changeset 12939:5f032cc89bfd

8133151: Preferred provider configuration for JCE Reviewed-by: valeriep
author ascarpino
date Mon, 19 Oct 2015 17:35:18 -0700
parents a4bb084549a1
children 37de30468e37
files make/gendata/Gendata-java.base.gmk make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java src/java.base/share/classes/java/security/AlgorithmParameters.java src/java.base/share/classes/java/security/KeyFactory.java src/java.base/share/classes/java/security/KeyPairGenerator.java src/java.base/share/classes/java/security/KeyStore.java src/java.base/share/classes/java/security/MessageDigest.java src/java.base/share/classes/java/security/Policy.java src/java.base/share/classes/java/security/SecureRandom.java src/java.base/share/classes/java/security/Signature.java src/java.base/share/classes/java/security/cert/CertPathBuilder.java src/java.base/share/classes/java/security/cert/CertPathValidator.java src/java.base/share/classes/java/security/cert/CertStore.java src/java.base/share/classes/java/security/cert/CertificateFactory.java src/java.base/share/classes/javax/crypto/Cipher.java src/java.base/share/classes/javax/crypto/ExemptionMechanism.java src/java.base/share/classes/javax/crypto/KeyAgreement.java src/java.base/share/classes/javax/crypto/KeyGenerator.java src/java.base/share/classes/javax/crypto/Mac.java src/java.base/share/classes/javax/crypto/SecretKeyFactory.java src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java src/java.base/share/classes/javax/net/ssl/SSLContext.java src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java src/java.base/share/classes/javax/security/auth/login/Configuration.java src/java.base/share/classes/sun/security/jca/ProviderList.java src/java.base/share/conf/security/java.security src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java src/java.smartcardio/share/classes/javax/smartcardio/TerminalFactory.java src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformService.java src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureFactory.java src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java
diffstat 32 files changed, 465 insertions(+), 32 deletions(-) [+]
line wrap: on
line diff
--- a/make/gendata/Gendata-java.base.gmk	Mon Oct 19 17:26:01 2015 -0700
+++ b/make/gendata/Gendata-java.base.gmk	Mon Oct 19 17:35:18 2015 -0700
@@ -70,7 +70,7 @@
 	$(ECHO) "Generating java.security"
 	$(MKDIR) -p $(@D)
 	$(TOOL_MAKEJAVASECURITY) $(GENDATA_JAVA_SECURITY_SRC) $@ $(OPENJDK_TARGET_OS) \
-		$(RESTRICTED_PKGS_SRC) || exit 1
+		$(OPENJDK_TARGET_CPU_ARCH) $(RESTRICTED_PKGS_SRC) || exit 1
 
 TARGETS += $(GENDATA_JAVA_SECURITY)
 
--- a/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/make/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java	Mon Oct 19 17:35:18 2015 -0700
@@ -50,19 +50,21 @@
 
     public static void main(String[] args) throws Exception {
 
-        if (args.length < 3) {
+        if (args.length < 4) {
             System.err.println("Usage: java MakeJavaSecurity " +
                                "[input java.security file name] " +
                                "[output java.security file name] " +
                                "[openjdk target os] " +
+                               "[openjdk target cpu architecture]" +
                                "[more restricted packages file name?]");
-            System.exit(1);
+
+                    System.exit(1);
         }
 
