changeset 35379:1e8e336ef66b

8144539: Update PKCS11 tests to run with security manager Reviewed-by: valeriep, ascarpino
author asmotrak
date Tue, 26 Jan 2016 13:32:07 -0800
parents 7e19fa0e4e5b
children 0a1bb3578de4
files jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java jdk/test/sun/security/pkcs11/Mac/MacKAT.java jdk/test/sun/security/pkcs11/Mac/MacSameTest.java jdk/test/sun/security/pkcs11/Mac/ReinitMac.java jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java jdk/test/sun/security/pkcs11/PKCS11Test.java jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java jdk/test/sun/security/pkcs11/Secmod/Crypto.java jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java jdk/test/sun/security/pkcs11/Secmod/policy jdk/test/sun/security/pkcs11/SecureRandom/Basic.java jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java jdk/test/sun/security/pkcs11/Signature/TestDSA.java jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java jdk/test/sun/security/pkcs11/ec/ReadCertificates.java jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java jdk/test/sun/security/pkcs11/ec/TestCurves.java jdk/test/sun/security/pkcs11/ec/TestECDH.java jdk/test/sun/security/pkcs11/ec/TestECDH2.java jdk/test/sun/security/pkcs11/ec/TestECDSA.java jdk/test/sun/security/pkcs11/ec/TestECDSA2.java jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java jdk/test/sun/security/pkcs11/ec/policy jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy jdk/test/sun/security/pkcs11/policy jdk/test/sun/security/pkcs11/rsa/KeyWrap.java jdk/test/sun/security/pkcs11/rsa/TestCACerts.java jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy jdk/test/sun/security/pkcs11/rsa/TestSignatures.java jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy jdk/test/sun/security/pkcs11/sslecc/CipherTest.java jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java jdk/test/sun/security/pkcs11/sslecc/policy jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy jdk/test/sun/security/pkcs11/tls/TestPRF.java jdk/test/sun/security/pkcs11/tls/TestPremaster.java jdk/test/sun/security/pkcs11/tls/policy
diffstat 66 files changed, 1306 insertions(+), 839 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,22 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm ReinitCipher
+ * @run main/othervm ReinitCipher sm
  */
 
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
 
 public class ReinitCipher extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new ReinitCipher());
+        main(new ReinitCipher(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("Cipher", "ARCFOUR") == null) {
             System.out.println("Not supported by provider, skipping");
--- a/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,16 +27,18 @@
  * @summary Test internal PKCS5Padding impl with various error conditions.
  * @author Valerie Peng
  * @library ..
+ * @run main/othervm TestPKCS5PaddingError
+ * @run main/othervm TestPKCS5PaddingError sm
  */
-import java.io.*;
-import java.nio.*;
-import java.util.*;
 
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.*;
-import javax.crypto.spec.IvParameterSpec;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 
 public class TestPKCS5PaddingError extends PKCS11Test {
     private static class CI { // class for holding Cipher Information
@@ -62,10 +64,8 @@
 
     private static StringBuffer debugBuf = new StringBuffer();
 
+    @Override
     public void main(Provider p) throws Exception {
-        boolean status = true;
-        Random random = new Random();
-
         try {
             byte[] plainText = new byte[200];
 
@@ -127,6 +127,6 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestPKCS5PaddingError());
+        main(new TestPKCS5PaddingError(), args);
     }
 }
--- a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,20 +28,28 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm TestRSACipher
+ * @run main/othervm TestRSACipher sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
 
 public class TestRSACipher extends PKCS11Test {
 
     private static final String[] RSA_ALGOS =
         { "RSA/ECB/PKCS1Padding", "RSA" };
 
+    @Override
     public void main(Provider p) throws Exception {
         try {
             Cipher.getInstance(RSA_ALGOS[0], p);
@@ -122,7 +130,7 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestRSACipher());
+        main(new TestRSACipher(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,13 +27,20 @@
  * @summary basic test for RSA cipher key wrapping functionality
  * @author Valerie Peng
  * @library ..
+ * @run main/othervm TestRSACipherWrap
+ * @run main/othervm TestRSACipherWrap sm
  */
-import java.io.*;
-import java.util.*;
 
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.GeneralSecurityException;
+import java.security.InvalidParameterException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.util.Arrays;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
 public class TestRSACipherWrap extends PKCS11Test {
@@ -41,6 +48,7 @@
     private static final String[] RSA_ALGOS =
         { "RSA/ECB/PKCS1Padding", "RSA" };
 
+    @Override
     public void main(Provider p) throws Exception {
         try {
             Cipher.getInstance(RSA_ALGOS[0], p);
@@ -104,6 +112,6 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestRSACipherWrap());
+        main(new TestRSACipherWrap(), args);
     }
 }
--- a/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,16 +28,21 @@
  * @author Valerie Peng
  * @library ..
  * @key randomness
+ * @run main/othervm TestRawRSACipher
+ * @run main/othervm TestRawRSACipher sm
  */
 
-import javax.crypto.*;
-import java.io.*;
-import javax.crypto.spec.SecretKeySpec;
-import java.security.*;
-import java.util.*;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
+import javax.crypto.Cipher;
 
 public class TestRawRSACipher extends PKCS11Test {
 
+    @Override
     public void main(Provider p) throws Exception {
         try {
             Cipher.getInstance("RSA/ECB/NoPadding", p);
@@ -80,6 +85,6 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestRawRSACipher());
+        main(new TestRawRSACipher(), args);
     }
 }
--- a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,16 +28,19 @@
  * @author Valerie Peng
  * @library ..
  * @key randomness
+ * @run main/othervm TestSymmCiphers
+ * @run main/othervm TestSymmCiphers sm
  */
-import java.io.*;
-import java.nio.*;
-import java.util.*;
 
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.*;
-import javax.crypto.spec.IvParameterSpec;
+import java.io.ByteArrayOutputStream;
+import java.nio.ByteBuffer;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 
 public class TestSymmCiphers extends PKCS11Test {
 
@@ -81,6 +84,7 @@
     };
     private static StringBuffer debugBuf = new StringBuffer();
 
+    @Override
     public void main(Provider p) throws Exception {
         // NSS reports CKR_DEVICE_ERROR when the data passed to
         // its EncryptUpdate/DecryptUpdate is not multiple of blocks
@@ -272,6 +276,6 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestSymmCiphers());
+        main(new TestSymmCiphers(), args);
     }
 }
--- a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,17 +28,22 @@
  * @author Valerie Peng
  * @library ..
  * @key randomness
+ * @run main/othervm TestSymmCiphersNoPad
+ * @run main/othervm TestSymmCiphersNoPad sm
  */
 
-import java.io.*;
-import java.nio.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.*;
-import javax.crypto.spec.IvParameterSpec;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 
 public class TestSymmCiphersNoPad extends PKCS11Test {
 
@@ -67,6 +72,7 @@
 
     private static StringBuffer debugBuf;
 
+    @Override
     public void main(Provider p) throws Exception {
         boolean status = true;
         Random random = new Random();
@@ -234,6 +240,6 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestSymmCiphersNoPad());
+        main(new TestSymmCiphersNoPad(), args);
     }
 }
--- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,17 +27,20 @@
  * @summary Verify that DH works properly
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TestDH
+ * @run main/othervm TestDH sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
+import javax.crypto.SecretKey;
 
 public class TestDH extends PKCS11Test {
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("KeyAgreement", "DH") == null) {
             System.out.println("DH not supported, skipping");
@@ -91,8 +94,9 @@
         testAlgorithm(ka2, kp2, ka1, kp1, "TlsPremasterSecret");
     }
 
-    private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
-        SecretKey key1 = null;
+    private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1,
+            KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
+        SecretKey key1;
 
         ka1.init(kp1.getPrivate());
         ka1.doPhase(kp2.getPublic(), true);
@@ -115,7 +119,7 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestDH());
+        main(new TestDH(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,14 +26,18 @@
  * @bug 7146728
  * @summary Interop test for DH with secret that has a leading 0x00 byte
  * @library ..
+ * @run main/othervm TestInterop
+ * @run main/othervm TestInterop sm
  */
 import java.math.BigInteger;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
+import javax.crypto.spec.DHPrivateKeySpec;
+import javax.crypto.spec.DHPublicKeySpec;
 
 public class TestInterop extends PKCS11Test {
 
@@ -72,6 +76,7 @@
     + "30313414180008978013330410484011186019824874948204261839391153650949864"
     + "429505597086564709");
 
+    @Override
     public void main(Provider prov) throws Exception {
         if (prov.getService("KeyAgreement", "DH") == null) {
             System.out.println("DH not supported, skipping");
@@ -138,6 +143,6 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestInterop());
+        main(new TestInterop(), args);
     }
 }
--- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,15 +27,19 @@
  * @summary KAT test for DH (normal and with secret that has leading a 0x00 byte)
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TestShort
+ * @run main/othervm TestShort sm
  */
 
 import java.math.BigInteger;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
+import javax.crypto.spec.DHPrivateKeySpec;
+import javax.crypto.spec.DHPublicKeySpec;
 
 public class TestShort extends PKCS11Test {
 
@@ -83,6 +87,7 @@
     + "1a:6a:15:d8:a4:8c:0a:ce:f0:15:03:0c:c2:56:82:a2:75:9b:49:fe:ed:60:c5:6e"
     + ":de:47:55:62:4f:16:20:6d:74:cc:7b:95:93:25:2c:ea");
 
+    @Override
     public void main(Provider provider) throws Exception {
         if (provider.getService("KeyAgreement", "DH") == null) {
             System.out.println("DH not supported, skipping");
@@ -142,7 +147,7 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestShort());
+        main(new TestShort(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,19 +28,21 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm DESParity
+ * @run main/othervm DESParity sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESKeySpec;
+import javax.crypto.spec.DESedeKeySpec;
+import javax.crypto.spec.SecretKeySpec;
 
 public class DESParity extends PKCS11Test {
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("SecretKeyFactory", "DES") == null) {
             System.out.println("Not supported by provider, skipping");
@@ -73,7 +75,7 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new DESParity());
+        main(new DESParity(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,13 +27,16 @@
  * @summary test the KeyGenerator
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TestKeyGenerator
+ * @run main/othervm TestKeyGenerator sm
  */
 
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.InvalidParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.ProviderException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 
 enum TestResult {
     PASS,
@@ -44,7 +47,7 @@
 public class TestKeyGenerator extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new TestKeyGenerator());
+        main(new TestKeyGenerator(), args);
     }
 
     private TestResult test(String algorithm, int keyLen, Provider p,
@@ -85,6 +88,7 @@
         return actual;
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         test("DES", 0, p, TestResult.FAIL);
         test("DES", 56, p, TestResult.PASS); // ensure JCE-Compatibility
--- a/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,14 @@
  * @summary Ensure that 2048-bit DH key pairs can be generated
  * @author Valerie Peng
  * @library ..
+ * @run main/othervm TestDH2048
+ * @run main/othervm TestDH2048 sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
 
 public class TestDH2048 extends PKCS11Test {
 
@@ -47,6 +47,7 @@
         }
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("KeyPairGenerator", "DH") == null) {
             System.out.println("KPG for DH not supported, skipping");
@@ -61,6 +62,6 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestDH2048());
+        main(new TestDH2048(), args);
     }
 }
--- a/jdk/test/sun/security/pkcs11/Mac/MacKAT.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Mac/MacKAT.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
  * @summary Basic known-answer-test for Hmac algorithms
  * @author Andreas Sterbenz
  * @library ..
- * @run main MacKAT
+ * @run main/othervm MacKAT
+ * @run main/othervm MacKAT sm
  */
 public class MacKAT extends PKCS11Test {
 
