changeset 59337:62d97ec739db

8242151: Improve OID mapping and reuse among JDK security providers for aliases registration Summary: Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere Reviewed-by: weijun
author valeriep
date Tue, 19 May 2020 04:05:03 +0000
parents 0b2e88024e7a
children 22887fc44d67
files src/java.base/macosx/classes/apple/security/KeychainStore.java src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java src/java.base/share/classes/java/security/PKCS12Attribute.java src/java.base/share/classes/java/security/cert/CertificateRevokedException.java src/java.base/share/classes/java/security/cert/X509CertSelector.java src/java.base/share/classes/sun/security/pkcs/ContentInfo.java src/java.base/share/classes/sun/security/pkcs/PKCS7.java src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java src/java.base/share/classes/sun/security/provider/KeyProtector.java src/java.base/share/classes/sun/security/provider/SunEntries.java src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java src/java.base/share/classes/sun/security/rsa/PSSParameters.java src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java src/java.base/share/classes/sun/security/ssl/SunJSSE.java src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java src/java.base/share/classes/sun/security/timestamp/TSRequest.java src/java.base/share/classes/sun/security/tools/keytool/Main.java src/java.base/share/classes/sun/security/util/ConstraintsParameters.java src/java.base/share/classes/sun/security/util/CurveDB.java src/java.base/share/classes/sun/security/util/KnownOIDs.java src/java.base/share/classes/sun/security/util/NamedCurve.java src/java.base/share/classes/sun/security/util/ObjectIdentifier.java src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java src/java.base/share/classes/sun/security/validator/EndEntityChecker.java src/java.base/share/classes/sun/security/validator/SimpleValidator.java src/java.base/share/classes/sun/security/x509/AVA.java src/java.base/share/classes/sun/security/x509/AccessDescription.java src/java.base/share/classes/sun/security/x509/AlgorithmId.java src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java src/java.base/share/classes/sun/security/x509/OIDMap.java src/java.base/share/classes/sun/security/x509/OIDName.java src/java.base/share/classes/sun/security/x509/PKIXExtensions.java src/java.base/share/classes/sun/security/x509/X500Name.java src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java src/java.base/share/classes/sun/security/x509/X509CRLImpl.java src/java.base/share/classes/sun/security/x509/X509CertImpl.java src/java.security.jgss/share/classes/org/ietf/jgss/Oid.java src/java.security.jgss/share/classes/sun/security/jgss/GSSContextImpl.java src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Token.java src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSAParameters.java src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/LibMDMech.java src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/ServiceDesc.java src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java src/jdk.jartool/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java test/jdk/java/security/testlibrary/CertificateBuilder.java test/jdk/java/security/testlibrary/SimpleOCSPServer.java test/jdk/sun/security/jgss/spnego/NotPreferredMech.java test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java test/jdk/sun/security/pkcs/pkcs10/PKCS10AttributeReader.java test/jdk/sun/security/pkcs/pkcs9/UnknownAttribute.java test/jdk/sun/security/pkcs12/PKCS12SameKeyId.java test/jdk/sun/security/pkcs12/ParamsPreferences.java test/jdk/sun/security/pkcs12/ParamsTest.java test/jdk/sun/security/tools/jarsigner/TimestampCheck.java test/jdk/sun/security/tools/keytool/KeyToolTest.java test/jdk/sun/security/util/Oid/OidEquals.java test/jdk/sun/security/util/Oid/OidFormat.java test/jdk/sun/security/util/Oid/S11N.java test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java test/jdk/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java test/jdk/sun/security/x509/equalNames/AltNamesEqualsTest.java
diffstat 79 files changed, 2017 insertions(+), 2081 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/macosx/classes/apple/security/KeychainStore.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java	Tue May 19 04:05:03 2020 +0000
@@ -93,9 +93,9 @@
      * PKCS12 bag we get from the Keychain.
      */
     private static ObjectIdentifier PKCS8ShroudedKeyBag_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
+            ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
     private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
+            ObjectIdentifier.of(KnownOIDs.PBEWithSHA1AndDESede);
 
     /**
      * Constnats used in PBE decryption.
--- a/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java	Tue May 19 04:05:03 2020 +0000
@@ -71,7 +71,7 @@
 
     // Note: this OID is used by DHPrivateKey as well.
     static ObjectIdentifier DH_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.3.1");
+            ObjectIdentifier.of(KnownOIDs.DiffieHellman);
 
     /**
      * Make a DH public key out of a public value <code>y</code>, a prime
--- a/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java	Tue May 19 04:05:03 2020 +0000
@@ -48,6 +48,7 @@
 
 import sun.security.x509.AlgorithmId;
 import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
 import sun.security.util.SecurityProperties;
 
 /**
@@ -67,14 +68,6 @@
 
 final class KeyProtector {
 
-    // defined by SunSoft (SKI project)
-    private static final String PBE_WITH_MD5_AND_DES3_CBC_OID
-            = "1.3.6.1.4.1.42.2.19.1";
-
-    // JavaSoft proprietary key-protection algorithm (used to protect private
-    // keys in the keystore implementation that comes with JDK 1.2)
-    private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
-
     private static final int MAX_ITERATION_COUNT = 5000000;
     private static final int MIN_ITERATION_COUNT = 10000;
     private static final int DEFAULT_ITERATION_COUNT = 200000;
@@ -154,7 +147,8 @@
         pbeParams.init(pbeSpec);
 
         AlgorithmId encrAlg = new AlgorithmId
-            (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
+            (ObjectIdentifier.of(KnownOIDs.JAVASOFT_JCEKeyProtector),
+             pbeParams);
         return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
     }
 
@@ -169,13 +163,13 @@
         SecretKey sKey = null;
         try {
             String encrAlg = encrInfo.getAlgorithm().getOID().toString();
-            if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
-                && !encrAlg.equals(KEY_PROTECTOR_OID)) {
+            if (!encrAlg.equals(KnownOIDs.JAVASOFT_JCEKeyProtector.value())
+                && !encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
                 throw new UnrecoverableKeyException("Unsupported encryption "
                                                     + "algorithm");
             }
 
-            if (encrAlg.equals(KEY_PROTECTOR_OID)) {
+            if (encrAlg.equals(KnownOIDs.JAVASOFT_JDKKeyProtector.value())) {
                 // JDK 1.2 style recovery
                 plain = recover(encrInfo.getEncryptedData());
             } else {
--- a/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java	Tue May 19 04:05:03 2020 +0000
@@ -56,9 +56,9 @@
     private MGF1ParameterSpec mgfSpec;
     private byte[] p;
     private static ObjectIdentifier OID_MGF1 =
-            ObjectIdentifier.of("1.2.840.113549.1.1.8");
+            ObjectIdentifier.of(KnownOIDs.MGF1);
     private static ObjectIdentifier OID_PSpecified =
-            ObjectIdentifier.of("1.2.840.113549.1.1.9");
+            ObjectIdentifier.of(KnownOIDs.PSpecified);
 
     public OAEPParameters() {
     }
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java	Tue May 19 04:05:03 2020 +0000
@@ -93,25 +93,15 @@
 abstract class PBES2Parameters extends AlgorithmParametersSpi {
 
     private static ObjectIdentifier pkcs5PBKDF2_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.5.12");
+            ObjectIdentifier.of(KnownOIDs.PBKDF2WithHmacSHA1);
     private static ObjectIdentifier pkcs5PBES2_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.5.13");
-    private static ObjectIdentifier hmacWithSHA1_OID =
-            ObjectIdentifier.of("1.2.840.113549.2.7");
-    private static ObjectIdentifier hmacWithSHA224_OID =
-            ObjectIdentifier.of("1.2.840.113549.2.8");
-    private static ObjectIdentifier hmacWithSHA256_OID =
-            ObjectIdentifier.of("1.2.840.113549.2.9");
-    private static ObjectIdentifier hmacWithSHA384_OID =
-            ObjectIdentifier.of("1.2.840.113549.2.10");
-    private static ObjectIdentifier hmacWithSHA512_OID =
-            ObjectIdentifier.of("1.2.840.113549.2.11");
+            ObjectIdentifier.of(KnownOIDs.PBES2);
     private static ObjectIdentifier aes128CBC_OID =
-            ObjectIdentifier.of("2.16.840.1.101.3.4.1.2");
+            ObjectIdentifier.of(KnownOIDs.AES_128$CBC$NoPadding);
     private static ObjectIdentifier aes192CBC_OID =
-            ObjectIdentifier.of("2.16.840.1.101.3.4.1.22");
+            ObjectIdentifier.of(KnownOIDs.AES_192$CBC$NoPadding);
     private static ObjectIdentifier aes256CBC_OID =
-            ObjectIdentifier.of("2.16.840.1.101.3.4.1.42");
+            ObjectIdentifier.of(KnownOIDs.AES_256$CBC$NoPadding);
 
