changeset 53173:9af672cab7cb

7092821: java.security.Provider.getService() is synchronized and became scalability bottleneck Summary: Changed Provider class to use ConcurrentHashMap and default providers to use putService() Reviewed-by: weijun, mullan
author valeriep
date Thu, 13 Dec 2018 01:15:21 +0000
parents d590cf6b4fac
children 2457d862a646
files src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java src/java.base/share/classes/java/security/Provider.java src/java.base/share/classes/sun/security/provider/Sun.java src/java.base/share/classes/sun/security/provider/SunEntries.java src/java.base/share/classes/sun/security/provider/VerificationProvider.java src/java.base/share/classes/sun/security/rsa/SunRsaSign.java src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java src/java.base/share/classes/sun/security/ssl/SunJSSE.java
diffstat 8 files changed, 972 insertions(+), 1105 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java	Thu Dec 13 01:15:21 2018 +0000
@@ -28,8 +28,12 @@
 import java.security.AccessController;
 import java.security.Provider;
 import java.security.SecureRandom;
+import java.security.PrivilegedAction;
+import java.util.HashMap;
+import java.util.List;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
-
+import static sun.security.provider.SunEntries.createAliases;
+import static sun.security.provider.SunEntries.createAliasesWithOid;
 
 /**
  * The "SunJCE" Cryptographic Service Provider.
@@ -81,16 +85,6 @@
     "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
     + "Diffie-Hellman, HMAC, ChaCha20)";
 
-    private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
-    private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
-    private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
-    private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
-    private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
-    private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
-    private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
-    private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
-    private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
-
     /* Are we debugging? -- for developers */
     static final boolean debug = false;
 
@@ -105,10 +99,105 @@
     }
     static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; }
 
+    private void ps(String type, String algo, String cn,
+            List<String> aliases, HashMap<String, String> attrs) {
+        putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+    }
+
     public SunJCE() {
         /* We are the "SunJCE" provider */
         super("SunJCE", PROVIDER_VER, info);
 
+        // if there is no security manager installed, put directly into
+        // the provider
+        if (System.getSecurityManager() == null) {
+            putEntries();
+        } else {
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                @Override
+                public Void run() {
+                    putEntries();
+                    return null;
+                }
+            });
+        }
+        if (instance == null) {
+            instance = this;
+        }
+    }
+
+    void putEntries() {
+        // common aliases and oids
+        List<String> aesAliases = createAliases("Rijndael");
+        List<String> desEdeAliases = createAliases("TripleDES");
+        List<String> arcFourAliases = createAliases("RC4");
+        List<String> sunTlsMSAliases = createAliases(
+            "SunTls12MasterSecret", "SunTlsExtendedMasterSecret"
+        );
+        List<String> sunTlsKMAliases = createAliases("SunTls12KeyMaterial");
+        List<String> sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret");
+
+        String aes128Oid = "2.16.840.1.101.3.4.1.";
+        String aes192Oid = "2.16.840.1.101.3.4.1.2";
+        String aes256Oid = "2.16.840.1.101.3.4.1.4";
+
+        List<String> pkcs12RC4_128Aliases =
+            createAliasesWithOid("1.2.840.113549.1.12.1.1");
+
+        List<String> pkcs12RC4_40Aliases =
+            createAliasesWithOid("1.2.840.113549.1.12.1.2");
+
+        List<String> pkcs12DESedeAliases =
+            createAliasesWithOid("1.2.840.113549.1.12.1.3");
+
+        List<String> pkcs12RC2_128Aliases =
+            createAliasesWithOid("1.2.840.113549.1.12.1.5");
+
+        List<String> pkcs12RC2_40Aliases =
+            createAliasesWithOid("1.2.840.113549.1.12.1.6");
+
+        List<String> pkcs5MD5_DESAliases =
+            createAliasesWithOid("1.2.840.113549.1.5.3", "PBE");
+
+        List<String> pkcs5PBKDF2Aliases =
+            createAliasesWithOid("1.2.840.113549.1.5.12");
+
+        List<String> pkcs5PBES2Aliases =
+            createAliasesWithOid("1.2.840.113549.1.5.13");
+
+        List<String> diffieHellmanAliases =
+            createAliasesWithOid("1.2.840.113549.1.3.1", "DH");
+
+        List<String> chachaPolyAliases =
+            createAliasesWithOid("1.2.840.113549.1.9.16.3.18");
+
+        String macOidBase = "1.2.840.113549.2.";
+        List<String> macSHA1Aliases = createAliasesWithOid(macOidBase + "7");
+        List<String> macSHA224Aliases = createAliasesWithOid(macOidBase + "8");
+        List<String> macSHA256Aliases = createAliasesWithOid(macOidBase + "9");
+        List<String> macSHA384Aliases = createAliasesWithOid(macOidBase + "10");
+        List<String> macSHA512Aliases = createAliasesWithOid(macOidBase + "11");
+
+        // reuse attribute map and reset before each reuse
+        HashMap<String, String> attrs = new HashMap<>(3);
+        attrs.put("SupportedModes", "ECB");
+        attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+                + "|OAEPWITHMD5ANDMGF1PADDING"
+                + "|OAEPWITHSHA1ANDMGF1PADDING"
+                + "|OAEPWITHSHA-1ANDMGF1PADDING"
+                + "|OAEPWITHSHA-224ANDMGF1PADDING"
+                + "|OAEPWITHSHA-256ANDMGF1PADDING"
+                + "|OAEPWITHSHA-384ANDMGF1PADDING"
+                + "|OAEPWITHSHA-512ANDMGF1PADDING"
+                + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+                + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+        attrs.put("SupportedKeyClasses",
+                "java.security.interfaces.RSAPublicKey" +
+                "|java.security.interfaces.RSAPrivateKey");
+        ps("Cipher", "RSA",
+                "com.sun.crypto.provider.RSACipher", null, attrs);
+
+        // common block cipher modes, pads
         final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
             "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
             "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
@@ -117,699 +206,536 @@
             "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
         final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
 
-        AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Object>() {
-                @Override
-                public Object run() {
+        attrs.clear();
+        attrs.put("SupportedModes", BLOCK_MODES);
+        attrs.put("SupportedPaddings", BLOCK_PADS);
+        attrs.put("SupportedKeyFormats", "RAW");
+        ps("Cipher", "DES",
+                "com.sun.crypto.provider.DESCipher", null, attrs);
+        ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
+                desEdeAliases, attrs);
+        ps("Cipher", "Blowfish",
+                "com.sun.crypto.provider.BlowfishCipher", null, attrs);
 
-                    /*
-                     * Cipher engines
-                     */
-                    put("Cipher.RSA", "com.sun.crypto.provider.RSACipher");
-                    put("Cipher.RSA SupportedModes", "ECB");
-                    put("Cipher.RSA SupportedPaddings",
-                            "NOPADDING|PKCS1PADDING|OAEPPADDING"
-                            + "|OAEPWITHMD5ANDMGF1PADDING"
-                            + "|OAEPWITHSHA1ANDMGF1PADDING"
-                            + "|OAEPWITHSHA-1ANDMGF1PADDING"
-                            + "|OAEPWITHSHA-224ANDMGF1PADDING"
-                            + "|OAEPWITHSHA-256ANDMGF1PADDING"
-                            + "|OAEPWITHSHA-384ANDMGF1PADDING"
-                            + "|OAEPWITHSHA-512ANDMGF1PADDING"
-                            + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
-                            + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
-                    put("Cipher.RSA SupportedKeyClasses",
-                            "java.security.interfaces.RSAPublicKey" +
-                            "|java.security.interfaces.RSAPrivateKey");
+        ps("Cipher", "RC2",
+                "com.sun.crypto.provider.RC2Cipher", null, attrs);
 
-                    put("Cipher.DES", "com.sun.crypto.provider.DESCipher");
-                    put("Cipher.DES SupportedModes", BLOCK_MODES);
-                    put("Cipher.DES SupportedPaddings", BLOCK_PADS);
-                    put("Cipher.DES SupportedKeyFormats", "RAW");
+        attrs.clear();
+        attrs.put("SupportedModes", BLOCK_MODES128);
+        attrs.put("SupportedPaddings", BLOCK_PADS);
+        attrs.put("SupportedKeyFormats", "RAW");
+        ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General",
+                aesAliases, attrs);
 
-                    put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher");
-                    put("Alg.Alias.Cipher.TripleDES", "DESede");
-                    put("Cipher.DESede SupportedModes", BLOCK_MODES);
-                    put("Cipher.DESede SupportedPaddings", BLOCK_PADS);
-                    put("Cipher.DESede SupportedKeyFormats", "RAW");
+        attrs.clear();
+        attrs.put("SupportedKeyFormats", "RAW");
+        ps("Cipher", "AES_128/ECB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
+                createAliasesWithOid(aes128Oid+"1"), attrs);
+        ps("Cipher", "AES_128/CBC/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
+                createAliasesWithOid(aes128Oid+"2"), attrs);
+        ps("Cipher", "AES_128/OFB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
+                createAliasesWithOid(aes128Oid+"3"), attrs);
+        ps("Cipher", "AES_128/CFB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
+                createAliasesWithOid(aes128Oid+"4"), attrs);
+        ps("Cipher", "AES_128/GCM/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding",
+                createAliasesWithOid(aes128Oid+"6"), attrs);
 
-                    put("Cipher.DESedeWrap",
-                        "com.sun.crypto.provider.DESedeWrapCipher");
-                    put("Cipher.DESedeWrap SupportedModes", "CBC");
-                    put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
-                    put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
+        ps("Cipher", "AES_192/ECB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
+                createAliasesWithOid(aes192Oid+"1"), attrs);
+        ps("Cipher", "AES_192/CBC/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
+                createAliasesWithOid(aes192Oid+"2"), attrs);
+        ps("Cipher", "AES_192/OFB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
+                createAliasesWithOid(aes192Oid+"3"), attrs);
+        ps("Cipher", "AES_192/CFB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
+                createAliasesWithOid(aes192Oid+"4"), attrs);
+        ps("Cipher", "AES_192/GCM/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding",
+                createAliasesWithOid(aes192Oid+"6"), attrs);
 
-                    // PBES1
+        ps("Cipher", "AES_256/ECB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
+                createAliasesWithOid(aes256Oid+"1"), attrs);
+        ps("Cipher", "AES_256/CBC/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
+                createAliasesWithOid(aes256Oid+"2"), attrs);
+        ps("Cipher", "AES_256/OFB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
+                createAliasesWithOid(aes256Oid+"3"), attrs);
+        ps("Cipher", "AES_256/CFB/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
+                createAliasesWithOid(aes256Oid+"4"), attrs);
+        ps("Cipher", "AES_256/GCM/NoPadding",
+                "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding",
+                createAliasesWithOid(aes256Oid+"6"), attrs);
 
