obtained gcc-4.6.4.tar.bz2 from upstream website;upstream

verified gcc-4.6.4.tar.bz2.sig;
imported gcc-4.6.4 source tree from verified upstream tarball.

downloading a git-generated archive based on the 'upstream' tag
should provide you with a source tree that is binary identical
to the one extracted from the above tarball.

if you have obtained the source via the command 'git clone',
however, do note that line-endings of files in your working
directory might differ from line-endings of the respective
files in the upstream repository.

46 files changed, 6682 insertions, 0 deletions

diff --git a/libjava/classpath/javax/security/auth/AuthPermission.java b/libjava/classpath/javax/security/auth/AuthPermission.java
new file mode 100644
index 000000000..176ed9fb4
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/AuthPermission.java
@@ -0,0 +1,146 @@
+/* AuthPermission.java -- permissions related to authentication.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.BasicPermission;
+
+/**
+ * <p>A permission controlling access to authentication service. The
+ * <i>actions</i> field of auth permission objects is ignored; the whole
+ * of the permission is defined by the <i>target</i>.</p>
+ *
+ * <p>The authentication permission targets recognized are:</p>
+ *
+ * <dl>
+ * <dt><code>doAs</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAs(javax.security.auth.Subject  java.security.PrivilegedAction)}
+ * methods.</p></dd>
+ *
+ * <dt><code>doAsPrivileged</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAsPrivileged(javax.security.auth.Subject,
+ * java.security.PrivilegedAction, java.security.AccessControlContext)}
+ * methods.</p></dd>
+ *
+ * <dt><code>getSubject</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * thread.</p></dd>
+ *
+ * <dt><code>getSubjectFromDomainCombiner</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * {@link SubjectDomainCombiner}.</p></dd>
+ *
+ * <dt><code>setReadOnly</code></dt>
+ *
+ * <dd><p>Allows a {@link Subject} to be marked as read-only.</p></dd>
+ *
+ * <dt><code>modifyPrincipals</code></dt>
+ *
+ * <dd><p>Allows the set of principals of a subject to be modified.</p></dd>
+ *
+ * <dt><code>modifyPublicCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of public credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>modifyPrivateCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of private credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>refreshCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Refreshable} credential to be refreshed.</p></dd>
+ *
+ * <dt><code>destroyCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Destroyable} credential to be destroyed.</p></dd>
+ *
+ * <dt><code>createLoginContext.<i>name</i></code></dt>
+ *
+ * <dd><p>Allows a {@link javax.security.auth.login.LoginContext} for the
+ * given <i>name</i>. <i>name</i> can also be a wildcard (<code>'*'</code>),
+ * which allows the creation of a context with any name.</p></dd>
+ *
+ * <dt><code>getLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be retrieved.</p></dd>
+ *
+ * <dt><code>setLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be set.</p></dd>
+ *
+ * <dt><code>refreshLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be refreshed.</p></dd>
+ * </dl>
+ */
+public final class AuthPermission extends BasicPermission
+{
+
+  /**
+   * Creates a new authentication permission for the given target name.
+   *
+   * @param name The target name.
+   */
+  public AuthPermission (String name)
+  {
+    super (name);
+  }
+
+  /**
+   * Creates a new authentication permission for the given target name.
+   * The actions list is not used by this class.
+   *
+   * @param name The target name.
+   * @param actions The action list.
+   */
+  public AuthPermission (String name, String actions)
+  {
+    super (name, actions);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/DestroyFailedException.java b/libjava/classpath/javax/security/auth/DestroyFailedException.java
new file mode 100644
index 000000000..98de82bd4
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/DestroyFailedException.java
@@ -0,0 +1,67 @@
+/* DestroyFailedException.java -- signals an object could not be destroyed.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An exception thrown when the {@link Destroyable#destroy()} method
+ * fails for a credential.
+ *
+ * @see Destroyable
+ */
+public class DestroyFailedException extends Exception
+{
+
+  /**
+   * Creates a new DestroyFailedException with no detail message.
+   */
+  public DestroyFailedException()
+  {
+    super();
+  }
+
+  /**
+   * Creates a new DestroyFailedException with a detail message.
+   *
+   * @param message The detail message.
+   */
+  public DestroyFailedException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/Destroyable.java b/libjava/classpath/javax/security/auth/Destroyable.java
new file mode 100644
index 000000000..1ebd85c07
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Destroyable.java
@@ -0,0 +1,64 @@
+/* Destroyable.java -- an immutable object that may be destroyed.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An interface for objects that are immutable but whose sensitive
+ * data may be wiped out.
+ */
+public interface Destroyable
+{
+
+  /**
+   * Destroy this object, clearing all sensitive fields appropriately.
+   *
+   * @throws DestroyFailedException If this object could not be
+   *   destroyed.
+   * @throws SecurityException If the caller does not have permission
+   *   to destroy this object.
+   */
+  void destroy() throws DestroyFailedException;
+
+  /**
+   * Tells whether or not this object has been destroyed.
+   *
+   * @return True if this object has been destroyed.
+   */
+  boolean isDestroyed();
+}
diff --git a/libjava/classpath/javax/security/auth/Policy.java b/libjava/classpath/javax/security/auth/Policy.java
new file mode 100644
index 000000000..4da9a84df
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Policy.java
@@ -0,0 +1,79 @@
+/* Policy.java -- deprecated precursor to java.security.Policy.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.CodeSource;
+import java.security.PermissionCollection;
+
+/**
+ * @deprecated The classes java.security.Policy and
+ * java.security.ProtectionDomain provide the functionality of this class.
+ */
+public abstract class Policy
+{
+
+  private static Policy policy;
+
+  protected Policy()
+  {
+  }
+
+  public static synchronized Policy getPolicy()
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("getPolicy"));
+      }
+    return policy;
+  }
+
+  public static synchronized void setPolicy (Policy p)
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("setPolicy"));
+      }
+    policy = p;
+  }
+
+  public abstract PermissionCollection getPermissions (Subject subject, CodeSource source);
+  public abstract void refresh();
+}
diff --git a/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java b/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java
new file mode 100644
index 000000000..1982eef3d
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java
@@ -0,0 +1,326 @@
+/* PrivateCredentialPermission.java -- permissions governing private credentials.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.Serializable;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+/**
+ * A permission governing access to a private credential. The action of this
+ * permission is always "read" -- meaning that the private credential
+ * information can be read from an object.
+ *
+ * <p>The target of this permission is formatted as follows:</p>
+ *
+ * <p><code>CredentialClassName ( PrinicpalClassName PrincipalName )*</code></p>
+ *
+ * <p><i>CredentialClassName</i> is either the name of a private credential
+ * class name, or a wildcard character (<code>'*'</code>).
+ * <i>PrinicpalClassName</i> is the class name of a principal object, and
+ * <i>PrincipalName</i> is a string representing the principal, or the
+ * wildcard character.</p>
+ */
+public final class PrivateCredentialPermission extends Permission
+  implements Serializable
+{
+  /**
+   * For compatability with Sun's JDK 1.4.2 rev. 5
+   */
+  private static final long serialVersionUID = 5284372143517237068L;
+
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial The credential class name.
+   */
+  private final String credentialClass;
+
+  /**
+   * @serial The principals, a set of CredOwner objects (an undocumented
+   *  inner class of this class).
+   */
+  private final Set principals;
+
+  /**
+   * @serial Who knows?
+   */
+  private final boolean testing;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Create a new private credential permission.
+   *
+   * @param name The permission target name.
+   * @param actions The list of actions, which, for this class, must be
+   *  <code>"read"</code>.
+   */
+  public PrivateCredentialPermission (final String name, String actions)
+  {
+    super(name);
+    actions = actions.trim().toLowerCase();
+    if (!"read".equals (actions))
+      {
+        throw new IllegalArgumentException("actions must be \"read\"");
+      }
+    StringTokenizer st = new StringTokenizer (name, " \"'");
+    principals = new HashSet();
+    if (st.countTokens() < 3 || (st.countTokens() & 1) == 0)
+      {
+        throw new IllegalArgumentException ("badly formed credential name");
+      }
+    credentialClass = st.nextToken();
+    while (st.hasMoreTokens())
+      {
+        principals.add (new CredOwner (st.nextToken(), st.nextToken()));
+      }
+    testing = false; // WTF ever.
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public boolean equals (Object o)
+  {
+    if (! (o instanceof PrivateCredentialPermission))
+      {
+        return false;
+      }
+    PrivateCredentialPermission that = (PrivateCredentialPermission) o;
+    if (!that.getActions().equals (getActions()))
+      {
+        return false;
+      }
+    if (!that.getCredentialClass().equals (getCredentialClass()))
+      {
+        return false;
+      }
+
+    final String[][] principals = getPrincipals();
+    final String[][] that_principals = that.getPrincipals();
+    if (that_principals == null)
+      {
+        return false;
+      }
+    if (that_principals.length != principals.length)
+      {
+        return false;
+      }
+    for (int i = 0; i < principals.length; i++)
+      {
+        if (!principals[i][0].equals (that_principals[i][0]) ||
+            !principals[i][1].equals (that_principals[i][1]))
+          {
+            return false;
+          }
+      }
+    return true;
+  }
+
+  /**
+   * Returns the actions this permission encompasses. For private credential
+   * permissions, this is always the string <code>"read"</code>.
+   *
+   * @return The list of actions.
+   */
+  public String getActions()
+  {
+    return "read";
+  }
+
+  /**
+   * Returns the credential class name that was embedded in this permission's
+   * target name.
+   *
+   * @return The credential class name.
+   */
+  public String getCredentialClass()
+  {
+    return credentialClass;
+  }
+
+  /**
+   * Returns the principal list that was embedded in this permission's target
+   * name.
+   *
+   * <p>Each element of the returned array is a pair; the first element is the
+   * principal class name, and the second is the principal name.
+   *
+   * @return The principal list.
+   */
+  public String[][] getPrincipals()
+  {
+    String[][] ret = new String[principals.size()][];
+    Iterator it = principals.iterator();
+    for (int i = 0; i < principals.size() && it.hasNext(); i++)
+      {
+        CredOwner co = (CredOwner) it.next();
+        ret[i] = new String[] { co.getPrincipalClass(), co.getPrincipalName() };
+      }
+    return ret;
+  }
+
+  public int hashCode()
+  {
+    return credentialClass.hashCode() + principals.hashCode();
+  }
+
+  /**
+   * Test if this permission implies another. This method returns true if:
+   *
+   * <ol>
+   * <li><i>p</i> is an instance of PrivateCredentialPermission</li>.
+   * <li>The credential class name of this instance matches that of <i>p</i>,
+   * and one of the principals of <i>p</i> is contained in the principals of
+   * this class. Thus,
+   *   <ul>
+   *   <li><code>[ * P "foo" ]  implies [ C P "foo" ]</code></li>
+   *   <li><code>[ C P1 "foo" ] implies [ C P1 "foo" P2 "bar" ]</code></li>
+   *   <li><code>[ C P1 "*" ]   implies [ C P1 "foo" ]</code></li>
+   *   </ul>
+   * </ol>
+   *
+   * @param p The permission to check.
+   * @return True if this permission implies <i>p</i>.
+   */
+  public boolean implies (Permission p)
+  {
+    if (! (p instanceof PrivateCredentialPermission))
+      {
+        return false;
+      }
+    PrivateCredentialPermission that = (PrivateCredentialPermission) p;
+    if (!credentialClass.equals ("*")
+        && !credentialClass.equals (that.getCredentialClass()))
+      {
+        return false;
+      }
+    String[][] principals = getPrincipals();
+    String[][] that_principals = that.getPrincipals();
+    if (that_principals == null)
+      {
+        return false;
+      }
+    for (int i = 0; i < principals.length; i++)
+      {
+        for (int j = 0; j < that_principals.length; j++)
+          {
+            if (principals[i][0].equals (that_principals[j][0]) &&
+                (principals[i][1].equals ("*") ||
+                 principals[i][1].equals (that_principals[j][1])))
+              {
+                return true;
+              }
+          }
+      }
+    return false;
+  }
+
+  /**
+   * This method is not necessary for this class, thus it always returns null.
+   *
+   * @return null.
+   */
+  public PermissionCollection newPermissionCollection()
+  {
+    return null;
+  }
+
+  // Inner class.
+  // -------------------------------------------------------------------------
+
+  /**
+   * An undocumented inner class present for serialization compatibility.
+   */
+  private static class CredOwner implements Serializable
+  {
+
+    // Fields.
+    // -----------------------------------------------------------------------
+
+    private final String principalClass;
+    private final String principalName;
+
+    // Constructor.
+    // -----------------------------------------------------------------------
+
+    CredOwner (final String principalClass, final String principalName)
+    {
+      this.principalClass = principalClass;
+      this.principalName = principalName;
+    }
+
+    // Instance methods.
+    // -----------------------------------------------------------------------
+
+    public boolean equals (Object o)
+    {
+      if (!(o instanceof CredOwner))
+        {
+          return false;
+        }
+      return principalClass.equals (((CredOwner) o).getPrincipalClass()) &&
+        principalName.equals (((CredOwner) o).getPrincipalName());
+    }
+
+    public int hashCode()
+    {
+      return principalClass.hashCode() + principalName.hashCode();
+    }
+
+    public String getPrincipalClass()
+    {
+      return principalClass;
+    }
+
+    public String getPrincipalName()
+    {
+      return principalName;
+    }
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/RefreshFailedException.java b/libjava/classpath/javax/security/auth/RefreshFailedException.java
new file mode 100644
index 000000000..6b8f94dcd
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/RefreshFailedException.java
@@ -0,0 +1,63 @@
+/* RefreshFailedException.java -- signals a failed refresh.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * A signal that a call to {@link Refreshable#refresh()} failed.
+ */
+public class RefreshFailedException extends Exception
+{
+
+  /**
+   * Create a new RefreshFailedException with no detail message.
+   */
+  public RefreshFailedException()
+  {
+  }
+
+  /**
+   * Create a new RefreshFailedException with a detail message.
+   *
+   * @param message The detail message.
+   */
+  public RefreshFailedException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/Refreshable.java b/libjava/classpath/javax/security/auth/Refreshable.java
new file mode 100644
index 000000000..14d766079
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Refreshable.java
@@ -0,0 +1,65 @@
+/* Refreshable.java -- an object whose state may be refreshed.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An object whose internal state may be <em>refreshed:</em> as in a
+ * credential object with a expiry date.
+ */
+public interface Refreshable
+{
+
+  /**
+   * Tells whether or not this object is current. Refreshable objects that
+   * are not current may need to be refreshed.
+   *
+   * @return Whether this object is current.
+   */
+  boolean isCurrent();
+
+  /**
+   * Refresh this object. The process involved in refreshing an object is
+   * per-implementation dependent.
+   *
+   * @throws RefreshFailedException If refreshing this object fails.
+   * @throws SecurityException If the caller does not have permission to
+   *  refresh, or to take the steps involved in refreshing, this object.
+   */
+  void refresh() throws RefreshFailedException;
+}
diff --git a/libjava/classpath/javax/security/auth/Subject.java b/libjava/classpath/javax/security/auth/Subject.java
new file mode 100644
index 000000000..e9b0804a5
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/Subject.java
@@ -0,0 +1,557 @@
+/* Subject.java -- a single entity in the system.
+   Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import java.util.AbstractSet;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.Set;
+
+public final class Subject implements Serializable
+{
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -8308522755600156056L;
+
+  /**
+   * @serial The set of principals. The type of this field is SecureSet, a
+   *  private inner class.