@@ -178,7 +179,7 @@
     };
 
     public static void main(String[] args) throws Exception {
-        main(new MacKAT());
+        main(new MacKAT(), args);
     }
 
     @Override
--- a/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
  * @summary Check if doFinal and update operation result in same Mac
  * @author Yu-Ching Valerie Peng, Bill Situ, Alexander Fomin
  * @library ..
- * @run main MacSameTest
+ * @run main/othervm MacSameTest
+ * @run main/othervm MacSameTest sm
  * @key randomness
  */
 public class MacSameTest extends PKCS11Test {
@@ -57,7 +58,7 @@
      * @param args the command line arguments
      */
     public static void main(String[] args) throws Exception {
-        main(new MacSameTest());
+        main(new MacSameTest(), args);
     }
 
     @Override
--- a/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,22 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm ReinitMac
+ * @run main/othervm ReinitMac sm
  */
 
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
 
 public class ReinitMac extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new ReinitMac());
+        main(new ReinitMac(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("Mac", "HmacMD5") == null) {
             System.out.println(p + " does not support HmacMD5, skipping");
--- a/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,19 +28,23 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm ByteBuffers
+ * @run main/othervm ByteBuffers sm
  */
 
-import java.util.*;
-import java.nio.*;
-
-import java.security.*;
+import java.nio.ByteBuffer;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
 
 public class ByteBuffers extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new ByteBuffers());
+        main(new ByteBuffers(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("MessageDigest", "MD5") == null) {
             System.out.println("Provider does not support MD5, skipping");
--- a/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,19 +27,23 @@
  * @summary Basic known-answer-test for all our MessageDigest algorithms
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm DigestKAT
+ * @run main/othervm DigestKAT sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringReader;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
 
 public class DigestKAT extends PKCS11Test {
 
     private final static char[] hexDigits = "0123456789abcdef".toCharArray();
 
     public static String toString(byte[] b) {
-        StringBuffer sb = new StringBuffer(b.length * 3);
+        StringBuilder sb = new StringBuilder(b.length * 3);
         for (int i = 0; i < b.length; i++) {
             int k = b[i] & 0xff;
             if (i != 0) {
@@ -106,6 +110,7 @@
             this.data = data;
             this.digest = digest;
         }
+        @Override
         void run(Provider p) throws Exception {
             if (p.getService("MessageDigest", alg) == null) {
                 System.out.println("Skipped " + alg);
@@ -123,7 +128,6 @@
                 System.out.println("out:  " + DigestKAT.toString(myDigest));
                 throw new Exception("Digest test for " + alg + " failed");
             }
-//          System.out.println("Passed " + alg);
         }
     }
 
@@ -221,12 +225,13 @@
         System.out.println("Done (" + (stop - start) + " ms).");
     }
 
+    @Override
     public void main(Provider p) throws Exception{
         runTests(tests, p);
     }
 
     public static void main(String[] args) throws Exception {
-        main(new DigestKAT());
+        main(new DigestKAT(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,22 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm ReinitDigest
+ * @run main/othervm ReinitDigest sm
  */
 
-import java.util.*;
-
-import java.security.*;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
 
 public class ReinitDigest extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new ReinitDigest());
+        main(new ReinitDigest(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("MessageDigest", "MD5") == null) {
             System.out.println("Provider does not support MD5, skipping");
--- a/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,11 +28,14 @@
  * @author Valerie Peng
  * @library ..
  * @key randomness
+ * @run main/othervm TestCloning
+ * @run main/othervm TestCloning sm
  */
 
-import java.util.*;
-
-import java.security.*;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
 
 public class TestCloning extends PKCS11Test {
 
@@ -41,13 +44,14 @@
     };
 
     public static void main(String[] args) throws Exception {
-        main(new TestCloning());
+        main(new TestCloning(), args);
     }
 
     private static final byte[] data1 = new byte[10];
     private static final byte[] data2 = new byte[10*1024];
 
 
+    @Override
     public void main(Provider p) throws Exception {
         Random r = new Random();
         byte[] data1 = new byte[10];
--- a/jdk/test/sun/security/pkcs11/PKCS11Test.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/PKCS11Test.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,15 +24,38 @@
 
 // common infrastructure for SunPKCS11 tests
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.StringReader;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.ProviderException;
+import java.security.Security;
 import java.security.spec.ECGenParameterSpec;
 import java.security.spec.ECParameterSpec;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.ServiceLoader;
+import java.util.Set;
 
 public abstract class PKCS11Test {
 
+    private boolean enableSM = false;
+
+    static final Properties props = System.getProperties();
+
     static final String PKCS11 = "PKCS11";
 
     // directory of the test source
@@ -40,7 +63,8 @@
 
     static final char SEP = File.separatorChar;
 
-    private final static String REL_CLOSED = "../../../../closed/sun/security/pkcs11".replace('/', SEP);
+    private static final String DEFAULT_POLICY =
+            BASE + SEP + ".." + SEP + "policy";
 
     // directory corresponding to BASE in the /closed hierarchy
     static final String CLOSED_BASE;
@@ -53,6 +77,9 @@
         String p1 = absBase.substring(0, k + 6);
         String p2 = absBase.substring(k + 5);
         CLOSED_BASE = p1 + "closed" + p2;
+
+        // set it as a system property to make it available in policy file
+        System.setProperty("closed.base", CLOSED_BASE);
     }
 
     static String NSPR_PREFIX = "";
@@ -86,7 +113,7 @@
                 if (p.getName().equals("SunPKCS11")) {
                     found = true;
                     break;
-                };
+                }
             } catch (Exception e) {
                 // ignore and move on to the next one
             }
@@ -103,6 +130,19 @@
         pkcs11 = p;
     }
 
+    /*
+     * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
+     * when running SunPKCS11-Solaris (8044554)
+     */
+    static boolean isBadSolarisSparc(Provider p) {
+        if ("SunPKCS11-Solaris".equals(p.getName()) && badSolarisSparc) {
+            System.out.println("SunPKCS11-Solaris provider requires " +
+                "Solaris SPARC 11.2 or later, skipping");
+            return true;
+        }
+        return false;
+    }
+
     // Return a SunPKCS11 provider configured with the specified config file
     static Provider getSunPKCS11(String config) throws Exception {
         if (pkcs11 == null) {
@@ -114,15 +154,43 @@
     public abstract void main(Provider p) throws Exception;
 
     private void premain(Provider p) throws Exception {
-        long start = System.currentTimeMillis();
-        System.out.println("Running test with provider " + p.getName() + "...");
-        main(p);
-        long stop = System.currentTimeMillis();
-        System.out.println("Completed test with provider " + p.getName() +
-            " (" + (stop - start) + " ms).");
+        // set a security manager and policy before a test case runs,
+        // and disable them after the test case finished
+        try {
+            if (enableSM) {
+                System.setSecurityManager(new SecurityManager());
+            }
+            long start = System.currentTimeMillis();
+            System.out.printf(
+                    "Running test with provider %s (security manager %s) ...%n",
+                        p.getName(), enableSM ? "enabled" : "disabled");
+            main(p);
+            long stop = System.currentTimeMillis();
+            System.out.println("Completed test with provider " + p.getName() +
+                " (" + (stop - start) + " ms).");
+        } finally {
+            if (enableSM) {
+                System.setSecurityManager(null);
+            }
+        }
     }
 
     public static void main(PKCS11Test test) throws Exception {
+        main(test, null);
+    }
+
+    public static void main(PKCS11Test test, String[] args) throws Exception {
+        if (args != null) {
+            if (args.length > 0 && "sm".equals(args[0])) {
+                test.enableSM = true;
+            }
+            if (test.enableSM) {
+                System.setProperty("java.security.policy",
+                        (args.length > 1) ? BASE + SEP + args[1]
+                                : DEFAULT_POLICY);
+            }
+        }
+
         Provider[] oldProviders = Security.getProviders();
         try {
             System.out.println("Beginning test run " + test.getClass().getName() + "...");
@@ -218,7 +286,6 @@
     }
 
     static String getNSSLibDir(String library) throws Exception {
-        Properties props = System.getProperties();
         String osName = props.getProperty("os.name");
         if (osName.startsWith("Win")) {
             osName = "Windows";
@@ -249,6 +316,15 @@
         return nssLibDir;
     }
 
+    static boolean isBadNSSVersion(Provider p) {
+        if (isNSS(p) && badNSSVersion) {
+            System.out.println("NSS 3.11 has a DER issue that recent " +
+                    "version do not.");
+            return true;
+        }
+        return false;
+    }
+
     protected static void safeReload(String lib) throws Exception {
         try {
             System.load(lib);
@@ -317,34 +393,32 @@
 
         try {
             libfile = getNSSLibDir() + System.mapLibraryName(library);
-            FileInputStream is = new FileInputStream(libfile);
-            byte[] data = new byte[1000];
-            int read = 0;
+            try (FileInputStream is = new FileInputStream(libfile)) {
+                byte[] data = new byte[1000];
+                int read = 0;
 
-            while (is.available() > 0) {
-                if (read == 0) {
-                    read = is.read(data, 0, 1000);
-                } else {
-                    // Prepend last 100 bytes in case the header was split
-                    // between the reads.
-                    System.arraycopy(data, 900, data, 0, 100);
-                    read = 100 + is.read(data, 100, 900);
-                }
+                while (is.available() > 0) {
+                    if (read == 0) {
+                        read = is.read(data, 0, 1000);
+                    } else {
+                        // Prepend last 100 bytes in case the header was split
+                        // between the reads.
+                        System.arraycopy(data, 900, data, 0, 100);
+                        read = 100 + is.read(data, 100, 900);
+                    }
 
-                s = new String(data, 0, read);
-                if ((i = s.indexOf(nssHeader)) > 0) {
-                    found = true;
-                    // If the nssHeader is before 920 we can break, otherwise
-                    // we may not have the whole header so do another read.  If
-                    // no bytes are in the stream, that is ok, found is true.
-                    if (i < 920) {
-                        break;
+                    s = new String(data, 0, read);
+                    if ((i = s.indexOf(nssHeader)) > 0) {
+                        found = true;
+                        // If the nssHeader is before 920 we can break, otherwise
+                        // we may not have the whole header so do another read.  If
+                        // no bytes are in the stream, that is ok, found is true.
+                        if (i < 920) {
+                            break;
+                        }
                     }
                 }
             }
-
-            is.close();
-
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -438,14 +512,13 @@
     }
 
     // Generate a vector of supported elliptic curves of a given provider
-    static Vector<ECParameterSpec> getKnownCurves(Provider p) throws Exception {
+    static List<ECParameterSpec> getKnownCurves(Provider p) throws Exception {
         int index;
         int begin;
         int end;
         String curve;
-        KeyPair kp = null;
 
-        Vector<ECParameterSpec> results = new Vector<ECParameterSpec>();
+        List<ECParameterSpec> results = new ArrayList<>();
         // Get Curves to test from SunEC.
         String kcProp = Security.getProvider("SunEC").
                 getProperty("AlgorithmParameters.EC SupportedCurves");
@@ -483,7 +556,7 @@
             try {
                 KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);
                 kpg.initialize(e);
-                kp = kpg.generateKeyPair();
+                kpg.generateKeyPair();
                 results.add(e);
                 System.out.println("Supported");
             } catch (ProviderException ex) {
@@ -514,9 +587,8 @@
     }
 