-                    put("Cipher.PBEWithMD5AndDES",
-                        "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
-                    put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
-                        "PBEWithMD5AndDES");
-                    put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
-                        "PBEWithMD5AndDES");
+        attrs.clear();
+        attrs.put("SupportedModes", "CBC");
+        attrs.put("SupportedPaddings", "NOPADDING");
+        attrs.put("SupportedKeyFormats", "RAW");
+        ps("Cipher", "DESedeWrap",
+                "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
 
-                    put("Cipher.PBEWithMD5AndTripleDES",
-                        "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+        attrs.clear();
+        attrs.put("SupportedModes", "ECB");
+        attrs.put("SupportedPaddings", "NOPADDING");
+        attrs.put("SupportedKeyFormats", "RAW");
+        ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher",
+                arcFourAliases, attrs);
+        ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General",
+                null, attrs);
+        ps("Cipher", "AESWrap_128",
+                "com.sun.crypto.provider.AESWrapCipher$AES128",
+                createAliasesWithOid(aes128Oid+"5"), attrs);
+        ps("Cipher", "AESWrap_192",
+                "com.sun.crypto.provider.AESWrapCipher$AES192",
+                createAliasesWithOid(aes192Oid+"5"), attrs);
+        ps("Cipher", "AESWrap_256",
+                "com.sun.crypto.provider.AESWrapCipher$AES256",
+                createAliasesWithOid(aes256Oid+"5"), attrs);
 
-                    put("Cipher.PBEWithSHA1AndDESede",
-                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
+        attrs.clear();
+        attrs.put("SupportedKeyFormats", "RAW");
+        ps("Cipher",  "ChaCha20",
+                "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
+                null, attrs);
+        ps("Cipher",  "ChaCha20-Poly1305",
+                "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
+                chachaPolyAliases, attrs);
 
-                    put("Cipher.PBEWithSHA1AndRC2_40",
-                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndRC2_40");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
-                        "PBEWithSHA1AndRC2_40");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
-                        "PBEWithSHA1AndRC2_40");
+        // PBES1
+        ps("Cipher", "PBEWithMD5AndDES",
+                "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
+                pkcs5MD5_DESAliases, null);
+        ps("Cipher", "PBEWithMD5AndTripleDES",
+                "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher",
+                null, null);
+        ps("Cipher", "PBEWithSHA1AndDESede",
+                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
+                pkcs12DESedeAliases, null);
+        ps("Cipher", "PBEWithSHA1AndRC2_40",
+                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
+                pkcs12RC2_40Aliases, null);
+        ps("Cipher", "PBEWithSHA1AndRC2_128",
+                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
+                pkcs12RC2_128Aliases, null);
+        ps("Cipher", "PBEWithSHA1AndRC4_40",
+                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
+                pkcs12RC4_40Aliases, null);
 
-                    put("Cipher.PBEWithSHA1AndRC2_128",
-                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndRC2_128");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
-                        "PBEWithSHA1AndRC2_128");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
-                        "PBEWithSHA1AndRC2_128");
+        ps("Cipher", "PBEWithSHA1AndRC4_128",
+                "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
+                pkcs12RC4_128Aliases, null);
 
-                    put("Cipher.PBEWithSHA1AndRC4_40",
-                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndRC4_40");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
-                        "PBEWithSHA1AndRC4_40");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
-                        "PBEWithSHA1AndRC4_40");
+        // PBES2
+        ps("Cipher", "PBEWithHmacSHA1AndAES_128",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128",
+                null, null);
 
-                    put("Cipher.PBEWithSHA1AndRC4_128",
-                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndRC4_128");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
-                        "PBEWithSHA1AndRC4_128");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
-                        "PBEWithSHA1AndRC4_128");
+        ps("Cipher", "PBEWithHmacSHA224AndAES_128",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128",
+                null, null);
 
-                    //PBES2
+        ps("Cipher", "PBEWithHmacSHA256AndAES_128",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA1AndAES_128",
-                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+        ps("Cipher", "PBEWithHmacSHA384AndAES_128",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA224AndAES_128",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA224AndAES_128");
+        ps("Cipher", "PBEWithHmacSHA512AndAES_128",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA256AndAES_128",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA256AndAES_128");
+        ps("Cipher", "PBEWithHmacSHA1AndAES_256",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA384AndAES_128",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA384AndAES_128");
+        ps("Cipher", "PBEWithHmacSHA224AndAES_256",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA512AndAES_128",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA512AndAES_128");
+        ps("Cipher", "PBEWithHmacSHA256AndAES_256",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA1AndAES_256",
-                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+        ps("Cipher", "PBEWithHmacSHA384AndAES_256",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA224AndAES_256",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA224AndAES_256");
+        ps("Cipher", "PBEWithHmacSHA512AndAES_256",
+                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA256AndAES_256",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA256AndAES_256");
+        /*
+         * Key(pair) Generator engines
+         */
+        ps("KeyGenerator", "DES",
+                "com.sun.crypto.provider.DESKeyGenerator",
+                null, null);
+        ps("KeyGenerator", "DESede",
+                "com.sun.crypto.provider.DESedeKeyGenerator",
+                desEdeAliases, null);
+        ps("KeyGenerator", "Blowfish",
+                "com.sun.crypto.provider.BlowfishKeyGenerator",
+                null, null);
+        ps("KeyGenerator", "AES",
+                "com.sun.crypto.provider.AESKeyGenerator",
+                aesAliases, null);
+        ps("KeyGenerator", "RC2",
+                "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator",
+                null, null);
+        ps("KeyGenerator", "ARCFOUR",
+                "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
+                arcFourAliases, null);
+        ps("KeyGenerator", "ChaCha20",
+                "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator",
+                null, null);
+        ps("KeyGenerator", "HmacMD5",
+                "com.sun.crypto.provider.HmacMD5KeyGenerator",
+                null, null);
 
-                    put("Cipher.PBEWithHmacSHA384AndAES_256",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA384AndAES_256");
+        ps("KeyGenerator", "HmacSHA1",
+                "com.sun.crypto.provider.HmacSHA1KeyGenerator",
+                macSHA1Aliases, null);
+        ps("KeyGenerator", "HmacSHA224",
+                "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224",
+                macSHA224Aliases, null);
+        ps("KeyGenerator", "HmacSHA256",
+                "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256",
+                macSHA256Aliases, null);
+        ps("KeyGenerator", "HmacSHA384",
+                "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384",
+                macSHA384Aliases, null);
+        ps("KeyGenerator", "HmacSHA512",
+                "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512",
+                macSHA512Aliases, null);
 
-                    put("Cipher.PBEWithHmacSHA512AndAES_256",
-                        "com.sun.crypto.provider.PBES2Core$" +
-                            "HmacSHA512AndAES_256");
+        ps("KeyPairGenerator", "DiffieHellman",
+                "com.sun.crypto.provider.DHKeyPairGenerator",
+                diffieHellmanAliases, null);
 
-                    put("Cipher.Blowfish",
-                        "com.sun.crypto.provider.BlowfishCipher");
-                    put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
-                    put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
-                    put("Cipher.Blowfish SupportedKeyFormats", "RAW");
+        /*
+         * Algorithm parameter generation engines
+         */
+        ps("AlgorithmParameterGenerator",
+                "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
+                diffieHellmanAliases, null);
 
-                    put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General");
-                    put("Alg.Alias.Cipher.Rijndael", "AES");
-                    put("Cipher.AES SupportedModes", BLOCK_MODES128);
-                    put("Cipher.AES SupportedPaddings", BLOCK_PADS);
-                    put("Cipher.AES SupportedKeyFormats", "RAW");
+        /*
+         * Key Agreement engines
+         */
+        attrs.clear();
+        attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
+                        "|javax.crypto.interfaces.DHPrivateKey");
+        ps("KeyAgreement", "DiffieHellman",
+                "com.sun.crypto.provider.DHKeyAgreement",
+                diffieHellmanAliases, attrs);
 
-                    put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
-                    put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
-                    put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
-                    put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
-                    put("Cipher.AES_128/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding");
+        /*
+         * Algorithm Parameter engines
+         */
+        ps("AlgorithmParameters", "DiffieHellman",
+                "com.sun.crypto.provider.DHParameters",
+                diffieHellmanAliases, null);
 
-                    put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
-                    put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
-                    put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
-                    put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
-                    put("Cipher.AES_192/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding");
+        ps("AlgorithmParameters", "DES",
+                "com.sun.crypto.provider.DESParameters",
+                null, null);
 
-                    put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
-                    put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
-                    put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
-                    put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
-                    put("Cipher.AES_256/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding");
+        ps("AlgorithmParameters", "DESede",
+                "com.sun.crypto.provider.DESedeParameters",
+                desEdeAliases, null);
 
-                    put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General");
-                    put("Cipher.AESWrap SupportedModes", "ECB");
-                    put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
-                    put("Cipher.AESWrap SupportedKeyFormats", "RAW");
+        ps("AlgorithmParameters", "PBEWithMD5AndDES",
+                "com.sun.crypto.provider.PBEParameters",
+                pkcs5MD5_DESAliases, null);
 
-                    put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
-                    put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
-                    put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256");
-                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
-                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+        ps("AlgorithmParameters", "PBEWithMD5AndTripleDES",
+                "com.sun.crypto.provider.PBEParameters",
+                null, null);
 
-                    put("Cipher.RC2",
-                        "com.sun.crypto.provider.RC2Cipher");
-                    put("Cipher.RC2 SupportedModes", BLOCK_MODES);
-                    put("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
-                    put("Cipher.RC2 SupportedKeyFormats", "RAW");
+        ps("AlgorithmParameters", "PBEWithSHA1AndDESede",
+                "com.sun.crypto.provider.PBEParameters",
+                pkcs12DESedeAliases, null);
 
-                    put("Cipher.ARCFOUR",
-                        "com.sun.crypto.provider.ARCFOURCipher");
-                    put("Alg.Alias.Cipher.RC4", "ARCFOUR");
-                    put("Cipher.ARCFOUR SupportedModes", "ECB");
-                    put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
-                    put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
+        ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
+                "com.sun.crypto.provider.PBEParameters",
+                pkcs12RC2_40Aliases, null);
 