         // more restricted packages
         List<String> extraLines;
-        if (args.length == 4) {
-            extraLines = Files.readAllLines(Paths.get(args[3]));
+        if (args.length == 5) {
+            extraLines = Files.readAllLines(Paths.get(args[4]));
         } else {
             extraLines = Collections.emptyList();
         }
@@ -96,7 +98,11 @@
                 mode = 0;
                 iter.remove();
             } else if (line.startsWith("#ifdef ")) {
-                mode = line.endsWith(args[2])?1:2;
+                if (line.indexOf('-') > 0) {
+                    mode = line.endsWith(args[2]+"-"+args[3]) ? 1 : 2;
+                } else {
+                    mode = line.endsWith(args[2]) ? 1 : 2;
+                }
                 iter.remove();
             } else if (line.startsWith("#ifndef ")) {
                 mode = line.endsWith(args[2])?2:1;
--- a/src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java	Mon Oct 19 17:35:18 2015 -0700
@@ -138,6 +138,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the name of the algorithm this
      * parameter generator is associated with.
      * See the AlgorithmParameterGenerator section in the <a href=
--- a/src/java.base/share/classes/java/security/AlgorithmParameters.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/AlgorithmParameters.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -126,6 +126,13 @@
      * {@code init}, using an appropriate parameter specification or
      * parameter encoding.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the name of the algorithm requested.
      * See the AlgorithmParameters section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#AlgorithmParameters">
--- a/src/java.base/share/classes/java/security/KeyFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/KeyFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -153,6 +153,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the name of the requested key algorithm.
      * See the KeyFactory section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
--- a/src/java.base/share/classes/java/security/KeyPairGenerator.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/KeyPairGenerator.java	Mon Oct 19 17:35:18 2015 -0700
@@ -195,6 +195,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard string name of the algorithm.
      * See the KeyPairGenerator section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyPairGenerator">
--- a/src/java.base/share/classes/java/security/KeyStore.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/KeyStore.java	Mon Oct 19 17:35:18 2015 -0700
@@ -841,6 +841,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param type the type of keystore.
      * See the KeyStore section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyStore">
--- a/src/java.base/share/classes/java/security/MessageDigest.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/MessageDigest.java	Mon Oct 19 17:35:18 2015 -0700
@@ -146,6 +146,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the name of the algorithm requested.
      * See the MessageDigest section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#MessageDigest">
--- a/src/java.base/share/classes/java/security/Policy.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/Policy.java	Mon Oct 19 17:35:18 2015 -0700
@@ -355,6 +355,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param type the specified Policy type.  See the Policy section in the
      *    <a href=
      *    "{@docRoot}/../technotes/guides/security/StandardNames.html#Policy">
--- a/src/java.base/share/classes/java/security/SecureRandom.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/SecureRandom.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -268,6 +268,13 @@
      * This self-seeding will not occur if {@code setSeed} was
      * previously called.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the name of the RNG algorithm.
      * See the SecureRandom section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
--- a/src/java.base/share/classes/java/security/Signature.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/Signature.java	Mon Oct 19 17:35:18 2015 -0700
@@ -203,6 +203,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the algorithm requested.
      * See the Signature section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
--- a/src/java.base/share/classes/java/security/cert/CertPathBuilder.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/cert/CertPathBuilder.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -142,6 +142,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the name of the requested {@code CertPathBuilder}
      *  algorithm.  See the CertPathBuilder section in the <a href=
      *  "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
--- a/src/java.base/share/classes/java/security/cert/CertPathValidator.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/cert/CertPathValidator.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -143,6 +143,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the name of the requested {@code CertPathValidator}
      *  algorithm. See the CertPathValidator section in the <a href=
      *  "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
--- a/src/java.base/share/classes/java/security/cert/CertStore.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/cert/CertStore.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -201,6 +201,13 @@
      * Note that the specified {@code CertStoreParameters} object is
      * cloned.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param type the name of the requested {@code CertStore} type.
      * See the CertStore section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
--- a/src/java.base/share/classes/java/security/cert/CertificateFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/java/security/cert/CertificateFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -163,6 +163,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param type the name of the requested certificate type.
      * See the CertificateFactory section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
--- a/src/java.base/share/classes/javax/crypto/Cipher.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/crypto/Cipher.java	Mon Oct 19 17:35:18 2015 -0700
@@ -478,6 +478,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param transformation the name of the transformation, e.g.,
      * <i>DES/CBC/PKCS5Padding</i>.
      * See the Cipher section in the <a href=
--- a/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -112,6 +112,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the requested exemption
      * mechanism.
      * See the ExemptionMechanism section in the
--- a/src/java.base/share/classes/javax/crypto/KeyAgreement.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/crypto/KeyAgreement.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -150,6 +150,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the requested key agreement
      * algorithm.
      * See the KeyAgreement section in the <a href=
--- a/src/java.base/share/classes/javax/crypto/KeyGenerator.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/crypto/KeyGenerator.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -202,6 +202,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the requested key algorithm.
      * See the KeyGenerator section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyGenerator">
--- a/src/java.base/share/classes/javax/crypto/Mac.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/crypto/Mac.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -152,6 +152,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the requested MAC algorithm.
      * See the Mac section in the <a href=
      *   "{@docRoot}/../technotes/guides/security/StandardNames.html#Mac">
--- a/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -137,6 +137,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the requested secret-key
      * algorithm.
      * See the SecretKeyFactory section in the <a href=
--- a/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -116,6 +116,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the requested algorithm.
      *          See the <a href=
      *  "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
--- a/src/java.base/share/classes/javax/net/ssl/SSLContext.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/net/ssl/SSLContext.java	Mon Oct 19 17:35:18 2015 -0700
@@ -136,6 +136,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param protocol the standard name of the requested protocol.
      *          See the SSLContext section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">
--- a/src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -130,6 +130,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the standard name of the requested trust management
      *          algorithm.  See the <a href=
      *  "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
--- a/src/java.base/share/classes/javax/security/auth/login/Configuration.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/javax/security/auth/login/Configuration.java	Mon Oct 19 17:35:18 2015 -0700
@@ -311,6 +311,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param type the specified Configuration type.  See the Configuration
      *    section in the <a href=
      *    "{@docRoot}/../technotes/guides/security/StandardNames.html#Configuration">
--- a/src/java.base/share/classes/sun/security/jca/ProviderList.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/classes/sun/security/jca/ProviderList.java	Mon Oct 19 17:35:18 2015 -0700
@@ -27,8 +27,11 @@
 