+   */
+  private final Set principals;
+
+  /**
+   * @serial The read-only flag.
+   */
+  private boolean readOnly;
+
+  private final transient SecureSet pubCred;
+  private final transient SecureSet privCred;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public Subject()
+  {
+    principals = new SecureSet (this, SecureSet.PRINCIPALS);
+    pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS);
+    privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS);
+    readOnly = false;
+  }
+
+  public Subject (final boolean readOnly,
+                  final Set<? extends Principal> principals,
+                  final Set<?> pubCred, final Set<?> privCred)
+  {
+    if (principals == null || pubCred == null || privCred == null)
+      {
+        throw new NullPointerException();
+      }
+    this.principals = new SecureSet (this, SecureSet.PRINCIPALS, principals);
+    this.pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS, pubCred);
+    this.privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS, privCred);
+    this.readOnly = readOnly;
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Returns the subject associated with the given {@link
+   * AccessControlContext}.</p>
+   *
+   * <p>All this method does is retrieve the Subject object from the supplied
+   * context's {@link DomainCombiner}, if any, and if it is an instance of
+   * a {@link SubjectDomainCombiner}.
+   *
+   * @param context The context to retrieve the subject from.
+   * @return The subject assoctiated with the context, or <code>null</code>
+   *  if there is none.
+   * @throws NullPointerException If <i>subject</i> is null.
+   * @throws SecurityException If the caller does not have permission to get
+   *  the subject (<code>"getSubject"</code> target of {@link AuthPermission}.
+   */
+  public static Subject getSubject (final AccessControlContext context)
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("getSubject"));
+      }
+    DomainCombiner dc = context.getDomainCombiner();
+    if (!(dc instanceof SubjectDomainCombiner))
+      {
+        return null;
+      }
+    return ((SubjectDomainCombiner) dc).getSubject();
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will obtain the current
+   * {@link AccessControlContext} for this thread, then creates another with
+   * a {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+   */
+  public static Object doAs (final Subject subject, final PrivilegedAction action)
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAs"));
+      }
+    AccessControlContext context =
+      new AccessControlContext (AccessController.getContext(),
+                                new SubjectDomainCombiner (subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will obtain the current
+   * {@link AccessControlContext} for this thread, then creates another with
+   * a {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+   * @throws PrivilegedActionException If the action throws an exception.
+   */
+  public static Object doAs (final Subject subject,
+                             final PrivilegedExceptionAction action)
+    throws PrivilegedActionException
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAs"));
+      }
+    AccessControlContext context =
+      new AccessControlContext (AccessController.getContext(),
+                                new SubjectDomainCombiner(subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will create a new
+   * {@link AccessControlContext} derived from the given one, with a
+   * {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @param acc The context to use.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAsPrivileged"</code> target of {@link
+   *  AuthPermission}.
+   */
+  public static Object doAsPrivileged (final Subject subject,
+                                       final PrivilegedAction action,
+                                       final AccessControlContext acc)
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+      }
+    AccessControlContext context =
+      new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  /**
+   * <p>Run a method as another subject. This method will create a new
+   * {@link AccessControlContext} derived from the given one, with a
+   * {@link SubjectDomainCombiner} with the given subject. The supplied
+   * action will then be run with the modified context.</p>
+   *
+   * @param subject The subject to run as.
+   * @param action The action to run.
+   * @param acc The context to use.
+   * @return The value returned by the privileged action.
+   * @throws SecurityException If the caller is not allowed to run under a
+   *  different identity (<code>"doAsPrivileged"</code> target of
+   *  {@link AuthPermission}.
+   * @throws PrivilegedActionException If the action throws an exception.
+   */
+  public static Object doAsPrivileged (final Subject subject,
+                                       final PrivilegedExceptionAction action,
+                                       AccessControlContext acc)
+    throws PrivilegedActionException
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+      }
+    if (acc == null)
+      acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
+    AccessControlContext context =
+      new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+    return AccessController.doPrivileged (action, context);
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public boolean equals (Object o)
+  {
+    if (!(o instanceof Subject))
+      {
+        return false;
+      }
+    Subject that = (Subject) o;
+    return principals.containsAll (that.getPrincipals()) &&
+      pubCred.containsAll (that.getPublicCredentials()) &&
+      privCred.containsAll (that.getPrivateCredentials());
+  }
+
+  public Set<Principal> getPrincipals()
+  {
+    return principals;
+  }
+
+  public <T extends Principal> Set<T> getPrincipals(Class<T> clazz)
+  {
+    HashSet result = new HashSet (principals.size());
+    for (Iterator it = principals.iterator(); it.hasNext(); )
+      {
+        Object o = it.next();
+        if (o != null && clazz.isAssignableFrom (o.getClass()))
+          {
+            result.add(o);
+          }
+      }
+    return Collections.unmodifiableSet (result);
+  }
+
+  public Set<Object> getPrivateCredentials()
+  {
+    return privCred;
+  }
+
+  public <T> Set<T> getPrivateCredentials (Class<T> clazz)
+  {
+    HashSet result = new HashSet (privCred.size());
+    for (Iterator it = privCred.iterator(); it.hasNext(); )
+      {
+        Object o = it.next();
+        if (o != null && clazz.isAssignableFrom (o.getClass()))
+          {
+            result.add(o);
+          }
+      }
+    return Collections.unmodifiableSet (result);
+  }
+
+  public Set<Object> getPublicCredentials()
+  {
+    return pubCred;
+  }
+
+  public <T> Set<T> getPublicCredentials (Class<T> clazz)
+  {
+    HashSet result = new HashSet (pubCred.size());
+    for (Iterator it = pubCred.iterator(); it.hasNext(); )
+      {
+        Object o = it.next();
+        if (o != null && clazz.isAssignableFrom (o.getClass()))
+          {
+            result.add(o);
+          }
+      }
+    return Collections.unmodifiableSet (result);
+  }
+
+  public int hashCode()
+  {
+    return principals.hashCode() + privCred.hashCode() + pubCred.hashCode();
+  }
+
+  /**
+   * <p>Returns whether or not this subject is read-only.</p>
+   *
+   * @return True is this subject is read-only.
+   */
+  public boolean isReadOnly()
+  {
+    return readOnly;
+  }
+
+  /**
+   * <p>Marks this subject as read-only.</p>
+   *
+   * @throws SecurityException If the caller does not have permission to
+   *  set this subject as read-only (<code>"setReadOnly"</code> target of
+   *  {@link AuthPermission}.
+   */
+  public void setReadOnly()
+  {
+    final SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      {
+        sm.checkPermission (new AuthPermission ("setReadOnly"));
+      }
+    readOnly = true;
+  }
+
+  public String toString()
+  {
+    return Subject.class.getName() + " [ principals=" + principals +
+      ", private credentials=" + privCred + ", public credentials=" +
+      pubCred + ", read-only=" + readOnly + " ]";
+  }
+
+// Inner class.
+  // -------------------------------------------------------------------------
+
+  /**
+   * An undocumented inner class that is used for sets in the parent class.
+   */
+  private static class SecureSet extends AbstractSet implements Serializable
+  {
+    // Fields.
+    // -----------------------------------------------------------------------
+
+    private static final long serialVersionUID = 7911754171111800359L;
+
+    static final int PRINCIPALS = 0;
+    static final int PUBLIC_CREDENTIALS = 1;
+    static final int PRIVATE_CREDENTIALS = 2;
+
+    private final Subject subject;
+    private final LinkedList elements;
+    private final transient int type;
+
+    // Constructors.
+    // -----------------------------------------------------------------------
+
+    SecureSet (final Subject subject, final int type, final Collection inElements)
+    {
+      this (subject, type);
+      for (Iterator it = inElements.iterator(); it.hasNext(); )
+        {
+          Object o = it.next();
+          if (type == PRINCIPALS && !(o instanceof Principal))
+            {
+              throw new IllegalArgumentException(o+" is not a Principal");
+            }
+          if (!this.elements.contains (o))
+            {
+              this.elements.add (o);
+            }
+        }
+    }
+
+    SecureSet (final Subject subject, final int type)
+    {
+      this.subject = subject;
+      this.type = type;
+      this.elements = new LinkedList();
+    }
+
+    // Instance methods.
+    // -----------------------------------------------------------------------
+
+    public synchronized int size()
+    {
+      return elements.size();
+    }
+
+    public Iterator iterator()
+    {
+      return elements.iterator();
+    }
+
+    public synchronized boolean add(Object element)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      final SecurityManager sm = System.getSecurityManager();
+      switch (type)
+        {
+        case PRINCIPALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+            }
+          if (!(element instanceof Principal))
+            {
+              throw new IllegalArgumentException ("element is not a Principal");
+            }
+          break;
+
+        case PUBLIC_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+            }
+          break;
+
+        case PRIVATE_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+            }
+          break;
+
+        default:
+          throw new Error ("this statement should be unreachable");
+        }
+
+      if (elements.contains (element))
+        {
+          return false;
+        }
+
+      return elements.add (element);
+    }
+
+    public synchronized boolean remove (final Object element)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      final SecurityManager sm = System.getSecurityManager();
+      switch (type)
+        {
+        case PRINCIPALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+            }
+          if (!(element instanceof Principal))
+            {
+              throw new IllegalArgumentException ("element is not a Principal");
+            }
+          break;
+
+        case PUBLIC_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+            }
+          break;
+
+        case PRIVATE_CREDENTIALS:
+          if (sm != null)
+            {
+              sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+            }
+          break;
+
+        default:
+          throw new Error("this statement should be unreachable");
+        }
+
+      return elements.remove(element);
+    }
+
+    public synchronized boolean contains (final Object element)
+    {
+      return elements.contains (element);
+    }
+
+    public boolean removeAll (final Collection c)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      return super.removeAll (c);
+    }
+
+    public boolean retainAll (final Collection c)
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      return super.retainAll (c);
+    }
+
+    public void clear()
+    {
+      if (subject.isReadOnly())
+        {
+          throw new IllegalStateException ("subject is read-only");
+        }
+      elements.clear();
+    }
+
+    private synchronized void writeObject (ObjectOutputStream out)
+      throws IOException
+    {
+      throw new UnsupportedOperationException ("FIXME: determine serialization");
+    }
+
+    private void readObject (ObjectInputStream in)
+      throws ClassNotFoundException, IOException
+    {
+      throw new UnsupportedOperationException ("FIXME: determine serialization");
+    }
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java b/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java
new file mode 100644
index 000000000..927e7479d
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java
@@ -0,0 +1,97 @@
+/* SubjectDomainCombiner.java -- domain combiner for Subjects.
+   Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+
+import java.util.LinkedList;
+
+public class SubjectDomainCombiner implements DomainCombiner
+{
+
+  // Field.
+  // -------------------------------------------------------------------------
+
+  private final Subject subject;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  public SubjectDomainCombiner (final Subject subject)
+  {
+    this.subject = subject;
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public ProtectionDomain[] combine (final ProtectionDomain[] current,
+                                     final ProtectionDomain[] assigned)
+  {
+    LinkedList domains = new LinkedList();
+    Principal[] principals = null;
+    if (subject != null)
+      principals = (Principal[]) subject.getPrincipals().toArray (new Principal[0]);
+    if (current != null)
+      {
+        for (int i = 0; i < current.length; i++)
+          {
+            domains.add (new ProtectionDomain (current[i].getCodeSource(),
+                                               current[i].getPermissions(),
+                                               current[i].getClassLoader(),
+                                               principals));
+          }
+      }
+    if (assigned != null)
+      {
+        for (int i = 0; i < assigned.length; i++)
+          {
+            domains.add (assigned[i]);
+          }
+      }
+    return (ProtectionDomain[]) domains.toArray (new ProtectionDomain[domains.size()]);
+  }
+
+  public Subject getSubject()
+  {
+    return subject;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/Callback.java b/libjava/classpath/javax/security/auth/callback/Callback.java
new file mode 100644
index 000000000..359828e1a
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/Callback.java
@@ -0,0 +1,64 @@
+/* Callback.java -- marker interface for callback classes
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * <p>Implementations of this interface are passed to a {@link CallbackHandler},
+ * allowing underlying security services the ability to interact with a calling
+ * application to retrieve specific authentication data such as usernames and
+ * passwords, or to display certain information, such as error and warning
+ * messages.</p>
+ *
+ * <p><code>Callback</code> implementations do not retrieve or display the
+ * information requested by underlying security services. <code>Callback</code>
+ * implementations simply provide the means to pass such requests to
+ * applications, and for applications, if appropriate, to return requested
+ * information back to the underlying security services.</p>
+ *
+ * @see CallbackHandler
+ * @see ChoiceCallback
+ * @see ConfirmationCallback
+ * @see LanguageCallback
+ * @see NameCallback
+ * @see PasswordCallback
+ * @see TextInputCallback
+ * @see TextOutputCallback
+ */
+public interface Callback {
+}
diff --git a/libjava/classpath/javax/security/auth/callback/CallbackHandler.java b/libjava/classpath/javax/security/auth/callback/CallbackHandler.java
new file mode 100644
index 000000000..8d22943ca
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/CallbackHandler.java
@@ -0,0 +1,155 @@
+/* CallbackHandler.java -- base interface for callback handlers.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.IOException;
+
+/**
+ * <p>An application implements a <code>CallbackHandler</code> and passes it to
+ * underlying security services so that they may interact with the application
+ * to retrieve specific authentication data, such as usernames and passwords, or
+ * to display certain information, such as error and warning messages.</p>
+ *
+ * <p><code>CallbackHandler</code>s are implemented in an application-dependent
+ * fashion. For example, implementations for an application with a graphical
+ * user interface (GUI) may pop up windows to prompt for requested information
+ * or to display error messages. An implementation may also choose to obtain
+ * requested information from an alternate source without asking the end user.</p>
+ *
+ * <p>Underlying security services make requests for different types of
+ * information by passing individual Callbacks to the <code>CallbackHandler</code>.
