI);
+        super(element, baseURI);
 
-        String filterStr =
-            this.constructionElement.getAttributeNS(null, XPath2FilterContainer._ATT_FILTER);
+        String filterStr = getLocalAttribute(XPath2FilterContainer._ATT_FILTER);
 
         if (!filterStr.equals(XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT)
             && !filterStr.equals(XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT)
@@ -179,7 +176,7 @@
 
             if (!(type.equals(XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT)
                 || type.equals(XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT)
-                || type.equals(XPath2FilterContainer._ATT_FILTER_VALUE_UNION))){
+                || type.equals(XPath2FilterContainer._ATT_FILTER_VALUE_UNION))) {
                 throw new IllegalArgumentException("The type(" + i + ")=\"" + type
                                                    + "\" is illegal");
             }
@@ -197,47 +194,44 @@
      * Creates a XPath2FilterContainer from an existing Element; needed for verification.
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @return the filter
      *
      * @throws XMLSecurityException
      */
     public static XPath2FilterContainer newInstance(
-        Element element, String BaseURI
+        Element element, String baseURI
     ) throws XMLSecurityException {
-        return new XPath2FilterContainer(element, BaseURI);
+        return new XPath2FilterContainer(element, baseURI);
     }
 
     /**
-     * Returns <code>true</code> if the <code>Filter</code> attribute has value "intersect".
+     * Returns {@code true} if the {@code Filter} attribute has value "intersect".
      *
-     * @return <code>true</code> if the <code>Filter</code> attribute has value "intersect".
+     * @return {@code true} if the {@code Filter} attribute has value "intersect".
      */
     public boolean isIntersect() {
-        return this.constructionElement.getAttributeNS(
-            null, XPath2FilterContainer._ATT_FILTER
+        return getLocalAttribute(XPath2FilterContainer._ATT_FILTER
         ).equals(XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT);
     }
 
     /**
-     * Returns <code>true</code> if the <code>Filter</code> attribute has value "subtract".
+     * Returns {@code true} if the {@code Filter} attribute has value "subtract".
      *
-     * @return <code>true</code> if the <code>Filter</code> attribute has value "subtract".
+     * @return {@code true} if the {@code Filter} attribute has value "subtract".
      */
     public boolean isSubtract() {
-        return this.constructionElement.getAttributeNS(
-            null, XPath2FilterContainer._ATT_FILTER
+        return getLocalAttribute(XPath2FilterContainer._ATT_FILTER
         ).equals(XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT);
     }
 
     /**
-     * Returns <code>true</code> if the <code>Filter</code> attribute has value "union".
+     * Returns {@code true} if the {@code Filter} attribute has value "union".
      *
-     * @return <code>true</code> if the <code>Filter</code> attribute has value "union".
+     * @return {@code true} if the {@code Filter} attribute has value "union".
      */
     public boolean isUnion() {
-        return this.constructionElement.getAttributeNS(
-            null, XPath2FilterContainer._ATT_FILTER
+        return getLocalAttribute(XPath2FilterContainer._ATT_FILTER
         ).equals(XPath2FilterContainer._ATT_FILTER_VALUE_UNION);
     }
 
@@ -255,18 +249,15 @@
      * Filter String. We must use this stupid hook to enable the here() function
      * to work.
      *
-     * $todo$ I dunno whether this crashes: <XPath> here()<!-- comment -->/ds:Signature[1]</XPath>
      * @return the first Text node which contains information from the XPath 2 Filter String
      */
     public Node getXPathFilterTextNode() {
-
-        NodeList children = this.constructionElement.getChildNodes();
-        int length = children.getLength();
-
-        for (int i = 0; i < length; i++) {
-            if (children.item(i).getNodeType() == Node.TEXT_NODE) {
-                return children.item(i);
+        Node childNode = getElement().getFirstChild();
+        while (childNode != null) {
+            if (childNode.getNodeType() == Node.TEXT_NODE) {
+                return childNode;
             }
+            childNode = childNode.getNextSibling();
         }
 
         return null;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer04.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer04.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer04.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer04.java
@@ -25,17 +25,14 @@
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.transforms.TransformParam;
 import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * Implements the parameters for the <A
  * HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0</A>.
  *
- * @author $Author: coheigea $
  * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
  */
 public class XPath2FilterContainer04 extends ElementProxy implements TransformParam {
@@ -78,16 +75,15 @@
     private XPath2FilterContainer04(Document doc, String xpath2filter, String filterType) {
         super(doc);
 
-        this.constructionElement.setAttributeNS(
-            null, XPath2FilterContainer04._ATT_FILTER, filterType);
+        setLocalAttribute(XPath2FilterContainer04._ATT_FILTER, filterType);
 
-        if ((xpath2filter.length() > 2)
-            && (!Character.isWhitespace(xpath2filter.charAt(0)))) {
-            XMLUtils.addReturnToElement(this.constructionElement);
-            this.constructionElement.appendChild(doc.createTextNode(xpath2filter));
-            XMLUtils.addReturnToElement(this.constructionElement);
+        if (xpath2filter.length() > 2
+            && !Character.isWhitespace(xpath2filter.charAt(0))) {
+            addReturnToSelf();
+            appendSelf(createText(xpath2filter));
+            addReturnToSelf();
         } else {
-            this.constructionElement.appendChild(doc.createTextNode(xpath2filter));
+            appendSelf(createText(xpath2filter));
         }
     }
 
@@ -95,16 +91,15 @@
      * Constructor XPath2FilterContainer04
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    private XPath2FilterContainer04(Element element, String BaseURI)
+    private XPath2FilterContainer04(Element element, String baseURI)
         throws XMLSecurityException {
 
-        super(element, BaseURI);
+        super(element, baseURI);
 
-        String filterStr =
-            this.constructionElement.getAttributeNS(null, XPath2FilterContainer04._ATT_FILTER);
+        String filterStr = getLocalAttribute(XPath2FilterContainer04._ATT_FILTER);
 
         if (!filterStr.equals(XPath2FilterContainer04._ATT_FILTER_VALUE_INTERSECT)
             && !filterStr.equals(XPath2FilterContainer04._ATT_FILTER_VALUE_SUBTRACT)
@@ -166,47 +161,44 @@
      * Creates a XPath2FilterContainer04 from an existing Element; needed for verification.
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @return the instance
      *
      * @throws XMLSecurityException
      */
     public static XPath2FilterContainer04 newInstance(
-        Element element, String BaseURI
+        Element element, String baseURI
     ) throws XMLSecurityException {
-        return new XPath2FilterContainer04(element, BaseURI);
+        return new XPath2FilterContainer04(element, baseURI);
     }
 
     /**
-     * Returns <code>true</code> if the <code>Filter</code> attribute has value "intersect".
+     * Returns {@code true} if the {@code Filter} attribute has value "intersect".
      *
-     * @return <code>true</code> if the <code>Filter</code> attribute has value "intersect".
+     * @return {@code true} if the {@code Filter} attribute has value "intersect".
      */
     public boolean isIntersect() {
-        return this.constructionElement.getAttributeNS(
-            null, XPath2FilterContainer04._ATT_FILTER
+        return getLocalAttribute(XPath2FilterContainer04._ATT_FILTER
         ).equals(XPath2FilterContainer04._ATT_FILTER_VALUE_INTERSECT);
     }
 
     /**
-     * Returns <code>true</code> if the <code>Filter</code> attribute has value "subtract".
+     * Returns {@code true} if the {@code Filter} attribute has value "subtract".
      *
-     * @return <code>true</code> if the <code>Filter</code> attribute has value "subtract".
+     * @return {@code true} if the {@code Filter} attribute has value "subtract".
      */
     public boolean isSubtract() {
-        return this.constructionElement.getAttributeNS(
-            null, XPath2FilterContainer04._ATT_FILTER
+        return getLocalAttribute(XPath2FilterContainer04._ATT_FILTER
         ).equals(XPath2FilterContainer04._ATT_FILTER_VALUE_SUBTRACT);
     }
 
     /**
-     * Returns <code>true</code> if the <code>Filter</code> attribute has value "union".
+     * Returns {@code true} if the {@code Filter} attribute has value "union".
      *
-     * @return <code>true</code> if the <code>Filter</code> attribute has value "union".
+     * @return {@code true} if the {@code Filter} attribute has value "union".
      */
     public boolean isUnion() {
-        return this.constructionElement.getAttributeNS(
-            null, XPath2FilterContainer04._ATT_FILTER
+        return getLocalAttribute(XPath2FilterContainer04._ATT_FILTER
         ).equals(XPath2FilterContainer04._ATT_FILTER_VALUE_UNION);
     }
 
@@ -224,28 +216,26 @@
      * Filter String. We must use this stupid hook to enable the here() function
      * to work.
      *
-     * $todo$ I dunno whether this crashes: <XPath> here()<!-- comment -->/ds:Signature[1]</XPath>
      * @return the first Text node which contains information from the XPath 2 Filter String
      */
     public Node getXPathFilterTextNode() {
-        NodeList children = this.constructionElement.getChildNodes();
-        int length = children.getLength();
-
-        for (int i = 0; i < length; i++) {
-            if (children.item(i).getNodeType() == Node.TEXT_NODE) {
-                return children.item(i);
+        Node childNode = getElement().getFirstChild();
+        while (childNode != null) {
+            if (childNode.getNodeType() == Node.TEXT_NODE) {
+                return childNode;
             }
+            childNode = childNode.getNextSibling();
         }
 
         return null;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String getBaseLocalName() {
         return XPath2FilterContainer04._TAG_XPATH2;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String getBaseNamespace() {
         return XPath2FilterContainer04.XPathFilter2NS;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathContainer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathContainer.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathContainer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathContainer.java
@@ -27,15 +27,14 @@
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
-import org.w3c.dom.NodeList;
+import org.w3c.dom.Node;
 import org.w3c.dom.Text;
 
 /**
  * This Object serves both as namespace prefix resolver and as container for
- * the <CODE>ds:XPath</CODE> Element. It implements the {@link org.w3c.dom.Element} interface
+ * the {@code ds:XPath} Element. It implements the {@link org.w3c.dom.Element} interface
  * and can be used directly in a DOM tree.
  *
- * @author Christian Geuer-Pollmann
  */
 public class XPathContainer extends SignatureElementProxy implements TransformParam {
 
@@ -49,33 +48,32 @@
     }
 
     /**
-     * Sets the TEXT value of the <CODE>ds:XPath</CODE> Element.
+     * Sets the TEXT value of the {@code ds:XPath} Element.
      *
      * @param xpath
      */
     public void setXPath(String xpath) {
-        if (this.constructionElement.getChildNodes() != null) {
-            NodeList nl = this.constructionElement.getChildNodes();
-
-            for (int i = 0; i < nl.getLength(); i++) {
-                this.constructionElement.removeChild(nl.item(i));
-            }
+        Node childNode = getElement().getFirstChild();
+        while (childNode != null) {
+            Node nodeToBeRemoved = childNode;
+            childNode = childNode.getNextSibling();
+            getElement().removeChild(nodeToBeRemoved);
         }
 
-        Text xpathText = this.doc.createTextNode(xpath);
-        this.constructionElement.appendChild(xpathText);
+        Text xpathText = createText(xpath);
+        appendSelf(xpathText);
     }
 
     /**
-     * Returns the TEXT value of the <CODE>ds:XPath</CODE> Element.
+     * Returns the TEXT value of the {@code ds:XPath} Element.
      *
-     * @return the TEXT value of the <CODE>ds:XPath</CODE> Element.
+     * @return the TEXT value of the {@code ds:XPath} Element.
      */
     public String getXPath() {
         return this.getTextFromTextChild();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_XPATH;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java
@@ -35,7 +35,6 @@
  * Implements the parameters for a custom Transform which has a better performance
  * than the xfilter2.
  *
- * @author $Author: coheigea $
  */
 public class XPathFilterCHGPContainer extends ElementProxy implements TransformParam {
 
@@ -87,52 +86,48 @@
         super(doc);
 
         if (includeSlashPolicy) {
-            this.constructionElement.setAttributeNS(
-                null, XPathFilterCHGPContainer._ATT_INCLUDESLASH, "true"
-            );
+            setLocalAttribute(XPathFilterCHGPContainer._ATT_INCLUDESLASH, "true");
         } else {
-            this.constructionElement.setAttributeNS(
-                null, XPathFilterCHGPContainer._ATT_INCLUDESLASH, "false"
-            );
+            setLocalAttribute(XPathFilterCHGPContainer._ATT_INCLUDESLASH, "false");
         }
 
-        if ((includeButSearch != null) && (includeButSearch.trim().length() > 0)) {
+        if (includeButSearch != null && includeButSearch.trim().length() > 0) {
             Element includeButSearchElem =
                 ElementProxy.createElementForFamily(
                     doc, this.getBaseNamespace(), XPathFilterCHGPContainer._TAG_INCLUDE_BUT_SEARCH
                 );
 
             includeButSearchElem.appendChild(
-                this.doc.createTextNode(indentXPathText(includeButSearch))
+                createText(indentXPathText(includeButSearch))
             );
-            XMLUtils.addReturnToElement(this.constructionElement);
-            this.constructionElement.appendChild(includeButSearchElem);
+            addReturnToSelf();
+            appendSelf(includeButSearchElem);
         }
 
-        if ((excludeButSearch != null) && (excludeButSearch.trim().length() > 0)) {
+        if (excludeButSearch != null && excludeButSearch.trim().length() > 0) {
             Element excludeButSearchElem =
                 ElementProxy.createElementForFamily(
                     doc, this.getBaseNamespace(), XPathFilterCHGPContainer._TAG_EXCLUDE_BUT_SEARCH
                 );
 
             excludeButSearchElem.appendChild(
-                this.doc.createTextNode(indentXPathText(excludeButSearch)));
+                createText(indentXPathText(excludeButSearch)));
 
-            XMLUtils.addReturnToElement(this.constructionElement);
-            this.constructionElement.appendChild(excludeButSearchElem);
+            addReturnToSelf();
+            appendSelf(excludeButSearchElem);
         }
 
-        if ((exclude != null) && (exclude.trim().length() > 0)) {
+        if (exclude != null && exclude.trim().length() > 0) {
             Element excludeElem =
                 ElementProxy.createElementForFamily(
                    doc, this.getBaseNamespace(), XPathFilterCHGPContainer._TAG_EXCLUDE);
 
-            excludeElem.appendChild(this.doc.createTextNode(indentXPathText(exclude)));
-            XMLUtils.addReturnToElement(this.constructionElement);
-            this.constructionElement.appendChild(excludeElem);
+            excludeElem.appendChild(createText(indentXPathText(exclude)));
+            addReturnToSelf();
+            appendSelf(excludeElem);
         }
 
-        XMLUtils.addReturnToElement(this.constructionElement);
+        addReturnToSelf();
     }
 
     /**
@@ -142,7 +137,7 @@
      * @return the string with enters
      */
     static String indentXPathText(String xp) {
-        if ((xp.length() > 2) && (!Character.isWhitespace(xp.charAt(0)))) {
+        if (xp.length() > 2 && !Character.isWhitespace(xp.charAt(0))) {
             return "\n" + xp + "\n";
         }
         return xp;
@@ -152,12 +147,12 @@
      * Constructor XPathFilterCHGPContainer
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    private XPathFilterCHGPContainer(Element element, String BaseURI)
+    private XPathFilterCHGPContainer(Element element, String baseURI)
         throws XMLSecurityException {
-        super(element, BaseURI);
+        super(element, baseURI);
     }
 
     /**
@@ -182,15 +177,15 @@
      * Creates a XPathFilterCHGPContainer from an existing Element; needed for verification.
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      *
      * @throws XMLSecurityException
      * @return the created object.
      */
     public static XPathFilterCHGPContainer getInstance(
-        Element element, String BaseURI
+        Element element, String baseURI
     ) throws XMLSecurityException {
-        return new XPathFilterCHGPContainer(element, BaseURI);
+        return new XPathFilterCHGPContainer(element, baseURI);
     }
 
     /**
@@ -206,7 +201,7 @@
 
         Element xElem =
             XMLUtils.selectNode(
-                this.constructionElement.getFirstChild(), this.getBaseNamespace(), type, 0
+                getElement().getFirstChild(), this.getBaseNamespace(), type, 0
             );
 
         return XMLUtils.getFullTextChildrenFromElement(xElem);
@@ -245,8 +240,7 @@
      * @return the string
      */
     public boolean getIncludeSlashPolicy() {
-        return this.constructionElement.getAttributeNS(
-            null, XPathFilterCHGPContainer._ATT_INCLUDESLASH).equals("true");
+        return getLocalAttribute(XPathFilterCHGPContainer._ATT_INCLUDESLASH).equals("true");
     }
 
     /**
@@ -265,7 +259,7 @@
         }
 
         return XMLUtils.selectNodeText(
-            this.constructionElement.getFirstChild(), this.getBaseNamespace(), type, 0
+            getFirstChild(), this.getBaseNamespace(), type, 0
         );
     }
 
@@ -299,7 +293,7 @@
     /**
      * Method getBaseLocalName
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public final String getBaseLocalName() {
         return XPathFilterCHGPContainer._TAG_XPATHCHGP;
@@ -308,7 +302,7 @@
     /**
      * Method getBaseNamespace
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public final String getBaseNamespace() {
         return TRANSFORM_XPATHFILTERCHGP;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java
@@ -39,12 +39,10 @@
  * Optimized code. (raw version taken from oreilly.jonathan.util,
  * and currently org.apache.xerces.ds.util.Base64)
  *
- * @author Raul Benito(Of the xerces copy, and little adaptations).
- * @author Anli Shundi
- * @author Christian Geuer-Pollmann
  * @see <A HREF="ftp://ftp.isi.edu/in-notes/rfc2045.txt">RFC 2045</A>
  * @see com.sun.org.apache.xml.internal.security.transforms.implementations.TransformBase64Decode
  */
+@Deprecated
 public class Base64 {
 
     /** Field BASE64DEFAULTLENGTH */
@@ -105,9 +103,9 @@
      * <b>N.B.:</B> <code>{@link BigInteger}<code>'s toByteArray
      * returns eventually longer arrays because of the leading sign-bit.
      *
-     * @param big <code>BigInteger<code> to be converted
-     * @param bitlen <code>int<code> the desired length in bits of the representation
-     * @return a byte array with <code>bitlen</code> bits of <code>big</code>
+     * @param big {@code BigInteger} to be converted
+     * @param bitlen {@code int} the desired length in bits of the representation
+     * @return a byte array with {@code bitlen} bits of {@code big}
      */
     static final byte[] getBytes(BigInteger big, int bitlen) {
 
@@ -120,8 +118,8 @@
 
         byte[] bigBytes = big.toByteArray();
 
-        if (((big.bitLength() % 8) != 0)
-            && (((big.bitLength() / 8) + 1) == (bitlen / 8))) {
+        if (big.bitLength() % 8 != 0
+            && big.bitLength() / 8 + 1 == bitlen / 8) {
             return bigBytes;
         }
 
@@ -129,7 +127,7 @@
         int startSrc = 0;    // no need to skip anything
         int bigLen = bigBytes.length;    //valid length of the string
 
-        if ((big.bitLength() % 8) == 0) {    // correct values
+        if (big.bitLength() % 8 == 0) {    // correct values
             startSrc = 1;    // skip sign bit
 
             bigLen--;    // valid length of the string
@@ -144,27 +142,28 @@
     }
 
     /**
-     * Encode in Base64 the given <code>{@link BigInteger}<code>.
+     * Encode in Base64 the given {@code {@link BigInteger}}.
      *
      * @param big
      * @return String with Base64 encoding
      */
     public static final String encode(BigInteger big) {
-        return encode(getBytes(big, big.bitLength()));
+        byte[] bytes = XMLUtils.getBytes(big, big.bitLength());
+        return XMLUtils.encodeToString(bytes);
     }
 
     /**
-     * Returns a byte-array representation of a <code>{@link BigInteger}<code>.
+     * Returns a byte-array representation of a {@code {@link BigInteger}}.
      * No sign-bit is output.
      *
-     * <b>N.B.:</B> <code>{@link BigInteger}<code>'s toByteArray
+     * <b>N.B.:</B> {@code {@link BigInteger}}'s toByteArray
      * returns eventually longer arrays because of the leading sign-bit.
      *
-     * @param big <code>BigInteger<code> to be converted
-     * @param bitlen <code>int<code> the desired length in bits of the representation
-     * @return a byte array with <code>bitlen</code> bits of <code>big</code>
+     * @param big {@code BigInteger} to be converted
+     * @param bitlen {@code int} the desired length in bits of the representation
+     * @return a byte array with {@code bitlen} bits of {@code big}
      */
-    public static final  byte[] encode(BigInteger big, int bitlen) {
+    public static final byte[] encode(BigInteger big, int bitlen) {
 
         //round bitlen
         bitlen = ((bitlen + 7) >> 3) << 3;
@@ -175,8 +174,8 @@
 
         byte[] bigBytes = big.toByteArray();
 
-        if (((big.bitLength() % 8) != 0)
-            && (((big.bitLength() / 8) + 1) == (bitlen / 8))) {
+        if (big.bitLength() % 8 != 0
+            && big.bitLength() / 8 + 1 == bitlen / 8) {
             return bigBytes;
         }
 
@@ -184,7 +183,7 @@
         int startSrc = 0;    // no need to skip anything
         int bigLen = bigBytes.length;    //valid length of the string
 
-        if ((big.bitLength() % 8) == 0) {    // correct values
+        if (big.bitLength() % 8 == 0) {    // correct values
             startSrc = 1;    // skip sign bit
 
             bigLen--;    // valid length of the string
@@ -211,10 +210,9 @@
     }
 
     /**
-     * Method decodeBigIntegerFromText
-     *
-     * @param text
-     * @return the biginter obtained from the text node
+     * Decode a base 64 string into a {@link BigInteger}
+     * @param base64str Base 64 encoded string.
+     * @return a decoded BigInteger
      * @throws Base64DecodingException
      */
     public static final BigInteger decodeBigIntegerFromText(Text text)
@@ -246,8 +244,8 @@
     /**
      * Method decode
      *
-     * Takes the <CODE>Text</CODE> children of the Element and interprets
-     * them as input for the <CODE>Base64.decode()</CODE> function.
+     * Takes the {@code Text} children of the Element and interprets
+     * them as input for the {@code Base64.decode()} function.
      *
      * @param element
      * @return the byte obtained of the decoding the element
@@ -305,8 +303,8 @@
      * Encode a byte array and fold lines at the standard 76th character unless
      * ignore line breaks property is set.
      *
-     * @param binaryData <code>byte[]<code> to be base64 encoded
-     * @return the <code>String<code> with encoded data
+     * @param binaryData {@code byte[]} to be base64 encoded
+     * @return the {@code String} with encoded data
      */
     public static final String encode(byte[] binaryData) {
         return XMLUtils.ignoreLineBreaks()
@@ -328,11 +326,9 @@
         throws IOException, Base64DecodingException {
 
         byte[] retBytes = null;
-        UnsyncByteArrayOutputStream baos = null;
+        UnsyncByteArrayOutputStream baos = new UnsyncByteArrayOutputStream();
         try {
-            baos = new UnsyncByteArrayOutputStream();
             String line;
-
             while (null != (line = reader.readLine())) {
                 byte[] bytes = decode(line);
                 baos.write(bytes);
@@ -345,12 +341,12 @@
         return retBytes;
     }
 
-    protected static final boolean isWhiteSpace(byte octect) {
-        return (octect == 0x20 || octect == 0xd || octect == 0xa || octect == 0x9);
+    protected static final boolean isWhiteSpace(byte octet) {
+        return octet == 0x20 || octet == 0xd || octet == 0xa || octet == 0x9;
     }
 
-    protected static final boolean isPad(byte octect) {
-        return (octect == PAD);
+    protected static final boolean isPad(byte octet) {
+        return octet == PAD;
     }
 
     /**
@@ -363,11 +359,11 @@
      * Encode a byte array in Base64 format and return an optionally
      * wrapped line.
      *
-     * @param binaryData <code>byte[]</code> data to be encoded
-     * @param length <code>int<code> length of wrapped lines; No wrapping if less than 4.
-     * @return a <code>String</code> with encoded data
+     * @param binaryData {@code byte[]} data to be encoded
+     * @param length {@code int} length of wrapped lines; No wrapping if less than 4.
+     * @return a {@code String} with encoded data
      */
-    public static final String  encode(byte[] binaryData,int length) {
+    public static final String  encode(byte[] binaryData, int length) {
         if (length < 4) {
             length = Integer.MAX_VALUE;
         }
@@ -381,14 +377,14 @@
             return "";
         }
 
-        long fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
+        long fewerThan24bits = lengthDataBits % ((long) TWENTYFOURBITGROUP);
         int numberTriplets = (int) (lengthDataBits / TWENTYFOURBITGROUP);
         int numberQuartet = fewerThan24bits != 0L ? numberTriplets + 1 : numberTriplets;
         int quartesPerLine = length / 4;
         int numberLines = (numberQuartet - 1) / quartesPerLine;
         char encodedData[] = null;
 
-        encodedData = new char[numberQuartet * 4 + numberLines];
+        encodedData = new char[numberQuartet * 4 + numberLines * 2];
 
         byte k = 0, l = 0, b1 = 0, b2 = 0, b3 = 0;
         int encodedIndex = 0;
@@ -401,8 +397,8 @@
                 b2 = binaryData[dataIndex++];
                 b3 = binaryData[dataIndex++];
 
-                l  = (byte)(b2 & 0x0f);
-                k  = (byte)(b1 & 0x03);
+                l = (byte)(b2 & 0x0f);
+                k = (byte)(b1 & 0x03);
 
                 byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2): (byte)((b1) >> 2 ^ 0xc0);
 
@@ -417,6 +413,7 @@
 
                 i++;
             }
+            encodedData[encodedIndex++] = 0xd;
             encodedData[encodedIndex++] = 0xa;
         }
 
@@ -425,8 +422,8 @@
             b2 = binaryData[dataIndex++];
             b3 = binaryData[dataIndex++];
 
-            l  = (byte)(b2 & 0x0f);
-            k  = (byte)(b1 & 0x03);
+            l = (byte)(b2 & 0x0f);
+            k = (byte)(b1 & 0x03);
 
             byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2) : (byte)((b1) >> 2 ^ 0xc0);
 
@@ -510,7 +507,7 @@
             //should be divisible by four
         }
 
-        int numberQuadruple = (len / FOURBYTE);
+        int numberQuadruple = len / FOURBYTE;
 
         if (numberQuadruple == 0) {
             return new byte[0];
@@ -529,7 +526,7 @@
         //first last bits.
         b1 = base64Alphabet[base64Data[dataIndex++]];
         b2 = base64Alphabet[base64Data[dataIndex++]];
-        if ((b1==-1) || (b2==-1)) {
+        if (b1 == -1 || b2 == -1) {
              //if found "no data" just return null
             throw new Base64DecodingException("decoding.general");
         }
@@ -538,7 +535,7 @@
         byte d3, d4;
         b3 = base64Alphabet[d3 = base64Data[dataIndex++]];
         b4 = base64Alphabet[d4 = base64Data[dataIndex++]];
-        if ((b3 == -1) || (b4 == -1) ) {
+        if (b3 == -1 || b4 == -1) {
             //Check if they are PAD characters
             if (isPad(d3) && isPad(d4)) {               //Two PAD e.g. 3c[Pad][Pad]
                 if ((b2 & 0xf) != 0) { //last 4 bits should be zero
@@ -573,10 +570,7 @@
             b3 = base64Alphabet[base64Data[dataIndex++]];
             b4 = base64Alphabet[base64Data[dataIndex++]];
 
-            if ((b1 == -1) ||
-                (b2 == -1) ||
-                (b3 == -1) ||
-                (b4 == -1)) {
+            if (b1 == -1 || b2 == -1 || b3 == -1 || b4 == -1) {
                 //if found "no data" just return null
                 throw new Base64DecodingException("decoding.general");
             }
@@ -600,7 +594,7 @@
         throws Base64DecodingException, IOException {
         byte[] bytes = new byte[base64Data.length()];
         int len = getBytesInternal(base64Data, bytes);
-        decode(bytes,os,len);
+        decode(bytes, os, len);
     }
 
     /**
@@ -613,7 +607,7 @@
      */
     public static final void decode(byte[] base64Data, OutputStream os)
         throws Base64DecodingException, IOException {
-        decode(base64Data,os,-1);
+        decode(base64Data, os, -1);
     }
 
     protected static final void decode(byte[] base64Data, OutputStream os, int len)
@@ -628,7 +622,7 @@
             //should be divisible by four
         }
 
-        int numberQuadruple = (len / FOURBYTE);
+        int numberQuadruple = len / FOURBYTE;
 
         if (numberQuadruple == 0) {
             return;
@@ -641,28 +635,25 @@
         int dataIndex = 0;
 
         //the begin
-        for (i=numberQuadruple - 1; i > 0; i--) {
+        for (i = numberQuadruple - 1; i > 0; i--) {
             b1 = base64Alphabet[base64Data[dataIndex++]];
             b2 = base64Alphabet[base64Data[dataIndex++]];
             b3 = base64Alphabet[base64Data[dataIndex++]];
             b4 = base64Alphabet[base64Data[dataIndex++]];
-            if ((b1 == -1) ||
-                (b2 == -1) ||
-                (b3 == -1) ||
-                (b4 == -1) ) {
+            if (b1 == -1 || b2 == -1 || b3 == -1 || b4 == -1) {
                 //if found "no data" just return null
                 throw new Base64DecodingException("decoding.general");
             }
 
             os.write((byte)(b1 << 2 | b2 >> 4));
             os.write((byte)(((b2 & 0xf) << 4 ) | ((b3 >> 2) & 0xf)));
-            os.write( (byte)(b3 << 6 | b4));
+            os.write((byte)(b3 << 6 | b4));
         }
         b1 = base64Alphabet[base64Data[dataIndex++]];
         b2 = base64Alphabet[base64Data[dataIndex++]];
 
         //  first last bits.
-        if ((b1 == -1) || (b2 == -1) ) {
+        if (b1 == -1 || b2 == -1) {
             //if found "no data" just return null
             throw new Base64DecodingException("decoding.general");
         }
@@ -670,7 +661,7 @@
         byte d3, d4;
         b3 = base64Alphabet[d3 = base64Data[dataIndex++]];
         b4 = base64Alphabet[d4 = base64Data[dataIndex++]];
-        if ((b3 == -1 ) || (b4 == -1) ) { //Check if they are PAD characters
+        if (b3 == -1 || b4 == -1) { //Check if they are PAD characters
             if (isPad(d3) && isPad(d4)) {               //Two PAD e.g. 3c[Pad][Pad]
                 if ((b2 & 0xf) != 0) { //last 4 bits should be zero
                     throw new Base64DecodingException("decoding.general");
@@ -707,7 +698,7 @@
         //byte decodedData[] = null;
         byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
 
-        int index=0;
+        int index = 0;
         byte[] data = new byte[4];
         int read;
         //the begin
@@ -748,7 +739,7 @@
         b2 = base64Alphabet[d2];
         b3 = base64Alphabet[d3];
         b4 = base64Alphabet[d4];
-        if ((b3 == -1) || (b4 == -1)) { //Check if they are PAD characters
+        if (b3 == -1 || b4 == -1) { //Check if they are PAD characters
             if (isPad(d3) && isPad(d4)) {               //Two PAD e.g. 3c[Pad][Pad]
                 if ((b2 & 0xf) != 0) { //last 4 bits should be zero
                     throw new Base64DecodingException("decoding.general");
@@ -777,7 +768,7 @@
      * remove WhiteSpace from MIME containing encoded Base64 data.
      *
      * @param data  the byte array of base64 data (with WS)
-     * @return      the new length
+     * @return the new length
      */
     protected static final int removeWhiteSpace(byte[] data) {
         if (data == null) {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java
@@ -23,208 +23,22 @@
 
 package com.sun.org.apache.xml.internal.security.utils;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-
 /**
- * This class is extremely useful for loading resources and classes in a fault
+ * This class is extremely useful for loading classes in a fault
  * tolerant manner that works across different applications servers. Do not
  * touch this unless you're a grizzled classloading guru veteran who is going to
  * verify any change on 6 different application servers.
  */
 final class ClassLoaderUtils {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ClassLoaderUtils.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
 
     private ClassLoaderUtils() {
     }
 
     /**
-     * Load a given resource. <p/> This method will try to load the resource
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static URL getResource(String resourceName, Class<?> callingClass) {
-        URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url =
-                Thread.currentThread().getContextClassLoader().getResource(
-                    resourceName.substring(1)
-                );
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (url == null) {
-            url = cluClassloader.getResource(resourceName);
-        }
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url = cluClassloader.getResource(resourceName.substring(1));
-        }
-
-        if (url == null) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                url = cl.getResource(resourceName);
-            }
-        }
-
-        if (url == null) {
-            url = callingClass.getResource(resourceName);
-        }
-
-        if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResource('/' + resourceName, callingClass);
-        }
-
-        return url;
-    }
-
-    /**
-     * Load a given resources. <p/> This method will try to load the resources
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static List<URL> getResources(String resourceName, Class<?> callingClass) {
-        List<URL> ret = new ArrayList<URL>();
-        Enumeration<URL> urls = new Enumeration<URL>() {
-            public boolean hasMoreElements() {
-                return false;
-            }
-            public URL nextElement() {
-                return null;
-            }
-
-        };
-        try {
-            urls = Thread.currentThread().getContextClassLoader().getResources(resourceName);
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            //ignore
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls =
-                    Thread.currentThread().getContextClassLoader().getResources(
-                        resourceName.substring(1)
-                    );
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (!urls.hasMoreElements()) {
-            try {
-                urls = cluClassloader.getResources(resourceName);
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls = cluClassloader.getResources(resourceName.substring(1));
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                try {
-                    urls = cl.getResources(resourceName);
-                } catch (IOException e) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                    }
-                    // ignore
-                }
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            URL url = callingClass.getResource(resourceName);
-            if (url != null) {
-                ret.add(url);
-            }
-        }
-        while (urls.hasMoreElements()) {
-            ret.add(urls.nextElement());
-        }
-
-
-        if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResources('/' + resourceName, callingClass);
-        }
-        return ret;
-    }
-
-
-    /**
-     * This is a convenience method to load a resource as a stream. <p/> The
-     * algorithm used to find the resource is given in getResource()
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static InputStream getResourceAsStream(String resourceName, Class<?> callingClass) {
-        URL url = getResource(resourceName, callingClass);
-
-        try {
-            return (url != null) ? url.openStream() : null;
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            return null;
-        }
-    }
-
-    /**
-     * Load a class with a given name. <p/> It will try to load the class in the
+     * Load a class with a given name. <p></p> It will try to load the class in the
      * following order:
      * <ul>
      * <li>From Thread.currentThread().getContextClassLoader()
@@ -246,9 +60,7 @@
                 return cl.loadClass(className);
             }
         } catch (ClassNotFoundException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
             //ignore
         }
         return loadClass2(className, callingClass);
@@ -268,9 +80,7 @@
                     return callingClass.getClassLoader().loadClass(className);
                 }
             }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             throw ex;
         }
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java
@@ -29,9 +29,8 @@
  * <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg">XML
  * Signature specification</A>.
  *
- * @author $Author: coheigea $
  */
-public class Constants {
+public final class Constants {
 
     /** Field configurationFile */
     public static final String configurationFile = "data/websig.conf";
@@ -41,9 +40,9 @@
 
     /** Field exceptionMessagesResourceBundleDir */
     public static final String exceptionMessagesResourceBundleDir =
-        "com/sun/org/apache/xml/internal/security/resource";
+        "com.sun.org.apache.xml.internal.security/resource";
 
-    /** Field exceptionMessagesResourceBundleBase is the location of the <CODE>ResourceBundle</CODE> */
+    /** Field exceptionMessagesResourceBundleBase is the location of the {@code ResourceBundle} */
     public static final String exceptionMessagesResourceBundleBase =
         exceptionMessagesResourceBundleDir + "/" + "xmlsecurity";
 
@@ -69,6 +68,9 @@
     /** The URL for more algorithms **/
     public static final String MoreAlgorithmsSpecNS = "http://www.w3.org/2001/04/xmldsig-more#";
 
+    /** The (newer) URL for more algorithms **/
+    public static final String XML_DSIG_NS_MORE_07_05 = "http://www.w3.org/2007/05/xmldsig-more#";
+
     /** The URI for XML spec*/
     public static final String XML_LANG_SPACE_SpecNS = "http://www.w3.org/XML/1998/namespace";
 
@@ -197,7 +199,7 @@
     public static final String _TAG_P = "P";
 
     /** Tag of Element Q **/
-    public static final String _TAG_Q   = "Q";
+    public static final String _TAG_Q = "Q";
 
     /** Tag of Element G **/
     public static final String _TAG_G = "G";
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DOMNamespaceContext.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DOMNamespaceContext.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DOMNamespaceContext.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DOMNamespaceContext.java
@@ -25,6 +25,7 @@
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.xml.namespace.NamespaceContext;
 
@@ -37,7 +38,7 @@
  */
 public class DOMNamespaceContext implements NamespaceContext {
 
-    private Map<String, String> namespaceMap = new HashMap<String, String>();
+    private Map<String, String> namespaceMap = new HashMap<>();
 
     public DOMNamespaceContext(Node contextNode) {
         addNamespaces(contextNode);
@@ -48,10 +49,9 @@
     }
 
     public String getPrefix(String arg0) {
-        for (String key : namespaceMap.keySet()) {
-            String value = namespaceMap.get(key);
-            if (value.equals(arg0)) {
-                return key;
+        for (Entry<String, String> entry : namespaceMap.entrySet()) {
+            if (entry.getValue().equals(arg0)) {
+                return entry.getKey();
             }
         }
         return null;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DigesterOutputStream.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DigesterOutputStream.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DigesterOutputStream.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/DigesterOutputStream.java
@@ -27,12 +27,11 @@
 import com.sun.org.apache.xml.internal.security.algorithms.MessageDigestAlgorithm;
 
 /**
- * @author raul
  *
  */
 public class DigesterOutputStream extends ByteArrayOutputStream {
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(DigesterOutputStream.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DigesterOutputStream.class);
 
     final MessageDigestAlgorithm mda;
 
@@ -43,25 +42,25 @@
         this.mda = mda;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public void write(byte[] arg0) {
         write(arg0, 0, arg0.length);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public void write(int arg0) {
         mda.update((byte)arg0);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public void write(byte[] arg0, int arg1, int arg2) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Pre-digested input:");
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Pre-digested input:");
             StringBuilder sb = new StringBuilder(arg2);
             for (int i = arg1; i < (arg1 + arg2); i++) {
                 sb.append((char)arg0[i]);
             }
-            log.log(java.util.logging.Level.FINE, sb.toString());
+            LOG.debug(sb.toString());
         }
         mda.update(arg0, arg1, arg2);
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementChecker.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementChecker.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementChecker.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.utils;
-
-import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**@deprecated*/
-@Deprecated
-public interface ElementChecker {
-    /**
-     * Check that the element is the one expect
-     *
-     * @throws XMLSecurityException
-     */
-    void guaranteeThatElementInCorrectSpace(ElementProxy expected, Element actual)
-        throws XMLSecurityException;
-
-    boolean isNamespaceElement(Node el, String type, String ns);
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementCheckerImpl.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementCheckerImpl.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementCheckerImpl.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.utils;
-
-import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**@deprecated*/
-@Deprecated
-public abstract class ElementCheckerImpl implements ElementChecker {
-
-    public boolean isNamespaceElement(Node el, String type, String ns) {
-        if ((el == null) ||
-            ns != el.getNamespaceURI() || !el.getLocalName().equals(type)){
-            return false;
-        }
-
-        return true;
-    }
-
-    /** A checker for DOM that interns NS */
-    public static class InternedNsChecker extends ElementCheckerImpl {
-        public void guaranteeThatElementInCorrectSpace(
-            ElementProxy expected, Element actual
-        ) throws XMLSecurityException {
-
-            String expectedLocalname = expected.getBaseLocalName();
-            String expectedNamespace = expected.getBaseNamespace();
-
-            String localnameIS = actual.getLocalName();
-            String namespaceIS = actual.getNamespaceURI();
-            if ((expectedNamespace != namespaceIS) ||
-                !expectedLocalname.equals(localnameIS)) {
-                Object exArgs[] = { namespaceIS + ":" + localnameIS,
-                                    expectedNamespace + ":" + expectedLocalname};
-                throw new XMLSecurityException("xml.WrongElement", exArgs);
-            }
-        }
-    }
-
-    /** A checker for DOM that interns NS */
-    public static class FullChecker extends ElementCheckerImpl {
-
-        public void guaranteeThatElementInCorrectSpace(
-            ElementProxy expected, Element actual
-        ) throws XMLSecurityException {
-            String expectedLocalname = expected.getBaseLocalName();
-            String expectedNamespace = expected.getBaseNamespace();
-
-            String localnameIS = actual.getLocalName();
-            String namespaceIS = actual.getNamespaceURI();
-            if ((!expectedNamespace.equals(namespaceIS)) ||
-                !expectedLocalname.equals(localnameIS) ) {
-                Object exArgs[] = { namespaceIS + ":" + localnameIS,
-                                    expectedNamespace + ":" + expectedLocalname};
-                throw new XMLSecurityException("xml.WrongElement", exArgs);
-            }
-        }
-    }
-
-    /** An empty checker if schema checking is used */
-    public static class EmptyChecker extends ElementCheckerImpl {
-        public void guaranteeThatElementInCorrectSpace(
-            ElementProxy expected, Element actual
-        ) throws XMLSecurityException {
-            // empty
-        }
-    }
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
@@ -24,9 +24,9 @@
 
 import java.math.BigInteger;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.Base64;
 import java.util.Map;
 
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
@@ -41,17 +41,19 @@
  */
 public abstract class ElementProxy {
 
-    protected static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ElementProxy.class.getName());
+    protected static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ElementProxy.class);
 
-    /** Field constructionElement */
-    protected Element constructionElement = null;
+    /**
+     * What XML element does this ElementProxy instance wrap?
+     */
+    private Element wrappedElement;
 
     /** Field baseURI */
-    protected String baseURI = null;
+    protected String baseURI;
 
     /** Field doc */
-    protected Document doc = null;
+    private Document wrappedDoc;
 
     /** Field prefixMappings */
     private static Map<String, String> prefixMappings = new ConcurrentHashMap<String, String>();
@@ -73,30 +75,26 @@
             throw new RuntimeException("Document is null");
         }
 
-        this.doc = doc;
-        this.constructionElement =
-            createElementForFamilyLocal(this.doc, this.getBaseNamespace(), this.getBaseLocalName());
+        this.wrappedDoc = doc;
+        this.wrappedElement = createElementForFamilyLocal(this.getBaseNamespace(), this.getBaseLocalName());
     }
 
     /**
      * Constructor ElementProxy
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public ElementProxy(Element element, String BaseURI) throws XMLSecurityException {
+    public ElementProxy(Element element, String baseURI) throws XMLSecurityException {
         if (element == null) {
             throw new XMLSecurityException("ElementProxy.nullElement");
         }
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "setElement(\"" + element.getTagName() + "\", \"" + BaseURI + "\")");
-        }
+        LOG.debug("setElement(\"{}\", \"{}\")", element.getTagName(), baseURI);
 
-        this.doc = element.getOwnerDocument();
-        this.constructionElement = element;
-        this.baseURI = BaseURI;
+        setElement(element);
+        this.baseURI = baseURI;
 
         this.guaranteeThatElementInCorrectSpace();
     }
@@ -117,15 +115,16 @@
 
 
     protected Element createElementForFamilyLocal(
-        Document doc, String namespace, String localName
+        String namespace, String localName
     ) {
+        Document doc = getDocument();
         Element result = null;
         if (namespace == null) {
             result = doc.createElementNS(null, localName);
         } else {
             String baseName = this.getBaseNamespace();
             String prefix = ElementProxy.getDefaultPrefix(baseName);
-            if ((prefix == null) || (prefix.length() == 0)) {
+            if (prefix == null || prefix.length() == 0) {
                 result = doc.createElementNS(namespace, localName);
                 result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", namespace);
             } else {
@@ -141,7 +140,7 @@
      * This method creates an Element in a given namespace with a given localname.
      * It uses the {@link ElementProxy#getDefaultPrefix} method to decide whether
      * a particular prefix is bound to that namespace.
-     * <BR />
+     * <p></p>
      * This method was refactored out of the constructor.
      *
      * @param doc
@@ -156,7 +155,7 @@
         if (namespace == null) {
             result = doc.createElementNS(null, localName);
         } else {
-            if ((prefix == null) || (prefix.length() == 0)) {
+            if (prefix == null || prefix.length() == 0) {
                 result = doc.createElementNS(namespace, localName);
                 result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", namespace);
             } else {
@@ -172,31 +171,27 @@
      * Method setElement
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public void setElement(Element element, String BaseURI) throws XMLSecurityException {
+    public void setElement(Element element, String baseURI) throws XMLSecurityException {
         if (element == null) {
             throw new XMLSecurityException("ElementProxy.nullElement");
         }
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "setElement(" + element.getTagName() + ", \"" + BaseURI + "\"");
-        }
+        LOG.debug("setElement({}, \"{}\")", element.getTagName(), baseURI);
 
-        this.doc = element.getOwnerDocument();
-        this.constructionElement = element;
-        this.baseURI = BaseURI;
+        setElement(element);
+        this.baseURI = baseURI;
     }
 
-
     /**
      * Returns the Element which was constructed by the Object.
      *
      * @return the Element which was constructed by the Object.
      */
     public final Element getElement() {
-        return this.constructionElement;
+        return this.wrappedElement;
     }
 
     /**
@@ -208,20 +203,27 @@
 
         HelperNodeList nl = new HelperNodeList();
 
-        nl.appendChild(this.doc.createTextNode("\n"));
-        nl.appendChild(this.getElement());
-        nl.appendChild(this.doc.createTextNode("\n"));
+        nl.appendChild(createText("\n"));
+        nl.appendChild(getElement());
+        nl.appendChild(createText("\n"));
 
         return nl;
     }
 
+    protected Text createText(String text) {
+        return this.wrappedDoc.createTextNode(text);
+    }
+
     /**
      * Method getDocument
      *
      * @return the Document where this element is contained.
      */
     public Document getDocument() {
-        return this.doc;
+        if (wrappedDoc == null) {
+            wrappedDoc = XMLUtils.getOwnerDocument(wrappedElement);
+        }
+        return wrappedDoc;
     }
 
     /**
@@ -243,8 +245,8 @@
         String expectedLocalName = this.getBaseLocalName();
         String expectedNamespaceUri = this.getBaseNamespace();
 
-        String actualLocalName = this.constructionElement.getLocalName();
-        String actualNamespaceUri = this.constructionElement.getNamespaceURI();
+        String actualLocalName = getElement().getLocalName();
+        String actualNamespaceUri = getElement().getNamespaceURI();
 
         if(!expectedNamespaceUri.equals(actualNamespaceUri)
             && !expectedLocalName.equals(actualLocalName)) {
@@ -262,14 +264,25 @@
      */
     public void addBigIntegerElement(BigInteger bi, String localname) {
         if (bi != null) {
-            Element e = XMLUtils.createElementInSignatureSpace(this.doc, localname);
+            Element e = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
+
+            byte[] bytes = XMLUtils.getBytes(bi, bi.bitLength());
+            String encodedInt = Base64.getMimeEncoder().encodeToString(bytes);
+
+            Document doc = e.getOwnerDocument();
+            Text text = doc.createTextNode(encodedInt);
 
-            Base64.fillElementWithBigInteger(e, bi);
-            this.constructionElement.appendChild(e);
-            XMLUtils.addReturnToElement(this.constructionElement);
+            e.appendChild(text);
+
+            appendSelf(e);
+            addReturnToSelf();
         }
     }
 
+    protected void addReturnToSelf() {
+        XMLUtils.addReturnToElement(getElement());
+    }
+
     /**
      * Method addBase64Element
      *
@@ -278,11 +291,14 @@
      */
     public void addBase64Element(byte[] bytes, String localname) {
         if (bytes != null) {
-            Element e = Base64.encodeToElement(this.doc, localname, bytes);
+            Element el = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
+            Text text = getDocument().createTextNode(Base64.getMimeEncoder().encodeToString(bytes));
 
-            this.constructionElement.appendChild(e);
+            el.appendChild(text);
+
+            appendSelf(el);
             if (!XMLUtils.ignoreLineBreaks()) {
-                this.constructionElement.appendChild(this.doc.createTextNode("\n"));
+                appendSelf(createText("\n"));
             }
         }
     }
@@ -294,12 +310,12 @@
      * @param localname
      */
     public void addTextElement(String text, String localname) {
-        Element e = XMLUtils.createElementInSignatureSpace(this.doc, localname);
-        Text t = this.doc.createTextNode(text);
+        Element e = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
+        Text t = createText(text);
 
-        e.appendChild(t);
-        this.constructionElement.appendChild(e);
-        XMLUtils.addReturnToElement(this.constructionElement);
+        appendOther(e, t);
+        appendSelf(e);
+        addReturnToSelf();
     }
 