     // Check support for a curve with a provided Vector of EC support
-    boolean checkSupport(Vector<ECParameterSpec> supportedEC,
+    boolean checkSupport(List<ECParameterSpec> supportedEC,
             ECParameterSpec curve) {
-        boolean found = false;
         for (ECParameterSpec ec: supportedEC) {
             if (ec.equals(curve)) {
                 return true;
@@ -529,7 +601,7 @@
 
     // Location of the NSS libraries on each supported platform
     static {
-        osMap = new HashMap<String,String[]>();
+        osMap = new HashMap<>();
         osMap.put("SunOS-sparc-32", new String[]{"/usr/lib/mps/"});
         osMap.put("SunOS-sparcv9-64", new String[]{"/usr/lib/mps/64/"});
         osMap.put("SunOS-x86-32", new String[]{"/usr/lib/mps/"});
@@ -551,11 +623,20 @@
 
     private final static char[] hexDigits = "0123456789abcdef".toCharArray();
 
+    static final boolean badNSSVersion =
+            getNSSVersion() >= 3.11 && getNSSVersion() < 3.12;
+
+    static final boolean badSolarisSparc =
+            System.getProperty("os.name").equals("SunOS") &&
+            System.getProperty("os.arch").equals("sparcv9") &&
+            System.getProperty("os.version").compareTo("5.11") <= 0 &&
+            getDistro().compareTo("11.2") < 0;
+
     public static String toString(byte[] b) {
         if (b == null) {
             return "(null)";
         }
-        StringBuffer sb = new StringBuffer(b.length * 3);
+        StringBuilder sb = new StringBuilder(b.length * 3);
         for (int i = 0; i < b.length; i++) {
             int k = b[i] & 0xff;
             if (i != 0) {
@@ -637,8 +718,7 @@
     /**
      * Get the identifier for the operating system distribution
      */
-    public String getDistro() {
-
+    static String getDistro() {
         try (BufferedReader in =
             new BufferedReader(new InputStreamReader(
                 Runtime.getRuntime().exec("uname -v").getInputStream()))) {
--- a/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,26 @@
  * @author Andreas Sterbenz
  * @library ..
  * @run main/othervm AddPrivateKey
+ * @run main/othervm AddPrivateKey sm policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.KeyStore.PasswordProtection;
+import java.security.KeyStore.PrivateKeyEntry;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 
 // this test is currently only run for the NSS KeyStore provider, but it
 // is really a generic KeyStore test so it should be modified to run for
@@ -63,6 +75,12 @@
         System.out.println();
         Security.addProvider(p);
 
+        if (args.length > 1 && "sm".equals(args[0])) {
+            System.setProperty("java.security.policy",
+                    BASE + File.separator + args[1]);
+            System.setSecurityManager(new SecurityManager());
+        }
+
         KeyStore ks = KeyStore.getInstance(PKCS11, p);
         ks.load(null, password);
         for (String alias : aliases(ks)) {
--- a/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,21 @@
  * @author Andreas Sterbenz
  * @library ..
  * @run main/othervm AddTrustedCert
+ * @run main/othervm AddTrustedCert sm policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.KeyStore.TrustedCertificateEntry;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
 
 public class AddTrustedCert extends SecmodTest {
 
@@ -56,6 +63,13 @@
 
         System.out.println(p);
         Security.addProvider(p);
+
+        if (args.length > 1 && "sm".equals(args[0])) {
+            System.setProperty("java.security.policy",
+                    BASE + File.separator + args[1]);
+            System.setSecurityManager(new SecurityManager());
+        }
+
         KeyStore ks = KeyStore.getInstance(PKCS11, p);
         ks.load(null, password);
         Collection<String> aliases = new TreeSet<>(Collections.list(
--- a/jdk/test/sun/security/pkcs11/Secmod/Crypto.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/Crypto.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,14 @@
  * @author Andreas Sterbenz
  * @library ..
  * @run main/othervm Crypto
+ * @run main/othervm Crypto sm policy
  */
 
-import java.security.*;
+import java.io.File;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.Signature;
 
 public class Crypto extends SecmodTest {
 
@@ -42,6 +47,12 @@
         String configName = BASE + SEP + "nsscrypto.cfg";
         Provider p = getSunPKCS11(configName);
 
+        if (args.length > 1 && "sm".equals(args[0])) {
+            System.setProperty("java.security.policy",
+                    BASE + File.separator + args[1]);
+            System.setSecurityManager(new SecurityManager());
+        }
+
         KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p);
         KeyPair kp = kpg.generateKeyPair();
 
--- a/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,13 +29,19 @@
  * @author Andreas Sterbenz
  * @library ..
  * @run main/othervm GetPrivateKey
+ * @run main/othervm GetPrivateKey sm policy
  */
 
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.Signature;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
 
 public class GetPrivateKey extends SecmodTest {
 
@@ -49,6 +55,13 @@
 
         System.out.println(p);
         Security.addProvider(p);
+
+        if (args.length > 1 && "sm".equals(args[0])) {
+            System.setProperty("java.security.policy",
+                    BASE + File.separator + args[1]);
+            System.setSecurityManager(new SecurityManager());
+        }
+
         KeyStore ks = KeyStore.getInstance(PKCS11, p);
         ks.load(null, password);
         Collection<String> aliases = new TreeSet<>(
--- a/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,13 +28,19 @@
  * @author Wang Weijun
  * @library ..
  * @run main/othervm JksSetPrivateKey
+ * @run main/othervm JksSetPrivateKey sm policy
  */
 
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
 
 public class JksSetPrivateKey extends SecmodTest {
 
@@ -48,9 +54,16 @@
 
         System.out.println(p);
         Security.addProvider(p);
+
+        if (args.length > 1 && "sm".equals(args[0])) {
+            System.setProperty("java.security.policy",
+                    BASE + File.separator + args[1]);
+            System.setSecurityManager(new SecurityManager());
+        }
+
         KeyStore ks = KeyStore.getInstance("PKCS11", p);
         ks.load(null, password);
-        Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases()));
+        Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases()));
         System.out.println("entries: " + aliases.size());
         System.out.println(aliases);
 
@@ -66,14 +79,14 @@
             jks.setKeyEntry("k1", privateKey, "changeit".toCharArray(), chain);
             throw new Exception("No, an NSS PrivateKey shouldn't be extractable and put inside a JKS keystore");
         } catch (KeyStoreException e) {
-            System.err.println(e);; // This is OK
+            System.err.println(e); // This is OK
         }
 
         try {
             jks.setKeyEntry("k2", new DummyPrivateKey(), "changeit".toCharArray(), chain);
             throw new Exception("No, non-PKCS#8 key shouldn't be put inside a KeyStore");
         } catch (KeyStoreException e) {
-            System.err.println(e);; // This is OK
+            System.err.println(e); // This is OK
         }
         System.out.println("OK");
 
@@ -81,35 +94,41 @@
             jks.setKeyEntry("k3", new DummyPrivateKey2(), "changeit".toCharArray(), chain);
             throw new Exception("No, not-extractble key shouldn't be put inside a KeyStore");
         } catch (KeyStoreException e) {
-            System.err.println(e);; // This is OK
+            System.err.println(e); // This is OK
         }
         System.out.println("OK");
     }
 }
 
 class DummyPrivateKey implements PrivateKey {
+    @Override
     public String getAlgorithm() {
         return "DUMMY";
     }
 
+    @Override
     public String getFormat() {
         return "DUMMY";
     }
 
+    @Override
     public byte[] getEncoded() {
         return "DUMMY".getBytes();
     }
 }
 
 class DummyPrivateKey2 implements PrivateKey {
+    @Override
     public String getAlgorithm() {
         return "DUMMY";
     }
 
+    @Override
     public String getFormat() {
         return "PKCS#8";
     }
 
+    @Override
     public byte[] getEncoded() {
         return null;
     }
--- a/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,6 +21,7 @@
  * questions.
  */
 
+import java.io.File;
 import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -35,6 +36,7 @@
  * @summary Checks that PKCS#11 keystore can't be loaded with wrong password
  * @library ../
  * @run main/othervm LoadKeystore
+ * @run main/othervm LoadKeystore sm policy
  */
 public class LoadKeystore extends SecmodTest {
 
@@ -50,6 +52,12 @@
         System.out.println();
         Security.addProvider(p);
 
+        if (args.length > 1 && "sm".equals(args[0])) {
+            System.setProperty("java.security.policy",
+                    BASE + File.separator + args[1]);
+            System.setSecurityManager(new SecurityManager());
+        }
+
         try {
             System.out.println("Load keystore with wrong type");
             KeyStore.getInstance("unknown", p);
--- a/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,13 +28,17 @@
  * @author Andreas Sterbenz
  * @library ..
  * @run main/othervm TrustAnchors
+ * @run main/othervm TrustAnchors sm policy
  */
 
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
 
 public class TrustAnchors extends SecmodTest {
 
@@ -57,9 +61,16 @@
 
         System.out.println(p);
         Security.addProvider(p);
+
+        if (args.length > 1 && "sm".equals(args[0])) {
+            System.setProperty("java.security.policy",
+                    BASE + File.separator + args[1]);
+            System.setSecurityManager(new SecurityManager());
+        }
+
         KeyStore ks = KeyStore.getInstance("PKCS11", p);
         ks.load(null, null);
-        Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases()));
+        Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases()));
         System.out.println("entries: " + aliases.size());
         System.out.println(aliases);
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,6 @@
+grant {
+    permission java.security.SecurityPermission "authProvider.*";
+    permission java.io.FilePermission "${test.src}/-", "read";
+    permission java.io.FilePermission "${pkcs11test.nss.db}/-", "read";
+    permission java.io.FilePermission "${pkcs11test.nss.libdir}/-", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,17 +28,17 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm Basic
+ * @run main/othervm Basic sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
 
 public class Basic extends PKCS11Test {
 
+    @Override
     public void main(Provider p) throws Exception {
         SecureRandom random;
         try {
@@ -58,7 +58,7 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new Basic());
+        main(new Basic(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,19 +28,24 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm ByteBuffers
+ * @run main/othervm ByteBuffers sm
  */
 
-import java.util.*;
-import java.nio.*;
-
-import java.security.*;
+import java.nio.ByteBuffer;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.Signature;
+import java.util.Random;
 
 public class ByteBuffers extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new ByteBuffers());
+        main(new ByteBuffers(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
 
         /*
@@ -48,9 +53,9 @@
          * when running SunPKCS11-Solaris provider (8044554)
          */
         if (p.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
+            props.getProperty("os.name").equals("SunOS") &&
+            props.getProperty("os.arch").equals("sparcv9") &&
+            props.getProperty("os.version").compareTo("5.11") <= 0 &&
             getDistro().compareTo("11.2") < 0) {
 
             System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/Signature/TestDSA.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/TestDSA.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,24 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm TestDSA
+ * @run main/othervm TestDSA sm
  */
 
-import java.io.*;
-import java.util.*;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringReader;
 import java.math.BigInteger;
-
-import java.security.*;
-import java.security.spec.*;
+import java.security.KeyFactory;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.util.Random;
 
 public class TestDSA extends PKCS11Test {
 
@@ -102,9 +112,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestDSA());
+        main(new TestDSA(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         long start = System.currentTimeMillis();
 
@@ -115,9 +126,9 @@
          * when running SunPKCS11-Solaris (8044554)
          */
         if (provider.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
+            props.getProperty("os.name").equals("SunOS") &&
+            props.getProperty("os.arch").equals("sparcv9") &&
+            props.getProperty("os.version").compareTo("5.11") <= 0 &&
             getDistro().compareTo("11.2") < 0) {
 