     // the PBES2 algorithm name
     private String pbes2AlgorithmName = null;
@@ -126,7 +116,8 @@
     private AlgorithmParameterSpec cipherParam = null;
 
     // the key derivation function (default is HmacSHA1)
-    private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
+    private ObjectIdentifier kdfAlgo_OID =
+            ObjectIdentifier.of(KnownOIDs.HmacSHA1);
 
     // the encryption function
     private ObjectIdentifier cipherAlgo_OID = null;
@@ -171,19 +162,11 @@
 
         switch (kdfAlgo) {
         case "HmacSHA1":
-            kdfAlgo_OID = hmacWithSHA1_OID;
-            break;
         case "HmacSHA224":
-            kdfAlgo_OID = hmacWithSHA224_OID;
-            break;
         case "HmacSHA256":
-            kdfAlgo_OID = hmacWithSHA256_OID;
-            break;
         case "HmacSHA384":
-            kdfAlgo_OID = hmacWithSHA384_OID;
-            break;
         case "HmacSHA512":
-            kdfAlgo_OID = hmacWithSHA512_OID;
+            kdfAlgo_OID = ObjectIdentifier.of(KnownOIDs.findMatch(kdfAlgo));
             break;
         default:
             throw new NoSuchAlgorithmException(
@@ -255,7 +238,7 @@
         }
         cipherAlgo = parseES(pBES2_params.data.getDerValue());
 
-        pbes2AlgorithmName = new StringBuilder().append("PBEWith")
+        this.pbes2AlgorithmName = new StringBuilder().append("PBEWith")
             .append(kdfAlgo).append("And").append(cipherAlgo).toString();
     }
 
@@ -306,21 +289,18 @@
         }
         if (prf != null) {
             kdfAlgo_OID = prf.data.getOID();
-            if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA1";
-            } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA224";
-            } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA256";
-            } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA384";
-            } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
-                kdfAlgo = "HmacSHA512";
-            } else {
+            KnownOIDs o = KnownOIDs.findMatch(kdfAlgo_OID.toString());
+            if (o == null || (!o.stdName().equals("HmacSHA1") &&
+                !o.stdName().equals("HmacSHA224") &&
+                !o.stdName().equals("HmacSHA256") &&
+                !o.stdName().equals("HmacSHA384") &&
+                !o.stdName().equals("HmacSHA512"))) {
                 throw new IOException("PBE parameter parsing error: "
                         + "expecting the object identifier for a HmacSHA key "
                         + "derivation function");
             }
+            kdfAlgo = o.stdName();
+
             if (prf.data.available() != 0) {
                 // parameter is 'NULL' for all HmacSHA KDFs
                 DerValue parameter = prf.data.getDerValue();
--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java	Tue May 19 04:05:03 2020 +0000
@@ -32,8 +32,7 @@
 import java.util.HashMap;
 import java.util.List;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
-import static sun.security.provider.SunEntries.createAliases;
-import static sun.security.provider.SunEntries.createAliasesWithOid;
+import static sun.security.util.SecurityProviderConstants.*;
 
 /**
  * The "SunJCE" Cryptographic Service Provider.
@@ -100,9 +99,22 @@
     }
     static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; }
 
-    private void ps(String type, String algo, String cn,
-            List<String> aliases, HashMap<String, String> attrs) {
-        putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+    // ps: putService
+    private void ps(String type, String algo, String cn) {
+        putService(new Provider.Service(this, type, algo, cn, null, null));
+    }
+
+    private void ps(String type, String algo, String cn, List<String> als,
+            HashMap<String, String> attrs) {
+        putService(new Provider.Service(this, type, algo, cn, als,
+                   attrs));
+    }
+
+    // psA: putService with default aliases
+    private void psA(String type, String algo, String cn,
+            HashMap<String, String> attrs) {
+        putService(new Provider.Service(this, type, algo, cn, getAliases(algo),
+                   attrs));
     }
 
     public SunJCE() {
@@ -128,69 +140,6 @@
     }
 
     void putEntries() {
-        // common aliases and oids
-        List<String> aesAliases = createAliases("Rijndael");
-        List<String> desEdeAliases = createAliases("TripleDES");
-        List<String> arcFourAliases = createAliases("RC4");
-        List<String> sunTlsMSAliases = createAliases(
-            "SunTls12MasterSecret", "SunTlsExtendedMasterSecret"
-        );
-        List<String> sunTlsKMAliases = createAliases("SunTls12KeyMaterial");
-        List<String> sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret");
-
-        String aes128Oid = "2.16.840.1.101.3.4.1.";
-        String aes192Oid = "2.16.840.1.101.3.4.1.2";
-        String aes256Oid = "2.16.840.1.101.3.4.1.4";
-
-        List<String> pkcs12RC4_128Aliases =
-            createAliasesWithOid("1.2.840.113549.1.12.1.1");
-
-        List<String> pkcs12RC4_40Aliases =
-            createAliasesWithOid("1.2.840.113549.1.12.1.2");
-
-        List<String> pkcs12DESedeAliases =
-            createAliasesWithOid("1.2.840.113549.1.12.1.3");
-
-        List<String> pkcs12RC2_128Aliases =
-            createAliasesWithOid("1.2.840.113549.1.12.1.5");
-
-        List<String> pkcs12RC2_40Aliases =
-            createAliasesWithOid("1.2.840.113549.1.12.1.6");
-
-        List<String> pkcs5MD5_DESAliases =
-            createAliasesWithOid("1.2.840.113549.1.5.3", "PBE");
-
-        List<String> pkcs5PBKDF2Aliases =
-            createAliasesWithOid("1.2.840.113549.1.5.12");
-
-        List<String> pkcs5PBES2Aliases =
-            createAliasesWithOid("1.2.840.113549.1.5.13");
-
-        List<String> diffieHellmanAliases =
-            createAliasesWithOid("1.2.840.113549.1.3.1", "DH");
-
-        List<String> chachaPolyAliases =
-            createAliasesWithOid("1.2.840.113549.1.9.16.3.18");
-
-        String macOidBase = "1.2.840.113549.2.";
-        List<String> macSHA1Aliases = createAliasesWithOid(macOidBase + "7");
-        List<String> macSHA224Aliases = createAliasesWithOid(macOidBase + "8");
-        List<String> macSHA256Aliases = createAliasesWithOid(macOidBase + "9");
-        List<String> macSHA384Aliases = createAliasesWithOid(macOidBase + "10");
-        List<String> macSHA512Aliases = createAliasesWithOid(macOidBase + "11");
-        List<String> macSHA512_224Aliases = createAliasesWithOid(macOidBase + "12");
-        List<String> macSHA512_256Aliases = createAliasesWithOid(macOidBase + "13");
-
-        String nistHashAlgsOidBase = "2.16.840.1.101.3.4.2.";
-        List<String> macSHA3_224Aliases =
-            createAliasesWithOid(nistHashAlgsOidBase + "13");
-        List<String> macSHA3_256Aliases =
-            createAliasesWithOid(nistHashAlgsOidBase + "14");
-        List<String> macSHA3_384Aliases =
-            createAliasesWithOid(nistHashAlgsOidBase + "15");
-        List<String> macSHA3_512Aliases =
-            createAliasesWithOid(nistHashAlgsOidBase + "16");
-
         // reuse attribute map and reset before each reuse
         HashMap<String, String> attrs = new HashMap<>(3);
         attrs.put("SupportedModes", "ECB");
@@ -225,8 +174,8 @@
         attrs.put("SupportedKeyFormats", "RAW");
         ps("Cipher", "DES",
                 "com.sun.crypto.provider.DESCipher", null, attrs);
-        ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
-                desEdeAliases, attrs);
+        psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
+                attrs);
         ps("Cipher", "Blowfish",
                 "com.sun.crypto.provider.BlowfishCipher", null, attrs);
 