     /**
@@ -310,12 +326,24 @@
     public void addBase64Text(byte[] bytes) {
         if (bytes != null) {
             Text t = XMLUtils.ignoreLineBreaks()
-                ? this.doc.createTextNode(Base64.encode(bytes))
-                : this.doc.createTextNode("\n" + Base64.encode(bytes) + "\n");
-            this.constructionElement.appendChild(t);
+                ? createText(Base64.getMimeEncoder().encodeToString(bytes))
+                : createText("\n" + Base64.getMimeEncoder().encodeToString(bytes) + "\n");
+            appendSelf(t);
         }
     }
 
+    protected void appendSelf(ElementProxy toAppend) {
+        getElement().appendChild(toAppend.getElement());
+    }
+
+    protected void appendSelf(Node toAppend) {
+        getElement().appendChild(toAppend);
+    }
+
+    protected void appendOther(Element parent, Node toAppend) {
+        parent.appendChild(toAppend);
+    }
+
     /**
      * Method addText
      *
@@ -323,9 +351,9 @@
      */
     public void addText(String text) {
         if (text != null) {
-            Text t = this.doc.createTextNode(text);
+            Text t = createText(text);
 
-            this.constructionElement.appendChild(t);
+            appendSelf(t);
         }
     }
 
@@ -335,35 +363,15 @@
      * @param localname
      * @param namespace
      * @return The biginteger contained in the given element
-     * @throws Base64DecodingException
      */
     public BigInteger getBigIntegerFromChildElement(
         String localname, String namespace
-    ) throws Base64DecodingException {
-        return Base64.decodeBigIntegerFromText(
+    ) {
+        return new BigInteger(1, Base64.getMimeDecoder().decode(
             XMLUtils.selectNodeText(
-                this.constructionElement.getFirstChild(), namespace, localname, 0
-            )
-        );
-    }
-
-    /**
-     * Method getBytesFromChildElement
-     * @deprecated
-     * @param localname
-     * @param namespace
-     * @return the bytes
-     * @throws XMLSecurityException
-     */
-    @Deprecated
-    public byte[] getBytesFromChildElement(String localname, String namespace)
-        throws XMLSecurityException {
-        Element e =
-            XMLUtils.selectNode(
-                this.constructionElement.getFirstChild(), namespace, localname, 0
-            );
-
-        return Base64.decode(e);
+                getFirstChild(), namespace, localname, 0
+            ).getNodeValue()
+        ));
     }
 
     /**
@@ -375,7 +383,7 @@
      */
     public String getTextFromChildElement(String localname, String namespace) {
         return XMLUtils.selectNode(
-                this.constructionElement.getFirstChild(),
+                getFirstChild(),
                 namespace,
                 localname,
                 0).getTextContent();
@@ -388,7 +396,7 @@
      * @throws XMLSecurityException
      */
     public byte[] getBytesFromTextChild() throws XMLSecurityException {
-        return Base64.decode(XMLUtils.getFullTextChildrenFromElement(this.constructionElement));
+        return Base64.getMimeDecoder().decode(getTextFromTextChild());
     }
 
     /**
@@ -398,7 +406,7 @@
      *    element
      */
     public String getTextFromTextChild() {
-        return XMLUtils.getFullTextChildrenFromElement(this.constructionElement);
+        return XMLUtils.getFullTextChildrenFromElement(getElement());
     }
 
     /**
@@ -410,7 +418,7 @@
      */
     public int length(String namespace, String localname) {
         int number = 0;
-        Node sibling = this.constructionElement.getFirstChild();
+        Node sibling = getFirstChild();
         while (sibling != null) {
             if (localname.equals(sibling.getLocalName())
                 && namespace.equals(sibling.getNamespaceURI())) {
@@ -438,9 +446,9 @@
         throws XMLSecurityException {
         String ns;
 
-        if ((prefix == null) || (prefix.length() == 0)) {
+        if (prefix == null || prefix.length() == 0) {
             throw new XMLSecurityException("defaultNamespaceCannotBeSetHere");
-        } else if (prefix.equals("xmlns")) {
+        } else if ("xmlns".equals(prefix)) {
             throw new XMLSecurityException("defaultNamespaceCannotBeSetHere");
         } else if (prefix.startsWith("xmlns:")) {
             ns = prefix;//"xmlns:" + prefix.substring("xmlns:".length());
@@ -448,18 +456,18 @@
             ns = "xmlns:" + prefix;
         }
 
-        Attr a = this.constructionElement.getAttributeNodeNS(Constants.NamespaceSpecNS, ns);
+        Attr a = getElement().getAttributeNodeNS(Constants.NamespaceSpecNS, ns);
 
         if (a != null) {
             if (!a.getNodeValue().equals(uri)) {
-                Object exArgs[] = { ns, this.constructionElement.getAttributeNS(null, ns) };
+                Object exArgs[] = { ns, getElement().getAttributeNS(null, ns) };
 
                 throw new XMLSecurityException("namespacePrefixAlreadyUsedByOtherURI", exArgs);
             }
             return;
         }
 
-        this.constructionElement.setAttributeNS(Constants.NamespaceSpecNS, ns, uri);
+        getElement().setAttributeNS(Constants.NamespaceSpecNS, ns, uri);
     }
 
     /**
@@ -474,6 +482,11 @@
     public static void setDefaultPrefix(String namespace, String prefix)
         throws XMLSecurityException {
         JavaUtils.checkRegisterPermission();
+        setNamespacePrefix(namespace, prefix);
+    }
+
+    private static void setNamespacePrefix(String namespace, String prefix)
+        throws XMLSecurityException {
         if (prefixMappings.containsValue(prefix)) {
             String storedPrefix = prefixMappings.get(namespace);
             if (!storedPrefix.equals(prefix)) {
@@ -496,14 +509,14 @@
      * This method registers the default prefixes.
      */
     public static void registerDefaultPrefixes() throws XMLSecurityException {
-        setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
-        setDefaultPrefix("http://www.w3.org/2001/04/xmlenc#", "xenc");
-        setDefaultPrefix("http://www.w3.org/2009/xmlenc11#", "xenc11");
-        setDefaultPrefix("http://www.xmlsecurity.org/experimental#", "experimental");
-        setDefaultPrefix("http://www.w3.org/2002/04/xmldsig-filter2", "dsig-xpath-old");
-        setDefaultPrefix("http://www.w3.org/2002/06/xmldsig-filter2", "dsig-xpath");
-        setDefaultPrefix("http://www.w3.org/2001/10/xml-exc-c14n#", "ec");
-        setDefaultPrefix(
+        setNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
+        setNamespacePrefix("http://www.w3.org/2001/04/xmlenc#", "xenc");
+        setNamespacePrefix("http://www.w3.org/2009/xmlenc11#", "xenc11");
+        setNamespacePrefix("http://www.xmlsecurity.org/experimental#", "experimental");
+        setNamespacePrefix("http://www.w3.org/2002/04/xmldsig-filter2", "dsig-xpath-old");
+        setNamespacePrefix("http://www.w3.org/2002/06/xmldsig-filter2", "dsig-xpath");
+        setNamespacePrefix("http://www.w3.org/2001/10/xml-exc-c14n#", "ec");
+        setNamespacePrefix(
             "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx"
         );
     }
@@ -518,4 +531,51 @@
         return prefixMappings.get(namespace);
     }
 
+    /**
+     * New value for the wrapped XML element that this object is a proxy for.
+     *
+     * @param elem  New element
+     *
+     * @see #getElement()
+     */
+    protected void setElement(Element elem) {
+        wrappedElement = elem;
+    }
+
+    /**
+     * Set a new value for the wrapped document that this object is a proxy for.
+     *
+     * @param doc New document object being wrapped.
+     *
+     * @see #getDocument()
+     */
+    protected void setDocument(Document doc) {
+        wrappedDoc = doc;
+    }
+
+    protected String getLocalAttribute(String attrName) {
+        return getElement().getAttributeNS(null, attrName);
+    }
+
+    protected void setLocalAttribute(String attrName, String value) {
+        getElement().setAttributeNS(null, attrName, value);
+    }
+
+    protected void setLocalIdAttribute(String attrName, String value) {
+
+        if (value != null) {
+            Attr attr = getDocument().createAttributeNS(null, attrName);
+            attr.setValue(value);
+            getElement().setAttributeNodeNS(attr);
+            getElement().setIdAttributeNode(attr, true);
+        }
+        else {
+            getElement().removeAttributeNS(null, attrName);
+        }
+    }
+
+    protected Node getFirstChild() {
+        return getElement().getFirstChild();
+    }
+
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionConstants.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionConstants.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionConstants.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionConstants.java
@@ -22,96 +22,7 @@
  */
 package com.sun.org.apache.xml.internal.security.utils;
 
-public class EncryptionConstants {
-    // Attributes that exist in XML Signature in the same way
-    /** Tag of Attr Algorithm **/
-    public static final String _ATT_ALGORITHM              = Constants._ATT_ALGORITHM;
-
-    /** Tag of Attr Id**/
-    public static final String _ATT_ID                     = Constants._ATT_ID;
-
-    /** Tag of Attr Target **/
-    public static final String _ATT_TARGET                 = Constants._ATT_TARGET;
-
-    /** Tag of Attr Type **/
-    public static final String _ATT_TYPE                   = Constants._ATT_TYPE;
-
-    /** Tag of Attr URI **/
-    public static final String _ATT_URI                    = Constants._ATT_URI;
-
-    // Attributes new in XML Encryption
-    /** Tag of Attr encoding **/
-    public static final String _ATT_ENCODING               = "Encoding";
-
-    /** Tag of Attr recipient **/
-    public static final String _ATT_RECIPIENT              = "Recipient";
-
-    /** Tag of Attr mimetype **/
-    public static final String _ATT_MIMETYPE               = "MimeType";
-
-    /** Tag of Element CarriedKeyName **/
-    public static final String _TAG_CARRIEDKEYNAME         = "CarriedKeyName";
-
-    /** Tag of Element CipherData **/
-    public static final String _TAG_CIPHERDATA             = "CipherData";
-
-    /** Tag of Element CipherReference **/
-    public static final String _TAG_CIPHERREFERENCE        = "CipherReference";
-
-    /** Tag of Element CipherValue **/
-    public static final String _TAG_CIPHERVALUE            = "CipherValue";
-
-    /** Tag of Element DataReference **/
-    public static final String _TAG_DATAREFERENCE          = "DataReference";
-
-    /** Tag of Element EncryptedData **/
-    public static final String _TAG_ENCRYPTEDDATA          = "EncryptedData";
-
-    /** Tag of Element EncryptedKey **/
-    public static final String _TAG_ENCRYPTEDKEY           = "EncryptedKey";
-
-    /** Tag of Element EncryptionMethod **/
-    public static final String _TAG_ENCRYPTIONMETHOD       = "EncryptionMethod";
-
-    /** Tag of Element EncryptionProperties **/
-    public static final String _TAG_ENCRYPTIONPROPERTIES   = "EncryptionProperties";
-
-    /** Tag of Element EncryptionProperty **/
-    public static final String _TAG_ENCRYPTIONPROPERTY     = "EncryptionProperty";
-
-    /** Tag of Element KeyReference **/
-    public static final String _TAG_KEYREFERENCE           = "KeyReference";
-
-    /** Tag of Element KeySize **/
-    public static final String _TAG_KEYSIZE                = "KeySize";
-
-    /** Tag of Element OAEPparams **/
-    public static final String _TAG_OAEPPARAMS             = "OAEPparams";
-
-    /** Tag of Element MGF **/
-    public static final String _TAG_MGF                    = "MGF";
-
-    /** Tag of Element ReferenceList **/
-    public static final String _TAG_REFERENCELIST          = "ReferenceList";
-
-    /** Tag of Element Transforms **/
-    public static final String _TAG_TRANSFORMS             = "Transforms";
-
-    /** Tag of Element AgreementMethod **/
-    public static final String _TAG_AGREEMENTMETHOD        = "AgreementMethod";
-
-    /** Tag of Element KA-Nonce **/
-    public static final String _TAG_KA_NONCE               = "KA-Nonce";
-
-    /** Tag of Element OriginatorKeyInfo **/
-    public static final String _TAG_ORIGINATORKEYINFO      = "OriginatorKeyInfo";
-
-    /** Tag of Element RecipientKeyInfo **/
-    public static final String _TAG_RECIPIENTKEYINFO       = "RecipientKeyInfo";
-
-    /** Field ENCRYPTIONSPECIFICATION_URL */
-    public static final String ENCRYPTIONSPECIFICATION_URL =
-        "http://www.w3.org/TR/2001/WD-xmlenc-core-20010626/";
+public final class EncryptionConstants {
 
     /** The namespace of the
      * <A HREF="http://www.w3.org/TR/2001/WD-xmlenc-core-20010626/">
@@ -119,119 +30,6 @@
     public static final String EncryptionSpecNS =
         "http://www.w3.org/2001/04/xmlenc#";
 
-    /**
-     * The namespace of the XML Encryption 1.1 specification
-     */
-    public static final String EncryptionSpec11NS =
-        "http://www.w3.org/2009/xmlenc11#";
-
-    /** URI for content*/
-    public static final String TYPE_CONTENT                = EncryptionSpecNS + "Content";
-
-    /** URI for element*/
-    public static final String TYPE_ELEMENT                = EncryptionSpecNS + "Element";
-
-    /** URI for mediatype*/
-    public static final String TYPE_MEDIATYPE              =
-        "http://www.isi.edu/in-notes/iana/assignments/media-types/";
-
-    /** Block Encryption - REQUIRED TRIPLEDES */
-    public static final String ALGO_ID_BLOCKCIPHER_TRIPLEDES =
-        EncryptionConstants.EncryptionSpecNS + "tripledes-cbc";
-
-    /** Block Encryption - REQUIRED AES-128 */
-    public static final String ALGO_ID_BLOCKCIPHER_AES128 =
-        EncryptionConstants.EncryptionSpecNS + "aes128-cbc";
-
-    /** Block Encryption - REQUIRED AES-256 */
-    public static final String ALGO_ID_BLOCKCIPHER_AES256 =
-        EncryptionConstants.EncryptionSpecNS + "aes256-cbc";
-
-    /** Block Encryption - OPTIONAL AES-192 */
-    public static final String ALGO_ID_BLOCKCIPHER_AES192 =
-        EncryptionConstants.EncryptionSpecNS + "aes192-cbc";
-
-    /** Block Encryption - OPTIONAL AES-128-GCM */
-    public static final String ALGO_ID_BLOCKCIPHER_AES128_GCM =
-        "http://www.w3.org/2009/xmlenc11#aes128-gcm";
-
-    /** Block Encryption - OPTIONAL AES-192-GCM */
-    public static final String ALGO_ID_BLOCKCIPHER_AES192_GCM =
-        "http://www.w3.org/2009/xmlenc11#aes192-gcm";
-
-    /** Block Encryption - OPTIONAL AES-256-GCM */
-    public static final String ALGO_ID_BLOCKCIPHER_AES256_GCM =
-        "http://www.w3.org/2009/xmlenc11#aes256-gcm";
-
-    /** Key Transport - REQUIRED RSA-v1.5*/
-    public static final String ALGO_ID_KEYTRANSPORT_RSA15 =
-        EncryptionConstants.EncryptionSpecNS + "rsa-1_5";
-
-    /** Key Transport - REQUIRED RSA-OAEP */
-    public static final String ALGO_ID_KEYTRANSPORT_RSAOAEP =
-        EncryptionConstants.EncryptionSpecNS + "rsa-oaep-mgf1p";
-
-    /** Key Transport - OPTIONAL RSA-OAEP_11 */
-    public static final String ALGO_ID_KEYTRANSPORT_RSAOAEP_11 =
-        EncryptionConstants.EncryptionSpec11NS + "rsa-oaep";
-
-    /** Key Agreement - OPTIONAL Diffie-Hellman */
-    public static final String ALGO_ID_KEYAGREEMENT_DH =
-        EncryptionConstants.EncryptionSpecNS + "dh";
-
-    /** Symmetric Key Wrap - REQUIRED TRIPLEDES KeyWrap */
-    public static final String ALGO_ID_KEYWRAP_TRIPLEDES =
-        EncryptionConstants.EncryptionSpecNS + "kw-tripledes";
-
-    /** Symmetric Key Wrap - REQUIRED AES-128 KeyWrap */
-    public static final String ALGO_ID_KEYWRAP_AES128 =
-        EncryptionConstants.EncryptionSpecNS + "kw-aes128";
-
-    /** Symmetric Key Wrap - REQUIRED AES-256 KeyWrap */
-    public static final String ALGO_ID_KEYWRAP_AES256 =
-        EncryptionConstants.EncryptionSpecNS + "kw-aes256";
-
-    /** Symmetric Key Wrap - OPTIONAL AES-192 KeyWrap */
-    public static final String ALGO_ID_KEYWRAP_AES192 =
-        EncryptionConstants.EncryptionSpecNS + "kw-aes192";
-
-    /** Message Authentication - RECOMMENDED XML Digital Signature */
-    public static final String ALGO_ID_AUTHENTICATION_XMLSIGNATURE =
-        "http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/";
-
-    /** Canonicalization - OPTIONAL Canonical XML with Comments */
-    public static final String ALGO_ID_C14N_WITHCOMMENTS =
-        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
-
-    /** Canonicalization - OPTIONAL Canonical XML (omits comments) */
-    public static final String ALGO_ID_C14N_OMITCOMMENTS =
-        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
-
-    /** Encoding - REQUIRED base64 */
-    public static final String ALGO_ID_ENCODING_BASE64 =
-        "http://www.w3.org/2000/09/xmldsig#base64";
-
-    /** MGF1 with SHA-1 */
-    public static final String MGF1_SHA1 =
-        EncryptionConstants.EncryptionSpec11NS + "mgf1sha1";
-
-    /** MGF1 with SHA-224 */
-    public static final String MGF1_SHA224 =
-        EncryptionConstants.EncryptionSpec11NS + "mgf1sha224";
-
-    /** MGF1 with SHA-256 */
-    public static final String MGF1_SHA256 =
-        EncryptionConstants.EncryptionSpec11NS + "mgf1sha256";
-
-    /** MGF1 with SHA-384 */
-    public static final String MGF1_SHA384 =
-        EncryptionConstants.EncryptionSpec11NS + "mgf1sha384";
-
-    /** MGF1 with SHA-512 */
-    public static final String MGF1_SHA512 =
-        EncryptionConstants.EncryptionSpec11NS + "mgf1sha512";
-
-
     private EncryptionConstants() {
         // we don't allow instantiation
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionElementProxy.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionElementProxy.java
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionElementProxy.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.utils;
-
-
-import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * This is the base object for all objects which map directly to an Element from
- * the xenc spec.
- *
- * @author $Author: coheigea $
- */
-public abstract class EncryptionElementProxy extends ElementProxy {
-
-    /**
-     * Constructor EncryptionElementProxy
-     *
-     * @param doc
-     */
-    public EncryptionElementProxy(Document doc) {
-        super(doc);
-    }
-
-    /**
-     * Constructor EncryptionElementProxy
-     *
-     * @param element
-     * @param BaseURI
-     * @throws XMLSecurityException
-     */
-    public EncryptionElementProxy(Element element, String BaseURI)
-        throws XMLSecurityException {
-        super(element, BaseURI);
-    }
-
-    /** @inheritDoc */
-    public final String getBaseNamespace() {
-        return EncryptionConstants.EncryptionSpecNS;
-    }
-}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/HelperNodeList.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/HelperNodeList.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/HelperNodeList.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/HelperNodeList.java
@@ -30,12 +30,11 @@
 import org.w3c.dom.NodeList;
 
 /**
- * @author Christian Geuer-Pollmann
  */
 public class HelperNodeList implements NodeList {
 
     /** Field nodes */
-    List<Node> nodes = new ArrayList<Node>();
+    List<Node> nodes = new ArrayList<>();
     boolean allNodesMustHaveSameParent = false;
 
     /**
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/I18n.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/I18n.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/I18n.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/I18n.java
@@ -29,7 +29,6 @@
 /**
  * The Internationalization (I18N) pack.
  *
- * @author Christian Geuer-Pollmann
  */
 public class I18n {
 
@@ -57,13 +56,13 @@
      * Method translate
      *
      * translates a message ID into an internationalized String, see alse
-     * <CODE>XMLSecurityException.getExceptionMEssage()</CODE>. The strings are
-     * stored in the <CODE>ResourceBundle</CODE>, which is identified in
-     * <CODE>exceptionMessagesResourceBundleBase</CODE>
+     * {@code XMLSecurityException.getExceptionMEssage()}. The strings are
+     * stored in the {@code ResourceBundle}, which is identified in
+     * {@code exceptionMessagesResourceBundleBase}
      *
      * @param message
-     * @param args is an <CODE>Object[]</CODE> array of strings which are inserted into
-     * the String which is retrieved from the <CODE>ResouceBundle</CODE>
+     * @param args is an {@code Object[]} array of strings which are inserted into
+     * the String which is retrieved from the {@code ResouceBundle}
      * @return message translated
      */
     public static String translate(String message, Object[] args) {
@@ -74,7 +73,7 @@
      * Method translate
      *
      * translates a message ID into an internationalized String, see also
-     * <CODE>XMLSecurityException.getExceptionMessage()</CODE>
+     * {@code XMLSecurityException.getExceptionMessage()}
      *
      * @param message
      * @return message translated
@@ -153,7 +152,7 @@
      * @param languageCode
      * @param countryCode
      */
-    public synchronized static void init(String languageCode, String countryCode) {
+    public static synchronized void init(String languageCode, String countryCode) {
         if (alreadyInitialized) {
             return;
         }
@@ -165,4 +164,17 @@
             );
         alreadyInitialized = true;
     }
+
+    /**
+     * Method init
+     * @param resourceBundle
+     */
+    public static synchronized void init(ResourceBundle resourceBundle) {
+        if (alreadyInitialized) {
+            return;
+        }
+
+        I18n.resourceBundle = resourceBundle;
+        alreadyInitialized = true;
+    }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java
@@ -27,41 +27,33 @@
 import org.xml.sax.SAXParseException;
 
 /**
- * This {@link org.xml.sax.ErrorHandler} does absolutely nothing but log
+ * This {@link org.xml.sax.ErrorHandler} does absolutely nothing but LOG
  * the events.
  *
- * @author Christian Geuer-Pollmann
  */
 public class IgnoreAllErrorHandler implements ErrorHandler {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(IgnoreAllErrorHandler.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(IgnoreAllErrorHandler.class);
 
     /** Field throwExceptions */
-    private static final boolean warnOnExceptions = getProperty(
-            "com.sun.org.apache.xml.internal.security.test.warn.on.exceptions");
+    private static final boolean warnOnExceptions =
+        getProperty("com.sun.org.apache.xml.internal.security.test.warn.on.exceptions");
 
     /** Field throwExceptions           */
-    private static final boolean throwExceptions = getProperty(
-            "com.sun.org.apache.xml.internal.security.test.throw.exceptions");
+    private static final boolean throwExceptions =
+        getProperty("com.sun.org.apache.xml.internal.security.test.throw.exceptions");
 
-    private static boolean getProperty(String name) {
+    private static boolean getProperty(final String name) {
         return java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<Boolean>() {
-
-                    @Override
-                    public Boolean run() {
-                        return Boolean.getBoolean(name);
-                    }
-                });
+            (java.security.PrivilegedAction<Boolean>) () -> Boolean.getBoolean(name));
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     @Override
     public void warning(SAXParseException ex) throws SAXException {
         if (IgnoreAllErrorHandler.warnOnExceptions) {
-            log.log(java.util.logging.Level.WARNING, "", ex);
+            LOG.warn("", ex);
         }
         if (IgnoreAllErrorHandler.throwExceptions) {
             throw ex;
@@ -69,11 +61,11 @@
     }
 
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     @Override
     public void error(SAXParseException ex) throws SAXException {
         if (IgnoreAllErrorHandler.warnOnExceptions) {
-            log.log(java.util.logging.Level.SEVERE, "", ex);
+            LOG.error("", ex);
         }
         if (IgnoreAllErrorHandler.throwExceptions) {
             throw ex;
@@ -81,11 +73,11 @@
     }
 
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     @Override
     public void fatalError(SAXParseException ex) throws SAXException {
         if (IgnoreAllErrorHandler.warnOnExceptions) {
-            log.log(java.util.logging.Level.WARNING, "", ex);
+            LOG.warn("", ex);
         }
         if (IgnoreAllErrorHandler.throwExceptions) {
             throw ex;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JDKXPathAPI.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JDKXPathAPI.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JDKXPathAPI.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JDKXPathAPI.java
@@ -66,7 +66,7 @@
                 try {
                     xpf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
                 } catch (XPathFactoryConfigurationException ex) {
-                    throw new TransformerException("empty", ex);
+                    throw new TransformerException(ex);
                 }
             }
             XPath xpath = xpf.newXPath();
@@ -75,13 +75,13 @@
             try {
                 xpathExpression = xpath.compile(xpathStr);
             } catch (XPathExpressionException ex) {
-                throw new TransformerException("empty", ex);
+                throw new TransformerException(ex);
             }
         }
         try {
             return (NodeList)xpathExpression.evaluate(contextNode, XPathConstants.NODESET);
         } catch (XPathExpressionException ex) {
-            throw new TransformerException("empty", ex);
+            throw new TransformerException(ex);
         }
     }
 
@@ -100,7 +100,7 @@
                 try {
                     xpf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
                 } catch (XPathFactoryConfigurationException ex) {
-                    throw new TransformerException("empty", ex);
+                    throw new TransformerException(ex);
                 }
             }
             XPath xpath = xpf.newXPath();
@@ -109,14 +109,13 @@
             try {
                 xpathExpression = xpath.compile(xpathStr);
             } catch (XPathExpressionException ex) {
-                throw new TransformerException("empty", ex);
+                throw new TransformerException(ex);
             }
         }
         try {
-            Boolean result = (Boolean)xpathExpression.evaluate(contextNode, XPathConstants.BOOLEAN);
-            return result.booleanValue();
+            return (Boolean)xpathExpression.evaluate(contextNode, XPathConstants.BOOLEAN);
         } catch (XPathExpressionException ex) {
-            throw new TransformerException("empty", ex);
+            throw new TransformerException(ex);
         }
     }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java
@@ -22,27 +22,24 @@
  */
 package com.sun.org.apache.xml.internal.security.utils;
 
-import java.io.File;
-import java.io.FileInputStream;
 import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.SecurityPermission;
 
 /**
  * A collection of different, general-purpose methods for JAVA-specific things
- * @author Christian Geuer-Pollmann
  */
-public class JavaUtils {
+public final class JavaUtils {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(JavaUtils.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(JavaUtils.class);
 
     private static final SecurityPermission REGISTER_PERMISSION =
-        new SecurityPermission(
-            "com.sun.org.apache.xml.internal.security.register");
+        new SecurityPermission("com.sun.org.apache.xml.internal.security.register");
 
     private JavaUtils() {
         // we don't allow instantiation
@@ -62,26 +59,16 @@
 
         byte refBytes[] = null;
 
-        FileInputStream fisRef = null;
-        UnsyncByteArrayOutputStream baos = null;
-        try {
-            fisRef = new FileInputStream(fileName);
-            baos = new UnsyncByteArrayOutputStream();
+        try (InputStream inputStream = Files.newInputStream(Paths.get(fileName));
+            UnsyncByteArrayOutputStream baos = new UnsyncByteArrayOutputStream()) {
             byte buf[] = new byte[1024];
             int len;
 
-            while ((len = fisRef.read(buf)) > 0) {
+            while ((len = inputStream.read(buf)) > 0) {
                 baos.write(buf, 0, len);
             }
 
             refBytes = baos.toByteArray();
-        } finally {
-            if (baos != null) {
-                baos.close();
-            }
-            if (fisRef != null) {
-                fisRef.close();
-            }
         }
 
         return refBytes;
@@ -94,30 +81,14 @@
      * @param bytes
      */
     public static void writeBytesToFilename(String filename, byte[] bytes) {
-        FileOutputStream fos = null;
-        try {
-            if (filename != null && bytes != null) {
-                File f = new File(filename);
-
-                fos = new FileOutputStream(f);
-
-                fos.write(bytes);
-                fos.close();
-            } else {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "writeBytesToFilename got null byte[] pointed");
-                }
+        if (filename != null && bytes != null) {
+            try (OutputStream outputStream = Files.newOutputStream(Paths.get(filename))) {
+                outputStream.write(bytes);
+            } catch (IOException ex) {
+                LOG.debug(ex.getMessage(), ex);
             }
-        } catch (IOException ex) {
-            if (fos != null) {
-                try {
-                    fos.close();
-                } catch (IOException ioe) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, ioe.getMessage(), ioe);
-                    }
-                }
-            }
+        } else {
+            LOG.debug("writeBytesToFilename got null byte[] pointed");
         }
     }
 
@@ -132,29 +103,20 @@
      * @throws IOException
      */
     public static byte[] getBytesFromStream(InputStream inputStream) throws IOException {
-        UnsyncByteArrayOutputStream baos = null;
-
-        byte[] retBytes = null;
-        try {
-            baos = new UnsyncByteArrayOutputStream();
+        try (UnsyncByteArrayOutputStream baos = new UnsyncByteArrayOutputStream()) {
             byte buf[] = new byte[4 * 1024];
             int len;
-
             while ((len = inputStream.read(buf)) > 0) {
                 baos.write(buf, 0, len);
             }
-            retBytes = baos.toByteArray();
-        } finally {
-            baos.close();
+            return baos.toByteArray();
         }
-
-        return retBytes;
     }
 
     /**
      * Converts an ASN.1 DSA value to a XML Signature DSA Value.
      *
-     * The JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * The JCE DSA Signature algorithm creates ASN.1 encoded (r, s) value
      * pairs (see section 2.2.2 of RFC 3279); the XML Signature requires the
      * core BigInteger values.
      *
@@ -174,12 +136,11 @@
 
         byte rLength = asn1Bytes[3];
         int i;
-        for (i = rLength; i > 0 && asn1Bytes[4 + rLength - i] == 0; i--);
+        for (i = rLength; i > 0 && asn1Bytes[4 + rLength - i] == 0; i--); //NOPMD
 
         byte sLength = asn1Bytes[5 + rLength];
         int j;
-        for (j = sLength;
-             j > 0 && asn1Bytes[6 + rLength + sLength - j] == 0; j--);
+        for (j = sLength; j > 0 && asn1Bytes[6 + rLength + sLength - j] == 0; j--); //NOPMD
 
         if (i > size || asn1Bytes[4 + rLength] != 2 || j > size) {
             throw new IOException("Invalid ASN.1 format of DSA signature");
@@ -196,7 +157,7 @@
     /**
      * Converts an XML Signature DSA Value to a ASN.1 DSA value.
      *
-     * The JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * The JCE DSA Signature algorithm creates ASN.1 encoded (r, s) value
      * pairs (see section 2.2.2 of RFC 3279); the XML Signature requires the
      * core BigInteger values.
      *
@@ -215,7 +176,7 @@
         }
 
         int i;
-        for (i = size; i > 0 && xmldsigBytes[size - i] == 0; i--);
+        for (i = size; i > 0 && xmldsigBytes[size - i] == 0; i--); //NOPMD
 
         int j = i;
         if (xmldsigBytes[size - i] < 0) {
@@ -223,7 +184,7 @@
         }
 
         int k;
-        for (k = size; k > 0 && xmldsigBytes[totalSize - k] == 0; k--);
+        for (k = size; k > 0 && xmldsigBytes[totalSize - k] == 0; k--); //NOPMD
 
         int l = k;
         if (xmldsigBytes[totalSize - k] < 0) {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/RFC2253Parser.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/RFC2253Parser.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/RFC2253Parser.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/RFC2253Parser.java
@@ -72,7 +72,7 @@
      */
     public static String normalize(String dn, boolean toXml) {
         //if empty string
-        if ((dn == null) || dn.equals("")) {
+        if (dn == null || dn.equals("")) {
             return "";
         }
 
@@ -87,8 +87,8 @@
             for (int j = 0; (k = DN.indexOf(',', j)) >= 0; j = k + 1) {
                 l += countQuotes(DN, j, k);
 
-                if ((k > 0) && (DN.charAt(k - 1) != '\\') && (l % 2) == 0) {
-                    sb.append(parseRDN(DN.substring(i, k).trim(), toXml) + ",");
+                if (k > 0 && DN.charAt(k - 1) != '\\' && (l % 2) == 0) {
+                    sb.append(parseRDN(DN.substring(i, k).trim(), toXml)).append(",");
 
                     i = k + 1;
                     l = 0;
@@ -120,8 +120,8 @@
         for (int j = 0; (k = str.indexOf('+', j)) >= 0; j = k + 1) {
             l += countQuotes(str, j, k);
 
-            if ((k > 0) && (str.charAt(k - 1) != '\\') && (l % 2) == 0) {
-                sb.append(parseATAV(trim(str.substring(i, k)), toXml) + "+");
+            if (k > 0 && str.charAt(k - 1) != '\\' && (l % 2) == 0) {
+                sb.append(parseATAV(trim(str.substring(i, k)), toXml)).append("+");
 
                 i = k + 1;
                 l = 0;
@@ -144,7 +144,7 @@
     static String parseATAV(String str, boolean toXml) throws IOException {
         int i = str.indexOf('=');
 
-        if ((i == -1) || ((i > 0) && (str.charAt(i - 1) == '\\'))) {
+        if (i == -1 || i > 0 && str.charAt(i - 1) == '\\') {
             return str;
         }
         String attrType = normalizeAT(str.substring(0, i));
@@ -198,8 +198,8 @@
                 c = (char) i;
 
                 //the following char is defined at 4.Relationship with RFC1779 and LDAPv2 inrfc2253
-                if ((c == ',') || (c == '=') || (c == '+') || (c == '<')
-                    || (c == '>') || (c == '#') || (c == ';')) {
+                if (c == ',' || c == '=' || c == '+' || c == '<'
+                    || c == '>' || c == '#' || c == ';') {
                     sb.append('\\');
                 }
 
@@ -277,10 +277,10 @@
                 char c2 = (char) sr.read();
 
                 //65 (A) 97 (a)
-                if ((((c1 >= 48) && (c1 <= 57)) || ((c1 >= 65) && (c1 <= 70)) || ((c1 >= 97) && (c1 <= 102)))
-                    && (((c2 >= 48) && (c2 <= 57))
-                        || ((c2 >= 65) && (c2 <= 70))
-                        || ((c2 >= 97) && (c2 <= 102)))) {
+                if ((c1 >= 48 && c1 <= 57 || c1 >= 65 && c1 <= 70 || c1 >= 97 && c1 <= 102)
+                    && (c2 >= 48 && c2 <= 57
+                        || c2 >= 65 && c2 <= 70
+                        || c2 >= 97 && c2 <= 102)) {
                     char ch = (char) Byte.parseByte("" + c1 + c2, 16);
 
                     sb.append(ch);
@@ -417,7 +417,7 @@
         for (int j = 0; (k = str.indexOf(symbol, j)) >= 0; j = k + 1) {
             l += countQuotes(str, j, k);
 
-            if ((k > 0) && (str.charAt(k - 1) != '\\') && (l % 2) == 0) {
+            if (k > 0 && str.charAt(k - 1) != '\\' && (l % 2) == 0) {
                 sb.append(trim(str.substring(i, k)) + replace);
 
                 i = k + 1;
@@ -463,8 +463,8 @@
         String trimed = str.trim();
         int i = str.indexOf(trimed) + trimed.length();
 
-        if ((str.length() > i) && trimed.endsWith("\\")
-            && !trimed.endsWith("\\\\") && (str.charAt(i) == ' ')) {
+        if (str.length() > i && trimed.endsWith("\\")
+            && !trimed.endsWith("\\\\") && str.charAt(i) == ' ') {
             trimed = trimed + " ";
         }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java
@@ -29,12 +29,11 @@
 /**
  * Class SignatureElementProxy
  *
- * @author Brent Putman (putmanb@georgetown.edu)
  */
 public abstract class Signature11ElementProxy extends ElementProxy {
 
     protected Signature11ElementProxy() {
-    };
+    }
 
     /**
      * Constructor Signature11ElementProxy
@@ -46,24 +45,23 @@
             throw new RuntimeException("Document is null");
         }
 
-        this.doc = doc;
-        this.constructionElement =
-            XMLUtils.createElementInSignature11Space(this.doc, this.getBaseLocalName());
+        setDocument(doc);
+        setElement(XMLUtils.createElementInSignature11Space(doc, this.getBaseLocalName()));
     }
 
     /**
      * Constructor Signature11ElementProxy
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public Signature11ElementProxy(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public Signature11ElementProxy(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
 
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseNamespace() {
         return Constants.SignatureSpec11NS;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignatureElementProxy.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignatureElementProxy.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignatureElementProxy.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignatureElementProxy.java
@@ -29,12 +29,11 @@
 /**
  * Class SignatureElementProxy
  *
- * @author $Author: coheigea $
  */
 public abstract class SignatureElementProxy extends ElementProxy {
 
     protected SignatureElementProxy() {
-    };
+    }
 
     /**
      * Constructor SignatureElementProxy
@@ -46,24 +45,24 @@
             throw new RuntimeException("Document is null");
         }
 
-        this.doc = doc;
-        this.constructionElement =
-            XMLUtils.createElementInSignatureSpace(this.doc, this.getBaseLocalName());
+        setDocument(doc);
+        setElement(XMLUtils.createElementInSignatureSpace(doc,
+                this.getBaseLocalName()));
     }
 
     /**
      * Constructor SignatureElementProxy
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public SignatureElementProxy(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public SignatureElementProxy(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
 
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseNamespace() {
         return Constants.SignatureSpecNS;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignerOutputStream.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignerOutputStream.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignerOutputStream.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/SignerOutputStream.java
@@ -28,12 +28,11 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 
 /**
- * @author raul
  *
  */
 public class SignerOutputStream extends ByteArrayOutputStream {
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignerOutputStream.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignerOutputStream.class);
 
     final SignatureAlgorithm sa;
 
@@ -44,7 +43,7 @@
         this.sa = sa;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public void write(byte[] arg0)  {
         try {
             sa.update(arg0);
@@ -53,7 +52,7 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public void write(int arg0) {
         try {
             sa.update((byte)arg0);
@@ -62,15 +61,15 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public void write(byte[] arg0, int arg1, int arg2) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Canonicalized SignedInfo:");
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Canonicalized SignedInfo:");
             StringBuilder sb = new StringBuilder(arg2);
             for (int i = arg1; i < (arg1 + arg2); i++) {
                 sb.append((char)arg0[i]);
             }
-            log.log(java.util.logging.Level.FINE, sb.toString());
+            LOG.debug(sb.toString());
         }
         try {
             sa.update(arg0, arg1, arg2);
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncBufferedOutputStream.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncBufferedOutputStream.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncBufferedOutputStream.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncBufferedOutputStream.java
@@ -2,97 +2,84 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
  */
+
 package com.sun.org.apache.xml.internal.security.utils;
 
+import java.io.FilterOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
 
-/**
- * A class that buffers without synchronizing its methods
- * @author raul
- */
-public class UnsyncBufferedOutputStream extends OutputStream {
-    static final int size = 8*1024;
-
-    private int pointer = 0;
-    private final OutputStream out;
-
-    private final byte[] buf;
+public class UnsyncBufferedOutputStream extends FilterOutputStream {
 
-    /**
-     * Creates a buffered output stream without synchronization
-     * @param out the outputstream to buffer
-     */
+    protected byte[] buffer;
+    protected int count;
+
     public UnsyncBufferedOutputStream(OutputStream out) {
-        buf = new byte[size];
-        this.out = out;
-    }
-
-    /** @inheritDoc */
-    public void write(byte[] arg0) throws IOException {
-        write(arg0, 0, arg0.length);
+        super(out);
+        buffer = new byte[8192];
     }
 
-    /** @inheritDoc */
-    public void write(byte[] arg0, int arg1, int len) throws IOException {
-        int newLen = pointer+len;
-        if (newLen > size) {
-            flushBuffer();
-            if (len > size) {
-                out.write(arg0, arg1,len);
-                return;
-            }
-            newLen = len;
+    public UnsyncBufferedOutputStream(OutputStream out, int size) {
+        super(out);
+        if (size <= 0) {
+            throw new IllegalArgumentException("size must be > 0");
         }
-        System.arraycopy(arg0, arg1, buf, pointer, len);
-        pointer = newLen;
+        buffer = new byte[size];
     }
 
-    private void flushBuffer() throws IOException {
-        if (pointer > 0) {
-            out.write(buf, 0, pointer);
-        }
-        pointer = 0;
-
-    }
-
-    /** @inheritDoc */
-    public void write(int arg0) throws IOException {
-        if (pointer >= size) {
-            flushBuffer();
-        }
-        buf[pointer++] = (byte)arg0;
-
-    }
-
-    /** @inheritDoc */
+    @Override
     public void flush() throws IOException {
-        flushBuffer();
+        flushInternal();
         out.flush();
     }
 
-    /** @inheritDoc */
-    public void close() throws IOException {
-        flush();
-        out.close();
+    @Override
+    public void write(byte[] bytes, int offset, int length) throws IOException {
+        if (length >= buffer.length) {
+            flushInternal();
+            out.write(bytes, offset, length);
+            return;
+        }
+
+        // flush the internal buffer first if we have not enough space left
+        if (length >= (buffer.length - count)) {
+            flushInternal();
+        }
+
+        // the length is always less than (internalBuffer.length - count) here so arraycopy is safe
+        System.arraycopy(bytes, offset, buffer, count, length);
+        count += length;
     }
 
+    @Override
+    public void write(int oneByte) throws IOException {
+        if (count == buffer.length) {
+            out.write(buffer, 0, count);
+            count = 0;
+        }
+        buffer[count++] = (byte) oneByte;
+    }
+
+    private void flushInternal() throws IOException {
+        if (count > 0) {
+            out.write(buffer, 0, count);
+            count = 0;
+        }
+    }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java
@@ -22,27 +22,30 @@
  */
 package com.sun.org.apache.xml.internal.security.utils;
 
+import java.io.IOException;
 import java.io.OutputStream;
 
 /**
  * A simple Unsynced ByteArrayOutputStream
- * @author raul
  *
  */
 public class UnsyncByteArrayOutputStream extends OutputStream  {
 
+    // Maximum array size. Using same value as ArrayList in OpenJDK.
+    // Integer.MAX_VALUE doesn't work on some VMs, as some header values are reserved
+    private static final int VM_ARRAY_INDEX_MAX_VALUE = Integer.MAX_VALUE - 8;
     private static final int INITIAL_SIZE = 8192;
 
     private byte[] buf;
     private int size = INITIAL_SIZE;
-    private int pos = 0;
+    private int pos;
 
     public UnsyncByteArrayOutputStream() {
         buf = new byte[INITIAL_SIZE];
     }
 
     public void write(byte[] arg0) {
-        if ((Integer.MAX_VALUE - pos) < arg0.length) {
+        if ((VM_ARRAY_INDEX_MAX_VALUE - pos) < arg0.length) {
             throw new OutOfMemoryError();
         }
         int newPos = pos + arg0.length;
@@ -54,7 +57,7 @@
     }
 
     public void write(byte[] arg0, int arg1, int arg2) {
-        if ((Integer.MAX_VALUE - pos) < arg2) {
+        if ((VM_ARRAY_INDEX_MAX_VALUE - pos) < arg2) {
             throw new OutOfMemoryError();
         }
         int newPos = pos + arg2;
@@ -66,7 +69,7 @@
     }
 
     public void write(int arg0) {
-        if ((Integer.MAX_VALUE - pos) == 0) {
+        if (VM_ARRAY_INDEX_MAX_VALUE - pos == 0) {
             throw new OutOfMemoryError();
         }
         int newPos = pos + 1;
@@ -86,13 +89,26 @@
         pos = 0;
     }
 
+    /**
+     * Takes the contents of this stream and writes it to the output stream
+     * {@code out}.
+     *
+     * @param out
+     *            an OutputStream on which to write the contents of this stream.
+     * @throws IOException
+     *             if an error occurs while writing to {@code out}.
+     */
+    public void writeTo(OutputStream out) throws IOException {
+        out.write(buf, 0, pos);
+    }
+
     private void expandSize(int newPos) {
         int newSize = size;
         while (newPos > newSize) {
             newSize = newSize << 1;
             // Deal with overflow
             if (newSize < 0) {
-                newSize = Integer.MAX_VALUE;
+                newSize = VM_ARRAY_INDEX_MAX_VALUE;
             }
         }
         byte newBuf[] = new byte[newSize];
@@ -100,4 +116,4 @@
         buf = newBuf;
         size = newSize;
     }
-}
+}
\ No newline at end of file
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/WeakObjectPool.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/WeakObjectPool.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/WeakObjectPool.java
@@ -0,0 +1,118 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.utils;
+
+import java.lang.ref.WeakReference;
+import java.util.Collections;
+import java.util.Map;
+import java.util.WeakHashMap;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingDeque;
+
+/**
+ * Abstract base class for pooling objects.  The two public methods are
+ * {@link #getObject()} and ({@link #repool(Object)}.  Objects are held through
+ * weak references so even objects that are not repooled are subject to garbage collection.
+ *
+ * Subclasses must implement the abstract {@link #createObject()}.
+ * <p>
+ *
+ * Internally, the pool is stored in a java.util.concurrent.LinkedBlockingDeque
+ * instance.
+ */
+public abstract class WeakObjectPool<T, E extends Throwable> {
+
+    private static final Integer MARKER_VALUE = Integer.MAX_VALUE;//once here rather than auto-box it?
+
+    /** created, available objects to be checked out to clients */
+    private final BlockingQueue<WeakReference<T>> available;
+
+    /**
+     * Synchronized, identity map of loaned out objects (WeakHashMap);
+     * use to ensure we repool only object originating from here
+     * and do it once.
+     */
+    private final Map<T, Integer> onLoan;
+
+    /**
+     * The lone constructor.
+     */
+    protected WeakObjectPool() {
+        //alternative implementations: ArrayBlockingQueue has a fixed size
+        //  PriorityBlockingQueue: requires a dummy comparator; less memory but more overhead
+        available = new LinkedBlockingDeque<WeakReference<T>>();
+        this.onLoan = Collections.synchronizedMap(new WeakHashMap<T, Integer>());
+    }
+
+    /**
+     * Called whenever a new pool object is desired; subclasses must implement.
+     *
+     * @return object of the type desired by the subclass
+     * @throws E Throwable's subclass
+     */
+    protected abstract T createObject() throws E;
+
+
+    /**
+     * Subclasses can subclass to return a more specific type.
+     *
+     * @return an object from the pool; will block until an object is available
+     * @throws E
+     */
+    public T getObject() throws E {
+        WeakReference<T> ref;
+        T retValue = null;
+        do {
+            //remove any stale entries as well
+            ref = available.poll();
+        } while (ref != null && (retValue = ref.get()) == null);
+
+        if (retValue == null) {
+            //empty pool; create & add new one
+            retValue = createObject();
+        }
+        onLoan.put(retValue, MARKER_VALUE);
+        return retValue;
+    }
+
+
+    /**
+     * Adds the given object to the pool, provided that the object
+     * was created by this pool.
+     *
+     * @param obj the object to return to the pool
+     * @return whether the object was successfully added as available
+     */
+    public boolean repool(T obj) {
+        if (obj != null && onLoan.containsKey(obj)) {
+            //synchronize to protect against a caller returning the same object again...
+            synchronized (obj) {
+                //...and check to see that it was removed
+                if (onLoan.remove(obj) != null) {
+                    return available.offer(new WeakReference<T>(obj));
+                }
+            }
+        }
+        return false;
+    }
+}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
@@ -24,14 +24,20 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
+import java.math.BigInteger;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
@@ -41,32 +47,25 @@
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
-import org.w3c.dom.ProcessingInstruction;
 import org.w3c.dom.Text;
 
 /**
  * DOM and XML accessibility and comfort functions.
  *
- * @author Christian Geuer-Pollmann
  */
-public class XMLUtils {
+public final class XMLUtils {
 
     private static boolean ignoreLineBreaks =
-        AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-            public Boolean run() {
-                return Boolean.valueOf(Boolean.getBoolean
-                    ("com.sun.org.apache.xml.internal.security.ignoreLineBreaks"));
-            }
-        }).booleanValue();
+        AccessController.doPrivileged(
+            (PrivilegedAction<Boolean>) () -> Boolean.getBoolean("com.sun.org.apache.xml.internal.security.ignoreLineBreaks"));
 
     private static volatile String dsPrefix = "ds";
     private static volatile String ds11Prefix = "dsig11";
     private static volatile String xencPrefix = "xenc";
     private static volatile String xenc11Prefix = "xenc11";
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLUtils.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XMLUtils.class);
 