             System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -20,6 +20,7 @@
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */
+
 /*
  * @test
  * @bug 7200306 8029158
@@ -27,19 +28,24 @@
  * with unsupported key sizes
  * @library ..
  * @key randomness
+ * @run main/othervm TestDSAKeyLength
+ * @run main/othervm TestDSAKeyLength sm
  */
 
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Signature;
 
 public class TestDSAKeyLength extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new TestDSAKeyLength());
+        main(new TestDSAKeyLength(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         if (isNSS(provider) && getNSSVersion() >= 3.14) {
             System.out.println("Skip testing NSS " + getNSSVersion());
@@ -51,9 +57,9 @@
          * when running SunPKCS11-Solaris (8044554)
          */
         if (provider.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
+            props.getProperty("os.name").equals("SunOS") &&
+            props.getProperty("os.arch").equals("sparcv9") &&
+            props.getProperty("os.version").compareTo("5.11") <= 0 &&
             getDistro().compareTo("11.2") < 0) {
 
             System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,26 @@
  * @summary Make sure initSign/initVerify() check RSA key lengths
  * @author Yu-Ching Valerie Peng
  * @library ..
+ * @run main/othervm TestRSAKeyLength
+ * @run main/othervm TestRSAKeyLength sm
  */
 
-import java.security.*;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignedObject;
 
 public class TestRSAKeyLength extends PKCS11Test {
+
     public static void main(String[] args) throws Exception {
-        main(new TestRSAKeyLength());
+        main(new TestRSAKeyLength(), args);
     }
+
+    @Override
     public void main(Provider p) throws Exception {
 
         /*
@@ -42,9 +54,9 @@
          * when running SunPKCS11-Solaris (8044554)
          */
         if (p.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
+            props.getProperty("os.name").equals("SunOS") &&
+            props.getProperty("os.arch").equals("sparcv9") &&
+            props.getProperty("os.version").compareTo("5.11") <= 0 &&
             getDistro().compareTo("11.2") < 0) {
 
             System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,16 +29,31 @@
  * @author Andreas Sterbenz
  * @library ..
  * @library ../../../../java/security/testlibrary
+ * @run main/othervm ReadCertificates
+ * @run main/othervm ReadCertificates sm policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.cert.*;
-import java.security.*;
-import java.security.interfaces.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
 import java.security.spec.ECParameterSpec;
-
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
 import javax.security.auth.x500.X500Principal;
 
 public class ReadCertificates extends PKCS11Test {
@@ -49,16 +64,18 @@
 
     private static Collection<X509Certificate> readCertificates(File file) throws Exception {
         System.out.println("Loading " + file.getName() + "...");
-        InputStream in = new FileInputStream(file);
-        Collection<X509Certificate> certs = (Collection<X509Certificate>)factory.generateCertificates(in);
-        in.close();
+        Collection<X509Certificate> certs;
+        try (InputStream in = new FileInputStream(file)) {
+            certs = (Collection<X509Certificate>)factory.generateCertificates(in);
+        }
         return certs;
     }
 
     public static void main(String[] args) throws Exception {
-        main(new ReadCertificates());
+        main(new ReadCertificates(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("Signature", "SHA1withECDSA") == null) {
             System.out.println("Provider does not support ECDSA, skipping...");
@@ -79,7 +96,7 @@
         } catch (CertificateException e) {
             // ignore
         }
-        Map<X500Principal,X509Certificate> certs = new LinkedHashMap<X500Principal,X509Certificate>();
+        Map<X500Principal,X509Certificate> certs = new LinkedHashMap<>();
 
         File dir = new File(BASE, "certs");
         File closedDir = new File(CLOSED_BASE, "certs");
@@ -103,7 +120,7 @@
         System.out.println("OK: " + certs.size() + " certificates.");
 
         // Get supported curves
-        Vector<ECParameterSpec> supportedEC = getKnownCurves(p);
+        List<ECParameterSpec> supportedEC = getKnownCurves(p);
 
         System.out.println("Test Certs:\n");
         for (X509Certificate cert : certs.values()) {
@@ -127,7 +144,8 @@
                System.out.println("Warning: " + e.getMessage() +
                    ". Trying another provider...");
                cert.verify(key);
-           } catch (Exception e) {
+           } catch (CertificateException | InvalidKeyException |
+                    NoSuchProviderException | SignatureException e) {
                System.out.println(e.getMessage());
                if (key instanceof ECPublicKey) {
                    System.out.println("Failed.\n\tCurve: " +
@@ -145,7 +163,7 @@
         // try some random invalid signatures to make sure we get the correct
         // error
         System.out.println("Checking incorrect signatures...");
-        List<X509Certificate> certList = new ArrayList<X509Certificate>(certs.values());
+        List<X509Certificate> certList = new ArrayList<>(certs.values());
         for (int i = 0; i < 20; i++) {
             X509Certificate cert, signer;
             do {
@@ -161,9 +179,7 @@
                 } else {
                     throw new Exception("Verified invalid signature");
                 }
-            } catch (SignatureException e) {
-                System.out.println("OK: " + e);
-            } catch (InvalidKeyException e) {
+            } catch (SignatureException | InvalidKeyException e) {
                 System.out.println("OK: " + e);
             }
         }
--- a/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,26 +29,41 @@
  * @library ..
  * @library ../../../../java/security/testlibrary
  * @key randomness
+ * @run main/othervm ReadPKCS12
+ * @run main/othervm ReadPKCS12 sm policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.cert.*;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
 import java.security.cert.Certificate;
-
-import javax.security.auth.x500.X500Principal;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
 
 public class ReadPKCS12 extends PKCS11Test {
 
     private final static boolean COPY = false;
 
     public static void main(String[] args) throws Exception {
-        main(new ReadPKCS12());
+        main(new ReadPKCS12(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("Signature", "SHA1withECDSA") == null) {
             System.out.println("Provider does not support ECDSA, skipping...");
@@ -71,29 +86,30 @@
         KeyStore ks2;
         if (COPY) {
             ks2 = KeyStore.getInstance("JKS");
-            InputStream in = new FileInputStream("keystore.old");
-            ks2.load(in, "passphrase".toCharArray());
-            in.close();
+            try (InputStream in = new FileInputStream("keystore.old")) {
+                ks2.load(in, "passphrase".toCharArray());
+            }
         }
 
         File dir = new File(BASE, "pkcs12");
         File closedDir = new File(CLOSED_BASE, "pkcs12");
 
-        Map<String,char[]> passwords = new HashMap<String,char[]>();
-        BufferedReader reader = new BufferedReader(new FileReader((new File(BASE, "p12passwords.txt"))));
-        while (true) {
-            String line = reader.readLine();
-            if (line == null) {
-                break;
+        Map<String,char[]> passwords = new HashMap<>();
+        try (BufferedReader reader = new BufferedReader(
+                new FileReader(new File(BASE, "p12passwords.txt")))) {
+            while (true) {
+                String line = reader.readLine();
+                if (line == null) {
+                    break;
+                }
+                line = line.trim();
+                if ((line.length() == 0) || line.startsWith("#")) {
+                    continue;
+                }
+                String[] s = line.split(" ");
+                passwords.put(s[0], s[1].toCharArray());
             }
-            line = line.trim();
-            if ((line.length() == 0) || line.startsWith("#")) {
-                continue;
-            }
-            String[] s = line.split(" ");
-            passwords.put(s[0], s[1].toCharArray());
         }
-        reader.close();
 
         for (File file : concat(dir.listFiles(), closedDir.listFiles())) {
             String name = file.getName();
@@ -108,10 +124,11 @@
                 password = passwords.get("*");
             }
 
-            InputStream in = new FileInputStream(file);
-            KeyStore ks = KeyStore.getInstance("PKCS12");
-            ks.load(in, password);
-            in.close();
+            KeyStore ks;
+            try (InputStream in = new FileInputStream(file)) {
+                ks = KeyStore.getInstance("PKCS12");
+                ks.load(in, password);
+            }
             List<String> aliases = Collections.list(ks.aliases());
             System.out.println("Aliases: " + aliases);
 
@@ -147,9 +164,9 @@
         }
 
         if (COPY) {
-            OutputStream out = new FileOutputStream("keystore.new");
-            ks2.store(out, "passphrase".toCharArray());
-            out.close();
+            try (OutputStream out = new FileOutputStream("keystore.new")) {
+                ks2.store(out, "passphrase".toCharArray());
+            }
         }
 
         System.out.println("OK");
--- a/jdk/test/sun/security/pkcs11/ec/TestCurves.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestCurves.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,53 +29,46 @@
  * @library ..
  * @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper
  * @compile -XDignore.symbol.file TestCurves.java
- * @run main TestCurves
+ * @run main/othervm TestCurves
+ * @run main/othervm TestCurves sm
  * @key randomness
  */
 
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
-
-import javax.crypto.*;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.ProviderException;
+import java.security.Signature;
+import java.security.spec.ECParameterSpec;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Random;
+import javax.crypto.KeyAgreement;
 
 public class TestCurves extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new TestCurves());
+        main(new TestCurves(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("KeyAgreement", "ECDH") == null) {
             System.out.println("Not supported by provider, skipping");
             return;
         }
 
-        if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) {
-            System.out.println("NSS 3.11 has a DER issue that recent " +
-                    "version do not.");
+        if (isBadNSSVersion(p)) {
             return;
         }
 
-        /*
-         * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
-         * when running SunPKCS11-Solaris (8044554)
-         */
-        if (p.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
-            getDistro().compareTo("11.2") < 0) {
-
-            System.out.println("SunPKCS11-Solaris provider requires " +
-                "Solaris SPARC 11.2 or later, skipping");
+        if (isBadSolarisSparc(p)) {
             return;
         }
 
         // Check if this is sparc for later failure avoidance.
         boolean sparc = false;
-        if (System.getProperty("os.arch").equals("sparcv9")) {
+        if (props.getProperty("os.arch").equals("sparcv9")) {
             sparc = true;
             System.out.println("This is a sparcv9");
         }
@@ -84,7 +77,7 @@
         byte[] data = new byte[2048];
         random.nextBytes(data);
 
-        Vector<ECParameterSpec> curves = getKnownCurves(p);
+        List<ECParameterSpec> curves = getKnownCurves(p);
         for (ECParameterSpec params : curves) {
             System.out.println("Testing " + params + "...");
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);
--- a/jdk/test/sun/security/pkcs11/ec/TestECDH.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDH.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,16 +28,21 @@
  * @author Andreas Sterbenz
  * @library ..
  * @library ../../../../java/security/testlibrary
+ * @run main/othervm TestECDH
+ * @run main/othervm TestECDH sm policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
 import java.security.interfaces.ECPublicKey;
-
-import javax.crypto.*;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
 
 public class TestECDH extends PKCS11Test {
 
@@ -55,6 +60,7 @@
 
     private final static String secret163 = "04:ae:71:c1:c6:4d:f4:34:4d:72:70:a4:64:65:7f:2d:88:2d:3f:50:be";
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("KeyAgreement", "ECDH") == null) {
             System.out.println("Provider does not support ECDH, skipping");
@@ -89,10 +95,12 @@
         System.out.println("OK");
     }
 