-                    put("Cipher.ChaCha20",
-                        "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only");
-                    put("Cipher.ChaCha20 SupportedKeyFormats", "RAW");
-                    put("Cipher.ChaCha20-Poly1305",
-                        "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305");
-                    put("Cipher.ChaCha20-Poly1305 SupportedKeyFormats", "RAW");
-                    put("Alg.Alias.Cipher.1.2.840.113549.1.9.16.3.18", "ChaCha20-Poly1305");
-                    put("Alg.Alias.Cipher.OID.1.2.840.113549.1.9.16.3.18", "ChaCha20-Poly1305");
+        ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
+                "com.sun.crypto.provider.PBEParameters",
+                pkcs12RC2_128Aliases, null);
 
-                    /*
-                     * Key(pair) Generator engines
-                     */
-                    put("KeyGenerator.DES",
-                        "com.sun.crypto.provider.DESKeyGenerator");
+        ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
+                "com.sun.crypto.provider.PBEParameters",
+                pkcs12RC4_40Aliases, null);
 
-                    put("KeyGenerator.DESede",
-                        "com.sun.crypto.provider.DESedeKeyGenerator");
-                    put("Alg.Alias.KeyGenerator.TripleDES", "DESede");
+        ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
+                "com.sun.crypto.provider.PBEParameters",
+                pkcs12RC4_128Aliases, null);
 
-                    put("KeyGenerator.Blowfish",
-                        "com.sun.crypto.provider.BlowfishKeyGenerator");
+        ps("AlgorithmParameters", "PBES2",
+                "com.sun.crypto.provider.PBES2Parameters$General",
+                pkcs5PBES2Aliases, null);
 
-                    put("KeyGenerator.AES",
-                        "com.sun.crypto.provider.AESKeyGenerator");
-                    put("Alg.Alias.KeyGenerator.Rijndael", "AES");
+        ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128",
+                null, null);
 
-                    put("KeyGenerator.RC2",
-                        "com.sun.crypto.provider.KeyGeneratorCore$" +
-                        "RC2KeyGenerator");
-                    put("KeyGenerator.ARCFOUR",
-                        "com.sun.crypto.provider.KeyGeneratorCore$" +
-                        "ARCFOURKeyGenerator");
-                    put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
+        ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128",
+                null, null);
 
-                    put("KeyGenerator.ChaCha20",
-                        "com.sun.crypto.provider.KeyGeneratorCore$" +
-                        "ChaCha20KeyGenerator");
+        ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128",
+                null, null);
 
-                    put("KeyGenerator.HmacMD5",
-                        "com.sun.crypto.provider.HmacMD5KeyGenerator");
+        ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128",
+                null, null);
 
-                    put("KeyGenerator.HmacSHA1",
-                        "com.sun.crypto.provider.HmacSHA1KeyGenerator");
-                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
-                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
+        ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128",
+                null, null);
 
-                    put("KeyGenerator.HmacSHA224",
-                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224");
-                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
-                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
+        ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256",
+                null, null);
 
-                    put("KeyGenerator.HmacSHA256",
-                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256");
-                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
-                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
+        ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256",
+                null, null);
 
-                    put("KeyGenerator.HmacSHA384",
-                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384");
-                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
-                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
+        ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256",
+                null, null);
 
-                    put("KeyGenerator.HmacSHA512",
-                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512");
-                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
-                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
+        ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256",
+                null, null);
 
-                    put("KeyPairGenerator.DiffieHellman",
-                        "com.sun.crypto.provider.DHKeyPairGenerator");
-                    put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
-                    put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3,
-                        "DiffieHellman");
-                    put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
-                        "DiffieHellman");
+        ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256",
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256",
+                null, null);
 
-                    /*
-                     * Algorithm parameter generation engines
-                     */
-                    put("AlgorithmParameterGenerator.DiffieHellman",
-                        "com.sun.crypto.provider.DHParameterGenerator");
-                    put("Alg.Alias.AlgorithmParameterGenerator.DH",
-                        "DiffieHellman");
-                    put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3,
-                        "DiffieHellman");
-                    put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3,
-                        "DiffieHellman");
+        ps("AlgorithmParameters", "Blowfish",
+                "com.sun.crypto.provider.BlowfishParameters",
+                null, null);
 
-                    /*
-                     * Key Agreement engines
-                     */
-                    put("KeyAgreement.DiffieHellman",
-                        "com.sun.crypto.provider.DHKeyAgreement");
-                    put("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
-                    put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman");
-                    put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman");
+        ps("AlgorithmParameters", "AES",
+                "com.sun.crypto.provider.AESParameters",
+                aesAliases, null);
 
-                    put("KeyAgreement.DiffieHellman SupportedKeyClasses",
-                        "javax.crypto.interfaces.DHPublicKey" +
-                        "|javax.crypto.interfaces.DHPrivateKey");
+        ps("AlgorithmParameters", "GCM",
+                "com.sun.crypto.provider.GCMParameters",
+                null, null);
 
-                    /*
-                     * Algorithm Parameter engines
-                     */
-                    put("AlgorithmParameters.DiffieHellman",
-                        "com.sun.crypto.provider.DHParameters");
-                    put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3,
-                        "DiffieHellman");
-                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS3,
-                        "DiffieHellman");
+        ps("AlgorithmParameters", "RC2",
+                "com.sun.crypto.provider.RC2Parameters",
+                null, null);
 
-                    put("AlgorithmParameters.DES",
-                        "com.sun.crypto.provider.DESParameters");
+        ps("AlgorithmParameters", "OAEP",
+                "com.sun.crypto.provider.OAEPParameters",
+                null, null);
 
-                    put("AlgorithmParameters.DESede",
-                        "com.sun.crypto.provider.DESedeParameters");
-                    put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
+        ps("AlgorithmParameters", "ChaCha20-Poly1305",
+                "com.sun.crypto.provider.ChaCha20Poly1305Parameters",
+                chachaPolyAliases, null);
 
-                    put("AlgorithmParameters.PBE",
-                        "com.sun.crypto.provider.PBEParameters");
+        /*
+         * Key factories
+         */
+        ps("KeyFactory", "DiffieHellman",
+                "com.sun.crypto.provider.DHKeyFactory",
+                diffieHellmanAliases, null);
 
-                    put("AlgorithmParameters.PBEWithMD5AndDES",
-                        "com.sun.crypto.provider.PBEParameters");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES,
-                        "PBEWithMD5AndDES");
-                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES,
-                        "PBEWithMD5AndDES");
+        /*
+         * Secret-key factories
+         */
+        ps("SecretKeyFactory", "DES",
+                "com.sun.crypto.provider.DESKeyFactory",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithMD5AndTripleDES",
-                        "com.sun.crypto.provider.PBEParameters");
+        ps("SecretKeyFactory", "DESede",
+                "com.sun.crypto.provider.DESedeKeyFactory",
+                desEdeAliases, null);
 
-                    put("AlgorithmParameters.PBEWithSHA1AndDESede",
-                        "com.sun.crypto.provider.PBEParameters");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
+        ps("SecretKeyFactory", "PBEWithMD5AndDES",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
+                pkcs5MD5_DESAliases, null);
 
-                    put("AlgorithmParameters.PBEWithSHA1AndRC2_40",
-                        "com.sun.crypto.provider.PBEParameters");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40,
-                        "PBEWithSHA1AndRC2_40");
-                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
-                        "PBEWithSHA1AndRC2_40");
+        /*
+         * Internal in-house crypto algorithm used for
+         * the JCEKS keystore type.  Since this was developed
+         * internally, there isn't an OID corresponding to this
+         * algorithm.
+         */
+        ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
-                        "com.sun.crypto.provider.PBEParameters");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
-                        "PBEWithSHA1AndRC2_128");
-                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
-                        "PBEWithSHA1AndRC2_128");
+        ps("SecretKeyFactory", "PBEWithSHA1AndDESede",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
+                pkcs12DESedeAliases, null);
 
-                    put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
-                        "com.sun.crypto.provider.PBEParameters");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
-                        "PBEWithSHA1AndRC4_40");
-                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
-                        "PBEWithSHA1AndRC4_40");
+        ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
+                pkcs12RC2_40Aliases, null);
 
-                    put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
-                        "com.sun.crypto.provider.PBEParameters");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
-                        "PBEWithSHA1AndRC4_128");
-                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
-                        "PBEWithSHA1AndRC4_128");
+        ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
+                pkcs12RC2_128Aliases, null);
 
-                    put("AlgorithmParameters.PBES2",
-                        "com.sun.crypto.provider.PBES2Parameters$General");
-                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
-                        "PBES2");
-                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
-                        "PBES2");
+        ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
+                pkcs12RC4_40Aliases,null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
+        ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
+                pkcs12RC4_128Aliases, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
+        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256",
+                null, null);
 
-                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
-                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
+        ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256",
+                null, null);
 
-                    put("AlgorithmParameters.Blowfish",
-                        "com.sun.crypto.provider.BlowfishParameters");
+        ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256",
+                null, null);
 
-                    put("AlgorithmParameters.AES",
-                        "com.sun.crypto.provider.AESParameters");
-                    put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
-                    put("AlgorithmParameters.GCM",
-                        "com.sun.crypto.provider.GCMParameters");
+        // PBKDF2
+        ps("SecretKeyFactory", "PBKDF2WithHmacSHA1",
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
+                pkcs5PBKDF2Aliases, null);
+        ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA224",
+                null, null);
+        ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA256",
+                null, null);
+        ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA384",
+                null, null);
+        ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA512",
+                null, null);
 
+        /*
+         * MAC
+         */
+        attrs.clear();
+        attrs.put("SupportedKeyFormats", "RAW");
+        ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
+        ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
+                macSHA1Aliases, attrs);
+        ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224",
+                macSHA224Aliases, attrs);
+        ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256",
+                macSHA256Aliases, attrs);
+        ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384",
+                macSHA384Aliases, attrs);
+        ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512",
+                macSHA512Aliases, attrs);
+        // TODO: aliases with OIDs
+        ps("Mac", "HmacSHA512/224",
+                "com.sun.crypto.provider.HmacCore$HmacSHA512_224",
+                null, attrs);
+        ps("Mac", "HmacSHA512/256",
+                "com.sun.crypto.provider.HmacCore$HmacSHA512_256",
+                null, attrs);
+        ps("Mac", "HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBESHA1",
+                null, attrs);
+        // PBMAC1
+        ps("Mac", "PBEWithHmacSHA1",
+                "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
+        ps("Mac", "PBEWithHmacSHA224",
+                "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
+        ps("Mac", "PBEWithHmacSHA256",
+                "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
+        ps("Mac", "PBEWithHmacSHA384",
+                "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
+        ps("Mac", "PBEWithHmacSHA512",
+                "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
+        ps("Mac", "SslMacMD5",
+                "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
+        ps("Mac", "SslMacSHA1",
+                "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
 