 
     /**
@@ -123,7 +122,7 @@
 
     public static Element getNextElement(Node el) {
         Node node = el;
-        while ((node != null) && (node.getNodeType() != Node.ELEMENT_NODE)) {
+        while (node != null && node.getNodeType() != Node.ELEMENT_NODE) {
             node = node.getNextSibling();
         }
         return (Element)node;
@@ -136,7 +135,7 @@
      * @param com whether comments or not
      */
     public static void getSet(Node rootNode, Set<Node> result, Node exclude, boolean com) {
-        if ((exclude != null) && isDescendantOrSelf(exclude, rootNode)) {
+        if (exclude != null && isDescendantOrSelf(exclude, rootNode)) {
             return;
         }
         getSetRec(rootNode, result, exclude, com);
@@ -154,7 +153,8 @@
             Element el = (Element)rootNode;
             if (el.hasAttributes()) {
                 NamedNodeMap nl = el.getAttributes();
-                for (int i = 0;i < nl.getLength(); i++) {
+                int length = nl.getLength();
+                for (int i = 0; i < length; i++) {
                     result.add(nl.item(i));
                 }
             }
@@ -163,7 +163,7 @@
             for (Node r = rootNode.getFirstChild(); r != null; r = r.getNextSibling()) {
                 if (r.getNodeType() == Node.TEXT_NODE) {
                     result.add(r);
-                    while ((r != null) && (r.getNodeType() == Node.TEXT_NODE)) {
+                    while (r != null && r.getNodeType() == Node.TEXT_NODE) {
                         r = r.getNextSibling();
                     }
                     if (r == null) {
@@ -208,37 +208,31 @@
     public static void outputDOM(Node contextNode, OutputStream os, boolean addPreamble) {
         try {
             if (addPreamble) {
-                os.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n".getBytes("UTF-8"));
+                os.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n".getBytes(java.nio.charset.StandardCharsets.UTF_8));
             }
 
             os.write(Canonicalizer.getInstance(
-                Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS).canonicalizeSubtree(contextNode)
+                Canonicalizer.ALGO_ID_C14N_PHYSICAL).canonicalizeSubtree(contextNode)
             );
         } catch (IOException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
         }
         catch (InvalidCanonicalizerException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
         } catch (CanonicalizationException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
         }
     }
 
     /**
-     * Serializes the <CODE>contextNode</CODE> into the OutputStream, <I>but
+     * Serializes the {@code contextNode} into the OutputStream, <I>but
      * suppresses all Exceptions</I>.
-     * <BR />
+     * <p></p>
      * NOTE: <I>This should only be used for debugging purposes,
      * NOT in a production environment; this method ignores all exceptions,
      * so you won't notice if something goes wrong. If you're asking what is to
      * be used in a production environment, simply use the code inside the
-     * <code>try{}</code> statement, but handle the Exceptions appropriately.</I>
+     * {@code try{}} statement, but handle the Exceptions appropriately.</I>
      *
      * @param contextNode
      * @param os
@@ -249,19 +243,13 @@
                 Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS).canonicalizeSubtree(contextNode)
             );
         } catch (IOException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             // throw new RuntimeException(ex.getMessage());
         } catch (InvalidCanonicalizerException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             // throw new RuntimeException(ex.getMessage());
         } catch (CanonicalizationException ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             // throw new RuntimeException(ex.getMessage());
         }
     }
@@ -298,7 +286,7 @@
             throw new RuntimeException("Document is null");
         }
 
-        if ((dsPrefix == null) || (dsPrefix.length() == 0)) {
+        if (dsPrefix == null || dsPrefix.length() == 0) {
             return doc.createElementNS(Constants.SignatureSpecNS, elementName);
         }
         return doc.createElementNS(Constants.SignatureSpecNS, dsPrefix + ":" + elementName);
@@ -316,55 +304,13 @@
             throw new RuntimeException("Document is null");
         }
 
-        if ((ds11Prefix == null) || (ds11Prefix.length() == 0)) {
+        if (ds11Prefix == null || ds11Prefix.length() == 0) {
             return doc.createElementNS(Constants.SignatureSpec11NS, elementName);
         }
         return doc.createElementNS(Constants.SignatureSpec11NS, ds11Prefix + ":" + elementName);
     }
 
     /**
-     * Creates an Element in the XML Encryption specification namespace.
-     *
-     * @param doc the factory Document
-     * @param elementName the local name of the Element
-     * @return the Element
-     */
-    public static Element createElementInEncryptionSpace(Document doc, String elementName) {
-        if (doc == null) {
-            throw new RuntimeException("Document is null");
-        }
-
-        if ((xencPrefix == null) || (xencPrefix.length() == 0)) {
-            return doc.createElementNS(EncryptionConstants.EncryptionSpecNS, elementName);
-        }
-        return
-            doc.createElementNS(
-                EncryptionConstants.EncryptionSpecNS, xencPrefix + ":" + elementName
-            );
-    }
-
-    /**
-     * Creates an Element in the XML Encryption 1.1 specification namespace.
-     *
-     * @param doc the factory Document
-     * @param elementName the local name of the Element
-     * @return the Element
-     */
-    public static Element createElementInEncryption11Space(Document doc, String elementName) {
-        if (doc == null) {
-            throw new RuntimeException("Document is null");
-        }
-
-        if ((xenc11Prefix == null) || (xenc11Prefix.length() == 0)) {
-            return doc.createElementNS(EncryptionConstants.EncryptionSpec11NS, elementName);
-        }
-        return
-            doc.createElementNS(
-                EncryptionConstants.EncryptionSpec11NS, xenc11Prefix + ":" + elementName
-            );
-    }
-
-    /**
      * Returns true if the element is in XML Signature namespace and the local
      * name equals the supplied one.
      *
@@ -401,43 +347,9 @@
     }
 
     /**
-     * Returns true if the element is in XML Encryption namespace and the local
-     * name equals the supplied one.
-     *
-     * @param element
-     * @param localName
-     * @return true if the element is in XML Encryption namespace and the local name
-     * equals the supplied one
-     */
-    public static boolean elementIsInEncryptionSpace(Element element, String localName) {
-        if (element == null){
-            return false;
-        }
-        return EncryptionConstants.EncryptionSpecNS.equals(element.getNamespaceURI())
-            && element.getLocalName().equals(localName);
-    }
-
-    /**
-     * Returns true if the element is in XML Encryption 1.1 namespace and the local
-     * name equals the supplied one.
-     *
-     * @param element
-     * @param localName
-     * @return true if the element is in XML Encryption 1.1 namespace and the local name
-     * equals the supplied one
-     */
-    public static boolean elementIsInEncryption11Space(Element element, String localName) {
-        if (element == null){
-            return false;
-        }
-        return EncryptionConstants.EncryptionSpec11NS.equals(element.getNamespaceURI())
-            && element.getLocalName().equals(localName);
-    }
-
-    /**
      * This method returns the owner document of a particular node.
      * This method is necessary because it <I>always</I> returns a
-     * {@link Document}. {@link Node#getOwnerDocument} returns <CODE>null</CODE>
+     * {@link Document}. {@link Node#getOwnerDocument} returns {@code null}
      * if the {@link Node} is a {@link Document}.
      *
      * @param node
@@ -459,7 +371,7 @@
     /**
      * This method returns the first non-null owner document of the Nodes in this Set.
      * This method is necessary because it <I>always</I> returns a
-     * {@link Document}. {@link Node#getOwnerDocument} returns <CODE>null</CODE>
+     * {@link Document}. {@link Node#getOwnerDocument} returns {@code null}
      * if the {@link Node} is a {@link Document}.
      *
      * @param xpathNodeSet
@@ -496,7 +408,7 @@
      * @return the element.
      */
     public static Element createDSctx(Document doc, String prefix, String namespace) {
-        if ((prefix == null) || (prefix.trim().length() == 0)) {
+        if (prefix == null || prefix.trim().length() == 0) {
             throw new IllegalArgumentException("You must supply a prefix");
         }
 
@@ -532,6 +444,25 @@
         }
     }
 
+    public static String encodeToString(byte[] bytes) {
+        if (ignoreLineBreaks) {
+            return Base64.getEncoder().encodeToString(bytes);
+        }
+        return Base64.getMimeEncoder().encodeToString(bytes);
+    }
+
+    public static byte[] decode(String encodedString) {
+        return Base64.getMimeDecoder().decode(encodedString);
+    }
+
+    public static byte[] decode(byte[] encodedBytes) {
+        return Base64.getMimeDecoder().decode(encodedBytes);
+    }
+
+    public static boolean isIgnoreLineBreaks() {
+        return ignoreLineBreaks;
+    }
+
     /**
      * Method convertNodelistToSet
      *
@@ -540,11 +471,11 @@
      */
     public static Set<Node> convertNodelistToSet(NodeList xpathNodeSet) {
         if (xpathNodeSet == null) {
-            return new HashSet<Node>();
+            return new HashSet<>();
         }
 
         int length = xpathNodeSet.getLength();
-        Set<Node> set = new HashSet<Node>(length);
+        Set<Node> set = new HashSet<>(length);
 
         for (int i = 0; i < length; i++) {
             set.add(xpathNodeSet.item(i));
@@ -632,7 +563,7 @@
                 sibling = node.getFirstChild();
                 break;
             }
-            while ((sibling == null) && (parent != null)) {
+            while (sibling == null && parent != null) {
                 sibling = parent.getNextSibling();
                 parent = parent.getParentNode();
             }
@@ -691,29 +622,8 @@
      * @param number
      * @return nodes with the constrain
      */
-    public static Element selectXencNode(Node sibling, String nodeName, int number) {
-        while (sibling != null) {
-            if (EncryptionConstants.EncryptionSpecNS.equals(sibling.getNamespaceURI())
-                && sibling.getLocalName().equals(nodeName)) {
-                if (number == 0){
-                    return (Element)sibling;
-                }
-                number--;
-            }
-            sibling = sibling.getNextSibling();
-        }
-        return null;
-    }
-
-
-    /**
-     * @param sibling
-     * @param nodeName
-     * @param number
-     * @return nodes with the constrain
-     */
     public static Text selectDsNodeText(Node sibling, String nodeName, int number) {
-        Node n = selectDsNode(sibling,nodeName,number);
+        Node n = selectDsNode(sibling, nodeName, number);
         if (n == null) {
             return null;
         }
@@ -731,7 +641,7 @@
      * @return nodes with the constrain
      */
     public static Text selectDs11NodeText(Node sibling, String nodeName, int number) {
-        Node n = selectDs11Node(sibling,nodeName,number);
+        Node n = selectDs11Node(sibling, nodeName, number);
         if (n == null) {
             return null;
         }
@@ -750,7 +660,7 @@
      * @return nodes with the constrain
      */
     public static Text selectNodeText(Node sibling, String uri, String nodeName, int number) {
-        Node n = selectNode(sibling,uri,nodeName,number);
+        Node n = selectNode(sibling, uri, nodeName, number);
         if (n == null) {
             return null;
         }
@@ -807,7 +717,7 @@
      * @return nodes with the constraint
      */
     public static Element[] selectNodes(Node sibling, String uri, String nodeName) {
-        List<Element> list = new ArrayList<Element>();
+        List<Element> list = new ArrayList<>();
         while (sibling != null) {
             if (sibling.getNamespaceURI() != null && sibling.getNamespaceURI().equals(uri)
                 && sibling.getLocalName().equals(nodeName)) {
@@ -824,7 +734,7 @@
      * @return nodes with the constrain
      */
     public static Set<Node> excludeNodeFromSet(Node signatureElement, Set<Node> inputSet) {
-        Set<Node> resultSet = new HashSet<Node>();
+        Set<Node> resultSet = new HashSet<>();
         Iterator<Node> iterator = inputSet.iterator();
 
         while (iterator.hasNext()) {
@@ -859,9 +769,9 @@
 
             return sb.toString();
         } else if (xpathnode.getNodeType() == Node.ATTRIBUTE_NODE) {
-            return ((Attr) xpathnode).getNodeValue();
+            return xpathnode.getNodeValue();
         } else if (xpathnode.getNodeType() == Node.PROCESSING_INSTRUCTION_NODE) {
-            return ((ProcessingInstruction) xpathnode).getNodeValue();
+            return xpathnode.getNodeValue();
         }
 
         return null;
@@ -909,7 +819,7 @@
      * the empty string if the attribute value is empty.
      *
      * <p>This works around a limitation of the DOM
-     * <code>Element.getAttributeNode</code> method, which does not distinguish
+     * {@code Element.getAttributeNode} method, which does not distinguish
      * between an unspecified attribute and an attribute with a value of
      * "" (it returns "" for both cases).
      *
@@ -929,29 +839,33 @@
      * a matching Element has been found, just that no wrapping attack has been detected.
      */
     public static boolean protectAgainstWrappingAttack(Node startNode, String value) {
-        Node startParent = startNode.getParentNode();
-        Node processedNode = null;
-        Element foundElement = null;
-
         String id = value.trim();
         if (!id.isEmpty() && id.charAt(0) == '#') {
             id = id.substring(1);
         }
 
+        Node startParent = null;
+        Node processedNode = null;
+        Element foundElement = null;
+        if (startNode != null) {
+            startParent = startNode.getParentNode();
+        }
+
         while (startNode != null) {
             if (startNode.getNodeType() == Node.ELEMENT_NODE) {
                 Element se = (Element) startNode;
 
                 NamedNodeMap attributes = se.getAttributes();
                 if (attributes != null) {
-                    for (int i = 0; i < attributes.getLength(); i++) {
+                    int length = attributes.getLength();
+                    for (int i = 0; i < length; i++) {
                         Attr attr = (Attr)attributes.item(i);
                         if (attr.isId() && id.equals(attr.getValue())) {
                             if (foundElement == null) {
                                 // Continue searching to find duplicates
                                 foundElement = attr.getOwnerElement();
                             } else {
-                                log.log(java.util.logging.Level.FINE, "Multiple elements with the same 'Id' attribute value!");
+                                LOG.debug("Multiple elements with the same 'Id' attribute value!");
                                 return false;
                             }
                         }
@@ -990,24 +904,28 @@
     public static boolean protectAgainstWrappingAttack(
         Node startNode, Element knownElement, String value
     ) {
-        Node startParent = startNode.getParentNode();
-        Node processedNode = null;
-
         String id = value.trim();
         if (!id.isEmpty() && id.charAt(0) == '#') {
             id = id.substring(1);
         }
 
+        Node startParent = null;
+        Node processedNode = null;
+        if (startNode != null) {
+            startParent = startNode.getParentNode();
+        }
+
         while (startNode != null) {
             if (startNode.getNodeType() == Node.ELEMENT_NODE) {
                 Element se = (Element) startNode;
 
                 NamedNodeMap attributes = se.getAttributes();
                 if (attributes != null) {
-                    for (int i = 0; i < attributes.getLength(); i++) {
+                    int length = attributes.getLength();
+                    for (int i = 0; i < length; i++) {
                         Attr attr = (Attr)attributes.item(i);
                         if (attr.isId() && id.equals(attr.getValue()) && se != knownElement) {
-                            log.log(java.util.logging.Level.FINE, "Multiple elements with the same 'Id' attribute value!");
+                            LOG.debug("Multiple elements with the same 'Id' attribute value!");
                             return false;
                         }
                     }
@@ -1037,4 +955,68 @@
         return true;
     }
 
+    public static DocumentBuilder createDocumentBuilder(boolean validating)
+            throws ParserConfigurationException {
+        return createDocumentBuilder(validating, true);
+    }
+
+    // The current implementation does not throw a ParserConfigurationException.
+    // Kept here in case we create the DocumentBuilder inline again.
+    public static DocumentBuilder createDocumentBuilder(
+        boolean validating, boolean disAllowDocTypeDeclarations
+    ) throws ParserConfigurationException {
+        DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+        dfactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        if (disAllowDocTypeDeclarations) {
+            dfactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        }
+        dfactory.setValidating(validating);
+        dfactory.setNamespaceAware(true);
+        return dfactory.newDocumentBuilder();
+    }
+
+    /**
+     * Returns a byte-array representation of a {@code {@link BigInteger}}.
+     * No sign-bit is output.
+     *
+     * <b>N.B.:</B> {@code {@link BigInteger}}'s toByteArray
+     * returns eventually longer arrays because of the leading sign-bit.
+     *
+     * @param big {@code BigInteger} to be converted
+     * @param bitlen {@code int} the desired length in bits of the representation
+     * @return a byte array with {@code bitlen} bits of {@code big}
+     */
+    public static byte[] getBytes(BigInteger big, int bitlen) {
+
+        //round bitlen
+        bitlen = ((bitlen + 7) >> 3) << 3;
+
+        if (bitlen < big.bitLength()) {
+            throw new IllegalArgumentException(I18n.translate("utils.Base64.IllegalBitlength"));
+        }
+
+        byte[] bigBytes = big.toByteArray();
+
+        if (big.bitLength() % 8 != 0
+            && big.bitLength() / 8 + 1 == bitlen / 8) {
+            return bigBytes;
+        }
+
+        // some copying needed
+        int startSrc = 0;    // no need to skip anything
+        int bigLen = bigBytes.length;    //valid length of the string
+
+        if (big.bitLength() % 8 == 0) {    // correct values
+            startSrc = 1;    // skip sign bit
+
+            bigLen--;    // valid length of the string
+        }
+
+        int startDst = bitlen / 8 - bigLen;    //pad with leading nulls
+        byte[] resizedBytes = new byte[bitlen / 8];
+
+        System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, bigLen);
+
+        return resizedBytes;
+    }
 }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XPathFactory.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XPathFactory.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XPathFactory.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XPathFactory.java
@@ -38,12 +38,12 @@
             if (funcTableClass != null) {
                 xalanInstalled = true;
             }
-        } catch (Exception e) {
+        } catch (Exception e) { //NOPMD
             //ignore
         }
     }
 
-    protected synchronized static boolean isXalanInstalled() {
+    protected static synchronized boolean isXalanInstalled() {
         return xalanInstalled;
     }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XalanXPathAPI.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XalanXPathAPI.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XalanXPathAPI.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XalanXPathAPI.java
@@ -48,14 +48,14 @@
  */
 public class XalanXPathAPI implements XPathAPI {
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XalanXPathAPI.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XalanXPathAPI.class);
 
-    private String xpathStr = null;
+    private String xpathStr;
 
-    private XPath xpath = null;
+    private XPath xpath;
 
-    private static FunctionTable funcTable = null;
+    private static FunctionTable funcTable;
 
     private static boolean installed;
 
@@ -111,7 +111,7 @@
         context = null;
     }
 
-    public synchronized static boolean isInstalled() {
+    public static synchronized boolean isInstalled() {
         return installed;
     }
 
@@ -150,14 +150,12 @@
         Class<?>[] classes = new Class<?>[]{String.class, SourceLocator.class, PrefixResolver.class, int.class,
                                       ErrorListener.class, FunctionTable.class};
         Object[] objects =
-            new Object[]{str, null, prefixResolver, Integer.valueOf(XPath.SELECT), null, funcTable};
+            new Object[]{str, null, prefixResolver, XPath.SELECT, null, funcTable};
         try {
             Constructor<?> constructor = XPath.class.getConstructor(classes);
             xpath = (XPath) constructor.newInstance(objects);
         } catch (Exception ex) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
         }
         if (xpath == null) {
             xpath = new XPath(str, null, prefixResolver, XPath.SELECT, null);
@@ -165,11 +163,9 @@
         return xpath;
     }
 
-    private synchronized static void fixupFunctionTable() {
+    private static synchronized void fixupFunctionTable() {
         installed = false;
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Registering Here function");
-        }
+        LOG.debug("Registering Here function");
         /**
          * Try to register our here() implementation as internal function.
          */
@@ -182,7 +178,7 @@
                 installed = true;
             }
         } catch (Exception ex) {
-            log.log(java.util.logging.Level.FINE, "Error installing function using the static installFunction method", ex);
+            LOG.debug("Error installing function using the static installFunction method", ex);
         }
         if (!installed) {
             try {
@@ -193,17 +189,13 @@
                 installFunction.invoke(funcTable, params);
                 installed = true;
             } catch (Exception ex) {
-                log.log(java.util.logging.Level.FINE, "Error installing function using the static installFunction method", ex);
+                LOG.debug("Error installing function using the static installFunction method", ex);
             }
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            if (installed) {
-                log.log(java.util.logging.Level.FINE, "Registered class " + FuncHere.class.getName()
-                          + " for XPath function 'here()' function in internal table");
-            } else {
-                log.log(java.util.logging.Level.FINE, "Unable to register class " + FuncHere.class.getName()
-                          + " for XPath function 'here()' function in internal table");
-            }
+        if (installed) {
+            LOG.debug("Registered class {} for XPath function 'here()' function in internal table", FuncHere.class.getName());
+        } else {
+            LOG.debug("Unable to register class {} for XPath function 'here()' function in internal table", FuncHere.class.getName());
         }
     }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/package.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-general utility classes.
-</P></BODY></HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ClassLoaderUtils.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ClassLoaderUtils.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ClassLoaderUtils.java
@@ -0,0 +1,84 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.sun.org.apache.xml.internal.security.utils.resolver;
+
+// NOTE! This is a duplicate of utils.ClassLoaderUtils with public
+// modifiers changed to package-private. Make sure to integrate any future
+// changes to utils.ClassLoaderUtils to this file.
+final class ClassLoaderUtils {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
+
+    private ClassLoaderUtils() {
+    }
+
+    /**
+     * Load a class with a given name. <p></p> It will try to load the class in the
+     * following order:
+     * <ul>
+     * <li>From Thread.currentThread().getContextClassLoader()
+     * <li>Using the basic Class.forName()
+     * <li>From ClassLoaderUtil.class.getClassLoader()
+     * <li>From the callingClass.getClassLoader()
+     * </ul>
+     *
+     * @param className The name of the class to load
+     * @param callingClass The Class object of the calling object
+     * @throws ClassNotFoundException If the class cannot be found anywhere.
+     */
+    static Class<?> loadClass(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            ClassLoader cl = Thread.currentThread().getContextClassLoader();
+
+            if (cl != null) {
+                return cl.loadClass(className);
+            }
+        } catch (ClassNotFoundException e) {
+            LOG.debug(e.getMessage(), e);
+            //ignore
+        }
+        return loadClass2(className, callingClass);
+    }
+
+    private static Class<?> loadClass2(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            return Class.forName(className);
+        } catch (ClassNotFoundException ex) {
+            try {
+                if (ClassLoaderUtils.class.getClassLoader() != null) {
+                    return ClassLoaderUtils.class.getClassLoader().loadClass(className);
+                }
+            } catch (ClassNotFoundException exc) {
+                if (callingClass != null && callingClass.getClassLoader() != null) {
+                    return callingClass.getClassLoader().loadClass(className);
+                }
+            }
+            LOG.debug(ex.getMessage(), ex);
+            throw ex;
+        }
+    }
+}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java
@@ -42,12 +42,11 @@
  */
 public class ResourceResolver {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ResourceResolver.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResourceResolver.class);
 
     /** these are the system-wide resolvers */
-    private static List<ResourceResolver> resolverList = new ArrayList<ResourceResolver>();
+    private static final List<ResourceResolver> resolverList = new ArrayList<>();
 
     /** Field resolverSpi */
     private final ResourceResolverSpi resolverSpi;
@@ -64,21 +63,7 @@
     /**
      * Method getInstance
      *
-     * @param uri
-     * @param baseURI
-     * @return the instance
-     *
-     * @throws ResourceResolverException
-     */
-    public static final ResourceResolver getInstance(Attr uri, String baseURI)
-        throws ResourceResolverException {
-        return getInstance(uri, baseURI, false);
-    }
-
-    /**
-     * Method getInstance
-     *
-     * @param uri
+     * @param uriAttr
      * @param baseURI
      * @param secureValidation
      * @return the instance
@@ -99,29 +84,26 @@
                 ResourceResolver resolverTmp = resolver;
                 if (!resolver.resolverSpi.engineIsThreadSafe()) {
                     try {
-                        resolverTmp =
+                        ResourceResolver tmp =
                             new ResourceResolver(resolver.resolverSpi.getClass().newInstance());
+                        resolverTmp = tmp;
                     } catch (InstantiationException e) {
-                        throw new ResourceResolverException("", e, context.attr, context.baseUri);
+                        throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "");
                     } catch (IllegalAccessException e) {
-                        throw new ResourceResolverException("", e, context.attr, context.baseUri);
+                        throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "");
                     }
                 }
 
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE,
-                        "check resolvability by class " + resolverTmp.getClass().getName()
-                    );
-                }
+                LOG.debug("check resolvability by class {}", resolverTmp.getClass().getName());
 
-                if ((resolverTmp != null) && resolverTmp.canResolve(context)) {
+                if (resolverTmp != null && resolverTmp.canResolve(context)) {
                     // Check to see whether the Resolver is allowed
                     if (context.secureValidation
                         && (resolverTmp.resolverSpi instanceof ResolverLocalFilesystem
                             || resolverTmp.resolverSpi instanceof ResolverDirectHTTP)) {
                         Object exArgs[] = { resolverTmp.resolverSpi.getClass().getName() };
                         throw new ResourceResolverException(
-                            "signature.Reference.ForbiddenResolver", exArgs, context.attr, context.baseUri
+                            "signature.Reference.ForbiddenResolver", exArgs, context.uriToResolve, context.baseUri
                         );
                     }
                     return resolverTmp;
@@ -129,10 +111,10 @@
             }
         }
 
-        Object exArgs[] = { ((context.uriToResolve != null)
-                ? context.uriToResolve : "null"), context.baseUri };
+        Object exArgs[] = { context.uriToResolve != null
+                ? context.uriToResolve : "null", context.baseUri };
 
-        throw new ResourceResolverException("utils.resolver.noClass", exArgs, context.attr, context.baseUri);
+        throw new ResourceResolverException("utils.resolver.noClass", exArgs, context.uriToResolve, context.baseUri);
     }
 
     /**
@@ -148,7 +130,7 @@
     public static ResourceResolver getInstance(
         Attr uri, String baseURI, List<ResourceResolver> individualResolvers
     ) throws ResourceResolverException {
-        return getInstance(uri, baseURI, individualResolvers, false);
+        return getInstance(uri, baseURI, individualResolvers, true);
     }
 
     /**
@@ -165,12 +147,10 @@
     public static ResourceResolver getInstance(
         Attr uri, String baseURI, List<ResourceResolver> individualResolvers, boolean secureValidation
     ) throws ResourceResolverException {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE,
-                "I was asked to create a ResourceResolver and got "
-                + (individualResolvers == null ? 0 : individualResolvers.size())
-            );
-        }
+        LOG.debug(
+            "I was asked to create a ResourceResolver and got {}",
+            (individualResolvers == null ? 0 : individualResolvers.size())
+        );
 
         ResourceResolverContext context = new ResourceResolverContext(uri, baseURI, secureValidation);
 
@@ -180,10 +160,8 @@
                 ResourceResolver resolver = individualResolvers.get(i);
 
                 if (resolver != null) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        String currentClass = resolver.resolverSpi.getClass().getName();
-                        log.log(java.util.logging.Level.FINE, "check resolvability by class " + currentClass);
-                    }
+                    String currentClass = resolver.resolverSpi.getClass().getName();
+                    LOG.debug("check resolvability by class {}", currentClass);
 
                     if (resolver.canResolve(context)) {
                         return resolver;
@@ -196,7 +174,7 @@
     }
 
     /**
-     * Registers a ResourceResolverSpi class. This method logs a warning if
+     * Registers a ResourceResolverSpi class. This method LOGs a warning if
      * the class cannot be registered.
      *
      * @param className the name of the ResourceResolverSpi class to be registered
@@ -208,16 +186,17 @@
         JavaUtils.checkRegisterPermission();
         try {
             Class<ResourceResolverSpi> resourceResolverClass =
-                (Class<ResourceResolverSpi>) Class.forName(className);
+                (Class<ResourceResolverSpi>)
+                ClassLoaderUtils.loadClass(className, ResourceResolver.class);
             register(resourceResolverClass, false);
         } catch (ClassNotFoundException e) {
-            log.log(java.util.logging.Level.WARNING, "Error loading resolver " + className + " disabling it");
+            LOG.warn("Error loading resolver " + className + " disabling it");
         }
     }
 
     /**
      * Registers a ResourceResolverSpi class at the beginning of the provider
-     * list. This method logs a warning if the class cannot be registered.
+     * list. This method LOGs a warning if the class cannot be registered.
      *
      * @param className the name of the ResourceResolverSpi class to be registered
      * @throws SecurityException if a security manager is installed and the
@@ -228,15 +207,16 @@
         JavaUtils.checkRegisterPermission();
         try {
             Class<ResourceResolverSpi> resourceResolverClass =
-                (Class<ResourceResolverSpi>) Class.forName(className);
+                (Class<ResourceResolverSpi>)
+                ClassLoaderUtils.loadClass(className, ResourceResolver.class);
             register(resourceResolverClass, true);
         } catch (ClassNotFoundException e) {
-            log.log(java.util.logging.Level.WARNING, "Error loading resolver " + className + " disabling it");
+            LOG.warn("Error loading resolver " + className + " disabling it");
         }
     }
 
     /**
-     * Registers a ResourceResolverSpi class. This method logs a warning if the class
+     * Registers a ResourceResolverSpi class. This method LOGs a warning if the class
      * cannot be registered.
      * @param className
      * @param start
@@ -249,14 +229,14 @@
             ResourceResolverSpi resourceResolverSpi = className.newInstance();
             register(resourceResolverSpi, start);
         } catch (IllegalAccessException e) {
-            log.log(java.util.logging.Level.WARNING, "Error loading resolver " + className + " disabling it");
+            LOG.warn("Error loading resolver " + className + " disabling it");
         } catch (InstantiationException e) {
-            log.log(java.util.logging.Level.WARNING, "Error loading resolver " + className + " disabling it");
+            LOG.warn("Error loading resolver " + className + " disabling it");
         }
     }
 
     /**
-     * Registers a ResourceResolverSpi instance. This method logs a warning if the class
+     * Registers a ResourceResolverSpi instance. This method LOGs a warning if the class
      * cannot be registered.
      * @param resourceResolverSpi
      * @param start
@@ -272,9 +252,7 @@
                 resolverList.add(new ResourceResolver(resourceResolverSpi));
             }
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Registered resolver: " + resourceResolverSpi.toString());
-        }
+        LOG.debug("Registered resolver: {}", resourceResolverSpi.toString());
     }
 
     /**
@@ -290,15 +268,6 @@
     }
 
     /**
-     * @deprecated New clients should use {@link #resolve(Attr, String, boolean)}
-     */
-    @Deprecated
-    public XMLSignatureInput resolve(Attr uri, String baseURI)
-        throws ResourceResolverException {
-        return resolve(uri, baseURI, true);
-    }
-
-    /**
      * Method resolve
      *
      * @param uri
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverException.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverException.java
@@ -23,21 +23,19 @@
 package com.sun.org.apache.xml.internal.security.utils.resolver;
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Attr;
 
 /**
  * This Exception is thrown if something related to the
  * {@link com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver} goes wrong.
  *
- * @author $Author: coheigea $
  */
 public class ResourceResolverException extends XMLSecurityException {
 
     private static final long serialVersionUID = 1L;
 
-    private Attr uri = null;
+    private String uri;
 
-    private String baseURI = null;
+    private String baseURI;
 
     /**
      * Constructor ResourceResolverException
@@ -46,7 +44,7 @@
      * @param uri
      * @param baseURI
      */
-    public ResourceResolverException(String msgID, Attr uri, String baseURI) {
+    public ResourceResolverException(String msgID, String uri, String baseURI) {
         super(msgID);
 
         this.uri = uri;
@@ -61,7 +59,7 @@
      * @param uri
      * @param baseURI
      */
-    public ResourceResolverException(String msgID, Object exArgs[], Attr uri,
+    public ResourceResolverException(String msgID, Object exArgs[], String uri,
                                      String baseURI) {
         super(msgID, exArgs);
 
@@ -72,42 +70,54 @@
     /**
      * Constructor ResourceResolverException
      *
-     * @param msgID
      * @param originalException
      * @param uri
      * @param baseURI
+     * @param msgID
      */
-    public ResourceResolverException(String msgID, Exception originalException,
-                                     Attr uri, String baseURI) {
-        super(msgID, originalException);
+    public ResourceResolverException(Exception originalException,
+                                     String uri, String baseURI, String msgID) {
+        super(originalException, msgID);
 
         this.uri = uri;
         this.baseURI = baseURI;
     }
 
+    @Deprecated
+    public ResourceResolverException(String msgID, Exception originalException,
+                                     String uri, String baseURI) {
+        this(originalException, uri, baseURI, msgID);
+    }
+
     /**
      * Constructor ResourceResolverException
      *
-     * @param msgID
-     * @param exArgs
      * @param originalException
      * @param uri
      * @param baseURI
+     * @param msgID
+     * @param exArgs
      */
-    public ResourceResolverException(String msgID, Object exArgs[],
-                                     Exception originalException, Attr uri,
-                                     String baseURI) {
-        super(msgID, exArgs, originalException);
+    public ResourceResolverException(Exception originalException, String uri,
+                                     String baseURI, String msgID, Object exArgs[]) {
+        super(originalException, msgID, exArgs);
 
         this.uri = uri;
         this.baseURI = baseURI;
     }
 
+    @Deprecated
+    public ResourceResolverException(String msgID, Object exArgs[],
+                                     Exception originalException, String uri,
+                                     String baseURI) {
+        this(originalException, uri, baseURI, msgID, exArgs);
+    }
+
     /**
      *
      * @param uri
      */
-    public void setURI(Attr uri) {
+    public void setURI(String uri) {
         this.uri = uri;
     }
 
@@ -115,7 +125,7 @@
      *
      * @return the uri
      */
-    public Attr getURI() {
+    public String getURI() {
         return this.uri;
     }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverSpi.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverSpi.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverSpi.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverSpi.java
@@ -26,47 +26,18 @@
 import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import org.w3c.dom.Attr;
 
 /**
  * During reference validation, we have to retrieve resources from somewhere.
  *
- * @author $Author: coheigea $
  */
 public abstract class ResourceResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ResourceResolverSpi.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResourceResolverSpi.class);
 
     /** Field properties */
-    protected java.util.Map<String, String> properties = null;
-
-    /**
-     * Deprecated - used to carry state about whether resolution was being done in a secure fashion,
-     * but was not thread safe, so the resolution information is now passed as parameters to methods.
-     *
-     * @deprecated Secure validation flag is now passed to methods.
-     */
-    @Deprecated
-    protected final boolean secureValidation = true;
-
-    /**
-     * This is the workhorse method used to resolve resources.
-     *
-     * @param uri
-     * @param BaseURI
-     * @return the resource wrapped around a XMLSignatureInput
-     *
-     * @throws ResourceResolverException
-     *
-     * @deprecated New clients should override {@link #engineResolveURI(ResourceResolverContext)}
-     */
-    @Deprecated
-    public XMLSignatureInput engineResolve(Attr uri, String BaseURI)
-        throws ResourceResolverException {
-        throw new UnsupportedOperationException();
-    }
+    protected Map<String, String> properties;
 
     /**
      * This is the workhorse method used to resolve resources.
@@ -76,12 +47,8 @@
      *
      * @throws ResourceResolverException
      */
-    public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
-        throws ResourceResolverException {
-        // The default implementation, to preserve backwards compatibility in the
-        // test cases, calls the old resolver API.
-        return engineResolve(context.attr, context.baseUri);
-    }
+    public abstract XMLSignatureInput engineResolveURI(ResourceResolverContext context)
+        throws ResourceResolverException;
 
     /**
      * Method engineSetProperty
@@ -91,7 +58,7 @@
      */
     public void engineSetProperty(String key, String value) {
         if (properties == null) {
-            properties = new HashMap<String, String>();
+            properties = new HashMap<>();
         }
         properties.put(key, value);
     }
@@ -116,7 +83,7 @@
     public void engineAddProperies(Map<String, String> newProperties) {
         if (newProperties != null && !newProperties.isEmpty()) {
             if (properties == null) {
-                properties = new HashMap<String, String>();
+                properties = new HashMap<>();
             }
             properties.putAll(newProperties);
         }
@@ -125,7 +92,7 @@
     /**
      * Tells if the implementation does can be reused by several threads safely.
      * It normally means that the implementation does not have any member, or there is
-     * member change between engineCanResolve & engineResolve invocations. Or it maintains all
+     * member change between engineCanResolve and engineResolve invocations. Or it maintains all
      * member info in ThreadLocal methods.
      */
     public boolean engineIsThreadSafe() {
@@ -136,32 +103,10 @@
      * This method helps the {@link ResourceResolver} to decide whether a
      * {@link ResourceResolverSpi} is able to perform the requested action.
      *
-     * @param uri
-     * @param BaseURI
-     * @return true if the engine can resolve the uri
-     *
-     * @deprecated See {@link #engineCanResolveURI(ResourceResolverContext)}
-     */
-    @Deprecated
-    public boolean engineCanResolve(Attr uri, String BaseURI) {
-        // This method used to be abstract, so any calls to "super" are bogus.
-        throw new UnsupportedOperationException();
-    }
-
-    /**
-     * This method helps the {@link ResourceResolver} to decide whether a
-     * {@link ResourceResolverSpi} is able to perform the requested action.
-     *
-     * <p>New clients should override this method, and not override {@link #engineCanResolve(Attr, String)}
-     * </p>
      * @param context Context in which to do resolution.
      * @return true if the engine can resolve the uri
      */
-    public boolean engineCanResolveURI(ResourceResolverContext context) {
-        // To preserve backward compatibility with existing resolvers that might override the old method,
-        // call the old deprecated API.
-        return engineCanResolve( context.attr, context.baseUri );
-    }
+    public abstract boolean engineCanResolveURI(ResourceResolverContext context);
 
     /**
      * Method engineGetPropertyKeys
@@ -182,8 +127,8 @@
         String[] understood = this.engineGetPropertyKeys();
 
         if (understood != null) {
-            for (int i = 0; i < understood.length; i++) {
-                if (understood[i].equals(propertyToTest)) {
+            for (String str : understood) {
+                if (str.equals(propertyToTest)) {
                     return true;
                 }
             }
@@ -212,12 +157,12 @@
             char ch1 = str.charAt(1);
             char ch2 = str.charAt(2);
             char ch3 = str.charAt(3);
-            boolean isDosFilename = ((('A' <= ch0) && (ch0 <= 'Z'))
-                && (ch1 == ':') && (ch2 == '/')
-                && (ch3 != '/'));
+            boolean isDosFilename = 'A' <= ch0 && ch0 <= 'Z'
+                && ch1 == ':' && ch2 == '/'
+                && ch3 != '/';
 
-            if (isDosFilename && log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Found DOS filename: " + str);
+            if (isDosFilename) {
+                LOG.debug("Found DOS filename: {}", str);
             }
         }
 
@@ -228,7 +173,7 @@
             if (ch1 == ':') {
                 char ch0 = Character.toUpperCase(str.charAt(0));
 
-                if (('A' <= ch0) && (ch0 <= 'Z')) {
+                if ('A' <= ch0 && ch0 <= 'Z') {
                     str = "/" + str;
                 }
             }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverAnonymous.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverAnonymous.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverAnonymous.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverAnonymous.java
@@ -23,21 +23,21 @@
 
 package com.sun.org.apache.xml.internal.security.utils.resolver.implementations;
 
-import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverContext;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
 
 /**
- * @author $Author: coheigea $
  */
 public class ResolverAnonymous extends ResourceResolverSpi {
 
-    private InputStream inStream = null;
+    private InputStream inStream;
 
     @Override
     public boolean engineIsThreadSafe() {
@@ -50,7 +50,7 @@
      * @throws IOException
      */
     public ResolverAnonymous(String filename) throws FileNotFoundException, IOException {
-        inStream = new FileInputStream(filename);
+        inStream = Files.newInputStream(Paths.get(filename));
     }
 
     /**
@@ -60,14 +60,16 @@
         inStream = is;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     @Override
     public XMLSignatureInput engineResolveURI(ResourceResolverContext context) {
-        return new XMLSignatureInput(inStream);
+        XMLSignatureInput input = new XMLSignatureInput(inStream);
+        input.setSecureValidation(context.secureValidation);
+        return input;
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     @Override
     public boolean engineCanResolveURI(ResourceResolverContext context) {
@@ -77,7 +79,7 @@
         return false;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String[] engineGetPropertyKeys() {
         return new String[0];
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java
@@ -32,9 +32,10 @@
 import java.net.URI;
 import java.net.URL;
 import java.net.URLConnection;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverContext;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
@@ -61,9 +62,8 @@
  */
 public class ResolverDirectHTTP extends ResourceResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ResolverDirectHTTP.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResolverDirectHTTP.class);
 
     /** Field properties[] */
     private static final String properties[] = {
@@ -96,26 +96,17 @@
     }
 
     /**
-     * Method resolve
-     *
-     * @param uri
-     * @param baseURI
-     *
-     * @throws ResourceResolverException
-     * @return
-     * $todo$ calculate the correct URI from the attribute and the baseURI
+     * {@inheritDoc}
      */
     @Override
     public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
         throws ResourceResolverException {
-        InputStream inputStream = null;
+
         try {
-
             // calculate new URI
             URI uriNew = getNewURI(context.uriToResolve, context.baseUri);
             URL url = uriNew.toURL();
-            URLConnection urlConnection;
-            urlConnection = openConnection(url);
+            URLConnection urlConnection = openConnection(url);
 
             // check if Basic authentication is required
             String auth = urlConnection.getHeaderField("WWW-Authenticate");
@@ -127,11 +118,11 @@
                 String pass =
                     engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicPass]);
 
-                if ((user != null) && (pass != null)) {
+                if (user != null && pass != null) {
                     urlConnection = openConnection(url);
 
                     String password = user + ":" + pass;
-                    String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
+                    String encodedPassword = Base64.getMimeEncoder().encodeToString(password.getBytes(StandardCharsets.ISO_8859_1));
 
                     // set authentication property in the http header
                     urlConnection.setRequestProperty("Authorization",
@@ -140,45 +131,36 @@
             }
 
             String mimeType = urlConnection.getHeaderField("Content-Type");
-            inputStream = urlConnection.getInputStream();
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            byte buf[] = new byte[4096];
-            int read = 0;
-            int summarized = 0;
+            try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
+                InputStream inputStream = urlConnection.getInputStream()) {
+                byte[] buf = new byte[4096];
+                int read = 0;
+                int summarized = 0;
 
-            while ((read = inputStream.read(buf)) >= 0) {
-                baos.write(buf, 0, read);
-                summarized += read;
-            }
+                while ((read = inputStream.read(buf)) >= 0) {
+                    baos.write(buf, 0, read);
+                    summarized += read;
+                }
+
+                LOG.debug("Fetched {} bytes from URI {}", summarized, uriNew.toString());
 
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Fetched " + summarized + " bytes from URI " + uriNew.toString());
+                XMLSignatureInput result = new XMLSignatureInput(baos.toByteArray());
+                result.setSecureValidation(context.secureValidation);
+
+                result.setSourceURI(uriNew.toString());
+                result.setMIMEType(mimeType);
+
+                return result;
             }
 
-            XMLSignatureInput result = new XMLSignatureInput(baos.toByteArray());
-
-            result.setSourceURI(uriNew.toString());
-            result.setMIMEType(mimeType);
-
-            return result;
         } catch (URISyntaxException ex) {
-            throw new ResourceResolverException("generic.EmptyMessage", ex, context.attr, context.baseUri);
+            throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
         } catch (MalformedURLException ex) {
-            throw new ResourceResolverException("generic.EmptyMessage", ex, context.attr, context.baseUri);
+            throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
         } catch (IOException ex) {
-            throw new ResourceResolverException("generic.EmptyMessage", ex, context.attr, context.baseUri);
+            throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
         } catch (IllegalArgumentException e) {
-            throw new ResourceResolverException("generic.EmptyMessage", e, context.attr, context.baseUri);
-        } finally {
-            if (inputStream != null) {
-                try {
-                    inputStream.close();
-                } catch (IOException e) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                    }
-                }
-            }
+            throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
         }
     }
 
@@ -194,7 +176,7 @@
                 engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPass]);
 
         Proxy proxy = null;
-        if ((proxyHostProp != null) && (proxyPortProp != null)) {
+        if (proxyHostProp != null && proxyPortProp != null) {
             int port = Integer.parseInt(proxyPortProp);
             proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHostProp, port));
         }
@@ -203,9 +185,9 @@
         if (proxy != null) {
             urlConnection = url.openConnection(proxy);
 
-            if ((proxyUser != null) && (proxyPass != null)) {
+            if (proxyUser != null && proxyPass != null) {
                 String password = proxyUser + ":" + proxyPass;
-                String authString = "Basic " + Base64.encode(password.getBytes("ISO-8859-1"));
+                String authString = "Basic " + Base64.getMimeEncoder().encodeToString(password.getBytes(StandardCharsets.ISO_8859_1));
 
                 urlConnection.setRequestProperty("Proxy-Authorization", authString);
             }
@@ -219,46 +201,35 @@
     /**
      * We resolve http URIs <I>without</I> fragment...
      *
-     * @param uri
-     * @param baseURI
+     * @param context
      * @return true if can be resolved
      */
     public boolean engineCanResolveURI(ResourceResolverContext context) {
         if (context.uriToResolve == null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "quick fail, uri == null");
-            }
+            LOG.debug("quick fail, uri == null");
             return false;
         }
 
-        if (context.uriToResolve.equals("") || (context.uriToResolve.charAt(0)=='#')) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "quick fail for empty URIs and local ones");
-            }
+        if (context.uriToResolve.equals("") || context.uriToResolve.charAt(0) == '#') {
+            LOG.debug("quick fail for empty URIs and local ones");
             return false;
         }
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I was asked whether I can resolve " + context.uriToResolve);
-        }
+        LOG.debug("I was asked whether I can resolve {}", context.uriToResolve);
 
         if (context.uriToResolve.startsWith("http:") ||
-            (context.baseUri != null && context.baseUri.startsWith("http:") )) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I state that I can resolve " + context.uriToResolve);
-            }
+            context.baseUri != null && context.baseUri.startsWith("http:")) {
+            LOG.debug("I state that I can resolve {}", context.uriToResolve);
             return true;
         }
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "I state that I can't resolve " + context.uriToResolve);
-        }
+        LOG.debug("I state that I can't resolve {}", context.uriToResolve);
 
         return false;
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public String[] engineGetPropertyKeys() {
         return ResolverDirectHTTP.properties.clone();
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java
@@ -34,16 +34,14 @@
 /**
  * This resolver is used for resolving same-document URIs like URI="" of URI="#id".
  *
- * @author $Author: coheigea $
  * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel">The Reference processing model in the XML Signature spec</A>
  * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-Same-Document">Same-Document URI-References in the XML Signature spec</A>
  * @see <A HREF="http://www.ietf.org/rfc/rfc2396.txt">Section 4.2 of RFC 2396</A>
  */
 public class ResolverFragment extends ResourceResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ResolverFragment.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResolverFragment.class);
 
     @Override
     public boolean engineIsThreadSafe() {
@@ -51,12 +49,9 @@
     }
 
     /**
-     * Method engineResolve
-     *
-     * @inheritDoc
-     * @param uri
-     * @param baseURI
+     * {@inheritDoc}
      */
+    @Override
     public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
         throws ResourceResolverException {
 
@@ -68,9 +63,7 @@
              * Identifies the node-set (minus any comment nodes) of the XML
              * resource containing the signature
              */
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "ResolverFragment with empty URI (means complete document)");
-            }
+            LOG.debug("ResolverFragment with empty URI (means complete document)");
             selectedElem = doc;
         } else {
             /*
@@ -87,7 +80,7 @@
             if (selectedElem == null) {
                 Object exArgs[] = { id };
                 throw new ResourceResolverException(
-                    "signature.Verification.MissingID", exArgs, context.attr, context.baseUri
+                    "signature.Verification.MissingID", exArgs, context.uriToResolve, context.baseUri
                 );
             }
             if (context.secureValidation) {
@@ -95,18 +88,17 @@
                 if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
                     Object exArgs[] = { id };
                     throw new ResourceResolverException(
-                        "signature.Verification.MultipleIDs", exArgs, context.attr, context.baseUri
+                        "signature.Verification.MultipleIDs", exArgs, context.uriToResolve, context.baseUri
                     );
                 }
             }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE,
-                    "Try to catch an Element with ID " + id + " and Element was " + selectedElem
-                );
-            }
+            LOG.debug(
+                "Try to catch an Element with ID {} and Element was {}", id, selectedElem
+            );
         }
 
         XMLSignatureInput result = new XMLSignatureInput(selectedElem);
+        result.setSecureValidation(context.secureValidation);
         result.setExcludeComments(true);
 
         result.setMIMEType("text/xml");
@@ -120,29 +112,22 @@
 
     /**
      * Method engineCanResolve
-     * @inheritDoc
-     * @param uri
-     * @param baseURI
+     * {@inheritDoc}
+     * @param context
      */
     public boolean engineCanResolveURI(ResourceResolverContext context) {
         if (context.uriToResolve == null) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Quick fail for null uri");
-            }
+            LOG.debug("Quick fail for null uri");
             return false;
         }
 
         if (context.uriToResolve.equals("") ||
-            ((context.uriToResolve.charAt(0) == '#') && !context.uriToResolve.startsWith("#xpointer("))
+            context.uriToResolve.charAt(0) == '#' && !context.uriToResolve.startsWith("#xpointer(")
         ) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "State I can resolve reference: \"" + context.uriToResolve + "\"");
-            }
+            LOG.debug("State I can resolve reference: \"{}\"", context.uriToResolve);
             return true;
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Do not seem to be able to resolve reference: \"" + context.uriToResolve + "\"");
-        }
+        LOG.debug("Do not seem to be able to resolve reference: \"{}\"", context.uriToResolve);
         return false;
     }
 
