The sources are available over Mercurial. For example, the sources for jdk8-b132's javax.crypto
are here.
Notice that if you are suspecting a backdoor, you have no (easy) way to verify that those sources are actually the sources of the binaries you are using. You should build the JDK yourself to be sure…