-    private final static void test(Provider p, String pub1s, String priv1s, String pub2s, String priv2s, String secrets) throws Exception {
+    private final static void test(Provider p, String pub1s, String priv1s,
+            String pub2s, String priv2s, String secrets) throws Exception {
         KeyFactory kf = KeyFactory.getInstance("EC", p);
         PublicKey pub1 = kf.generatePublic(new X509EncodedKeySpec(parse(pub1s)));
-        System.out.println("Testing using parameters " + ((ECPublicKey)pub1).getParams() + "...");
+        System.out.println("Testing using parameters "
+                + ((ECPublicKey)pub1).getParams() + "...");
 
         PrivateKey priv1 = kf.generatePrivate(new PKCS8EncodedKeySpec(parse(priv1s)));
         PublicKey pub2 = kf.generatePublic(new X509EncodedKeySpec(parse(pub2s)));
@@ -121,7 +129,7 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestECDH());
+        main(new TestECDH(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/ec/TestECDH2.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDH2.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,19 +30,25 @@
  * @library ../../../../java/security/testlibrary
  * @modules java.base/sun.security.util
  * @compile -XDignore.symbol.file TestECDH2.java
- * @run main TestECDH2
+ * @run main/othervm TestECDH2
+ * @run main/othervm TestECDH2 sm
  */
 
-import java.io.*;
-import java.util.*;
 import java.math.BigInteger;
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
-import javax.crypto.*;
-
-import sun.security.util.ECUtil;
+import java.security.AlgorithmParameters;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
 
 public class TestECDH2 extends PKCS11Test {
 
@@ -81,7 +87,9 @@
 
     private KeyPair genECKeyPair(String curvName, String privD, String pubX,
                                  String pubY, Provider p) throws Exception {
-        ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName);
+        AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p);
+        params.init(new ECGenParameterSpec(curvName));
+        ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class);
         ECPrivateKeySpec privKeySpec =
             new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams);
         ECPublicKeySpec pubKeySpec =
@@ -98,19 +106,17 @@
         return kpg.generateKeyPair();
     }
     public static void main(String[] args) throws Exception {
-        main(new TestECDH2());
+        main(new TestECDH2(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         if (provider.getService("KeyAgreement", "ECDH") == null) {
             System.out.println("ECDH not supported, skipping");
             return;
         }
 
-        if (isNSS(provider) && getNSSVersion() >= 3.11 &&
-                getNSSVersion() < 3.12) {
-            System.out.println("NSS 3.11 has a DER issue that recent " +
-                    "version do not.");
+        if (isBadNSSVersion(provider)) {
             return;
         }
 
--- a/jdk/test/sun/security/pkcs11/ec/TestECDSA.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDSA.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,13 +29,22 @@
  * @library ..
  * @library ../../../../java/security/testlibrary
  * @key randomness
+ * @run main/othervm TestECDSA
+ * @run main/othervm TestECDSA sm policy
  */
 
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Random;
 
 public class TestECDSA extends PKCS11Test {
 
@@ -79,7 +88,8 @@
     private final static byte[] data2Raw = {};
     private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09");
 
-    private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception {
+    private static void verify(Provider provider, String alg, PublicKey key,
+            byte[] data, byte[] sig, boolean result) throws Exception {
         Signature s = Signature.getInstance(alg, provider);
         s.initVerify(key);
         boolean r;
@@ -105,9 +115,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestECDSA());
+        main(new TestECDSA(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         long start = System.currentTimeMillis();
 
@@ -116,25 +127,11 @@
             return;
         }
 
-        if (isNSS(provider) && getNSSVersion() >= 3.11 &&
-                getNSSVersion() < 3.12) {
-            System.out.println("NSS 3.11 has a DER issue that recent " +
-                    "version do not.");
+        if (isBadNSSVersion(provider)) {
             return;
         }
 
-        /*
-         * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
-         * when running SunPKCS11-Solaris (8044554)
-         */
-        if (provider.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
-            getDistro().compareTo("11.2") < 0) {
-
-            System.out.println("SunPKCS11-Solaris provider requires " +
-                "Solaris SPARC 11.2 or later, skipping");
+        if (isBadSolarisSparc(provider)) {
             return;
         }
 
--- a/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,18 +30,23 @@
  * @library ../../../../java/security/testlibrary
  * @modules java.base/sun.security.util
  * @compile -XDignore.symbol.file TestECDSA2.java
- * @run main TestECDSA2
+ * @run main/othervm TestECDSA2
+ * @run main/othervm TestECDSA2 sm
  */
 
-import java.io.*;
-import java.util.*;
 import java.math.BigInteger;
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
-
-import sun.security.util.ECUtil;
+import java.security.AlgorithmParameters;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
 
 public class TestECDSA2 extends PKCS11Test {
 
@@ -78,7 +83,9 @@
 
     private KeyPair genECKeyPair(String curvName, String privD, String pubX,
             String pubY, Provider p) throws Exception {
-        ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName);
+        AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p);
+        params.init(new ECGenParameterSpec(curvName));
+        ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class);
         ECPrivateKeySpec privKeySpec =
             new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams);
         ECPublicKeySpec pubKeySpec =
@@ -90,9 +97,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestECDSA2());
+        main(new TestECDSA2(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         boolean testP256 =
             (provider.getService("Signature", "SHA256withECDSA") != null);
@@ -105,10 +113,7 @@
             return;
         }
 
-        if (isNSS(provider) && getNSSVersion() >= 3.11 &&
-                getNSSVersion() < 3.12) {
-            System.out.println("NSS 3.11 has a DER issue that recent " +
-                    "version do not.");
+        if (isBadNSSVersion(provider)) {
             return;
         }
 
--- a/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,29 +27,32 @@
  * @summary Verify that we can use ECGenParameterSpec
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TestECGenSpec
+ * @run main/othervm TestECGenSpec sm
  */
 
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
+import java.security.AlgorithmParameters;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
 import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
 
 public class TestECGenSpec extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new TestECGenSpec());
+        main(new TestECGenSpec(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("Signature", "SHA1withECDSA") == null) {
             System.out.println("Provider does not support ECDSA, skipping...");
             return;
         }
 
-        if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) {
-            System.out.println("NSS 3.11 has a DER issue that recent " +
-                    "version do not.");
+        if (isBadNSSVersion(p)) {
             return;
         }
 
--- a/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,23 @@
  * @summary Test the P11ECKeyFactory
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TestKeyFactory
+ * @run main/othervm TestKeyFactory sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Arrays;
 
 public class TestKeyFactory extends PKCS11Test {
 
@@ -111,9 +120,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestKeyFactory());
+        main(new TestKeyFactory(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         if (p.getService("KeyFactory", "EC") == null) {
             System.out.println("Provider does not support EC, skipping");
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,7 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.security.SecurityPermission "insertProvider.*";   
+    permission java.security.SecurityPermission "removeProvider.*";
+    permission java.io.FilePermission "${test.src}/-", "read";
+    permission java.io.FilePermission "${closed.base}/-", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,15 +29,21 @@
  * @library ..
  * @modules java.base/com.sun.net.ssl.internal.ssl
  * @run main/othervm TrustManagerTest
+ * @run main/othervm TrustManagerTest sm TrustManagerTest.policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.cert.*;
-
-import javax.net.ssl.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.Policy;
+import java.security.Provider;
+import java.security.Security;
+import java.security.URIParameter;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 
 // This test belongs more in JSSE than here, but the JSSE workspace does not
 // have the NSS test infrastructure. It will live here for the time being.
@@ -73,6 +79,12 @@
         X509Certificate ca = loadCertificate("certs/ca.cer");
         X509Certificate anchor = loadCertificate("certs/anchor.cer");
 
+        if (args.length > 1 && "sm".equals(args[0])) {
+            Policy.setPolicy(Policy.getInstance("JavaPolicy",
+                    new URIParameter(new File(BASE, args[1]).toURI())));
+            System.setSecurityManager(new SecurityManager());
+        }
+
         KeyStore trustStore = KeyStore.getInstance("JKS");
         trustStore.load(null, null);
         trustStore.setCertificateEntry("anchor", anchor);
@@ -90,11 +102,10 @@
     }
 
     private static X509Certificate loadCertificate(String name) throws Exception {
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        InputStream in = new FileInputStream(BASE + SEP + name);
-        X509Certificate cert = (X509Certificate)cf.generateCertificate(in);
-        in.close();
-        return cert;
+        try (InputStream in = new FileInputStream(BASE + SEP + name)) {
+            return (X509Certificate) CertificateFactory.getInstance("X.509")
+                    .generateCertificate(in);
+        }
     }
 
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,3 @@
+grant {
+    
+};
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,3 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,28 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm KeyWrap
+ * @run main/othervm KeyWrap sm
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
 
 public class KeyWrap extends PKCS11Test {
 
+    @Override
     public void main(Provider p) throws Exception {
         try {
             Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
@@ -62,7 +72,7 @@
                 PublicKey pub = (PublicKey)kf.translateKey(kp.getPublic());
                 PrivateKey priv = (PrivateKey)kf.translateKey(kp.getPrivate());
                 kp = new KeyPair(pub, priv);
-            } catch (Exception ee) {
+            } catch (NoSuchAlgorithmException | InvalidKeyException ee) {
                 ee.printStackTrace();
                 System.out.println("Provider does not support RSA, skipping");
                 return;
@@ -93,7 +103,7 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new KeyWrap());
+        main(new KeyWrap(), args);
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,24 +28,28 @@
  * @author Andreas Sterbenz
  * @library ..
  * @library ../../../../java/security/testlibrary
+ * @run main/othervm TestCACerts
+ * @run main/othervm TestCACerts sm TestCACerts.policy
  */
 
 // this test serves as our known answer test
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.cert.*;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
 
 public class TestCACerts extends PKCS11Test {
 
-    private final static char SEP = File.separatorChar;
-
     public static void main(String[] args) throws Exception {
-        main(new TestCACerts());
+        main(new TestCACerts(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
 
         /*
@@ -53,9 +57,9 @@
          * when running SunPKCS11-Solaris (8044554)
          */
         if (p.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
+            props.getProperty("os.name").equals("SunOS") &&
+            props.getProperty("os.arch").equals("sparcv9") &&
+            props.getProperty("os.version").compareTo("5.11") <= 0 &&
             getDistro().compareTo("11.2") < 0) {
 
             System.out.println("SunPKCS11-Solaris provider requires " +
@@ -67,12 +71,13 @@
         Providers.setAt(p, 1);
         try {
             String PROVIDER = p.getName();
-            String javaHome = System.getProperty("java.home");
+            String javaHome = props.getProperty("java.home");
             String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts";
-            InputStream in = new FileInputStream(caCerts);
-            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-            ks.load(in, null);
-            in.close();
+            KeyStore ks;
+            try (InputStream in = new FileInputStream(caCerts)) {
+                ks = KeyStore.getInstance(KeyStore.getDefaultType());
+                ks.load(in, null);
+            }
             for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
                 String alias = (String)e.nextElement();
                 if (ks.isCertificateEntry(alias)) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,7 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.security.SecurityPermission "insertProvider.*";
+    permission java.security.SecurityPermission "removeProvider.*";
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.io.FilePermission "${java.home}/lib/security/cacerts", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,26 +27,26 @@
  * @summary Test KeyFactory of the new RSA provider
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TestKeyFactory
+ * @run main/othervm TestKeyFactory sm rsakeys.ks.policy
  */
 
 import java.io.*;
 import java.util.*;
 
 import java.security.*;
-import java.security.interfaces.*;
 import java.security.spec.*;
 
 public class TestKeyFactory extends PKCS11Test {
 
-    private final static String BASE = System.getProperty("test.src", ".");
-
     private static final char[] password = "test12".toCharArray();
 
     static KeyStore getKeyStore() throws Exception {
-        InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"));
-        KeyStore ks = KeyStore.getInstance("JKS");
-        ks.load(in, password);
-        in.close();
+        KeyStore ks;
+        try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) {
+            ks = KeyStore.getInstance("JKS");
+            ks.load(in, password);
+        }
         return ks;
     }
 