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverLocalFilesystem.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverLocalFilesystem.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverLocalFilesystem.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverLocalFilesystem.java
@@ -22,9 +22,11 @@
  */
 package com.sun.org.apache.xml.internal.security.utils.resolver.implementations;
 
-import java.io.FileInputStream;
+import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverContext;
@@ -38,9 +40,8 @@
 
     private static final int FILE_URI_LENGTH = "file:/".length();
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ResolverLocalFilesystem.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResolverLocalFilesystem.class);
 
     @Override
     public boolean engineIsThreadSafe() {
@@ -48,7 +49,7 @@
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     @Override
     public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
@@ -59,14 +60,15 @@
 
             String fileName =
                 ResolverLocalFilesystem.translateUriToFilename(uriNew.toString());
-            FileInputStream inputStream = new FileInputStream(fileName);
+            InputStream inputStream = Files.newInputStream(Paths.get(fileName));
             XMLSignatureInput result = new XMLSignatureInput(inputStream);
+            result.setSecureValidation(context.secureValidation);
 
             result.setSourceURI(uriNew.toString());
 
             return result;
         } catch (Exception e) {
-            throw new ResourceResolverException("generic.EmptyMessage", e, context.attr, context.baseUri);
+            throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
         }
     }
 
@@ -106,38 +108,30 @@
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public boolean engineCanResolveURI(ResourceResolverContext context) {
         if (context.uriToResolve == null) {
             return false;
         }
 
-        if (context.uriToResolve.equals("") || (context.uriToResolve.charAt(0)=='#') ||
+        if (context.uriToResolve.equals("") || context.uriToResolve.charAt(0) == '#' ||
             context.uriToResolve.startsWith("http:")) {
             return false;
         }
 
         try {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "I was asked whether I can resolve " + context.uriToResolve);
-            }
+            LOG.debug("I was asked whether I can resolve {}", context.uriToResolve);
 
             if (context.uriToResolve.startsWith("file:") || context.baseUri.startsWith("file:")) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "I state that I can resolve " + context.uriToResolve);
-                }
+                LOG.debug("I state that I can resolve {}", context.uriToResolve);
                 return true;
             }
         } catch (Exception e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
         }
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "But I can't");
-        }
+        LOG.debug("But I can't");
 
         return false;
     }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverXPointer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverXPointer.java
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverXPointer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverXPointer.java
@@ -33,10 +33,10 @@
 
 /**
  * Handles barename XPointer Reference URIs.
- * <BR />
+ * <p></p>
  * To retain comments while selecting an element by an identifier ID,
  * use the following full XPointer: URI='#xpointer(id('ID'))'.
- * <BR />
+ * <p></p>
  * To retain comments while selecting the entire document,
  * use the following full XPointer: URI='#xpointer(/)'.
  * This XPointer contains a simple XPath expression that includes
@@ -44,13 +44,11 @@
  * nodes of the parse tree (all descendants, plus all attributes,
  * plus all namespaces nodes).
  *
- * @author $Author: coheigea $
  */
 public class ResolverXPointer extends ResourceResolverSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ResolverXPointer.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResolverXPointer.class);
 
     private static final String XP = "#xpointer(id(";
     private static final int XP_LENGTH = XP.length();
@@ -61,7 +59,7 @@
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     @Override
     public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
@@ -81,7 +79,7 @@
                 if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
                     Object exArgs[] = { id };
                     throw new ResourceResolverException(
-                        "signature.Verification.MultipleIDs", exArgs, context.attr, context.baseUri
+                        "signature.Verification.MultipleIDs", exArgs, context.uriToResolve, context.baseUri
                     );
                 }
             }
@@ -90,12 +88,13 @@
                 Object exArgs[] = { id };
 
                 throw new ResourceResolverException(
-                    "signature.Verification.MissingID", exArgs, context.attr, context.baseUri
+                    "signature.Verification.MissingID", exArgs, context.uriToResolve, context.baseUri
                 );
             }
         }
 
         XMLSignatureInput result = new XMLSignatureInput(resultNode);
+        result.setSecureValidation(context.secureValidation);
 
         result.setMIMEType("text/xml");
         if (context.baseUri != null && context.baseUri.length() > 0) {
@@ -108,7 +107,7 @@
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     public boolean engineCanResolveURI(ResourceResolverContext context) {
         if (context.uriToResolve == null) {
@@ -146,11 +145,9 @@
             String idPlusDelim = uri.substring(XP_LENGTH, uri.length() - 2);
 
             int idLen = idPlusDelim.length() -1;
-            if (((idPlusDelim.charAt(0) == '"') && (idPlusDelim.charAt(idLen) == '"'))
-                || ((idPlusDelim.charAt(0) == '\'') && (idPlusDelim.charAt(idLen) == '\''))) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Id = " + idPlusDelim.substring(1, idLen));
-                }
+            if (idPlusDelim.charAt(0) == '"' && idPlusDelim.charAt(idLen) == '"'
+                || idPlusDelim.charAt(0) == '\'' && idPlusDelim.charAt(idLen) == '\'') {
+                LOG.debug("Id = {}", idPlusDelim.substring(1, idLen));
                 return true;
             }
         }
@@ -166,11 +163,11 @@
      */
     private static String getXPointerId(String uri) {
         if (uri.startsWith(XP) && uri.endsWith("))")) {
-            String idPlusDelim = uri.substring(XP_LENGTH,uri.length() - 2);
+            String idPlusDelim = uri.substring(XP_LENGTH, uri.length() - 2);
 
             int idLen = idPlusDelim.length() -1;
-            if (((idPlusDelim.charAt(0) == '"') && (idPlusDelim.charAt(idLen) == '"'))
-                || ((idPlusDelim.charAt(0) == '\'') && (idPlusDelim.charAt(idLen) == '\''))) {
+            if (idPlusDelim.charAt(0) == '"' && idPlusDelim.charAt(idLen) == '"'
+                || idPlusDelim.charAt(0) == '\'' && idPlusDelim.charAt(idLen) == '\'') {
                 return idPlusDelim.substring(1, idLen);
             }
         }
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/package.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<HTML> 
-<HEAD> </HEAD> 
-<BODY> 
-<P>
-implememtations of different ResourceResolver classes used to resolve ds:Reference URIs.
-</P>
-</BODY> 
-</HTML>
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/package.html b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/package.html
deleted file mode 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/package.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<HTML> 
-<HEAD> </HEAD> 
-<BODY> 
-<P>
-the ResourceResolver classes used to resolve ds:Reference URIs.
-</P>
-</BODY> 
-</HTML>
diff --git a/src/share/classes/com/sun/org/slf4j/internal/Logger.java b/src/share/classes/com/sun/org/slf4j/internal/Logger.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/slf4j/internal/Logger.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package com.sun.org.slf4j.internal;
+
+// Bridge to java.util.logging.
+public class Logger {
+
+    private final java.util.logging.Logger impl;
+
+    public Logger(String name) {
+        impl = java.util.logging.Logger.getLogger(name);
+    }
+
+    public boolean isDebugEnabled() {
+        return impl.isLoggable(java.util.logging.Level.FINE);
+    }
+
+    public boolean isTraceEnabled() {
+        return impl.isLoggable(java.util.logging.Level.FINE);
+    }
+
+    public void debug(String s) {
+        impl.log(java.util.logging.Level.FINE, s);
+    }
+
+    public void debug(String s, Throwable e) {
+        impl.log(java.util.logging.Level.FINE, s, e);
+    }
+
+    public void debug(String s, Object... o) {
+        impl.log(java.util.logging.Level.FINE, s, o);
+    }
+
+    public void trace(String s) {
+        impl.log(java.util.logging.Level.FINE, s);
+    }
+
+    public void error(String s) {
+        impl.log(java.util.logging.Level.SEVERE, s);
+    }
+
+    public void error(String s, Throwable e) {
+        impl.log(java.util.logging.Level.SEVERE, s, e);
+    }
+
+    public void error(String s, Object... o) {
+        impl.log(java.util.logging.Level.SEVERE, s, o);
+    }
+
+    public void warn(String s) {
+        impl.log(java.util.logging.Level.WARNING, s);
+    }
+
+    public void warn(String s, Throwable e) {
+        impl.log(java.util.logging.Level.WARNING, s, e);
+    }
+}
diff --git a/src/share/classes/com/sun/org/slf4j/internal/LoggerFactory.java b/src/share/classes/com/sun/org/slf4j/internal/LoggerFactory.java
new file mode 100644
--- /dev/null
+++ b/src/share/classes/com/sun/org/slf4j/internal/LoggerFactory.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package com.sun.org.slf4j.internal;
+
+// Bridge to java.util.logging.
+public class LoggerFactory {
+
+    public static Logger getLogger(Class<?> clazz) {
+        return new Logger(clazz.getName());
+    }
+}
diff --git a/src/share/classes/javax/xml/crypto/dsig/DigestMethod.java b/src/share/classes/javax/xml/crypto/dsig/DigestMethod.java
--- a/src/share/classes/javax/xml/crypto/dsig/DigestMethod.java
+++ b/src/share/classes/javax/xml/crypto/dsig/DigestMethod.java
@@ -60,29 +60,31 @@
  */
 public interface DigestMethod extends XMLStructure, AlgorithmMethod {
 
+    // All methods can be found in RFC 6931.
+
     /**
      * The <a href="http://www.w3.org/2000/09/xmldsig#sha1">
      * SHA1</a> digest method algorithm URI.
      */
-    static final String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
+    String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
 
     /**
      * The <a href="http://www.w3.org/2001/04/xmlenc#sha256">
      * SHA256</a> digest method algorithm URI.
      */
-    static final String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
+    String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
 
     /**
      * The <a href="http://www.w3.org/2001/04/xmlenc#sha512">
      * SHA512</a> digest method algorithm URI.
      */
-    static final String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
+    String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
 
     /**
      * The <a href="http://www.w3.org/2001/04/xmlenc#ripemd160">
      * RIPEMD-160</a> digest method algorithm URI.
      */
-    static final String RIPEMD160 = "http://www.w3.org/2001/04/xmlenc#ripemd160";
+    String RIPEMD160 = "http://www.w3.org/2001/04/xmlenc#ripemd160";
 
     /**
      * Returns the algorithm-specific input parameters associated with this
diff --git a/src/share/classes/javax/xml/crypto/dsig/SignatureMethod.java b/src/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
--- a/src/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
+++ b/src/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
@@ -61,25 +61,27 @@
  */
 public interface SignatureMethod extends XMLStructure, AlgorithmMethod {
 
+    // All methods can be found in RFC 6931.
+
     /**
-     * The <a href="http://www.w3.org/2000/09/xmldsig#dsa-sha1">DSAwithSHA1</a>
+     * The <a href="http://www.w3.org/2000/09/xmldsig#dsa-sha1">DSA-SHA1</a>
      * (DSS) signature method algorithm URI.
      */
-    static final String DSA_SHA1 =
+    String DSA_SHA1 =
         "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
 
     /**
-     * The <a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">RSAwithSHA1</a>
+     * The <a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">RSA-SHA1</a>
      * (PKCS #1) signature method algorithm URI.
      */
-    static final String RSA_SHA1 =
+    String RSA_SHA1 =
         "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
 
     /**
      * The <a href="http://www.w3.org/2000/09/xmldsig#hmac-sha1">HMAC-SHA1</a>
      * MAC signature method algorithm URI
      */
-    static final String HMAC_SHA1 =
+    String HMAC_SHA1 =
         "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
 
     /**
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/DigesterOutputStream.java b/src/share/classes/org/jcp/xml/dsig/internal/DigesterOutputStream.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/DigesterOutputStream.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/DigesterOutputStream.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DigesterOutputStream.java,v 1.5 2005/12/20 20:02:39 mullan Exp $
+ * $Id: DigesterOutputStream.java, v 1.5 2005/12/20 20:02:39 mullan Exp $
  */
 package org.jcp.xml.dsig.internal;
 
@@ -42,12 +42,10 @@
  * com.sun.org.apache.xml.internal.security.algorithms.MessageDigestAlgorithm objects.
  * It also optionally caches the input bytes.
  *
- * @author raul
- * @author Sean Mullan
  */
 public class DigesterOutputStream extends OutputStream {
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DigesterOutputStream.class);
 
     private final boolean buffer;
     private UnsyncByteArrayOutputStream bos;
@@ -88,13 +86,13 @@
         if (buffer) {
             bos.write(input, offset, len);
         }
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Pre-digested input:");
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Pre-digested input:");
             StringBuilder sb = new StringBuilder(len);
             for (int i = offset; i < (offset + len); i++) {
                 sb.append((char)input[i]);
             }
-            log.log(java.util.logging.Level.FINE, sb.toString());
+            LOG.debug(sb.toString());
         }
         md.update(input, offset, len);
     }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/MacOutputStream.java b/src/share/classes/org/jcp/xml/dsig/internal/MacOutputStream.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/MacOutputStream.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/MacOutputStream.java
@@ -29,8 +29,6 @@
  * Derived from Apache sources and changed to use Mac objects instead of
  * com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm objects.
  *
- * @author raul
- * @author Sean Mullan
  *
  */
 public class MacOutputStream extends ByteArrayOutputStream {
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/SignerOutputStream.java b/src/share/classes/org/jcp/xml/dsig/internal/SignerOutputStream.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/SignerOutputStream.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/SignerOutputStream.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: SignerOutputStream.java,v 1.2 2005/09/15 14:29:02 mullan Exp $
+ * $Id: SignerOutputStream.java, v 1.2 2005/09/15 14:29:02 mullan Exp $
  */
 package org.jcp.xml.dsig.internal;
 
@@ -37,8 +37,6 @@
  * objects as input instead of
  * com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm objects.
  *
- * @author raul
- * @author Sean Mullan
  */
 public class SignerOutputStream extends ByteArrayOutputStream {
     private final Signature sig;
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java
@@ -59,10 +59,10 @@
      * @param si the SignedInfo
      * @param sig the signature bytes to be verified
      * @param context the XMLValidateContext
-     * @return <code>true</code> if the signature verified successfully,
-     *    <code>false</code> if not
-     * @throws NullPointerException if <code>key</code>, <code>si</code> or
-     *    <code>sig</code> are <code>null</code>
+     * @return {@code true} if the signature verified successfully,
+     *    {@code false} if not
+     * @throws NullPointerException if {@code key}, {@code si} or
+     *    {@code sig} are {@code null}
      * @throws InvalidKeyException if the key is improperly encoded, of
      *    the wrong type, or parameters are missing, etc
      * @throws SignatureException if an unexpected error occurs, such
@@ -81,8 +81,8 @@
      * @param si the SignedInfo
      * @param context the XMLSignContext
      * @return the signature
-     * @throws NullPointerException if <code>key</code> or
-     *    <code>si</code> are <code>null</code>
+     * @throws NullPointerException if {@code key} or
+     *    {@code si} are {@code null}
      * @throws InvalidKeyException if the key is improperly encoded, of
      *    the wrong type, or parameters are missing, etc
      * @throws XMLSignatureException if an unexpected error occurs
@@ -105,6 +105,7 @@
      * This method invokes the {@link #marshalParams marshalParams}
      * method to marshal any algorithm-specific parameters.
      */
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -140,13 +141,13 @@
     }
 
     /**
-     * Unmarshals <code>SignatureMethodParameterSpec</code> from the specified
-     * <code>Element</code>. By default, this method throws an exception since
+     * Unmarshals {@code SignatureMethodParameterSpec} from the specified
+     * {@code Element}. By default, this method throws an exception since
      * most SignatureMethod algorithms do not have parameters. Subclasses should
      * override it if they have parameters.
      *
-     * @param paramsElem the <code>Element</code> holding the input params
-     * @return the algorithm-specific <code>SignatureMethodParameterSpec</code>
+     * @param paramsElem the {@code Element} holding the input params
+     * @return the algorithm-specific {@code SignatureMethodParameterSpec}
      * @throws MarshalException if the parameters cannot be unmarshalled
      */
     SignatureMethodParameterSpec unmarshalParams(Element paramsElem)
@@ -163,7 +164,7 @@
      * since most SignatureMethod algorithms do not have parameters. Subclasses
      * should override it if they have parameters.
      *
-     * @param params the algorithm-specific params (may be <code>null</code>)
+     * @param params the algorithm-specific params (may be {@code null})
      * @throws InvalidAlgorithmParameterException if the parameters are not
      *    appropriate for this signature method
      */
@@ -189,8 +190,8 @@
         }
         SignatureMethod osm = (SignatureMethod)o;
 
-        return (getAlgorithm().equals(osm.getAlgorithm()) &&
-            paramsEqual(osm.getParameterSpec()));
+        return getAlgorithm().equals(osm.getAlgorithm()) &&
+            paramsEqual(osm.getParameterSpec());
     }
 
     @Override
@@ -213,6 +214,6 @@
      */
     boolean paramsEqual(AlgorithmParameterSpec spec)
     {
-        return (getParameterSpec() == spec);
+        return getParameterSpec() == spec;
     }
 }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheCanonicalizer.java 1333869 2012-05-04 10:42:44Z coheigea $
+ * $Id: ApacheCanonicalizer.java 1785016 2017-03-01 18:23:48Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -34,6 +34,7 @@
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.InvalidAlgorithmParameterException;
 import java.util.Set;
+
 import javax.xml.crypto.*;
 import javax.xml.crypto.dom.DOMCryptoContext;
 import javax.xml.crypto.dsig.TransformException;
@@ -54,8 +55,8 @@
         com.sun.org.apache.xml.internal.security.Init.init();
     }
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ApacheCanonicalizer.class);
     protected Canonicalizer apacheCanonicalizer;
     private Transform apacheTransform;
     protected String inclusiveNamespaces;
@@ -116,9 +117,9 @@
         if (apacheCanonicalizer == null) {
             try {
                 apacheCanonicalizer = Canonicalizer.getInstance(getAlgorithm());
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Created canonicalizer for algorithm: " + getAlgorithm());
-                }
+                boolean secVal = Utils.secureValidation(xc);
+                apacheCanonicalizer.setSecureValidation(secVal);
+                LOG.debug("Created canonicalizer for algorithm: {}", getAlgorithm());
             } catch (InvalidCanonicalizerException ice) {
                 throw new TransformException
                     ("Couldn't find Canonicalizer for: " + getAlgorithm() +
@@ -171,9 +172,7 @@
                 @SuppressWarnings("unchecked")
                 Set<Node> ns = Utils.toNodeSet(nsd.iterator());
                 nodeSet = ns;
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Canonicalizing " + nodeSet.size() + " nodes");
-                }
+                LOG.debug("Canonicalizing {} nodes", nodeSet.size());
             } else {
                 return new OctetStreamData(new ByteArrayInputStream(
                     apacheCanonicalizer.canonicalize(
@@ -212,9 +211,9 @@
                 apacheTransform =
                     new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes());
                 apacheTransform.setElement(transformElem, xc.getBaseURI());
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Created transform for algorithm: " + getAlgorithm());
-                }
+                boolean secVal = Utils.secureValidation(xc);
+                apacheTransform.setSecureValidation(secVal);
+                LOG.debug("Created transform for algorithm: {}", getAlgorithm());
             } catch (Exception ex) {
                 throw new TransformException
                     ("Couldn't find Transform for: " + getAlgorithm(), ex);
@@ -223,14 +222,10 @@
 
         XMLSignatureInput in;
         if (data instanceof ApacheData) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "ApacheData = true");
-            }
+            LOG.debug("ApacheData = true");
             in = ((ApacheData)data).getXMLSignatureInput();
         } else if (data instanceof NodeSetData) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "isNodeSet() = true");
-            }
+            LOG.debug("isNodeSet() = true");
             if (data instanceof DOMSubTreeData) {
                 DOMSubTreeData subTree = (DOMSubTreeData)data;
                 in = new XMLSignatureInput(subTree.getRoot());
@@ -242,9 +237,7 @@
                 in = new XMLSignatureInput(nodeSet);
             }
         } else {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "isNodeSet() = false");
-            }
+            LOG.debug("isNodeSet() = false");
             try {
                 in = new XMLSignatureInput
                     (((OctetStreamData)data).getOctetStream());
@@ -253,6 +246,9 @@
             }
         }
 
+        boolean secVal = Utils.secureValidation(xc);
+        in.setSecureValidation(secVal);
+
         try {
             in = apacheTransform.performTransform(in, os);
             if (!in.isNodeSet() && !in.isElement()) {
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheData.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheData.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheData.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheData.java 1333869 2012-05-04 10:42:44Z coheigea $
+ * $Id: ApacheData.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -34,7 +34,6 @@
 /**
  * XMLSignatureInput Data wrapper.
  *
- * @author Sean Mullan
  */
 public interface ApacheData extends Data {
 
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheNodeSetData.java 1203890 2011-11-18 22:47:56Z mullan $
+ * $Id: ApacheNodeSetData.java 1496478 2013-06-25 14:01:16Z mullan $
  */
 package org.jcp.xml.dsig.internal.dom;
 
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheOctetStreamData.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: ApacheOctetStreamData.java 1667527 2015-03-18 12:54:20Z mullan $
  */
 package org.jcp.xml.dsig.internal.dom;
 
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheTransform.java 1333869 2012-05-04 10:42:44Z coheigea $
+ * $Id: ApacheTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -32,10 +32,10 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.spec.AlgorithmParameterSpec;
 import java.util.Set;
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.transforms.Transform;
 
@@ -48,8 +48,6 @@
  * This is a wrapper/glue class which invokes the Apache XML-Security
  * Transform.
  *
- * @author Sean Mullan
- * @author Erwin van der Koogh
  */
 public abstract class ApacheTransform extends TransformService {
 
@@ -57,13 +55,14 @@
         com.sun.org.apache.xml.internal.security.Init.init();
     }
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ApacheTransform.class);
     private Transform apacheTransform;
     protected Document ownerDoc;
     protected Element transformElem;
     protected TransformParameterSpec params;
 
+    @Override
     public final AlgorithmParameterSpec getParameterSpec() {
         return params;
     }
@@ -110,7 +109,7 @@
         if (data == null) {
             throw new NullPointerException("data must not be null");
         }
-        return transformIt(data, xc, (OutputStream)null);
+        return transformIt(data, xc, null);
     }
 
     public Data transform(Data data, XMLCryptoContext xc, OutputStream os)
@@ -137,10 +136,9 @@
                 apacheTransform =
                     new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes());
                 apacheTransform.setElement(transformElem, xc.getBaseURI());
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Created transform for algorithm: " +
-                            getAlgorithm());
-                }
+                boolean secVal = Utils.secureValidation(xc);
+                apacheTransform.setSecureValidation(secVal);
+                LOG.debug("Created transform for algorithm: {}", getAlgorithm());
             } catch (Exception ex) {
                 throw new TransformException("Couldn't find Transform for: " +
                                              getAlgorithm(), ex);
@@ -158,18 +156,12 @@
 
         XMLSignatureInput in;
         if (data instanceof ApacheData) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "ApacheData = true");
-            }
+            LOG.debug("ApacheData = true");
             in = ((ApacheData)data).getXMLSignatureInput();
         } else if (data instanceof NodeSetData) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "isNodeSet() = true");
-            }
+            LOG.debug("isNodeSet() = true");
             if (data instanceof DOMSubTreeData) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "DOMSubTreeData = true");
-                }
+                LOG.debug("DOMSubTreeData = true");
                 DOMSubTreeData subTree = (DOMSubTreeData)data;
                 in = new XMLSignatureInput(subTree.getRoot());
                 in.setExcludeComments(subTree.excludeComments());
@@ -180,9 +172,7 @@
                 in = new XMLSignatureInput(nodeSet);
             }
         } else {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "isNodeSet() = false");
-            }
+            LOG.debug("isNodeSet() = false");
             try {
                 in = new XMLSignatureInput
                     (((OctetStreamData)data).getOctetStream());
@@ -190,6 +180,8 @@
                 throw new TransformException(ex);
             }
         }
+        boolean secVal = Utils.secureValidation(xc);
+        in.setSecureValidation(secVal);
 
         try {
             if (os != null) {
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMBase64Transform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMBase64Transform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMBase64Transform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMBase64Transform.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMBase64Transform.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: DOMBase64Transform.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -36,10 +36,10 @@
  * DOM-based implementation of Base64 Encoding Transform.
  * (Uses Apache XML-Sec Transform implementation)
  *
- * @author Sean Mullan
  */
 public final class DOMBase64Transform extends ApacheTransform {
 
+    @Override
     public void init(TransformParameterSpec params)
         throws InvalidAlgorithmParameterException {
         if (params != null) {
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
@@ -41,7 +41,6 @@
  * DOM-based implementation of CanonicalizationMethod for Canonical XML 1.1
  * (with or without comments). Uses Apache XML-Sec Canonicalizer.
  *
- * @author Sean Mullan
  */
 public final class DOMCanonicalXMLC14N11Method extends ApacheCanonicalizer {
 
@@ -68,6 +67,8 @@
             if (subTree.excludeComments()) {
                 try {
                     apacheCanonicalizer = Canonicalizer.getInstance(C14N_11);
+                    boolean secVal = Utils.secureValidation(xc);
+                    apacheCanonicalizer.setSecureValidation(secVal);
                 } catch (InvalidCanonicalizerException ice) {
                     throw new TransformException
                         ("Couldn't find Canonicalizer for: " +
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMCanonicalXMLC14NMethod.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: DOMCanonicalXMLC14NMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -41,7 +41,6 @@
  * DOM-based implementation of CanonicalizationMethod for Canonical XML
  * (with or without comments). Uses Apache XML-Sec Canonicalizer.
  *
- * @author Sean Mullan
  */
 public final class DOMCanonicalXMLC14NMethod extends ApacheCanonicalizer {
 
@@ -65,6 +64,8 @@
                 try {
                     apacheCanonicalizer = Canonicalizer.getInstance
                         (CanonicalizationMethod.INCLUSIVE);
+                    boolean secVal = Utils.secureValidation(xc);
+                    apacheCanonicalizer.setSecureValidation(secVal);
                 } catch (InvalidCanonicalizerException ice) {
                     throw new TransformException
                         ("Couldn't find Canonicalizer for: " +
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMCanonicalizationMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMCanonicalizationMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -41,13 +41,12 @@
 /**
  * DOM-based abstract implementation of CanonicalizationMethod.
  *
- * @author Sean Mullan
  */
 public class DOMCanonicalizationMethod extends DOMTransform
     implements CanonicalizationMethod {
 
     /**
-     * Creates a <code>DOMCanonicalizationMethod</code>.
+     * Creates a {@code DOMCanonicalizationMethod}.
      *
      * @param spi TransformService
      */
@@ -55,17 +54,14 @@
         throws InvalidAlgorithmParameterException
     {
         super(spi);
-        if (!(spi instanceof ApacheCanonicalizer) &&
-                !isC14Nalg(spi.getAlgorithm())) {
-            throw new InvalidAlgorithmParameterException(
-                "Illegal CanonicalizationMethod");
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+            throw new InvalidAlgorithmParameterException("Illegal CanonicalizationMethod");
         }
     }
 
     /**
-     * Creates a <code>DOMCanonicalizationMethod</code> from an element. This
-     * ctor invokes the abstract {@link #unmarshalParams unmarshalParams}
-     * method to unmarshal any algorithm-specific input parameters.
+     * Creates a {@code DOMCanonicalizationMethod} from an element. It unmarshals any
+     * algorithm-specific input parameters.
      *
      * @param cmElem a CanonicalizationMethod element
      */
@@ -74,8 +70,7 @@
         throws MarshalException
     {
         super(cmElem, context, provider);
-        if (!(spi instanceof ApacheCanonicalizer) &&
-                !isC14Nalg(spi.getAlgorithm())) {
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
             throw new MarshalException("Illegal CanonicalizationMethod");
         }
     }
@@ -86,10 +81,10 @@
      * the {@link #transform transform} method.
      *
      * @param data the data to be canonicalized
-     * @param xc the <code>XMLCryptoContext</code> containing
-     *     additional context (may be <code>null</code> if not applicable)
+     * @param xc the {@code XMLCryptoContext} containing
+     *     additional context (may be {@code null} if not applicable)
      * @return the canonicalized data
-     * @throws NullPointerException if <code>data</code> is <code>null</code>
+     * @throws NullPointerException if {@code data} is {@code null}
      * @throws TransformException if an unexpected error occurs while
      *    canonicalizing the data
      */
@@ -116,8 +111,8 @@
         }
         CanonicalizationMethod ocm = (CanonicalizationMethod)o;
 
-        return (getAlgorithm().equals(ocm.getAlgorithm()) &&
-            DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec()));
+        return getAlgorithm().equals(ocm.getAlgorithm()) &&
+            DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec());
     }
 
     @Override
@@ -133,11 +128,21 @@
     }
 
     private static boolean isC14Nalg(String alg) {
-        return (alg.equals(CanonicalizationMethod.INCLUSIVE) ||
-                alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) ||
-                alg.equals(CanonicalizationMethod.EXCLUSIVE) ||
-                alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) ||
-                alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) ||
-                alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS));
+        return isInclusiveC14Nalg(alg) || isExclusiveC14Nalg(alg) || isC14N11alg(alg);
+    }
+
+    private static boolean isInclusiveC14Nalg(String alg) {
+        return alg.equals(CanonicalizationMethod.INCLUSIVE)
+            || alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS);
+    }
+
+    private static boolean isExclusiveC14Nalg(String alg) {
+        return alg.equals(CanonicalizationMethod.EXCLUSIVE)
+            || alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS);
+    }
+
+    private static boolean isC14N11alg(String alg) {
+        return alg.equals(DOMCanonicalXMLC14N11Method.C14N_11)
+            || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS);
     }
 }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java
@@ -1,7 +1,3 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
@@ -21,32 +17,32 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
  */
 /*
- * $Id: DOMCryptoBinary.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id$
  */
 package org.jcp.xml.dsig.internal.dom;
 
 import java.math.BigInteger;
 import javax.xml.crypto.*;
 import javax.xml.crypto.dom.DOMCryptoContext;
+
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Node;
 import org.w3c.dom.Text;
 
-import com.sun.org.apache.xml.internal.security.utils.Base64;
-
 /**
  * A DOM-based representation of the XML <code>CryptoBinary</code> simple type
  * as defined in the W3C specification for XML-Signature Syntax and Processing.
  * The XML Schema Definition is defined as:
  *
- * <pre>{@code
+ * <xmp>
  * <simpleType name="CryptoBinary">
  *   <restriction base = "base64Binary">
  *   </restriction>
  * </simpleType>
- * }</pre>
+ * </xmp>
  *
  * @author Sean Mullan
  */
@@ -68,7 +64,8 @@
         }
         this.bigNum = bigNum;
         // convert to bitstring
-        value = Base64.encode(bigNum);
+        byte[] bytes = XMLUtils.getBytes(bigNum, bigNum.bitLength());
+        value = XMLUtils.encodeToString(bytes);
     }
 
     /**
@@ -80,7 +77,7 @@
     public DOMCryptoBinary(Node cbNode) throws MarshalException {
         value = cbNode.getNodeValue();
         try {
-            bigNum = Base64.decodeBigIntegerFromText((Text) cbNode);
+            bigNum = new BigInteger(1, XMLUtils.decode(((Text) cbNode).getData()));
         } catch (Exception ex) {
             throw new MarshalException(ex);
         }
@@ -95,6 +92,7 @@
         return bigNum;
     }
 
+    @Override
     public void marshal(Node parent, String prefix, DOMCryptoContext context)
         throws MarshalException {
         parent.appendChild
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMDigestMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMDigestMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -42,19 +42,21 @@
 /**
  * DOM-based abstract implementation of DigestMethod.
  *
- * @author Sean Mullan
  */
 public abstract class DOMDigestMethod extends DOMStructure
     implements DigestMethod {
 
+    static final String SHA224 =
+        "http://www.w3.org/2001/04/xmldsig-more#sha224"; // see RFC 4051
     static final String SHA384 =
         "http://www.w3.org/2001/04/xmldsig-more#sha384"; // see RFC 4051
+
     private DigestMethodParameterSpec params;
 
     /**
-     * Creates a <code>DOMDigestMethod</code>.
+     * Creates a {@code DOMDigestMethod}.
      *
-     * @param params the algorithm-specific params (may be <code>null</code>)
+     * @param params the algorithm-specific params (may be {@code null})
      * @throws InvalidAlgorithmParameterException if the parameters are not
      *    appropriate for this digest method
      */
@@ -70,7 +72,7 @@
     }
 
     /**
-     * Creates a <code>DOMDigestMethod</code> from an element. This constructor
+     * Creates a {@code DOMDigestMethod} from an element. This constructor
      * invokes the abstract {@link #unmarshalParams unmarshalParams} method to
      * unmarshal any algorithm-specific input parameters.
      *
@@ -92,12 +94,16 @@
         String alg = DOMUtils.getAttributeValue(dmElem, "Algorithm");
         if (alg.equals(DigestMethod.SHA1)) {
             return new SHA1(dmElem);
+        } else if (alg.equals(SHA224)) {
+            return new SHA224(dmElem);
         } else if (alg.equals(DigestMethod.SHA256)) {
             return new SHA256(dmElem);
         } else if (alg.equals(SHA384)) {
             return new SHA384(dmElem);
         } else if (alg.equals(DigestMethod.SHA512)) {
             return new SHA512(dmElem);
+        } else if (alg.equals(DigestMethod.RIPEMD160)) {
+            return new RIPEMD160(dmElem);
         } else {
             throw new MarshalException("unsupported DigestMethod algorithm: " +
                                        alg);
@@ -110,7 +116,7 @@
      * since most DigestMethod algorithms do not have parameters. Subclasses
      * should override it if they have parameters.
      *
-     * @param params the algorithm-specific params (may be <code>null</code>)
+     * @param params the algorithm-specific params (may be {@code null})
      * @throws InvalidAlgorithmParameterException if the parameters are not
      *    appropriate for this digest method
      */
@@ -129,13 +135,13 @@
     }
 
     /**
-     * Unmarshals <code>DigestMethodParameterSpec</code> from the specified
-     * <code>Element</code>.  By default, this method throws an exception since
+     * Unmarshals {@code DigestMethodParameterSpec} from the specified
+     * {@code Element}.  By default, this method throws an exception since
      * most DigestMethod algorithms do not have parameters. Subclasses should
      * override it if they have parameters.
      *
-     * @param paramsElem the <code>Element</code> holding the input params
-     * @return the algorithm-specific <code>DigestMethodParameterSpec</code>
+     * @param paramsElem the {@code Element} holding the input params
+     * @return the algorithm-specific {@code DigestMethodParameterSpec}
      * @throws MarshalException if the parameters cannot be unmarshalled
      */
     DigestMethodParameterSpec unmarshalParams(Element paramsElem)
@@ -151,6 +157,7 @@
      * This method invokes the abstract {@link #marshalParams marshalParams}
      * method to marshal any algorithm-specific parameters.
      */
+    @Override
     public void marshal(Node parent, String prefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -178,10 +185,10 @@
         }
         DigestMethod odm = (DigestMethod)o;
 
-        boolean paramsEqual = (params == null ? odm.getParameterSpec() == null :
-            params.equals(odm.getParameterSpec()));
+        boolean paramsEqual = params == null ? odm.getParameterSpec() == null :
+            params.equals(odm.getParameterSpec());
 
-        return (getAlgorithm().equals(odm.getAlgorithm()) && paramsEqual);
+        return getAlgorithm().equals(odm.getAlgorithm()) && paramsEqual;
     }
 
     @Override
@@ -235,6 +242,24 @@
         }
     }
 
+    static final class SHA224 extends DOMDigestMethod {
+        SHA224(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA224(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return SHA224;
+        }
+        @Override
+        String getMessageDigestAlgorithm() {
+            return "SHA-224";
+        }
+    }
+
     static final class SHA256 extends DOMDigestMethod {
         SHA256(AlgorithmParameterSpec params)
             throws InvalidAlgorithmParameterException {
@@ -282,4 +307,22 @@
             return "SHA-512";
         }
     }
+
+    static final class RIPEMD160 extends DOMDigestMethod {
+        RIPEMD160(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        RIPEMD160(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return DigestMethod.RIPEMD160;
+        }
+        @Override
+        String getMessageDigestAlgorithm() {
+            return "RIPEMD160";
+        }
+    }
 }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMEnvelopedTransform.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: DOMEnvelopedTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -35,7 +35,6 @@
  * DOM-based implementation of Enveloped Signature Transform.
  * (Uses Apache XML-Sec Transform implementation)
  *
- * @author Sean Mullan
  */
 public final class DOMEnvelopedTransform extends ApacheTransform {
 
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMExcC14NMethod.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: DOMExcC14NMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -37,8 +37,8 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.spec.AlgorithmParameterSpec;
 import java.util.*;
+
 import org.w3c.dom.Element;
-
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
 
@@ -47,7 +47,6 @@
  * Canonical XML algorithm (with or without comments).
  * Uses Apache XML-Sec Canonicalizer.
  *
- * @author Sean Mullan
  */
 public final class DOMExcC14NMethod extends ApacheCanonicalizer {
 
@@ -81,7 +80,7 @@
         this.inclusiveNamespaces = prefixListAttr;
         int begin = 0;
         int end = prefixListAttr.indexOf(' ');
-        List<String> prefixList = new ArrayList<String>();
+        List<String> prefixList = new ArrayList<>();
         while (end != -1) {
             prefixList.add(prefixListAttr.substring(begin, end));
             begin = end + 1;
@@ -93,6 +92,12 @@
         this.params = new ExcC14NParameterSpec(prefixList);
     }
 
+    @SuppressWarnings("unchecked")
+    public List<String> getParameterSpecPrefixList(ExcC14NParameterSpec paramSpec) {
+        return paramSpec.getPrefixList();
+    }
+
+    @Override
     public void marshalParams(XMLStructure parent, XMLCryptoContext context)
         throws MarshalException
     {
@@ -120,7 +125,7 @@
         ExcC14NParameterSpec params = (ExcC14NParameterSpec)spec;
         StringBuffer prefixListAttr = new StringBuffer("");
         @SuppressWarnings("unchecked")
-        List<String> prefixList = params.getPrefixList();
+        List<String> prefixList = getParameterSpecPrefixList(params);
         for (int i = 0, size = prefixList.size(); i < size; i++) {
             prefixListAttr.append(prefixList.get(i));
             if (i < size - 1) {
@@ -148,6 +153,8 @@
                 try {
                     apacheCanonicalizer = Canonicalizer.getInstance
                         (CanonicalizationMethod.EXCLUSIVE);
+                    boolean secVal = Utils.secureValidation(xc);
+                    apacheCanonicalizer.setSecureValidation(secVal);
                 } catch (InvalidCanonicalizerException ice) {
                     throw new TransformException
                         ("Couldn't find Canonicalizer for: " +
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMHMACSignatureMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMHMACSignatureMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -50,20 +50,23 @@
 /**
  * DOM-based implementation of HMAC SignatureMethod.
  *
- * @author Sean Mullan
  */
 public abstract class DOMHMACSignatureMethod extends AbstractDOMSignatureMethod {
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DOMHMACSignatureMethod.class);
 
     // see RFC 4051 for these algorithm definitions
+    static final String HMAC_SHA224 =
+        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224";
     static final String HMAC_SHA256 =
         "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
     static final String HMAC_SHA384 =
         "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
     static final String HMAC_SHA512 =
         "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
+    static final String HMAC_RIPEMD160 =
+        "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
 
     private Mac hmac;
     private int outputLength;
@@ -71,9 +74,9 @@
     private SignatureMethodParameterSpec params;
 
     /**
-     * Creates a <code>DOMHMACSignatureMethod</code> with the specified params
+     * Creates a {@code DOMHMACSignatureMethod} with the specified params
      *
-     * @param params algorithm-specific parameters (may be <code>null</code>)
+     * @param params algorithm-specific parameters (may be {@code null})
      * @throws InvalidAlgorithmParameterException if params are inappropriate
      */
     DOMHMACSignatureMethod(AlgorithmParameterSpec params)
@@ -84,7 +87,7 @@
     }
 
     /**
-     * Creates a <code>DOMHMACSignatureMethod</code> from an element.
+     * Creates a {@code DOMHMACSignatureMethod} from an element.
      *
      * @param smElem a SignatureMethod element
      */
@@ -100,6 +103,7 @@
         }
     }
 
+    @Override
     void checkParams(SignatureMethodParameterSpec params)
         throws InvalidAlgorithmParameterException
     {
@@ -110,9 +114,7 @@
             }
             outputLength = ((HMACParameterSpec)params).getOutputLength();
             outputLengthSet = true;
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Setting outputLength from HMACParameterSpec to: " + outputLength);
-            }
+            LOG.debug("Setting outputLength from HMACParameterSpec to: {}", outputLength);
         }
     }
 
@@ -123,11 +125,9 @@
     SignatureMethodParameterSpec unmarshalParams(Element paramsElem)
         throws MarshalException
     {
-        outputLength = Integer.valueOf(paramsElem.getFirstChild().getNodeValue()).intValue();
+        outputLength = Integer.parseInt(paramsElem.getFirstChild().getNodeValue());
         outputLengthSet = true;
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "unmarshalled outputLength: " + outputLength);
-        }
+        LOG.debug("unmarshalled outputLength: {}", outputLength);
         return new HMACParameterSpec(outputLength);
     }
 
@@ -164,7 +164,7 @@
             throw new XMLSignatureException
                 ("HMACOutputLength must not be less than " + getDigestLength());
         }
-        hmac.init((SecretKey)key);
+        hmac.init(key);
         ((DOMSignedInfo)si).canonicalize(context, new MacOutputStream(hmac));
         byte[] result = hmac.doFinal();
 
@@ -191,7 +191,7 @@
             throw new XMLSignatureException
                 ("HMACOutputLength must not be less than " + getDigestLength());
         }
-        hmac.init((SecretKey)key);
+        hmac.init(key);
         ((DOMSignedInfo)si).canonicalize(context, new MacOutputStream(hmac));
         return hmac.doFinal();
     }
@@ -205,7 +205,7 @@
         }
         HMACParameterSpec ospec = (HMACParameterSpec)spec;
 
-        return (outputLength == ospec.getOutputLength());
+        return outputLength == ospec.getOutputLength();
     }
 
     Type getAlgorithmType() {
@@ -236,6 +236,28 @@
         }
     }
 
+    static final class SHA224 extends DOMHMACSignatureMethod {
+        SHA224(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA224(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return HMAC_SHA224;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "HmacSHA224";
+        }
+        @Override
+        int getDigestLength() {
+            return 224;
+        }
+    }
+
     static final class SHA256 extends DOMHMACSignatureMethod {
         SHA256(AlgorithmParameterSpec params)
             throws InvalidAlgorithmParameterException {
@@ -292,4 +314,26 @@
             return 512;
         }
     }
+
+    static final class RIPEMD160 extends DOMHMACSignatureMethod {
+        RIPEMD160(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        RIPEMD160(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return HMAC_RIPEMD160;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "HMACRIPEMD160";
+        }
+        @Override
+        int getDigestLength() {
+            return 160;
+        }
+    }
 }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
@@ -21,31 +21,34 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyInfo.java 1333869 2012-05-04 10:42:44Z coheigea $
+ * $Id: DOMKeyInfo.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
+import java.security.Provider;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dom.DOMCryptoContext;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
 import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dom.*;
-
-import java.security.Provider;
-import java.util.*;
 
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * DOM-based implementation of KeyInfo.
  *
- * @author Sean Mullan
  */
 public final class DOMKeyInfo extends DOMStructure implements KeyInfo {
 
@@ -53,15 +56,25 @@
     private final List<XMLStructure> keyInfoTypes;
 
     /**
-     * Creates a <code>DOMKeyInfo</code>.
+     * A utility function to suppress casting warnings.
+     * @param ki
+     * @return the content of a KeyInfo Object
+     */
+    @SuppressWarnings("unchecked")
+    public static List<XMLStructure> getContent(KeyInfo ki) {
+        return ki.getContent();
+    }
+
+    /**
+     * Creates a {@code DOMKeyInfo}.
      *
      * @param content a list of one or more {@link XMLStructure}s representing
      *    key information types. The list is defensively copied to protect
      *    against subsequent modification.
      * @param id an ID attribute
-     * @throws NullPointerException if <code>content</code> is <code>null</code>
-     * @throws IllegalArgumentException if <code>content</code> is empty
-     * @throws ClassCastException if <code>content</code> contains any entries
+     * @throws NullPointerException if {@code content} is {@code null}
+     * @throws IllegalArgumentException if {@code content} is empty
+     * @throws ClassCastException if {@code content} contains any entries
      *    that are not of type {@link XMLStructure}
      */
     public DOMKeyInfo(List<? extends XMLStructure> content, String id) {
@@ -69,7 +82,7 @@
             throw new NullPointerException("content cannot be null");
         }
         this.keyInfoTypes =
-            Collections.unmodifiableList(new ArrayList<XMLStructure>(content));
+            Collections.unmodifiableList(new ArrayList<>(content));
         if (this.keyInfoTypes.isEmpty()) {
             throw new IllegalArgumentException("content cannot be empty");
         }
@@ -83,7 +96,7 @@
     }
 
     /**
-     * Creates a <code>DOMKeyInfo</code> from XML.
+     * Creates a {@code DOMKeyInfo} from XML.
      *
      * @param kiElem KeyInfo element
      */
@@ -101,35 +114,32 @@
         }
 
         // get all children nodes
-        NodeList nl = kiElem.getChildNodes();
-        int length = nl.getLength();
-        if (length < 1) {
-            throw new MarshalException
-                ("KeyInfo must contain at least one type");
+        List<XMLStructure> content = new ArrayList<>();
+        Node firstChild = kiElem.getFirstChild();
+        if (firstChild == null) {
+            throw new MarshalException("KeyInfo must contain at least one type");
         }
-        List<XMLStructure> content = new ArrayList<XMLStructure>(length);
-        for (int i = 0; i < length; i++) {
-            Node child = nl.item(i);
-            // ignore all non-Element nodes
-            if (child.getNodeType() != Node.ELEMENT_NODE) {
-                continue;
+        while (firstChild != null) {
+            if (firstChild.getNodeType() == Node.ELEMENT_NODE) {
+                Element childElem = (Element)firstChild;
+                String localName = childElem.getLocalName();
+                String namespace = childElem.getNamespaceURI();
+                if ("X509Data".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    content.add(new DOMX509Data(childElem));
+                } else if ("KeyName".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    content.add(new DOMKeyName(childElem));
+                } else if ("KeyValue".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    content.add(DOMKeyValue.unmarshal(childElem));
+                } else if ("RetrievalMethod".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    content.add(new DOMRetrievalMethod(childElem,
+                                                       context, provider));
+                } else if ("PGPData".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    content.add(new DOMPGPData(childElem));
+                } else { //may be MgmtData, SPKIData or element from other namespace
+                    content.add(new javax.xml.crypto.dom.DOMStructure(childElem));
+                }
             }
-            Element childElem = (Element)child;
-            String localName = childElem.getLocalName();
-            if (localName.equals("X509Data")) {
-                content.add(new DOMX509Data(childElem));
-            } else if (localName.equals("KeyName")) {
-                content.add(new DOMKeyName(childElem));
-            } else if (localName.equals("KeyValue")) {
-                content.add(DOMKeyValue.unmarshal(childElem));
-            } else if (localName.equals("RetrievalMethod")) {
-                content.add(new DOMRetrievalMethod(childElem,
-                                                   context, provider));
-            } else if (localName.equals("PGPData")) {
-                content.add(new DOMPGPData(childElem));
-            } else { //may be MgmtData, SPKIData or element from other namespace
-                content.add(new javax.xml.crypto.dom.DOMStructure((childElem)));
-            }
+            firstChild = firstChild.getNextSibling();
         }
         keyInfoTypes = Collections.unmodifiableList(content);
     }
@@ -164,9 +174,15 @@
             kiElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
                                   "xmlns:" + dsPrefix, XMLSignature.XMLNS);
         }
-        marshal(pNode, kiElem, null, dsPrefix, (DOMCryptoContext)context);
+
+        Node nextSibling = null;
+        if (context instanceof DOMSignContext) {
+            nextSibling = ((DOMSignContext)context).getNextSibling();
+        }
+        marshal(pNode, kiElem, nextSibling, dsPrefix, (DOMCryptoContext)context);
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix,
                         DOMCryptoContext context)
         throws MarshalException
@@ -215,10 +231,10 @@
         }
         KeyInfo oki = (KeyInfo)o;
 
-        boolean idsEqual = (id == null ? oki.getId() == null
-                                       : id.equals(oki.getId()));
+        boolean idsEqual = id == null ? oki.getId() == null
+                                       : id.equals(oki.getId());
 