 import java.util.*;
 
-import java.security.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Provider;
 import java.security.Provider.Service;
+import java.security.Security;
 
 /**
  * List of Providers. Used to represent the provider preferences.
@@ -65,6 +68,9 @@
     // constant for an ProviderList with no elements
     static final ProviderList EMPTY = new ProviderList(PC0, true);
 
+    // list of all jdk.security.provider.preferred entries
+    static private PreferredList preferredPropList = null;
+
     // dummy provider object to use during initialization
     // used to avoid explicit null checks in various places
     private static final Provider EMPTY_PROVIDER =
@@ -162,11 +168,10 @@
      */
     private ProviderList() {
         List<ProviderConfig> configList = new ArrayList<>();
-        for (int i = 1; true; i++) {
-            String entry = Security.getProperty("security.provider." + i);
-            if (entry == null) {
-                break;
-            }
+        String entry;
+        int i = 1;
+
+        while ((entry = Security.getProperty("security.provider." + i)) != null) {
             entry = entry.trim();
             if (entry.length() == 0) {
                 System.err.println("invalid entry for " +
@@ -187,10 +192,36 @@
             if (configList.contains(config) == false) {
                 configList.add(config);
             }
+            i++;
         }
         configs = configList.toArray(PC0);
+
+        // Load config entries for use when getInstance is called
+        entry = Security.getProperty("jdk.security.provider.preferred");
+        if (entry != null && (entry = entry.trim()).length() > 0) {
+            String[] entries = entry.split(",");
+            if (ProviderList.preferredPropList == null) {
+                ProviderList.preferredPropList = new PreferredList();
+            }
+
+            for (String e : entries) {
+                i = e.indexOf(':');
+                if (i < 0) {
+                    if (debug != null) {
+                        debug.println("invalid preferred entry skipped.  " +
+                                "Missing colon delimiter \"" + e + "\"");
+                    }
+                    continue;
+                }
+                ProviderList.preferredPropList.add(new PreferredEntry(
+                        e.substring(0, i).trim(), e.substring(i + 1).trim()));
+            }
+        }
+
         if (debug != null) {
             debug.println("provider configuration: " + configList);
+            debug.println("config configuration: " +
+                    ProviderList.preferredPropList);
         }
     }
 