@@ -128,9 +128,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestKeyFactory());
+        main(new TestKeyFactory(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         long start = System.currentTimeMillis();
         KeyStore ks = getKeyStore();
--- a/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,16 +30,20 @@
  * @library /lib/testlibrary
  * @build jdk.testlibrary.*
  * @run main/othervm TestKeyPairGenerator
+ * @run main/othervm TestKeyPairGenerator sm TestKeyPairGenerator.policy
  * @key intermittent randomness
  */
 
-import java.io.*;
-import java.util.*;
 import java.math.BigInteger;
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAKeyGenParameterSpec;
 import jdk.testlibrary.RandomFactory;
 
 public class TestKeyPairGenerator extends PKCS11Test {
@@ -48,7 +52,8 @@
 
     private static byte[] data;
 
-    private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception {
+    private static void testSignature(String algorithm, PrivateKey privateKey,
+            PublicKey publicKey) throws Exception {
         System.out.println("Testing " + algorithm + "...");
         Signature s = Signature.getInstance(algorithm, provider);
         s.initSign(privateKey);
@@ -98,9 +103,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestKeyPairGenerator());
+        main(new TestKeyPairGenerator(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
         long start = System.currentTimeMillis();
         provider = p;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,4 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.util.PropertyPermission "seed", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,25 @@
  * @author Andreas Sterbenz
  * @library ..
  * @key randomness
+ * @run main/othervm TestSignatures
+ * @run main/othervm TestSignatures sm rsakeys.ks.policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.interfaces.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Enumeration;
+import java.util.Random;
 
 public class TestSignatures extends PKCS11Test {
 
-    private final static String BASE = System.getProperty("test.src", ".");
-
     private static final char[] password = "test12".toCharArray();
 
     private static Provider provider;
@@ -47,14 +54,16 @@
     private static byte[] data;
 
     static KeyStore getKeyStore() throws Exception {
-        InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"));
-        KeyStore ks = KeyStore.getInstance("JKS");
-        ks.load(in, password);
-        in.close();
+        KeyStore ks;
+        try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) {
+            ks = KeyStore.getInstance("JKS");
+            ks.load(in, password);
+        }
         return ks;
     }
 
-    private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception {
+    private static void testSignature(String algorithm, PrivateKey privateKey,
+            PublicKey publicKey) throws Exception {
         System.out.println("Testing " + algorithm + "...");
         Signature s = Signature.getInstance(algorithm, provider);
         s.initSign(privateKey);
@@ -78,7 +87,8 @@
         }
     }
 
-    private static void test(PrivateKey privateKey, PublicKey publicKey) throws Exception {
+    private static void test(PrivateKey privateKey, PublicKey publicKey)
+            throws Exception {
         testSignature("MD2withRSA", privateKey, publicKey);
         testSignature("MD5withRSA", privateKey, publicKey);
         testSignature("SHA1withRSA", privateKey, publicKey);
@@ -93,9 +103,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        main(new TestSignatures());
+        main(new TestSignatures(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
 
         /*
@@ -103,9 +114,9 @@
          * when running SunPKCS11-Solaris (8044554)
          */
         if (p.getName().equals("SunPKCS11-Solaris") &&
-            System.getProperty("os.name").equals("SunOS") &&
-            System.getProperty("os.arch").equals("sparcv9") &&
-            System.getProperty("os.version").compareTo("5.11") <= 0 &&
+            props.getProperty("os.name").equals("SunOS") &&
+            props.getProperty("os.arch").equals("sparcv9") &&
+            props.getProperty("os.version").compareTo("5.11") <= 0 &&
             getDistro().compareTo("11.2") < 0) {
 
             System.out.println("SunPKCS11-Solaris provider requires " +
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,4 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.io.FilePermission "${test.src}/rsakeys.ks", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,7 +47,8 @@
     // use any available port for the server socket
     static volatile int serverPort = 0;
 
-    final int THREADS;
+    static final int THREADS = Integer.getInteger("numThreads", 4);
+    static final String TEST_SRC = System.getProperty("test.src", ".");
 
     // assume that if we do not read anything for 20 seconds, something
     // has gone wrong
@@ -68,6 +69,7 @@
             this.cipherTest = cipherTest;
         }
 
+        @Override
         public abstract void run();
 
         void handleRequest(InputStream in, OutputStream out) throws IOException {
@@ -117,6 +119,7 @@
             return TLSCipherStatus.isEnabled(cipherSuite, protocol);
         }
 
+        @Override
         public String toString() {
             String s = cipherSuite + " in " + protocol + " mode";
             if (clientAuth != null) {
@@ -260,7 +263,6 @@
     private boolean failed;
 
     private CipherTest(PeerFactory peerFactory) throws IOException {
-        THREADS = Integer.parseInt(System.getProperty("numThreads", "4"));
         factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
         SSLSocket socket = (SSLSocket)factory.createSocket();
         String[] cipherSuites = socket.getSupportedCipherSuites();
@@ -350,6 +352,7 @@
             this.cipherTest = cipherTest;
         }
 
+        @Override
         public final void run() {
             while (true) {
                 TestParameters params = cipherTest.getTest();
@@ -405,10 +408,11 @@
 
     private static KeyStore readKeyStore(String name) throws Exception {
         File file = new File(PATH, name);
-        InputStream in = new FileInputStream(file);
-        KeyStore ks = KeyStore.getInstance("JKS");
-        ks.load(in, passwd);
-        in.close();
+        KeyStore ks;
+        try (InputStream in = new FileInputStream(file)) {
+            ks = KeyStore.getInstance("JKS");
+            ks.load(in, passwd);
+        }
         return ks;
     }
 
@@ -421,7 +425,7 @@
         } else {
             relPath = pathToStores;
         }
-        PATH = new File(System.getProperty("test.src", "."), relPath);
+        PATH = new File(TEST_SRC, relPath);
         CipherTest.peerFactory = peerFactory;
         System.out.print(
             "Initializing test '" + peerFactory.getName() + "'...");
@@ -494,16 +498,19 @@
 
     }
 
+    @Override
     public void checkClientTrusted(X509Certificate[] chain, String authType)
             throws CertificateException {
         // empty
     }
 
+    @Override
     public void checkServerTrusted(X509Certificate[] chain, String authType)
             throws CertificateException {
         // empty
     }
 
+    @Override
     public X509Certificate[] getAcceptedIssuers() {
         return new X509Certificate[0];
     }
@@ -522,6 +529,7 @@
         this.authType = "ECDSA".equals(authType) ? "EC" : authType;
     }
 
+    @Override
     public String[] getClientAliases(String keyType, Principal[] issuers) {
         if (authType == null) {
             return null;
@@ -529,6 +537,7 @@
         return keyManager.getClientAliases(authType, issuers);
     }
 
+    @Override
     public String chooseClientAlias(String[] keyType, Principal[] issuers,
             Socket socket) {
         if (authType == null) {
@@ -538,6 +547,7 @@
             issuers, socket);
     }
 
+    @Override
     public String chooseEngineClientAlias(String[] keyType,
             Principal[] issuers, SSLEngine engine) {
         if (authType == null) {
@@ -547,24 +557,29 @@
             issuers, engine);
     }
 
+    @Override
     public String[] getServerAliases(String keyType, Principal[] issuers) {
         throw new UnsupportedOperationException("Servers not supported");
     }
 
+    @Override
     public String chooseServerAlias(String keyType, Principal[] issuers,
             Socket socket) {
         throw new UnsupportedOperationException("Servers not supported");
     }
 
+    @Override
     public String chooseEngineServerAlias(String keyType, Principal[] issuers,
             SSLEngine engine) {
         throw new UnsupportedOperationException("Servers not supported");
     }
 
+    @Override
     public X509Certificate[] getCertificateChain(String alias) {
         return keyManager.getCertificateChain(alias);
     }
 
+    @Override
     public PrivateKey getPrivateKey(String alias) {
         return keyManager.getPrivateKey(alias);
     }
@@ -577,6 +592,7 @@
 
     private final static ThreadFactory DEFAULT = Executors.defaultThreadFactory();
 
+    @Override
     public Thread newThread(Runnable r) {
         Thread t = DEFAULT.newThread(r);
         t.setDaemon(true);
--- a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,25 +34,28 @@
  * @library ..
  * @library ../../../../java/security/testlibrary
  * @run main/othervm ClientJSSEServerJSSE
+ * @run main/othervm ClientJSSEServerJSSE sm policy
  */
 
-import java.security.*;
+import java.security.Provider;
+import java.security.Security;
 
 public class ClientJSSEServerJSSE extends PKCS11Test {
 
     private static String[] cmdArgs;
 
     public static void main(String[] args) throws Exception {
-        cmdArgs = args;
-        main(new ClientJSSEServerJSSE());
-    }
-
-    public void main(Provider p) throws Exception {
         // reset security properties to make sure that the algorithms
         // and keys used in this test are not disabled.
         Security.setProperty("jdk.tls.disabledAlgorithms", "");
         Security.setProperty("jdk.certpath.disabledAlgorithms", "");
 
+        cmdArgs = args;
+        main(new ClientJSSEServerJSSE(), args);
+    }
+
+    @Override
+    public void main(Provider p) throws Exception {
         if (p.getService("KeyFactory", "EC") == null) {
             System.out.println("Provider does not support EC, skipping");
             return;
@@ -64,14 +67,17 @@
 
     private static class JSSEFactory extends CipherTest.PeerFactory {
 
+        @Override
         String getName() {
             return "Client JSSE - Server JSSE";
         }
 
+        @Override
         CipherTest.Client newClient(CipherTest cipherTest) throws Exception {
             return new JSSEClient(cipherTest);
         }
 
+        @Override
         CipherTest.Server newServer(CipherTest cipherTest) throws Exception {
             return new JSSEServer(cipherTest);
         }
--- a/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,16 +21,17 @@
  * questions.
  */
 
-import java.io.*;
-import java.net.*;
-import java.util.*;
-import java.util.concurrent.*;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-import javax.net.ssl.*;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Executors;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
 
 class JSSEServer extends CipherTest.Server {
 
@@ -48,15 +49,17 @@
         serverSocket.setWantClientAuth(true);
     }
 
+    @Override
     public void run() {
         System.out.println("JSSE Server listening on port " + cipherTest.serverPort);
         Executor exec = Executors.newFixedThreadPool
-                            (cipherTest.THREADS, DaemonThreadFactory.INSTANCE);
+                            (CipherTest.THREADS, DaemonThreadFactory.INSTANCE);
         try {
             while (true) {
                 final SSLSocket socket = (SSLSocket)serverSocket.accept();
                 socket.setSoTimeout(cipherTest.TIMEOUT);
                 Runnable r = new Runnable() {
+                    @Override
                     public void run() {
                         try {
                             InputStream in = socket.getInputStream();
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,9 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.security.SecurityPermission "insertProvider.*";
+    permission java.security.SecurityPermission "removeProvider.*";
+    permission java.util.PropertyPermission "test.src", "read";
+    permission java.util.PropertyPermission "numThreads", "read";
+    permission java.io.FilePermission "${test.src}/*", "read";
+    permission java.net.SocketPermission "127.0.0.1:*", "listen,resolve,accept,connect";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,136 +28,138 @@
  * @author Andreas Sterbenz
  * @library ..
  * @modules java.base/sun.security.internal.spec
+ * @run main/othervm TestKeyMaterial
+ * @run main/othervm TestKeyMaterial sm policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.Provider;
-
+import java.util.Arrays;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
+import sun.security.internal.spec.TlsKeyMaterialSpec;
 
 public class TestKeyMaterial extends PKCS11Test {
 
-    private static int PREFIX_LENGTH = "km-master:  ".length();
+    private static final int PREFIX_LENGTH = "km-master:  ".length();
 
     public static void main(String[] args) throws Exception {
-        main(new TestKeyMaterial());
+        main(new TestKeyMaterial(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         if (provider.getService("KeyGenerator", "SunTlsKeyMaterial") == null) {
             System.out.println("Provider does not support algorithm, skipping");
             return;
         }
 