-                    put("AlgorithmParameters.RC2",
-                        "com.sun.crypto.provider.RC2Parameters");
+        /*
+         * KeyStore
+         */
+        ps("KeyStore", "JCEKS",
+                "com.sun.crypto.provider.JceKeyStore",
+                null, null);
 
-                    put("AlgorithmParameters.OAEP",
-                        "com.sun.crypto.provider.OAEPParameters");
+        /*
+         * SSL/TLS mechanisms
+         *
+         * These are strictly internal implementations and may
+         * be changed at any time.  These names were chosen
+         * because PKCS11/SunPKCS11 does not yet have TLS1.2
+         * mechanisms, and it will cause calls to come here.
+         */
+        ps("KeyGenerator", "SunTlsPrf",
+                "com.sun.crypto.provider.TlsPrfGenerator$V10",
+                null, null);
+        ps("KeyGenerator", "SunTls12Prf",
+                "com.sun.crypto.provider.TlsPrfGenerator$V12",
+                null, null);
 
-                    put("AlgorithmParameters.ChaCha20-Poly1305",
-                        "com.sun.crypto.provider.ChaCha20Poly1305Parameters");
+        ps("KeyGenerator", "SunTlsMasterSecret",
+                "com.sun.crypto.provider.TlsMasterSecretGenerator",
+                createAliases("SunTls12MasterSecret",
+                    "SunTlsExtendedMasterSecret"), null);
 
-                    /*
-                     * Key factories
-                     */
-                    put("KeyFactory.DiffieHellman",
-                        "com.sun.crypto.provider.DHKeyFactory");
-                    put("Alg.Alias.KeyFactory.DH", "DiffieHellman");
-                    put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
-                        "DiffieHellman");
-                    put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+        ps("KeyGenerator", "SunTlsKeyMaterial",
+                "com.sun.crypto.provider.TlsKeyMaterialGenerator",
+                createAliases("SunTls12KeyMaterial"), null);
 
-                    /*
-                     * Secret-key factories
-                     */
-                    put("SecretKeyFactory.DES",
-                        "com.sun.crypto.provider.DESKeyFactory");
-
-                    put("SecretKeyFactory.DESede",
-                        "com.sun.crypto.provider.DESedeKeyFactory");
-                    put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
-
-                    put("SecretKeyFactory.PBEWithMD5AndDES",
-                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES"
-                        );
-                    put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES,
-                        "PBEWithMD5AndDES");
-                    put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES,
-                        "PBEWithMD5AndDES");
-
-                    put("Alg.Alias.SecretKeyFactory.PBE",
-                        "PBEWithMD5AndDES");
-
-                    /*
-                     * Internal in-house crypto algorithm used for
-                     * the JCEKS keystore type.  Since this was developed
-                     * internally, there isn't an OID corresponding to this
-                     * algorithm.
-                     */
-                    put("SecretKeyFactory.PBEWithMD5AndTripleDES",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithMD5AndTripleDES"
-                        );
-
-                    put("SecretKeyFactory.PBEWithSHA1AndDESede",
-                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede"
-                        );
-                    put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
-
-                    put("SecretKeyFactory.PBEWithSHA1AndRC2_40",
-                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40"
-                        );
-                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40,
-                        "PBEWithSHA1AndRC2_40");
-                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
-                        "PBEWithSHA1AndRC2_40");
-
-                    put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
-                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
-                        );
-                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
-                        "PBEWithSHA1AndRC2_128");
-                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
-                        "PBEWithSHA1AndRC2_128");
-
-                    put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
-                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
-                        );
-
-                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
-                        "PBEWithSHA1AndRC4_40");
-                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
-                        "PBEWithSHA1AndRC4_40");
-
-                    put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
-                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
-                        );
-
-                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
-                        "PBEWithSHA1AndRC4_128");
-                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
-                        "PBEWithSHA1AndRC4_128");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA1AndAES_128");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA224AndAES_128");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA256AndAES_128");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA384AndAES_128");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA512AndAES_128");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA1AndAES_256");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA224AndAES_256");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA256AndAES_256");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA384AndAES_256");
-
-                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
-                        "com.sun.crypto.provider.PBEKeyFactory$" +
-                        "PBEWithHmacSHA512AndAES_256");
-
-                    // PBKDF2
-
-                    put("SecretKeyFactory.PBKDF2WithHmacSHA1",
-                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
-                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
-                        "PBKDF2WithHmacSHA1");
-                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
-                        "PBKDF2WithHmacSHA1");
-
-                    put("SecretKeyFactory.PBKDF2WithHmacSHA224",
-                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
-                    put("SecretKeyFactory.PBKDF2WithHmacSHA256",
-                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
-                    put("SecretKeyFactory.PBKDF2WithHmacSHA384",
-                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
-                    put("SecretKeyFactory.PBKDF2WithHmacSHA512",
-                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
-
-                    /*
-                     * MAC
-                     */
-                    put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
-                    put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
-                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
-                    put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
-                    put("Mac.HmacSHA224",
-                        "com.sun.crypto.provider.HmacCore$HmacSHA224");
-                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
-                    put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
-                    put("Mac.HmacSHA256",
-                        "com.sun.crypto.provider.HmacCore$HmacSHA256");
-                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
-                    put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
-                    put("Mac.HmacSHA384",
-                        "com.sun.crypto.provider.HmacCore$HmacSHA384");
-                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
-                    put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
-                    put("Mac.HmacSHA512",
-                        "com.sun.crypto.provider.HmacCore$HmacSHA512");
-                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
-                    put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
-
-                    // TODO: aliases with OIDs
-                    put("Mac.HmacSHA512/224",
-                            "com.sun.crypto.provider.HmacCore$HmacSHA512_224");
-                    put("Mac.HmacSHA512/256",
-                            "com.sun.crypto.provider.HmacCore$HmacSHA512_256");
-
-                    put("Mac.HmacPBESHA1",
-                        "com.sun.crypto.provider.HmacPKCS12PBESHA1");
-
-                    // PBMAC1
-
-                    put("Mac.PBEWithHmacSHA1",
-                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
-                    put("Mac.PBEWithHmacSHA224",
-                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
-                    put("Mac.PBEWithHmacSHA256",
-                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
-                    put("Mac.PBEWithHmacSHA384",
-                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
-                    put("Mac.PBEWithHmacSHA512",
-                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
-
-                    put("Mac.SslMacMD5",
-                        "com.sun.crypto.provider.SslMacCore$SslMacMD5");
-                    put("Mac.SslMacSHA1",
-                        "com.sun.crypto.provider.SslMacCore$SslMacSHA1");
-
-                    put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
-                    put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
-                    put("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
-                    put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
-                    put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
-                    put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
-                    put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
-                    put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW");
-                    put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW");
-                    put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW");
-                    put("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW");
-                    put("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW");
-                    put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
-                    put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
-
-                    /*
-                     * KeyStore
-                     */
-                    put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore");
-
-                    /*
-                     * SSL/TLS mechanisms
-                     *
-                     * These are strictly internal implementations and may
-                     * be changed at any time.  These names were chosen
-                     * because PKCS11/SunPKCS11 does not yet have TLS1.2
-                     * mechanisms, and it will cause calls to come here.
-                     */
-                    put("KeyGenerator.SunTlsPrf",
-                            "com.sun.crypto.provider.TlsPrfGenerator$V10");
-                    put("KeyGenerator.SunTls12Prf",
-                            "com.sun.crypto.provider.TlsPrfGenerator$V12");
-
-                    put("KeyGenerator.SunTlsMasterSecret",
-                        "com.sun.crypto.provider.TlsMasterSecretGenerator");
-                    put("Alg.Alias.KeyGenerator.SunTls12MasterSecret",
-                        "SunTlsMasterSecret");
-                    put("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret",
-                        "SunTlsMasterSecret");
-
-                    put("KeyGenerator.SunTlsKeyMaterial",
-                        "com.sun.crypto.provider.TlsKeyMaterialGenerator");
-                    put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
-                        "SunTlsKeyMaterial");
-
-                    put("KeyGenerator.SunTlsRsaPremasterSecret",
-                        "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator");
-                    put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret",
-                        "SunTlsRsaPremasterSecret");
-
-                    return null;
-                }
-            });
-
-        if (instance == null) {
-            instance = this;
-        }
+        ps("KeyGenerator", "SunTlsRsaPremasterSecret",
+                "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
+                createAliases("SunTls12RsaPremasterSecret"), null);
     }
 
     // Return the instance of this class or create one if needed.
--- a/src/java.base/share/classes/java/security/Provider.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/java/security/Provider.java	Thu Dec 13 01:15:21 2018 +0000
@@ -33,6 +33,7 @@
 import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 import java.util.function.Function;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * This class represents a "provider" for the
@@ -225,6 +226,7 @@
         this.version = version;
         this.versionStr = Double.toString(version);
         this.info = info;
+        this.serviceMap = new ConcurrentHashMap<>();
         putId();
         initialized = true;
     }
@@ -262,6 +264,7 @@
         this.versionStr = versionStr;
         this.version = parseVersionStr(versionStr);
         this.info = info;
+        this.serviceMap = new ConcurrentHashMap<>();
         putId();
         initialized = true;
     }
@@ -852,10 +855,7 @@
     // legacy properties changed since last call to any services method?
     private transient boolean legacyChanged;
     // serviceMap changed since last call to getServices()
-    private transient boolean servicesChanged;
-
-    // Map<String,String>
-    private transient Map<String,String> legacyStrings;
+    private volatile transient boolean servicesChanged;
 
     // Map<ServiceKey,Service>
     // used for services added via putService(), initialized on demand
@@ -905,22 +905,18 @@
             // otherwise, set version based on versionStr
             this.version = parseVersionStr(this.versionStr);
         }
+        this.serviceMap = new ConcurrentHashMap<>();
         implClear();
         initialized = true;
         putAll(copy);
     }
 
-    private boolean checkLegacy(Object key) {
+    private static boolean isProviderInfo(Object key) {
         String keyString = (String)key;
         if (keyString.startsWith("Provider.")) {
-            return false;
+            return true;
         }
-
-        legacyChanged = true;
-        if (legacyStrings == null) {
-            legacyStrings = new LinkedHashMap<>();
-        }
-        return true;
+        return false;
     }
 