+ * The <code>CallbackHandler</code> implementation decides how to retrieve and
+ * display information depending on the {@link Callback}s passed to it. For
+ * example, if the underlying service needs a username and password to
+ * authenticate a user, it uses a {@link NameCallback} and
+ * {@link PasswordCallback}. The <code>CallbackHandler</code> can then choose
+ * to prompt for a username and password serially, or to prompt for both in a
+ * single window.</p>
+ *
+ * <p>A default <code>CallbackHandler</code> class implementation may be
+ * specified in the <code>auth.login.defaultCallbackHandler</code> security
+ * property. The security property can be set in the Java security properties
+ * file located in the file named
+ * <code>&lt;JAVA_HOME>/lib/security/java.security</code>, where
+ * <code>&lt;JAVA_HOME></code> refers to the directory where the SDK was
+ * installed.</p>
+ *
+ * <p>If the security property is set to the fully qualified name of a
+ * <code>CallbackHandler</code> implementation class, then a
+ * <code>LoginContext</code>will load the specified <code>CallbackHandler</code>
+ * and pass it to the underlying <code>LoginModules</code>. The
+ * <code>LoginContext</code> only loads the default handler if one was not
+ * provided.</p>
+ *
+ * <p>All default handler implementations must provide a public zero-argument
+ * constructor.</p>
+ *
+ */
+public interface CallbackHandler
+{
+
+  /**
+   * <p>Retrieve or display the information requested in the provided
+   * {@link Callback}s.</p>
+   *
+   * <p>The <code>handle()</code> method implementation checks the instance(s)
+   * of the {@link Callback} object(s) passed in to retrieve or display the
+   * requested information. The following example is provided to help
+   * demonstrate what an <code>handle()</code> method implementation might look
+   * like. This example code is for guidance only. Many details, including
+   * proper error handling, are left out for simplicity.</p>
+   *
+   * <pre>
+   *public void handle(Callback[] callbacks)
+   *throws IOException, UnsupportedCallbackException {
+   *   for (int i = 0; i < callbacks.length; i++) {
+   *      if (callbacks[i] instanceof TextOutputCallback) {
+   *         // display the message according to the specified type
+   *         TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+   *         switch (toc.getMessageType()) {
+   *         case TextOutputCallback.INFORMATION:
+   *            System.out.println(toc.getMessage());
+   *            break;
+   *         case TextOutputCallback.ERROR:
+   *            System.out.println("ERROR: " + toc.getMessage());
+   *            break;
+   *         case TextOutputCallback.WARNING:
+   *            System.out.println("WARNING: " + toc.getMessage());
+   *            break;
+   *         default:
+   *            throw new IOException("Unsupported message type: "
+   *                  + toc.getMessageType());
+   *         }
+   *      } else if (callbacks[i] instanceof NameCallback) {
+   *         // prompt the user for a username
+   *         NameCallback nc = (NameCallback)callbacks[i];
+   *         // ignore the provided defaultName
+   *         System.err.print(nc.getPrompt());
+   *         System.err.flush();
+   *         nc.setName((new BufferedReader(
+   *               new InputStreamReader(System.in))).readLine());
+   *      } else if (callbacks[i] instanceof PasswordCallback) {
+   *         // prompt the user for sensitive information
+   *         PasswordCallback pc = (PasswordCallback)callbacks[i];
+   *         System.err.print(pc.getPrompt());
+   *         System.err.flush();
+   *         pc.setPassword(readPassword(System.in));
+   *      } else {
+   *         throw new UnsupportedCallbackException(
+   *               callbacks[i], "Unrecognized Callback");
+   *      }
+   *   }
+   *}
+   *
+   * // Reads user password from given input stream.
+   *private char[] readPassword(InputStream in) throws IOException {
+   *   // insert code to read a user password from the input stream
+   *}
+   * </pre>
+   *
+   * @param callbacks an array of {@link Callback} objects provided by an
+   * underlying security service which contains the information requested to
+   * be retrieved or displayed.
+   * @throws IOException if an input or output error occurs.
+   * @throws UnsupportedCallbackException if the implementation of this method
+   * does not support one or more of the Callbacks specified in the
+   * <code>callbacks</code> parameter.
+   */
+  void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException;
+}
diff --git a/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java b/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java
new file mode 100644
index 000000000..30bddd559
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java
@@ -0,0 +1,236 @@
+/* ChoiceCallback.java -- callback for a choice of values.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ChoiceCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display a list of choices and to retrieve the
+ * selected choice(s).
+ *
+ * @see CallbackHandler
+ */
+public class ChoiceCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial the list of choices.
+   * @since 1.4
+   */
+  private String[] choices;
+
+  /**
+   * @serial the choice to be used as the default choice.
+   * @since 1.4
+   */
+  private int defaultChoice;
+
+  /**
+   * @serial whether multiple selections are allowed from the list of choices.
+   * @since 1.4
+   */
+  private boolean multipleSelectionsAllowed;
+
+  /**
+   * @serial the selected choices, represented as indexes into the choices list.
+   * @since 1.4
+   */
+  private int[] selections;
+
+  // Constructor(s)
+  //--------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>ChoiceCallback</code> with a prompt, a list of choices,
+   * a default choice, and a boolean specifying whether or not multiple
+   * selections from the list of choices are allowed.
+   *
+   * @param prompt the prompt used to describe the list of choices.
+   * @param choices the list of choices.
+   * @param defaultChoice the choice to be used as the default choice when the
+   * list of choices are displayed. This value is represented as an index into
+   * the <code>choices</code> array.
+   * @param multipleSelectionsAllowed boolean specifying whether or not
+   * multiple selections can be made from the list of choices.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if <code>choices</code>
+   * is <code>null</code>, if <code>choices</code> has a length of <code>0</code>,
+   * if any element from <code>choices</code> is <code>null</code>, if any
+   * element from <code>choices</code> has a length of <code>0</code> or if
+   * <code>defaultChoice</code> does not fall within the array boundaries of
+   * <code>choices</code>.
+   */
+  public ChoiceCallback(String prompt, String[] choices, int defaultChoice,
+                        boolean multipleSelectionsAllowed)
+  {
+    super();
+
+    setPrompt(prompt);
+    setChoices(choices);
+    if (defaultChoice < 0 || defaultChoice >= this.choices.length)
+      {
+        throw new IllegalArgumentException("default choice is out of bounds");
+      }
+    this.defaultChoice = defaultChoice;
+    this.multipleSelectionsAllowed = multipleSelectionsAllowed;
+  }
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the list of choices.
+   *
+   * @return the list of choices.
+   */
+  public String[] getChoices()
+  {
+    return choices;
+  }
+
+  /**
+   * Get the defaultChoice.
+   *
+   * @return the defaultChoice, represented as an index into the choices list.
+   */
+  public int getDefaultChoice()
+  {
+    return defaultChoice;
+  }
+
+  /**
+   * Get the boolean determining whether multiple selections from the choices
+   * list are allowed.
+   *
+   * @return whether multiple selections are allowed.
+   */
+  public boolean allowMultipleSelections()
+  {
+    return multipleSelectionsAllowed;
+  }
+
+  /**
+   * Set the selected choice.
+   *
+   * @param selection the selection represented as an index into the choices
+   * list.
+   * @see #getSelectedIndexes()
+   */
+  public void setSelectedIndex(int selection)
+  {
+    this.selections = new int[1];
+    this.selections[0] = selection;
+  }
+
+  /**
+   * Set the selected choices.
+   *
+   * @param selections the selections represented as indexes into the choices
+   * list.
+   * @throws UnsupportedOperationException if multiple selections are not
+   * allowed, as determined by <code>allowMultipleSelections</code>.
+   * @see #getSelectedIndexes()
+   */
+  public void setSelectedIndexes(int[] selections)
+  {
+    if (!multipleSelectionsAllowed)
+      {
+        throw new UnsupportedOperationException("not allowed");
+      }
+
+    this.selections = selections;
+  }
+
+  /**
+   * Get the selected choices.
+   *
+   * @return the selected choices, represented as indexes into the choices list.
+   * @see #setSelectedIndexes(int[])
+   */
+  public int[] getSelectedIndexes()
+  {
+    return selections;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+        throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+
+  private void setChoices(String[] choices) throws IllegalArgumentException
+  {
+    if (choices == null || choices.length == 0)
+      {
+        throw new IllegalArgumentException("invalid choices");
+      }
+    for (int i = 0; i < choices.length; i++)
+      {
+        if (choices[i] == null || choices[i].length() == 0)
+          {
+            throw new IllegalArgumentException("invalid choice at index #"+i);
+          }
+      }
+    this.choices = choices;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java b/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java
new file mode 100644
index 000000000..8f89bf5fa
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java
@@ -0,0 +1,505 @@
+/* ConfirmationCallback.java -- callback for confirmations.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ConfirmationCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to ask for YES/NO, OK/CANCEL, YES/NO/CANCEL or other
+ * similar confirmations.
+ *
+ * @see CallbackHandler
+ */
+public class ConfirmationCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Unspecified option type.</p>
+   *
+   * <p>The <code>getOptionType</code> method returns this value if this
+   * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+   * instead of an <code>optionType</code>.</p>
+   */
+  public static final int UNSPECIFIED_OPTION = -1;
+
+  /**
+   * <p>YES/NO confirmation option.</p>
+   *
+   * <p>An underlying security service specifies this as the <code>optionType</code>
+   * to a <code>ConfirmationCallback</code> constructor if it requires a
+   * confirmation which can be answered with either <code>YES</code> or
+   * <code>NO</code>.</p>
+   */
+  public static final int YES_NO_OPTION = 0;
+
+  /**
+   * <p>YES/NO/CANCEL confirmation confirmation option.</p>
+   *
+   * <p>An underlying security service specifies this as the <code>optionType</code>
+   * to a <code>ConfirmationCallback</code> constructor if it requires a
+   * confirmation which can be answered with either <code>YES</code>,
+   * <code>NO</code> or <code>CANCEL</code>.
+   */
+  public static final int YES_NO_CANCEL_OPTION = 1;
+
+  /**
+   * <p>OK/CANCEL confirmation confirmation option.</p>
+   *
+   * <p>An underlying security service specifies this as the <code>optionType</code>
+   * to a <code>ConfirmationCallback</code> constructor if it requires a
+   * confirmation which can be answered with either <code>OK</code> or
+   * <code>CANCEL</code>.</p>
+   */
+  public static final int OK_CANCEL_OPTION = 2;
+
+  /**
+   * <p>YES option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int YES = 0;
+
+  /**
+   * <p>NO option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int NO = 1;
+
+  /**
+   * <p>CANCEL option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int CANCEL = 2;
+
+  /**
+   * <p>OK option.</p>
+   *
+   * <p>If an <code>optionType</code> was specified to this
+   * <code>ConfirmationCallback</code>, this option may be specified as a
+   * <code>defaultOption</code> or returned as the selected index.</p>
+   */
+  public static final int OK = 3;
+
+  /** INFORMATION message type. */
+  public static final int INFORMATION = 0;
+
+  /** WARNING message type. */
+  public static final int WARNING = 1;
+
+  /** ERROR message type. */
+  public static final int ERROR = 2;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int messageType;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int optionType;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int defaultOption;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String[] options = null;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int selection;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a message type, an
+   * option type and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require
+   * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+   *
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+   * OK_CANCEL_OPTION).
+   * @param defaultOption the default option from the provided optionType (YES,
+   * NO, CANCEL or OK).
+   * @throws IllegalArgumentException if <code>messageType</code> is not either
+   * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+   * <code>optionType</code> is not either <code>YES_NO_OPTION</code>,
+   * <code>YES_NO_CANCEL_OPTION</code>, or <code>OK_CANCEL_OPTION</code>, or if
+   * <code>defaultOption</code> does not correspond to one of the options in
+   * <code>optionType</code>.
+   */
+  public ConfirmationCallback(int messageType, int optionType, int defaultOption)
+    throws IllegalArgumentException
+  {
+    super();
+
+    setMessageType(messageType);
+    setOptionType(optionType, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a message type, a
+   * list of options and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require a
+   * confirmation different from the available preset confirmations provided
+   * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+   * listed in the <code>options</code> array, and are displayed by the
+   * {@link CallbackHandler} implementation in a manner consistent with the
+   * way preset options are displayed.</p>
+   *
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param options the list of confirmation options.
+   * @param defaultOption the default option, represented as an index into the
+   * <code>options</code> array.
+   * @throws IllegalArgumentException if <code>messageType</code> is not either
+   * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+   * <code>options</code> is <code>null</code>, if <code>options</code> has a
+   * length of <code>0</code>, if any element from <code>options</code> is
+   * <code>null</code>, if any element from <code>options</code> has a length
+   * of <code>0</code>, or if <code>defaultOption</code> does not lie within
+   * the array boundaries of <code>options</code>.
+   */
+  public ConfirmationCallback(int messageType, String[] options, int defaultOption)
+  {
+    super();
+
+    setMessageType(messageType);
+    setOptions(options, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+   * type, an option type and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require
+   * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+   *
+   * @param prompt the prompt used to describe the list of options.
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+   * OK_CANCEL_OPTION).
+   * @param defaultOption the default option from the provided optionType (YES,
+   * NO, CANCEL or OK).
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>messageType</code> is not either <code>INFORMATION</code>,
+   * <code>WARNING</code>, or <code>ERROR</code>, if <code>optionType</code> is
+   * not either <code>YES_NO_OPTION</code>, <code>YES_NO_CANCEL_OPTION</code>,
+   * or <code>OK_CANCEL_OPTION</code>, or if <code>defaultOption</code> does
+   * not correspond to one of the options in <code>optionType</code>.
+   */
+  public ConfirmationCallback(String prompt, int messageType, int optionType,
+                              int defaultOption)
+  {
+    super();
+
+    setPrompt(prompt);
+    setMessageType(messageType);
+    setOptionType(optionType, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  /**
+   * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+   * type, a list of options and a default option.</p>
+   *
+   * <p>Underlying security services use this constructor if they require a
+   * confirmation different from the available preset confirmations provided
+   * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+   * listed in the <code>options</code> array, and are displayed by the
+   * {@link CallbackHandler} implementation in a manner consistent with the
+   * way preset options are displayed.</p>
+   *
+   * @param prompt the prompt used to describe the list of options.
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param options the list of confirmation options.
+   * @param defaultOption the default option, represented as an index into the
+   * <code>options</code> array.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>messageType</code> is not either <code>INFORMATION</code>,
+   * <code>WARNING</code>, or <code>ERROR</code>, if <code>options</code> is
+   * <code>null</code>, if <code>options</code> has a length of <code>0</code>,
+   * if any element from <code>options</code> is <code>null</code>, if any
+   * element from <code>options</code> has a length of <code>0</code>, or if
+   * <code>defaultOption</code> does not lie within the array boundaries of
+   * <code>options</code>.
+   */
+  public ConfirmationCallback(String prompt, int messageType, String[] options,
+                              int defaultOption)
+  {
+    super();
+
+    setPrompt(prompt);
+    setMessageType(messageType);
+    setOptions(options, defaultOption);
+    this.defaultOption = defaultOption;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt, or <code>null</code> if this
+   * <code>ConfirmationCallback</code> was instantiated without a prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the message type.
+   *
+   * @return the message type (INFORMATION, WARNING or ERROR).
+   */
+  public int getMessageType()
+  {
+    return messageType;
+  }
+
+  /**
+   * <p>Get the option type.</p>
+   *
+   * <p>If this method returns {@link #UNSPECIFIED_OPTION}, then this
+   * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+   * instead of an <code>optionType</code>. In this case, invoke the
+   * {@link #getOptions()} method to determine which confirmation options to
+   * display.</p>
+   *
+   * @return the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+   * OK_CANCEL_OPTION), or UNSPECIFIED_OPTION if this
+   * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+   * instead of an <code>optionType</code>.
+   */
+  public int getOptionType()
+  {
+    if (options != null)
+      {
+        return UNSPECIFIED_OPTION;
+      }
+    return optionType;
+  }
+
+  /**
+   * Get the confirmation options.
+   *
+   * @return the list of confirmation options, or <code>null</code> if this
+   * <code>ConfirmationCallback</code> was instantiated with an
+   * <code>optionType</code> instead of <code>options</code>.
+   */
+  public String[] getOptions()
+  {
+    return options;
+  }
+
+  /**
+   * Get the default option.
+   *
+   * @return the default option, represented as <code>YES</code>, <code>NO</code>,
+   * <code>OK</code> or <code>CANCEL</code> if an <code>optionType</code> was
+   * specified to the constructor of this <code>ConfirmationCallback</code>.
+   * Otherwise, this method returns the default option as an index into the
+   * <code>options</code> array specified to the constructor of this
+   * <code>ConfirmationCallback</code>.
+   */
+  public int getDefaultOption()
+  {
+    return defaultOption;
+  }
+
+  /**
+   * Set the selected confirmation option.