-        return (keyInfoTypes.equals(oki.getContent()) && idsEqual);
+        return keyInfoTypes.equals(oki.getContent()) && idsEqual;
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
@@ -21,20 +21,35 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyInfoFactory.java 1333869 2012-05-04 10:42:44Z coheigea $
+ * $Id: DOMKeyInfoFactory.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
 import java.math.BigInteger;
 import java.security.KeyException;
 import java.security.PublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.RSAPublicKey;
 import java.util.List;
-import javax.xml.crypto.*;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.keyinfo.*;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyName;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.keyinfo.PGPData;
+import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -42,7 +57,6 @@
 /**
  * DOM-based implementation of KeyInfoFactory.
  *
- * @author Sean Mullan
  */
 public final class DOMKeyInfoFactory extends KeyInfoFactory {
 
@@ -64,12 +78,12 @@
 
     public KeyValue newKeyValue(PublicKey key)  throws KeyException {
         String algorithm = key.getAlgorithm();
-        if (algorithm.equals("DSA")) {
-            return new DOMKeyValue.DSA(key);
-        } else if (algorithm.equals("RSA")) {
-            return new DOMKeyValue.RSA(key);
-        } else if (algorithm.equals("EC")) {
-            return new DOMKeyValue.EC(key);
+        if ("DSA".equals(algorithm)) {
+            return new DOMKeyValue.DSA((DSAPublicKey) key);
+        } else if ("RSA".equals(algorithm)) {
+            return new DOMKeyValue.RSA((RSAPublicKey) key);
+        } else if ("EC".equals(algorithm)) {
+            return new DOMKeyValue.EC((ECPublicKey) key);
         } else {
             throw new KeyException("unsupported key algorithm: " + algorithm);
         }
@@ -79,12 +93,12 @@
         return newPGPData(keyId, null, null);
     }
 
-    @SuppressWarnings({ "unchecked", "rawtypes" })
+    @SuppressWarnings({ "rawtypes", "unchecked" })
     public PGPData newPGPData(byte[] keyId, byte[] keyPacket, List other) {
         return new DOMPGPData(keyId, keyPacket, other);
     }
 
-    @SuppressWarnings({ "unchecked", "rawtypes" })
+    @SuppressWarnings({ "rawtypes", "unchecked" })
     public PGPData newPGPData(byte[] keyPacket, List other) {
         return new DOMPGPData(keyPacket, other);
     }
@@ -93,7 +107,7 @@
         return newRetrievalMethod(uri, null, null);
     }
 
-    @SuppressWarnings({ "unchecked", "rawtypes" })
+    @SuppressWarnings({ "rawtypes", "unchecked" })
     public RetrievalMethod newRetrievalMethod(String uri, String type,
         List transforms) {
         if (uri == null) {
@@ -102,11 +116,12 @@
         return new DOMRetrievalMethod(uri, type, transforms);
     }
 
-    @SuppressWarnings("rawtypes")
+    @SuppressWarnings({ "rawtypes" })
     public X509Data newX509Data(List content) {
         return new DOMX509Data(content);
     }
 
+    @Override
     public X509IssuerSerial newX509IssuerSerial(String issuerName,
         BigInteger serialNumber) {
         return new DOMX509IssuerSerial(issuerName, serialNumber);
@@ -124,6 +139,7 @@
         return DOMURIDereferencer.INSTANCE;
     }
 
+    @Override
     public KeyInfo unmarshalKeyInfo(XMLStructure xmlStructure)
         throws MarshalException {
         if (xmlStructure == null) {
@@ -148,11 +164,12 @@
 
         // check tag
         String tag = element.getLocalName();
-        if (tag == null) {
+        String namespace = element.getNamespaceURI();
+        if (tag == null || namespace == null) {
             throw new MarshalException("Document implementation must " +
                 "support DOM Level 2 and be namespace aware");
         }
-        if (tag.equals("KeyInfo")) {
+        if ("KeyInfo".equals(tag) && XMLSignature.XMLNS.equals(namespace)) {
             try {
                 return new DOMKeyInfo(element, new UnmarshalContext(), getProvider());
             } catch (MarshalException me) {
@@ -161,7 +178,7 @@
                 throw new MarshalException(e);
             }
         } else {
-            throw new MarshalException("Invalid KeyInfo tag: " + tag);
+            throw new MarshalException("Invalid KeyInfo tag: " + namespace + ":" + tag);
         }
     }
 
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java
@@ -21,16 +21,16 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyName.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMKeyName.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
-import javax.xml.crypto.*;
+import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.keyinfo.KeyName;
 
 import org.w3c.dom.Document;
@@ -40,17 +40,16 @@
 /**
  * DOM-based implementation of KeyName.
  *
- * @author Sean Mullan
  */
 public final class DOMKeyName extends DOMStructure implements KeyName {
 
     private final String name;
 
     /**
-     * Creates a <code>DOMKeyName</code>.
+     * Creates a {@code DOMKeyName}.
      *
      * @param name the name of the key identifier
-     * @throws NullPointerException if <code>name</code> is null
+     * @throws NullPointerException if {@code name} is null
      */
     public DOMKeyName(String name) {
         if (name == null) {
@@ -60,7 +59,7 @@
     }
 
     /**
-     * Creates a <code>DOMKeyName</code> from a KeyName element.
+     * Creates a {@code DOMKeyName} from a KeyName element.
      *
      * @param knElem a KeyName element
      */
@@ -72,6 +71,7 @@
         return name;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyValue.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMKeyValue.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -54,25 +54,23 @@
 import java.security.spec.KeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.Arrays;
+
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
-
 /**
  * DOM-based implementation of KeyValue.
  *
- * @author Sean Mullan
  */
-public abstract class DOMKeyValue extends DOMStructure implements KeyValue {
+public abstract class DOMKeyValue<K extends PublicKey> extends DOMStructure implements KeyValue {
 
     private static final String XMLDSIG_11_XMLNS
         = "http://www.w3.org/2009/xmldsig11#";
-    private final PublicKey publicKey;
+    private final K publicKey;
 
-    public DOMKeyValue(PublicKey key) throws KeyException {
+    public DOMKeyValue(K key) throws KeyException {
         if (key == null) {
             throw new NullPointerException("key cannot be null");
         }
@@ -80,7 +78,7 @@
     }
 
     /**
-     * Creates a <code>DOMKeyValue</code> from an element.
+     * Creates a {@code DOMKeyValue} from an element.
      *
      * @param kvtElem a KeyValue child element
      */
@@ -90,11 +88,16 @@
 
     static KeyValue unmarshal(Element kvElem) throws MarshalException {
         Element kvtElem = DOMUtils.getFirstChildElement(kvElem);
-        if (kvtElem.getLocalName().equals("DSAKeyValue")) {
+        if (kvtElem == null) {
+            throw new MarshalException("KeyValue must contain at least one type");
+        }
+
+        String namespace = kvtElem.getNamespaceURI();
+        if (kvtElem.getLocalName().equals("DSAKeyValue") && XMLSignature.XMLNS.equals(namespace)) {
             return new DSA(kvtElem);
-        } else if (kvtElem.getLocalName().equals("RSAKeyValue")) {
+        } else if (kvtElem.getLocalName().equals("RSAKeyValue") && XMLSignature.XMLNS.equals(namespace)) {
             return new RSA(kvtElem);
-        } else if (kvtElem.getLocalName().equals("ECKeyValue")) {
+        } else if (kvtElem.getLocalName().equals("ECKeyValue") && XMLDSIG_11_XMLNS.equals(namespace)) {
             return new EC(kvtElem);
         } else {
             return new Unknown(kvtElem);
@@ -109,6 +112,7 @@
         }
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -125,14 +129,14 @@
     abstract void marshalPublicKey(Node parent, Document doc, String dsPrefix,
         DOMCryptoContext context) throws MarshalException;
 
-    abstract PublicKey unmarshalKeyValue(Element kvtElem)
+    abstract K unmarshalKeyValue(Element kvtElem)
         throws MarshalException;
 
     private static PublicKey generatePublicKey(KeyFactory kf, KeySpec keyspec) {
         try {
             return kf.generatePublic(keyspec);
         } catch (InvalidKeySpecException e) {
-            //@@@ should dump exception to log
+            //@@@ should dump exception to LOG
             return null;
         }
     }
@@ -162,6 +166,15 @@
         return true;
     }
 
+    public static BigInteger decode(Element elem) throws MarshalException {
+        try {
+            String base64str = elem.getFirstChild().getNodeValue();
+            return new BigInteger(1, XMLUtils.decode(base64str));
+        } catch (Exception ex) {
+            throw new MarshalException(ex);
+        }
+    }
+
     @Override
     public int hashCode() {
         int result = 17;
@@ -172,14 +185,14 @@
         return result;
     }
 
-    static final class RSA extends DOMKeyValue {
+    static final class RSA extends DOMKeyValue<RSAPublicKey> {
         // RSAKeyValue CryptoBinaries
         private DOMCryptoBinary modulus, exponent;
         private KeyFactory rsakf;
 
-        RSA(PublicKey key) throws KeyException {
+        RSA(RSAPublicKey key) throws KeyException {
             super(key);
-            RSAPublicKey rkey = (RSAPublicKey)key;
+            RSAPublicKey rkey = key;
             exponent = new DOMCryptoBinary(rkey.getPublicExponent());
             modulus = new DOMCryptoBinary(rkey.getModulus());
         }
@@ -206,7 +219,8 @@
             parent.appendChild(rsaElem);
         }
 
-        PublicKey unmarshalKeyValue(Element kvtElem)
+        @Override
+        RSAPublicKey unmarshalKeyValue(Element kvtElem)
             throws MarshalException
         {
             if (rsakf == null) {
@@ -218,25 +232,26 @@
                 }
             }
             Element modulusElem = DOMUtils.getFirstChildElement(kvtElem,
-                                                                "Modulus");
-            modulus = new DOMCryptoBinary(modulusElem.getFirstChild());
+                                                                "Modulus",
+                                                                XMLSignature.XMLNS);
+            BigInteger modulus = decode(modulusElem);
             Element exponentElem = DOMUtils.getNextSiblingElement(modulusElem,
-                                                                  "Exponent");
-            exponent = new DOMCryptoBinary(exponentElem.getFirstChild());
-            RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus.getBigNum(),
-                                                         exponent.getBigNum());
-            return generatePublicKey(rsakf, spec);
+                                                                  "Exponent",
+                                                                  XMLSignature.XMLNS);
+            BigInteger exponent = decode(exponentElem);
+            RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
+            return (RSAPublicKey) generatePublicKey(rsakf, spec);
         }
     }
 
-    static final class DSA extends DOMKeyValue {
+    static final class DSA extends DOMKeyValue<DSAPublicKey> {
         // DSAKeyValue CryptoBinaries
-        private DOMCryptoBinary p, q, g, y, j; //, seed, pgen;
+        private DOMCryptoBinary p, q, g, y; //, seed, pgen;
         private KeyFactory dsakf;
 
-        DSA(PublicKey key) throws KeyException {
+        DSA(DSAPublicKey key) throws KeyException {
             super(key);
-            DSAPublicKey dkey = (DSAPublicKey) key;
+            DSAPublicKey dkey = key;
             DSAParams params = dkey.getParams();
             p = new DOMCryptoBinary(params.getP());
             q = new DOMCryptoBinary(params.getQ());
@@ -248,6 +263,7 @@
             super(elem);
         }
 
+        @Override
         void marshalPublicKey(Node parent, Document doc, String dsPrefix,
                               DOMCryptoContext context)
             throws MarshalException
@@ -275,7 +291,8 @@
             parent.appendChild(dsaElem);
         }
 
-        PublicKey unmarshalKeyValue(Element kvtElem)
+        @Override
+        DSAPublicKey unmarshalKeyValue(Element kvtElem)
             throws MarshalException
         {
             if (dsakf == null) {
@@ -287,41 +304,41 @@
                 }
             }
             Element curElem = DOMUtils.getFirstChildElement(kvtElem);
+            if (curElem == null) {
+                throw new MarshalException("KeyValue must contain at least one type");
+            }
             // check for P and Q
-            if (curElem.getLocalName().equals("P")) {
-                p = new DOMCryptoBinary(curElem.getFirstChild());
-                curElem = DOMUtils.getNextSiblingElement(curElem, "Q");
-                q = new DOMCryptoBinary(curElem.getFirstChild());
+            BigInteger p = null;
+            BigInteger q = null;
+            if (curElem.getLocalName().equals("P") && XMLSignature.XMLNS.equals(curElem.getNamespaceURI())) {
+                p = decode(curElem);
+                curElem = DOMUtils.getNextSiblingElement(curElem, "Q", XMLSignature.XMLNS);
+                q = decode(curElem);
                 curElem = DOMUtils.getNextSiblingElement(curElem);
             }
-            if (curElem.getLocalName().equals("G")) {
-                g = new DOMCryptoBinary(curElem.getFirstChild());
-                curElem = DOMUtils.getNextSiblingElement(curElem, "Y");
+            BigInteger g = null;
+            if (curElem != null
+                && curElem.getLocalName().equals("G") && XMLSignature.XMLNS.equals(curElem.getNamespaceURI())) {
+                g = decode(curElem);
+                curElem = DOMUtils.getNextSiblingElement(curElem, "Y", XMLSignature.XMLNS);
             }
-            y = new DOMCryptoBinary(curElem.getFirstChild());
-            curElem = DOMUtils.getNextSiblingElement(curElem);
-            if (curElem != null && curElem.getLocalName().equals("J")) {
-                j = new DOMCryptoBinary(curElem.getFirstChild());
-                // curElem = DOMUtils.getNextSiblingElement(curElem);
-            }
-            /*
+            BigInteger y = null;
             if (curElem != null) {
-                seed = new DOMCryptoBinary(curElem.getFirstChild());
+                y = decode(curElem);
                 curElem = DOMUtils.getNextSiblingElement(curElem);
-                pgen = new DOMCryptoBinary(curElem.getFirstChild());
             }
-            */
+            //if (curElem != null && curElem.getLocalName().equals("J")) {
+                //j = new DOMCryptoBinary(curElem.getFirstChild());
+                // curElem = DOMUtils.getNextSiblingElement(curElem);
+            //}
             //@@@ do we care about j, pgenCounter or seed?
-            DSAPublicKeySpec spec = new DSAPublicKeySpec(y.getBigNum(),
-                                                         p.getBigNum(),
-                                                         q.getBigNum(),
-                                                         g.getBigNum());
-            return generatePublicKey(dsakf, spec);
+            DSAPublicKeySpec spec = new DSAPublicKeySpec(y, p, q, g);
+            return (DSAPublicKey) generatePublicKey(dsakf, spec);
         }
     }
 
-    static final class EC extends DOMKeyValue {
-        // ECKeyValue CryptoBinaries
+    static final class EC extends DOMKeyValue<ECPublicKey> {
+     // ECKeyValue CryptoBinaries
         private byte[] ecPublicKey;
         private KeyFactory eckf;
         private ECParameterSpec ecParams;
@@ -376,9 +393,8 @@
             return new Curve(name, oid, curve, g, bigInt(n), h);
         }
 
-        EC(PublicKey key) throws KeyException {
-            super(key);
-            ECPublicKey ecKey = (ECPublicKey)key;
+        EC(ECPublicKey ecKey) throws KeyException {
+            super(ecKey);
             ECPoint ecPoint = ecKey.getW();
             ecParams = ecKey.getParams();
             ecPublicKey = encodePoint(ecPoint, ecParams.getCurve());
@@ -390,14 +406,14 @@
 
         private static ECPoint decodePoint(byte[] data, EllipticCurve curve)
                 throws IOException {
-            if ((data.length == 0) || (data[0] != 4)) {
+            if (data.length == 0 || data[0] != 4) {
                 throw new IOException("Only uncompressed point format " +
                                       "supported");
             }
             // Per ANSI X9.62, an encoded point is a 1 byte type followed by
-            // ceiling(log base 2 field-size / 8) bytes of x and the same of y.
+            // ceiling(LOG base 2 field-size / 8) bytes of x and the same of y.
             int n = (data.length - 1) / 2;
-            if (n != ((curve.getField().getFieldSize() + 7) >> 3)) {
+            if (n != (curve.getField().getFieldSize() + 7) >> 3) {
                 throw new IOException("Point does not match field size");
             }
 
@@ -412,7 +428,7 @@
             int n = (curve.getField().getFieldSize() + 7) >> 3;
             byte[] xb = trimZeroes(point.getAffineX().toByteArray());
             byte[] yb = trimZeroes(point.getAffineY().toByteArray());
-            if ((xb.length > n) || (yb.length > n)) {
+            if (xb.length > n || yb.length > n) {
                 throw new RuntimeException("Point coordinates do not " +
                                            "match field size");
             }
@@ -425,7 +441,7 @@
 
         private static byte[] trimZeroes(byte[] b) {
             int i = 0;
-            while ((i < b.length - 1) && (b[i] == 0)) {
+            while (i < b.length - 1 && b[i] == 0) {
                 i++;
             }
             if (i == 0) {
@@ -464,18 +480,7 @@
             }
         }
 
-        private static ECParameterSpec getECParameterSpec(String oid) {
-            if (oid.equals(SECP256R1.getObjectId())) {
-                return SECP256R1;
-            } else if (oid.equals(SECP384R1.getObjectId())) {
-                return SECP384R1;
-            } else if (oid.equals(SECP521R1.getObjectId())) {
-                return SECP521R1;
-            } else {
-                return null;
-            }
-        }
-
+        @Override
         void marshalPublicKey(Node parent, Document doc, String dsPrefix,
                               DOMCryptoContext context)
             throws MarshalException
@@ -490,7 +495,6 @@
             Element publicKeyElem = DOMUtils.createElement(doc, "PublicKey",
                                                            XMLDSIG_11_XMLNS,
                                                            prefix);
-            Object[] args = new Object[] { ecParams };
             String oid = getCurveOid(ecParams);
             if (oid == null) {
                 throw new MarshalException("Invalid ECParameterSpec");
@@ -501,14 +505,15 @@
             namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
                                           qname, XMLDSIG_11_XMLNS);
             ecKeyValueElem.appendChild(namedCurveElem);
-            String encoded = Base64.encode(ecPublicKey);
+            String encoded = XMLUtils.encodeToString(ecPublicKey);
             publicKeyElem.appendChild
                 (DOMUtils.getOwnerDocument(publicKeyElem).createTextNode(encoded));
             ecKeyValueElem.appendChild(publicKeyElem);
             parent.appendChild(ecKeyValueElem);
         }
 
-        PublicKey unmarshalKeyValue(Element kvtElem)
+        @Override
+        ECPublicKey unmarshalKeyValue(Element kvtElem)
             throws MarshalException
         {
             if (eckf == null) {
@@ -521,14 +526,20 @@
             }
             ECParameterSpec ecParams = null;
             Element curElem = DOMUtils.getFirstChildElement(kvtElem);
-            if (curElem.getLocalName().equals("ECParameters")) {
+            if (curElem == null) {
+                throw new MarshalException("KeyValue must contain at least one type");
+            }
+
+            if (curElem.getLocalName().equals("ECParameters")
+                && XMLDSIG_11_XMLNS.equals(curElem.getNamespaceURI())) {
                 throw new UnsupportedOperationException
                     ("ECParameters not supported");
-            } else if (curElem.getLocalName().equals("NamedCurve")) {
+            } else if (curElem.getLocalName().equals("NamedCurve")
+                && XMLDSIG_11_XMLNS.equals(curElem.getNamespaceURI())) {
                 String uri = DOMUtils.getAttributeValue(curElem, "URI");
                 // strip off "urn:oid"
                 if (uri.startsWith("urn:oid:")) {
-                    String oid = uri.substring(8);
+                    String oid = uri.substring("urn:oid:".length());
                     ecParams = getECParameterSpec(oid);
                     if (ecParams == null) {
                         throw new MarshalException("Invalid curve OID");
@@ -539,20 +550,31 @@
             } else {
                 throw new MarshalException("Invalid ECKeyValue");
             }
-            curElem = DOMUtils.getNextSiblingElement(curElem, "PublicKey");
+            curElem = DOMUtils.getNextSiblingElement(curElem, "PublicKey", XMLDSIG_11_XMLNS);
             ECPoint ecPoint = null;
 
             try {
-                ecPoint = decodePoint(Base64.decode(curElem),
+                String content = XMLUtils.getFullTextChildrenFromElement(curElem);
+                ecPoint = decodePoint(XMLUtils.decode(content),
                                       ecParams.getCurve());
-            } catch (Base64DecodingException bde) {
-                throw new MarshalException("Invalid EC PublicKey", bde);
             } catch (IOException ioe) {
                 throw new MarshalException("Invalid EC Point", ioe);
             }
 
             ECPublicKeySpec spec = new ECPublicKeySpec(ecPoint, ecParams);
-            return generatePublicKey(eckf, spec);
+            return (ECPublicKey) generatePublicKey(eckf, spec);
+        }
+
+        private static ECParameterSpec getECParameterSpec(String oid) {
+            if (oid.equals(SECP256R1.getObjectId())) {
+                return SECP256R1;
+            } else if (oid.equals(SECP384R1.getObjectId())) {
+                return SECP384R1;
+            } else if (oid.equals(SECP521R1.getObjectId())) {
+                return SECP521R1;
+            } else {
+                return null;
+            }
         }
 
         static final class Curve extends ECParameterSpec {
@@ -580,15 +602,19 @@
         return new BigInteger(s, 16);
     }
 
-    static final class Unknown extends DOMKeyValue {
+    static final class Unknown extends DOMKeyValue<PublicKey> {
         private javax.xml.crypto.dom.DOMStructure externalPublicKey;
         Unknown(Element elem) throws MarshalException {
             super(elem);
         }
+
+        @Override
         PublicKey unmarshalKeyValue(Element kvElem) throws MarshalException {
             externalPublicKey = new javax.xml.crypto.dom.DOMStructure(kvElem);
             return null;
         }
+
+        @Override
         void marshalPublicKey(Node parent, Document doc, String dsPrefix,
                               DOMCryptoContext context)
             throws MarshalException
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMManifest.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMManifest.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -35,7 +35,6 @@
 import java.security.Provider;
 import java.util.*;
 
-import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -43,7 +42,6 @@
 /**
  * DOM-based implementation of Manifest.
  *
- * @author Sean Mullan
  */
 public final class DOMManifest extends DOMStructure implements Manifest {
 
@@ -51,16 +49,16 @@
     private final String id;
 
     /**
-     * Creates a <code>DOMManifest</code> containing the specified
+     * Creates a {@code DOMManifest} containing the specified
      * list of {@link Reference}s and optional id.
      *
-     * @param references a list of one or more <code>Reference</code>s. The list
+     * @param references a list of one or more {@code Reference}s. The list
      *    is defensively copied to protect against subsequent modification.
-     * @param id the id (may be <code>null</code>
-     * @throws NullPointerException if <code>references</code> is
-     *    <code>null</code>
-     * @throws IllegalArgumentException if <code>references</code> is empty
-     * @throws ClassCastException if <code>references</code> contains any
+     * @param id the id (may be {@code null}
+     * @throws NullPointerException if {@code references} is
+     *    {@code null}
+     * @throws IllegalArgumentException if {@code references} is empty
+     * @throws ClassCastException if {@code references} contains any
      *    entries that are not of type {@link Reference}
      */
     public DOMManifest(List<? extends Reference> references, String id) {
@@ -68,7 +66,7 @@
             throw new NullPointerException("references cannot be null");
         }
         this.references =
-            Collections.unmodifiableList(new ArrayList<Reference>(references));
+            Collections.unmodifiableList(new ArrayList<>(references));
         if (this.references.isEmpty()) {
             throw new IllegalArgumentException("list of references must " +
                 "contain at least one entry");
@@ -83,7 +81,7 @@
     }
 
     /**
-     * Creates a <code>DOMManifest</code> from an element.
+     * Creates a {@code DOMManifest} from an element.
      *
      * @param manElem a Manifest element
      */
@@ -91,30 +89,25 @@
                        Provider provider)
         throws MarshalException
     {
-        Attr attr = manElem.getAttributeNodeNS(null, "Id");
-        if (attr != null) {
-            this.id = attr.getValue();
-            manElem.setIdAttributeNode(attr, true);
-        } else {
-            this.id = null;
-        }
+        this.id = DOMUtils.getIdAttributeValue(manElem, "Id");
 
         boolean secVal = Utils.secureValidation(context);
 
-        Element refElem = DOMUtils.getFirstChildElement(manElem, "Reference");
-        List<Reference> refs = new ArrayList<Reference>();
+        Element refElem = DOMUtils.getFirstChildElement(manElem, "Reference", XMLSignature.XMLNS);
+        List<Reference> refs = new ArrayList<>();
         refs.add(new DOMReference(refElem, context, provider));
 
         refElem = DOMUtils.getNextSiblingElement(refElem);
         while (refElem != null) {
             String localName = refElem.getLocalName();
-            if (!localName.equals("Reference")) {
+            String namespace = refElem.getNamespaceURI();
+            if (!"Reference".equals(localName) || !XMLSignature.XMLNS.equals(namespace)) {
                 throw new MarshalException("Invalid element name: " +
-                                           localName + ", expected Reference");
+                                           namespace + ":" + localName + ", expected Reference");
             }
             refs.add(new DOMReference(refElem, context, provider));
             if (secVal && Policy.restrictNumReferences(refs.size())) {
-                String error = "A maximum of " + Policy.maxReferences()
+                String error = "A maxiumum of " + Policy.maxReferences()
                     + " references per Manifest are allowed when"
                     + " secure validation is enabled";
                 throw new MarshalException(error);
@@ -129,14 +122,16 @@
     }
 
     @SuppressWarnings("unchecked")
-    static List<Reference> getManifestReferences(Manifest mf) {
+    public static List<Reference> getManifestReferences(Manifest mf) {
         return mf.getReferences();
     }
 
+    @Override
     public List<Reference> getReferences() {
         return references;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -164,10 +159,10 @@
         }
         Manifest oman = (Manifest)o;
 
-        boolean idsEqual = (id == null ? oman.getId() == null
-                                       : id.equals(oman.getId()));
+        boolean idsEqual = id == null ? oman.getId() == null
+                                       : id.equals(oman.getId());
 
-        return (idsEqual && references.equals(oman.getReferences()));
+        return idsEqual && references.equals(oman.getReferences());
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
@@ -21,30 +21,29 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMPGPData.java 1203846 2011-11-18 21:18:17Z mullan $
+ * $Id: DOMPGPData.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
 import java.util.*;
+
 import javax.xml.crypto.*;
 import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.keyinfo.PGPData;
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  * DOM-based implementation of PGPData.
  *
- * @author Sean Mullan
  */
 public final class DOMPGPData extends DOMStructure implements PGPData {
 
@@ -53,7 +52,7 @@
     private final List<XMLStructure> externalElements;
 
     /**
-     * Creates a <code>DOMPGPData</code> containing the specified key packet.
+     * Creates a {@code DOMPGPData} containing the specified key packet.
      * and optional list of external elements.
      *
      * @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
@@ -61,12 +60,12 @@
      *    array is cloned to prevent subsequent modification.
      * @param other a list of {@link XMLStructure}s representing elements from
      *    an external namespace. The list is defensively copied to prevent
-     *    subsequent modification. May be <code>null</code> or empty.
-     * @throws NullPointerException if <code>keyPacket</code> is
-     *    <code>null</code>
+     *    subsequent modification. May be {@code null} or empty.
+     * @throws NullPointerException if {@code keyPacket} is
+     *    {@code null}
      * @throws IllegalArgumentException if the key packet is not in the
      *    correct format
-     * @throws ClassCastException if <code>other</code> contains any
+     * @throws ClassCastException if {@code other} contains any
      *    entries that are not of type {@link XMLStructure}
      */
     public DOMPGPData(byte[] keyPacket, List<? extends XMLStructure> other) {
@@ -77,7 +76,7 @@
             this.externalElements = Collections.emptyList();
         } else {
             this.externalElements =
-                Collections.unmodifiableList(new ArrayList<XMLStructure>(other));
+                Collections.unmodifiableList(new ArrayList<>(other));
             for (int i = 0, size = this.externalElements.size(); i < size; i++) {
                 if (!(this.externalElements.get(i) instanceof XMLStructure)) {
                     throw new ClassCastException
@@ -91,7 +90,7 @@
     }
 
     /**
-     * Creates a <code>DOMPGPData</code> containing the specified key id and
+     * Creates a {@code DOMPGPData} containing the specified key id and
      * optional key packet and list of external elements.
      *
      * @param keyId a PGP public key id as defined in section 11.2 of
@@ -99,15 +98,15 @@
      *    array is cloned to prevent subsequent modification.
      * @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
      *    <a href="http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a> (may
-     *    be <code>null</code>). The array is cloned to prevent subsequent
+     *    be {@code null}). The array is cloned to prevent subsequent
      *    modification.
      * @param other a list of {@link XMLStructure}s representing elements from
      *    an external namespace. The list is defensively copied to prevent
-     *    subsequent modification. May be <code>null</code> or empty.
-     * @throws NullPointerException if <code>keyId</code> is <code>null</code>
+     *    subsequent modification. May be {@code null} or empty.
+     * @throws NullPointerException if {@code keyId} is {@code null}
      * @throws IllegalArgumentException if the key id or packet is not in the
      *    correct format
-     * @throws ClassCastException if <code>other</code> contains any
+     * @throws ClassCastException if {@code other} contains any
      *    entries that are not of type {@link XMLStructure}
      */
     public DOMPGPData(byte[] keyId, byte[] keyPacket,
@@ -124,7 +123,7 @@
             this.externalElements = Collections.emptyList();
         } else {
             this.externalElements =
-                Collections.unmodifiableList(new ArrayList<XMLStructure>(other));
+                Collections.unmodifiableList(new ArrayList<>(other));
             for (int i = 0, size = this.externalElements.size(); i < size; i++) {
                 if (!(this.externalElements.get(i) instanceof XMLStructure)) {
                     throw new ClassCastException
@@ -141,53 +140,53 @@
     }
 
     /**
-     * Creates a <code>DOMPGPData</code> from an element.
+     * Creates a {@code DOMPGPData} from an element.
      *
      * @param pdElem a PGPData element
      */
     public DOMPGPData(Element pdElem) throws MarshalException {
         // get all children nodes
-        byte[] keyId = null;
-        byte[] keyPacket = null;
-        NodeList nl = pdElem.getChildNodes();
-        int length = nl.getLength();
-        List<XMLStructure> other = new ArrayList<XMLStructure>(length);
-        for (int x = 0; x < length; x++) {
-            Node n = nl.item(x);
-            if (n.getNodeType() == Node.ELEMENT_NODE) {
-                Element childElem = (Element)n;
+        byte[] pgpKeyId = null;
+        byte[] pgpKeyPacket = null;
+
+        List<XMLStructure> other = new ArrayList<>();
+        Node firstChild = pdElem.getFirstChild();
+        while (firstChild != null) {
+            if (firstChild.getNodeType() == Node.ELEMENT_NODE) {
+                Element childElem = (Element)firstChild;
                 String localName = childElem.getLocalName();
-                try {
-                    if (localName.equals("PGPKeyID")) {
-                        keyId = Base64.decode(childElem);
-                    } else if (localName.equals("PGPKeyPacket")){
-                        keyPacket = Base64.decode(childElem);
-                    } else {
-                        other.add
-                            (new javax.xml.crypto.dom.DOMStructure(childElem));
-                    }
-                } catch (Base64DecodingException bde) {
-                    throw new MarshalException(bde);
+                String namespace = childElem.getNamespaceURI();
+                if ("PGPKeyID".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    String content = XMLUtils.getFullTextChildrenFromElement(childElem);
+                    pgpKeyId = XMLUtils.decode(content);
+                } else if ("PGPKeyPacket".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    String content = XMLUtils.getFullTextChildrenFromElement(childElem);
+                    pgpKeyPacket = XMLUtils.decode(content);
+                } else {
+                    other.add
+                    (new javax.xml.crypto.dom.DOMStructure(childElem));
                 }
             }
+            firstChild = firstChild.getNextSibling();
         }
-        this.keyId = keyId;
-        this.keyPacket = keyPacket;
+        this.keyId = pgpKeyId;
+        this.keyPacket = pgpKeyPacket;
         this.externalElements = Collections.unmodifiableList(other);
     }
 
     public byte[] getKeyId() {
-        return (keyId == null ? null : (byte[])keyId.clone());
+        return keyId == null ? null : keyId.clone();
     }
 
     public byte[] getKeyPacket() {
-        return (keyPacket == null ? null : (byte[])keyPacket.clone());
+        return keyPacket == null ? null : keyPacket.clone();
     }
 
     public List<XMLStructure> getExternalElements() {
         return externalElements;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -201,7 +200,7 @@
                                                        XMLSignature.XMLNS,
                                                        dsPrefix);
             keyIdElem.appendChild
-                (ownerDoc.createTextNode(Base64.encode(keyId)));
+                (ownerDoc.createTextNode(XMLUtils.encodeToString(keyId)));
             pdElem.appendChild(keyIdElem);
         }
 
@@ -212,7 +211,7 @@
                                                         XMLSignature.XMLNS,
                                                         dsPrefix);
             keyPktElem.appendChild
-                (ownerDoc.createTextNode(Base64.encode(keyPacket)));
+                (ownerDoc.createTextNode(XMLUtils.encodeToString(keyPacket)));
             pdElem.appendChild(keyPktElem);
         }
 
@@ -253,8 +252,8 @@
         }
 
         // tag value must be 6, 14, 5 or 7
-        if (((tag & 6) != 6) && ((tag & 14) != 14) &&
-            ((tag & 5) != 5) && ((tag & 7) != 7)) {
+        if ((tag & 6) != 6 && (tag & 14) != 14 &&
+            (tag & 5) != 5 && (tag & 7) != 7) {
             throw new IllegalArgumentException("keypacket tag is invalid: " +
                                                "must be 6, 14, 5, or 7");
         }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * ===========================================================================
@@ -31,7 +31,7 @@
  * ===========================================================================
  */
 /*
- * $Id: DOMReference.java 1334007 2012-05-04 14:59:46Z coheigea $
+ * $Id: DOMReference.java 1803518 2017-07-31 11:02:52Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -45,27 +45,32 @@
 import java.net.URISyntaxException;
 import java.security.*;
 import java.util.*;
+
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
+
 import org.jcp.xml.dsig.internal.DigesterOutputStream;
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  * DOM-based implementation of Reference.
  *
- * @author Sean Mullan
- * @author Joyce Leung
  */
 public final class DOMReference extends DOMStructure
     implements Reference, DOMURIReference {
 
    /**
+    * The maximum number of transforms per reference, if secure validation is enabled.
+    */
+   public static final int MAXIMUM_TRANSFORM_COUNT = 5;
+
+   /**
     * Look up useC14N11 system property. If true, an explicit C14N11 transform
     * will be added if necessary when generating the signature. See section
     * 3.1.1 of http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ for more info.
@@ -73,15 +78,11 @@
     * If true, overrides the same property if set in the XMLSignContext.
     */
     private static boolean useC14N11 =
-        AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-            public Boolean run() {
-                return Boolean.valueOf(Boolean.getBoolean
-                    ("com.sun.org.apache.xml.internal.security.useC14N11"));
-            }
-        });
+        AccessController.doPrivileged((PrivilegedAction<Boolean>)
+            () -> Boolean.getBoolean("com.sun.org.apache.xml.internal.security.useC14N11"));
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DOMReference.class);
 
     private final DigestMethod digestMethod;
     private final String id;
@@ -103,18 +104,18 @@
     private Provider provider;
 
     /**
-     * Creates a <code>Reference</code> from the specified parameters.
+     * Creates a {@code Reference} from the specified parameters.
      *
      * @param uri the URI (may be null)
      * @param type the type (may be null)
      * @param dm the digest method
      * @param transforms a list of {@link Transform}s. The list
      *    is defensively copied to protect against subsequent modification.
-     *    May be <code>null</code> or empty.
-     * @param id the reference ID (may be <code>null</code>)
-     * @throws NullPointerException if <code>dm</code> is <code>null</code>
-     * @throws ClassCastException if any of the <code>transforms</code> are
-     *    not of type <code>Transform</code>
+     *    May be {@code null} or empty.
+     * @param id the reference ID (may be {@code null})
+     * @throws NullPointerException if {@code dm} is {@code null}
+     * @throws ClassCastException if any of the {@code transforms} are
+     *    not of type {@code Transform}
      */
     public DOMReference(String uri, String type, DigestMethod dm,
                         List<? extends Transform> transforms, String id,
@@ -141,9 +142,9 @@
             throw new NullPointerException("DigestMethod must be non-null");
         }
         if (appliedTransforms == null) {
-            this.allTransforms = new ArrayList<Transform>();
+            this.allTransforms = new ArrayList<>();
         } else {
-            this.allTransforms = new ArrayList<Transform>(appliedTransforms);
+            this.allTransforms = new ArrayList<>(appliedTransforms);
             for (int i = 0, size = this.allTransforms.size(); i < size; i++) {
                 if (!(this.allTransforms.get(i) instanceof Transform)) {
                     throw new ClassCastException
@@ -154,7 +155,7 @@
         if (transforms == null) {
             this.transforms = Collections.emptyList();
         } else {
-            this.transforms = new ArrayList<Transform>(transforms);
+            this.transforms = new ArrayList<>(transforms);
             for (int i = 0, size = this.transforms.size(); i < size; i++) {
                 if (!(this.transforms.get(i) instanceof Transform)) {
                     throw new ClassCastException
@@ -165,7 +166,7 @@
         }
         this.digestMethod = dm;
         this.uri = uri;
-        if ((uri != null) && (!uri.equals(""))) {
+        if (uri != null && !uri.equals("")) {
             try {
                 new URI(uri);
             } catch (URISyntaxException e) {
@@ -183,7 +184,7 @@
     }
 
     /**
-     * Creates a <code>DOMReference</code> from an element.
+     * Creates a {@code DOMReference} from an element.
      *
      * @param refElem a Reference element
      */
@@ -195,22 +196,25 @@
 
         // unmarshal Transforms, if specified
         Element nextSibling = DOMUtils.getFirstChildElement(refElem);
-        List<Transform> transforms = new ArrayList<Transform>(5);
-        if (nextSibling.getLocalName().equals("Transforms")) {
+        List<Transform> newTransforms = new ArrayList<>(MAXIMUM_TRANSFORM_COUNT);
+        if (nextSibling.getLocalName().equals("Transforms")
+            && XMLSignature.XMLNS.equals(nextSibling.getNamespaceURI())) {
             Element transformElem = DOMUtils.getFirstChildElement(nextSibling,
-                                                                  "Transform");
-            transforms.add(new DOMTransform(transformElem, context, provider));
+                                                                  "Transform",
+                                                                  XMLSignature.XMLNS);
+            newTransforms.add(new DOMTransform(transformElem, context, provider));
             transformElem = DOMUtils.getNextSiblingElement(transformElem);
             while (transformElem != null) {
                 String localName = transformElem.getLocalName();
-                if (!localName.equals("Transform")) {
+                String namespace = transformElem.getNamespaceURI();
+                if (!"Transform".equals(localName) || !XMLSignature.XMLNS.equals(namespace)) {
                     throw new MarshalException(
                         "Invalid element name: " + localName +
                         ", expected Transform");
                 }
-                transforms.add
+                newTransforms.add
                     (new DOMTransform(transformElem, context, provider));
-                if (secVal && Policy.restrictNumTransforms(transforms.size())) {
+                if (secVal && Policy.restrictNumTransforms(newTransforms.size())) {
                     String error = "A maximum of " + Policy.maxTransforms()
                         + " transforms per Reference are allowed when"
                         + " secure validation is enabled";
@@ -220,7 +224,8 @@
             }
             nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
         }
-        if (!nextSibling.getLocalName().equals("DigestMethod")) {
+        if (!nextSibling.getLocalName().equals("DigestMethod")
+            && XMLSignature.XMLNS.equals(nextSibling.getNamespaceURI())) {
             throw new MarshalException("Invalid element name: " +
                                        nextSibling.getLocalName() +
                                        ", expected DigestMethod");
@@ -238,12 +243,9 @@
         }
 
         // unmarshal DigestValue
-        Element dvElem = DOMUtils.getNextSiblingElement(dmElem, "DigestValue");
-        try {
-            this.digestValue = Base64.decode(dvElem);
-        } catch (Base64DecodingException bde) {
-            throw new MarshalException(bde);
-        }
+        Element dvElem = DOMUtils.getNextSiblingElement(dmElem, "DigestValue", XMLSignature.XMLNS);
+        String content = XMLUtils.getFullTextChildrenFromElement(dvElem);
+        this.digestValue = XMLUtils.decode(content);
 
         // check for extra elements
         if (DOMUtils.getNextSiblingElement(dvElem) != null) {
@@ -265,7 +267,7 @@
         this.type = DOMUtils.getAttributeValue(refElem, "Type");
         this.here = refElem.getAttributeNodeNS(null, "URI");
         this.refElem = refElem;
-        this.transforms = transforms;
+        this.transforms = newTransforms;
         this.allTransforms = transforms;
         this.appliedTransformData = null;
         this.provider = provider;
@@ -292,25 +294,23 @@
     }
 
     public byte[] getDigestValue() {
-        return (digestValue == null ? null : (byte[])digestValue.clone());
+        return digestValue == null ? null : digestValue.clone();
     }
 
     public byte[] getCalculatedDigestValue() {
-        return (calcDigestValue == null ? null
-                                        : (byte[])calcDigestValue.clone());
+        return calcDigestValue == null ? null
+                                        : calcDigestValue.clone();
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Marshalling Reference");
-        }
+        LOG.debug("Marshalling Reference");
         Document ownerDoc = DOMUtils.getOwnerDocument(parent);
 
         refElem = DOMUtils.createElement(ownerDoc, "Reference",
                                          XMLSignature.XMLNS, dsPrefix);
-
         // set attributes
         DOMUtils.setAttributeID(refElem, "Id", id);
         DOMUtils.setAttribute(refElem, "URI", uri);
@@ -333,16 +333,15 @@
         ((DOMDigestMethod)digestMethod).marshal(refElem, dsPrefix, context);
 
         // create and append DigestValue element
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Adding digestValueElem");
-        }
+        LOG.debug("Adding digestValueElem");
         Element digestValueElem = DOMUtils.createElement(ownerDoc,
                                                          "DigestValue",
                                                          XMLSignature.XMLNS,
                                                          dsPrefix);
         if (digestValue != null) {
             digestValueElem.appendChild
-                (ownerDoc.createTextNode(Base64.encode(digestValue)));
+                (ownerDoc.createTextNode(XMLUtils.encodeToString(digestValue)));
+
         }
         refElem.appendChild(digestValueElem);
 
@@ -362,10 +361,8 @@
         digestValue = transform(data, signContext);
 
         // insert digestValue into DigestValue element
-        String encodedDV = Base64.encode(digestValue);
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Reference object uri = " + uri);
-        }
+        String encodedDV = XMLUtils.encodeToString(digestValue);
+        LOG.debug("Reference object uri = {}", uri);
         Element digestElem = DOMUtils.getLastChildElement(refElem);
         if (digestElem == null) {
             throw new XMLSignatureException("DigestValue element expected");
@@ -375,9 +372,7 @@
             (refElem.getOwnerDocument().createTextNode(encodedDV));
 
         digested = true;
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Reference digesting completed");
-        }
+        LOG.debug("Reference digesting completed");
     }
 
     public boolean validate(XMLValidateContext validateContext)
@@ -392,9 +387,9 @@
         Data data = dereference(validateContext);
         calcDigestValue = transform(data, validateContext);
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Expected digest: " + Base64.encode(digestValue));
-            log.log(java.util.logging.Level.FINE, "Actual digest: " + Base64.encode(calcDigestValue));
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Expected digest: " + XMLUtils.encodeToString(digestValue));
+            LOG.debug("Actual digest: " + XMLUtils.encodeToString(calcDigestValue));
         }
 
         validationStatus = Arrays.equals(digestValue, calcDigestValue);
@@ -422,10 +417,8 @@
         }
         try {
             data = deref.dereference(this, context);
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "URIDereferencer class name: " + deref.getClass().getName());
-                log.log(java.util.logging.Level.FINE, "Data class name: " + data.getClass().getName());
-            }
+            LOG.debug("URIDereferencer class name: {}", deref.getClass().getName());
+            LOG.debug("Data class name: {}", data.getClass().getName());
         } catch (URIReferenceException ure) {
             throw new XMLSignatureException(ure);
         }
@@ -449,16 +442,14 @@
         DigesterOutputStream dos;
         Boolean cache = (Boolean)
             context.getProperty("javax.xml.crypto.dsig.cacheReference");
-        if (cache != null && cache.booleanValue()) {
+        if (cache != null && cache) {
             this.derefData = copyDerefData(dereferencedData);
             dos = new DigesterOutputStream(md, true);
         } else {
             dos = new DigesterOutputStream(md);
         }
-        OutputStream os = null;
         Data data = dereferencedData;
-        try {
-            os = new UnsyncBufferedOutputStream(dos);
+        try (OutputStream os = new UnsyncBufferedOutputStream(dos)) {
             for (int i = 0, size = transforms.size(); i < size; i++) {
                 DOMTransform transform = (DOMTransform)transforms.get(i);
                 if (i < size - 1) {
@@ -478,7 +469,7 @@
                     if (!c14n11) {
                         Boolean prop = (Boolean)context.getProperty
                             ("com.sun.org.apache.xml.internal.security.useC14N11");
-                        c14n11 = (prop != null && prop.booleanValue());
+                        c14n11 = prop != null && prop;
                         if (c14n11) {
                             c14nalg = "http://www.w3.org/2006/12/xml-c14n11";
                         }
@@ -508,6 +499,9 @@
                 } else {
                     throw new XMLSignatureException("unrecognized Data type");
                 }
+
+                boolean secVal = Utils.secureValidation(context);
+                xi.setSecureValidation(secVal);
                 if (context instanceof XMLSignContext && c14n11
                     && !xi.isOctetStream() && !xi.isOutputStreamSet()) {
                     TransformService spi = null;
@@ -542,7 +536,7 @@
                 }
             }
             os.flush();
-            if (cache != null && cache.booleanValue()) {
+            if (cache != null && cache) {
                 this.dis = dos.getInputStream();
             }
             return dos.getDigestValue();
@@ -557,13 +551,6 @@
         } catch (com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException e) {
             throw new XMLSignatureException(e);
         } finally {
-            if (os != null) {
-                try {
-                    os.close();
-                } catch (IOException e) {
-                    throw new XMLSignatureException(e);
-                }
-            }
             if (dos != null) {
                 try {
                     dos.close();
@@ -589,12 +576,12 @@
         }
         Reference oref = (Reference)o;
 
-        boolean idsEqual = (id == null ? oref.getId() == null
-                                       : id.equals(oref.getId()));
-        boolean urisEqual = (uri == null ? oref.getURI() == null
-                                         : uri.equals(oref.getURI()));
-        boolean typesEqual = (type == null ? oref.getType() == null
-                                           : type.equals(oref.getType()));
+        boolean idsEqual = id == null ? oref.getId() == null
+                                       : id.equals(oref.getId());
+        boolean urisEqual = uri == null ? oref.getURI() == null
+                                         : uri.equals(oref.getURI());
+        boolean typesEqual = type == null ? oref.getType() == null
+                                           : type.equals(oref.getType());
         boolean digestValuesEqual =
             Arrays.equals(digestValue, oref.getDigestValue());
 
@@ -640,8 +627,8 @@
                         public Iterator<Node> iterator() { return s.iterator(); }
                     };
                 } catch (Exception e) {
-                    // log a warning
-                    log.log(java.util.logging.Level.WARNING, "cannot cache dereferenced data: " + e);
+                    // LOG a warning
+                    LOG.warn("cannot cache dereferenced data: " + e);
                     return null;
                 }
             } else if (xsi.isElement()) {
@@ -653,8 +640,8 @@
                         (xsi.getOctetStream(), xsi.getSourceURI(),
                          xsi.getMIMEType());
                 } catch (IOException ioe) {
-                    // log a warning
-                    log.log(java.util.logging.Level.WARNING, "cannot cache dereferenced data: " + ioe);
+                    // LOG a warning
+                    LOG.warn("cannot cache dereferenced data: " + ioe);
                     return null;
                 }
             }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * ===========================================================================
@@ -31,23 +31,35 @@
  * ===========================================================================
  */
 /*
- * $Id: DOMRetrievalMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMRetrievalMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
 import java.io.ByteArrayInputStream;
+import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.Provider;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
 
-import javax.xml.XMLConstants;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.Data;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.NodeSetData;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dom.DOMCryptoContext;
 import javax.xml.crypto.dom.DOMURIReference;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
-import javax.xml.parsers.*;
+import javax.xml.parsers.DocumentBuilder;
+
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -56,8 +68,6 @@
 /**
  * DOM-based implementation of RetrievalMethod.
  *
- * @author Sean Mullan
- * @author Joyce Leung
  */
 public final class DOMRetrievalMethod extends DOMStructure
     implements RetrievalMethod, DOMURIReference {
@@ -68,20 +78,20 @@
     private Attr here;
 