     /**
@@ -936,20 +932,20 @@
 
     private Object implRemove(Object key) {
         if (key instanceof String) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.remove((String)key);
+            legacyChanged = true;
         }
         return super.remove(key);
     }
 
     private boolean implRemove(Object key, Object value) {
         if (key instanceof String && value instanceof String) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return false;
             }
-            legacyStrings.remove((String)key, value);
+            legacyChanged = true;
         }
         return super.remove(key, value);
     }
@@ -957,21 +953,20 @@
     private boolean implReplace(Object key, Object oldValue, Object newValue) {
         if ((key instanceof String) && (oldValue instanceof String) &&
                 (newValue instanceof String)) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return false;
             }
-            legacyStrings.replace((String)key, (String)oldValue,
-                    (String)newValue);
+            legacyChanged = true;
         }
         return super.replace(key, oldValue, newValue);
     }
 
     private Object implReplace(Object key, Object value) {
         if ((key instanceof String) && (value instanceof String)) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.replace((String)key, (String)value);
+            legacyChanged = true;
         }
         return super.replace(key, value);
     }
@@ -980,12 +975,6 @@
     private void implReplaceAll(BiFunction<? super Object, ? super Object,
             ? extends Object> function) {
         legacyChanged = true;
-        if (legacyStrings == null) {
-            legacyStrings = new LinkedHashMap<>();
-        } else {
-            legacyStrings.replaceAll((BiFunction<? super String, ? super String,
-                    ? extends String>) function);
-        }
         super.replaceAll(function);
     }
 
@@ -993,11 +982,10 @@
     private Object implMerge(Object key, Object value, BiFunction<? super Object,
             ? super Object, ? extends Object> remappingFunction) {
         if ((key instanceof String) && (value instanceof String)) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.merge((String)key, (String)value,
-                    (BiFunction<? super String, ? super String, ? extends String>) remappingFunction);
+            legacyChanged = true;
         }
         return super.merge(key, value, remappingFunction);
     }
@@ -1006,11 +994,10 @@
     private Object implCompute(Object key, BiFunction<? super Object,
             ? super Object, ? extends Object> remappingFunction) {
         if (key instanceof String) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.compute((String) key,
-                    (BiFunction<? super String,? super String, ? extends String>) remappingFunction);
+            legacyChanged = true;
         }
         return super.compute(key, remappingFunction);
     }
@@ -1019,11 +1006,10 @@
     private Object implComputeIfAbsent(Object key, Function<? super Object,
             ? extends Object> mappingFunction) {
         if (key instanceof String) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.computeIfAbsent((String) key,
-                    (Function<? super String, ? extends String>) mappingFunction);
+            legacyChanged = true;
         }
         return super.computeIfAbsent(key, mappingFunction);
     }
@@ -1032,45 +1018,39 @@
     private Object implComputeIfPresent(Object key, BiFunction<? super Object,
             ? super Object, ? extends Object> remappingFunction) {
         if (key instanceof String) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.computeIfPresent((String) key,
-                    (BiFunction<? super String, ? super String, ? extends String>) remappingFunction);
+            legacyChanged = true;
         }
         return super.computeIfPresent(key, remappingFunction);
     }
 
     private Object implPut(Object key, Object value) {
         if ((key instanceof String) && (value instanceof String)) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.put((String)key, (String)value);
+            legacyChanged = true;
         }
         return super.put(key, value);
     }
 
     private Object implPutIfAbsent(Object key, Object value) {
         if ((key instanceof String) && (value instanceof String)) {
-            if (!checkLegacy(key)) {
+            if (isProviderInfo(key)) {
                 return null;
             }
-            legacyStrings.putIfAbsent((String)key, (String)value);
+            legacyChanged = true;
         }
         return super.putIfAbsent(key, value);
     }
 
     private void implClear() {
-        if (legacyStrings != null) {
-            legacyStrings.clear();
-        }
         if (legacyMap != null) {
             legacyMap.clear();
         }
-        if (serviceMap != null) {
-            serviceMap.clear();
-        }
+        serviceMap.clear();
         legacyChanged = false;
         servicesChanged = false;
         serviceSet = null;
@@ -1090,13 +1070,13 @@
             this.algorithm = intern ? algorithm.intern() : algorithm;
         }
         public int hashCode() {
-            return type.hashCode() + algorithm.hashCode();
+            return Objects.hash(type, algorithm);
         }
         public boolean equals(Object obj) {
             if (this == obj) {
                 return true;
             }
-            if (obj instanceof ServiceKey == false) {
+            if (!(obj instanceof ServiceKey)) {
                 return false;
             }
             ServiceKey other = (ServiceKey)obj;
@@ -1113,16 +1093,16 @@
      * service objects.
      */
     private void ensureLegacyParsed() {
-        if ((legacyChanged == false) || (legacyStrings == null)) {
+        if (legacyChanged == false) {
             return;
         }
         serviceSet = null;
         if (legacyMap == null) {
-            legacyMap = new LinkedHashMap<>();
+            legacyMap = new ConcurrentHashMap<>();
         } else {
             legacyMap.clear();
         }
-        for (Map.Entry<String,String> entry : legacyStrings.entrySet()) {
+        for (Map.Entry<?,?> entry : super.entrySet()) {
             parseLegacyPut(entry.getKey(), entry.getValue());
         }
         removeInvalidServices(legacyMap);
@@ -1161,7 +1141,15 @@
     private static final String ALIAS_PREFIX_LOWER = "alg.alias.";
     private static final int ALIAS_LENGTH = ALIAS_PREFIX.length();
 
-    private void parseLegacyPut(String name, String value) {
+    private void parseLegacyPut(Object k, Object v) {
+        if (!(k instanceof String) || !(v instanceof String)) {
+            return;
+        }
+        String name = (String) k;
+        String value = (String) v;
+        if (isProviderInfo(name)) {
+            return;
+        }
         if (name.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) {
             // e.g. put("Alg.Alias.MessageDigest.SHA", "SHA-1");
             // aliasKey ~ MessageDigest.SHA
@@ -1248,22 +1236,28 @@
      *
      * @since 1.5
      */
-    public synchronized Service getService(String type, String algorithm) {
+    public Service getService(String type, String algorithm) {
         checkInitialized();
-        // avoid allocating a new key object if possible
+
+        // avoid allocating a new ServiceKey object if possible
         ServiceKey key = previousKey;
         if (key.matches(type, algorithm) == false) {
             key = new ServiceKey(type, algorithm, false);
             previousKey = key;
         }
-        if (serviceMap != null) {
-            Service service = serviceMap.get(key);
-            if (service != null) {
-                return service;
+        if (!serviceMap.isEmpty()) {
+            Service s = serviceMap.get(key);
+            if (s != null) {
+                return s;
             }
         }
-        ensureLegacyParsed();
-        return (legacyMap != null) ? legacyMap.get(key) : null;
+        synchronized (this) {
+            ensureLegacyParsed();
+        }
+        if (legacyMap != null && !legacyMap.isEmpty()) {
+            return legacyMap.get(key);
+        }
+        return null;
     }
 
     // ServiceKey from previous getService() call
@@ -1292,10 +1286,10 @@
         if (serviceSet == null) {
             ensureLegacyParsed();
             Set<Service> set = new LinkedHashSet<>();
-            if (serviceMap != null) {
+            if (!serviceMap.isEmpty()) {
                 set.addAll(serviceMap.values());
             }
-            if (legacyMap != null) {
+            if (legacyMap != null && !legacyMap.isEmpty()) {
                 set.addAll(legacyMap.values());
             }
             serviceSet = Collections.unmodifiableSet(set);
@@ -1333,7 +1327,7 @@
      *
      * @since 1.5
      */
-    protected synchronized void putService(Service s) {
+    protected void putService(Service s) {
         check("putProviderProperty." + name);
         if (debug != null) {
             debug.println(name + ".putService(): " + s);
@@ -1345,20 +1339,18 @@
             throw new IllegalArgumentException
                     ("service.getProvider() must match this Provider object");
         }
-        if (serviceMap == null) {
-            serviceMap = new LinkedHashMap<>();
-        }
-        servicesChanged = true;
         String type = s.getType();
         String algorithm = s.getAlgorithm();
         ServiceKey key = new ServiceKey(type, algorithm, true);
-        // remove existing service
         implRemoveService(serviceMap.get(key));
         serviceMap.put(key, s);
         for (String alias : s.getAliases()) {
             serviceMap.put(new ServiceKey(type, alias, true), s);
         }
-        putPropertyStrings(s);
+        servicesChanged = true;
+        synchronized (this) {
+            putPropertyStrings(s);
+        }
     }
 
     /**
@@ -1425,7 +1417,7 @@
      *
      * @since 1.5
      */
-    protected synchronized void removeService(Service s) {
+    protected void removeService(Service s) {
         check("removeProviderProperty." + name);
         if (debug != null) {
             debug.println(name + ".removeService(): " + s);
@@ -1437,7 +1429,7 @@
     }
 
     private void implRemoveService(Service s) {
-        if ((s == null) || (serviceMap == null)) {
+        if ((s == null) || serviceMap.isEmpty()) {
             return;
         }
         String type = s.getType();
@@ -1452,7 +1444,9 @@
         for (String alias : s.getAliases()) {
             serviceMap.remove(new ServiceKey(type, alias, false));
         }
-        removePropertyStrings(s);
+        synchronized (this) {
+            removePropertyStrings(s);
+        }
     }
 
     // Wrapped String that behaves in a case insensitive way for equals/hashCode
--- a/src/java.base/share/classes/sun/security/provider/Sun.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/sun/security/provider/Sun.java	Thu Dec 13 01:15:21 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@
 import java.util.*;
 import java.security.*;
 
-import sun.security.action.PutAllAction;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 
 
@@ -51,17 +50,27 @@
         /* We are the SUN provider */
         super("SUN", PROVIDER_VER, INFO);
 
+        Provider p = this;
+        Iterator<Provider.Service> serviceIter = new SunEntries(p).iterator();
+
         // if there is no security manager installed, put directly into
-        // the provider. Otherwise, create a temporary map and use a
-        // doPrivileged() call at the end to transfer the contents
+        // the provider
         if (System.getSecurityManager() == null) {
-            SunEntries.putEntries(this);
+            putEntries(serviceIter);
         } else {
-            // use LinkedHashMap to preserve the order of the PRNGs
-            Map<Object, Object> map = new LinkedHashMap<>();
-            SunEntries.putEntries(map);
-            AccessController.doPrivileged(new PutAllAction(this, map));
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                @Override
+                public Void run() {
+                    putEntries(serviceIter);
+                    return null;
+                }
+            });
         }
     }
 