+   *
+   * @param selection the selection represented as <code>YES</code>,
+   * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+   * <code>optionType</code> was specified to the constructor of this
+   * <code>ConfirmationCallback</code>. Otherwise, the <code>selection</code>
+   * represents the index into the <code>options</code> array specified to the
+   * constructor of this <code>ConfirmationCallback</code>.
+   * @see #getSelectedIndex()
+   */
+  public void setSelectedIndex(int selection)
+  {
+    if (options != null)
+      {
+        setOptions(options, selection);
+      }
+    else
+      {
+        setOptionType(optionType, selection);
+      }
+  }
+
+  /**
+   * Get the selected confirmation option.
+   *
+   * @return the selected confirmation option represented as <code>YES</code>,
+   * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+   * <code>optionType</code> was specified to the constructor of this
+   * <code>ConfirmationCallback</code>. Otherwise, this method returns the
+   * selected confirmation option as an index into the <code>options</code>
+   * array specified to the constructor of this <code>ConfirmationCallback</code>.
+   * @see #setSelectedIndex(int)
+   */
+  public int getSelectedIndex()
+  {
+    return this.selection;
+  }
+
+  private void setMessageType(int messageType) throws IllegalArgumentException
+  {
+    switch (messageType)
+      {
+      case INFORMATION:
+      case WARNING:
+      case ERROR: this.messageType = messageType; break;
+      default: throw new IllegalArgumentException("illegal message type");
+      }
+  }
+
+  private void setOptionType(int optionType, int selectedOption)
+    throws IllegalArgumentException
+  {
+    switch (optionType)
+      {
+      case YES_NO_OPTION:
+        this.optionType = optionType;
+        switch (selectedOption)
+          {
+          case YES:
+          case NO: this.selection = selectedOption; break;
+          default: throw new IllegalArgumentException("invalid option");
+          }
+        break;
+      case YES_NO_CANCEL_OPTION:
+        this.optionType = optionType;
+        switch (selectedOption)
+          {
+          case YES:
+          case NO:
+          case CANCEL: this.selection = selectedOption; break;
+          default: throw new IllegalArgumentException("invalid option");
+          }
+        break;
+      case OK_CANCEL_OPTION:
+        this.optionType = optionType;
+        switch (selectedOption)
+          {
+          case OK:
+          case CANCEL: this.selection = selectedOption; break;
+          default: throw new IllegalArgumentException("invalid option");
+          }
+        break;
+      default:
+        throw new IllegalArgumentException("illegal option type");
+      }
+  }
+
+  private void setOptions(String[] options, int selectedOption)
+    throws IllegalArgumentException
+  {
+    if ((selectedOption < 0) || (selectedOption > options.length - 1))
+      {
+        throw new IllegalArgumentException("invalid selection");
+      }
+    if ((options == null) || (options.length == 0))
+      {
+        throw new IllegalArgumentException("options is null or empty");
+      }
+    for (int i = 0; i < options.length; i++)
+      {
+        if ((options[i] == null) || (options[i].length() == 0))
+          {
+            throw new IllegalArgumentException("options[" + i + "] is null or empty");
+          }
+      }
+    this.options = options;
+    this.selection = selectedOption;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+        throw new IllegalArgumentException("prompt is null or empty");
+      }
+    this.prompt = prompt;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/LanguageCallback.java b/libjava/classpath/javax/security/auth/callback/LanguageCallback.java
new file mode 100644
index 000000000..e0190e6cc
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/LanguageCallback.java
@@ -0,0 +1,100 @@
+/* LanguageCallback.java -- callback for language choices.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+import java.util.Locale;
+
+/**
+ * Underlying security services instantiate and pass a <code>LanguageCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * the {@link Locale} used for localizing text.
+ *
+ * @see CallbackHandler
+ */
+public class LanguageCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private Locale locale;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /** Construct a <code>LanguageCallback</code>. */
+  public LanguageCallback()
+  {
+    super();
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Set the retrieved Locale.
+   *
+   * @param locale the retrieved Locale.
+   * @see #getLocale()
+   */
+  public void setLocale(Locale locale)
+  {
+    this.locale = locale;
+  }
+
+  /**
+   * Get the retrieved Locale.
+   *
+   * @return the retrieved Locale, or <code>null</code> if no Locale could be
+   * retrieved.
+   * @see #setLocale(Locale)
+   */
+  public Locale getLocale()
+  {
+    return locale;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/NameCallback.java b/libjava/classpath/javax/security/auth/callback/NameCallback.java
new file mode 100644
index 000000000..4b8bf1c69
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/NameCallback.java
@@ -0,0 +1,178 @@
+/* NameCallback.java -- callback for user names.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>NameCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * name information.
+ *
+ * @see CallbackHandler
+ */
+public class NameCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String defaultName;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String inputName;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>NameCallback</code> with a prompt.
+   *
+   * @param prompt the prompt used to request the name.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>.
+   */
+  public NameCallback(String prompt)
+  {
+    super();
+
+    setPrompt(prompt);
+  }
+
+  /**
+   * Construct a <code>NameCallback</code> with a prompt and default name.
+   *
+   * @param prompt the prompt used to request the information.
+   * @param defaultName the name to be used as the default name displayed with
+   * the prompt.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>defaultName</code> is <code>null</code>, or if <code>defaultName</code>
+   * has a length of <code>0</code>.
+   */
+  public NameCallback(String prompt, String defaultName)
+    throws IllegalArgumentException
+  {
+    super();
+
+    setPrompt(prompt);
+    setDefaultName(defaultName);
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the default name.
+   *
+   * @return the default name, or <code>null</code> if this
+   * <code>NameCallback</code> was not instantiated with a
+   * <code>defaultName</code>.
+   */
+  public String getDefaultName()
+  {
+    return defaultName;
+  }
+
+  /**
+   * Set the retrieved name.
+   *
+   * @param name the retrieved name (which may be <code>null</code>).
+   * @see #getName()
+   */
+  public void setName(String name)
+  {
+    this.inputName = name;
+  }
+
+  /**
+   * Get the retrieved name.
+   *
+   * @return the retrieved name (which may be <code>null</code>)
+   * @see #setName(String)
+   */
+  public String getName()
+  {
+    return inputName;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+        throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+
+  private void setDefaultName(String defaultName) throws IllegalArgumentException
+  {
+    if ((defaultName == null) || (defaultName.length() == 0))
+      {
+        throw new IllegalArgumentException("invalid default name");
+      }
+    this.defaultName = defaultName;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/PasswordCallback.java b/libjava/classpath/javax/security/auth/callback/PasswordCallback.java
new file mode 100644
index 000000000..6309aacba
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/PasswordCallback.java
@@ -0,0 +1,168 @@
+/* PasswordCallback.java -- callback for passwords.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>PasswordCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * password information.
+ *
+ * @see CallbackHandler,
+ */
+public class PasswordCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private boolean echoOn;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private char[] inputPassword;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>PasswordCallback</code> with a prompt and a boolean
+   * specifying whether the password should be displayed as it is being typed.
+   *
+   * @param prompt the prompt used to request the password.
+   * @param echoOn <code>true</code> if the password should be displayed as it
+   * is being typed.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>.
+   */
+  public PasswordCallback(String prompt, boolean echoOn)
+  {
+    super();
+
+    setPrompt(prompt);
+    this.echoOn = echoOn;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Return whether the password should be displayed as it is being typed.
+   *
+   * @return the whether the password should be displayed as it is being typed.
+   */
+  public boolean isEchoOn()
+  {
+    return echoOn;
+  }
+
+  /**
+   * <p>Set the retrieved password.</p>
+   *
+   * <p>This method makes a copy of the input password before storing it.</p>
+   *
+   * @param password the retrieved password, which may be <code>null</code>.
+   * @see #getPassword()
+   */
+  public void setPassword(char[] password)
+  {
+    inputPassword = (password == null ? null : (char[]) password.clone());
+  }
+
+  /**
+   * <p>Get the retrieved password.</p>
+   *
+   * <p>This method returns a copy of the retrieved password.</p>
+   *
+   * @return the retrieved password, which may be <code>null</code>.
+   * @see #setPassword(char[])
+   */
+  public char[] getPassword()
+  {
+    return (inputPassword == null ? null : (char[]) inputPassword.clone());
+  }
+
+  /** Clear the retrieved password. */
+  public void clearPassword()
+  {
+    if (inputPassword != null)
+      {
+        for (int i = 0; i < inputPassword.length; i++)
+          {
+            inputPassword[i] = '\0';
+          }
+        inputPassword = null;
+      }
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+        throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/TextInputCallback.java b/libjava/classpath/javax/security/auth/callback/TextInputCallback.java
new file mode 100644
index 000000000..1fe071327
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/TextInputCallback.java
@@ -0,0 +1,177 @@
+/* TextInputCallback.java -- callbacks for user input.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>TextInputCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * generic text information.
+ *
+ * @see CallbackHandler
+ */
+public class TextInputCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String prompt;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String defaultText;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String inputText;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Construct a <code>TextInputCallback</code> with a prompt.
+   *
+   * @param prompt the prompt used to request the information.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+   * or if <code>prompt</code> has a length of <code>0</code>.
+   */
+  public TextInputCallback(String prompt) throws IllegalArgumentException
+  {
+    super();
+
+    setPrompt(prompt);
+  }
+
+  /**
+   * Construct a <code>TextInputCallback</code> with a prompt and default
+   * input value.
+   *
+   * @param prompt the prompt used to request the information.
+   * @param defaultText the text to be used as the default text displayed with
+   * the prompt.
+   * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+   * if <code>prompt</code> has a length of <code>0</code>, if
+   * <code>defaultText</code> is <code>null</code> or if <code>defaultText</code>
+   * has a length of <code>0</code>.
+   */
+  public TextInputCallback(String prompt, String defaultText)
+    throws IllegalArgumentException
+  {
+    super();
+
+    setPrompt(prompt);
+    setDefaultText(defaultText);
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the prompt.
+   *
+   * @return the prompt.
+   */
+  public String getPrompt()
+  {
+    return prompt;
+  }
+
+  /**
+   * Get the default text.
+   *
+   * @return the default text, or <code>null</code> if this
+   * <code>TextInputCallback</code> was not instantiated with
+   * <code>defaultText</code>.
+   */
+  public String getDefaultText()
+  {
+    return defaultText;
+  }
+
+  /**
+   * Set the retrieved text.
+   *
+   * @param text the retrieved text, which may be <code>null</code>.
+   */
+  public void setText(String text)
+  {
+    this.inputText = text;
+  }
+
+  /**
+   * Get the retrieved text.
+   *
+   * @return the retrieved text, which may be <code>null</code>.
+   */
+  public String getText()
+  {
+    return inputText;
+  }
+
+  private void setPrompt(String prompt) throws IllegalArgumentException
+  {
+    if ((prompt == null) || (prompt.length() == 0))
+      {
+        throw new IllegalArgumentException("invalid prompt");
+      }
+    this.prompt = prompt;
+  }
+
+  private void setDefaultText(String defaultText) throws IllegalArgumentException
+  {
+    if ((defaultText == null) || (defaultText.length() == 0))
+      {
+        throw new IllegalArgumentException("invalid default text");
+      }
+    this.defaultText = defaultText;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java b/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java
new file mode 100644
index 000000000..0ab3a040f
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java
@@ -0,0 +1,140 @@
+/* TextOutputCallback.java -- callback for text output.
+   Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * <p>Underlying security services instantiate and pass a
+ * <code>TextOutputCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display information messages, warning messages and
+ * error messages.</p>
+ *
+ * @see CallbackHandler
+ */
+public class TextOutputCallback implements Callback, Serializable
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /** Information message */
+  public static final int INFORMATION = 0;
+
+  /** Warning message */
+  public static final int WARNING = 1;
+
+  /** Error message */
+  public static final int ERROR = 2;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private int messageType;
+
+  /**
+   * @serial
+   * @since 1.4
+   */
+  private String message;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Construct a <code>TextOutputCallback</code> with a message type and
+   * message to be displayed.</p>
+   *
+   * @param messageType the message type (INFORMATION, WARNING or ERROR).
+   * @param message the message to be displayed.
+   * @throws IllegalArgumentException if <code>messageType</code> is not either
+   * <code>INFORMATION</code>, <code>WARNING</code> or <code>ERROR</code>, if
+   * <code>message</code> is <code>null</code>, or if <code>message</code> has
+   * a length of <code>0</code>.
+   */
+  public TextOutputCallback(int messageType, String message)
+    throws IllegalArgumentException
+  {
+    switch (messageType)
+      {
+      case INFORMATION:
+      case WARNING:
+      case ERROR: this.messageType = messageType; break;
+      default: throw new IllegalArgumentException("invalid message type");
+      }
+
+    setMessage(message);
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Returns the message's <code>messageType</code>.</p>
+   *
+   * @return the message type (INFORMATION, WARNING or ERROR).
+   */
+  public int getMessageType()
+  {
+    return messageType;
+  }
+
+  /**
+   * <p>Returns the <code>message</code> to be displayed.</p>
+   *
+   * @return the message to be displayed.
+   */
+  public String getMessage()
+  {
+    return message;
+  }
+
+  private void setMessage(String message) throws IllegalArgumentException
+  {
+    if ((message == null) || (message.length() == 0))
+      {
+        throw new IllegalArgumentException("invalid message");
+      }
+    this.message = message;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java b/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java
new file mode 100644
index 000000000..f5308b9ea
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java
@@ -0,0 +1,101 @@
+/* UnsupportedCallbackException.java -- signals an unsupported callback type.
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * Signals that a {@link CallbackHandler} does not recognize a particular
+ * {@link Callback}.
+ *
+ */
+public class UnsupportedCallbackException extends Exception
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /** @serial */
+  private Callback callback;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Constructs an <code>UnsupportedCallbackException</code> with no detail
+   * message.
+   *
+   * @param callback the unrecognized {@link Callback}.
+   */
+  public UnsupportedCallbackException(Callback callback)
+  {
+    super();
+
+    this.callback = callback;
+  }
+
+  /**
+   * Constructs an <code>UnsupportedCallbackException</code> with the specified
+   * detail message. A detail message is a {@link String} that describes this
+   * particular exception.
+   *
+   * @param callback the unrecognized {@link Callback}.
+   * @param msg the detail message.
+   */
+  public UnsupportedCallbackException(Callback callback, String msg)
+  {
+    super(msg);
+
+    this.callback = callback;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the unrecognized {@link Callback}.
+   *
+   * @return the unrecognized {@link Callback}.
+   */
+  public Callback getCallback()
+  {
+    return this.callback;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/callback/package.html b/libjava/classpath/javax/security/auth/callback/package.html
new file mode 100644
index 000000000..f927f1c30
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/callback/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.callback package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.callback</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/kerberos/DelegationPermission.java b/libjava/classpath/javax/security/auth/kerberos/DelegationPermission.java
new file mode 100644
index 000000000..42bb9c73c
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/kerberos/DelegationPermission.java
@@ -0,0 +1,136 @@
+/* DelegationPermission.java -- kerberos delegation permission
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.kerberos;
+
+import java.security.BasicPermission;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.Enumeration;
+import java.util.Vector;
+
+/**
+ * @since 1.4
+ */
+public final class DelegationPermission
+    extends BasicPermission
+{
+  // FIXME: Enable this when serialization works.