@@ -237,58 +186,58 @@
         attrs.put("SupportedModes", BLOCK_MODES128);
         attrs.put("SupportedPaddings", BLOCK_PADS);
         attrs.put("SupportedKeyFormats", "RAW");
-        ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General",
-                aesAliases, attrs);
+        psA("Cipher", "AES",
+                "com.sun.crypto.provider.AESCipher$General", attrs);
 
         attrs.clear();
         attrs.put("SupportedKeyFormats", "RAW");
-        ps("Cipher", "AES_128/ECB/NoPadding",
+        psA("Cipher", "AES_128/ECB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
-                createAliasesWithOid(aes128Oid+"1"), attrs);
-        ps("Cipher", "AES_128/CBC/NoPadding",
+                attrs);
+        psA("Cipher", "AES_128/CBC/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
-                createAliasesWithOid(aes128Oid+"2"), attrs);
-        ps("Cipher", "AES_128/OFB/NoPadding",
+                attrs);
+        psA("Cipher", "AES_128/OFB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
-                createAliasesWithOid(aes128Oid+"3"), attrs);
-        ps("Cipher", "AES_128/CFB/NoPadding",
+                attrs);
+        psA("Cipher", "AES_128/CFB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
-                createAliasesWithOid(aes128Oid+"4"), attrs);
-        ps("Cipher", "AES_128/GCM/NoPadding",
+                attrs);
+        psA("Cipher", "AES_128/GCM/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding",
-                createAliasesWithOid(aes128Oid+"6"), attrs);
+                attrs);
 
-        ps("Cipher", "AES_192/ECB/NoPadding",
+        psA("Cipher", "AES_192/ECB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
-                createAliasesWithOid(aes192Oid+"1"), attrs);
-        ps("Cipher", "AES_192/CBC/NoPadding",
+                attrs);
+        psA("Cipher", "AES_192/CBC/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
-                createAliasesWithOid(aes192Oid+"2"), attrs);
-        ps("Cipher", "AES_192/OFB/NoPadding",
+                attrs);
+        psA("Cipher", "AES_192/OFB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
-                createAliasesWithOid(aes192Oid+"3"), attrs);
-        ps("Cipher", "AES_192/CFB/NoPadding",
+                attrs);
+        psA("Cipher", "AES_192/CFB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
-                createAliasesWithOid(aes192Oid+"4"), attrs);
-        ps("Cipher", "AES_192/GCM/NoPadding",
+                attrs);
+        psA("Cipher", "AES_192/GCM/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding",
-                createAliasesWithOid(aes192Oid+"6"), attrs);
+                attrs);
 
-        ps("Cipher", "AES_256/ECB/NoPadding",
+        psA("Cipher", "AES_256/ECB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
-                createAliasesWithOid(aes256Oid+"1"), attrs);
-        ps("Cipher", "AES_256/CBC/NoPadding",
+                attrs);
+        psA("Cipher", "AES_256/CBC/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
-                createAliasesWithOid(aes256Oid+"2"), attrs);
-        ps("Cipher", "AES_256/OFB/NoPadding",
+                attrs);
+        psA("Cipher", "AES_256/OFB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
-                createAliasesWithOid(aes256Oid+"3"), attrs);
-        ps("Cipher", "AES_256/CFB/NoPadding",
+                attrs);
+        psA("Cipher", "AES_256/CFB/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
-                createAliasesWithOid(aes256Oid+"4"), attrs);
-        ps("Cipher", "AES_256/GCM/NoPadding",
+                attrs);
+        psA("Cipher", "AES_256/GCM/NoPadding",
                 "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding",
-                createAliasesWithOid(aes256Oid+"6"), attrs);
+                attrs);
 
         attrs.clear();
         attrs.put("SupportedModes", "CBC");
@@ -301,167 +250,150 @@
         attrs.put("SupportedModes", "ECB");
         attrs.put("SupportedPaddings", "NOPADDING");
         attrs.put("SupportedKeyFormats", "RAW");
-        ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher",
-                arcFourAliases, attrs);
+        psA("Cipher", "ARCFOUR",
+                "com.sun.crypto.provider.ARCFOURCipher", attrs);
         ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General",
                 null, attrs);
-        ps("Cipher", "AESWrap_128",
+        psA("Cipher", "AESWrap_128",
                 "com.sun.crypto.provider.AESWrapCipher$AES128",
-                createAliasesWithOid(aes128Oid+"5"), attrs);
-        ps("Cipher", "AESWrap_192",
+                attrs);
+        psA("Cipher", "AESWrap_192",
                 "com.sun.crypto.provider.AESWrapCipher$AES192",
-                createAliasesWithOid(aes192Oid+"5"), attrs);
-        ps("Cipher", "AESWrap_256",
+                attrs);
+        psA("Cipher", "AESWrap_256",
                 "com.sun.crypto.provider.AESWrapCipher$AES256",
-                createAliasesWithOid(aes256Oid+"5"), attrs);
+                attrs);
 
         attrs.clear();
         attrs.put("SupportedKeyFormats", "RAW");
         ps("Cipher",  "ChaCha20",
                 "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
                 null, attrs);
-        ps("Cipher",  "ChaCha20-Poly1305",
+        psA("Cipher",  "ChaCha20-Poly1305",
                 "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
-                chachaPolyAliases, attrs);
+                attrs);
 
         // PBES1
-        ps("Cipher", "PBEWithMD5AndDES",
+        psA("Cipher", "PBEWithMD5AndDES",
                 "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
-                pkcs5MD5_DESAliases, null);
+                null);
         ps("Cipher", "PBEWithMD5AndTripleDES",
-                "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher",
-                null, null);
-        ps("Cipher", "PBEWithSHA1AndDESede",
+                "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+        psA("Cipher", "PBEWithSHA1AndDESede",
                 "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
-                pkcs12DESedeAliases, null);
-        ps("Cipher", "PBEWithSHA1AndRC2_40",
+                null);
+        psA("Cipher", "PBEWithSHA1AndRC2_40",
                 "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
-                pkcs12RC2_40Aliases, null);
-        ps("Cipher", "PBEWithSHA1AndRC2_128",
+                null);
+        psA("Cipher", "PBEWithSHA1AndRC2_128",
                 "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
-                pkcs12RC2_128Aliases, null);
-        ps("Cipher", "PBEWithSHA1AndRC4_40",
+                null);
+        psA("Cipher", "PBEWithSHA1AndRC4_40",
                 "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
-                pkcs12RC4_40Aliases, null);
+                null);
 
-        ps("Cipher", "PBEWithSHA1AndRC4_128",
+        psA("Cipher", "PBEWithSHA1AndRC4_128",
                 "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
-                pkcs12RC4_128Aliases, null);
+                null);
 
         // PBES2
         ps("Cipher", "PBEWithHmacSHA1AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
 
         ps("Cipher", "PBEWithHmacSHA224AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
 
         ps("Cipher", "PBEWithHmacSHA256AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
 
         ps("Cipher", "PBEWithHmacSHA384AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
 
         ps("Cipher", "PBEWithHmacSHA512AndAES_128",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
 
         ps("Cipher", "PBEWithHmacSHA1AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
 
         ps("Cipher", "PBEWithHmacSHA224AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
 
         ps("Cipher", "PBEWithHmacSHA256AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
 
         ps("Cipher", "PBEWithHmacSHA384AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
 
         ps("Cipher", "PBEWithHmacSHA512AndAES_256",
-                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
 
         /*
          * Key(pair) Generator engines
          */
         ps("KeyGenerator", "DES",
-                "com.sun.crypto.provider.DESKeyGenerator",
-                null, null);
-        ps("KeyGenerator", "DESede",
+                "com.sun.crypto.provider.DESKeyGenerator");
+        psA("KeyGenerator", "DESede",
                 "com.sun.crypto.provider.DESedeKeyGenerator",
-                desEdeAliases, null);
+                null);
         ps("KeyGenerator", "Blowfish",
-                "com.sun.crypto.provider.BlowfishKeyGenerator",
-                null, null);
-        ps("KeyGenerator", "AES",
+                "com.sun.crypto.provider.BlowfishKeyGenerator");
+        psA("KeyGenerator", "AES",
                 "com.sun.crypto.provider.AESKeyGenerator",
-                aesAliases, null);
+                null);
         ps("KeyGenerator", "RC2",
-                "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator",
-                null, null);
-        ps("KeyGenerator", "ARCFOUR",
+                "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
+        psA("KeyGenerator", "ARCFOUR",
                 "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
-                arcFourAliases, null);
+                null);
         ps("KeyGenerator", "ChaCha20",
-                "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator",
-                null, null);
+                "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
         ps("KeyGenerator", "HmacMD5",
-                "com.sun.crypto.provider.HmacMD5KeyGenerator",
-                null, null);
+                "com.sun.crypto.provider.HmacMD5KeyGenerator");
 