+    void putEntries(Iterator<Provider.Service> i) {
+        while (i.hasNext()) {
+            putService(i.next());
+        }
+    }
 }
--- a/src/java.base/share/classes/sun/security/provider/SunEntries.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java	Thu Dec 13 01:15:21 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@
 
 import java.io.*;
 import java.net.*;
-import java.util.Map;
+import java.util.*;
 import java.security.*;
 
 import jdk.internal.util.StaticProperty;
@@ -75,17 +75,28 @@
  * - JavaLoginConfig is the default file-based LoginModule Configuration type.
  */
 
-final class SunEntries {
+public final class SunEntries {
 
-    private static final boolean useLegacyDSA =
-        Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
-            ("jdk.security.legacyDSAKeyPairGenerator"));
-
-    private SunEntries() {
-        // empty
+    // create an aliases List from the specified aliases
+    public static List<String> createAliases(String ... aliases) {
+        return Arrays.asList(aliases);
     }
 
-    static void putEntries(Map<Object, Object> map) {
+    // create an aliases List from the specified oid followed by other aliases
+    public static List<String> createAliasesWithOid(String ... oids) {
+        String[] result = Arrays.copyOf(oids, oids.length + 1);
+        result[result.length - 1] = "OID." + oids[0];
+        return Arrays.asList(result);
+    }
+
+    // extend LinkedHashSet to preserve the ordering (needed by SecureRandom?)
+    SunEntries(Provider p) {
+        services = new LinkedHashSet<>(50, 0.9f);
+
+        // start populating content using the specified provider
+
+        // common attribute map
+        HashMap<String, String> attrs = new HashMap<>(3);
 
         /*
          * SecureRandom
@@ -100,266 +111,217 @@
         boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) ||
             seedSource.equals(URL_DEV_RANDOM);
 
+        attrs.put("ThreadSafe", "true");
         if (nativeAvailable && useNativePRNG) {
-            map.put("SecureRandom.NativePRNG",
-                "sun.security.provider.NativePRNG");
-            map.put("SecureRandom.NativePRNG ThreadSafe", "true");
+            add(p, "SecureRandom", "NativePRNG",
+               "sun.security.provider.NativePRNG", null, attrs);
         }
-
-        map.put("SecureRandom.DRBG", "sun.security.provider.DRBG");
-        map.put("SecureRandom.DRBG ThreadSafe", "true");
-
-        map.put("SecureRandom.SHA1PRNG",
-             "sun.security.provider.SecureRandom");
-
-        map.put("SecureRandom.SHA1PRNG ThreadSafe", "true");
+        attrs.put("ImplementedIn", "Software");
+        add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", null, attrs);
+        add(p, "SecureRandom", "SHA1PRNG",
+            "sun.security.provider.SecureRandom", null, attrs);
+        attrs.remove("ImplementedIn");
         if (nativeAvailable && !useNativePRNG) {
-            map.put("SecureRandom.NativePRNG",
-                "sun.security.provider.NativePRNG");
-            map.put("SecureRandom.NativePRNG ThreadSafe", "true");
+            add(p, "SecureRandom", "NativePRNG", "sun.security.provider.NativePRNG",
+               null, attrs);
         }
 
         if (NativePRNG.Blocking.isAvailable()) {
-            map.put("SecureRandom.NativePRNGBlocking",
-                "sun.security.provider.NativePRNG$Blocking");
-            map.put("SecureRandom.NativePRNGBlocking ThreadSafe", "true");
+            add(p, "SecureRandom", "NativePRNGBlocking",
+                "sun.security.provider.NativePRNG$Blocking", null, attrs);
         }
-
         if (NativePRNG.NonBlocking.isAvailable()) {
-            map.put("SecureRandom.NativePRNGNonBlocking",
-                "sun.security.provider.NativePRNG$NonBlocking");
-            map.put("SecureRandom.NativePRNGNonBlocking ThreadSafe", "true");
+            add(p, "SecureRandom", "NativePRNGNonBlocking",
+                "sun.security.provider.NativePRNG$NonBlocking", null, attrs);
         }
 
         /*
          * Signature engines
          */
-        map.put("Signature.SHA1withDSA",
-                "sun.security.provider.DSA$SHA1withDSA");
-        map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
-        map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
-        map.put("Signature.SHA224withDSA",
-                "sun.security.provider.DSA$SHA224withDSA");
-        map.put("Signature.SHA256withDSA",
-                "sun.security.provider.DSA$SHA256withDSA");
-
-        map.put("Signature.SHA1withDSAinP1363Format",
-                "sun.security.provider.DSA$SHA1withDSAinP1363Format");
-        map.put("Signature.NONEwithDSAinP1363Format",
-                "sun.security.provider.DSA$RawDSAinP1363Format");
-        map.put("Signature.SHA224withDSAinP1363Format",
-                "sun.security.provider.DSA$SHA224withDSAinP1363Format");
-        map.put("Signature.SHA256withDSAinP1363Format",
-                "sun.security.provider.DSA$SHA256withDSAinP1363Format");
-
+        attrs.clear();
         String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
                 "|java.security.interfaces.DSAPrivateKey";
-        map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
-        map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
-        map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
-        map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
+        attrs.put("SupportedKeyClasses", dsaKeyClasses);
+        attrs.put("ImplementedIn", "Software");
 
-        map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
-                "SHA1withDSA");
-        map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
-        map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1",
-                "SHA224withDSA");
-        map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
-        map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2",
-                "SHA256withDSA");
-        map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+        attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
+
+        add(p, "Signature", "SHA1withDSA",
+                "sun.security.provider.DSA$SHA1withDSA",
+                createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS", "SHA/DSA",
+                    "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA", "DSAWithSHA1",
+                    "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs);
+        add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA",
+                createAliases("RawDSA"), attrs);
+
+        attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
+
+        add(p, "Signature", "SHA224withDSA",
+                "sun.security.provider.DSA$SHA224withDSA",
+                createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs);
+        add(p, "Signature", "SHA256withDSA",
+                "sun.security.provider.DSA$SHA256withDSA",
+                createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs);
+
+        attrs.remove("KeySize");
+
+        add(p, "Signature", "SHA1withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA1withDSAinP1363Format",
+                null, null);
+        add(p, "Signature", "NONEwithDSAinP1363Format",
+                "sun.security.provider.DSA$RawDSAinP1363Format",
+                null, null);
+        add(p, "Signature", "SHA224withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA224withDSAinP1363Format",
+                null, null);
+        add(p, "Signature", "SHA256withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA256withDSAinP1363Format",
+                null, null);
 
         /*
          *  Key Pair Generator engines
          */
+        attrs.clear();
+        attrs.put("ImplementedIn", "Software");
+        attrs.put("KeySize", "2048"); // for DSA KPG and APG only
+
+        String dsaOid = "1.2.840.10040.4.1";
+        List<String> dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12");
         String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
         dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
-        map.put("KeyPairGenerator.DSA", dsaKPGImplClass);
-        map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
-        map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
-        map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
+        add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs);
+
+        /*
+         * Algorithm Parameter Generator engines
+         */
+        add(p, "AlgorithmParameterGenerator", "DSA",
+            "sun.security.provider.DSAParameterGenerator", dsaAliases, attrs);
+        attrs.remove("KeySize");
+
+        /*
+         * Algorithm Parameter engines
+         */
+        add(p, "AlgorithmParameters", "DSA",
+                "sun.security.provider.DSAParameters", dsaAliases, attrs);
+
+        /*
+         * Key factories
+         */
+        add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory",
+                dsaAliases, attrs);
 
         /*
          * Digest engines
          */
-        map.put("MessageDigest.MD2", "sun.security.provider.MD2");
-        map.put("MessageDigest.MD5", "sun.security.provider.MD5");
-        map.put("MessageDigest.SHA", "sun.security.provider.SHA");
+        add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs);
+        add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs);
+        add(p, "MessageDigest", "SHA", "sun.security.provider.SHA",
+                createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs);
 
-        map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
-        map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
-        map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
-        map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
-
-        map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4",
-                "SHA-224");
-
-        map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1",
-                "SHA-256");
-        map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2",
-                "SHA-384");
-        map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3",
-                "SHA-512");
-        map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5",
-                "SHA-512/224");
-        map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6",
-                "SHA-512/256");
-
-        map.put("MessageDigest.SHA3-224", "sun.security.provider.SHA3$SHA224");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.7", "SHA3-224");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.7",
-                "SHA3-224");
-
-        map.put("MessageDigest.SHA3-256", "sun.security.provider.SHA3$SHA256");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.8", "SHA3-256");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.8",
-                "SHA3-256");
-        map.put("MessageDigest.SHA3-384", "sun.security.provider.SHA3$SHA384");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.9", "SHA3-384");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.9",
-                "SHA3-384");
-        map.put("MessageDigest.SHA3-512", "sun.security.provider.SHA3$SHA512");
-        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.10", "SHA3-512");
-        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.10",
-                "SHA3-512");
-
-
-        /*
-         * Algorithm Parameter Generator engines
-         */
-        map.put("AlgorithmParameterGenerator.DSA",
-            "sun.security.provider.DSAParameterGenerator");
-
-        /*
-         * Algorithm Parameter engines
-         */
-        map.put("AlgorithmParameters.DSA",
-            "sun.security.provider.DSAParameters");
-        map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
-        map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
-        map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
-
-        /*
-         * Key factories
-         */
-        map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
-        map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
-        map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
-        map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
+        String sha2BaseOid = "2.16.840.1.101.3.4.2";
+        add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224",
+                createAliasesWithOid(sha2BaseOid + ".4"), attrs);
+        add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256",
+                createAliasesWithOid(sha2BaseOid + ".1"), attrs);
+        add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384",
+                createAliasesWithOid(sha2BaseOid + ".2"), attrs);
+        add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512",
+                createAliasesWithOid(sha2BaseOid + ".3"), attrs);
+        add(p, "MessageDigest", "SHA-512/224",
+                "sun.security.provider.SHA5$SHA512_224",
+                createAliasesWithOid(sha2BaseOid + ".5"), attrs);
+        add(p, "MessageDigest", "SHA-512/256",
+                "sun.security.provider.SHA5$SHA512_256",
+                createAliasesWithOid(sha2BaseOid + ".6"), attrs);
+        add(p, "MessageDigest", "SHA3-224", "sun.security.provider.SHA3$SHA224",
+                createAliasesWithOid(sha2BaseOid + ".7"), attrs);
+        add(p, "MessageDigest", "SHA3-256", "sun.security.provider.SHA3$SHA256",
+                createAliasesWithOid(sha2BaseOid + ".8"), attrs);
+        add(p, "MessageDigest", "SHA3-384", "sun.security.provider.SHA3$SHA384",
+                createAliasesWithOid(sha2BaseOid + ".9"), attrs);
+        add(p, "MessageDigest", "SHA3-512", "sun.security.provider.SHA3$SHA512",
+                createAliasesWithOid(sha2BaseOid + ".10"), attrs);
 