+  // private static final long serialVersionUID = 883133252142523922L;
+
+  /**
+   * Create a new instance with the given name.
+   */
+  public DelegationPermission(String name)
+  {
+    super(name);
+    checkSyntax(name);
+  }
+
+  /**
+   * Create a new instance with the given name and actions.
+   *
+   * The name consists of two parts: first the subordinate
+   * service principal, then the target service principal.
+   * Each principal is surrounded by quotes; the two are separated
+   * by a space.
+   *
+   * @param name the name
+   * @param actions the actions; this is ignored
+   */
+  public DelegationPermission(String name, String actions)
+  {
+    super(name, actions);
+    checkSyntax(name);
+  }
+
+  private static void checkSyntax(String name)
+  {
+    int index = name.indexOf('"', 1);
+    int len = name.length();
+    if (name.charAt(0) != '"' || name.charAt(len - 1) != '"'
+        || index == -1 || index + 3 >= len
+        || name.charAt(index + 1) != ' '
+        || name.charAt(index + 2) != '"')
+      // FIXME: better message here.
+      throw new IllegalArgumentException("invalid syntax for principals");
+  }
+
+  public boolean implies(Permission perm)
+  {
+    return equals(perm);
+  }
+
+  public PermissionCollection newPermissionCollection()
+  {
+    // FIXME: don't know how to serialize here.  I suspect this
+    // class has to have a particular name, etc ...
+    return new PermissionCollection()
+    {
+      private Vector permissions = new Vector();
+
+      public void add(Permission perm)
+      {
+        if (isReadOnly())
+          throw new SecurityException("readonly");
+        if (! (perm instanceof DelegationPermission))
+          throw new IllegalArgumentException("can only add DelegationPermissions");
+        permissions.add(perm);
+      }
+
+      public boolean implies(Permission perm)
+      {
+        if (! (perm instanceof DelegationPermission))
+          return false;
+        Enumeration e = elements();
+        while (e.hasMoreElements())
+          {
+            DelegationPermission dp = (DelegationPermission) e.nextElement();
+            if (dp.implies(perm))
+              return true;
+          }
+        return false;
+      }
+
+      public Enumeration elements()
+      {
+        return permissions.elements();
+      }
+    };
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/kerberos/KerberosKey.java b/libjava/classpath/javax/security/auth/kerberos/KerberosKey.java
new file mode 100644
index 000000000..e5735fbd5
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/kerberos/KerberosKey.java
@@ -0,0 +1,180 @@
+/* KerberosKey.java -- kerberos key
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.kerberos;
+
+import gnu.classpath.NotImplementedException;
+
+import java.io.Serializable;
+
+import javax.crypto.SecretKey;
+import javax.security.auth.DestroyFailedException;
+import javax.security.auth.Destroyable;
+
+/**
+ * This class represents a Kerberos key.  See the Kerberos
+ * authentication RFC for more information:
+ * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
+ *
+ * @since 1.4
+ */
+public class KerberosKey
+    implements Serializable, SecretKey, Destroyable
+{
+  private static final long serialVersionUID = -4625402278148246993L;
+
+  private KerberosPrincipal principal;
+  private int versionNum;
+  private KeyImpl key;
+
+  /**
+   * Construct a new key with the indicated principal and key.
+   * @param principal the principal
+   * @param key the key's data
+   * @param type the key's type
+   * @param version the key's version number
+   */
+  public KerberosKey(KerberosPrincipal principal, byte[] key, int type,
+                     int version)
+  {
+    this.principal = principal;
+    this.versionNum = version;
+    this.key = new KeyImpl(key, type);
+  }
+
+  /**
+   * Construct a new key with the indicated principal and a password.
+   * @param principal the principal
+   * @param passwd the password to use
+   * @param algo the algorithm; if null the "DES" algorithm is used
+   */
+  public KerberosKey(KerberosPrincipal principal, char[] passwd, String algo)
+  // Not implemented because KeyImpl really does nothing here.
+    throws NotImplementedException
+  {
+    this.principal = principal;
+    this.versionNum = 0; // FIXME: correct?
+    this.key = new KeyImpl(passwd, algo);
+  }
+
+  /**
+   * Return the name of the algorithm used to create this key.
+   */
+  public final String getAlgorithm()
+  {
+    checkDestroyed();
+    return key.algorithm;
+  }
+
+  /**
+   * Return the format of this key.  This implementation always returns "RAW".
+   */
+  public final String getFormat()
+  {
+    checkDestroyed();
+    // Silly, but specified.
+    return "RAW";
+  }
+
+  /**
+   * Return the principal associated with this key.
+   */
+  public final KerberosPrincipal getPrincipal()
+  {
+    checkDestroyed();
+    return principal;
+  }
+
+  /**
+   * Return the type of this key.
+   */
+  public final int getKeyType()
+  {
+    checkDestroyed();
+    return key.type;
+  }
+
+  /**
+   * Return the version number of this key.
+   */
+  public final int getVersionNumber()
+  {
+    checkDestroyed();
+    return versionNum;
+  }
+
+  /**
+   * Return the encoded form of this key.
+   */
+  public final byte[] getEncoded()
+  {
+    checkDestroyed();
+    return (byte[]) key.key.clone();
+  }
+
+  /**
+   * Destroy this key.
+   */
+  public void destroy() throws DestroyFailedException
+  {
+    if (key == null)
+      throw new DestroyFailedException("already destroyed");
+    key = null;
+  }
+
+  /**
+   * Return true if this key has been destroyed.  After this has been
+   * called, other methods on this object will throw IllegalStateException.
+   */
+  public boolean isDestroyed()
+  {
+    return key == null;
+  }
+
+  private void checkDestroyed()
+  {
+    if (key == null)
+      throw new IllegalStateException("key is destroyed");
+  }
+
+  public String toString()
+  {
+    // FIXME: random choice here.
+    return principal + ":" + versionNum;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/kerberos/KerberosPrincipal.java b/libjava/classpath/javax/security/auth/kerberos/KerberosPrincipal.java
new file mode 100644
index 000000000..4ba767226
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/kerberos/KerberosPrincipal.java
@@ -0,0 +1,207 @@
+/* KerberosPrincipal.java -- a kerberos principal
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.kerberos;
+
+import gnu.classpath.NotImplementedException;
+import gnu.classpath.SystemProperties;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * This represents a Kerberos principal.  See the Kerberos
+ * authentication RFC for more information:
+ * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
+ *
+ * @since 1.4
+ */
+public final class KerberosPrincipal
+    implements Serializable, Principal
+{
+  // Uncomment when serialization is correct.
+  // private static final long serialVersionUID = -7374788026156829911L;
+
+  /**
+   * Constant from the RFC: "Just the name of the principal as in DCE, or
+   * for users".
+   */
+  public static final int KRB_NT_PRINCIPAL = 1;
+
+  /**
+   * Constant from the RFC: "Service and other unique instance (krbtgt)".
+   */
+  public static final int KRB_NT_SRV_HST = 3;
+
+  /**
+   * Constant from the RFC: "Service with host name as instance (telnet,
+   * rcommands)".
+   */
+  public static final int KRB_NT_SRV_INST = 2;
+
+  /**
+   * Constant from the RFC: "Service with host as remaining components".
+   */
+  public static final int KRB_NT_SRV_XHST = 4;
+
+  /**
+   * Constant from the RFC: "Unique ID".
+   */
+  public static final int KRB_NT_UID = 5;
+
+  /**
+   * Constant from the RFC: "Name type not known".
+   */
+  public static final int KRB_NT_UNKNOWN = 0;
+
+  private String name;
+  private int type;
+  private String realm;
+
+  /**
+   * Create a new instance with the given name and a type of
+   * {@link #KRB_NT_PRINCIPAL}.
+   * @param name the principal's name
+   */
+  public KerberosPrincipal(String name)
+  {
+    this(name, KRB_NT_PRINCIPAL);
+  }
+
+  /**
+   * Create a new instance with the given name and type.  The name is
+   * parsed according to the rules in the RFC.  If there is no realm,
+   * then the local realm is used instead.
+   *
+   * @param name the principal's name
+   * @param type the principal's type
+   */
+  public KerberosPrincipal(String name, int type)
+  // Marked as unimplemented because we don't look for the realm as needed.
+    throws NotImplementedException
+  {
+    if (type < KRB_NT_UNKNOWN || type > KRB_NT_UID)
+      throw new IllegalArgumentException("unknown type: " + type);
+    this.name = name;
+    this.type = type;
+    this.realm = parseRealm();
+  }
+
+  private String parseRealm()
+  {
+    // Handle quoting as specified by the Kerberos RFC.
+    int i, len = name.length();
+    boolean quoted = false;
+    for (i = 0; i < len; ++i)
+      {
+        if (quoted)
+          {
+            quoted = false;
+            continue;
+          }
+        char c = name.charAt(i);
+        if (c == '\\')
+          {
+            quoted = true;
+            continue;
+          }
+        if (c == '@')
+          break;
+      }
+    if (quoted || i == len - 1)
+      throw new IllegalArgumentException("malformed principal: " + name);
+    if (i < len)
+      {
+        // We have the realm.  FIXME: verify its syntax?
+        return name.substring(i + 1);
+      }
+    // Try to find the default realm.
+    String def = SystemProperties.getProperty("java.security.krb5.realm");
+    if (def != null)
+      return def;
+    // Now ask the system.
+    // FIXME: use java.security.krb5.conf,
+    // or $JAVA_HOME/lib/security/krb5.conf to find the krb config file.
+    // Then pass to native code using krb5_set_config_files() and
+    // krb5_get_default_realm().  But... what about /etc/krb5.conf?
+    throw new IllegalArgumentException("default realm can't be found");
+  }
+
+  /**
+   * Return the name of this principal.
+   */
+  public String getName()
+  {
+    return name;
+  }
+
+  /**
+   * Return the realm of this principal.
+   */
+  public String getRealm()
+  {
+    return realm;
+  }
+
+  /**
+   * Return the type of this principal.
+   */
+  public int getNameType()
+  {
+    return type;
+  }
+
+  public int hashCode()
+  {
+    return name.hashCode();
+  }
+
+  public boolean equals(Object other)
+  {
+    if (! (other instanceof KerberosPrincipal))
+      return false;
+    KerberosPrincipal kp = (KerberosPrincipal) other;
+    return name.equals(kp.name) && type == kp.type;
+  }
+
+  public String toString()
+  {
+    // This is what came to mind.
+    return name + ":" + type;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/kerberos/KerberosTicket.java b/libjava/classpath/javax/security/auth/kerberos/KerberosTicket.java
new file mode 100644
index 000000000..ff70b9f4e
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/kerberos/KerberosTicket.java
@@ -0,0 +1,372 @@
+/* KerberosTicket.java -- a kerberos ticket
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.kerberos;
+
+import gnu.classpath.NotImplementedException;
+
+import java.io.Serializable;
+import java.net.InetAddress;
+import java.util.Date;
+
+import javax.crypto.SecretKey;
+import javax.security.auth.DestroyFailedException;
+import javax.security.auth.Destroyable;
+import javax.security.auth.RefreshFailedException;
+import javax.security.auth.Refreshable;
+
+/**
+ * This class represents a Kerberos ticket.  See the Kerberos
+ * authentication RFC for more information:
+ * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
+ *
+ * @since 1.4
+ */
+public class KerberosTicket
+    implements Destroyable, Serializable, Refreshable
+{
+  private static final long serialVersionUID = 7395334370157380539L;
+
+  // Indices of the various flags.  From the kerberos spec.
+  // We only list the ones we use.
+  private static final int FORWARDABLE = 1;
+  private static final int FORWARDED = 2;
+  private static final int PROXIABLE = 3;
+  private static final int PROXY = 4;
+  private static final int POSTDATED = 6;
+  private static final int RENEWABLE = 8;
+  private static final int INITIAL = 9;
+  private static final int NUM_FLAGS = 12;
+
+  private byte[] asn1Encoding;
+  private KeyImpl sessionKey;
+  private boolean[] flags;
+  private Date authTime;
+  private Date startTime;
+  private Date endTime;
+  private Date renewTill;
+  private KerberosPrincipal client;
+  private KerberosPrincipal server;
+  private InetAddress[] clientAddresses;
+
+  /**
+   * Create a new ticket given all the facts about it.
+   *
+   * Note that flags may be null or "short"; any flags not specified
+   * will be taken to be false.
+   *
+   * If the key is not renewable, then renewTill may be null.
+   *
+   * If authTime is null, then it is taken to be the same as startTime.
+   *
+   * If clientAddresses is null, then the ticket can be used anywhere.
+   *
+   * @param asn1Encoding the contents of the ticket, as ASN1
+   * @param client the client principal
+   * @param server the server principal
+   * @param key the contents of the session key
+   * @param type the type of the key
+   * @param flags an array of flags, as specified by the RFC
+   * @param authTime when the client was authenticated
+   * @param startTime starting time at which the ticket is valid
+   * @param endTime ending time, after which the ticket is invalid
+   * @param renewTill for a rewewable ticket, the time before which it must
+   * be renewed
+   * @param clientAddresses a possibly-null array of addresses where this
+   * ticket may be used
+   */
+  public KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client,
+                        KerberosPrincipal server, byte[] key, int type,
+                        boolean[] flags, Date authTime, Date startTime,
+                        Date endTime, Date renewTill,
+                        InetAddress[] clientAddresses)
+  {
+    this.asn1Encoding = (byte[]) asn1Encoding.clone();
+    this.sessionKey = new KeyImpl(key, type);
+    this.flags = new boolean[NUM_FLAGS];
+    if (flags != null)
+      System.arraycopy(flags, 0, this.flags, 0,
+                       Math.min(flags.length, NUM_FLAGS));
+    this.flags = (boolean[]) flags.clone();
+    this.authTime = (Date) authTime.clone();
+    this.startTime = (Date) ((startTime == null)
+                              ? authTime : startTime).clone();
+    this.endTime = (Date) endTime.clone();
+    this.renewTill = (Date) renewTill.clone();
+    this.client = client;
+    this.server = server;
+    this.clientAddresses = (clientAddresses == null
+                            ? null
+                            : (InetAddress[]) clientAddresses.clone());
+  }
+
+  /**
+   * Destroy this ticket.  This discards secret information.  After this
+   * method is called, other methods will throw IllegalStateException.
+   */
+  public void destroy() throws DestroyFailedException
+  {
+    if (sessionKey == null)
+      throw new DestroyFailedException("already destroyed");
+    sessionKey = null;
+    asn1Encoding = null;
+  }
+
+  /**
+   * Return true if this ticket has been destroyed.
+   */
+  public boolean isDestroyed()
+  {
+    return sessionKey == null;
+  }
+
+  /**
+   * Return true if the ticket is currently valid.  This is true if
+   * the system time is between the ticket's start and end times.
+   */
+  public boolean isCurrent()
+  {
+    long now = System.currentTimeMillis();
+    return startTime.getTime() <= now && now <= endTime.getTime();
+  }
+
+  /**
+   * If the ticket is renewable, and the renewal time has not yet elapsed,
+   * attempt to renew the ticket.
+   * @throws RefreshFailedException if the renewal fails for any reason
+   */
+  public void refresh() throws RefreshFailedException, NotImplementedException
+  {
+    if (! isRenewable())
+      throw new RefreshFailedException("not renewable");
+    if (renewTill != null
+        && System.currentTimeMillis() >= renewTill.getTime())
+      throw new RefreshFailedException("renewal time elapsed");
+    // FIXME: must contact the KDC.