-        ps("KeyGenerator", "HmacSHA1",
-                "com.sun.crypto.provider.HmacSHA1KeyGenerator",
-                macSHA1Aliases, null);
-        ps("KeyGenerator", "HmacSHA224",
+        psA("KeyGenerator", "HmacSHA1",
+                "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
+        psA("KeyGenerator", "HmacSHA224",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
-                macSHA224Aliases, null);
-        ps("KeyGenerator", "HmacSHA256",
+                null);
+        psA("KeyGenerator", "HmacSHA256",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
-                macSHA256Aliases, null);
-        ps("KeyGenerator", "HmacSHA384",
+                null);
+        psA("KeyGenerator", "HmacSHA384",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
-                macSHA384Aliases, null);
-        ps("KeyGenerator", "HmacSHA512",
+                null);
+        psA("KeyGenerator", "HmacSHA512",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
-                macSHA512Aliases, null);
-        ps("KeyGenerator", "HmacSHA512/224",
+                null);
+        psA("KeyGenerator", "HmacSHA512/224",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
-                macSHA512_224Aliases, null);
-        ps("KeyGenerator", "HmacSHA512/256",
+                null);
+        psA("KeyGenerator", "HmacSHA512/256",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
-                macSHA512_256Aliases, null);
+                null);
 
-        ps("KeyGenerator", "HmacSHA3-224",
+        psA("KeyGenerator", "HmacSHA3-224",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
-                macSHA3_224Aliases, null);
-        ps("KeyGenerator", "HmacSHA3-256",
+                null);
+        psA("KeyGenerator", "HmacSHA3-256",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
-                macSHA3_256Aliases, null);
-        ps("KeyGenerator", "HmacSHA3-384",
+                null);
+        psA("KeyGenerator", "HmacSHA3-384",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
-                macSHA3_384Aliases, null);
-        ps("KeyGenerator", "HmacSHA3-512",
+                null);
+        psA("KeyGenerator", "HmacSHA3-512",
                 "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
-                macSHA3_512Aliases, null);
+                null);
 
-        ps("KeyPairGenerator", "DiffieHellman",
+        psA("KeyPairGenerator", "DiffieHellman",
                 "com.sun.crypto.provider.DHKeyPairGenerator",
-                diffieHellmanAliases, null);
+                null);
 
         /*
          * Algorithm parameter generation engines
          */
-        ps("AlgorithmParameterGenerator",
+        psA("AlgorithmParameterGenerator",
                 "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
-                diffieHellmanAliases, null);
+                null);
 
         /*
          * Key Agreement engines
@@ -469,142 +401,120 @@
         attrs.clear();
         attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
                         "|javax.crypto.interfaces.DHPrivateKey");
-        ps("KeyAgreement", "DiffieHellman",
+        psA("KeyAgreement", "DiffieHellman",
                 "com.sun.crypto.provider.DHKeyAgreement",
-                diffieHellmanAliases, attrs);
+                attrs);
 
         /*
          * Algorithm Parameter engines
          */
-        ps("AlgorithmParameters", "DiffieHellman",
-                "com.sun.crypto.provider.DHParameters",
-                diffieHellmanAliases, null);
+        psA("AlgorithmParameters", "DiffieHellman",
+                "com.sun.crypto.provider.DHParameters", null);
 
         ps("AlgorithmParameters", "DES",
-                "com.sun.crypto.provider.DESParameters",
-                null, null);
+                "com.sun.crypto.provider.DESParameters");
 
-        ps("AlgorithmParameters", "DESede",
-                "com.sun.crypto.provider.DESedeParameters",
-                desEdeAliases, null);
+        psA("AlgorithmParameters", "DESede",
+                "com.sun.crypto.provider.DESedeParameters", null);
 
-        ps("AlgorithmParameters", "PBEWithMD5AndDES",
+        psA("AlgorithmParameters", "PBEWithMD5AndDES",
                 "com.sun.crypto.provider.PBEParameters",
-                pkcs5MD5_DESAliases, null);
+                null);
 
         ps("AlgorithmParameters", "PBEWithMD5AndTripleDES",
+                "com.sun.crypto.provider.PBEParameters");
+
+        psA("AlgorithmParameters", "PBEWithSHA1AndDESede",
                 "com.sun.crypto.provider.PBEParameters",
-                null, null);
+                null);
 
-        ps("AlgorithmParameters", "PBEWithSHA1AndDESede",
+        psA("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
                 "com.sun.crypto.provider.PBEParameters",
-                pkcs12DESedeAliases, null);
+                null);
 
-        ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40",
+        psA("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
                 "com.sun.crypto.provider.PBEParameters",
-                pkcs12RC2_40Aliases, null);
+                null);
 
-        ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128",
+        psA("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
                 "com.sun.crypto.provider.PBEParameters",
-                pkcs12RC2_128Aliases, null);
+                null);
 
-        ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40",
+        psA("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
                 "com.sun.crypto.provider.PBEParameters",
-                pkcs12RC4_40Aliases, null);
+                null);
 
-        ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128",
-                "com.sun.crypto.provider.PBEParameters",
-                pkcs12RC4_128Aliases, null);
-
-        ps("AlgorithmParameters", "PBES2",
+        psA("AlgorithmParameters", "PBES2",
                 "com.sun.crypto.provider.PBES2Parameters$General",
-                pkcs5PBES2Aliases, null);
+                null);
 
         ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
 
         ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256",
-                "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
 
         ps("AlgorithmParameters", "Blowfish",
-                "com.sun.crypto.provider.BlowfishParameters",
-                null, null);
+                "com.sun.crypto.provider.BlowfishParameters");
 
-        ps("AlgorithmParameters", "AES",
-                "com.sun.crypto.provider.AESParameters",
-                aesAliases, null);
+        psA("AlgorithmParameters", "AES",
+                "com.sun.crypto.provider.AESParameters", null);
 
         ps("AlgorithmParameters", "GCM",
-                "com.sun.crypto.provider.GCMParameters",
-                null, null);
+                "com.sun.crypto.provider.GCMParameters");
 
         ps("AlgorithmParameters", "RC2",
-                "com.sun.crypto.provider.RC2Parameters",
-                null, null);
+                "com.sun.crypto.provider.RC2Parameters");
 
         ps("AlgorithmParameters", "OAEP",
-                "com.sun.crypto.provider.OAEPParameters",
-                null, null);
+                "com.sun.crypto.provider.OAEPParameters");
 
-        ps("AlgorithmParameters", "ChaCha20-Poly1305",
-                "com.sun.crypto.provider.ChaCha20Poly1305Parameters",
-                chachaPolyAliases, null);
+        psA("AlgorithmParameters", "ChaCha20-Poly1305",
+                "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
 
         /*
          * Key factories
          */
-        ps("KeyFactory", "DiffieHellman",
+        psA("KeyFactory", "DiffieHellman",
                 "com.sun.crypto.provider.DHKeyFactory",
-                diffieHellmanAliases, null);
+                null);
 
         /*
          * Secret-key factories
          */
         ps("SecretKeyFactory", "DES",
-                "com.sun.crypto.provider.DESKeyFactory",
-                null, null);
+                "com.sun.crypto.provider.DESKeyFactory");
 
-        ps("SecretKeyFactory", "DESede",
-                "com.sun.crypto.provider.DESedeKeyFactory",
-                desEdeAliases, null);
+        psA("SecretKeyFactory", "DESede",
+                "com.sun.crypto.provider.DESedeKeyFactory", null);
 
-        ps("SecretKeyFactory", "PBEWithMD5AndDES",
+        psA("SecretKeyFactory", "PBEWithMD5AndDES",
                 "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
-                pkcs5MD5_DESAliases, null);
+                null);
 
         /*
          * Internal in-house crypto algorithm used for
@@ -613,85 +523,70 @@
          * algorithm.
          */
         ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
 
-        ps("SecretKeyFactory", "PBEWithSHA1AndDESede",
+        psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
                 "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
-                pkcs12DESedeAliases, null);
+                null);
 