         /*
          * Certificates
          */
-        map.put("CertificateFactory.X.509",
-            "sun.security.provider.X509Factory");
-        map.put("Alg.Alias.CertificateFactory.X509", "X.509");
+        add(p, "CertificateFactory", "X.509",
+                "sun.security.provider.X509Factory",
+                createAliases("X509"), attrs);
 
         /*
          * KeyStore
          */
-        map.put("KeyStore.PKCS12",
-                        "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
-        map.put("KeyStore.JKS",
-                        "sun.security.provider.JavaKeyStore$DualFormatJKS");
-        map.put("KeyStore.CaseExactJKS",
-                        "sun.security.provider.JavaKeyStore$CaseExactJKS");
-        map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
+        add(p, "KeyStore", "PKCS12",
+                "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12",
+                null, null);
+        add(p, "KeyStore", "JKS",
+                "sun.security.provider.JavaKeyStore$DualFormatJKS",
+                null, attrs);
+        add(p, "KeyStore", "CaseExactJKS",
+                "sun.security.provider.JavaKeyStore$CaseExactJKS",
+                null, attrs);
+        add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
+                null, attrs);
+
+
+        /*
+         * CertStores
+         */
+        add(p, "CertStore", "Collection",
+                "sun.security.provider.certpath.CollectionCertStore",
+                null, attrs);
+        add(p, "CertStore", "com.sun.security.IndexedCollection",
+                "sun.security.provider.certpath.IndexedCollectionCertStore",
+                null, attrs);
 
         /*
          * Policy
          */
-        map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");
+        add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile",
+                null, null);
 
         /*
          * Configuration
          */
-        map.put("Configuration.JavaLoginConfig",
-                        "sun.security.provider.ConfigFile$Spi");
+        add(p, "Configuration", "JavaLoginConfig",
+                "sun.security.provider.ConfigFile$Spi", null, null);
 
         /*
-         * CertPathBuilder
+         * CertPathBuilder and CertPathValidator
          */
-        map.put("CertPathBuilder.PKIX",
-            "sun.security.provider.certpath.SunCertPathBuilder");
-        map.put("CertPathBuilder.PKIX ValidationAlgorithm",
-            "RFC5280");
+        attrs.clear();
+        attrs.put("ValidationAlgorithm", "RFC5280");
+        attrs.put("ImplementedIn", "Software");
 
-        /*
-         * CertPathValidator
-         */
-        map.put("CertPathValidator.PKIX",
-            "sun.security.provider.certpath.PKIXCertPathValidator");
-        map.put("CertPathValidator.PKIX ValidationAlgorithm",
-            "RFC5280");
+        add(p, "CertPathBuilder", "PKIX",
+                "sun.security.provider.certpath.SunCertPathBuilder",
+                null, attrs);
+        add(p, "CertPathValidator", "PKIX",
+                "sun.security.provider.certpath.PKIXCertPathValidator",
+                null, attrs);
+    }
 
-        /*
-         * CertStores
-         */
-        map.put("CertStore.Collection",
-            "sun.security.provider.certpath.CollectionCertStore");
-        map.put("CertStore.com.sun.security.IndexedCollection",
-            "sun.security.provider.certpath.IndexedCollectionCertStore");
+    Iterator<Provider.Service> iterator() {
+        return services.iterator();
+    }
 
-        /*
-         * KeySize
-         */
-        map.put("Signature.NONEwithDSA KeySize", "1024");
-        map.put("Signature.SHA1withDSA KeySize", "1024");
-        map.put("Signature.SHA224withDSA KeySize", "2048");
-        map.put("Signature.SHA256withDSA KeySize", "2048");
+    private void add(Provider p, String type, String algo, String cn,
+             List<String> aliases, HashMap<String, String> attrs) {
+         services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
+    }
 
-        map.put("KeyPairGenerator.DSA KeySize", "2048");
-        map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");
-
-        /*
-         * Implementation type: software or hardware
-         */
-        map.put("Signature.SHA1withDSA ImplementedIn", "Software");
-        map.put("KeyPairGenerator.DSA ImplementedIn", "Software");
-        map.put("MessageDigest.MD5 ImplementedIn", "Software");
-        map.put("MessageDigest.SHA ImplementedIn", "Software");
-        map.put("AlgorithmParameterGenerator.DSA ImplementedIn",
-            "Software");
-        map.put("AlgorithmParameters.DSA ImplementedIn", "Software");
-        map.put("KeyFactory.DSA ImplementedIn", "Software");
-        map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
-        map.put("SecureRandom.DRBG ImplementedIn", "Software");
-        map.put("CertificateFactory.X.509 ImplementedIn", "Software");
-        map.put("KeyStore.JKS ImplementedIn", "Software");
-        map.put("CertPathValidator.PKIX ImplementedIn", "Software");
-        map.put("CertPathBuilder.PKIX ImplementedIn", "Software");
-        map.put("CertStore.Collection ImplementedIn", "Software");
-        map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",
-            "Software");
-
-    }
+    private LinkedHashSet<Provider.Service> services;
 
     // name of the *System* property, takes precedence over PROP_RNDSOURCE
     private static final String PROP_EGD = "java.security.egd";
     // name of the *Security* property
     private static final String PROP_RNDSOURCE = "securerandom.source";
 
+    private static final boolean useLegacyDSA =
+        Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
+            ("jdk.security.legacyDSAKeyPairGenerator"));
+
     static final String URL_DEV_RANDOM = "file:/dev/random";
     static final String URL_DEV_URANDOM = "file:/dev/urandom";
 
--- a/src/java.base/share/classes/sun/security/provider/VerificationProvider.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/sun/security/provider/VerificationProvider.java	Thu Dec 13 01:15:21 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,8 +28,6 @@
 import java.util.*;
 import java.security.*;
 
-import sun.security.action.PutAllAction;
-
 import sun.security.rsa.SunRsaSignEntries;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 
@@ -70,18 +68,30 @@
             return;
         }
 
+        Provider p = this;
+        Iterator<Provider.Service> sunIter = new SunEntries(p).iterator();
+        Iterator<Provider.Service> rsaIter =
+            new SunRsaSignEntries(p).iterator();
+
         // if there is no security manager installed, put directly into
-        // the provider. Otherwise, create a temporary map and use a
-        // doPrivileged() call at the end to transfer the contents
+        // the provider
         if (System.getSecurityManager() == null) {
-            SunEntries.putEntries(this);
-            SunRsaSignEntries.putEntries(this);
+            putEntries(sunIter);
+            putEntries(rsaIter);
         } else {
-            // use LinkedHashMap to preserve the order of the PRNGs
-            Map<Object, Object> map = new LinkedHashMap<>();
-            SunEntries.putEntries(map);
-            SunRsaSignEntries.putEntries(map);
-            AccessController.doPrivileged(new PutAllAction(this, map));
+            AccessController.doPrivileged(new PrivilegedAction<Object>() {
+                public Void run() {
+                    putEntries(sunIter);
+                    putEntries(rsaIter);
+                    return null;
+                }
+            });
+        }
+    }
+
+    void putEntries(Iterator<Provider.Service> i) {
+        while (i.hasNext()) {
+            putService(i.next());
         }
     }
 
--- a/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java	Thu Dec 13 01:15:21 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
 
 import java.security.*;
 
-import sun.security.action.PutAllAction;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 
 /**
@@ -46,17 +45,24 @@
     public SunRsaSign() {
         super("SunRsaSign", PROVIDER_VER, "Sun RSA signature provider");
 
-        // if there is no security manager installed, put directly into
-        // the provider. Otherwise, create a temporary map and use a
-        // doPrivileged() call at the end to transfer the contents
+        Provider p = this;
+        Iterator<Provider.Service> serviceIter = new SunRsaSignEntries(p).iterator();
+
         if (System.getSecurityManager() == null) {
-            SunRsaSignEntries.putEntries(this);
+            putEntries(serviceIter);
         } else {
-            // use LinkedHashMap to preserve the order of the PRNGs
-            Map<Object, Object> map = new HashMap<>();
-            SunRsaSignEntries.putEntries(map);
-            AccessController.doPrivileged(new PutAllAction(this, map));
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                @Override
+                public Void run() {
+                    putEntries(serviceIter);
+                    return null;
+                }
+            });
         }
     }
-
+    void putEntries(Iterator<Provider.Service> i) {
+        while (i.hasNext()) {
+            putService(i.next());
+        }
+    }
 }
--- a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java	Thu Dec 13 01:15:21 2018 +0000
@@ -25,7 +25,9 @@
 
 package sun.security.rsa;
 
-import java.util.Map;
+import java.util.*;
+import java.security.Provider;
+import static sun.security.provider.SunEntries.createAliasesWithOid;
 
 /**
  * Defines the entries of the SunRsaSign provider.
@@ -34,102 +36,81 @@
  */
 public final class SunRsaSignEntries {
 
-    private SunRsaSignEntries() {
-        // empty
+    private void add(Provider p, String type, String algo, String cn,
+             List<String> aliases, HashMap<String, String> attrs) {
+         services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
     }
 
-    public static void putEntries(Map<Object, Object> map) {
+    // extend LinkedHashSet for consistency with SunEntries
+    // used by sun.security.provider.VerificationProvider
+    public SunRsaSignEntries(Provider p) {
+        services = new LinkedHashSet<>(20, 0.9f);
 
-        // main algorithms
-        map.put("KeyFactory.RSA",
-                "sun.security.rsa.RSAKeyFactory$Legacy");
-        map.put("KeyPairGenerator.RSA",
-                "sun.security.rsa.RSAKeyPairGenerator$Legacy");
-        map.put("Signature.MD2withRSA",
-                "sun.security.rsa.RSASignature$MD2withRSA");
-        map.put("Signature.MD5withRSA",
-                "sun.security.rsa.RSASignature$MD5withRSA");
-        map.put("Signature.SHA1withRSA",
-                "sun.security.rsa.RSASignature$SHA1withRSA");
-        map.put("Signature.SHA224withRSA",
-                "sun.security.rsa.RSASignature$SHA224withRSA");
-        map.put("Signature.SHA256withRSA",
-                "sun.security.rsa.RSASignature$SHA256withRSA");
-        map.put("Signature.SHA384withRSA",
-                "sun.security.rsa.RSASignature$SHA384withRSA");
-        map.put("Signature.SHA512withRSA",
-                "sun.security.rsa.RSASignature$SHA512withRSA");
-        map.put("Signature.SHA512/224withRSA",
-                "sun.security.rsa.RSASignature$SHA512_224withRSA");
-        map.put("Signature.SHA512/256withRSA",
-                "sun.security.rsa.RSASignature$SHA512_256withRSA");
+        // start populating content using the specified provider
 