+    // Use the java.security.krb5.kdc property...
+    throw new RefreshFailedException("not implemented");
+  }
+
+  /**
+   * Return the client principal for this ticket.
+   */
+  public final KerberosPrincipal getClient()
+  {
+    return client;
+  }
+
+  /**
+   * Return the server principal for this ticket.
+   */
+  public final KerberosPrincipal getServer()
+  {
+    return server;
+  }
+
+  /**
+   * Return true if this ticket is forwardable.
+   */
+  public final boolean isForwardable()
+  {
+    return flags[FORWARDABLE];
+  }
+
+  /**
+   * Return true if this ticket has been forwarded.
+   */
+  public final boolean isForwarded()
+  {
+    return flags[FORWARDED];
+  }
+
+  /**
+   * Return true if this ticket is proxiable.
+   */
+  public final boolean isProxiable()
+  {
+    return flags[PROXIABLE];
+  }
+
+  /**
+   * Return true if this ticket is a proxy ticket.
+   */
+  public final boolean isProxy()
+  {
+    return flags[PROXY];
+  }
+
+  /**
+   * Return true if this ticket was post-dated.
+   */
+  public final boolean isPostdated()
+  {
+    return flags[POSTDATED];
+  }
+
+  /**
+   * Return true if this ticket is renewable.
+   */
+  public final boolean isRenewable()
+  {
+    return flags[RENEWABLE];
+  }
+
+  /**
+   * Return true if this ticket was granted by an application
+   * server, and not via a ticket-granting ticket.
+   */
+  public final boolean isInitial()
+  {
+    return flags[INITIAL];
+  }
+
+  /**
+   * Return the flags for this ticket as a boolean array.
+   * See the RFC to understand what the different entries mean.
+   */
+  public final boolean[] getFlags()
+  {
+    return (boolean[]) flags.clone();
+  }
+
+  /**
+   * Return the authentication time for this ticket.
+   */
+  public final Date getAuthTime()
+  {
+    return (Date) authTime.clone();
+  }
+
+  /**
+   * Return the start time for this ticket.
+   */
+  public final Date getStartTime()
+  {
+    return (Date) startTime.clone();
+  }
+
+  /**
+   * Return the end time for this ticket.
+   */
+  public final Date getEndTime()
+  {
+    return (Date) endTime.clone();
+  }
+
+  /**
+   * Return the renewal time for this ticket.  For a non-renewable
+   * ticket, this will return null.
+   */
+  public final Date getRenewTill()
+  {
+    return flags[RENEWABLE] ? ((Date) renewTill.clone()) : null;
+  }
+
+  /**
+   * Return the allowable client addresses for this ticket.  This will
+   * return null if the ticket can be used anywhere.
+   */
+  public final InetAddress[] getClientAddresses()
+  {
+    return (clientAddresses == null
+            ? null
+            : (InetAddress[]) clientAddresses.clone());
+  }
+
+  /**
+   * Return the encoded form of this ticket.
+   */
+  public final byte[] getEncoded()
+  {
+    checkDestroyed();
+    return (byte[]) sessionKey.key.clone();
+  }
+
+  /**
+   * Return the secret key associated with this ticket.
+   */
+  public final SecretKey getSessionKey()
+  {
+    checkDestroyed();
+    return sessionKey;
+  }
+
+  private void checkDestroyed()
+  {
+    if (sessionKey == null)
+      throw new IllegalStateException("key is destroyed");
+  }
+
+  public String toString()
+  {
+    return getClass().getName() +
+      "[client=" + client +
+      ",server=" + server +
+      ",sessionKey=" + sessionKey +
+      ",flags=" + flags +
+      ",authTime=" + authTime +
+      ",startTime= " + startTime +
+      ",endTime=" + endTime +
+      ",renewTill=" + renewTill +
+      ",clientAddresses=" + clientAddresses +
+      "]";
+  }
+
+  /**
+   * <p>
+   * Returns the type of the session key in accordance with
+   * RFC1510.  This usually corresponds to the encryption
+   * algorithm used by the key, though more than one algorithm
+   * may use the same key type (e.g. DES with different checksum
+   * mechanisms and chaining modes). Negative values are reserved
+   * for local use.  Non-negative values are for officially assigned
+   * type fields.  The RFC defines:
+   * </p>
+   * <ul>
+   * <li>0 &mdash; null</li>
+   * <li>1 &mdash; DES (in CBC mode with either MD4 or MD5 checksums)</li>
+   * </ul>
+   *
+   * @return the type of session key used by this ticket.
+   */
+  public final int getSessionKeyType()
+  {
+    return sessionKey.type;
+  }
+
+}
diff --git a/libjava/classpath/javax/security/auth/kerberos/KeyImpl.java b/libjava/classpath/javax/security/auth/kerberos/KeyImpl.java
new file mode 100644
index 000000000..a7cf3d212
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/kerberos/KeyImpl.java
@@ -0,0 +1,102 @@
+/* KeyImpl.java -- kerberos key implementation
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.kerberos;
+
+import java.io.Serializable;
+
+import javax.crypto.SecretKey;
+
+/**
+ * Note that the name of this class is fixed by the serialization
+ * spec, even though the class itself is not public.
+ */
+final class KeyImpl implements Serializable, SecretKey
+{
+  // Enable this when serialization works.
+  // private static final long serialVersionUID = -7889313790214321193L;
+
+  public String algorithm;
+  public int type;
+  public byte[] key;
+
+  public KeyImpl(byte[] key, int type)
+  {
+    // From kerberos spec.
+    if (type == 0)
+      this.algorithm = null;
+    else if (type == 1)
+      this.algorithm = "DES";
+    else
+      this.algorithm = "FIXME";
+    this.type = type;
+    this.key = (byte[]) key.clone();
+  }
+
+  public KeyImpl(char[] passwd, String algo)
+  {
+    this.algorithm = (algo == null) ? "DES" : algo;
+    this.type = 0; // FIXME
+    this.key = null; // double FIXME
+  }
+
+  public String getAlgorithm()
+  {
+    return algorithm;
+  }
+
+  public byte[] getEncoded()
+  {
+    return key;
+  }
+
+  public String getFormat()
+  {
+    // FIXME.
+    return null;
+  }
+
+  public String toString()
+  {
+    return getClass().getName() +
+      "[type=" + type +
+      ",algorithm=" + algorithm +
+      "]";
+  }
+
+}
diff --git a/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java b/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java
new file mode 100644
index 000000000..4412ea459
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java
@@ -0,0 +1,172 @@
+/* ServicePermission.java -- kerberos service permission
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.kerberos;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.Enumeration;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+/**
+ * This represents permission to access to a Kerberos service principal.
+ * See the Kerberos authentication RFC for more information:
+ * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
+ *
+ * @since 1.4
+ */
+public final class ServicePermission
+    extends Permission
+{
+  // FIXME: Enable this when serialization works.
+  // private static final long serialVersionUID = -1227585031618624935L;
+
+  private static final int INITIATE = 1;
+  private static final int ACCEPT = 2;
+
+  private int flags;
+
+  /**
+   * Create a new service permission with the indicated name and actions.
+   *
+   * The name is the name of the kerberos principal for the service.
+   *
+   * The actions are a comma-separated list of strings.  The recognized
+   * actions are "initiate" and "accept".  The "initiate" action means
+   * that the holder of the permission can access the service.  The
+   * "accept" action means that the holder of the permission can operate
+   * as this service.
+   *
+   * @param name the prinicpal's name
+   * @param action the allowed actions
+   */
+  public ServicePermission(String name, String action)
+  {
+    super(name);
+    parseActions(action);
+  }
+
+  public boolean implies(Permission perm)
+  {
+    if (! (perm instanceof ServicePermission))
+      return false;
+    ServicePermission sp = (ServicePermission) perm;
+    if ((flags & sp.flags) != sp.flags)
+      return false;
+    return getName().equals(sp.getName());
+  }
+
+  public boolean equals(Object obj)
+  {
+    if (! (obj instanceof ServicePermission))
+      return false;
+    ServicePermission sp = (ServicePermission) obj;
+    return flags == sp.flags && getName().equals(sp.getName());
+  }
+
+  public int hashCode()
+  {
+    return getName().hashCode() + flags;
+  }
+
+  /**
+   * Return a string representing the actions.
+   */
+  public String getActions()
+  {
+    if (flags == (INITIATE | ACCEPT))
+      return "initiate,accept";
+    if (flags == INITIATE)
+      return "initiate";
+    if (flags == ACCEPT)
+      return "accept";
+    return "";
+  }
+
+  public PermissionCollection newPermissionCollection()
+  {
+    return new PermissionCollection()
+    {
+      private Vector permissions = new Vector();
+
+      public void add(Permission perm)
+      {
+        if (isReadOnly())
+          throw new SecurityException("readonly");
+        if (! (perm instanceof ServicePermission))
+          throw new IllegalArgumentException("can only add DelegationPermissions");
+        permissions.add(perm);
+      }
+
+      public boolean implies(Permission perm)
+      {
+        if (! (perm instanceof ServicePermission))
+          return false;
+        Enumeration e = elements();
+        while (e.hasMoreElements())
+          {
+            ServicePermission sp = (ServicePermission) e.nextElement();
+            if (sp.implies(perm))
+              return true;
+          }
+        return false;
+      }
+
+      public Enumeration elements()
+      {
+        return permissions.elements();
+      }
+    };
+  }
+
+  private void parseActions(String actions)
+  {
+    StringTokenizer tok = new StringTokenizer(actions, ",");
+    while (tok.hasMoreTokens())
+      {
+        String token = tok.nextToken();
+        if ("accept".equals(token))
+          flags |= ACCEPT;
+        else if ("initiate".equals(token))
+          flags |= INITIATE;
+        else
+          throw new IllegalArgumentException("unrecognized token: " + token);
+      }
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/AccountException.java b/libjava/classpath/javax/security/auth/login/AccountException.java
new file mode 100644
index 000000000..32f739a31
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/AccountException.java
@@ -0,0 +1,64 @@
+/* AccountException.java -- generic account exception
+   Copyright (C) 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * This is the base class for various account-related exceptions.
+ * @since 1.5
+ */
+public class AccountException extends LoginException
+{
+  private static final long serialVersionUID = -2112878680072211787L;
+
+  /**
+   * Create a new exception object.
+   */
+  public AccountException()
+  {
+  }
+
+  /**
+   * Create a new exception with the indicated detail message.
+   * @param message the detail message
+   */
+  public AccountException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/AccountExpiredException.java b/libjava/classpath/javax/security/auth/login/AccountExpiredException.java
new file mode 100644
index 000000000..c2b61c6e0
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/AccountExpiredException.java
@@ -0,0 +1,64 @@
+/* AccountExpiredException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt was made to login to an account
+ * that has expired.
+ */
+public class AccountExpiredException extends AccountException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -6064064890162661560L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public AccountExpiredException()
+  {
+  }
+
+  public AccountExpiredException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/AccountLockedException.java b/libjava/classpath/javax/security/auth/login/AccountLockedException.java
new file mode 100644
index 000000000..bcb8b4f8d
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/AccountLockedException.java
@@ -0,0 +1,64 @@
+/* AccountLockedException.java -- exception indicating locked account
+   Copyright (C) 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception indicating that an account is locked.
+ * @since 1.5
+ */
+public class AccountLockedException extends AccountException
+{
+  private static final long serialVersionUID = 8280345554014066334L;
+
+  /**
+   * Create a new exception object.
+   */
+  public AccountLockedException()
+  {
+  }
+
+  /**
+   * Create a new exception with the indicated detail message.
+   * @param message the detail message
+   */
+  public AccountLockedException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/AccountNotFoundException.java b/libjava/classpath/javax/security/auth/login/AccountNotFoundException.java
new file mode 100644
index 000000000..e74ca0163
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/AccountNotFoundException.java
@@ -0,0 +1,64 @@
+/* AccountNotFoundException.java -- exception indicating account not found
+   Copyright (C) 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception indicating that an account was not found.
+ * @since 1.5
+ */
+public class AccountNotFoundException extends AccountException
+{
+  private static final long serialVersionUID = 1498349563916294614L;
+
+  /**
+   * Create a new exception object.
+   */
+  public AccountNotFoundException()
+  {
+  }
+
+  /**
+   * Create a new exception with the given detail message.
+   * @param message the detail message
+   */
+  public AccountNotFoundException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java b/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java
new file mode 100644
index 000000000..044c9105b
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java
@@ -0,0 +1,143 @@
+/* AppConfigurationEntry.java
+   Copyright (C) 2004, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AppConfigurationEntry
+{
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private final String loginModuleName;
+  private final LoginModuleControlFlag controlFlag;
+  private final Map options;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  public AppConfigurationEntry (final String loginModuleName,
+                                final LoginModuleControlFlag controlFlag,
+                                final Map<String, ?> options)
+  {
+    if (loginModuleName == null || loginModuleName.length() == 0)
+      throw new IllegalArgumentException ("module name cannot be null nor empty");
+
+    if (LoginModuleControlFlag.OPTIONAL != controlFlag &&
+        LoginModuleControlFlag.REQUIRED != controlFlag &&
+        LoginModuleControlFlag.REQUISITE != controlFlag &&
+        LoginModuleControlFlag.SUFFICIENT != controlFlag)
+      throw new IllegalArgumentException ("invalid controlFlag");
+
+    if (options == null)
+      throw new IllegalArgumentException ("options cannot be null");
+
+    this.loginModuleName = loginModuleName;
+    this.controlFlag = controlFlag;
+    this.options = Collections.unmodifiableMap (new HashMap (options));
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public LoginModuleControlFlag getControlFlag()
+  {
+    return controlFlag;
+  }
+
+  public String getLoginModuleName()
+  {
+    return loginModuleName;
+  }
+
+  public Map<String, ?> getOptions()
+  {
+    return options;
+  }
+
+  // Object methods ----------------------------------------------------------
+
+  public String toString()
+  {
+
+    return loginModuleName + "\t"
+        + String.valueOf(controlFlag) + "\t"
+        + String.valueOf(options);
+  }
+
+  // Inner class.
+  // -------------------------------------------------------------------------
+
+  public static class LoginModuleControlFlag
+  {
+
+    // Constants.
+    // -----------------------------------------------------------------------
+
+    public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag();
+    public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag();
+    public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag();
+    public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag();
+
+    // Constructor.
+    // -----------------------------------------------------------------------
+
+    private LoginModuleControlFlag()
+    {
+    }
+
+    // Instance methods.
+    // -----------------------------------------------------------------------
+
+    public String toString()
+    {
+      if (this == LoginModuleControlFlag.REQUIRED)
+        return "REQUIRED";
+      if (this == LoginModuleControlFlag.REQUISITE)
+        return "REQUISITE";
+      if (this == LoginModuleControlFlag.SUFFICIENT)
+        return "SUFFICIENT";
+      if (this == LoginModuleControlFlag.OPTIONAL)
+        return "OPTIONAL";
+      return "???";
+    }
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/Configuration.java b/libjava/classpath/javax/security/auth/login/Configuration.java
new file mode 100644
index 000000000..fe56f8a59
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/Configuration.java
@@ -0,0 +1,121 @@
+/* Configuration.java
+   Copyright (C) 2004, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import gnu.javax.security.auth.login.GnuConfiguration;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Security;
+
+import javax.security.auth.AuthPermission;
+
+public abstract class Configuration
+{
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private static Configuration config;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  protected Configuration()
+  {
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------------
+
+  public static synchronized Configuration getConfiguration()
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkPermission (new AuthPermission ("getLoginConfiguration"));
+    return getConfig();
+  }
+
+  public static synchronized void setConfiguration (Configuration config)
+  {
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkPermission (new AuthPermission ("setLoginConfiguration"));
+    Configuration.config = config;
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------------
+
+  public abstract AppConfigurationEntry[] getAppConfigurationEntry (String applicationName);
+
+  public abstract void refresh();
+
+  // Package-private methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the current configuration, bypassing security checks.