     /**
-     * Creates a <code>DOMRetrievalMethod</code> containing the specified
+     * Creates a {@code DOMRetrievalMethod} containing the specified
      * URIReference and List of Transforms.
      *
      * @param uri the URI
      * @param type the type
      * @param transforms a list of {@link Transform}s. The list is defensively
-     *    copied to prevent subsequent modification. May be <code>null</code>
+     *    copied to prevent subsequent modification. May be {@code null}
      *    or empty.
-     * @throws IllegalArgumentException if the format of <code>uri</code> is
+     * @throws IllegalArgumentException if the format of {@code uri} is
      *    invalid, as specified by Reference's URI attribute in the W3C
      *    specification for XML-Signature Syntax and Processing
-     * @throws NullPointerException if <code>uriReference</code>
-     *    is <code>null</code>
-     * @throws ClassCastException if <code>transforms</code> contains any
+     * @throws NullPointerException if {@code uriReference}
+     *    is {@code null}
+     * @throws ClassCastException if {@code transforms} contains any
      *    entries that are not of type {@link Transform}
      */
     public DOMRetrievalMethod(String uri, String type,
@@ -94,7 +104,7 @@
             this.transforms = Collections.emptyList();
         } else {
             this.transforms = Collections.unmodifiableList(
-                new ArrayList<Transform>(transforms));
+                new ArrayList<>(transforms));
             for (int i = 0, size = this.transforms.size(); i < size; i++) {
                 if (!(this.transforms.get(i) instanceof Transform)) {
                     throw new ClassCastException
@@ -115,7 +125,7 @@
     }
 
     /**
-     * Creates a <code>DOMRetrievalMethod</code> from an element.
+     * Creates a {@code DOMRetrievalMethod} from an element.
      *
      * @param rmElem a RetrievalMethod element
      */
@@ -133,28 +143,28 @@
         boolean secVal = Utils.secureValidation(context);
 
         // get Transforms, if specified
-        List<Transform> transforms = new ArrayList<Transform>();
+        List<Transform> newTransforms = new ArrayList<>();
         Element transformsElem = DOMUtils.getFirstChildElement(rmElem);
 
         if (transformsElem != null) {
             String localName = transformsElem.getLocalName();
-            if (!localName.equals("Transforms")) {
+            String namespace = transformsElem.getNamespaceURI();
+            if (!"Transforms".equals(localName) || !XMLSignature.XMLNS.equals(namespace)) {
                 throw new MarshalException("Invalid element name: " +
-                                           localName + ", expected Transforms");
+                                           namespace + ":" + localName + ", expected Transforms");
             }
             Element transformElem =
-                DOMUtils.getFirstChildElement(transformsElem, "Transform");
-            transforms.add(new DOMTransform(transformElem, context, provider));
-            transformElem = DOMUtils.getNextSiblingElement(transformElem);
+                DOMUtils.getFirstChildElement(transformsElem, "Transform", XMLSignature.XMLNS);
             while (transformElem != null) {
                 String name = transformElem.getLocalName();
-                if (!name.equals("Transform")) {
+                namespace = transformElem.getNamespaceURI();
+                if (!"Transform".equals(name) || !XMLSignature.XMLNS.equals(namespace)) {
                     throw new MarshalException("Invalid element name: " +
                                                name + ", expected Transform");
                 }
-                transforms.add
+                newTransforms.add
                     (new DOMTransform(transformElem, context, provider));
-                if (secVal && Policy.restrictNumTransforms(transforms.size())) {
+                if (secVal && Policy.restrictNumTransforms(newTransforms.size())) {
                     String error = "A maximum of " + Policy.maxTransforms()
                         + " transforms per Reference are allowed when"
                         + " secure validation is enabled";
@@ -163,10 +173,10 @@
                 transformElem = DOMUtils.getNextSiblingElement(transformElem);
             }
         }
-        if (transforms.isEmpty()) {
+        if (newTransforms.isEmpty()) {
             this.transforms = Collections.emptyList();
         } else {
-            this.transforms = Collections.unmodifiableList(transforms);
+            this.transforms = Collections.unmodifiableList(newTransforms);
         }
     }
 
@@ -182,6 +192,7 @@
         return transforms;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -244,8 +255,8 @@
         }
 
         // guard against RetrievalMethod loops
-        if ((data instanceof NodeSetData) && Utils.secureValidation(context)
-            && Policy.restrictRetrievalMethodLoops()) {
+        if (data instanceof NodeSetData && Utils.secureValidation(context)
+                && Policy.restrictRetrievalMethodLoops()) {
             NodeSetData nsd = (NodeSetData)data;
             Iterator<?> i = nsd.iterator();
             if (i.hasNext()) {
@@ -264,16 +275,15 @@
     public XMLStructure dereferenceAsXMLStructure(XMLCryptoContext context)
         throws URIReferenceException
     {
-        try {
-            ApacheData data = (ApacheData)dereference(context);
-            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-            dbf.setNamespaceAware(true);
-            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-            DocumentBuilder db = dbf.newDocumentBuilder();
-            Document doc = db.parse(new ByteArrayInputStream
-                (data.getXMLSignatureInput().getBytes()));
+        DocumentBuilder db = null;
+        boolean secVal = Utils.secureValidation(context);
+        ApacheData data = (ApacheData)dereference(context);
+        try (InputStream is = new ByteArrayInputStream(data.getXMLSignatureInput().getBytes())) {
+            db = XMLUtils.createDocumentBuilder(false, secVal);
+            Document doc = db.parse(is);
             Element kiElem = doc.getDocumentElement();
-            if (kiElem.getLocalName().equals("X509Data")) {
+            if (kiElem.getLocalName().equals("X509Data")
+                && XMLSignature.XMLNS.equals(kiElem.getNamespaceURI())) {
                 return new DOMX509Data(kiElem);
             } else {
                 return null; // unsupported
@@ -293,11 +303,11 @@
         }
         RetrievalMethod orm = (RetrievalMethod)obj;
 
-        boolean typesEqual = (type == null ? orm.getType() == null
-                                           : type.equals(orm.getType()));
+        boolean typesEqual = type == null ? orm.getType() == null
+                                           : type.equals(orm.getType());
 
-        return (uri.equals(orm.getURI()) &&
-            transforms.equals(orm.getTransforms()) && typesEqual);
+        return uri.equals(orm.getURI()) &&
+            transforms.equals(orm.getTransforms()) && typesEqual;
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignatureMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMSignatureMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -36,6 +36,9 @@
 import java.security.*;
 import java.security.interfaces.DSAKey;
 import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+
 import org.w3c.dom.Element;
 
 import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA;
@@ -46,25 +49,30 @@
 /**
  * DOM-based abstract implementation of SignatureMethod.
  *
- * @author Sean Mullan
  */
 public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DOMSignatureMethod.class);
 
     private SignatureMethodParameterSpec params;
     private Signature signature;
 
     // see RFC 4051 for these algorithm definitions
+    static final String RSA_SHA224 =
+        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224";
     static final String RSA_SHA256 =
         "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
     static final String RSA_SHA384 =
         "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
     static final String RSA_SHA512 =
         "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+    static final String RSA_RIPEMD160 =
+        "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
     static final String ECDSA_SHA1 =
         "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+    static final String ECDSA_SHA224 =
+        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";
     static final String ECDSA_SHA256 =
         "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
     static final String ECDSA_SHA384 =
@@ -74,10 +82,26 @@
     static final String DSA_SHA256 =
         "http://www.w3.org/2009/xmldsig11#dsa-sha256";
 
+    // see RFC 6931 for these algorithm definitions
+    static final String ECDSA_RIPEMD160 =
+        "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160";
+    static final String RSA_SHA1_MGF1 =
+        "http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1";
+    static final String RSA_SHA224_MGF1 =
+        "http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1";
+    static final String RSA_SHA256_MGF1 =
+        "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1";
+    static final String RSA_SHA384_MGF1 =
+        "http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1";
+    static final String RSA_SHA512_MGF1 =
+        "http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1";
+    static final String RSA_RIPEMD160_MGF1 =
+        "http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1";
+
     /**
-     * Creates a <code>DOMSignatureMethod</code>.
+     * Creates a {@code DOMSignatureMethod}.
      *
-     * @param params the algorithm-specific params (may be <code>null</code>)
+     * @param params the algorithm-specific params (may be {@code null})
      * @throws InvalidAlgorithmParameterException if the parameters are not
      *    appropriate for this signature method
      */
@@ -94,7 +118,7 @@
     }
 
     /**
-     * Creates a <code>DOMSignatureMethod</code> from an element. This ctor
+     * Creates a {@code DOMSignatureMethod} from an element. This ctor
      * invokes the {@link #unmarshalParams unmarshalParams} method to
      * unmarshal any algorithm-specific input parameters.
      *
@@ -116,32 +140,56 @@
         String alg = DOMUtils.getAttributeValue(smElem, "Algorithm");
         if (alg.equals(SignatureMethod.RSA_SHA1)) {
             return new SHA1withRSA(smElem);
+        } else if (alg.equals(RSA_SHA224)) {
+            return new SHA224withRSA(smElem);
         } else if (alg.equals(RSA_SHA256)) {
             return new SHA256withRSA(smElem);
         } else if (alg.equals(RSA_SHA384)) {
             return new SHA384withRSA(smElem);
         } else if (alg.equals(RSA_SHA512)) {
             return new SHA512withRSA(smElem);
+        } else if (alg.equals(RSA_RIPEMD160)) {
+            return new RIPEMD160withRSA(smElem);
+        } else if (alg.equals(RSA_SHA1_MGF1)) {
+            return new SHA1withRSAandMGF1(smElem);
+        } else if (alg.equals(RSA_SHA224_MGF1)) {
+            return new SHA224withRSAandMGF1(smElem);
+        } else if (alg.equals(RSA_SHA256_MGF1)) {
+            return new SHA256withRSAandMGF1(smElem);
+        } else if (alg.equals(RSA_SHA384_MGF1)) {
+            return new SHA384withRSAandMGF1(smElem);
+        } else if (alg.equals(RSA_SHA512_MGF1)) {
+            return new SHA512withRSAandMGF1(smElem);
+        } else if (alg.equals(RSA_RIPEMD160_MGF1)) {
+            return new RIPEMD160withRSAandMGF1(smElem);
         } else if (alg.equals(SignatureMethod.DSA_SHA1)) {
             return new SHA1withDSA(smElem);
         } else if (alg.equals(DSA_SHA256)) {
             return new SHA256withDSA(smElem);
         } else if (alg.equals(ECDSA_SHA1)) {
             return new SHA1withECDSA(smElem);
+        } else if (alg.equals(ECDSA_SHA224)) {
+            return new SHA224withECDSA(smElem);
         } else if (alg.equals(ECDSA_SHA256)) {
             return new SHA256withECDSA(smElem);
         } else if (alg.equals(ECDSA_SHA384)) {
             return new SHA384withECDSA(smElem);
         } else if (alg.equals(ECDSA_SHA512)) {
             return new SHA512withECDSA(smElem);
+        } else if (alg.equals(ECDSA_RIPEMD160)) {
+            return new RIPEMD160withECDSA(smElem);
         } else if (alg.equals(SignatureMethod.HMAC_SHA1)) {
             return new DOMHMACSignatureMethod.SHA1(smElem);
+        } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA224)) {
+            return new DOMHMACSignatureMethod.SHA224(smElem);
         } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA256)) {
             return new DOMHMACSignatureMethod.SHA256(smElem);
         } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA384)) {
             return new DOMHMACSignatureMethod.SHA384(smElem);
         } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA512)) {
             return new DOMHMACSignatureMethod.SHA512(smElem);
+        } else if (alg.equals(DOMHMACSignatureMethod.HMAC_RIPEMD160)) {
+            return new DOMHMACSignatureMethod.RIPEMD160(smElem);
         } else {
             throw new MarshalException
                 ("unsupported SignatureMethod algorithm: " + alg);
@@ -152,6 +200,23 @@
         return params;
     }
 
+    /**
+     * Returns an instance of Signature from the specified Provider.
+     * The algorithm is specified by the {@code getJCAAlgorithm()} method.
+     *
+     * @param p the Provider to use
+     * @return an instance of Signature implementing the algorithm
+     *    specified by {@code getJCAAlgorithm()}
+     * @throws NoSuchAlgorithmException if the Provider does not support the
+     *    signature algorithm
+     */
+    Signature getSignature(Provider p)
+            throws NoSuchAlgorithmException {
+        return (p == null)
+            ? Signature.getInstance(getJCAAlgorithm())
+            : Signature.getInstance(getJCAAlgorithm(), p);
+    }
+
     boolean verify(Key key, SignedInfo si, byte[] sig,
                    XMLValidateContext context)
         throws InvalidKeyException, SignatureException, XMLSignatureException
@@ -165,25 +230,22 @@
         }
         checkKeySize(context, key);
         if (signature == null) {
-            try {
-                Provider p = (Provider)context.getProperty
+            Provider p = (Provider) context.getProperty
                     ("org.jcp.xml.dsig.internal.dom.SignatureProvider");
-                signature = (p == null)
-                    ? Signature.getInstance(getJCAAlgorithm())
-                    : Signature.getInstance(getJCAAlgorithm(), p);
+            try {
+                signature = getSignature(p);
             } catch (NoSuchAlgorithmException nsae) {
                 throw new XMLSignatureException(nsae);
             }
         }
         signature.initVerify((PublicKey)key);
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Signature provider:" + signature.getProvider());
-            log.log(java.util.logging.Level.FINE, "verifying with key: " + key);
-        }
-        ((DOMSignedInfo)si).canonicalize(context,
-                                         new SignerOutputStream(signature));
+        LOG.debug("Signature provider: {}", signature.getProvider());
+        LOG.debug("Verifying with key: {}", key);
+        LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
+        LOG.debug("Signature Bytes length: {}", sig.length);
 
-        try {
+        try (SignerOutputStream outputStream = new SignerOutputStream(signature)) {
+            ((DOMSignedInfo)si).canonicalize(context, outputStream);
             Type type = getAlgorithmType();
             if (type == Type.DSA) {
                 int size = ((DSAKey)key).getParams().getQ().bitLength();
@@ -215,10 +277,8 @@
                 // key size cannot be determined, so we cannot check against
                 // restrictions. Note that a DSA key w/o params will be
                 // rejected later if the certificate chain is validated.
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Size for " +
+                LOG.debug("Size for " +
                             key.getAlgorithm() + " key cannot be determined");
-                }
                 return;
             }
             if (Policy.restrictKey(key.getAlgorithm(), size)) {
@@ -242,26 +302,21 @@
         }
         checkKeySize(context, key);
         if (signature == null) {
-            try {
-                Provider p = (Provider)context.getProperty
+            Provider p = (Provider)context.getProperty
                     ("org.jcp.xml.dsig.internal.dom.SignatureProvider");
-                signature = (p == null)
-                    ? Signature.getInstance(getJCAAlgorithm())
-                    : Signature.getInstance(getJCAAlgorithm(), p);
+            try {
+                signature = getSignature(p);
             } catch (NoSuchAlgorithmException nsae) {
                 throw new XMLSignatureException(nsae);
             }
         }
         signature.initSign((PrivateKey)key);
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Signature provider:" + signature.getProvider());
-            log.log(java.util.logging.Level.FINE, "Signing with key: " + key);
-        }
+        LOG.debug("Signature provider: {}", signature.getProvider());
+        LOG.debug("Signing with key: {}", key);
+        LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
 
-        ((DOMSignedInfo)si).canonicalize(context,
-                                         new SignerOutputStream(signature));
-
-        try {
+        try (SignerOutputStream outputStream = new SignerOutputStream(signature)) {
+            ((DOMSignedInfo)si).canonicalize(context, outputStream);
             Type type = getAlgorithmType();
             if (type == Type.DSA) {
                 int size = ((DSAKey)key).getParams().getQ().bitLength();
@@ -279,6 +334,40 @@
         }
     }
 
+    abstract static class AbstractRSAPSSSignatureMethod
+            extends DOMSignatureMethod {
+
+        AbstractRSAPSSSignatureMethod(AlgorithmParameterSpec params)
+                throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+
+        AbstractRSAPSSSignatureMethod(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+
+        abstract public PSSParameterSpec getPSSParameterSpec();
+
+        @Override
+        Signature getSignature(Provider p)
+                throws NoSuchAlgorithmException {
+            try {
+                Signature s = (p == null)
+                        ? Signature.getInstance("RSASSA-PSS")
+                        : Signature.getInstance("RSASSA-PSS", p);
+                try {
+                    s.setParameter(getPSSParameterSpec());
+                } catch (InvalidAlgorithmParameterException e) {
+                    throw new NoSuchAlgorithmException("Should not happen", e);
+                }
+                return s;
+            } catch (NoSuchAlgorithmException nsae) {
+                return (p == null)
+                        ? Signature.getInstance(getJCAAlgorithm())
+                        : Signature.getInstance(getJCAAlgorithm(), p);
+            }
+        }
+    }
     static final class SHA1withRSA extends DOMSignatureMethod {
         SHA1withRSA(AlgorithmParameterSpec params)
             throws InvalidAlgorithmParameterException {
@@ -287,12 +376,34 @@
         SHA1withRSA(Element dmElem) throws MarshalException {
             super(dmElem);
         }
+        @Override
         public String getAlgorithm() {
             return SignatureMethod.RSA_SHA1;
         }
+        @Override
         String getJCAAlgorithm() {
             return "SHA1withRSA";
         }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
+    static final class SHA224withRSA extends DOMSignatureMethod {
+        SHA224withRSA(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA224withRSA(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        public String getAlgorithm() {
+            return RSA_SHA224;
+        }
+        String getJCAAlgorithm() {
+            return "SHA224withRSA";
+        }
         Type getAlgorithmType() {
             return Type.RSA;
         }
@@ -355,6 +466,205 @@
         }
     }
 
+    static final class RIPEMD160withRSA extends DOMSignatureMethod {
+        RIPEMD160withRSA(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        RIPEMD160withRSA(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return RSA_RIPEMD160;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "RIPEMD160withRSA";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
+    static final class SHA1withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
+
+        private static PSSParameterSpec spec
+                = new PSSParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1,
+                20, PSSParameterSpec.TRAILER_FIELD_BC);
+
+        SHA1withRSAandMGF1(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA1withRSAandMGF1(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return RSA_SHA1_MGF1;
+        }
+        @Override
+        public PSSParameterSpec getPSSParameterSpec() {
+            return spec;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "SHA1withRSAandMGF1";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
+    static final class SHA224withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
+
+        private static PSSParameterSpec spec
+                = new PSSParameterSpec("SHA-224", "MGF1", MGF1ParameterSpec.SHA224,
+                28, PSSParameterSpec.TRAILER_FIELD_BC);
+
+        SHA224withRSAandMGF1(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA224withRSAandMGF1(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return RSA_SHA224_MGF1;
+        }
+        @Override
+        public PSSParameterSpec getPSSParameterSpec() {
+            return spec;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "SHA224withRSAandMGF1";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
+    static final class SHA256withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
+
+        private static PSSParameterSpec spec
+                = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256,
+                32, PSSParameterSpec.TRAILER_FIELD_BC);
+
+        SHA256withRSAandMGF1(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA256withRSAandMGF1(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return RSA_SHA256_MGF1;
+        }
+        @Override
+        public PSSParameterSpec getPSSParameterSpec() {
+            return spec;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "SHA256withRSAandMGF1";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
+    static final class SHA384withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
+
+        private static PSSParameterSpec spec
+                = new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384,
+                48, PSSParameterSpec.TRAILER_FIELD_BC);
+
+        SHA384withRSAandMGF1(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA384withRSAandMGF1(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return RSA_SHA384_MGF1;
+        }
+        @Override
+        public PSSParameterSpec getPSSParameterSpec() {
+            return spec;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "SHA384withRSAandMGF1";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
+    static final class SHA512withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
+
+        private static PSSParameterSpec spec
+                = new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512,
+                64, PSSParameterSpec.TRAILER_FIELD_BC);
+
+        SHA512withRSAandMGF1(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA512withRSAandMGF1(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return RSA_SHA512_MGF1;
+        }
+        @Override
+        public PSSParameterSpec getPSSParameterSpec() {
+            return spec;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "SHA512withRSAandMGF1";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
+    static final class RIPEMD160withRSAandMGF1 extends DOMSignatureMethod {
+        RIPEMD160withRSAandMGF1(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        RIPEMD160withRSAandMGF1(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return RSA_RIPEMD160_MGF1;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "RIPEMD160withRSAandMGF1";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.RSA;
+        }
+    }
+
     static final class SHA1withDSA extends DOMSignatureMethod {
         SHA1withDSA(AlgorithmParameterSpec params)
             throws InvalidAlgorithmParameterException {
@@ -412,6 +722,28 @@
         }
     }
 
+    static final class SHA224withECDSA extends DOMSignatureMethod {
+        SHA224withECDSA(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        SHA224withECDSA(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return ECDSA_SHA224;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "SHA224withECDSA";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.ECDSA;
+        }
+    }
+
     static final class SHA256withECDSA extends DOMSignatureMethod {
         SHA256withECDSA(AlgorithmParameterSpec params)
             throws InvalidAlgorithmParameterException {
@@ -468,4 +800,27 @@
             return Type.ECDSA;
         }
     }
+
+    static final class RIPEMD160withECDSA extends DOMSignatureMethod {
+        RIPEMD160withECDSA(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+            super(params);
+        }
+        RIPEMD160withECDSA(Element dmElem) throws MarshalException {
+            super(dmElem);
+        }
+        @Override
+        public String getAlgorithm() {
+            return ECDSA_RIPEMD160;
+        }
+        @Override
+        String getJCAAlgorithm() {
+            return "RIPEMD160withECDSA";
+        }
+        @Override
+        Type getAlgorithmType() {
+            return Type.ECDSA;
+        }
+    }
+
 }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignatureProperties.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMSignatureProperties.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -38,12 +38,10 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * DOM-based implementation of SignatureProperties.
  *
- * @author Sean Mullan
  */
 public final class DOMSignatureProperties extends DOMStructure
     implements SignatureProperties {
@@ -52,16 +50,16 @@
     private final List<SignatureProperty> properties;
 
     /**
-     * Creates a <code>DOMSignatureProperties</code> from the specified
+     * Creates a {@code DOMSignatureProperties} from the specified
      * parameters.
      *
      * @param properties a list of one or more {@link SignatureProperty}s. The
      *    list is defensively copied to protect against subsequent modification.
-     * @param id the Id (may be <code>null</code>)
-     * @throws ClassCastException if <code>properties</code> contains any
+     * @param id the Id (may be {@code null})
+     * @throws ClassCastException if {@code properties} contains any
      *    entries that are not of type {@link SignatureProperty}
-     * @throws IllegalArgumentException if <code>properties</code> is empty
-     * @throws NullPointerException if <code>properties</code>
+     * @throws IllegalArgumentException if {@code properties} is empty
+     * @throws NullPointerException if {@code properties}
      */
     public DOMSignatureProperties(List<? extends SignatureProperty> properties,
                                   String id)
@@ -72,7 +70,7 @@
             throw new IllegalArgumentException("properties cannot be empty");
         } else {
             this.properties = Collections.unmodifiableList(
-                new ArrayList<SignatureProperty>(properties));
+                new ArrayList<>(properties));
             for (int i = 0, size = this.properties.size(); i < size; i++) {
                 if (!(this.properties.get(i) instanceof SignatureProperty)) {
                     throw new ClassCastException
@@ -84,12 +82,12 @@
     }
 
     /**
-     * Creates a <code>DOMSignatureProperties</code> from an element.
+     * Creates a {@code DOMSignatureProperties} from an element.
      *
      * @param propsElem a SignatureProperties element
      * @throws MarshalException if a marshalling error occurs
      */
-    public DOMSignatureProperties(Element propsElem, XMLCryptoContext context)
+    public DOMSignatureProperties(Element propsElem)
         throws MarshalException
     {
         // unmarshal attributes
@@ -101,26 +99,24 @@
             id = null;
         }
 
-        NodeList nodes = propsElem.getChildNodes();
-        int length = nodes.getLength();
-        List<SignatureProperty> properties =
-            new ArrayList<SignatureProperty>(length);
-        for (int i = 0; i < length; i++) {
-            Node child = nodes.item(i);
-            if (child.getNodeType() == Node.ELEMENT_NODE) {
-                String name = child.getLocalName();
-                if (!name.equals("SignatureProperty")) {
-                    throw new MarshalException("Invalid element name: " + name +
+        List<SignatureProperty> newProperties = new ArrayList<>();
+        Node firstChild = propsElem.getFirstChild();
+        while (firstChild != null) {
+            if (firstChild.getNodeType() == Node.ELEMENT_NODE) {
+                String name = firstChild.getLocalName();
+                String namespace = firstChild.getNamespaceURI();
+                if (!"SignatureProperty".equals(name) || !XMLSignature.XMLNS.equals(namespace)) {
+                    throw new MarshalException("Invalid element name: " + namespace + ":" + name +
                                                ", expected SignatureProperty");
                 }
-                properties.add(new DOMSignatureProperty((Element)child,
-                                                        context));
+                newProperties.add(new DOMSignatureProperty((Element)firstChild));
             }
+            firstChild = firstChild.getNextSibling();
         }
-        if (properties.isEmpty()) {
+        if (newProperties.isEmpty()) {
             throw new MarshalException("properties cannot be empty");
         } else {
-            this.properties = Collections.unmodifiableList(properties);
+            this.properties = Collections.unmodifiableList(newProperties);
         }
     }
 
@@ -132,6 +128,7 @@
         return id;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -164,10 +161,10 @@
         }
         SignatureProperties osp = (SignatureProperties)o;
 
-        boolean idsEqual = (id == null ? osp.getId() == null
-                                       : id.equals(osp.getId()));
+        boolean idsEqual = id == null ? osp.getId() == null
+                                       : id.equals(osp.getId());
 
-        return (properties.equals(osp.getProperties()) && idsEqual);
+        return properties.equals(osp.getProperties()) && idsEqual;
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignatureProperty.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMSignatureProperty.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -38,12 +38,10 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * DOM-based implementation of SignatureProperty.
  *
- * @author Sean Mullan
  */
 public final class DOMSignatureProperty extends DOMStructure
     implements SignatureProperty {
@@ -53,17 +51,17 @@
     private final List<XMLStructure> content;
 
     /**
-     * Creates a <code>SignatureProperty</code> from the specified parameters.
+     * Creates a {@code SignatureProperty} from the specified parameters.
      *
      * @param content a list of one or more {@link XMLStructure}s. The list
      *    is defensively copied to protect against subsequent modification.
      * @param target the target URI
-     * @param id the Id (may be <code>null</code>)
-     * @throws ClassCastException if <code>content</code> contains any
+     * @param id the Id (may be {@code null})
+     * @throws ClassCastException if {@code content} contains any
      *    entries that are not of type {@link XMLStructure}
-     * @throws IllegalArgumentException if <code>content</code> is empty
-     * @throws NullPointerException if <code>content</code> or
-     *    <code>target</code> is <code>null</code>
+     * @throws IllegalArgumentException if {@code content} is empty
+     * @throws NullPointerException if {@code content} or
+     *    {@code target} is {@code null}
      */
     public DOMSignatureProperty(List<? extends XMLStructure> content,
                                 String target, String id)
@@ -76,7 +74,7 @@
             throw new IllegalArgumentException("content cannot be empty");
         } else {
             this.content = Collections.unmodifiableList(
-                new ArrayList<XMLStructure>(content));
+                new ArrayList<>(content));
             for (int i = 0, size = this.content.size(); i < size; i++) {
                 if (!(this.content.get(i) instanceof XMLStructure)) {
                     throw new ClassCastException
@@ -89,11 +87,11 @@
     }
 
     /**
-     * Creates a <code>DOMSignatureProperty</code> from an element.
+     * Creates a {@code DOMSignatureProperty} from an element.
      *
      * @param propElem a SignatureProperty element
      */
-    public DOMSignatureProperty(Element propElem, XMLCryptoContext context)
+    public DOMSignatureProperty(Element propElem)
         throws MarshalException
     {
         // unmarshal attributes
@@ -109,16 +107,16 @@
             id = null;
         }
 
-        NodeList nodes = propElem.getChildNodes();
-        int length = nodes.getLength();
-        List<XMLStructure> content = new ArrayList<XMLStructure>(length);
-        for (int i = 0; i < length; i++) {
-            content.add(new javax.xml.crypto.dom.DOMStructure(nodes.item(i)));
+        List<XMLStructure> newContent = new ArrayList<>();
+        Node firstChild = propElem.getFirstChild();
+        while (firstChild != null) {
+            newContent.add(new javax.xml.crypto.dom.DOMStructure(firstChild));
+            firstChild = firstChild.getNextSibling();
         }
-        if (content.isEmpty()) {
+        if (newContent.isEmpty()) {
             throw new MarshalException("content cannot be empty");
         } else {
-            this.content = Collections.unmodifiableList(content);
+            this.content = Collections.unmodifiableList(newContent);
         }
     }
 
@@ -134,6 +132,7 @@
         return target;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -165,13 +164,13 @@
         }
         SignatureProperty osp = (SignatureProperty)o;
 
-        boolean idsEqual = (id == null ? osp.getId() == null
-                                       : id.equals(osp.getId()));
+        boolean idsEqual = id == null ? osp.getId() == null
+                                       : id.equals(osp.getId());
 
         @SuppressWarnings("unchecked")
         List<XMLStructure> ospContent = osp.getContent();
-        return (equalsContent(ospContent) &&
-                target.equals(osp.getTarget()) && idsEqual);
+        return equalsContent(ospContent) &&
+                target.equals(osp.getTarget()) && idsEqual;
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignedInfo.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMSignedInfo.java 1820179 2018-01-04 19:09:52Z mullan $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -43,19 +43,17 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  * DOM-based implementation of SignedInfo.
  *
- * @author Sean Mullan
  */
 public final class DOMSignedInfo extends DOMStructure implements SignedInfo {
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DOMSignedInfo.class);
 
     private List<Reference> references;
     private CanonicalizationMethod canonicalizationMethod;
@@ -66,18 +64,18 @@
     private InputStream canonData;
 
     /**
-     * Creates a <code>DOMSignedInfo</code> from the specified parameters. Use
-     * this constructor when the <code>Id</code> is not specified.
+     * Creates a {@code DOMSignedInfo} from the specified parameters. Use
+     * this constructor when the {@code Id} is not specified.
      *
      * @param cm the canonicalization method
      * @param sm the signature method
      * @param references the list of references. The list is copied.
      * @throws NullPointerException if
-     *    <code>cm</code>, <code>sm</code>, or <code>references</code> is
-     *    <code>null</code>
-     * @throws IllegalArgumentException if <code>references</code> is empty
+     *    {@code cm}, {@code sm}, or {@code references} is
+     *    {@code null}
+     * @throws IllegalArgumentException if {@code references} is empty
      * @throws ClassCastException if any of the references are not of
-     *    type <code>Reference</code>
+     *    type {@code Reference}
      */
     public DOMSignedInfo(CanonicalizationMethod cm, SignatureMethod sm,
                          List<? extends Reference> references) {
@@ -87,7 +85,7 @@
         this.canonicalizationMethod = cm;
         this.signatureMethod = sm;
         this.references = Collections.unmodifiableList(
-            new ArrayList<Reference>(references));
+            new ArrayList<>(references));
         if (this.references.isEmpty()) {
             throw new IllegalArgumentException("list of references must " +
                 "contain at least one entry");
@@ -102,19 +100,19 @@
     }
 
     /**
-     * Creates a <code>DOMSignedInfo</code> from the specified parameters.
+     * Creates a {@code DOMSignedInfo} from the specified parameters.
      *
      * @param cm the canonicalization method
      * @param sm the signature method
      * @param references the list of references. The list is copied.
      * @param id an optional identifer that will allow this
-     *    <code>SignedInfo</code> to be referenced by other signatures and
+     *    {@code SignedInfo} to be referenced by other signatures and
      *    objects
-     * @throws NullPointerException if <code>cm</code>, <code>sm</code>,
-     *    or <code>references</code> is <code>null</code>
-     * @throws IllegalArgumentException if <code>references</code> is empty
+     * @throws NullPointerException if {@code cm}, {@code sm},
+     *    or {@code references} is {@code null}
+     * @throws IllegalArgumentException if {@code references} is empty
      * @throws ClassCastException if any of the references are not of
-     *    type <code>Reference</code>
+     *    type {@code Reference}
      */
     public DOMSignedInfo(CanonicalizationMethod cm, SignatureMethod sm,
                          List<? extends Reference> references, String id) {
@@ -123,7 +121,7 @@
     }
 
     /**
-     * Creates a <code>DOMSignedInfo</code> from an element.
+     * Creates a {@code DOMSignedInfo} from an element.
      *
      * @param siElem a SignedInfo element
      */
@@ -137,13 +135,15 @@
 
         // unmarshal CanonicalizationMethod
         Element cmElem = DOMUtils.getFirstChildElement(siElem,
-                                                       "CanonicalizationMethod");
+                                                       "CanonicalizationMethod",
+                                                       XMLSignature.XMLNS);
         canonicalizationMethod = new DOMCanonicalizationMethod(cmElem, context,
                                                                provider);
 
         // unmarshal SignatureMethod
         Element smElem = DOMUtils.getNextSiblingElement(cmElem,
-                                                        "SignatureMethod");
+                                                        "SignatureMethod",
+                                                        XMLSignature.XMLNS);
         signatureMethod = DOMSignatureMethod.unmarshal(smElem);
 
         boolean secVal = Utils.secureValidation(context);
@@ -157,21 +157,21 @@
         }
 
         // unmarshal References
-        ArrayList<Reference> refList = new ArrayList<Reference>(5);
-        Element refElem = DOMUtils.getNextSiblingElement(smElem, "Reference");
+        ArrayList<Reference> refList = new ArrayList<>(5);
+        Element refElem = DOMUtils.getNextSiblingElement(smElem, "Reference", XMLSignature.XMLNS);
         refList.add(new DOMReference(refElem, context, provider));
 
         refElem = DOMUtils.getNextSiblingElement(refElem);
         while (refElem != null) {
             String name = refElem.getLocalName();
-            if (!name.equals("Reference")) {
+            String namespace = refElem.getNamespaceURI();
+            if (!"Reference".equals(name) || !XMLSignature.XMLNS.equals(namespace)) {
                 throw new MarshalException("Invalid element name: " +
-                                           name + ", expected Reference");
+                                           namespace + ":" + name + ", expected Reference");
             }
             refList.add(new DOMReference(refElem, context, provider));
-
             if (secVal && Policy.restrictNumReferences(refList.size())) {
-                String error = "A maximum of " + Policy.maxReferences()
+                String error = "A maxiumum of " + Policy.maxReferences()
                     + " references per Manifest are allowed when"
                     + " secure validation is enabled";
                 throw new MarshalException(error);
@@ -207,50 +207,36 @@
             throw new NullPointerException("context cannot be null");
         }
 
-        OutputStream os = new UnsyncBufferedOutputStream(bos);
-
         DOMSubTreeData subTree = new DOMSubTreeData(localSiElem, true);
-        try {
+        try (OutputStream os = new UnsyncBufferedOutputStream(bos)) {
             ((DOMCanonicalizationMethod)
                 canonicalizationMethod).canonicalize(subTree, context, os);
+
+            os.flush();
+
+            byte[] signedInfoBytes = bos.toByteArray();
+
+            // this whole block should only be done if LOGging is enabled
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Canonicalized SignedInfo:");
+                StringBuilder sb = new StringBuilder(signedInfoBytes.length);
+                for (int i = 0; i < signedInfoBytes.length; i++) {
+                    sb.append((char)signedInfoBytes[i]);
+                }
+                LOG.debug(sb.toString());
+                LOG.debug("Data to be signed/verified:" + XMLUtils.encodeToString(signedInfoBytes));
+            }
+
+            this.canonData = new ByteArrayInputStream(signedInfoBytes);
         } catch (TransformException te) {
             throw new XMLSignatureException(te);
-        }
-
-        try {
-            os.flush();
         } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            // Impossible
-        }
-
-        byte[] signedInfoBytes = bos.toByteArray();
-
-        // this whole block should only be done if logging is enabled
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Canonicalized SignedInfo:");
-            StringBuilder sb = new StringBuilder(signedInfoBytes.length);
-            for (int i = 0; i < signedInfoBytes.length; i++) {
-                sb.append((char)signedInfoBytes[i]);
-            }
-            log.log(java.util.logging.Level.FINE, sb.toString());
-            log.log(java.util.logging.Level.FINE, "Data to be signed/verified:" + Base64.encode(signedInfoBytes));
-        }
-
-        this.canonData = new ByteArrayInputStream(signedInfoBytes);
-
-        try {
-            os.close();
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
             // Impossible
         }
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -289,12 +275,17 @@
         }
         SignedInfo osi = (SignedInfo)o;
 
-        boolean idEqual = (id == null ? osi.getId() == null
-                                      : id.equals(osi.getId()));
+        boolean idEqual = id == null ? osi.getId() == null
+                                      : id.equals(osi.getId());
 
-        return (canonicalizationMethod.equals(osi.getCanonicalizationMethod())
+        return canonicalizationMethod.equals(osi.getCanonicalizationMethod())
                 && signatureMethod.equals(osi.getSignatureMethod()) &&
-                references.equals(osi.getReferences()) && idEqual);
+                references.equals(osi.getReferences()) && idEqual;
+    }
+
+    @SuppressWarnings("unchecked")
+    public static List<Reference> getSignedInfoReferences(SignedInfo si) {
+        return si.getReferences();
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMStructure.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: DOMStructure.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -36,7 +36,6 @@
 /**
  * DOM-based abstract implementation of XMLStructure.
  *
- * @author Sean Mullan
  */
 public abstract class DOMStructure implements XMLStructure {
 
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
@@ -54,6 +54,7 @@
         this.excludeComments = excludeComments;
     }
 
+    @Override
     public Iterator<Node> iterator() {
         return new DelayedNodeIterator(root, excludeComments);
     }
@@ -109,15 +110,15 @@
          * Dereferences a same-document URI fragment.
          *
          * @param node the node (document or element) referenced by the
-         *        URI fragment. If null, returns an empty set.
+         *     URI fragment. If null, returns an empty set.
          * @return a set of nodes (minus any comment nodes)
          */
         private List<Node> dereferenceSameDocumentURI(Node node) {
-            List<Node> nodeSet = new ArrayList<Node>();
+            List<Node> nodes = new ArrayList<>();
             if (node != null) {
-                nodeSetMinusCommentNodes(node, nodeSet, null);
+                nodeSetMinusCommentNodes(node, nodes, null);
             }
-            return nodeSet;
+            return nodes;
         }
 
         /**
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMTransform.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -34,19 +34,23 @@
 import java.security.Provider;
 import java.security.spec.AlgorithmParameterSpec;
 
+import javax.xml.crypto.Data;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dom.DOMCryptoContext;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.TransformException;
+import javax.xml.crypto.dsig.TransformService;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-
 /**
  * DOM-based abstract implementation of Transform.
  *
- * @author Sean Mullan
  */
 public class DOMTransform extends DOMStructure implements Transform {
 
@@ -62,9 +66,8 @@
     }
 
     /**
-     * Creates a {@code DOMTransform} from an element. This constructor
-     * invokes the abstract {@link #unmarshalParams unmarshalParams} method to
-     * unmarshal any algorithm-specific input parameters.
+     * Creates a {@code DOMTransform} from an element. It unmarshals any
+     * algorithm-specific input parameters.
      *
      * @param transElem a Transform element
      */
@@ -107,9 +110,9 @@
     }
 
     /**
-     * This method invokes the abstract {@link #marshalParams marshalParams}
-     * method to marshal any algorithm-specific parameters.
+     * This method marshals any algorithm-specific parameters.
      */
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -139,11 +142,11 @@
      *
      * @param data the data to be transformed
      * @param xc the {@code XMLCryptoContext} containing
-     *     additional context (may be {@code null} if not applicable)
+     *    additional context (may be {@code null} if not applicable)
      * @return the transformed data
      * @throws NullPointerException if {@code data} is {@code null}
      * @throws XMLSignatureException if an unexpected error occurs while
-     *     executing the transform
+     *    executing the transform
      */
     public Data transform(Data data, XMLCryptoContext xc)
         throws TransformException
@@ -155,14 +158,14 @@
      * Transforms the specified data using the underlying transform algorithm.
      *
      * @param data the data to be transformed
-     * @param xc the {@code XMLCryptoContext} containing
-     *     additional context (may be {@code null} if not applicable)
+     * @param xc     the {@code XMLCryptoContext} containing
+     *    additional context (may be {@code null} if not applicable)
      * @param os the {@code OutputStream} that should be used to write
-     *     the transformed data to
+     *    the transformed data to
      * @return the transformed data
      * @throws NullPointerException if {@code data} is {@code null}
      * @throws XMLSignatureException if an unexpected error occurs while
-     *     executing the transform
+     *    executing the transform
      */
     public Data transform(Data data, XMLCryptoContext xc, OutputStream os)
         throws TransformException
@@ -181,9 +184,9 @@
         }
         Transform otransform = (Transform)o;
 
-        return (getAlgorithm().equals(otransform.getAlgorithm()) &&
+        return getAlgorithm().equals(otransform.getAlgorithm()) &&
                 DOMUtils.paramsEqual(getParameterSpec(),
-                                     otransform.getParameterSpec()));
+                                     otransform.getParameterSpec());
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMURIDereferencer.java 1231033 2012-01-13 12:12:12Z coheigea $
+ * $Id: DOMURIDereferencer.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -43,9 +43,8 @@
 /**
  * DOM-based implementation of URIDereferencer.
  *
- * @author Sean Mullan
  */
-public class DOMURIDereferencer implements URIDereferencer {
+public final class DOMURIDereferencer implements URIDereferencer {
 
     static final URIDereferencer INSTANCE = new DOMURIDereferencer();
 
@@ -106,6 +105,7 @@
                 }
 
                 XMLSignatureInput result = new XMLSignatureInput(referencedElem);
+                result.setSecureValidation(secVal);
                 if (!uri.substring(1).startsWith("xpointer(id(")) {
                     result.setExcludeComments(true);
                 }
@@ -123,8 +123,7 @@
         try {
             ResourceResolver apacheResolver =
                 ResourceResolver.getInstance(uriAttr, baseURI, false);
-            XMLSignatureInput in = apacheResolver.resolve(uriAttr,
-                                                          baseURI, false);
+            XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI, false);
             if (in.isOctetStream()) {
                 return new ApacheOctetStreamData(in);
             } else {
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMUtils.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMUtils.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -35,6 +35,8 @@
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
+
+import javax.xml.XMLConstants;
 import javax.xml.crypto.*;
 import javax.xml.crypto.dsig.*;
 import javax.xml.crypto.dsig.spec.*;
@@ -42,9 +44,8 @@
 /**
  * Useful static DOM utility methods.
  *
- * @author Sean Mullan
  */
-public class DOMUtils {
+public final class DOMUtils {
 
     // class cannot be instantiated
     private DOMUtils() {}
@@ -64,6 +65,21 @@
     }
 
     /**
+     * Create a QName string from a prefix and local name.
+     *
+     * @param prefix    The prefix, if any. Can be either null or empty.
+     * @param localName The local name.
+     *
+     * @return The string for the qName, for example, "xsd:element".
+     */
+    public static String getQNameString(String prefix, String localName) {
+        String qName = prefix == null || prefix.length() == 0
+                ? localName : prefix + ":" + localName;
+
+        return qName;
+    }
+
+    /**
      * Creates an element in the specified namespace, with the specified tag
      * and namespace prefix.
      *
@@ -121,7 +137,7 @@
      * @param node the node
      * @return the first child element of the specified node, or null if there
      *    is no such element
-     * @throws NullPointerException if <code>node == null</code>
+     * @throws NullPointerException if {@code node == null}
      */
     public static Element getFirstChildElement(Node node) {
         Node child = node.getFirstChild();
@@ -141,12 +157,30 @@
      * @throws MarshalException if no such element or the local name is not
      *    equal to {@code localName}
      */
+    @Deprecated
     public static Element getFirstChildElement(Node node, String localName)
         throws MarshalException
     {
         return verifyElement(getFirstChildElement(node), localName);
     }
 
+    /**
+     * Returns the first child element of the specified node and checks that
+     * the local name is equal to {@code localName} and the namespace is equal to
+     * {@code namespaceURI}
+     *
+     * @param node the node
+     * @return the first child element of the specified node
+     * @throws NullPointerException if {@code node == null}
+     * @throws MarshalException if no such element or the local name is not
+     *    equal to {@code localName}
+     */
+    public static Element getFirstChildElement(Node node, String localName, String namespaceURI)
+        throws MarshalException
+    {
+        return verifyElement(getFirstChildElement(node), localName, namespaceURI);
+    }
+
     private static Element verifyElement(Element elem, String localName)
         throws MarshalException
     {
@@ -161,6 +195,22 @@
         return elem;
     }
 
+    private static Element verifyElement(Element elem, String localName, String namespaceURI)
+        throws MarshalException
+    {
+        if (elem == null) {
+            throw new MarshalException("Missing " + localName + " element");
+        }
+        String name = elem.getLocalName();
+        String namespace = elem.getNamespaceURI();
+        if (!name.equals(localName) || namespace == null && namespaceURI != null
+            || namespace != null && !namespace.equals(namespaceURI)) {
+            throw new MarshalException("Invalid element name: " +
+                namespace + ":" + name + ", expected " + namespaceURI + ":" + localName);
+        }
+        return elem;
+    }
+
     /**
      * Returns the last child element of the specified node, or null if there
      * is no such element.
@@ -168,7 +218,7 @@
      * @param node the node
      * @return the last child element of the specified node, or null if there
      *    is no such element
-     * @throws NullPointerException if <code>node == null</code>
+     * @throws NullPointerException if {@code node == null}
      */
     public static Element getLastChildElement(Node node) {
         Node child = node.getLastChild();
@@ -185,7 +235,7 @@
      * @param node the node
      * @return the next sibling element of the specified node, or null if there
      *    is no such element
-     * @throws NullPointerException if <code>node == null</code>
+     * @throws NullPointerException if {@code node == null}
      */
     public static Element getNextSiblingElement(Node node) {
         Node sibling = node.getNextSibling();
@@ -203,8 +253,9 @@
      * @return the next sibling element of the specified node
      * @throws NullPointerException if {@code node == null}
      * @throws MarshalException if no such element or the local name is not
-     *    equal to {@code localName}
+     * equal to {@code localName}
      */
+    @Deprecated
     public static Element getNextSiblingElement(Node node, String localName)
         throws MarshalException
     {
@@ -212,12 +263,29 @@
     }
 
     /**
+     * Returns the next sibling element of the specified node and checks that
+     * the local name is equal to {@code localName} and the namespace is equal to
+     * {@code namespaceURI}
+     *
+     * @param node the node
+     * @return the next sibling element of the specified node
+     * @throws NullPointerException if {@code node == null}
+     * @throws MarshalException if no such element or the local name is not
+     * equal to {@code localName}
+     */
+    public static Element getNextSiblingElement(Node node, String localName, String namespaceURI)
+        throws MarshalException
+    {
+        return verifyElement(getNextSiblingElement(node), localName, namespaceURI);
+    }
+
+    /**
      * Returns the attribute value for the attribute with the specified name.
      * Returns null if there is no such attribute, or
      * the empty string if the attribute value is empty.
      *
      * <p>This works around a limitation of the DOM
-     * <code>Element.getAttributeNode</code> method, which does not distinguish
+     * {@code Element.getAttributeNode} method, which does not distinguish
      * between an unspecified attribute and an attribute with a value of
      * "" (it returns "" for both cases).
      *
@@ -231,8 +299,30 @@
     }
 
     /**
-     * Returns a Set of <code>Node</code>s, backed by the specified
-     * <code>NodeList</code>.
+     * Returns the attribute value for the attribute with the specified name.
+     * Returns null if there is no such attribute, or
+     * the empty string if the attribute value is empty.
+     *
+     * <p>This works around a limitation of the DOM
+     * {@code Element.getAttributeNode} method, which does not distinguish
+     * between an unspecified attribute and an attribute with a value of
+     * "" (it returns "" for both cases).
+     *
+     * @param elem the element containing the attribute
+     * @param name the name of the attribute
+     * @return the attribute value (may be null if unspecified)
+     */
+    public static <N> String getIdAttributeValue(Element elem, String name) {
+        Attr attr = elem.getAttributeNodeNS(null, name);
+        if (attr != null && !attr.isId()) {
+            elem.setIdAttributeNode(attr, true);
+        }
+        return (attr == null) ? null : attr.getValue();
+    }
+
+    /**
+     * Returns a Set of {@code Node}s, backed by the specified
+     * {@code NodeList}.
      *
      * @param nl the NodeList
      * @return a Set of Nodes
@@ -250,7 +340,7 @@
         public int size() { return nl.getLength(); }
         public Iterator<Node> iterator() {
             return new Iterator<Node>() {
-                int index = 0;
+                private int index;
 
                 public void remove() {
                     throw new UnsupportedOperationException();
@@ -262,7 +352,7 @@
                     return nl.item(index++);
                 }
                 public boolean hasNext() {
-                    return index < nl.getLength() ? true : false;
+                    return index < nl.getLength();
                 }
             };
         }
@@ -302,9 +392,11 @@
      * @param node the parent node whose children are to be removed
      */
     public static void removeAllChildren(Node node) {
-        NodeList children = node.getChildNodes();
-        for (int i = 0, length = children.getLength(); i < length; i++) {
-            node.removeChild(children.item(i));
+        Node firstChild = node.getFirstChild();
+        while (firstChild != null) {
+            Node nodeToRemove = firstChild;
+            firstChild = firstChild.getNextSibling();
+            node.removeChild(nodeToRemove);
         }
     }
 