-        InputStream in = new FileInputStream(new File(BASE, "keymatdata.txt"));
-        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+        try (BufferedReader reader = Files.newBufferedReader(
+                Paths.get(BASE, "keymatdata.txt"))) {
 
-        int n = 0;
-        int lineNumber = 0;
+            int n = 0;
+            int lineNumber = 0;
 
-        byte[] master = null;
-        int major = 0;
-        int minor = 0;
-        byte[] clientRandom = null;
-        byte[] serverRandom = null;
-        String cipherAlgorithm = null;
-        int keyLength = 0;
-        int expandedKeyLength = 0;
-        int ivLength = 0;
-        int macLength = 0;
-        byte[] clientCipherBytes = null;
-        byte[] serverCipherBytes = null;
-        byte[] clientIv = null;
-        byte[] serverIv = null;
-        byte[] clientMacBytes = null;
-        byte[] serverMacBytes = null;
+            byte[] master = null;
+            int major = 0;
+            int minor = 0;
+            byte[] clientRandom = null;
+            byte[] serverRandom = null;
+            String cipherAlgorithm = null;
+            int keyLength = 0;
+            int expandedKeyLength = 0;
+            int ivLength = 0;
+            int macLength = 0;
+            byte[] clientCipherBytes = null;
+            byte[] serverCipherBytes = null;
+            byte[] clientIv = null;
+            byte[] serverIv = null;
+            byte[] clientMacBytes = null;
+            byte[] serverMacBytes = null;
 
-        while (true) {
-            String line = reader.readLine();
-            lineNumber++;
-            if (line == null) {
-                break;
+            while (true) {
+                String line = reader.readLine();
+                lineNumber++;
+                if (line == null) {
+                    break;
+                }
+                if (line.startsWith("km-") == false) {
+                    continue;
+                }
+                String data = line.substring(PREFIX_LENGTH);
+                if (line.startsWith("km-master:")) {
+                    master = parse(data);
+                } else if (line.startsWith("km-major:")) {
+                    major = Integer.parseInt(data);
+                } else if (line.startsWith("km-minor:")) {
+                    minor = Integer.parseInt(data);
+                } else if (line.startsWith("km-crandom:")) {
+                    clientRandom = parse(data);
+                } else if (line.startsWith("km-srandom:")) {
+                    serverRandom = parse(data);
+                } else if (line.startsWith("km-cipalg:")) {
+                    cipherAlgorithm = data;
+                } else if (line.startsWith("km-keylen:")) {
+                    keyLength = Integer.parseInt(data);
+                } else if (line.startsWith("km-explen:")) {
+                    expandedKeyLength = Integer.parseInt(data);
+                } else if (line.startsWith("km-ivlen:")) {
+                    ivLength = Integer.parseInt(data);
+                } else if (line.startsWith("km-maclen:")) {
+                    macLength = Integer.parseInt(data);
+                } else if (line.startsWith("km-ccipkey:")) {
+                    clientCipherBytes = parse(data);
+                } else if (line.startsWith("km-scipkey:")) {
+                    serverCipherBytes = parse(data);
+                } else if (line.startsWith("km-civ:")) {
+                    clientIv = parse(data);
+                } else if (line.startsWith("km-siv:")) {
+                    serverIv = parse(data);
+                } else if (line.startsWith("km-cmackey:")) {
+                    clientMacBytes = parse(data);
+                } else if (line.startsWith("km-smackey:")) {
+                    serverMacBytes = parse(data);
+
+                    System.out.print(".");
+                    n++;
+
+                    KeyGenerator kg =
+                        KeyGenerator.getInstance("SunTlsKeyMaterial", provider);
+                    SecretKey masterKey =
+                        new SecretKeySpec(master, "TlsMasterSecret");
+                    TlsKeyMaterialParameterSpec spec =
+                        new TlsKeyMaterialParameterSpec(masterKey, major, minor,
+                        clientRandom, serverRandom, cipherAlgorithm,
+                        keyLength, expandedKeyLength, ivLength, macLength,
+                        null, -1, -1);
+
+                    kg.init(spec);
+                    TlsKeyMaterialSpec result =
+                        (TlsKeyMaterialSpec)kg.generateKey();
+                    match(lineNumber, clientCipherBytes,
+                        result.getClientCipherKey(), cipherAlgorithm);
+                    match(lineNumber, serverCipherBytes,
+                        result.getServerCipherKey(), cipherAlgorithm);
+                    match(lineNumber, clientIv, result.getClientIv(), "");
+                    match(lineNumber, serverIv, result.getServerIv(), "");
+                    match(lineNumber, clientMacBytes, result.getClientMacKey(), "");
+                    match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
+
+                } else {
+                    throw new Exception("Unknown line: " + line);
+                }
             }
-            if (line.startsWith("km-") == false) {
-                continue;
+            if (n == 0) {
+                throw new Exception("no tests");
             }
-            String data = line.substring(PREFIX_LENGTH);
-            if (line.startsWith("km-master:")) {
-                master = parse(data);
-            } else if (line.startsWith("km-major:")) {
-                major = Integer.parseInt(data);
-            } else if (line.startsWith("km-minor:")) {
-                minor = Integer.parseInt(data);
-            } else if (line.startsWith("km-crandom:")) {
-                clientRandom = parse(data);
-            } else if (line.startsWith("km-srandom:")) {
-                serverRandom = parse(data);
-            } else if (line.startsWith("km-cipalg:")) {
-                cipherAlgorithm = data;
-            } else if (line.startsWith("km-keylen:")) {
-                keyLength = Integer.parseInt(data);
-            } else if (line.startsWith("km-explen:")) {
-                expandedKeyLength = Integer.parseInt(data);
-            } else if (line.startsWith("km-ivlen:")) {
-                ivLength = Integer.parseInt(data);
-            } else if (line.startsWith("km-maclen:")) {
-                macLength = Integer.parseInt(data);
-            } else if (line.startsWith("km-ccipkey:")) {
-                clientCipherBytes = parse(data);
-            } else if (line.startsWith("km-scipkey:")) {
-                serverCipherBytes = parse(data);
-            } else if (line.startsWith("km-civ:")) {
-                clientIv = parse(data);
-            } else if (line.startsWith("km-siv:")) {
-                serverIv = parse(data);
-            } else if (line.startsWith("km-cmackey:")) {
-                clientMacBytes = parse(data);
-            } else if (line.startsWith("km-smackey:")) {
-                serverMacBytes = parse(data);
-
-                System.out.print(".");
-                n++;
-
-                KeyGenerator kg =
-                    KeyGenerator.getInstance("SunTlsKeyMaterial", provider);
-                SecretKey masterKey =
-                    new SecretKeySpec(master, "TlsMasterSecret");
-                TlsKeyMaterialParameterSpec spec =
-                    new TlsKeyMaterialParameterSpec(masterKey, major, minor,
-                    clientRandom, serverRandom, cipherAlgorithm,
-                    keyLength, expandedKeyLength, ivLength, macLength,
-                    null, -1, -1);
-
-                kg.init(spec);
-                TlsKeyMaterialSpec result =
-                    (TlsKeyMaterialSpec)kg.generateKey();
-                match(lineNumber, clientCipherBytes,
-                    result.getClientCipherKey(), cipherAlgorithm);
-                match(lineNumber, serverCipherBytes,
-                    result.getServerCipherKey(), cipherAlgorithm);
-                match(lineNumber, clientIv, result.getClientIv(), "");
-                match(lineNumber, serverIv, result.getServerIv(), "");
-                match(lineNumber, clientMacBytes, result.getClientMacKey(), "");
-                match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
-
-            } else {
-                throw new Exception("Unknown line: " + line);
-            }
+            System.out.println();
+            System.out.println("OK: " + n + " tests");
         }
-        if (n == 0) {
-            throw new Exception("no tests");
-        }
-        in.close();
-        System.out.println();
-        System.out.println("OK: " + n + " tests");
     }
 
     private static void stripParity(byte[] b) {
--- a/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,15 +27,18 @@
  * @summary Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
  * @library ..
  * @author Pasi Eronen
+ * @run main/othervm TestLeadingZeroesP11
+ * @run main/othervm TestLeadingZeroesP11 sm
  */
 
-import java.io.*;
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
-import javax.crypto.interfaces.*;
+
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import javax.crypto.KeyAgreement;
 
 /**
  * Test that leading zeroes are stripped in TlsPremasterSecret case,
@@ -48,9 +51,10 @@
 public class TestLeadingZeroesP11 extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new TestLeadingZeroesP11());
+        main(new TestLeadingZeroesP11(), args);
     }
 
+    @Override
     public void main(Provider p) throws Exception {
 
         // decode pre-generated keypairs
--- a/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,111 +29,112 @@
  * @library ..
  * @modules java.base/sun.security.internal.interfaces
  *          java.base/sun.security.internal.spec
+ * @run main/othervm TestMasterSecret
+ * @run main/othervm TestMasterSecret sm TestMasterSecret.policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.Provider;
-
+import java.util.Arrays;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.SecretKeySpec;
 import sun.security.internal.interfaces.TlsMasterSecret;
+import sun.security.internal.spec.TlsMasterSecretParameterSpec;
 
 public class TestMasterSecret extends PKCS11Test {
 
-    private static int PREFIX_LENGTH = "m-premaster:  ".length();
+    private static final int PREFIX_LENGTH = "m-premaster:  ".length();
 
     public static void main(String[] args) throws Exception {
-        main(new TestMasterSecret());
+        main(new TestMasterSecret(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         if (provider.getService("KeyGenerator", "SunTlsMasterSecret") == null) {
             System.out.println("Not supported by provider, skipping");
             return;
         }
-        InputStream in = new FileInputStream(new File(BASE, "masterdata.txt"));
-        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
 
-        int n = 0;
-        int lineNumber = 0;
+        try (BufferedReader reader = Files.newBufferedReader(
+                Paths.get(BASE, "masterdata.txt"))) {
 
-        String algorithm = null;
-        byte[] premaster = null;
-        byte[] clientRandom = null;
-        byte[] serverRandom = null;
-        int protoMajor = 0;
-        int protoMinor = 0;
-        int preMajor = 0;
-        int preMinor = 0;
-        byte[] master = null;
+            int n = 0;
+            int lineNumber = 0;
 