+   */
+  static Configuration getConfig()
+  {
+    if (config == null)
+      {
+        String conf = (String) AccessController.doPrivileged
+          (new PrivilegedAction()
+            {
+              public Object run()
+              {
+                return Security.getProperty ("login.configuration.provider");
+              }
+            });
+        try
+          {
+            if (conf != null)
+              config = (Configuration) Class.forName (conf).newInstance();
+            else
+              config = new GnuConfiguration();
+          }
+        catch (Exception x)
+          {
+            config = new GnuConfiguration();
+          }
+      }
+    return config;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/CredentialException.java b/libjava/classpath/javax/security/auth/login/CredentialException.java
new file mode 100644
index 000000000..980adde9e
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/CredentialException.java
@@ -0,0 +1,64 @@
+/* CredentialException.java -- generic credential exception
+   Copyright (C) 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * This is the base class for various credential-related exceptions.
+ * @since 1.5
+ */
+public class CredentialException extends LoginException
+{
+  private static final long serialVersionUID = -4772893876810601859L;
+
+  /**
+   * Create a new exception object.
+   */
+  public CredentialException()
+  {
+  }
+
+  /**
+   * Create a new exception with the given detail message.
+   * @param message the detail message
+   */
+  public CredentialException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java b/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java
new file mode 100644
index 000000000..9827a3d86
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java
@@ -0,0 +1,64 @@
+/* CredentialExpiredException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals an attempt to login with a credential that
+ * has expired.
+ */
+public class CredentialExpiredException extends CredentialException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -5344739593859737937L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public CredentialExpiredException()
+  {
+  }
+
+  public CredentialExpiredException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/CredentialNotFoundException.java b/libjava/classpath/javax/security/auth/login/CredentialNotFoundException.java
new file mode 100644
index 000000000..08ac115e3
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/CredentialNotFoundException.java
@@ -0,0 +1,65 @@
+/* CredentialNotFoundException.java -- exception thrown when credentials
+   expire
+   Copyright (C) 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that indicates that a credential was not found.
+ * @since 1.5
+ */
+public class CredentialNotFoundException extends CredentialException
+{
+  private static final long serialVersionUID = -7779934467214319475L;
+
+  /**
+   * Create a new exception.
+   */
+  public CredentialNotFoundException()
+  {
+  }
+
+  /**
+   * Create a new exception with the given detail message.
+   * @param message the detail message
+   */
+  public CredentialNotFoundException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/FailedLoginException.java b/libjava/classpath/javax/security/auth/login/FailedLoginException.java
new file mode 100644
index 000000000..db975fbdd
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/FailedLoginException.java
@@ -0,0 +1,63 @@
+/* FailedLoginException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt to login was unsuccessful.
+ */
+public class FailedLoginException extends LoginException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = 802556922354616286L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public FailedLoginException()
+  {
+  }
+
+  public FailedLoginException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/LoginContext.java b/libjava/classpath/javax/security/auth/login/LoginContext.java
new file mode 100644
index 000000000..b2e4b97b6
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/LoginContext.java
@@ -0,0 +1,265 @@
+/* LoginContext.java
+   Copyright (C) 2004, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import gnu.java.security.action.GetSecurityPropertyAction;
+
+import java.security.AccessController;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+
+public class LoginContext
+{
+
+  private static final String OTHER = "other";
+
+  private final String name;
+  private final CallbackHandler cbHandler;
+  private final Subject subject;
+  private final AppConfigurationEntry[] entries;
+  private final LoginModule[] modules;
+  private final Map sharedState;
+
+  public LoginContext (final String name) throws LoginException
+  {
+    this (name, new Subject(), defaultHandler());
+  }
+
+  public LoginContext (final String name, final CallbackHandler cbHandler)
+    throws LoginException
+  {
+    this (name, new Subject(), cbHandler);
+  }
+
+  public LoginContext (final String name, final Subject subject)
+    throws LoginException
+  {
+    this (name, subject, defaultHandler());
+  }
+
+  public LoginContext (final String name, final Subject subject,
+                       final CallbackHandler cbHandler)
+    throws LoginException
+  {
+    this (name, subject, cbHandler, null);
+  }
+
+  /** @since 1.5 */
+  public LoginContext (final String name, final Subject subject,
+                       final CallbackHandler cbHandler,
+                       Configuration config)
+    throws LoginException
+  {
+    this.name = name;
+    this.subject = subject;
+    this.cbHandler = cbHandler;
+    if (config == null)
+      config = Configuration.getConfig();
+    AppConfigurationEntry[] entries = config.getAppConfigurationEntry (name);
+    if (entries == null)
+      entries = config.getAppConfigurationEntry (OTHER);
+    if (entries == null)
+      throw new LoginException ("no configured modules for application "
+                                + name);
+    this.entries = entries;
+    modules = new LoginModule[entries.length];
+    sharedState = new HashMap();
+    for (int i = 0; i < entries.length; i++)
+      modules[i] = lookupModule (entries[i], subject, sharedState);
+  }
+
+  /**
+   * Returns the authenticated subject, or the parameter passed to one
+   * of the constructors. <code>null</code> is returned if the previous
+   * login attempt failed and there was no subject provided.
+   *
+   * @return The subject, or null.
+   */
+  public Subject getSubject()
+  {
+    return subject;
+  }
+
+  /**
+   * Logs a subject in, using all login modules configured for this
+   * application. This method will call the {@link LoginModule#login()}
+   * method of each module configured for this application, stopping
+   * if a REQUISITE module fails or if a SUFFICIENT module succeeds. If
+   * the overall login attempt fails, a {@link LoginException} will be
+   * thrown.
+   *
+   * @throws LoginException If logging in fails.
+   */
+  public void login() throws LoginException
+  {
+    boolean failure = false;
+    for (int i = 0; i < modules.length; i++)
+      {
+        try
+          {
+            boolean result = modules[i].login();
+            if (!result)
+              {
+                if (entries[i].getControlFlag() ==
+                    AppConfigurationEntry.LoginModuleControlFlag.REQUISITE)
+                  throw new LoginException ("REQUISITE module " + entries[i].getLoginModuleName()
+                                            + " failed");
+                else if (entries[i].getControlFlag() ==
+                         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED)
+                  failure = true;
+              }
+            else
+              {
+                if (entries[i].getControlFlag() ==
+                    AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT)
+                  break;
+              }
+          }
+        catch (LoginException le)
+          {
+            if (entries[i].getControlFlag() !=
+                AppConfigurationEntry.LoginModuleControlFlag.REQUISITE)
+              continue;
+            for (int j = 0; j < modules.length; j++)
+              modules[i].abort();
+            throw le;
+          }
+      }
+    if (failure)
+      throw new LoginException ("not all REQUIRED modules succeeded");
+
+    for (int i = 0; i < modules.length; i++)
+      modules[i].commit();
+  }
+
+  /**
+   * Logs a subject out, cleaning up any state that may be in memory.
+   *
+   * @throws LoginException If logging out fails.
+   */
+  public void logout() throws LoginException
+  {
+    for (int i = 0; i < modules.length; i++)
+      modules[i].logout();
+  }
+
+  // Own methods.
+
+  /**
+   * Fetch the default callback handler, based on the
+   * auth.login.defaultCallbackHandler property, or null if it is not
+   * set.
+   */
+  private static CallbackHandler defaultHandler()
+  {
+    GetSecurityPropertyAction act =
+      new GetSecurityPropertyAction ("auth.login.defaultCallbackHandler");
+    String classname = (String) AccessController.doPrivileged (act);
+    if (classname != null)
+      {
+        try
+          {
+            return (CallbackHandler) Class.forName (classname).newInstance();
+          }
+        catch (ClassNotFoundException cnfe)
+          {
+            return null;
+          }
+        catch (ClassCastException cce)
+          {
+            return null;
+          }
+        catch (IllegalAccessException iae)
+          {
+            return null;
+          }
+        catch (InstantiationException ie)
+          {
+            return null;
+          }
+      }
+    return null;
+  }
+
+  private LoginModule lookupModule (AppConfigurationEntry entry,
+                                    Subject subject, Map sharedState)
+    throws LoginException
+  {
+    LoginModule module = null;
+    Exception cause = null;
+    try
+      {
+        ClassLoader cl = Thread.currentThread().getContextClassLoader();
+        Class c = Class.forName(entry.getLoginModuleName(), true, cl);
+        module = (LoginModule) c.newInstance();
+      }
+    catch (ClassNotFoundException cnfe)
+      {
+        cause = cnfe;
+      }
+    catch (ClassCastException cce)
+      {
+        cause = cce;
+      }
+    catch (IllegalAccessException iae)
+      {
+        cause = iae;
+      }
+    catch (InstantiationException ie)
+      {
+        cause = ie;
+      }
+
+    if (cause != null)
+      {
+        LoginException le = new LoginException ("could not load module "
+                                                + entry.getLoginModuleName());
+        le.initCause (cause);
+        throw le;
+      }
+
+    module.initialize (subject, cbHandler, sharedState, entry.getOptions());
+    return module;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/LoginException.java b/libjava/classpath/javax/security/auth/login/LoginException.java
new file mode 100644
index 000000000..46ec33aed
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/LoginException.java
@@ -0,0 +1,65 @@
+/* LoginException.java
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * A general exception during authentication and authorization.
+ */
+public class LoginException extends GeneralSecurityException
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -4679091624035232488L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public LoginException()
+  {
+  }
+
+  public LoginException (String message)
+  {
+    super (message);
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/NullConfiguration.java b/libjava/classpath/javax/security/auth/login/NullConfiguration.java
new file mode 100644
index 000000000..a3f0c9943
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/NullConfiguration.java
@@ -0,0 +1,62 @@
+/* NullConfiguration.java -- no-op default login configuration.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+final class NullConfiguration extends Configuration
+{
+
+  // Contructor.
+  // -------------------------------------------------------------------------
+
+  NullConfiguration()
+  {
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  public AppConfigurationEntry[] getAppConfigurationEntry (String applicationName)
+  {
+    return null;
+  }
+
+  public void refresh()
+  {
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/login/package.html b/libjava/classpath/javax/security/auth/login/package.html
new file mode 100644
index 000000000..dcb7710cc
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/login/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.login package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.login</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/package.html b/libjava/classpath/javax/security/auth/package.html
new file mode 100644
index 000000000..9888552c9
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/spi/LoginModule.java b/libjava/classpath/javax/security/auth/spi/LoginModule.java
new file mode 100644
index 000000000..197cd692e
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/spi/LoginModule.java
@@ -0,0 +1,122 @@
+/* LoginModule.java -- interface for login implementations.
+   Copyright (C) 2004  Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.spi;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+/**
+ * The base interface for login methods in the Java Authentication and
+ * Authorization Service (JAAS).
+ *
+ * <p>This interface is used by service providers that implement login
+ * services, and is used internally by the JAAS system. It is not useful
+ * to application programmers, who should use the {@link
+ * javax.security.auth.login.LoginContext} instead.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public interface LoginModule
+{
+  /**
+   * Abort the current login attempt. This is called after {@link #login()}
+   * if the overall login attempt fails (that is, if one of the other login
+   * modules that is REQUIRED or REQUISITE fails). This method should clean
+   * up this module's saved state, if any.
+   *
+   * @return True if the abort succeeded, or false if this module should
+   * be ignored.
+   * @throws LoginException If the abort fails.
+   */
+  boolean abort() throws LoginException;
+
+  /**
+   * Commit the current login attempt. This is called after {@link
+   * #login()} if the overall login attempt succeeds (that is, all
+   * methods have satisfied all REQUIRED, REQUISITE, SUFFICIENT and
+   * OPTIONAL module requirements).
+   *
+   * @return True if the commit succeeded, or false if this module
+   * should be ignored.
+   * @throws LoginException If the commit fails.
+   */
+  boolean commit() throws LoginException;
+
+  /**
+   * Initializes this login module. This method is called when the
+   * instance implementing this interface is instantiated, and should
+   * perform any initialization based on the given parameters.
+   * Implementations should ignore state variables and options they do
+   * not recognize.
+   *
+   * @param subject The subject being authenticated.
+   * @param handler The callback handler for user input.
+   * @param sharedState A mapping that is shared between all login
+   * modules.
+   * @param options A mapping of options given to this module.
+   */
+  void initialize(Subject subject, CallbackHandler handler,
+                  Map<String, ?> sharedState, Map<String, ?> options);
+
+  /**
+   * Authenticates a subject to the system. This is the primary
+   * mechanism by which subjects are authenticated, and typically
+   * implementations will ask for credentials (for example, a user
+   * name and password) which will then be verified.
+   *
+   * @return True if the subject was authenticated, or false if this
+   * module should be ignored.
+   * @throws LoginException If this method fails.
+   */
+  boolean login() throws LoginException;
+
+  /**
+   * Logs a subject out. This is primarily used for modules that must
+   * destroy or remove the authentication state associated with a
+   * logged-in subject.
+   *
+   * @return True if the logout succeeds, or false if this module
+   * should be ignored.
+   * @throws LoginException If this method fails.
+   */
+  boolean logout() throws LoginException;
+}
diff --git a/libjava/classpath/javax/security/auth/spi/package.html b/libjava/classpath/javax/security/auth/spi/package.html
new file mode 100644
index 000000000..9f3de395e
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/spi/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.spi package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.spi</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/security/auth/x500/X500Principal.java b/libjava/classpath/javax/security/auth/x500/X500Principal.java
new file mode 100644
index 000000000..0a1e8c665
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/x500/X500Principal.java
@@ -0,0 +1,556 @@
+/* X500Principal.java -- X.500 principal.
+   Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.x500;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.ByteArrayInputStream;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.NotActiveException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Reader;
+import java.io.Serializable;
+import java.io.StringReader;
+
+import java.security.Principal;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
+
+public final class X500Principal implements Principal, Serializable
+{
+  private static final long serialVersionUID = -500463348111345721L;
+
+  // Constants and fields.
+  // ------------------------------------------------------------------------
+
+  public static final String CANONICAL = "CANONICAL";
+  public static final String RFC1779 = "RFC1779";
+  public static final String RFC2253 = "RFC2253";
+
+  private static final OID CN         = new OID("2.5.4.3");
+  private static final OID C          = new OID("2.5.4.6");
+  private static final OID L          = new OID("2.5.4.7");
+  private static final OID ST         = new OID("2.5.4.8");
+  private static final OID STREET     = new OID("2.5.4.9");
+  private static final OID O          = new OID("2.5.4.10");
+  private static final OID OU         = new OID("2.5.4.11");
+  private static final OID DC         = new OID("0.9.2342.19200300.100.1.25");
+  private static final OID UID        = new OID("0.9.2342.19200300.100.1.1");
+
+  private transient List components;
+  private transient Map currentRdn;
+  private transient boolean fixed;
+  private transient byte[] encoded;
+
+  // Constructors.