-        ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
                 "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
-                pkcs12RC2_40Aliases, null);
+                null);
 
-        ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
                 "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
-                pkcs12RC2_128Aliases, null);
+                null);
 
-        ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
                 "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
-                pkcs12RC4_40Aliases,null);
+                null);
 
-        ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+        psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
                 "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
-                pkcs12RC4_128Aliases, null);
+                null);
 
         ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
 
         ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
-                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256",
-                null, null);
+                "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
 
         // PBKDF2
-        ps("SecretKeyFactory", "PBKDF2WithHmacSHA1",
+        psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
                 "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
-                pkcs5PBKDF2Aliases, null);
+                null);
         ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA224",
-                null, null);
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
         ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA256",
-                null, null);
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
         ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA384",
-                null, null);
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
         ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
-                "com.sun.crypto.provider.PBKDF2Core$HmacSHA512",
-                null, null);
+                "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
 
         /*
          * MAC
@@ -699,35 +594,28 @@
         attrs.clear();
         attrs.put("SupportedKeyFormats", "RAW");
         ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
-        ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
-                macSHA1Aliases, attrs);
-        ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224",
-                macSHA224Aliases, attrs);
-        ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256",
-                macSHA256Aliases, attrs);
-        ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384",
-                macSHA384Aliases, attrs);
-        ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512",
-                macSHA512Aliases, attrs);
-        ps("Mac", "HmacSHA512/224",
-                "com.sun.crypto.provider.HmacCore$HmacSHA512_224",
-                macSHA512_224Aliases, attrs);
-        ps("Mac", "HmacSHA512/256",
-                "com.sun.crypto.provider.HmacCore$HmacSHA512_256",
-                macSHA512_256Aliases, attrs);
-
-        ps("Mac", "HmacSHA3-224",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_224",
-                macSHA3_224Aliases, attrs);
-        ps("Mac", "HmacSHA3-256",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_256",
-                macSHA3_256Aliases, attrs);
-        ps("Mac", "HmacSHA3-384",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_384",
-                macSHA3_384Aliases, attrs);
-        ps("Mac", "HmacSHA3-512",
-                "com.sun.crypto.provider.HmacCore$HmacSHA3_512",
-                macSHA3_512Aliases, attrs);
+        psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
+                attrs);
+        psA("Mac", "HmacSHA224",
+                "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
+        psA("Mac", "HmacSHA256",
+                "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
+        psA("Mac", "HmacSHA384",
+                "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
+        psA("Mac", "HmacSHA512",
+                "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
+        psA("Mac", "HmacSHA512/224",
+                "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
+        psA("Mac", "HmacSHA512/256",
+                "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
+        psA("Mac", "HmacSHA3-224",
+                "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
+        psA("Mac", "HmacSHA3-256",
+                "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
+        psA("Mac", "HmacSHA3-384",
+                "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
+        psA("Mac", "HmacSHA3-512",
+                "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
 
         ps("Mac", "HmacPBESHA1",
                 "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
@@ -772,8 +660,7 @@
          * KeyStore
          */
         ps("KeyStore", "JCEKS",
-                "com.sun.crypto.provider.JceKeyStore",
-                null, null);
+                "com.sun.crypto.provider.JceKeyStore");
 
         /*
          * SSL/TLS mechanisms
@@ -784,24 +671,22 @@
          * mechanisms, and it will cause calls to come here.
          */
         ps("KeyGenerator", "SunTlsPrf",
-                "com.sun.crypto.provider.TlsPrfGenerator$V10",
-                null, null);
+                "com.sun.crypto.provider.TlsPrfGenerator$V10");
         ps("KeyGenerator", "SunTls12Prf",
-                "com.sun.crypto.provider.TlsPrfGenerator$V12",
-                null, null);
+                "com.sun.crypto.provider.TlsPrfGenerator$V12");
 
         ps("KeyGenerator", "SunTlsMasterSecret",
                 "com.sun.crypto.provider.TlsMasterSecretGenerator",
-                createAliases("SunTls12MasterSecret",
-                    "SunTlsExtendedMasterSecret"), null);
+                List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
+                null);
 
         ps("KeyGenerator", "SunTlsKeyMaterial",
                 "com.sun.crypto.provider.TlsKeyMaterialGenerator",
-                createAliases("SunTls12KeyMaterial"), null);
+                List.of("SunTls12KeyMaterial"), null);
 
         ps("KeyGenerator", "SunTlsRsaPremasterSecret",
                 "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
-                createAliases("SunTls12RsaPremasterSecret"), null);
+                List.of("SunTls12RsaPremasterSecret"), null);
     }
 
     // Return the instance of this class or create one if needed.
--- a/src/java.base/share/classes/java/security/PKCS12Attribute.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/java/security/PKCS12Attribute.java	Tue May 19 04:05:03 2020 +0000
@@ -76,7 +76,7 @@
         // Validate name
         ObjectIdentifier type;
         try {
-            type = new ObjectIdentifier(name);
+            type = ObjectIdentifier.of(name);
         } catch (IOException e) {
             throw new IllegalArgumentException("Incorrect format: name", e);
         }
--- a/src/java.base/share/classes/java/security/cert/CertificateRevokedException.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/java/security/cert/CertificateRevokedException.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -246,7 +246,7 @@
             boolean critical = ois.readBoolean();
             byte[] extVal = IOUtils.readExactlyNBytes(ois, ois.readInt());
             Extension ext = sun.security.x509.Extension.newExtension
-                (new ObjectIdentifier(oid), critical, extVal);
+                (ObjectIdentifier.of(oid), critical, extVal);
             extensions.put(oid, ext);
         }
     }
--- a/src/java.base/share/classes/java/security/cert/X509CertSelector.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/java/security/cert/X509CertSelector.java	Tue May 19 04:05:03 2020 +0000
@@ -31,11 +31,7 @@
 import java.util.*;
 import javax.security.auth.x500.X500Principal;
 
-import sun.security.util.HexDumpEncoder;
-import sun.security.util.Debug;
-import sun.security.util.DerInputStream;
-import sun.security.util.DerValue;
-import sun.security.util.ObjectIdentifier;
+import sun.security.util.*;
 import sun.security.x509.*;
 
 /**
@@ -88,7 +84,7 @@
     private static final Debug debug = Debug.getInstance("certpath");
 
     private static final ObjectIdentifier ANY_EXTENDED_KEY_USAGE =
-        ObjectIdentifier.of("2.5.29.37.0");
+        ObjectIdentifier.of(KnownOIDs.anyExtendedKeyUsage);
 
     static {
         CertPathHelperImpl.initialize();
@@ -506,7 +502,7 @@
         if (oid == null) {
             subjectPublicKeyAlgID = null;
         } else {
-            subjectPublicKeyAlgID = new ObjectIdentifier(oid);
+            subjectPublicKeyAlgID = ObjectIdentifier.of(oid);
         }
     }
 
@@ -622,7 +618,7 @@
                 Collections.unmodifiableSet(new HashSet<>(keyPurposeSet));
             keyPurposeOIDSet = new HashSet<>();
             for (String s : this.keyPurposeSet) {
-                keyPurposeOIDSet.add(new ObjectIdentifier(s));
+                keyPurposeOIDSet.add(ObjectIdentifier.of(s));
             }
         }
     }
@@ -1105,8 +1101,8 @@
                 if (!(o instanceof String)) {
                     throw new IOException("non String in certPolicySet");
                 }
-                polIdVector.add(new CertificatePolicyId(new ObjectIdentifier(
-                  (String)o)));
+                polIdVector.add(new CertificatePolicyId
+                        (ObjectIdentifier.of((String)o)));
             }
             // If everything went OK, make the changes
             policySet = tempSet;
--- a/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java	Tue May 19 04:05:03 2020 +0000
@@ -39,35 +39,35 @@
 
     // pkcs7 pre-defined content types
     public static ObjectIdentifier PKCS7_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.7");
+            ObjectIdentifier.of(KnownOIDs.PKCS7);
     public static ObjectIdentifier DATA_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.7.1");
+            ObjectIdentifier.of(KnownOIDs.Data);
     public static ObjectIdentifier SIGNED_DATA_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.7.2");
+            ObjectIdentifier.of(KnownOIDs.SignedData);
     public static ObjectIdentifier ENVELOPED_DATA_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.7.3");
+            ObjectIdentifier.of(KnownOIDs.EnvelopedData);
     public static ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.7.4");
+            ObjectIdentifier.of(KnownOIDs.SignedAndEnvelopedData);
     public static ObjectIdentifier DIGESTED_DATA_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.7.5");
+            ObjectIdentifier.of(KnownOIDs.DigestedData);
     public static ObjectIdentifier ENCRYPTED_DATA_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.7.6");
+            ObjectIdentifier.of(KnownOIDs.EncryptedData);
 