@@ -396,8 +488,8 @@
     private static boolean paramsEqual(XPathFilterParameterSpec spec1,
                                        XPathFilterParameterSpec spec2)
     {
-        return (spec1.getXPath().equals(spec2.getXPath()) &&
-                spec1.getNamespaceMap().equals(spec2.getNamespaceMap()));
+        return spec1.getXPath().equals(spec2.getXPath()) &&
+                spec1.getNamespaceMap().equals(spec2.getNamespaceMap());
     }
 
     private static boolean paramsEqual(XSLTTransformParameterSpec spec1,
@@ -415,4 +507,14 @@
             ((javax.xml.crypto.dom.DOMStructure) stylesheet).getNode();
         return nodesEqual(stylesheetElem, ostylesheetElem);
     }
+
+    public static boolean isNamespace(Node node)
+    {
+        final short nodeType = node.getNodeType();
+        if (nodeType == Node.ATTRIBUTE_NODE) {
+            final String namespaceURI = node.getNamespaceURI();
+            return XMLConstants.XMLNS_ATTRIBUTE_NS_URI.equals(namespaceURI);
+        }
+        return false;
+    }
 }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java
@@ -21,34 +21,34 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMX509Data.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMX509Data.java 1789702 2017-03-31 15:15:04Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.security.cert.*;
 import java.util.*;
+
 import javax.xml.crypto.*;
 import javax.xml.crypto.dom.DOMCryptoContext;
 import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
-import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.security.auth.x500.X500Principal;
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  * DOM-based implementation of X509Data.
  *
- * @author Sean Mullan
  */
 //@@@ check for illegal combinations of data violating MUSTs in W3c spec
 public final class DOMX509Data extends DOMStructure implements X509Data {
@@ -60,21 +60,21 @@
      * Creates a DOMX509Data.
      *
      * @param content a list of one or more X.509 data types. Valid types are
-     *    {@link String} (subject names), <code>byte[]</code> (subject key ids),
+     *    {@link String} (subject names), {@code byte[]} (subject key ids),
      *    {@link java.security.cert.X509Certificate}, {@link X509CRL},
-     *    or {@link javax.xml.dsig.XMLStructure} ({@link X509IssuerSerial}
+     *    or {@link javax.xml.dsig.XMLStructure}
      *    objects or elements from an external namespace). The list is
      *    defensively copied to protect against subsequent modification.
-     * @throws NullPointerException if <code>content</code> is <code>null</code>
-     * @throws IllegalArgumentException if <code>content</code> is empty
-     * @throws ClassCastException if <code>content</code> contains any entries
+     * @throws NullPointerException if {@code content} is {@code null}
+     * @throws IllegalArgumentException if {@code content} is empty
+     * @throws ClassCastException if {@code content} contains any entries
      *    that are not of one of the valid types mentioned above
      */
     public DOMX509Data(List<?> content) {
         if (content == null) {
             throw new NullPointerException("content cannot be null");
         }
-        List<Object> contentCopy = new ArrayList<Object>(content);
+        List<Object> contentCopy = new ArrayList<>(content);
         if (contentCopy.isEmpty()) {
             throw new IllegalArgumentException("content cannot be empty");
         }
@@ -94,44 +94,38 @@
     }
 
     /**
-     * Creates a <code>DOMX509Data</code> from an element.
+     * Creates a {@code DOMX509Data} from an element.
      *
      * @param xdElem an X509Data element
      * @throws MarshalException if there is an error while unmarshalling
      */
     public DOMX509Data(Element xdElem) throws MarshalException {
         // get all children nodes
-        NodeList nl = xdElem.getChildNodes();
-        int length = nl.getLength();
-        List<Object> content = new ArrayList<Object>(length);
-        for (int i = 0; i < length; i++) {
-            Node child = nl.item(i);
-            // ignore all non-Element nodes
-            if (child.getNodeType() != Node.ELEMENT_NODE) {
-                continue;
+        List<Object> newContent = new ArrayList<>();
+        Node firstChild = xdElem.getFirstChild();
+        while (firstChild != null) {
+            if (firstChild.getNodeType() == Node.ELEMENT_NODE) {
+                Element childElem = (Element)firstChild;
+                String localName = childElem.getLocalName();
+                String namespace = childElem.getNamespaceURI();
+                if ("X509Certificate".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    newContent.add(unmarshalX509Certificate(childElem));
+                } else if ("X509IssuerSerial".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    newContent.add(new DOMX509IssuerSerial(childElem));
+                } else if ("X509SubjectName".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    newContent.add(childElem.getFirstChild().getNodeValue());
+                } else if ("X509SKI".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    String content = XMLUtils.getFullTextChildrenFromElement(childElem);
+                    newContent.add(XMLUtils.decode(content));
+                } else if ("X509CRL".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
+                    newContent.add(unmarshalX509CRL(childElem));
+                } else {
+                    newContent.add(new javax.xml.crypto.dom.DOMStructure(childElem));
+                }
             }
-
-            Element childElem = (Element)child;
-            String localName = childElem.getLocalName();
-            if (localName.equals("X509Certificate")) {
-                content.add(unmarshalX509Certificate(childElem));
-            } else if (localName.equals("X509IssuerSerial")) {
-                content.add(new DOMX509IssuerSerial(childElem));
-            } else if (localName.equals("X509SubjectName")) {
-                content.add(childElem.getFirstChild().getNodeValue());
-            } else if (localName.equals("X509SKI")) {
-                try {
-                    content.add(Base64.decode(childElem));
-                } catch (Base64DecodingException bde) {
-                    throw new MarshalException("cannot decode X509SKI", bde);
-                }
-            } else if (localName.equals("X509CRL")) {
-                content.add(unmarshalX509CRL(childElem));
-            } else {
-                content.add(new javax.xml.crypto.dom.DOMStructure(childElem));
-            }
+            firstChild = firstChild.getNextSibling();
         }
-        this.content = Collections.unmodifiableList(content);
+        this.content = Collections.unmodifiableList(newContent);
     }
 
     public List<Object> getContent() {
@@ -176,7 +170,7 @@
     {
         Element skidElem = DOMUtils.createElement(doc, "X509SKI",
                                                   XMLSignature.XMLNS, dsPrefix);
-        skidElem.appendChild(doc.createTextNode(Base64.encode(skid)));
+        skidElem.appendChild(doc.createTextNode(XMLUtils.encodeToString(skid)));
         parent.appendChild(skidElem);
     }
 
@@ -197,7 +191,7 @@
                                                   XMLSignature.XMLNS, dsPrefix);
         try {
             certElem.appendChild(doc.createTextNode
-                                 (Base64.encode(cert.getEncoded())));
+                                 (XMLUtils.encodeToString(cert.getEncoded())));
         } catch (CertificateEncodingException e) {
             throw new MarshalException("Error encoding X509Certificate", e);
         }
@@ -212,7 +206,7 @@
                                                  XMLSignature.XMLNS, dsPrefix);
         try {
             crlElem.appendChild(doc.createTextNode
-                                (Base64.encode(crl.getEncoded())));
+                                (XMLUtils.encodeToString(crl.getEncoded())));
         } catch (CRLException e) {
             throw new MarshalException("Error encoding X509CRL", e);
         }
@@ -222,20 +216,22 @@
     private X509Certificate unmarshalX509Certificate(Element elem)
         throws MarshalException
     {
-        try {
-            ByteArrayInputStream bs = unmarshalBase64Binary(elem);
+        try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) {
             return (X509Certificate)cf.generateCertificate(bs);
         } catch (CertificateException e) {
             throw new MarshalException("Cannot create X509Certificate", e);
+        } catch (IOException e) {
+            throw new MarshalException("Error closing stream", e);
         }
     }
 
     private X509CRL unmarshalX509CRL(Element elem) throws MarshalException {
-        try {
-            ByteArrayInputStream bs = unmarshalBase64Binary(elem);
+        try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) {
             return (X509CRL)cf.generateCRL(bs);
         } catch (CRLException e) {
             throw new MarshalException("Cannot create X509CRL", e);
+        } catch (IOException e) {
+            throw new MarshalException("Error closing stream", e);
         }
     }
 
@@ -245,11 +241,10 @@
             if (cf == null) {
                 cf = CertificateFactory.getInstance("X.509");
             }
-            return new ByteArrayInputStream(Base64.decode(elem));
+            String content = XMLUtils.getFullTextChildrenFromElement(elem);
+            return new ByteArrayInputStream(XMLUtils.decode(content));
         } catch (CertificateException e) {
             throw new MarshalException("Cannot create CertificateFactory", e);
-        } catch (Base64DecodingException bde) {
-            throw new MarshalException("Cannot decode Base64-encoded val", bde);
         }
     }
 
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java
@@ -21,19 +21,20 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMX509IssuerSerial.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMX509IssuerSerial.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
-import javax.xml.crypto.*;
+import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
 
 import java.math.BigInteger;
+
 import javax.security.auth.x500.X500Principal;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -42,7 +43,6 @@
 /**
  * DOM-based implementation of X509IssuerSerial.
  *
- * @author Sean Mullan
  */
 public final class DOMX509IssuerSerial extends DOMStructure
     implements X509IssuerSerial {
@@ -51,16 +51,16 @@
     private final BigInteger serialNumber;
 
     /**
-     * Creates a <code>DOMX509IssuerSerial</code> containing the specified
+     * Creates a {@code DOMX509IssuerSerial} containing the specified
      * issuer distinguished name/serial number pair.
      *
      * @param issuerName the X.509 issuer distinguished name in RFC 2253
      *    String format
      * @param serialNumber the serial number
-     * @throws IllegalArgumentException if the format of <code>issuerName</code>
+     * @throws IllegalArgumentException if the format of {@code issuerName}
      *    is not RFC 2253 compliant
-     * @throws NullPointerException if <code>issuerName</code> or
-     *    <code>serialNumber</code> is <code>null</code>
+     * @throws NullPointerException if {@code issuerName} or
+     *    {@code serialNumber} is {@code null}
      */
     public DOMX509IssuerSerial(String issuerName, BigInteger serialNumber) {
         if (issuerName == null) {
@@ -76,15 +76,17 @@
     }
 
     /**
-     * Creates a <code>DOMX509IssuerSerial</code> from an element.
+     * Creates a {@code DOMX509IssuerSerial} from an element.
      *
      * @param isElem an X509IssuerSerial element
      */
     public DOMX509IssuerSerial(Element isElem) throws MarshalException {
         Element iNElem = DOMUtils.getFirstChildElement(isElem,
-                                                       "X509IssuerName");
+                                                       "X509IssuerName",
+                                                       XMLSignature.XMLNS);
         Element sNElem = DOMUtils.getNextSiblingElement(iNElem,
-                                                        "X509SerialNumber");
+                                                        "X509SerialNumber",
+                                                        XMLSignature.XMLNS);
         issuerName = iNElem.getFirstChild().getNodeValue();
         serialNumber = new BigInteger(sNElem.getFirstChild().getNodeValue());
     }
@@ -97,6 +99,7 @@
         return serialNumber;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -124,8 +127,8 @@
             return false;
         }
         X509IssuerSerial ois = (X509IssuerSerial)obj;
-        return (issuerName.equals(ois.getIssuerName()) &&
-                serialNumber.equals(ois.getSerialNumber()));
+        return issuerName.equals(ois.getIssuerName()) &&
+                serialNumber.equals(ois.getSerialNumber());
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXMLObject.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMXMLObject.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -38,13 +38,12 @@
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * DOM-based implementation of XMLObject.
  *
- * @author Sean Mullan
  */
 public final class DOMXMLObject extends DOMStructure implements XMLObject {
 
@@ -55,15 +54,15 @@
     private Element objectElem;
 
     /**
-     * Creates an <code>XMLObject</code> from the specified parameters.
+     * Creates an {@code XMLObject} from the specified parameters.
      *
      * @param content a list of {@link XMLStructure}s. The list
      *    is defensively copied to protect against subsequent modification.
-     *    May be <code>null</code> or empty.
-     * @param id the Id (may be <code>null</code>)
-     * @param mimeType the mime type (may be <code>null</code>)
-     * @param encoding the encoding (may be <code>null</code>)
-     * @throws ClassCastException if <code>content</code> contains any
+     *    May be {@code null} or empty.
+     * @param id the Id (may be {@code null})
+     * @param mimeType the mime type (may be {@code null})
+     * @param encoding the encoding (may be {@code null})
+     * @throws ClassCastException if {@code content} contains any
      *    entries that are not of type {@link XMLStructure}
      */
     public DOMXMLObject(List<? extends XMLStructure> content, String id,
@@ -73,7 +72,7 @@
             this.content = Collections.emptyList();
         } else {
             this.content = Collections.unmodifiableList(
-                new ArrayList<XMLStructure>(content));
+                new ArrayList<>(content));
             for (int i = 0, size = this.content.size(); i < size; i++) {
                 if (!(this.content.get(i) instanceof XMLStructure)) {
                     throw new ClassCastException
@@ -87,7 +86,7 @@
     }
 
     /**
-     * Creates an <code>XMLObject</code> from an element.
+     * Creates an {@code XMLObject} from an element.
      *
      * @param objElem an Object element
      * @throws MarshalException if there is an error when unmarshalling
@@ -108,32 +107,43 @@
         }
         this.mimeType = DOMUtils.getAttributeValue(objElem, "MimeType");
 
-        NodeList nodes = objElem.getChildNodes();
-        int length = nodes.getLength();
-        List<XMLStructure> content = new ArrayList<XMLStructure>(length);
-        for (int i = 0; i < length; i++) {
-            Node child = nodes.item(i);
-            if (child.getNodeType() == Node.ELEMENT_NODE) {
-                Element childElem = (Element)child;
+        List<XMLStructure> newContent = new ArrayList<>();
+        Node firstChild = objElem.getFirstChild();
+        while (firstChild != null) {
+            if (firstChild.getNodeType() == Node.ELEMENT_NODE) {
+                Element childElem = (Element)firstChild;
                 String tag = childElem.getLocalName();
-                if (tag.equals("Manifest")) {
-                    content.add(new DOMManifest(childElem, context, provider));
-                    continue;
-                } else if (tag.equals("SignatureProperties")) {
-                    content.add(new DOMSignatureProperties(childElem, context));
-                    continue;
-                } else if (tag.equals("X509Data")) {
-                    content.add(new DOMX509Data(childElem));
-                    continue;
+                String namespace = childElem.getNamespaceURI();
+                if ("Manifest".equals(tag) && XMLSignature.XMLNS.equals(namespace)) {
+                    newContent.add(new DOMManifest(childElem, context, provider));
+                } else if ("SignatureProperties".equals(tag) && XMLSignature.XMLNS.equals(namespace)) {
+                    newContent.add(new DOMSignatureProperties(childElem));
+                } else if ("X509Data".equals(tag) && XMLSignature.XMLNS.equals(namespace)) {
+                    newContent.add(new DOMX509Data(childElem));
+                } else {
+                    //@@@FIXME: check for other dsig structures
+                    newContent.add(new javax.xml.crypto.dom.DOMStructure(firstChild));
                 }
-                //@@@FIXME: check for other dsig structures
+            } else {
+                newContent.add(new javax.xml.crypto.dom.DOMStructure(firstChild));
             }
-            content.add(new javax.xml.crypto.dom.DOMStructure(child));
+            firstChild = firstChild.getNextSibling();
         }
-        if (content.isEmpty()) {
+
+        // Here we capture namespace declarations, so that when they're marshalled back
+        // out, we can make copies of them. Note that attributes are NOT captured.
+        NamedNodeMap nnm = objElem.getAttributes();
+        for (int idx = 0 ; idx < nnm.getLength() ; idx++) {
+            Node nsDecl = nnm.item(idx);
+            if (DOMUtils.isNamespace(nsDecl)) {
+                newContent.add(new javax.xml.crypto.dom.DOMStructure(nsDecl));
+            }
+        }
+
+        if (newContent.isEmpty()) {
             this.content = Collections.emptyList();
         } else {
-            this.content = Collections.unmodifiableList(content);
+            this.content = Collections.unmodifiableList(newContent);
         }
         this.objectElem = objElem;
     }
@@ -154,6 +164,7 @@
         return encoding;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException {
         Document ownerDoc = DOMUtils.getOwnerDocument(parent);
@@ -183,6 +194,7 @@
         parent.appendChild(objElem);
     }
 
+    @SuppressWarnings("unchecked")
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -194,19 +206,17 @@
         }
         XMLObject oxo = (XMLObject)o;
 
-        boolean idsEqual = (id == null ? oxo.getId() == null
-                                       : id.equals(oxo.getId()));
+        boolean idsEqual = id == null ? oxo.getId() == null
+                                       : id.equals(oxo.getId());
         boolean encodingsEqual =
-            (encoding == null ? oxo.getEncoding() == null
-                              : encoding.equals(oxo.getEncoding()));
+            encoding == null ? oxo.getEncoding() == null
+                              : encoding.equals(oxo.getEncoding());
         boolean mimeTypesEqual =
-            (mimeType == null ? oxo.getMimeType() == null
-                              : mimeType.equals(oxo.getMimeType()));
+            mimeType == null ? oxo.getMimeType() == null
+                              : mimeType.equals(oxo.getMimeType());
 
-        @SuppressWarnings("unchecked")
-        List<XMLStructure> oxoContent = oxo.getContent();
-        return (idsEqual && encodingsEqual && mimeTypesEqual &&
-                equalsContent(oxoContent));
+        return idsEqual && encodingsEqual && mimeTypesEqual &&
+                equalsContent(oxo.getContent());
     }
 
     @Override
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * ===========================================================================
@@ -31,7 +31,7 @@
  * ===========================================================================
  */
 /*
- * $Id: DOMXMLSignature.java 1333415 2012-05-03 12:03:51Z coheigea $
+ * $Id: DOMXMLSignature.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -49,26 +49,24 @@
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
-import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  * DOM-based implementation of XMLSignature.
  *
- * @author Sean Mullan
- * @author Joyce Leung
  */
 public final class DOMXMLSignature extends DOMStructure
     implements XMLSignature {
 
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(DOMXMLSignature.class);
     private String id;
     private SignatureValue sv;
     private KeyInfo ki;
@@ -80,24 +78,24 @@
     private boolean validationStatus;
     private boolean validated = false;
     private KeySelectorResult ksr;
-    private HashMap<String, XMLStructure> signatureIdMap;
+    private Map<String, XMLStructure> signatureIdMap;
 
     static {
         com.sun.org.apache.xml.internal.security.Init.init();
     }
 
     /**
-     * Creates a <code>DOMXMLSignature</code> from the specified components.
+     * Creates a {@code DOMXMLSignature} from the specified components.
      *
-     * @param si the <code>SignedInfo</code>
-     * @param ki the <code>KeyInfo</code>, or <code>null</code> if not specified
-     * @param objs a list of <code>XMLObject</code>s or <code>null</code>
+     * @param si the {@code SignedInfo}
+     * @param ki the {@code KeyInfo}, or {@code null} if not specified
+     * @param objs a list of {@code XMLObject}s or {@code null}
      *  if not specified. The list is copied to protect against subsequent
      *  modification.
-     * @param id an optional id (specify <code>null</code> to omit)
-     * @param signatureValueId an optional id (specify <code>null</code> to
+     * @param id an optional id (specify {@code null} to omit)
+     * @param signatureValueId an optional id (specify {@code null} to
      *  omit)
-     * @throws NullPointerException if <code>si</code> is <code>null</code>
+     * @throws NullPointerException if {@code si} is {@code null}
      */
     public DOMXMLSignature(SignedInfo si, KeyInfo ki,
                            List<? extends XMLObject> objs,
@@ -113,7 +111,7 @@
             this.objects = Collections.emptyList();
         } else {
             this.objects =
-                Collections.unmodifiableList(new ArrayList<XMLObject>(objs));
+                Collections.unmodifiableList(new ArrayList<>(objs));
             for (int i = 0, size = this.objects.size(); i < size; i++) {
                 if (!(this.objects.get(i) instanceof XMLObject)) {
                     throw new ClassCastException
@@ -125,7 +123,7 @@
     }
 
     /**
-     * Creates a <code>DOMXMLSignature</code> from XML.
+     * Creates a {@code DOMXMLSignature} from XML.
      *
      * @param sigElem Signature element
      * @throws MarshalException if XMLSignature cannot be unmarshalled
@@ -139,20 +137,22 @@
 
         // get Id attribute, if specified
         id = DOMUtils.getAttributeValue(localSigElem, "Id");
-
         // unmarshal SignedInfo
         Element siElem = DOMUtils.getFirstChildElement(localSigElem,
-                                                       "SignedInfo");
+                                                       "SignedInfo",
+                                                       XMLSignature.XMLNS);
         si = new DOMSignedInfo(siElem, context, provider);
 
         // unmarshal SignatureValue
         Element sigValElem = DOMUtils.getNextSiblingElement(siElem,
-                                                            "SignatureValue");
-        sv = new DOMSignatureValue(sigValElem, context);
+                                                            "SignatureValue",
+                                                            XMLSignature.XMLNS);
+        sv = new DOMSignatureValue(sigValElem);
 
         // unmarshal KeyInfo, if specified
         Element nextSibling = DOMUtils.getNextSiblingElement(sigValElem);
-        if (nextSibling != null && nextSibling.getLocalName().equals("KeyInfo")) {
+        if (nextSibling != null && nextSibling.getLocalName().equals("KeyInfo")
+            && XMLSignature.XMLNS.equals(nextSibling.getNamespaceURI())) {
             ki = new DOMKeyInfo(nextSibling, context, provider);
             nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
         }
@@ -161,11 +161,12 @@
         if (nextSibling == null) {
             objects = Collections.emptyList();
         } else {
-            List<XMLObject> tempObjects = new ArrayList<XMLObject>();
+            List<XMLObject> tempObjects = new ArrayList<>();
             while (nextSibling != null) {
                 String name = nextSibling.getLocalName();
-                if (!name.equals("Object")) {
-                    throw new MarshalException("Invalid element name: " + name +
+                String namespace = nextSibling.getNamespaceURI();
+                if (!"Object".equals(name) || !XMLSignature.XMLNS.equals(namespace)) {
+                    throw new MarshalException("Invalid element name: " + namespace + ":" + name +
                                                ", expected KeyInfo or Object");
                 }
                 tempObjects.add(new DOMXMLObject(nextSibling,
@@ -200,6 +201,7 @@
         return ksr;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -245,6 +247,7 @@
         parent.insertBefore(sigElem, nextSibling);
     }
 
+    @Override
     public boolean validate(XMLValidateContext vc)
         throws XMLSignatureException
     {
@@ -276,15 +279,11 @@
         for (int i = 0, size = refs.size(); validateRefs && i < size; i++) {
             Reference ref = refs.get(i);
             boolean refValid = ref.validate(vc);
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Reference[" + ref.getURI() + "] is valid: " + refValid);
-            }
+            LOG.debug("Reference [{}] is valid: {}", ref.getURI(), refValid);
             validateRefs &= refValid;
         }
         if (!validateRefs) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Couldn't validate the References");
-            }
+            LOG.debug("Couldn't validate the References");
             validationStatus = false;
             validated = true;
             return validationStatus;
@@ -303,9 +302,7 @@
                 for (int j = 0; validateMans && j < csize; j++) {
                     XMLStructure xs = content.get(j);
                     if (xs instanceof Manifest) {
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, "validating manifest");
-                        }
+                        LOG.debug("validating manifest");
                         Manifest man = (Manifest)xs;
                         @SuppressWarnings("unchecked")
                         List<Reference> manRefs = man.getReferences();
@@ -313,11 +310,9 @@
                         for (int k = 0; validateMans && k < rsize; k++) {
                             Reference ref = manRefs.get(k);
                             boolean refValid = ref.validate(vc);
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE,
-                                    "Manifest ref[" + ref.getURI() + "] is valid: " + refValid
-                                );
-                            }
+                            LOG.debug(
+                                "Manifest ref [{}] is valid: {}", ref.getURI(),  refValid
+                            );
                             validateMans &= refValid;
                         }
                     }
@@ -330,6 +325,7 @@
         return validationStatus;
     }
 
+    @Override
     public void sign(XMLSignContext signContext)
         throws MarshalException, XMLSignatureException
     {
@@ -341,11 +337,11 @@
                 DOMUtils.getSignaturePrefix(context), context);
 
         // generate references and signature value
-        List<Reference> allReferences = new ArrayList<Reference>();
+        List<Reference> allReferences = new ArrayList<>();
 
         // traverse the Signature and register all objects with IDs that
         // may contain References
-        signatureIdMap = new HashMap<String, XMLStructure>();
+        signatureIdMap = new HashMap<>();
         signatureIdMap.put(id, this);
         signatureIdMap.put(si.getId(), si);
         @SuppressWarnings("unchecked")
@@ -388,17 +384,17 @@
         }
 
         Key signingKey = null;
-        KeySelectorResult ksr = null;
         try {
-            ksr = signContext.getKeySelector().select(ki,
+            KeySelectorResult keySelectorResult = signContext.getKeySelector().select(ki,
                                                       KeySelector.Purpose.SIGN,
                                                       si.getSignatureMethod(),
                                                       signContext);
-            signingKey = ksr.getKey();
+            signingKey = keySelectorResult.getKey();
             if (signingKey == null) {
                 throw new XMLSignatureException("the keySelector did not " +
                                                 "find a signing key");
             }
+            ksr = keySelectorResult;
         } catch (KeySelectorException kse) {
             throw new XMLSignatureException("cannot find signing key", kse);
         }
@@ -413,7 +409,6 @@
         }
 
         this.localSigElem = sigElem;
-        this.ksr = ksr;
     }
 
     @Override
@@ -428,15 +423,15 @@
         XMLSignature osig = (XMLSignature)o;
 
         boolean idEqual =
-            (id == null ? osig.getId() == null : id.equals(osig.getId()));
+            id == null ? osig.getId() == null : id.equals(osig.getId());
         boolean keyInfoEqual =
-            (ki == null ? osig.getKeyInfo() == null
-                        : ki.equals(osig.getKeyInfo()));
+            ki == null ? osig.getKeyInfo() == null
+                        : ki.equals(osig.getKeyInfo());
 
-        return (idEqual && keyInfoEqual &&
+        return idEqual && keyInfoEqual &&
                 sv.equals(osig.getSignatureValue()) &&
                 si.equals(osig.getSignedInfo()) &&
-                objects.equals(osig.getObjects()));
+                objects.equals(osig.getObjects());
     }
 
     @Override
@@ -464,15 +459,14 @@
         // check dependencies
         String uri = ref.getURI();
         if (Utils.sameDocumentURI(uri)) {
-            String id = Utils.parseIdFromSameDocumentURI(uri);
-            if (id != null && signatureIdMap.containsKey(id)) {
-                XMLStructure xs = signatureIdMap.get(id);
+            String parsedId = Utils.parseIdFromSameDocumentURI(uri);
+            if (parsedId != null && signatureIdMap.containsKey(parsedId)) {
+                XMLStructure xs = signatureIdMap.get(parsedId);
                 if (xs instanceof DOMReference) {
                     digestReference((DOMReference)xs, signContext);
                 } else if (xs instanceof Manifest) {
                     Manifest man = (Manifest)xs;
-                    List<Reference> manRefs =
-                        DOMManifest.getManifestReferences(man);
+                    List<Reference> manRefs = DOMManifest.getManifestReferences(man);
                     for (int i = 0, size = manRefs.size(); i < size; i++) {
                         digestReference((DOMReference)manRefs.get(i),
                                         signContext);
@@ -511,15 +505,12 @@
             this.id = id;
         }
 
-        DOMSignatureValue(Element sigValueElem, XMLCryptoContext context)
+        DOMSignatureValue(Element sigValueElem)
             throws MarshalException
         {
-            try {
-                // base64 decode signatureValue
-                value = Base64.decode(sigValueElem);
-            } catch (Base64DecodingException bde) {
-                throw new MarshalException(bde);
-            }
+            // base64 decode signatureValue
+            String content = XMLUtils.getFullTextChildrenFromElement(sigValueElem);
+            value = XMLUtils.decode(content);
 
             Attr attr = sigValueElem.getAttributeNodeNS(null, "Id");
             if (attr != null) {
@@ -539,6 +530,11 @@
             return (value == null) ? null : (byte[])value.clone();
         }
 
+        public String getEncodedValue() {
+            return valueBase64;
+        }
+
+        @Override
         public boolean validate(XMLValidateContext validateContext)
             throws XMLSignatureException
         {
@@ -553,11 +549,16 @@
             // get validating key
             SignatureMethod sm = si.getSignatureMethod();
             Key validationKey = null;
-            KeySelectorResult ksResult;
+            KeySelectorResult ksResult = null;
             try {
-                ksResult = validateContext.getKeySelector().select
-                    (ki, KeySelector.Purpose.VERIFY, sm, validateContext);
-                validationKey = ksResult.getKey();
+                KeySelector keySelector = validateContext.getKeySelector();
+                if (keySelector != null) {
+                    ksResult = keySelector.select
+                        (ki, KeySelector.Purpose.VERIFY, sm, validateContext);
+                    if (ksResult != null) {
+                        validationKey = ksResult.getKey();
+                    }
+                }
                 if (validationKey == null) {
                     throw new XMLSignatureException("the keyselector did not " +
                                                     "find a validation key");
@@ -592,7 +593,7 @@
             SignatureValue osv = (SignatureValue)o;
 
             boolean idEqual =
-                (id == null ? osv.getId() == null : id.equals(osv.getId()));
+                id == null ? osv.getId() == null : id.equals(osv.getId());
 
             //XXX compare signature values?
             return idEqual;
@@ -612,7 +613,6 @@
                             DOMCryptoContext context)
             throws MarshalException
         {
-            // create SignatureValue element
             sigValueElem = DOMUtils.createElement(ownerDoc, "SignatureValue",
                                                   XMLSignature.XMLNS, dsPrefix);
             if (valueBase64 != null) {
@@ -626,7 +626,7 @@
 
         void setValue(byte[] value) {
             this.value = value;
-            valueBase64 = Base64.encode(value);
+            valueBase64 = XMLUtils.encodeToString(value);
             sigValueElem.appendChild(ownerDoc.createTextNode(valueBase64));
         }
     }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXMLSignatureFactory.java 1333869 2012-05-04 10:42:44Z coheigea $
+ * $Id: DOMXMLSignatureFactory.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -38,6 +38,7 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.util.List;
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -45,7 +46,6 @@
 /**
  * DOM-based implementation of XMLSignatureFactory.
  *
- * @author Sean Mullan
  */
 public final class DOMXMLSignatureFactory extends XMLSignatureFactory {
 
@@ -74,6 +74,7 @@
         return new DOMReference(uri, type, dm, transforms, id, getProvider());
     }
 
+    @Override
     @SuppressWarnings({ "unchecked", "rawtypes" })
     public Reference newReference(String uri, DigestMethod dm,
         List appliedTransforms, Data result, List transforms, String type,
@@ -101,7 +102,7 @@
             (uri, type, dm, null, null, transforms, id, digestValue, getProvider());
     }
 
-    @SuppressWarnings("rawtypes")
+    @SuppressWarnings({ "rawtypes" })
     public SignedInfo newSignedInfo(CanonicalizationMethod cm,
         SignatureMethod sm, List references) {
         return newSignedInfo(cm, sm, references, null);
@@ -120,7 +121,7 @@
         return new DOMXMLObject(content, id, mimeType, encoding);
     }
 
-    @SuppressWarnings("rawtypes")
+    @SuppressWarnings({ "rawtypes" })
     public Manifest newManifest(List references) {
         return newManifest(references, null);
     }
@@ -185,11 +186,12 @@
 
         // check tag
         String tag = element.getLocalName();
-        if (tag == null) {
+        String namespace = element.getNamespaceURI();
+        if (tag == null || namespace == null) {
             throw new MarshalException("Document implementation must " +
                 "support DOM Level 2 and be namespace aware");
         }
-        if (tag.equals("Signature")) {
+        if ("Signature".equals(tag) && XMLSignature.XMLNS.equals(namespace)) {
             try {
                 return new DOMXMLSignature(element, context, getProvider());
             } catch (MarshalException me) {
@@ -198,7 +200,7 @@
                 throw new MarshalException(e);
             }
         } else {
-            throw new MarshalException("Invalid Signature tag: " + tag);
+            throw new MarshalException("Invalid Signature tag: " + namespace + ":" + tag);
         }
     }
 
@@ -218,12 +220,16 @@
         }
         if (algorithm.equals(DigestMethod.SHA1)) {
             return new DOMDigestMethod.SHA1(params);
+        } else if (algorithm.equals(DOMDigestMethod.SHA224)) {
+            return new DOMDigestMethod.SHA224(params);
         } else if (algorithm.equals(DigestMethod.SHA256)) {
             return new DOMDigestMethod.SHA256(params);
         } else if (algorithm.equals(DOMDigestMethod.SHA384)) {
             return new DOMDigestMethod.SHA384(params);
         } else if (algorithm.equals(DigestMethod.SHA512)) {
             return new DOMDigestMethod.SHA512(params);
+        } else if (algorithm.equals(DigestMethod.RIPEMD160)) {
+            return new DOMDigestMethod.RIPEMD160(params);
         } else {
             throw new NoSuchAlgorithmException("unsupported algorithm");
         }
@@ -237,33 +243,59 @@
         }
         if (algorithm.equals(SignatureMethod.RSA_SHA1)) {
             return new DOMSignatureMethod.SHA1withRSA(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA224)) {
+            return new DOMSignatureMethod.SHA224withRSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA256)) {
             return new DOMSignatureMethod.SHA256withRSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA384)) {
             return new DOMSignatureMethod.SHA384withRSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) {
             return new DOMSignatureMethod.SHA512withRSA(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) {
+            return new DOMSignatureMethod.SHA512withRSA(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_RIPEMD160)) {
+            return new DOMSignatureMethod.RIPEMD160withRSA(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA1_MGF1)) {
+            return new DOMSignatureMethod.SHA1withRSAandMGF1(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA224_MGF1)) {
+            return new DOMSignatureMethod.SHA224withRSAandMGF1(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA256_MGF1)) {
+            return new DOMSignatureMethod.SHA256withRSAandMGF1(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA384_MGF1)) {
+            return new DOMSignatureMethod.SHA384withRSAandMGF1(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512_MGF1)) {
+            return new DOMSignatureMethod.SHA512withRSAandMGF1(params);
+        } else if (algorithm.equals(DOMSignatureMethod.RSA_RIPEMD160_MGF1)) {
+            return new DOMSignatureMethod.RIPEMD160withRSAandMGF1(params);
         } else if (algorithm.equals(SignatureMethod.DSA_SHA1)) {
             return new DOMSignatureMethod.SHA1withDSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.DSA_SHA256)) {
             return new DOMSignatureMethod.SHA256withDSA(params);
         } else if (algorithm.equals(SignatureMethod.HMAC_SHA1)) {
             return new DOMHMACSignatureMethod.SHA1(params);
+        } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA224)) {
+            return new DOMHMACSignatureMethod.SHA224(params);
         } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA256)) {
             return new DOMHMACSignatureMethod.SHA256(params);
         } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA384)) {
             return new DOMHMACSignatureMethod.SHA384(params);
         } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA512)) {
             return new DOMHMACSignatureMethod.SHA512(params);
+        } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_RIPEMD160)) {
+            return new DOMHMACSignatureMethod.RIPEMD160(params);
         } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA1)) {
             return new DOMSignatureMethod.SHA1withECDSA(params);
+        } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA224)) {
+            return new DOMSignatureMethod.SHA224withECDSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA256)) {
             return new DOMSignatureMethod.SHA256withECDSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA384)) {
             return new DOMSignatureMethod.SHA384withECDSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) {
             return new DOMSignatureMethod.SHA512withECDSA(params);
-        } else {
+        } else if (algorithm.equals(DOMSignatureMethod.ECDSA_RIPEMD160)) {
+            return new DOMSignatureMethod.RIPEMD160withECDSA(params);
+        }else {
             throw new NoSuchAlgorithmException("unsupported algorithm");
         }
     }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java
@@ -28,10 +28,10 @@
  * ===========================================================================
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXPathFilter2Transform.java 1203789 2011-11-18 18:46:07Z mullan $
+ * $Id: DOMXPathFilter2Transform.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -54,7 +54,6 @@
  * DOM-based implementation of XPath Filter 2.0 Transform.
  * (Uses Apache XML-Sec Transform implementation)
  *
- * @author Joyce Leung
  */
 public final class DOMXPathFilter2Transform extends ApacheTransform {
 
@@ -83,34 +82,35 @@
 
     private void unmarshalParams(Element curXPathElem) throws MarshalException
     {
-        List<XPathType> list = new ArrayList<XPathType>();
-        while (curXPathElem != null) {
-            String xPath = curXPathElem.getFirstChild().getNodeValue();
-            String filterVal = DOMUtils.getAttributeValue(curXPathElem,
+        List<XPathType> list = new ArrayList<>();
+        Element currentElement = curXPathElem;
+        while (currentElement != null) {
+            String xPath = currentElement.getFirstChild().getNodeValue();
+            String filterVal = DOMUtils.getAttributeValue(currentElement,
                                                           "Filter");
             if (filterVal == null) {
                 throw new MarshalException("filter cannot be null");
             }
             XPathType.Filter filter = null;
-            if (filterVal.equals("intersect")) {
+            if ("intersect".equals(filterVal)) {
                 filter = XPathType.Filter.INTERSECT;
-            } else if (filterVal.equals("subtract")) {
+            } else if ("subtract".equals(filterVal)) {
                 filter = XPathType.Filter.SUBTRACT;
-            } else if (filterVal.equals("union")) {
+            } else if ("union".equals(filterVal)) {
                 filter = XPathType.Filter.UNION;
             } else {
                 throw new MarshalException("Unknown XPathType filter type" +
                                            filterVal);
             }
-            NamedNodeMap attributes = curXPathElem.getAttributes();
+            NamedNodeMap attributes = currentElement.getAttributes();
             if (attributes != null) {
                 int length = attributes.getLength();
                 Map<String, String> namespaceMap =
-                    new HashMap<String, String>(length);
+                    new HashMap<>(length);
                 for (int i = 0; i < length; i++) {
                     Attr attr = (Attr)attributes.item(i);
                     String prefix = attr.getPrefix();
-                    if (prefix != null && prefix.equals("xmlns")) {
+                    if (prefix != null && "xmlns".equals(prefix)) {
                         namespaceMap.put(attr.getLocalName(), attr.getValue());
                     }
                 }
@@ -119,7 +119,7 @@
                 list.add(new XPathType(xPath, filter));
             }
 
-            curXPathElem = DOMUtils.getNextSiblingElement(curXPathElem);
+            currentElement = DOMUtils.getNextSiblingElement(currentElement);
         }
         this.params = new XPathFilter2ParameterSpec(list);
     }
@@ -131,7 +131,7 @@
         XPathFilter2ParameterSpec xp =
             (XPathFilter2ParameterSpec)getParameterSpec();
         String prefix = DOMUtils.getNSPrefix(context, Transform.XPATH2);
-        String qname = (prefix == null || prefix.length() == 0)
+        String qname = prefix == null || prefix.length() == 0
                        ? "xmlns" : "xmlns:" + prefix;
         @SuppressWarnings("unchecked")
         List<XPathType> xpathList = xp.getXPathList();
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXPathTransform.java 1203789 2011-11-18 18:46:07Z mullan $
+ * $Id: DOMXPathTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -44,10 +44,10 @@
  * DOM-based implementation of XPath Filtering Transform.
  * (Uses Apache XML-Sec Transform implementation)
  *
- * @author Sean Mullan
  */
 public final class DOMXPathTransform extends ApacheTransform {
 
+    @Override
     public void init(TransformParameterSpec params)
         throws InvalidAlgorithmParameterException
     {
@@ -74,11 +74,11 @@
         if (attributes != null) {
             int length = attributes.getLength();
             Map<String, String> namespaceMap =
-                new HashMap<String, String>(length);
+                new HashMap<>(length);
             for (int i = 0; i < length; i++) {
                 Attr attr = (Attr)attributes.item(i);
                 String prefix = attr.getPrefix();
-                if (prefix != null && prefix.equals("xmlns")) {
+                if (prefix != null && "xmlns".equals(prefix)) {
                     namespaceMap.put(attr.getLocalName(), attr.getValue());
                 }
             }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXSLTTransform.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: DOMXSLTTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -40,10 +40,10 @@
  * DOM-based implementation of XSLT Transform.
  * (Uses Apache XML-Sec Transform implementation)
  *
- * @author Sean Mullan
  */
 public final class DOMXSLTTransform extends ApacheTransform {
 
+    @Override
     public void init(TransformParameterSpec params)
         throws InvalidAlgorithmParameterException {
         if (params == null) {
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/Utils.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/Utils.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/Utils.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/Utils.java
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: Utils.java 1197150 2011-11-03 14:34:57Z coheigea $
+ * $Id: Utils.java 1788465 2017-03-24 15:10:51Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -39,7 +39,6 @@
 /**
  * Miscellaneous static utility methods for use in JSR 105 RI.
  *
- * @author Sean Mullan
  */
 public final class Utils {
 
@@ -48,19 +47,20 @@
     public static byte[] readBytesFromStream(InputStream is)
         throws IOException
     {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        byte[] buf = new byte[1024];
-        while (true) {
-            int read = is.read(buf);
-            if (read == -1) { // EOF
-                break;
+        try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            byte[] buf = new byte[1024];
+            while (true) {
+                int read = is.read(buf);
+                if (read == -1) { // EOF
+                    break;
+                }
+                baos.write(buf, 0, read);
+                if (read < 1024) {
+                    break;
+                }
             }
-            baos.write(buf, 0, read);
-            if (read < 1024) {
-                break;
-            }
+            return baos.toByteArray();
         }
-        return baos.toByteArray();
     }
 
     /**
@@ -71,7 +71,7 @@
      * @return the Set of Nodes
      */
     static Set<Node> toNodeSet(Iterator<Node> i) {
-        Set<Node> nodeSet = new HashSet<Node>();
+        Set<Node> nodeSet = new HashSet<>();
         while (i.hasNext()) {
             Node n = i.next();
             nodeSet.add(n);
@@ -106,7 +106,7 @@
      * Returns true if uri is a same-document URI, false otherwise.
      */
     public static boolean sameDocumentURI(String uri) {
-        return (uri != null && (uri.length() == 0 || uri.charAt(0) == '#'));
+        return uri != null && (uri.length() == 0 || uri.charAt(0) == '#');
     }
 
     static boolean secureValidation(XMLCryptoContext xc) {
@@ -118,6 +118,6 @@
 
     private static boolean getBoolean(XMLCryptoContext xc, String name) {
         Boolean value = (Boolean)xc.getProperty(name);
-        return (value != null && value.booleanValue());
+        return value != null && value.booleanValue();
     }
 }
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
@@ -28,10 +28,10 @@
  * ===========================================================================
  */
 /*
- * Copyright (c) 2005, 2013 Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: XMLDSigRI.java 1400021 2012-10-19 10:16:04Z coheigea $
+ * $Id: XMLDSigRI.java 1804972 2017-08-14 09:59:23Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -43,7 +43,6 @@
 /**
  * The XMLDSig RI Provider.
  *
- * @author Joyce Leung
  */
 
 /**
diff --git a/src/share/classes/sun/management/Flag.java b/src/share/classes/sun/management/Flag.java
--- a/src/share/classes/sun/management/Flag.java
+++ b/src/share/classes/sun/management/Flag.java
@@ -111,6 +111,7 @@
     // These set* methods are synchronized on the class object
     // to avoid multiple threads updating the same flag at the same time.
     static synchronized native void setLongValue(String name, long value);
+    static synchronized native void setDoubleValue(String name, double value);
     static synchronized native void setBooleanValue(String name, boolean value);
     static synchronized native void setStringValue(String name, String value);
 
diff --git a/src/share/classes/sun/management/HotSpotDiagnostic.java b/src/share/classes/sun/management/HotSpotDiagnostic.java
--- a/src/share/classes/sun/management/HotSpotDiagnostic.java
+++ b/src/share/classes/sun/management/HotSpotDiagnostic.java
@@ -42,6 +42,7 @@
     public HotSpotDiagnostic() {
     }
 
+    @Override
     public void dumpHeap(String outputFile, boolean live) throws IOException {
 
         String propertyName = "jdk.management.heapdump.allowAnyFileSuffix";
@@ -62,6 +63,7 @@
 
     private native void dumpHeap0(String outputFile, boolean live) throws IOException;
 
+    @Override
     public List<VMOption> getDiagnosticOptions() {
         List<Flag> allFlags = Flag.getAllFlags();
         List<VMOption> result = new ArrayList<>();
@@ -73,6 +75,7 @@
         return result;
     }
 
+    @Override
     public VMOption getVMOption(String name) {
         if (name == null) {
             throw new NullPointerException("name cannot be null");
@@ -86,6 +89,7 @@
         return f.getVMOption();
     }
 
+    @Override
     public void setVMOption(String name, String value) {
         if (name == null) {
             throw new NullPointerException("name cannot be null");
@@ -112,12 +116,18 @@
                 long l = Long.parseLong(value);
                 Flag.setLongValue(name, l);
             } catch (NumberFormatException e) {
-                IllegalArgumentException iae =
-                    new IllegalArgumentException("Invalid value:" +
+                throw new IllegalArgumentException("Invalid value:" +
                         " VM Option \"" + name + "\"" +
-                        " expects numeric value");
-                iae.initCause(e);
-                throw iae;
+                        " expects numeric value", e);
+            }
+        } else if (v instanceof Double) {
+            try {
+                double d = Double.parseDouble(value);
+                Flag.setDoubleValue(name, d);
+            } catch (NumberFormatException e) {
+                throw new IllegalArgumentException("Invalid value:" +
+                        " VM Option \"" + name + "\"" +
+                        " expects numeric value", e);
             }
         } else if (v instanceof Boolean) {
             if (!value.equalsIgnoreCase("true") &&
@@ -136,6 +146,7 @@
         }
     }
 
+    @Override
     public ObjectName getObjectName() {
         return Util.newObjectName("com.sun.management:type=HotSpotDiagnostic");
     }
diff --git a/src/share/javavm/export/jmm.h b/src/share/javavm/export/jmm.h
--- a/src/share/javavm/export/jmm.h
+++ b/src/share/javavm/export/jmm.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -143,7 +143,8 @@
   JMM_VMGLOBAL_TYPE_UNKNOWN  = 0,
   JMM_VMGLOBAL_TYPE_JBOOLEAN = 1,
   JMM_VMGLOBAL_TYPE_JSTRING  = 2,
-  JMM_VMGLOBAL_TYPE_JLONG    = 3
+  JMM_VMGLOBAL_TYPE_JLONG    = 3,
+  JMM_VMGLOBAL_TYPE_JDOUBLE  = 4
 } jmmVMGlobalType;
 
 typedef enum {
diff --git a/src/share/native/sun/management/Flag.c b/src/share/native/sun/management/Flag.c
--- a/src/share/native/sun/management/Flag.c
+++ b/src/share/native/sun/management/Flag.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -131,6 +131,10 @@
             valueObj = JNU_NewObjectByName(env, "java/lang/Long", "(J)V",
                                            globals[i].value.j);
             break;
+        case JMM_VMGLOBAL_TYPE_JDOUBLE:
+            valueObj = JNU_NewObjectByName(env, "java/lang/Double", "(D)V",
+                                           globals[i].value.d);
+            break;
         default:
             // ignore unsupported type
             continue;
@@ -197,6 +201,16 @@
 }
 
 JNIEXPORT void JNICALL
+Java_sun_management_Flag_setDoubleValue
+  (JNIEnv *env, jclass cls, jstring name, jdouble value)
+{
+   jvalue v;
+   v.d = value;
+
+   jmm_interface->SetVMGlobal(env, name, v);
+}
+
+JNIEXPORT void JNICALL
 Java_sun_management_Flag_setBooleanValue
   (JNIEnv *env, jclass cls, jstring name, jboolean value)
 {
diff --git a/test/com/sun/jndi/ldap/lib/BaseLdapServer.java b/test/com/sun/jndi/ldap/lib/BaseLdapServer.java
--- a/test/com/sun/jndi/ldap/lib/BaseLdapServer.java
+++ b/test/com/sun/jndi/ldap/lib/BaseLdapServer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
  * Override the following methods to provide customized behavior
  *
  *     * beforeConnectionHandled
- *     * handleRequest
+ *     * handleRequest (or handleRequestEx)
  *
  * Instances of this class are safe for use by multiple threads.
  */
@@ -119,6 +119,7 @@
         // No need to close socket's streams separately, they will be closed
         // automatically when `socket.close()` is called
         beforeConnectionHandled(socket);
+        ConnWrapper connWrapper = new ConnWrapper(socket);
         try {
             OutputStream out = socket.getOutputStream();
             InputStream in = socket.getInputStream();
@@ -152,7 +153,13 @@
                             "bytes received {0}, expected {1}", new Integer[] { buffer.size(), msgLen});
                     continue;
                 }
-                handleRequest(socket, new LdapMessage(request), out);
+                handleRequestEx(socket, new LdapMessage(request), out, connWrapper);
+                if (connWrapper.updateRequired()) {
+                    Socket wrapper = connWrapper.getWrapper();
+                    in = wrapper.getInputStream();
+                    out = wrapper.getOutputStream();
+                    connWrapper.clearFlag();
+                }
             }
         } catch (Throwable t) {
             if (!isRunning()) {
@@ -168,6 +175,10 @@
                 }
             }
         }
+
+        if (connWrapper.getWrapper() != null) {
+            closeSilently(connWrapper.getWrapper());
+        }
     }
 