+  // ------------------------------------------------------------------------
+
+  private X500Principal()
+  {
+    components = new LinkedList();
+    currentRdn = new LinkedHashMap();
+    components.add (currentRdn);
+  }
+
+  public X500Principal (String name)
+  {
+    this();
+    if (name == null)
+      throw new NullPointerException();
+    try
+      {
+        parseString (name);
+      }
+    catch (IOException ioe)
+      {
+        IllegalArgumentException iae = new IllegalArgumentException("malformed name");
+        iae.initCause (ioe);
+        throw iae;
+      }
+  }
+
+  public X500Principal (byte[] encoded)
+  {
+    this(new ByteArrayInputStream (encoded));
+  }
+
+  public X500Principal (InputStream encoded)
+  {
+    this();
+    try
+      {
+        parseDer (encoded);
+      }
+    catch (IOException ioe)
+      {
+        throw new IllegalArgumentException (ioe.toString());
+      }
+  }
+
+  // Instance methods.
+  // ------------------------------------------------------------------------
+
+  public int hashCode()
+  {
+    int result = size();
+    for (int i = 0; i < size(); ++i)
+      {
+        Map m = (Map) components.get(i);
+        for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+          {
+            Map.Entry e = (Map.Entry) it2.next();
+            // We don't bother looking at the value of the entry.
+            result = result * 31 + ((OID) e.getKey()).hashCode();
+          }
+      }
+    return result;
+  }
+
+  public boolean equals(Object o)
+  {
+    if (!(o instanceof X500Principal))
+      return false;
+    if (size() != ((X500Principal) o).size())
+      return false;
+    for (int i = 0; i < size(); i++)
+      {
+        Map m = (Map) components.get (i);
+        for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+          {
+            Map.Entry e = (Map.Entry) it2.next();
+            OID oid = (OID) e.getKey();
+            String v1 = (String) e.getValue();
+            String v2 = ((X500Principal) o).getComponent (oid, i);
+            if (v2 == null)
+              return false;
+            if (!compressWS (v1).equalsIgnoreCase (compressWS (v2)))
+              return false;
+          }
+      }
+    return true;
+  }
+
+  public byte[] getEncoded()
+  {
+    if (encoded == null)
+      encodeDer();
+    return (byte[]) encoded.clone();
+  }
+
+  public String getName()
+  {
+    return getName (RFC2253);
+  }
+
+  public String getName (final String format)
+  {
+    boolean rfc2253 = RFC2253.equalsIgnoreCase (format) ||
+      CANONICAL.equalsIgnoreCase (format);
+    boolean rfc1779 = RFC1779.equalsIgnoreCase (format);
+    boolean canon   = CANONICAL.equalsIgnoreCase (format);
+    if (! (rfc2253 || rfc1779 || canon))
+      throw new IllegalArgumentException ("unsupported format " + format);
+    CPStringBuilder str = new CPStringBuilder();
+    for (Iterator it = components.iterator(); it.hasNext(); )
+      {
+        Map m = (Map) it.next();
+        for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+          {
+            Map.Entry entry = (Map.Entry) it2.next();
+            OID oid = (OID) entry.getKey();
+            String value = (String) entry.getValue();
+            if (oid.equals (CN))
+              str.append ("CN");
+            else if (oid.equals (C))
+              str.append ("C");
+            else if (oid.equals (L))
+              str.append ("L");
+            else if (oid.equals (ST))
+              str.append ("ST");
+            else if (oid.equals (STREET))
+              str.append ("STREET");
+            else if (oid.equals (O))
+              str.append ("O");
+            else if (oid.equals (OU))
+              str.append ("OU");
+            else if (oid.equals (DC) && rfc2253)
+              str.append ("DC");
+            else if (oid.equals (UID) && rfc2253)
+              str.append ("UID");
+            else
+              str.append (oid.toString());
+            str.append('=');
+            str.append(value);
+            if (it2.hasNext())
+              str.append('+');
+          }
+        if (it.hasNext())
+          str.append(',');
+      }
+    if (canon)
+      return str.toString().toUpperCase (Locale.US).toLowerCase (Locale.US);
+    return str.toString();
+  }
+
+  public String toString()
+  {
+    return getName (RFC2253);
+  }
+
+  // Serialization methods.
+  // ------------------------------------------------------------------------
+
+  private void writeObject (ObjectOutputStream out) throws IOException
+  {
+    if (encoded != null)
+      encodeDer();
+    out.writeObject (encoded);
+  }
+
+  private void readObject (ObjectInputStream in)
+    throws IOException, NotActiveException, ClassNotFoundException
+  {
+    byte[] buf = (byte[]) in.readObject();
+    parseDer (new ByteArrayInputStream (buf));
+  }
+
+  // Own methods.
+  // -------------------------------------------------------------------------
+
+  private int size()
+  {
+    return components.size();
+  }
+
+  private String getComponent(OID oid, int rdn)
+  {
+    if (rdn >= size())
+      return null;
+    return (String) ((Map) components.get (rdn)).get (oid);
+  }
+
+  private void encodeDer()
+  {
+    ArrayList name = new ArrayList(components.size());
+    for (Iterator it = components.iterator(); it.hasNext(); )
+      {
+        Map m = (Map) it.next();
+        if (m.isEmpty())
+          continue;
+        Set rdn = new HashSet();
+        for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); )
+          {
+            Map.Entry e = (Map.Entry) it2.next();
+            ArrayList atav = new ArrayList(2);
+            atav.add(new DERValue(DER.OBJECT_IDENTIFIER, e.getKey()));
+            atav.add(new DERValue(DER.UTF8_STRING, e.getValue()));
+            rdn.add(new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, atav));
+          }
+        name.add(new DERValue(DER.SET|DER.CONSTRUCTED, rdn));
+      }
+    DERValue val = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, name);
+    encoded = val.getEncoded();
+  }
+
+  private int sep;
+
+  private void parseString(String str) throws IOException
+  {
+    Reader in = new StringReader(str);
+    while (true)
+      {
+        String key = readAttributeType(in);
+        if (key == null)
+          break;
+        String value = readAttributeValue(in);
+        putComponent(key, value);
+        if (sep == ',')
+          newRelativeDistinguishedName();
+        if (sep == -1)
+          break;
+      }
+  }
+
+  private String readAttributeType(Reader in) throws IOException
+  {
+    CPStringBuilder buf = new CPStringBuilder();
+    int ch;
+    while ((ch = in.read()) != '=')
+      {
+        if (ch == -1)
+          {
+            if (buf.length() > 0)
+              throw new EOFException("partial name read: " + buf);
+            return null;
+          }
+        if (ch > 127)
+          throw new IOException("Invalid char: " + (char) ch);
+        if (Character.isLetterOrDigit((char) ch) || ch == '-' || ch == '.')
+          buf.append((char) ch);
+        else
+          throw new IOException("Invalid char: " + (char) ch);
+      }
+    return buf.toString();
+  }
+
+  private String readAttributeValue(Reader in) throws IOException
+  {
+    CPStringBuilder buf = new CPStringBuilder();
+    int ch = in.read();
+    if (ch == '#')
+      {
+        while (true)
+          {
+            ch = in.read();
+            if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                || Character.isDigit((char) ch))
+              buf.append((char) ch);
+            else if (ch == '+' || ch == ',')
+              {
+                sep = ch;
+                String hex = buf.toString();
+                return new String(toByteArray(hex));
+              }
+            else
+              throw new IOException("illegal character: " + (char) ch);
+          }
+      }
+    else if (ch == '"')
+      {
+        while (true)
+          {
+            ch = in.read();
+            if (ch == '"')
+              break;
+            else if (ch == '\\')
+              {
+                ch = in.read();
+                if (ch == -1)
+                  throw new EOFException();
+                if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                    || Character.isDigit((char) ch))
+                  {
+                    int i = Character.digit((char) ch, 16) << 4;
+                    ch = in.read();
+                    if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                          || Character.isDigit((char) ch)))
+                      throw new IOException("illegal hex char");
+                    i |= Character.digit((char) ch, 16);
+                    buf.append((char) i);
+                  }
+                else
+                  buf.append((char) ch);
+              }
+            else
+              buf.append((char) ch);
+          }
+        sep = in.read();
+        if (sep != '+' && sep != ',')
+          throw new IOException("illegal character: " + (char) ch);
+        return buf.toString();
+      }
+    else
+      {
+        while (true)
+          {
+            switch (ch)
+              {
+              case '+':
+              case ',':
+                sep = ch;
+                return buf.toString();
+              case '\\':
+                ch = in.read();
+                if (ch == -1)
+                  throw new EOFException();
+                if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                    || Character.isDigit((char) ch))
+                  {
+                    int i = Character.digit((char) ch, 16) << 4;
+                    ch = in.read();
+                    if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F')
+                          || Character.isDigit((char) ch)))
+                      throw new IOException("illegal hex char");
+                    i |= Character.digit((char) ch, 16);
+                    buf.append((char) i);
+                  }
+                else
+                  buf.append((char) ch);
+                break;
+              case '=':
+              case '<':
+              case '>':
+              case '#':
+              case ';':
+                throw new IOException("illegal character: " + (char) ch);
+              case -1:
+                sep = -1;
+                return buf.toString ();
+              default:
+                buf.append((char) ch);
+              }
+            ch = in.read ();
+          }
+      }
+  }
+
+  private void parseDer (InputStream encoded) throws IOException
+  {
+    DERReader der = new DERReader (encoded);
+    DERValue name = der.read();
+    if (!name.isConstructed())
+      throw new IOException ("malformed Name");
+    this.encoded = name.getEncoded();
+    int len = 0;
+    while (len < name.getLength())
+      {
+        DERValue rdn = der.read();
+        if (!rdn.isConstructed())
+          throw new IOException ("badly formed RDNSequence");
+        int len2 = 0;
+        while (len2 < rdn.getLength())
+          {
+            DERValue atav = der.read();
+            if (!atav.isConstructed())
+              throw new IOException ("badly formed AttributeTypeAndValue");
+            DERValue val = der.read();
+            if (val.getTag() != DER.OBJECT_IDENTIFIER)
+              throw new IOException ("badly formed AttributeTypeAndValue");
+            OID oid = (OID) val.getValue();
+            val = der.read();
+            if (!(val.getValue() instanceof String))
+              throw new IOException ("badly formed AttributeTypeAndValue");
+            String value = (String) val.getValue();
+            putComponent(oid, value);
+            len2 += atav.getEncodedLength();
+          }
+        len += rdn.getEncodedLength();
+        if (len < name.getLength())
+          newRelativeDistinguishedName();
+      }
+  }
+
+  private void newRelativeDistinguishedName()
+  {
+    currentRdn = new LinkedHashMap();
+    components.add(currentRdn);
+  }
+
+  private void putComponent(OID oid, String value)
+  {
+    currentRdn.put(oid, value);
+  }
+
+  private void putComponent(String name, String value)
+  {
+    name = name.trim().toLowerCase();
+    if (name.equals("cn"))
+      putComponent(CN, value);
+    else if (name.equals("c"))
+      putComponent(C, value);
+    else if (name.equals("l"))
+      putComponent(L, value);
+    else if (name.equals("street"))
+      putComponent(STREET, value);
+    else if (name.equals("st"))
+      putComponent(ST, value);
+    else if (name.equals ("o"))
+      putComponent (O, value);
+    else if (name.equals ("ou"))
+      putComponent (OU, value);
+    else if (name.equals("dc"))
+      putComponent(DC, value);
+    else if (name.equals("uid"))
+      putComponent(UID, value);
+    else
+      putComponent(new OID(name), value);
+  }
+
+  private static String compressWS(String str)
+  {
+    CPStringBuilder buf = new CPStringBuilder();
+    char lastChar = 0;
+    for (int i = 0; i < str.length(); i++)
+      {
+        char c = str.charAt(i);
+        if (Character.isWhitespace(c))
+          {
+            if (!Character.isWhitespace(lastChar))
+              buf.append(' ');
+          }
+        else
+          buf.append(c);
+        lastChar = c;
+      }
+    return buf.toString().trim();
+  }
+
+  private static byte[] toByteArray (String str)
+  {
+    int limit = str.length();
+    byte[] result = new byte[((limit + 1) / 2)];
+    int i = 0, j = 0;
+    if ((limit % 2) == 1)
+      {
+        result[j++] = (byte) Character.digit (str.charAt(i++), 16);
+      }
+    while (i < limit)
+      {
+        result[j  ]  = (byte) (Character.digit (str.charAt(i++), 16) << 4);
+        result[j++] |= (byte)  Character.digit (str.charAt(i++), 16);
+      }
+    return result;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java b/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java
new file mode 100644
index 000000000..8cba93c6f
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java
@@ -0,0 +1,149 @@
+/* X500PrivateCredential.java -- certificate and private key pair.
+   Copyright (C) 2003, 2004  Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.x500;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.Destroyable;
+
+/**
+ * A pairing of a {@link X509Certificate} and its corresponding {@link
+ * PrivateKey}, with an optional keystore alias.
+ */
+public final class X500PrivateCredential implements Destroyable
+{
+
+  // Fields.
+  // -------------------------------------------------------------------------
+
+  private PrivateKey key;
+  private X509Certificate certificate;
+  private String alias;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Creates a new private credential with no associated keystore alias.
+   *
+   * @param certificate The X.509 certificate.
+   * @param key The private key.
+   * @throws IllegalArgumentException If either parameter is null.
+   */
+  public X500PrivateCredential (X509Certificate certificate, PrivateKey key)
+  {
+    if (certificate == null || key == null)
+      throw new IllegalArgumentException();
+    this.certificate = certificate;
+    this.key = key;
+  }
+
+  /**
+   * Creates a new private credential with a keystore alias.
+   *
+   * @param certificate The X.509 certificate.
+   * @param key The private key.
+   * @param alias The keystore alias for this credential.
+   * @throws IllegalArgumentException If any parameter is null.
+   */
+  public X500PrivateCredential (X509Certificate certificate, PrivateKey key,
+                                String alias)
+  {
+    this (certificate, key);
+    if (alias == null)
+      throw new IllegalArgumentException();
+    this.alias = alias;
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns the certificate of this credential.
+   *
+   * @return The certificate of this credential.
+   */
+  public X509Certificate getCertificate()
+  {
+    return certificate;
+  }
+
+  /**
+   * Returns the private key of this credential.
+   *
+   * @return The private key of this credential.
+   */
+  public PrivateKey getPrivateKey()
+  {
+    return key;
+  }
+
+  /**
+   * Returns the keystore alias of this credential, or null if not present.
+   *
+   * @return The keystore alias, or null.
+   */
+  public String getAlias()
+  {
+    return alias;
+  }
+
+  /**
+   * Destroy the sensitive data of this credential, setting the certificate,
+   * private key, and keystore alias to null.
+   */
+  public void destroy()
+  {
+    certificate = null;
+    key = null;
+    alias = null;
+  }
+
+  /**
+   * Tells whether or not this credential has been destroyed, and that
+   * the certificate and private key fields are null.
+   *
+   * @return True if this object has been destroyed.
+   */
+  public boolean isDestroyed()
+  {
+    return certificate == null && key == null;
+  }
+}
diff --git a/libjava/classpath/javax/security/auth/x500/package.html b/libjava/classpath/javax/security/auth/x500/package.html
new file mode 100644
index 000000000..449be814f
--- /dev/null
+++ b/libjava/classpath/javax/security/auth/x500/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.security.auth.x500 package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.security.auth.x500</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>