     // this is for backwards-compatibility with JDK 1.1.x
     public static ObjectIdentifier OLD_SIGNED_DATA_OID =
-            ObjectIdentifier.of("1.2.840.1113549.1.7.2");
+            ObjectIdentifier.of(KnownOIDs.JDK_OLD_SignedData);
     public static ObjectIdentifier OLD_DATA_OID =
-            ObjectIdentifier.of("1.2.840.1113549.1.7.1");
+            ObjectIdentifier.of(KnownOIDs.JDK_OLD_Data);
 
     // The ASN.1 systax for the Netscape Certificate Sequence data type is
     // defined at:
     //      http://wp.netscape.com/eng/security/comm4-cert-download.html
     public static ObjectIdentifier NETSCAPE_CERT_SEQUENCE_OID =
-            ObjectIdentifier.of("2.16.840.1.113730.2.5");
+            ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertSequence);
 
     // timestamp token (id-ct-TSTInfo) from RFC 3161
     public static ObjectIdentifier TIMESTAMP_TOKEN_INFO_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.9.16.1.4");
+            ObjectIdentifier.of(KnownOIDs.TimeStampTokenInfo);
 
     ObjectIdentifier contentType;
     DerValue content; // OPTIONAL
--- a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java	Tue May 19 04:05:03 2020 +0000
@@ -819,7 +819,7 @@
             unauthAttrs =
                 new PKCS9Attributes(new PKCS9Attribute[]{
                     new PKCS9Attribute(
-                        PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
+                        PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID,
                         tsToken)});
         }
 
--- a/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java	Tue May 19 04:05:03 2020 +0000
@@ -32,13 +32,7 @@
 import java.util.Date;
 import java.util.HashMap;
 import sun.security.x509.CertificateExtensions;
-import sun.security.util.Debug;
-import sun.security.util.DerEncoder;
-import sun.security.util.DerValue;
-import sun.security.util.DerInputStream;
-import sun.security.util.DerOutputStream;
-import sun.security.util.ObjectIdentifier;
-import sun.security.util.HexDumpEncoder;
+import sun.security.util.*;
 
 /**
  * Class supporting any PKCS9 attributes.
@@ -188,17 +182,11 @@
 
     private static final Class<?> BYTE_ARRAY_CLASS;
 
-    static {   // static initializer for PKCS9_OIDS
-        for (int i = 1; i < PKCS9_OIDS.length - 2; i++) {
-            PKCS9_OIDS[i] = ObjectIdentifier.of("1.2.840.113549.1.9." + i);
-        }
-        // Initialize SigningCertificate and SignatureTimestampToken
-        // separately (because their values are out of sequence)
-        PKCS9_OIDS[PKCS9_OIDS.length - 2] =
-            ObjectIdentifier.of("1.2.840.113549.1.9.16.2.12");
-        PKCS9_OIDS[PKCS9_OIDS.length - 1] =
-            ObjectIdentifier.of("1.2.840.113549.1.9.16.2.14");
-
+    static {
+        // set unused PKCS9_OIDS entries to null
+        // rest are initialized with public constants
+        PKCS9_OIDS[0] = PKCS9_OIDS[11] = PKCS9_OIDS[12] = PKCS9_OIDS[13] =
+        PKCS9_OIDS[15] = null;
         try {
             BYTE_ARRAY_CLASS = Class.forName("[B");
         } catch (ClassNotFoundException e) {
@@ -206,99 +194,37 @@
         }
     }
 
-    // first element [0] not used
-    public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1];
-    public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2];
-    public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3];
-    public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4];
-    public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5];
-    public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6];
-    public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7];
-    public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8];
-    public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID
-                                         = PKCS9_OIDS[9];
-    public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID = PKCS9_OIDS[10];
+    public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1] =
+            ObjectIdentifier.of(KnownOIDs.EmailAddress);
+    public static final ObjectIdentifier UNSTRUCTURED_NAME_OID = PKCS9_OIDS[2] =
+            ObjectIdentifier.of(KnownOIDs.UnstructuredName);
+    public static final ObjectIdentifier CONTENT_TYPE_OID = PKCS9_OIDS[3] =
+            ObjectIdentifier.of(KnownOIDs.ContentType);
+    public static final ObjectIdentifier MESSAGE_DIGEST_OID = PKCS9_OIDS[4] =
+            ObjectIdentifier.of(KnownOIDs.MessageDigest);
+    public static final ObjectIdentifier SIGNING_TIME_OID = PKCS9_OIDS[5] =
+            ObjectIdentifier.of(KnownOIDs.SigningTime);
+    public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6] =
+            ObjectIdentifier.of(KnownOIDs.CounterSignature);
+    public static final ObjectIdentifier CHALLENGE_PASSWORD_OID =
+            PKCS9_OIDS[7] = ObjectIdentifier.of(KnownOIDs.ChallengePassword);
+    public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID =
+            PKCS9_OIDS[8] = ObjectIdentifier.of(KnownOIDs.UnstructuredAddress);
+    public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID =
+            PKCS9_OIDS[9] =
+            ObjectIdentifier.of(KnownOIDs.ExtendedCertificateAttributes);
+    public static final ObjectIdentifier ISSUER_SERIALNUMBER_OID =
+            PKCS9_OIDS[10] =
+            ObjectIdentifier.of(KnownOIDs.IssuerAndSerialNumber);
     // [11], [12] are RSA DSI proprietary
     // [13] ==> signingDescription, S/MIME, not used anymore
-    public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14];
-    public static final ObjectIdentifier SMIME_CAPABILITY_OID = PKCS9_OIDS[15];
-    public static final ObjectIdentifier SIGNING_CERTIFICATE_OID = PKCS9_OIDS[16];
+    public static final ObjectIdentifier EXTENSION_REQUEST_OID =
+            PKCS9_OIDS[14] = ObjectIdentifier.of(KnownOIDs.ExtensionRequest);
+    public static final ObjectIdentifier SIGNING_CERTIFICATE_OID =
+            PKCS9_OIDS[16] = ObjectIdentifier.of(KnownOIDs.SigningCertificate);
     public static final ObjectIdentifier SIGNATURE_TIMESTAMP_TOKEN_OID =
-                                PKCS9_OIDS[17];
-    public static final String EMAIL_ADDRESS_STR = "EmailAddress";
-    public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName";
-    public static final String CONTENT_TYPE_STR = "ContentType";
-    public static final String MESSAGE_DIGEST_STR = "MessageDigest";
-    public static final String SIGNING_TIME_STR = "SigningTime";
-    public static final String COUNTERSIGNATURE_STR = "Countersignature";
-    public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword";
-    public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress";
-    public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR =
-                               "ExtendedCertificateAttributes";
-    public static final String ISSUER_SERIALNUMBER_STR = "IssuerAndSerialNumber";
-    // [11], [12] are RSA DSI proprietary
-    private static final String RSA_PROPRIETARY_STR = "RSAProprietary";
-    // [13] ==> signingDescription, S/MIME, not used anymore
-    private static final String SMIME_SIGNING_DESC_STR = "SMIMESigningDesc";
-    public static final String EXTENSION_REQUEST_STR = "ExtensionRequest";
-    public static final String SMIME_CAPABILITY_STR = "SMIMECapability";
-    public static final String SIGNING_CERTIFICATE_STR = "SigningCertificate";
-    public static final String SIGNATURE_TIMESTAMP_TOKEN_STR =
-                                "SignatureTimestampToken";
-
-    /**
-     * HashMap mapping names and variant names of supported
-     * attributes to their OIDs. This table contains all name forms
-     * that occur in PKCS9, in lower case.
-     */
-    private static final HashMap<String, ObjectIdentifier> NAME_OID_TABLE =
-        new HashMap<String, ObjectIdentifier>(17);
-
-    static { // static initializer for PCKS9_NAMES
-        NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]);
-        NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]);
-        NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]);
-        NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]);
-        NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]);
-        NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]);
-        NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]);
-        NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]);
-        NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]);
-        NAME_OID_TABLE.put("issuerandserialnumber", PKCS9_OIDS[10]);
-        NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[11]);
-        NAME_OID_TABLE.put("rsaproprietary", PKCS9_OIDS[12]);
-        NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]);
-        NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]);
-        NAME_OID_TABLE.put("smimecapability", PKCS9_OIDS[15]);
-        NAME_OID_TABLE.put("signingcertificate", PKCS9_OIDS[16]);
-        NAME_OID_TABLE.put("signaturetimestamptoken", PKCS9_OIDS[17]);
-    };
-
-    /**
-     * HashMap mapping attribute OIDs defined in PKCS9 to the
-     * corresponding attribute value type.
-     */
-    private static final HashMap<ObjectIdentifier, String> OID_NAME_TABLE =
-        new HashMap<ObjectIdentifier, String>(17);
-    static {
-        OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_SERIALNUMBER_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[11], RSA_PROPRIETARY_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[12], RSA_PROPRIETARY_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[13], SMIME_SIGNING_DESC_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[15], SMIME_CAPABILITY_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[16], SIGNING_CERTIFICATE_STR);
-        OID_NAME_TABLE.put(PKCS9_OIDS[17], SIGNATURE_TIMESTAMP_TOKEN_STR);
-    }
+            PKCS9_OIDS[17] =
+            ObjectIdentifier.of(KnownOIDs.SignatureTimestampToken);
 