@@ -327,7 +358,22 @@
      * algorithm.
      */
     public Service getService(String type, String name) {
-        for (int i = 0; i < configs.length; i++) {
+        ArrayList<PreferredEntry> pList = null;
+        int i;
+
+        // Preferred provider list
+        if (preferredPropList != null &&
+                (pList = preferredPropList.getAll(type, name)) != null) {
+            for (i = 0; i < pList.size(); i++) {
+                Provider p = getProvider(pList.get(i).provider);
+                Service s = p.getService(type, name);
+                if (s != null) {
+                    return s;
+                }
+            }
+        }
+
+        for (i = 0; i < configs.length; i++) {
             Provider p = getProvider(i);
             Service s = p.getService(type, name);
             if (s != null) {
@@ -394,7 +440,11 @@
         private List<Service> services;
 
         // index into config[] of the next provider we need to query
-        private int providerIndex;
+        private int providerIndex = 0;
+
+        // Matching preferred provider list for this ServiceList
+        ArrayList<PreferredEntry> preferredList = null;
+        private int preferredIndex = 0;
 
         ServiceList(String type, String algorithm) {
             this.type = type;
@@ -421,6 +471,14 @@
         }
 
         private Service tryGet(int index) {
+            Provider p;
+
+            // If preferred providers are configured, check for matches with
+            // the requested service.
+            if (preferredPropList != null && preferredList == null) {
+                preferredList = preferredPropList.getAll(this);
+            }
+
             while (true) {
                 if ((index == 0) && (firstService != null)) {
                     return firstService;
@@ -430,8 +488,27 @@
                 if (providerIndex >= configs.length) {
                     return null;
                 }
-                // check all algorithms in this provider before moving on
-                Provider p = getProvider(providerIndex++);
+
+                // If there were matches with a preferred provider, iterate
+                // through the list first before going through the
+                // ordered list (java.security.provider.#)
+                if (preferredList != null &&
+                        preferredIndex < preferredList.size()) {
+                    PreferredEntry entry = preferredList.get(preferredIndex++);
+                    // Look for the provider name in the PreferredEntry
+                    p = getProvider(entry.provider);
+                    if (p == null) {
+                        if (debug != null) {
+                            debug.println("No provider found with name: " +
+                                    entry.provider);
+                        }
+                        continue;
+                    }
+                } else {
+                    // check all algorithms in this provider before moving on
+                    p = getProvider(providerIndex++);
+                }
+
                 if (type != null) {
                     // simple lookup
                     Service s = p.getService(type, algorithm);
@@ -502,4 +579,119 @@
         }
     }
 
+    // Provider list defined by jdk.security.provider.preferred entry
+    static final class PreferredList {
+        ArrayList<PreferredEntry> list = new ArrayList<PreferredEntry>();
+
+        /*
+         * Return a list of all preferred entries that match the passed
+         * ServiceList.
+         */
+        ArrayList<PreferredEntry> getAll(ServiceList s) {
+            if (s.ids == null) {
+                return getAll(s.type, s.algorithm);
+
+            }
+
+            ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
+            for (ServiceId id : s.ids) {
+                implGetAll(l, id.type, id.algorithm);
+            }
+
+            return l;
+        }
+
+        /*
+         * Return a list of all preferred entries that match the passed
+         * type and algorithm.
+         */
+        ArrayList<PreferredEntry> getAll(String type, String algorithm) {
+            ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
+            implGetAll(l, type, algorithm);
+            return l;
+        }
+
+        /*
+         * Compare each preferred entry against the passed type and
+         * algorithm, putting any matches in the passed ArrayList.
+         */
+        private void implGetAll(ArrayList<PreferredEntry> l, String type,
+                String algorithm) {
+            PreferredEntry e;
+
+            for (int i = 0; i < size(); i++) {
+                e = list.get(i);
+                if (e.match(type, algorithm)) {
+                    l.add(e);
+                }
+            }
+        }
+
+        public PreferredEntry get(int i) {
+            return list.get(i);
+        }
+
+        public int size() {
+            return list.size();
+        }
+
+        public boolean add(PreferredEntry e) {
+            return list.add(e);
+        }
+
+        public String toString() {
+            String s = "";
+            for (PreferredEntry e: list) {
+                s += e.toString();
+            }
+            return s;
+        }
+    }
+
+    // Individual preferred property entry from jdk.security.provider.preferred
+    private class PreferredEntry {
+        String type = null;
+        String algorithm;
+        String provider;
+
+        PreferredEntry(String t, String p) {
+            int i = t.indexOf('.');
+            if (i > 0) {
+                type = t.substring(0, i);
+                algorithm = t.substring(i + 1);
+            } else {
+                algorithm = t;
+            }
+
+            provider = p;
+        }
+
+        boolean match(String t, String a) {
+            if (debug != null) {
+                debug.println("Config match:  " + toString() + " == [" + t +
+                        ", " + a + "]");
+            }
+
+            // Compare service type if configured
+            if (type != null && type.compareToIgnoreCase(t) != 0) {
+                return false;
+            }
+
+            // Compare the algorithm string.
+            if (a.compareToIgnoreCase(algorithm) == 0) {
+                if (debug != null) {
+                    debug.println("Config entry found:  " + toString());
+                }
+                return true;
+            }
+
+            // No match
+            return false;
+        }
+
+        public String toString() {
+            return "[" + type + ", " + algorithm + " : " + provider + "] ";
+        }
+    }
+
 }
--- a/src/java.base/share/conf/security/java.security	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.base/share/conf/security/java.security	Mon Oct 19 17:35:18 2015 -0700
@@ -90,6 +90,31 @@
 security.provider.tbd=sun.security.pkcs11.SunPKCS11
 #endif
 