     /*
@@ -193,6 +204,40 @@
     }
 
     /*
+     * Called after an LDAP request has been read in `handleConnection()`.
+     *
+     * Override to customize the behavior if you want to handle starttls
+     * extended op, otherwise override handleRequest method instead.
+     *
+     * This is extended handleRequest method which provide possibility to
+     * wrap current socket connection, that's necessary to handle starttls
+     * extended request, here is sample code about how to wrap current socket
+     *
+     * switch (request.getOperation()) {
+     *     ......
+     *     case EXTENDED_REQUEST:
+     *         if (new String(request.getMessage()).endsWith(STARTTLS_REQ_OID)) {
+     *             out.write(STARTTLS_RESPONSE);
+     *             SSLSocket sslSocket = (SSLSocket) sslSocketFactory
+     *                     .createSocket(socket, null, socket.getLocalPort(),
+     *                             false);
+     *             sslSocket.setUseClientMode(false);
+     *             connWrapper.setWrapper(sslSocket);
+     *         }
+     *         break;
+     *     ......
+     * }
+     */
+    protected void handleRequestEx(Socket socket,
+            LdapMessage request,
+            OutputStream out,
+            ConnWrapper connWrapper)
+            throws IOException {
+        // by default, just call handleRequest to keep compatibility
+        handleRequest(socket, request, out);
+    }
+
+    /*
      * To be used by subclasses.
      */
     protected final Logger logger() {
@@ -272,4 +317,36 @@
             resource.close();
         } catch (IOException ignored) { }
     }
+
+    /*
+     * To be used for handling starttls extended request
+     */
+    protected class ConnWrapper {
+        private Socket original;
+        private Socket wrapper;
+        private boolean flag = false;
+
+        public ConnWrapper(Socket socket) {
+            original = socket;
+        }
+
+        public Socket getWrapper() {
+            return wrapper;
+        }
+
+        public void setWrapper(Socket wrapper) {
+            if (wrapper != null && wrapper != original) {
+                this.wrapper = wrapper;
+                flag = true;
+            }
+        }
+
+        public boolean updateRequired() {
+            return flag;
+        }
+
+        public void clearFlag() {
+            flag = false;
+        }
+    }
 }
diff --git a/test/com/sun/management/HotSpotDiagnosticMXBean/GetVMOption.java b/test/com/sun/management/HotSpotDiagnosticMXBean/GetDoubleVMOption.java
copy from test/com/sun/management/HotSpotDiagnosticMXBean/GetVMOption.java
copy to test/com/sun/management/HotSpotDiagnosticMXBean/GetDoubleVMOption.java
--- a/test/com/sun/management/HotSpotDiagnosticMXBean/GetVMOption.java
+++ b/test/com/sun/management/HotSpotDiagnosticMXBean/GetDoubleVMOption.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,25 +23,23 @@
 
 /*
  * @test
- * @bug     6314913
- * @summary Basic Test for HotSpotDiagnosticMXBean.getVMOption()
- * @author  Mandy Chung
+ * @bug     8061616
+ * @summary Basic Test for HotSpotDiagnosticMXBean.getVMOption() and double values
+ * @author  Jaroslav Bachorik
  *
- * @run main/othervm -XX:+PrintGCDetails GetVMOption
+ * @run main/othervm -XX:InitialRAMPercentage=1.5 GetDoubleVMOption
  */
 
 import com.sun.management.HotSpotDiagnosticMXBean;
 import com.sun.management.VMOption;
-import com.sun.management.VMOption.Origin;
 import java.lang.management.ManagementFactory;
 import java.util.List;
 import javax.management.MBeanServer;
 
-public class GetVMOption {
-    private static String PRINT_GC_DETAILS = "PrintGCDetails";
-    private static String EXPECTED_VALUE = "true";
-    private static String BAD_OPTION = "BadOption";
-    private static String HOTSPOT_DIAGNOSTIC_MXBEAN_NAME =
+public class GetDoubleVMOption {
+    private static final String INITIAL_RAM_PERCENTAGE = "InitialRAMPercentage";
+    private static final String EXPECTED_VALUE = "1.5";
+    private static final String HOTSPOT_DIAGNOSTIC_MXBEAN_NAME =
         "com.sun.management:type=HotSpotDiagnostic";
 
     public static void main(String[] args) throws Exception {
@@ -58,20 +56,10 @@
     }
 
     private static void checkVMOption(HotSpotDiagnosticMXBean mbean) {
-        VMOption option = mbean.getVMOption(PRINT_GC_DETAILS);
+        VMOption option = mbean.getVMOption(INITIAL_RAM_PERCENTAGE);
         if (!option.getValue().equalsIgnoreCase(EXPECTED_VALUE)) {
             throw new RuntimeException("Unexpected value: " +
                 option.getValue() + " expected: " + EXPECTED_VALUE);
         }
-        boolean iae = false;
-        try {
-            mbean.getVMOption(BAD_OPTION);
-        } catch (IllegalArgumentException e) {
-            iae = true;
-        }
-        if (!iae) {
-            throw new RuntimeException("Invalid VM Option" +
-                " was not detected");
-        }
     }
 }
diff --git a/test/com/sun/management/HotSpotDiagnosticMXBean/GetVMOption.java b/test/com/sun/management/HotSpotDiagnosticMXBean/GetVMOption.java
--- a/test/com/sun/management/HotSpotDiagnosticMXBean/GetVMOption.java
+++ b/test/com/sun/management/HotSpotDiagnosticMXBean/GetVMOption.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,16 +32,15 @@
 
 import com.sun.management.HotSpotDiagnosticMXBean;
 import com.sun.management.VMOption;
-import com.sun.management.VMOption.Origin;
 import java.lang.management.ManagementFactory;
 import java.util.List;
 import javax.management.MBeanServer;
 
 public class GetVMOption {
-    private static String PRINT_GC_DETAILS = "PrintGCDetails";
-    private static String EXPECTED_VALUE = "true";
-    private static String BAD_OPTION = "BadOption";
-    private static String HOTSPOT_DIAGNOSTIC_MXBEAN_NAME =
+    private static final String PRINT_GC_DETAILS = "PrintGCDetails";
+    private static final String EXPECTED_VALUE = "true";
+    private static final String BAD_OPTION = "BadOption";
+    private static final String HOTSPOT_DIAGNOSTIC_MXBEAN_NAME =
         "com.sun.management:type=HotSpotDiagnostic";
 
     public static void main(String[] args) throws Exception {
diff --git a/test/com/sun/management/HotSpotDiagnosticMXBean/SetVMOption.java b/test/com/sun/management/HotSpotDiagnosticMXBean/SetVMOption.java
--- a/test/com/sun/management/HotSpotDiagnosticMXBean/SetVMOption.java
+++ b/test/com/sun/management/HotSpotDiagnosticMXBean/SetVMOption.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,11 +39,11 @@
 import com.sun.management.VMOption.Origin;
 
 public class SetVMOption {
-    private static String PRINT_GC_DETAILS = "PrintGCDetails";
-    private static String EXPECTED_VALUE = "true";
-    private static String BAD_VALUE = "yes";
-    private static String NEW_VALUE = "false";
-    private static String MANAGEMENT_SERVER = "ManagementServer";
+    private static final String PRINT_GC_DETAILS = "PrintGCDetails";
+    private static final String EXPECTED_VALUE = "true";
+    private static final String BAD_VALUE = "yes";
+    private static final String NEW_VALUE = "false";
+    private static final String MANAGEMENT_SERVER = "ManagementServer";
     private static HotSpotDiagnosticMXBean mbean;
 
     public static void main(String[] args) throws Exception {
diff --git a/test/javax/xml/crypto/dsig/GenerationTests.java b/test/javax/xml/crypto/dsig/GenerationTests.java
--- a/test/javax/xml/crypto/dsig/GenerationTests.java
+++ b/test/javax/xml/crypto/dsig/GenerationTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,11 +24,11 @@
 /**
  * @test
  * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184
- * 8038349 8046724 8074784 8079693 8210736
+ * 8038349 8046724 8074784 8079693 8177334 8210736 8217878
  * @summary Basic unit tests for generating XML Signatures with JSR 105
  * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
  *     X509KeySelector.java GenerationTests.java
- * @run main/othervm -Dsun.net.httpserver.nodelay=true GenerationTests
+ * @run main/othervm/timeout=300 -Dsun.net.httpserver.nodelay=true GenerationTests
  * @author Sean Mullan
  */
 
@@ -36,6 +36,7 @@
 import com.sun.net.httpserver.HttpHandler;
 import com.sun.net.httpserver.HttpServer;
 import java.io.*;
+import java.lang.reflect.Modifier;
 import java.math.BigInteger;
 import java.net.InetSocketAddress;
 import java.security.Key;
@@ -64,6 +65,7 @@
 import java.security.spec.RSAPrivateKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.*;
+import java.util.stream.Stream;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.xml.XMLConstants;
@@ -88,8 +90,8 @@
 import org.w3c.dom.*;
 
 /**
- * Test that recreates merlin-xmldsig-twenty-three test vectors but with
- * different keys and X.509 data.
+ * Test that recreates merlin-xmldsig-twenty-three test vectors (and more)
+ * but with different keys and X.509 data.
  */
 public class GenerationTests {
 
@@ -97,11 +99,13 @@
     private static KeyInfoFactory kifac;
     private static DocumentBuilder db;
     private static CanonicalizationMethod withoutComments;
-    private static SignatureMethod dsaSha1, dsaSha256, rsaSha1,
-                                   rsaSha256, rsaSha384, rsaSha512,
-                                   ecdsaSha1;
-    private static DigestMethod sha1, sha256, sha384, sha512;
-    private static KeyInfo dsa1024, dsa2048, rsa, rsa1024,
+    private static SignatureMethod dsaSha1, dsaSha256,
+            rsaSha1, rsaSha224, rsaSha256, rsaSha384, rsaSha512,
+            ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512,
+            hmacSha1, hmacSha224, hmacSha256, hmacSha384, hmacSha512,
+            rsaSha1mgf1, rsaSha224mgf1, rsaSha256mgf1, rsaSha384mgf1, rsaSha512mgf1;
+    private static DigestMethod sha1, sha224, sha256, sha384, sha512;
+    private static KeyInfo dsa1024, dsa2048, rsa, rsa1024, rsa2048,
                            p256ki, p384ki, p521ki;
     private static KeySelector kvks = new KeySelectors.KeyValueKeySelector();
     private static KeySelector sks;
@@ -119,8 +123,12 @@
     private final static String CRL =
         DATA_DIR + System.getProperty("file.separator") + "certs" +
         System.getProperty("file.separator") + "crl";
+    // XML Document with a DOCTYPE declaration
     private final static String ENVELOPE =
         DATA_DIR + System.getProperty("file.separator") + "envelope.xml";
+    // XML Document without a DOCTYPE declaration
+    private final static String ENVELOPE2 =
+        DATA_DIR + System.getProperty("file.separator") + "envelope2.xml";
     private static URIDereferencer httpUd = null;
     private final static String STYLESHEET =
         "http://www.w3.org/TR/xml-stylesheet";
@@ -183,11 +191,74 @@
         null, Transform.BASE64
     };
 
-    private static final String[] signatureMethods = new String[] {
-        SignatureMethod.DSA_SHA1,
-        SignatureMethod.RSA_SHA1,
-        SignatureMethod.HMAC_SHA1
-    };
+    // It will be too time consuming to test all combinations of
+    // all digest methods and signature methods. So we pick some
+    // majors one and only test a combination when a major method
+    // (either digest or signature) is included.
+    //
+    //              *  *  *
+    //              *  *  *
+    //              *  *  *
+    //     *  *  *  *  *  *  *  *  *
+    //     *  *  *  *  *  *  *  *  *
+    //     *  *  *  *  *  *  *  *  *
+    //              *  *  *
+    //              *  *  *
+    //              *  *  *
+
+    private static List<String> majorSignatureMethods;
+    static {
+        List<String> tmpList = Arrays.asList(
+            "http://www.w3.org/2009/xmldsig11#dsa-sha256",
+            "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
+            "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
+            "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256",
+            "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1");
+        majorSignatureMethods = Collections.unmodifiableList(tmpList);
+    }
+
+    private static final String[] allSignatureMethods
+            = Stream.of(SignatureMethod.class.getDeclaredFields())
+                .filter(f -> Modifier.isStatic(f.getModifiers()))
+                .map(f -> {
+                    try {
+                        return (String)f.get(null);
+                    } catch (Exception e) {
+                        throw new Error("should not happen");
+                    }
+                })
+                .toArray(String[]::new);
+
+    private static final List<String> majorDigestMethods;
+    static {
+        List<String> tmpList = Arrays.asList(
+            DigestMethod.SHA1,
+            DigestMethod.SHA256);
+        majorDigestMethods = Collections.unmodifiableList(tmpList);
+    }
+
+    private static final String[] allDigestMethods
+            = Stream.of(DigestMethod.class.getDeclaredFields())
+                .filter(f -> Modifier.isStatic(f.getModifiers())
+                                && !f.getName().equals("RIPEMD160"))
+                .map(f -> {
+                    try {
+                        return (String)f.get(null);
+                    } catch (Exception e) {
+                        throw new Error("should not happen");
+                    }
+                })
+                .toArray(String[]::new);
+
+    // As of JDK 8, the number of defined algorithms are...
+    static {
+        if (allSignatureMethods.length != 3
+                || allDigestMethods.length != 3) {
+            System.out.println(Arrays.toString(allSignatureMethods));
+            System.out.println(Arrays.toString(allDigestMethods));
+            throw new AssertionError("Not all methods are counted");
+        }
+    }
 
     private static enum Content {
         Xml, Text, Base64, NotExisitng
@@ -207,10 +278,15 @@
         test_create_signature_enveloping_dsa();
         test_create_signature_enveloping_hmac_sha1_40();
         test_create_signature_enveloping_hmac_sha256();
+        test_create_signature_enveloping_hmac_sha224();
         test_create_signature_enveloping_hmac_sha384();
         test_create_signature_enveloping_hmac_sha512();
         test_create_signature_enveloping_rsa();
         test_create_signature_enveloping_p256_sha1();
+        test_create_signature_enveloping_p256_sha224();
+        test_create_signature_enveloping_p256_sha256();
+        test_create_signature_enveloping_p256_sha384();
+        test_create_signature_enveloping_p256_sha512();
         test_create_signature_enveloping_p384_sha1();
         test_create_signature_enveloping_p521_sha1();
         test_create_signature_external_b64_dsa();
@@ -227,11 +303,22 @@
         test_create_sign_spec();
         test_create_signature_enveloping_sha256_dsa();
         test_create_signature_enveloping_sha384_rsa_sha256();
+        test_create_signature_enveloping_sha224_rsa_sha256();
         test_create_signature_enveloping_sha512_rsa_sha384();
+        test_create_signature_enveloping_sha512_rsa_sha224();
         test_create_signature_enveloping_sha512_rsa_sha512();
+        test_create_signature_enveloping_sha512_rsa_sha1_mgf1();
+        test_create_signature_enveloping_sha512_rsa_sha224_mgf1();
+        test_create_signature_enveloping_sha512_rsa_sha256_mgf1();
+        test_create_signature_enveloping_sha512_rsa_sha384_mgf1();
+        test_create_signature_enveloping_sha512_rsa_sha512_mgf1();
         test_create_signature_reference_dependency();
         test_create_signature_with_attr_in_no_namespace();
         test_create_signature_with_empty_id();
+        test_create_signature_enveloping_over_doc(ENVELOPE, true);
+        test_create_signature_enveloping_over_doc(ENVELOPE2, true);
+        test_create_signature_enveloping_over_doc(ENVELOPE, false);
+        test_create_signature_enveloping_dom_level1();
 
         // run tests for detached signatures with local http server
         try (Http server = Http.startServer()) {
@@ -239,30 +326,39 @@
 
             // tests for XML documents
             Arrays.stream(canonicalizationMethods).forEach(c ->
-                Arrays.stream(signatureMethods).forEach(s ->
-                    Arrays.stream(xml_transforms).forEach(t ->
-                        Arrays.stream(KeyInfoType.values()).forEach(k -> {
-                            test_create_detached_signature(c, s, t, k,
-                                    Content.Xml, server.getPort(), false, null);
-                        }))));
+                Arrays.stream(allSignatureMethods).forEach(s ->
+                    Arrays.stream(allDigestMethods).forEach(d ->
+                        Arrays.stream(xml_transforms).forEach(t ->
+                            Arrays.stream(KeyInfoType.values()).forEach(k -> {
+                                if (isMajor(s, d)) {
+                                    test_create_detached_signature(c, s, d, t, k,
+                                            Content.Xml, server.getPort(), false, null);
+                                }
+                        })))));
 
             // tests for text data with no transform
             Arrays.stream(canonicalizationMethods).forEach(c ->
-                Arrays.stream(signatureMethods).forEach(s ->
-                    Arrays.stream(KeyInfoType.values()).forEach(k -> {
-                        test_create_detached_signature(c, s, null, k,
-                                Content.Text, server.getPort(), false, null);
-                    })));
+                Arrays.stream(allSignatureMethods).forEach(s ->
+                    Arrays.stream(allDigestMethods).forEach(d ->
+                        Arrays.stream(KeyInfoType.values()).forEach(k -> {
+                            if (isMajor(s, d)) {
+                                test_create_detached_signature(c, s, d, null, k,
+                                        Content.Text, server.getPort(), false, null);
+                            }
+                        }))));
 
             // tests for base64 data
             Arrays.stream(canonicalizationMethods).forEach(c ->
-                Arrays.stream(signatureMethods).forEach(s ->
-                    Arrays.stream(non_xml_transforms).forEach(t ->
-                        Arrays.stream(KeyInfoType.values()).forEach(k -> {
-                            test_create_detached_signature(c, s, t, k,
-                                    Content.Base64, server.getPort(),
-                                    false, null);
-                        }))));
+                Arrays.stream(allSignatureMethods).forEach(s ->
+                    Arrays.stream(allDigestMethods).forEach(d ->
+                        Arrays.stream(non_xml_transforms).forEach(t ->
+                            Arrays.stream(KeyInfoType.values()).forEach(k -> {
+                                if (isMajor(s, d)) {
+                                    test_create_detached_signature(c, s, d, t, k,
+                                            Content.Base64, server.getPort(),
+                                            false, null);
+                                }
+                        })))));
 
             // negative tests
 
@@ -270,6 +366,7 @@
             test_create_detached_signature(
                     CanonicalizationMethod.EXCLUSIVE + BOGUS,
                     SignatureMethod.DSA_SHA1,
+                    DigestMethod.SHA1,
                     CanonicalizationMethod.INCLUSIVE,
                     KeyInfoType.KeyName,
                     Content.Xml,
@@ -281,6 +378,18 @@
             test_create_detached_signature(
                     CanonicalizationMethod.EXCLUSIVE,
                     SignatureMethod.DSA_SHA1 + BOGUS,
+                    DigestMethod.SHA1,
+                    CanonicalizationMethod.INCLUSIVE,
+                    KeyInfoType.KeyName, Content.Xml,
+                    server.getPort(),
+                    true,
+                    NoSuchAlgorithmException.class);
+
+            // unknown DigestMethod
+            test_create_detached_signature(
+                    CanonicalizationMethod.EXCLUSIVE,
+                    SignatureMethod.DSA_SHA1,
+                    DigestMethod.SHA1 + BOGUS,
                     CanonicalizationMethod.INCLUSIVE,
                     KeyInfoType.KeyName, Content.Xml,
                     server.getPort(),
@@ -291,6 +400,7 @@
             test_create_detached_signature(
                     CanonicalizationMethod.EXCLUSIVE,
                     SignatureMethod.DSA_SHA1,
+                    DigestMethod.SHA1,
                     CanonicalizationMethod.INCLUSIVE + BOGUS,
                     KeyInfoType.KeyName, Content.Xml,
                     server.getPort(),
@@ -301,6 +411,7 @@
             test_create_detached_signature(
                     CanonicalizationMethod.EXCLUSIVE,
                     SignatureMethod.DSA_SHA1,
+                    DigestMethod.SHA1,
                     CanonicalizationMethod.INCLUSIVE,
                     KeyInfoType.KeyName,
                     Content.NotExisitng,
@@ -312,6 +423,7 @@
             test_create_detached_signature(
                     CanonicalizationMethod.EXCLUSIVE,
                     SignatureMethod.DSA_SHA1,
+                    DigestMethod.SHA1,
                     CanonicalizationMethod.INCLUSIVE,
                     KeyInfoType.KeyName,
                     Content.Text,
@@ -325,6 +437,12 @@
         }
     }
 
+    // Do not test on all combinations.
+    private static boolean isMajor(String signatureMethod, String digestMethod) {
+        return majorDigestMethods.contains(digestMethod)
+                || majorSignatureMethods.contains(signatureMethod);
+    }
+
     private static void setup() throws Exception {
         fac = XMLSignatureFactory.getInstance();
         kifac = fac.getKeyInfoFactory();
@@ -345,11 +463,13 @@
             (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);
         dsaSha1 = fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null);
         dsaSha256 = fac.newSignatureMethod(DSA_SHA256, null);
+
         sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);
+        sha224 = fac.newDigestMethod("http://www.w3.org/2001/04/xmldsig-more#sha224", null);
         sha256 = fac.newDigestMethod(DigestMethod.SHA256, null);
-        sha384 = fac.newDigestMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#sha384", null);
+        sha384 = fac.newDigestMethod("http://www.w3.org/2001/04/xmldsig-more#sha384", null);
         sha512 = fac.newDigestMethod(DigestMethod.SHA512, null);
+
         dsa1024 = kifac.newKeyInfo(Collections.singletonList
             (kifac.newKeyValue(validatingKey)));
         dsa2048 = kifac.newKeyInfo(Collections.singletonList
@@ -358,21 +478,39 @@
             (kifac.newKeyValue(getPublicKey("RSA", 512))));
         rsa1024 = kifac.newKeyInfo(Collections.singletonList
             (kifac.newKeyValue(getPublicKey("RSA", 1024))));
+        rsa2048 = kifac.newKeyInfo(Collections.singletonList
+                (kifac.newKeyValue(getPublicKey("RSA", 2048))));
         p256ki = kifac.newKeyInfo(Collections.singletonList
             (kifac.newKeyValue(getECPublicKey("P256"))));
         p384ki = kifac.newKeyInfo(Collections.singletonList
             (kifac.newKeyValue(getECPublicKey("P384"))));
         p521ki = kifac.newKeyInfo(Collections.singletonList
             (kifac.newKeyValue(getECPublicKey("P521"))));
+
         rsaSha1 = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
-        rsaSha256 = fac.newSignatureMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
-        rsaSha384 = fac.newSignatureMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null);
-        rsaSha512 = fac.newSignatureMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null);
-        ecdsaSha1 = fac.newSignatureMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", null);
+        rsaSha224 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha224", null);
+        rsaSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
+        rsaSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null);
+        rsaSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null);
+
+        rsaSha1mgf1 = fac.newSignatureMethod("http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1", null);
+        rsaSha224mgf1 = fac.newSignatureMethod("http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1", null);
+        rsaSha256mgf1 = fac.newSignatureMethod("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1", null);
+        rsaSha384mgf1 = fac.newSignatureMethod("http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1", null);
+        rsaSha512mgf1 = fac.newSignatureMethod("http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1", null);
+
+        ecdsaSha1 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", null);
+        ecdsaSha224 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224", null);
+        ecdsaSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", null);
+        ecdsaSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", null);
+        ecdsaSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", null);
+
+        hmacSha1 = fac.newSignatureMethod(SignatureMethod.HMAC_SHA1, null);
+        hmacSha224 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha224", null);
+        hmacSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null);
+        hmacSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null);
+        hmacSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null);
+
         sks = new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));
 
         httpUd = new HttpURIDereferencer();
@@ -459,8 +597,6 @@
     static void test_create_signature_enveloping_hmac_sha1_40()
         throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha1-40.xml");
-        SignatureMethod hmacSha1 = fac.newSignatureMethod
-            (SignatureMethod.HMAC_SHA1, new HMACParameterSpec(40));
         try {
             test_create_signature_enveloping(sha1, hmacSha1, null,
                 getSecretKey("secret".getBytes("ASCII")), sks, false);
@@ -475,18 +611,22 @@
     static void test_create_signature_enveloping_hmac_sha256()
         throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha256.xml");
-        SignatureMethod hmacSha256 = fac.newSignatureMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null);
         test_create_signature_enveloping(sha1, hmacSha256, null,
             getSecretKey("secret".getBytes("ASCII")), sks, false);
         System.out.println();
     }
 
+    static void test_create_signature_enveloping_hmac_sha224()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-hmac-sha224.xml");
+        test_create_signature_enveloping(sha1, hmacSha224, null,
+                getSecretKey("secret".getBytes("ASCII")), sks, false);
+        System.out.println();
+    }
+
     static void test_create_signature_enveloping_hmac_sha384()
         throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha384.xml");
-        SignatureMethod hmacSha384 = fac.newSignatureMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null);
         test_create_signature_enveloping(sha1, hmacSha384, null,
             getSecretKey("secret".getBytes("ASCII")), sks, false);
         System.out.println();
@@ -495,8 +635,6 @@
     static void test_create_signature_enveloping_hmac_sha512()
         throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha512.xml");
-        SignatureMethod hmacSha512 = fac.newSignatureMethod
-            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null);
         test_create_signature_enveloping(sha1, hmacSha512, null,
             getSecretKey("secret".getBytes("ASCII")), sks, false);
         System.out.println();
@@ -517,6 +655,14 @@
         System.out.println();
     }
 
+    static void test_create_signature_enveloping_sha224_rsa_sha256()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-sha224-rsa_sha256.xml");
+        test_create_signature_enveloping(sha224, rsaSha256, rsa,
+                getPrivateKey("RSA", 512), kvks, false);
+        System.out.println();
+    }
+
     static void test_create_signature_enveloping_sha512_rsa_sha384()
         throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha384.xml");
@@ -525,6 +671,14 @@
         System.out.println();
     }
 
+    static void test_create_signature_enveloping_sha512_rsa_sha224()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-sha512-rsa_sha224.xml");
+        test_create_signature_enveloping(sha512, rsaSha224, rsa1024,
+                getPrivateKey("RSA", 1024), kvks, false);
+        System.out.println();
+    }
+
     static void test_create_signature_enveloping_sha512_rsa_sha512()
         throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml");
@@ -533,6 +687,46 @@
         System.out.println();
     }
 
+    static void test_create_signature_enveloping_sha512_rsa_sha1_mgf1()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-sha512-rsa_sha1_mgf1.xml");
+        test_create_signature_enveloping(sha512, rsaSha1mgf1, rsa1024,
+                getPrivateKey("RSA", 1024), kvks, false);
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_sha512_rsa_sha224_mgf1()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-sha512-rsa_sha224_mgf1.xml");
+        test_create_signature_enveloping(sha512, rsaSha224mgf1, rsa1024,
+                getPrivateKey("RSA", 1024), kvks, false);
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_sha512_rsa_sha256_mgf1()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-sha512-rsa_sha256_mgf1.xml");
+        test_create_signature_enveloping(sha512, rsaSha256mgf1, rsa1024,
+                getPrivateKey("RSA", 1024), kvks, false);
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_sha512_rsa_sha384_mgf1()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-sha512-rsa_sha384_mgf1.xml");
+        test_create_signature_enveloping(sha512, rsaSha384mgf1, rsa1024,
+                getPrivateKey("RSA", 1024), kvks, false);
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_sha512_rsa_sha512_mgf1()
+            throws Exception {
+        System.out.println("* Generating signature-enveloping-sha512-rsa_sha512_mgf1.xml");
+        test_create_signature_enveloping(sha512, rsaSha512mgf1, rsa2048,
+                getPrivateKey("RSA", 2048), kvks, false);
+        System.out.println();
+    }
+
     static void test_create_signature_enveloping_p256_sha1() throws Exception {
         System.out.println("* Generating signature-enveloping-p256-sha1.xml");
         test_create_signature_enveloping(sha1, ecdsaSha1, p256ki,
@@ -540,6 +734,34 @@
         System.out.println();
     }
 
+    static void test_create_signature_enveloping_p256_sha224() throws Exception {
+        System.out.println("* Generating signature-enveloping-p256-sha224.xml");
+        test_create_signature_enveloping(sha1, ecdsaSha224, p256ki,
+                getECPrivateKey("P256"), kvks, false);
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_p256_sha256() throws Exception {
+        System.out.println("* Generating signature-enveloping-p256-sha256.xml");
+        test_create_signature_enveloping(sha1, ecdsaSha256, p256ki,
+                getECPrivateKey("P256"), kvks, false);
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_p256_sha384() throws Exception {
+        System.out.println("* Generating signature-enveloping-p256-sha384.xml");
+        test_create_signature_enveloping(sha1, ecdsaSha384, p256ki,
+                getECPrivateKey("P256"), kvks, false);
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_p256_sha512() throws Exception {
+        System.out.println("* Generating signature-enveloping-p256-sha512.xml");
+        test_create_signature_enveloping(sha1, ecdsaSha512, p256ki,
+                getECPrivateKey("P256"), kvks, false);
+        System.out.println();
+    }
+
     static void test_create_signature_enveloping_p384_sha1() throws Exception {
         System.out.println("* Generating signature-enveloping-p384-sha1.xml");
         test_create_signature_enveloping(sha1, ecdsaSha1, p384ki,
@@ -765,6 +987,109 @@
                                                "signature", null);
         DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
         sig.sign(dsc);
+
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_over_doc(String filename,
+        boolean pass) throws Exception
+    {
+        System.out.println("* Generating signature-enveloping-over-doc.xml");
+
+        // create reference
+        Reference ref = fac.newReference("#object", sha256);
+
+        // create SignedInfo
+        SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha256,
+            Collections.singletonList(ref));
+
+        // create object
+        Document doc = null;
+        try (FileInputStream fis = new FileInputStream(filename)) {
+            doc = db.parse(fis);
+        }
+        DOMStructure ds = pass ? new DOMStructure(doc.getDocumentElement())
+                               : new DOMStructure(doc);
+        XMLObject obj = fac.newXMLObject(Collections.singletonList(ds),
+            "object", null, "UTF-8");
+
+        // This creates an enveloping signature over the entire XML Document
+        XMLSignature sig = fac.newXMLSignature(si, rsa,
+                                               Collections.singletonList(obj),
+                                               "signature", null);
+        DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 1024), doc);
+        try {
+            sig.sign(dsc);
+            if (!pass) {
+                // A Document node can only exist at the root of the doc so this
+                // should fail
+                throw new Exception("Test unexpectedly passed");
+            }
+        } catch (Exception e) {
+            if (!pass) {
+                System.out.println("Test failed as expected: " + e);
+            } else {
+                throw e;
+            }
+        }
+
+        if (pass) {
+            DOMValidateContext dvc = new DOMValidateContext
+                (getPublicKey("RSA", 1024), doc.getDocumentElement());
+            XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
+
+            if (sig.equals(sig2) == false) {
+                throw new Exception
+                    ("Unmarshalled signature is not equal to generated signature");
+            }
+            if (sig2.validate(dvc) == false) {
+                throw new Exception("Validation of generated signature failed");
+            }
+        }
+
+        System.out.println();
+    }
+
+    static void test_create_signature_enveloping_dom_level1() throws Exception {
+        System.out.println("* Generating signature-enveloping-dom-level1.xml");
+
+        // create reference
+        Reference ref = fac.newReference("#object", sha256);
+
+        // create SignedInfo
+        SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha256,
+            Collections.singletonList(ref));
+
+        // create object using DOM Level 1 methods
+        Document doc = db.newDocument();
+        Element child = doc.createElement("Child");
+        child.setAttribute("Version", "1.0");
+        child.setAttribute("Id", "child");
+        child.setIdAttribute("Id", true);
+        child.appendChild(doc.createComment("Comment"));
+        XMLObject obj = fac.newXMLObject(
+            Collections.singletonList(new DOMStructure(child)),
+            "object", null, "UTF-8");
+
+        XMLSignature sig = fac.newXMLSignature(si, rsa,
+                                               Collections.singletonList(obj),
+                                               "signature", null);
+        DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 1024), doc);
+        sig.sign(dsc);
+
+        DOMValidateContext dvc = new DOMValidateContext
+            (getPublicKey("RSA", 1024), doc.getDocumentElement());
+        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
+
+        if (sig.equals(sig2) == false) {
+            throw new Exception
+                ("Unmarshalled signature is not equal to generated signature");
+        }
+        if (sig2.validate(dvc) == false) {
+            throw new Exception("Validation of generated signature failed");
+        }
+
+        System.out.println();
     }
 
     static void test_create_signature() throws Exception {
@@ -1119,8 +1444,7 @@
 
         // create reference 1
         refs.add(fac.newReference
-            ("#xpointer(id('to-be-signed'))",
-             fac.newDigestMethod(DigestMethod.SHA1, null),
+            ("#xpointer(id('to-be-signed'))", sha1,
              Collections.singletonList
                 (fac.newTransform(CanonicalizationMethod.EXCLUSIVE,
                  (TransformParameterSpec) null)),
@@ -1132,16 +1456,14 @@
         prefixList.add("#default");
         ExcC14NParameterSpec params = new ExcC14NParameterSpec(prefixList);
         refs.add(fac.newReference
-            ("#xpointer(id('to-be-signed'))",
-             fac.newDigestMethod(DigestMethod.SHA1, null),
+            ("#xpointer(id('to-be-signed'))", sha1,
              Collections.singletonList
                 (fac.newTransform(CanonicalizationMethod.EXCLUSIVE, params)),
              null, null));
 
         // create reference 3
         refs.add(fac.newReference
-            ("#xpointer(id('to-be-signed'))",
-             fac.newDigestMethod(DigestMethod.SHA1, null),
+            ("#xpointer(id('to-be-signed'))", sha1,
              Collections.singletonList(fac.newTransform
                 (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS,
                  (TransformParameterSpec) null)),
@@ -1153,8 +1475,7 @@
         prefixList.add("#default");
         params = new ExcC14NParameterSpec(prefixList);
         refs.add(fac.newReference
-            ("#xpointer(id('to-be-signed'))",
-             fac.newDigestMethod(DigestMethod.SHA1, null),
+            ("#xpointer(id('to-be-signed'))", sha1,
              Collections.singletonList(fac.newTransform
                 (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, params)),
              null, null));
@@ -1164,7 +1485,7 @@
             fac.newCanonicalizationMethod
                 (CanonicalizationMethod.EXCLUSIVE,
                  (C14NMethodParameterSpec) null),
-            fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
+                    dsaSha1, refs);
 
         // create KeyInfo
         List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
@@ -1222,8 +1543,7 @@
         types.add(new XPathType(" //ReallyToBeSigned ",
             XPathType.Filter.UNION));
         XPathFilter2ParameterSpec xp1 = new XPathFilter2ParameterSpec(types);
-        refs.add(fac.newReference
-            ("", fac.newDigestMethod(DigestMethod.SHA1, null),
+        refs.add(fac.newReference("", sha1,
              Collections.singletonList(fac.newTransform(Transform.XPATH2, xp1)),
              null, null));
 
@@ -1235,15 +1555,14 @@
             (Collections.singletonList
                 (new XPathType(" / ", XPathType.Filter.UNION)));
         trans2.add(fac.newTransform(Transform.XPATH2, xp2));
-        refs.add(fac.newReference("#signature-value",
-            fac.newDigestMethod(DigestMethod.SHA1, null), trans2, null, null));
+        refs.add(fac.newReference("#signature-value", sha1, trans2, null, null));
 
         // create SignedInfo
         SignedInfo si = fac.newSignedInfo(
             fac.newCanonicalizationMethod
                 (CanonicalizationMethod.INCLUSIVE,
                  (C14NMethodParameterSpec) null),
-            fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
+                    dsaSha1, refs);
 
         // create KeyInfo
         List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
@@ -1306,28 +1625,26 @@
         System.out.println();
     }
 
-    static void test_create_detached_signature(String canonicalizationMethod,
-            String signatureMethod, String transform, KeyInfoType keyInfo,
+    // Only print if there is an error.
+    static void test_create_detached_signature(
+            String canonicalizationMethod, String signatureMethod,
+            String digestMethod, String transform, KeyInfoType keyInfo,
             Content contentType, int port, boolean expectedFailure,
             Class expectedException) {
 
-        final String digestMethod = DigestMethod.SHA1;
-        System.out.println("Test detached signature:");
-        System.out.println("    Canonicalization method: "
-                + canonicalizationMethod);
-        System.out.println("    Signature method: " + signatureMethod);
-        System.out.println("    Transform: " + transform);
-        System.out.println("    Digest method: " + digestMethod);
-        System.out.println("    KeyInfoType: " + keyInfo);
-        System.out.println("    Content type: " + contentType);
-        System.out.println("    Expected failure: "
-                + (expectedFailure ? "yes" : "no"));
-        System.out.println("    Expected exception: "
-                + (expectedException == null ?
-                        "no" : expectedException.getName()));
+        String title = "\nTest detached signature:"
+                + "\n    Canonicalization method: " + canonicalizationMethod
+                + "\n    Signature method: " + signatureMethod
+                + "\n    Transform: " + transform
+                + "\n    Digest method: " + digestMethod
+                + "\n    KeyInfoType: " + keyInfo
+                + "\n    Content type: " + contentType
+                + "\n    Expected failure: " + (expectedFailure ? "yes" : "no")
+                + "\n    Expected exception: " + (expectedException == null ?
+                            "no" : expectedException.getName());
 
         try {
-            boolean success = test_create_detached_signature(
+            boolean success = test_create_detached_signature0(
                     canonicalizationMethod,
                     signatureMethod,
                     digestMethod,
@@ -1337,12 +1654,15 @@
                     port);
 
             if (success && expectedFailure) {
+                System.out.println(title);
                 System.out.println("Signature validation unexpectedly passed");
                 result = false;
             } else if (!success && !expectedFailure) {
+                System.out.println(title);
                 System.out.println("Signature validation unexpectedly failed");
                 result = false;
             } else if (expectedException != null) {
+                System.out.println(title);
                 System.out.println("Expected " + expectedException
                         + " not thrown");
                 result = false;
@@ -1350,23 +1670,21 @@
         } catch (Exception e) {
             if (expectedException == null
                     || !e.getClass().isAssignableFrom(expectedException)) {
+                System.out.println(title);
                 System.out.println("Unexpected exception: " + e);
                 e.printStackTrace(System.out);
                 result = false;
-            } else {
-                System.out.println("Expected exception: " + e);
             }
         }
-
-        if (result) System.out.println("Test case passed");
     }
 
-    static boolean test_create_detached_signature(String canonicalizationMethod,
+    // Print out as little as possible. This method will be called many times.
+    static boolean test_create_detached_signature0(String canonicalizationMethod,
             String signatureMethod, String digestMethod, String transform,
             KeyInfoType keyInfo, Content contentType, int port)
             throws Exception {
 
-        System.out.print("Sign ...");
+        System.out.print("-S");
 
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
         dbf.setNamespaceAware(true);
@@ -1410,20 +1728,34 @@
 
         Key signingKey;
         Key validationKey;
-        switch (signatureMethod) {
-            case SignatureMethod.DSA_SHA1:
-            case SignatureMethod.RSA_SHA1:
-                KeyPair kp = generateKeyPair(sm);
-                validationKey = kp.getPublic();
-                signingKey = kp.getPrivate();
-                break;
-            case SignatureMethod.HMAC_SHA1:
-                KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1");
-                signingKey = kg.generateKey();
-                validationKey = signingKey;
-                break;
-            default:
+        if (signatureMethod.contains("#hmac-")) {
+            // http://...#hmac-sha1 -> hmac-sha1 -> hmacsha1
+            String algName = signatureMethod
+                    .substring(signatureMethod.indexOf('#') + 1)
+                    .replace("-", "");
+            KeyGenerator kg = KeyGenerator.getInstance(algName);
+            signingKey = kg.generateKey();
+            validationKey = signingKey;
+        } else {
+            KeyPairGenerator kpg;
+            SecureRandom random = new SecureRandom();
+            if (signatureMethod.contains("#rsa-")
+                    || signatureMethod.contains("-rsa-MGF1")) {
+                kpg = KeyPairGenerator.getInstance("RSA");
+                kpg.initialize(signatureMethod.contains("#sha512-rsa-MGF1")
+                        ? 2048 : 1024, random);
+            } else if (signatureMethod.contains("#dsa-")) {
+                kpg = KeyPairGenerator.getInstance("DSA");
+                kpg.initialize(1024, random);
+            } else if (signatureMethod.contains("#ecdsa-")) {
+                kpg = KeyPairGenerator.getInstance("EC");
+                kpg.initialize(256, random);
+            } else {
                 throw new RuntimeException("Unsupported signature algorithm");
+            }
+            KeyPair kp = kpg.generateKeyPair();
+            validationKey = kp.getPublic();
+            signingKey = kp.getPrivate();
         }
 
         SignedInfo si = fac.newSignedInfo(cm, sm, refs, null);
@@ -1464,7 +1796,7 @@
             signatureString = writer.toString();
         }
 
-        System.out.print("Validate ... ");
+        System.out.print("V");
         try (ByteArrayInputStream bis = new ByteArrayInputStream(
                 signatureString.getBytes())) {
             doc = dbf.newDocumentBuilder().parse(bis);
@@ -1487,11 +1819,11 @@
 
         boolean success = signature.validate(vc);
         if (!success) {
-            System.out.println("Core signature validation failed");
+            System.out.print("x");
             if (!secondChanceGranted && OS.contains("SunOS")) {
                 removePKCS11Provider();
                 // set up the test again
-                return test_create_detached_signature(canonicalizationMethod,
+                return test_create_detached_signature0(canonicalizationMethod,
                     signatureMethod, digestMethod, transform,
                     keyInfo, contentType, port);
             } else {
@@ -1501,7 +1833,7 @@
 
         success = signature.getSignatureValue().validate(vc);
         if (!success) {
-            System.out.println("Cryptographic validation of signature failed");
+            System.out.print("X");
             return false;
         }
 
@@ -1567,6 +1899,26 @@
         "237008997971129772408397621801631622129297063463868593083106979716" +
         "204903524890556839550490384015324575598723478554854070823335021842" +
         "210112348400928769";
+    private static final String RSA_2048_MOD = "243987087691547796017401146540"
+        + "9844666035826535295137885613771811531602666348704672255163984907599"
+        + "4298308997053582963763109207465354916871136820987101812436158377530"
+        + "6117270010853232249007544652859474372258057062943608962079402484091"
+        + "8121307687901225514249308620012025884376216406019656605767311580224"
+        + "4715304950770504195751384382230005665573033547124060755957932161045"
+        + "7288008201789401237690181537646952377591671113513382933711547044631"
+        + "6055957820531234310030119265612054594720774653570278810236807313332"
+        + "5293876225940483622056721445101719346295263740434720907474414905706"
+        + "086605825077661246082956613711071075569880930102141";
+    private static final String RSA_2048_PRIV = "12265063405401593206575340300"
+        + "5824698296458954796982342251774894076489082263237675553422307220014"
+        + "4395010131540855227949365446755185799985229111139387016816011165826"
+        + "5498929552020323994756478872375078784799489891112924298115119573429"
+        + "3677627114115546751555523555375278381312502020990154549150867571006"
+        + "4470674155961982582802981649643127000520693025433874996570667724459"
+        + "3395670697152709457274026580106078581585077146782827694403672461289"
+        + "9143004401242754355097671446183871158504602884373174300123820136505"
+        + "6449932139773607305129273545117363975014750743804523418307647791195"
+        + "6408859873123458434820062206102268853256685162004893";
     private static final String EC_P256_X =
         "335863644451761614592446380116804721648611739647823420286081723541" +
         "6166183710";
@@ -1652,6 +2004,9 @@
             } else if (keysize == 1024) {
                 kspec = new RSAPublicKeySpec(new BigInteger(RSA_1024_MOD),
                                              new BigInteger(RSA_PUB));
+            } else if (keysize == 2048) {
+                kspec = new RSAPublicKeySpec(new BigInteger(RSA_2048_MOD),
+                                             new BigInteger(RSA_PUB));
             } else throw new RuntimeException("Unsupported keysize:" + keysize);
         } else throw new RuntimeException("Unsupported key algorithm " + algo);
         return kf.generatePublic(kspec);
@@ -1704,10 +2059,13 @@
             if (keysize == 512) {
                 kspec = new RSAPrivateKeySpec
                     (new BigInteger(RSA_MOD), new BigInteger(RSA_PRIV));
-            } else {
+            } else if (keysize == 1024) {
                 kspec = new RSAPrivateKeySpec(new BigInteger(RSA_1024_MOD),
-                                              new BigInteger(RSA_1024_PRIV));
-            }
+                        new BigInteger(RSA_1024_PRIV));
+            } else if (keysize == 2048) {
+                kspec = new RSAPrivateKeySpec(new BigInteger(RSA_2048_MOD),
+                        new BigInteger(RSA_2048_PRIV));
+            } else throw new RuntimeException("Unsupported key algorithm " + algo);
         } else throw new RuntimeException("Unsupported key algorithm " + algo);
         return kf.generatePrivate(kspec);
     }
@@ -1744,25 +2102,6 @@
         };
     }
 
-    static KeyPair generateKeyPair(SignatureMethod sm)
-            throws NoSuchAlgorithmException {
-        KeyPairGenerator keygen;
-        switch (sm.getAlgorithm()) {
-            case SignatureMethod.DSA_SHA1:
-                keygen = KeyPairGenerator.getInstance("DSA");
-                break;
-            case SignatureMethod.RSA_SHA1:
-                keygen = KeyPairGenerator.getInstance("RSA");
-                break;
-            default:
-                throw new RuntimeException("Unsupported signature algorithm");
-        }
-
-        SecureRandom random = new SecureRandom();
-        keygen.initialize(1024, random);
-        return keygen.generateKeyPair();
-    }
-
     /**
      * This URIDereferencer returns locally cached copies of http content to
      * avoid test failures due to network glitches, etc.
diff --git a/test/javax/xml/crypto/dsig/KeySelectors.java b/test/javax/xml/crypto/dsig/KeySelectors.java
--- a/test/javax/xml/crypto/dsig/KeySelectors.java
+++ b/test/javax/xml/crypto/dsig/KeySelectors.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,14 +30,7 @@
 import javax.crypto.SecretKey;
 import javax.xml.crypto.*;
 import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dom.*;
 import javax.xml.crypto.dsig.keyinfo.*;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.DocumentBuilder;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.Element;
-import org.w3c.dom.traversal.*;
 import sun.security.util.DerValue;
 import sun.security.x509.X500Name;
 
@@ -173,26 +166,11 @@
         }
 
         static boolean algEquals(String algURI, String algName) {
-            if (algName.equalsIgnoreCase("DSA") &&
-                algURI.equals(SignatureMethod.DSA_SHA1) ||
-                algURI.equals("http://www.w3.org/2009/xmldsig11#dsa-sha256")) {
-                return true;
-            } else if (algName.equalsIgnoreCase("RSA") &&
-                (algURI.equals(SignatureMethod.RSA_SHA1) ||
-                 algURI.equals
-                    ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") ||
-                 algURI.equals
-                    ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384") ||
-                 algURI.equals
-                    ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"))) {
-                return true;
-            } else if (algName.equalsIgnoreCase("EC") &&
-                (algURI.equals
-                    ("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"))) {
-                return true;
-            } else {
-                return false;
-            }
+            algName = algName.toUpperCase(Locale.ROOT);
+            return algName.equals("DSA") && algURI.contains("#dsa-")
+                    || algName.equals("RSA")
+                            && (algURI.contains("#rsa-") || algURI.contains("-rsa-MGF1"))
+                    || algName.equals("EC") && algURI.contains("#ecdsa-");
         }
     }
 
diff --git a/test/javax/xml/crypto/dsig/data/envelope2.xml b/test/javax/xml/crypto/dsig/data/envelope2.xml
new file mode 100644
--- /dev/null
+++ b/test/javax/xml/crypto/dsig/data/envelope2.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Preamble -->
+<Envelope xmlns:foo="http://example.org/foo" xmlns="http://example.org/usps">
+  <DearSir>foo</DearSir>
+  <Body>bar</Body>
+  <YoursSincerely>
+  </YoursSincerely>
+  <PostScript>bar</PostScript>
+  <Notaries xmlns="" Id="notaries">
+    <Notary name="Great, A. T." />
+    <Notary name="Hun, A. T." />
+  </Notaries>
+  <!-- Commentary -->
+</Envelope>
+<!-- Postamble -->