     /**
      * Acceptable ASN.1 tags for DER encodings of values of PKCS9
@@ -427,34 +353,6 @@
         init(oid, value);
     }
 
-    /**
-     * Construct an attribute object from the attribute's name and
-     * value.  If the attribute is single-valued, provide only one
-     * value.  If the attribute is multi-valued, provide an array
-     * containing all the values.
-     * Arrays of length zero are accepted, though probably useless.
-     *
-     * <P> The
-     * <a href=#classTable>table</a> gives the class that <code>value</code>
-     * must have for a given attribute. Reasonable variants of these
-     * attributes are accepted; in particular, case does not matter.
-     *
-     * @exception IllegalArgumentException
-     * if the <code>name</code> is not recognized or the
-     * <code>value</code> has the wrong type.
-     */
-    public PKCS9Attribute(String name, Object value)
-    throws IllegalArgumentException {
-        ObjectIdentifier oid = getOID(name);
-
-        if (oid == null)
-            throw new IllegalArgumentException(
-                       "Unrecognized attribute name " + name +
-                       " constructing PKCS9Attribute.");
-
-        init(oid, value);
-    }
-
     private void init(ObjectIdentifier oid, Object value)
         throws IllegalArgumentException {
 
@@ -766,9 +664,9 @@
      *  Return the name of this attribute.
      */
     public String getName() {
-        return index == -1 ?
-                oid.toString() :
-                OID_NAME_TABLE.get(PKCS9_OIDS[index]);
+        String n = oid.toString();
+        KnownOIDs os = KnownOIDs.findMatch(n);
+        return (os == null? n : os.stdName());
     }
 
     /**
@@ -776,7 +674,12 @@
      * the name.
      */
     public static ObjectIdentifier getOID(String name) {
-        return NAME_OID_TABLE.get(name.toLowerCase(Locale.ENGLISH));
+        KnownOIDs o = KnownOIDs.findMatch(name);
+        if (o != null) {
+            return ObjectIdentifier.of(o);
+        } else {
+            return null;
+        }
     }
 
     /**
@@ -784,7 +687,7 @@
      * the oid.
      */
     public static String getName(ObjectIdentifier oid) {
-        return OID_NAME_TABLE.get(oid);
+        return KnownOIDs.findMatch(oid.toString()).stdName();
     }
 
     /**
@@ -799,7 +702,7 @@
         if (index == -1) {
             sb.append(oid.toString());
         } else {
-            sb.append(OID_NAME_TABLE.get(PKCS9_OIDS[index]));
+            sb.append(getName(oid));
         }
         sb.append(": ");
 
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue May 19 04:05:03 2020 +0000
@@ -66,17 +66,11 @@
 import javax.security.auth.x500.X500Principal;
 
 import sun.security.tools.KeyStoreUtil;
-import sun.security.util.Debug;
-import sun.security.util.DerInputStream;
-import sun.security.util.DerOutputStream;
-import sun.security.util.DerValue;
-import sun.security.util.ObjectIdentifier;
+import sun.security.util.*;
 import sun.security.pkcs.ContentInfo;
-import sun.security.util.SecurityProperties;
 import sun.security.x509.AlgorithmId;
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.provider.JavaKeyStore.JKS;
-import sun.security.util.KeyStoreDelegator;
 import sun.security.x509.AuthorityKeyIdentifierExtension;
 
 
@@ -148,29 +142,29 @@
     private static final int MAX_ITERATION_COUNT = 5000000;
     private static final int SALT_LEN = 20;
 
-    // friendlyName, localKeyId, trustedKeyUsage
-    private static final String[] CORE_ATTRIBUTES = {
-        "1.2.840.113549.1.9.20",
-        "1.2.840.113549.1.9.21",
-        "2.16.840.1.113894.746875.1.1"
+    private static final KnownOIDs[] CORE_ATTRIBUTES = {
+        KnownOIDs.FriendlyName,
+        KnownOIDs.LocalKeyID,
+        KnownOIDs.ORACLE_TrustedKeyUsage
     };
 
     private static final Debug debug = Debug.getInstance("pkcs12");
 
     private static final ObjectIdentifier PKCS8ShroudedKeyBag_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.12.10.1.2");
+            ObjectIdentifier.of(KnownOIDs.PKCS8ShroudedKeyBag);
     private static final ObjectIdentifier CertBag_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.12.10.1.3");
+            ObjectIdentifier.of(KnownOIDs.CertBag);
     private static final ObjectIdentifier SecretBag_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.12.10.1.5");
+            ObjectIdentifier.of(KnownOIDs.SecretBag);
+
     private static final ObjectIdentifier PKCS9FriendlyName_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.9.20");
+            ObjectIdentifier.of(KnownOIDs.FriendlyName);
     private static final ObjectIdentifier PKCS9LocalKeyId_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.9.21");
+            ObjectIdentifier.of(KnownOIDs.LocalKeyID);
     private static final ObjectIdentifier PKCS9CertType_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.9.22.1");
+            ObjectIdentifier.of(KnownOIDs.CertTypeX509);
     private static final ObjectIdentifier pbes2_OID =
-            ObjectIdentifier.of("1.2.840.113549.1.5.13");
+            ObjectIdentifier.of(KnownOIDs.PBES2);
 
     /*
      * Temporary Oracle OID
@@ -179,11 +173,10 @@
      *  oracle(113894) jdk(746875) crypto(1) id-at-trustedKeyUsage(1)}
      */
     private static final ObjectIdentifier TrustedKeyUsage_OID =
-            ObjectIdentifier.of("2.16.840.1.113894.746875.1.1");
+            ObjectIdentifier.of(KnownOIDs.ORACLE_TrustedKeyUsage);
 
     private static final ObjectIdentifier[] AnyUsage = new ObjectIdentifier[] {
-                // AnyExtendedKeyUsage
-                ObjectIdentifier.of("2.5.29.37.0")
+                ObjectIdentifier.of(KnownOIDs.anyExtendedKeyUsage)
             };
 
     private int counter = 0;
@@ -1643,9 +1636,9 @@
             for (KeyStore.Entry.Attribute attribute : attributes) {
                 String attributeName = attribute.getName();
                 // skip friendlyName, localKeyId and trustedKeyUsage
-                if (CORE_ATTRIBUTES[0].equals(attributeName) ||
-                    CORE_ATTRIBUTES[1].equals(attributeName) ||
-                    CORE_ATTRIBUTES[2].equals(attributeName)) {
+                if (CORE_ATTRIBUTES[0].value().equals(attributeName) ||
+                    CORE_ATTRIBUTES[1].value().equals(attributeName) ||
+                    CORE_ATTRIBUTES[2].value().equals(attributeName)) {
                     continue;
                 }
                 attrs.write(((PKCS12Attribute) attribute).getEncoded());
--- a/src/java.base/share/classes/sun/security/provider/KeyProtector.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/provider/KeyProtector.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,7 @@
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.x509.AlgorithmId;
 import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
 import sun.security.util.DerValue;
 