-        map.put("KeyFactory.RSASSA-PSS",
-                "sun.security.rsa.RSAKeyFactory$PSS");
-        map.put("KeyPairGenerator.RSASSA-PSS",
-                "sun.security.rsa.RSAKeyPairGenerator$PSS");
-        map.put("Signature.RSASSA-PSS",
-                "sun.security.rsa.RSAPSSSignature");
-        map.put("AlgorithmParameters.RSASSA-PSS",
-                "sun.security.rsa.PSSParameters");
+        // common oids
+        String rsaOid = "1.2.840.113549.1.1";
+        List<String> rsaAliases = createAliasesWithOid(rsaOid);
+        List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10");
+        String sha1withRSAOid2 = "1.3.14.3.2.29";
 
-        // attributes for supported key classes
-        String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" +
-                "|java.security.interfaces.RSAPrivateKey";
-        map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses);
-        map.put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses);
+        // common attribute map
+        HashMap<String, String> attrs = new HashMap<>(3);
+        attrs.put("SupportedKeyClasses",
+                "java.security.interfaces.RSAPublicKey" +
+                "|java.security.interfaces.RSAPrivateKey");
 
-        // aliases
-        map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1",     "RSA");
-        map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
+        add(p, "KeyFactory", "RSA",
+                "sun.security.rsa.RSAKeyFactory$Legacy",
+                rsaAliases, null);
+        add(p, "KeyPairGenerator", "RSA",
+                "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+                rsaAliases, null);
+        add(p, "Signature", "MD2withRSA",
+                "sun.security.rsa.RSASignature$MD2withRSA",
+                createAliasesWithOid(rsaOid + ".2"), attrs);
+        add(p, "Signature", "MD5withRSA",
+                "sun.security.rsa.RSASignature$MD5withRSA",
+                createAliasesWithOid(rsaOid + ".4"), attrs);
+        add(p, "Signature", "SHA1withRSA",
+                "sun.security.rsa.RSASignature$SHA1withRSA",
+                createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs);
+        add(p, "Signature", "SHA224withRSA",
+                "sun.security.rsa.RSASignature$SHA224withRSA",
+                createAliasesWithOid(rsaOid + ".14"), attrs);
+        add(p, "Signature", "SHA256withRSA",
+                "sun.security.rsa.RSASignature$SHA256withRSA",
+                createAliasesWithOid(rsaOid + ".11"), attrs);
+        add(p, "Signature", "SHA384withRSA",
+                "sun.security.rsa.RSASignature$SHA384withRSA",
+                createAliasesWithOid(rsaOid + ".12"), attrs);
+        add(p, "Signature", "SHA512withRSA",
+                "sun.security.rsa.RSASignature$SHA512withRSA",
+                createAliasesWithOid(rsaOid + ".13"), attrs);
+        add(p, "Signature", "SHA512/224withRSA",
+                "sun.security.rsa.RSASignature$SHA512_224withRSA",
+                createAliasesWithOid(rsaOid + ".15"), attrs);
+        add(p, "Signature", "SHA512/256withRSA",
+                "sun.security.rsa.RSASignature$SHA512_256withRSA",
+                createAliasesWithOid(rsaOid + ".16"), attrs);
 
-        map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1",     "RSA");
-        map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
+        add(p, "KeyFactory", "RSASSA-PSS",
+                "sun.security.rsa.RSAKeyFactory$PSS",
+                rsapssAliases, null);
+        add(p, "KeyPairGenerator", "RSASSA-PSS",
+                "sun.security.rsa.RSAKeyPairGenerator$PSS",
+                rsapssAliases, null);
+        add(p, "Signature", "RSASSA-PSS",
+                "sun.security.rsa.RSAPSSSignature",
+                rsapssAliases, attrs);
+        add(p, "AlgorithmParameters", "RSASSA-PSS",
+                "sun.security.rsa.PSSParameters",
+                rsapssAliases, null);
+    }
 
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.2",     "MD2withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA");
+    public Iterator<Provider.Service> iterator() {
+        return services.iterator();
+    }
 
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.4",     "MD5withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA");
-
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.5",     "SHA1withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
-        map.put("Alg.Alias.Signature.1.3.14.3.2.29",            "SHA1withRSA");
-
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14",     "SHA224withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
-
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11",     "SHA256withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
-
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12",     "SHA384withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
-
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13",     "SHA512withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.15",     "SHA512/224withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA");
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.16",     "SHA512/256withRSA");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA");
-
-        map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10",     "RSASSA-PSS");
-        map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-
-        map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10",     "RSASSA-PSS");
-        map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-
-        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.10",     "RSASSA-PSS");
-        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-
-        map.put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10",     "RSASSA-PSS");
-        map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
-    }
+    private LinkedHashSet<Provider.Service> services;
 }
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Thu Dec 13 08:23:56 2018 +0800
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Thu Dec 13 01:15:21 2018 +0000
@@ -26,7 +26,10 @@
 package sun.security.ssl;
 
 import java.security.*;
+import java.util.*;
+import sun.security.rsa.SunRsaSignEntries;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
+import static sun.security.provider.SunEntries.createAliases;
 
 /**
  * The JSSE provider.
@@ -157,86 +160,62 @@
         });
     }
 
+    private void ps(String type, String algo, String cn,
+            List<String> aliases, HashMap<String, String> attrs) {
+        putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+    }
+
     private void doRegister(boolean isfips) {
         if (isfips == false) {
-            put("KeyFactory.RSA",
-                "sun.security.rsa.RSAKeyFactory$Legacy");
-            put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
-            put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
+            Iterator<Provider.Service> rsaIter =
+                new SunRsaSignEntries(this).iterator();
+            while (rsaIter.hasNext()) {
+                putService(rsaIter.next());
+            }
+        }
+        ps("Signature", "MD5andSHA1withRSA",
+            "sun.security.ssl.RSASignature", null, null);
 
-            put("KeyPairGenerator.RSA",
-                "sun.security.rsa.RSAKeyPairGenerator$Legacy");
-            put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
-            put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
+        ps("KeyManagerFactory", "SunX509",
+            "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null);
+        ps("KeyManagerFactory", "NewSunX509",
+            "sun.security.ssl.KeyManagerFactoryImpl$X509",
+            createAliases("PKIX"), null);
 
-            put("Signature.MD2withRSA",
-                "sun.security.rsa.RSASignature$MD2withRSA");
-            put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
-            put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2",
-                "MD2withRSA");
+        ps("TrustManagerFactory", "SunX509",
+            "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", null, null);
+        ps("TrustManagerFactory", "PKIX",
+            "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
+            createAliases("SunPKIX", "X509", "X.509"), null);
 
-            put("Signature.MD5withRSA",
-                "sun.security.rsa.RSASignature$MD5withRSA");
-            put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
-            put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4",
-                "MD5withRSA");
+        ps("SSLContext", "TLSv1",
+            "sun.security.ssl.SSLContextImpl$TLS10Context",
+            (isfips? null : createAliases("SSLv3")), null);
+        ps("SSLContext", "TLSv1.1",
+            "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
+        ps("SSLContext", "TLSv1.2",
+            "sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
+        ps("SSLContext", "TLSv1.3",
+            "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
+        ps("SSLContext", "TLS",
+            "sun.security.ssl.SSLContextImpl$TLSContext",
+            (isfips? null : createAliases("SSL")), null);
 
-            put("Signature.SHA1withRSA",
-                "sun.security.rsa.RSASignature$SHA1withRSA");
-            put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
-            put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5",
-                "SHA1withRSA");
-            put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
-            put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA");
+        ps("SSLContext", "DTLSv1.0",
+            "sun.security.ssl.SSLContextImpl$DTLS10Context", null, null);
+        ps("SSLContext", "DTLSv1.2",
+            "sun.security.ssl.SSLContextImpl$DTLS12Context", null, null);
+        ps("SSLContext", "DTLS",
+            "sun.security.ssl.SSLContextImpl$DTLSContext", null, null);
 
-        }
-        put("Signature.MD5andSHA1withRSA",
-            "sun.security.ssl.RSASignature");
-
-        put("KeyManagerFactory.SunX509",
-            "sun.security.ssl.KeyManagerFactoryImpl$SunX509");
-        put("KeyManagerFactory.NewSunX509",
-            "sun.security.ssl.KeyManagerFactoryImpl$X509");
-        put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509");
-
-        put("TrustManagerFactory.SunX509",
-            "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory");
-        put("TrustManagerFactory.PKIX",
-            "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory");
-        put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
-        put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
-        put("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
-
-        put("SSLContext.TLSv1",
-            "sun.security.ssl.SSLContextImpl$TLS10Context");
-        put("SSLContext.TLSv1.1",
-            "sun.security.ssl.SSLContextImpl$TLS11Context");
-        put("SSLContext.TLSv1.2",
-            "sun.security.ssl.SSLContextImpl$TLS12Context");
-        put("SSLContext.TLSv1.3",
-            "sun.security.ssl.SSLContextImpl$TLS13Context");
-        put("SSLContext.TLS",
-            "sun.security.ssl.SSLContextImpl$TLSContext");
-        if (isfips == false) {
-            put("Alg.Alias.SSLContext.SSL", "TLS");
-            put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
-        }
-
-        put("SSLContext.DTLSv1.0",
-            "sun.security.ssl.SSLContextImpl$DTLS10Context");
-        put("SSLContext.DTLSv1.2",
-            "sun.security.ssl.SSLContextImpl$DTLS12Context");
-        put("SSLContext.DTLS",
-            "sun.security.ssl.SSLContextImpl$DTLSContext");
-
-        put("SSLContext.Default",
-            "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
+        ps("SSLContext", "Default",
+            "sun.security.ssl.SSLContextImpl$DefaultSSLContext", null, null);
 
         /*
          * KeyStore
          */
-        put("KeyStore.PKCS12",
-            "sun.security.pkcs12.PKCS12KeyStore");
+        ps("KeyStore", "PKCS12",
+            "sun.security.pkcs12.PKCS12KeyStore", null, null);
     }
 
     // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9