+#
+# A list of preferred providers for specific algorithms. These providers will
+# be searched for matching algorithms before the list of registered providers.
+# Entries containing errors (parsing, etc) will be ignored. Use the
+# -Djava.security.debug=jca property to debug these errors.
+#
+# The property is a comma-separated list of serviceType.algorithm:provider
+# entries. The serviceType (example: "MessageDigest") is optional, and if
+# not specified, the algorithm applies to all service types that support it.
+# The algorithm is the standard algorithm name or transformation.
+# Transformations can be specified in their full standard name
+# (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
+# The provider is the name of the provider. Any provider that does not
+# also appear in the registered list will be ignored.
+#
+# Example:
+#   jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
+#         MessageDigest.SHA-256:SUN
+#ifdef solaris-sparc
+jdk.security.provider.preferred=AES:SunJCE, SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
+#endif
+#ifdef solaris-x86
+jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
+#endif
+
 
 #
 # Sun Provider SecureRandom seed source.
--- a/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java	Mon Oct 19 17:35:18 2015 -0700
@@ -310,6 +310,13 @@
      * for information about how to install and configure security service
      *  providers.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param mechanisms The non-null list of mechanism names to try. Each is the
      * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
      * @param authorizationId The possibly null protocol-dependent
@@ -452,6 +459,13 @@
      * for information about how to install and configure security
      * service providers.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param mechanism The non-null mechanism name. It must be an
      * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
      * @param protocol The non-null string name of the protocol for which
--- a/src/java.smartcardio/share/classes/javax/smartcardio/TerminalFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.smartcardio/share/classes/javax/smartcardio/TerminalFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -229,6 +229,13 @@
      * specified parameters Object. The type of parameters
      * needed may vary between different types of <code>TerminalFactory</code>s.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param type the type of the requested TerminalFactory
      * @param params the parameters to pass to the TerminalFactorySpi
      *   implementation, or null if no parameters are needed
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformService.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformService.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -136,6 +136,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param algorithm the URI of the algorithm
      * @param mechanismType the type of the XML processing mechanism and
      *   representation
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -173,6 +173,13 @@
      * <p>Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param mechanismType the type of the XML processing mechanism and
      *    representation. See the <a
      *    href="../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java	Mon Oct 19 17:26:01 2015 -0700
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java	Mon Oct 19 17:35:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -129,6 +129,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @param mechanismType the type of the XML processing mechanism and
      *    representation. See the <a
      *    href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
@@ -263,6 +270,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @implNote
+     * The JDK Reference Implementation additionally uses the
+     * {@code jdk.security.provider.preferred} property to determine
+     * the preferred provider order for the specified algorithm. This
+     * may be different than the order of providers returned by
+     * {@link Security#getProviders() Security.getProviders()}.
+     *
      * @return a new <code>KeyInfoFactory</code>
      * @throws NoSuchMechanismException if no <code>Provider</code> supports a
      *    <code>KeyInfoFactory</code> implementation for the DOM mechanism