-        while (true) {
-            String line = reader.readLine();
-            lineNumber++;
-            if (line == null) {
-                break;
+            String algorithm = null;
+            byte[] premaster = null;
+            byte[] clientRandom = null;
+            byte[] serverRandom = null;
+            int protoMajor = 0;
+            int protoMinor = 0;
+            int preMajor = 0;
+            int preMinor = 0;
+            byte[] master = null;
+
+            while (true) {
+                String line = reader.readLine();
+                lineNumber++;
+                if (line == null) {
+                    break;
+                }
+                if (line.startsWith("m-") == false) {
+                    continue;
+                }
+                String data = line.substring(PREFIX_LENGTH);
+                if (line.startsWith("m-algorithm:")) {
+                    algorithm = data;
+                } else if (line.startsWith("m-premaster:")) {
+                    premaster = parse(data);
+                } else if (line.startsWith("m-crandom:")) {
+                    clientRandom = parse(data);
+                } else if (line.startsWith("m-srandom:")) {
+                    serverRandom = parse(data);
+                } else if (line.startsWith("m-protomajor:")) {
+                    protoMajor = Integer.parseInt(data);
+                } else if (line.startsWith("m-protominor:")) {
+                    protoMinor = Integer.parseInt(data);
+                } else if (line.startsWith("m-premajor:")) {
+                    preMajor = Integer.parseInt(data);
+                } else if (line.startsWith("m-preminor:")) {
+                    preMinor = Integer.parseInt(data);
+                } else if (line.startsWith("m-master:")) {
+                    master = parse(data);
+
+                    System.out.print(".");
+                    n++;
+
+                    KeyGenerator kg =
+                        KeyGenerator.getInstance("SunTlsMasterSecret", provider);
+                    SecretKey premasterKey =
+                        new SecretKeySpec(premaster, algorithm);
+                    TlsMasterSecretParameterSpec spec =
+                        new TlsMasterSecretParameterSpec(premasterKey,
+                            protoMajor, protoMinor, clientRandom, serverRandom,
+                            null, -1, -1);
+                    kg.init(spec);
+                    TlsMasterSecret key = (TlsMasterSecret)kg.generateKey();
+                    byte[] enc = key.getEncoded();
+                    if (Arrays.equals(master, enc) == false) {
+                        throw new Exception("mismatch line: " + lineNumber);
+                    }
+                    if ((preMajor != key.getMajorVersion()) ||
+                            (preMinor != key.getMinorVersion())) {
+                        throw new Exception("version mismatch line: " + lineNumber);
+                    }
+                } else {
+                    throw new Exception("Unknown line: " + line);
+                }
             }
-            if (line.startsWith("m-") == false) {
-                continue;
+            if (n == 0) {
+                throw new Exception("no tests");
             }
-            String data = line.substring(PREFIX_LENGTH);
-            if (line.startsWith("m-algorithm:")) {
-                algorithm = data;
-            } else if (line.startsWith("m-premaster:")) {
-                premaster = parse(data);
-            } else if (line.startsWith("m-crandom:")) {
-                clientRandom = parse(data);
-            } else if (line.startsWith("m-srandom:")) {
-                serverRandom = parse(data);
-            } else if (line.startsWith("m-protomajor:")) {
-                protoMajor = Integer.parseInt(data);
-            } else if (line.startsWith("m-protominor:")) {
-                protoMinor = Integer.parseInt(data);
-            } else if (line.startsWith("m-premajor:")) {
-                preMajor = Integer.parseInt(data);
-            } else if (line.startsWith("m-preminor:")) {
-                preMinor = Integer.parseInt(data);
-            } else if (line.startsWith("m-master:")) {
-                master = parse(data);
-
-                System.out.print(".");
-                n++;
-
-                KeyGenerator kg =
-                    KeyGenerator.getInstance("SunTlsMasterSecret", provider);
-                SecretKey premasterKey =
-                    new SecretKeySpec(premaster, algorithm);
-                TlsMasterSecretParameterSpec spec =
-                    new TlsMasterSecretParameterSpec(premasterKey,
-                        protoMajor, protoMinor, clientRandom, serverRandom,
-                        null, -1, -1);
-                kg.init(spec);
-                TlsMasterSecret key = (TlsMasterSecret)kg.generateKey();
-                byte[] enc = key.getEncoded();
-                if (Arrays.equals(master, enc) == false) {
-                    throw new Exception("mismatch line: " + lineNumber);
-                }
-                if ((preMajor != key.getMajorVersion()) ||
-                        (preMinor != key.getMinorVersion())) {
-                    throw new Exception("version mismatch line: " + lineNumber);
-                }
-            } else {
-                throw new Exception("Unknown line: " + line);
-            }
+            System.out.println();
+            System.out.println("OK: " + n + " tests");
         }
-        if (n == 0) {
-            throw new Exception("no tests");
-        }
-        in.close();
-        System.out.println();
-        System.out.println("OK: " + n + " tests");
     }
 
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,8 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.io.FilePermission "${test.src}/*", "read";
+    permission java.lang.RuntimePermission
+        "accessClassInPackage.sun.security.internal.spec";
+    permission java.lang.RuntimePermission
+        "accessClassInPackage.sun.security.internal.interfaces";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/tls/TestPRF.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestPRF.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,116 +28,116 @@
  * @author Andreas Sterbenz
  * @library ..
  * @modules java.base/sun.security.internal.spec
+ * @run main/othervm TestPRF
+ * @run main/othervm TestPRF sm policy
  */
 
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.Provider;
-
+import java.util.Arrays;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.SecretKeySpec;
+import sun.security.internal.spec.TlsPrfParameterSpec;
 
 public class TestPRF extends PKCS11Test {
 
-    private static int PREFIX_LENGTH = "prf-output: ".length();
+    private static final int PREFIX_LENGTH = "prf-output: ".length();
 
     public static void main(String[] args) throws Exception {
-        main(new TestPRF());
+        main(new TestPRF(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         if (provider.getService("KeyGenerator", "SunTlsPrf") == null) {
             System.out.println("Provider does not support algorithm, skipping");
             return;
         }
 
-        InputStream in = new FileInputStream(new File(BASE, "prfdata.txt"));
-        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+        try (BufferedReader reader = Files.newBufferedReader(
+                Paths.get(BASE, "prfdata.txt"))) {
 
-        int n = 0;
-        int lineNumber = 0;
+            int n = 0;
+            int lineNumber = 0;
 
-        byte[] secret = null;
-        String label = null;
-        byte[] seed = null;
-        int length = 0;
-        byte[] output = null;
+            byte[] secret = null;
+            String label = null;
+            byte[] seed = null;
+            int length = 0;
+            byte[] output = null;
 
-        while (true) {
-            String line = reader.readLine();
-            lineNumber++;
-            if (line == null) {
-                break;
+            while (true) {
+                String line = reader.readLine();
+                lineNumber++;
+                if (line == null) {
+                    break;
+                }
+                if (line.startsWith("prf-") == false) {
+                    continue;
+                }
+
+                String data = line.substring(PREFIX_LENGTH);
+                if (line.startsWith("prf-secret:")) {
+                    secret = parse(data);
+                } else if (line.startsWith("prf-label:")) {
+                    label = data;
+                } else if (line.startsWith("prf-seed:")) {
+                    seed = parse(data);
+                } else if (line.startsWith("prf-length:")) {
+                    length = Integer.parseInt(data);
+                } else if (line.startsWith("prf-output:")) {
+                    output = parse(data);
+
+                    System.out.print(".");
+                    n++;
+
+                    KeyGenerator kg =
+                        KeyGenerator.getInstance("SunTlsPrf", provider);
+                    SecretKey inKey;
+                    if (secret == null) {
+                        inKey = null;
+                    } else {
+                        inKey = new SecretKeySpec(secret, "Generic");
+                    }
+                    TlsPrfParameterSpec spec =
+                        new TlsPrfParameterSpec(inKey, label, seed, length,
+                            null, -1, -1);
+                    SecretKey key;
+                    try {
+                        kg.init(spec);
+                        key = kg.generateKey();
+                    } catch (Exception e) {
+                        if (secret == null) {
+                            // This fails on Solaris, but since we never call this
+                            // API for this case in JSSE, ignore the failure.
+                            // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE
+                            // mechanism)
+                            System.out.print("X");
+                            continue;
+                        }
+                        System.out.println();
+                        throw new Exception("Error on line: " + lineNumber, e);
+                    }
+                    byte[] enc = key.getEncoded();
+                    if (Arrays.equals(output, enc) == false) {
+                        System.out.println();
+                        System.out.println("expected: " + toString(output));
+                        System.out.println("actual:   " + toString(enc));
+                        throw new Exception("mismatch line: " + lineNumber);
+                    }
+                } else {
+                    throw new Exception("Unknown line: " + line);
+                }
             }
-            if (line.startsWith("prf-") == false) {
-                continue;
+            if (n == 0) {
+                throw new Exception("no tests");
             }
-
-            String data = line.substring(PREFIX_LENGTH);
-            if (line.startsWith("prf-secret:")) {
-                secret = parse(data);
-            } else if (line.startsWith("prf-label:")) {
-                label = data;
-            } else if (line.startsWith("prf-seed:")) {
-                seed = parse(data);
-            } else if (line.startsWith("prf-length:")) {
-                length = Integer.parseInt(data);
-            } else if (line.startsWith("prf-output:")) {
-                output = parse(data);
-
-                System.out.print(".");
-                n++;
-
-                KeyGenerator kg =
-                    KeyGenerator.getInstance("SunTlsPrf", provider);
-                SecretKey inKey;
-                if (secret == null) {
-                    inKey = null;
-                } else {
-                    inKey = new SecretKeySpec(secret, "Generic");
-                }
-                TlsPrfParameterSpec spec =
-                    new TlsPrfParameterSpec(inKey, label, seed, length,
-                        null, -1, -1);
-                SecretKey key;
-                try {
-                    kg.init(spec);
-                    key = kg.generateKey();
-                } catch (Exception e) {
-                    if (secret == null) {
-                        // This fails on Solaris, but since we never call this
-                        // API for this case in JSSE, ignore the failure.
-                        // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE
-                        // mechanism)
-                        System.out.print("X");
-                        continue;
-                    }
-                    System.out.println();
-                    throw new Exception("Error on line: " + lineNumber, e);
-                }
-                byte[] enc = key.getEncoded();
-                if (Arrays.equals(output, enc) == false) {
-                    System.out.println();
-                    System.out.println("expected: " + toString(output));
-                    System.out.println("actual:   " + toString(enc));
-                    throw new Exception("mismatch line: " + lineNumber);
-                }
-            } else {
-                throw new Exception("Unknown line: " + line);
-            }
+            System.out.println();
+            System.out.println("OK: " + n + " tests");
         }
-        if (n == 0) {
-            throw new Exception("no tests");
-        }
-        in.close();
-        System.out.println();
-        System.out.println("OK: " + n + " tests");
     }
 
 }
--- a/jdk/test/sun/security/pkcs11/tls/TestPremaster.java	Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestPremaster.java	Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,23 +28,22 @@
  * @author Andreas Sterbenz
  * @library ..
  * @modules java.base/sun.security.internal.spec
+ * @run main/othervm TestPremaster
+ * @run main/othervm TestPremaster sm policy
  */
 
-import java.security.Security;
 import java.security.Provider;
-
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
-import java.util.Formatter;
-
 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
 
 public class TestPremaster extends PKCS11Test {
 
     public static void main(String[] args) throws Exception {
-        main(new TestPremaster());
+        main(new TestPremaster(), args);
     }
 
+    @Override
     public void main(Provider provider) throws Exception {
         if (provider.getService(
                 "KeyGenerator", "SunTlsRsaPremasterSecret") == null) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/policy	Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,5 @@
+grant {
+    permission java.lang.RuntimePermission "setSecurityManager";
+    permission java.io.FilePermission "${test.src}/*", "read";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.security.internal.spec";
+};
\ No newline at end of file