 /**
@@ -105,9 +106,6 @@
     private static final String DIGEST_ALG = "SHA";
     private static final int DIGEST_LEN = 20;
 
-    // defined by JavaSoft
-    private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
-
     // The password used for protecting/recovering keys passed through this
     // key protector. We store it as a byte array, so that we can digest it.
     private byte[] passwdBytes;
@@ -213,7 +211,8 @@
         // EncryptedPrivateKeyInfo, and returns its encoding
         AlgorithmId encrAlg;
         try {
-            encrAlg = new AlgorithmId(new ObjectIdentifier(KEY_PROTECTOR_OID));
+            encrAlg = new AlgorithmId(ObjectIdentifier.of
+                    (KnownOIDs.JAVASOFT_JDKKeyProtector));
             return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
         } catch (IOException ioe) {
             throw new KeyStoreException(ioe.getMessage());
@@ -235,7 +234,8 @@
 
         // do we support the algorithm?
         AlgorithmId encrAlg = encrInfo.getAlgorithm();
-        if (!(encrAlg.getOID().toString().equals(KEY_PROTECTOR_OID))) {
+        if (!(encrAlg.getOID().toString().equals
+                (KnownOIDs.JAVASOFT_JDKKeyProtector.value()))) {
             throw new UnrecoverableKeyException("Unsupported key protection "
                                                 + "algorithm");
         }
--- a/src/java.base/share/classes/sun/security/provider/SunEntries.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java	Tue May 19 04:05:03 2020 +0000
@@ -32,6 +32,8 @@
 
 import jdk.internal.util.StaticProperty;
 import sun.security.action.GetPropertyAction;
+import sun.security.util.SecurityProviderConstants;
+import static sun.security.util.SecurityProviderConstants.getAliases;
 
 /**
  * Defines the entries of the SUN provider.
@@ -80,18 +82,6 @@
     // the default algo used by SecureRandom class for new SecureRandom() calls
     public static final String DEF_SECURE_RANDOM_ALGO;
 
-    // create an aliases List from the specified aliases
-    public static List<String> createAliases(String ... aliases) {
-        return Arrays.asList(aliases);
-    }
-
-    // create an aliases List from the specified oid followed by other aliases
-    public static List<String> createAliasesWithOid(String ... oids) {
-        String[] result = Arrays.copyOf(oids, oids.length + 1);
-        result[result.length - 1] = "OID." + oids[0];
-        return Arrays.asList(result);
-    }
-
     SunEntries(Provider p) {
         services = new LinkedHashSet<>(50, 0.9f);
 
@@ -106,22 +96,20 @@
         attrs.put("ThreadSafe", "true");
         if (NativePRNG.isAvailable()) {
             add(p, "SecureRandom", "NativePRNG",
-                    "sun.security.provider.NativePRNG",
-                    null, attrs);
+                    "sun.security.provider.NativePRNG", attrs);
         }
         if (NativePRNG.Blocking.isAvailable()) {
             add(p, "SecureRandom", "NativePRNGBlocking",
-                    "sun.security.provider.NativePRNG$Blocking", null, attrs);
+                    "sun.security.provider.NativePRNG$Blocking", attrs);
         }
         if (NativePRNG.NonBlocking.isAvailable()) {
             add(p, "SecureRandom", "NativePRNGNonBlocking",
-                    "sun.security.provider.NativePRNG$NonBlocking", null, attrs);
+                    "sun.security.provider.NativePRNG$NonBlocking", attrs);
         }
         attrs.put("ImplementedIn", "Software");
-        add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG",
-               null, attrs);
+        add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
         add(p, "SecureRandom", "SHA1PRNG",
-                "sun.security.provider.SecureRandom", null, attrs);
+                "sun.security.provider.SecureRandom", attrs);
 
         /*
          * Signature engines
@@ -134,37 +122,28 @@
 
         attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
 
-        add(p, "Signature", "SHA1withDSA",
-                "sun.security.provider.DSA$SHA1withDSA",
-                createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS",
-                    "SHA/DSA", "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA",
-                    "DSAWithSHA1", "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs);
-        add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA",
-                createAliases("RawDSA"), attrs);
+        addWithAlias(p, "Signature", "SHA1withDSA",
+                "sun.security.provider.DSA$SHA1withDSA", attrs);
+        addWithAlias(p, "Signature", "NONEwithDSA",
+                "sun.security.provider.DSA$RawDSA", attrs);
 
         attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
 
-        add(p, "Signature", "SHA224withDSA",
-                "sun.security.provider.DSA$SHA224withDSA",
-                createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs);
-        add(p, "Signature", "SHA256withDSA",
-                "sun.security.provider.DSA$SHA256withDSA",
-                createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs);
+        addWithAlias(p, "Signature", "SHA224withDSA",
+                "sun.security.provider.DSA$SHA224withDSA", attrs);
+        addWithAlias(p, "Signature", "SHA256withDSA",
+                "sun.security.provider.DSA$SHA256withDSA", attrs);
 
         attrs.remove("KeySize");
 
         add(p, "Signature", "SHA1withDSAinP1363Format",
-                "sun.security.provider.DSA$SHA1withDSAinP1363Format",
-                null, null);
+                "sun.security.provider.DSA$SHA1withDSAinP1363Format");
         add(p, "Signature", "NONEwithDSAinP1363Format",
-                "sun.security.provider.DSA$RawDSAinP1363Format",
-                null, null);
+                "sun.security.provider.DSA$RawDSAinP1363Format");
         add(p, "Signature", "SHA224withDSAinP1363Format",
-                "sun.security.provider.DSA$SHA224withDSAinP1363Format",
-                null, null);
+                "sun.security.provider.DSA$SHA224withDSAinP1363Format");
         add(p, "Signature", "SHA256withDSAinP1363Format",
-                "sun.security.provider.DSA$SHA256withDSAinP1363Format",
-                null, null);
+                "sun.security.provider.DSA$SHA256withDSAinP1363Format");
 
         /*
          *  Key Pair Generator engines
@@ -173,85 +152,75 @@
         attrs.put("ImplementedIn", "Software");
         attrs.put("KeySize", "2048"); // for DSA KPG and APG only
 
-        String dsaOid = "1.2.840.10040.4.1";
-        List<String> dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12");
         String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
         dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
-        add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs);
+        addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
 
         /*
          * Algorithm Parameter Generator engines
          */
-        add(p, "AlgorithmParameterGenerator", "DSA",
-                "sun.security.provider.DSAParameterGenerator", dsaAliases,
-                attrs);
+        addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
+                "sun.security.provider.DSAParameterGenerator", attrs);
         attrs.remove("KeySize");
 
         /*
          * Algorithm Parameter engines
          */
-        add(p, "AlgorithmParameters", "DSA",
-                "sun.security.provider.DSAParameters", dsaAliases, attrs);
+        addWithAlias(p, "AlgorithmParameters", "DSA",
+                "sun.security.provider.DSAParameters", attrs);
 
         /*
          * Key factories
          */
-        add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory",
-                dsaAliases, attrs);
+        addWithAlias(p, "KeyFactory", "DSA",
+                "sun.security.provider.DSAKeyFactory", attrs);
 
         /*
          * Digest engines
          */
-        add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs);
-        add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs);
-        add(p, "MessageDigest", "SHA", "sun.security.provider.SHA",
-                createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs);
+        add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
+        add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
+        addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
+                attrs);
 
-        String sha2BaseOid = "2.16.840.1.101.3.4.2";
-        add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224",
-                createAliasesWithOid(sha2BaseOid + ".4"), attrs);
-        add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256",
-                createAliasesWithOid(sha2BaseOid + ".1"), attrs);
-        add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384",
-                createAliasesWithOid(sha2BaseOid + ".2"), attrs);
-        add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512",
-                createAliasesWithOid(sha2BaseOid + ".3"), attrs);
-        add(p, "MessageDigest", "SHA-512/224",
-                "sun.security.provider.SHA5$SHA512_224",
-                createAliasesWithOid(sha2BaseOid + ".5"), attrs);
-        add(p, "MessageDigest", "SHA-512/256",
-                "sun.security.provider.SHA5$SHA512_256",
-                createAliasesWithOid(sha2BaseOid + ".6"), attrs);
-        add(p, "MessageDigest", "SHA3-224", "sun.security.provider.SHA3$SHA224",
-                createAliasesWithOid(sha2BaseOid + ".7"), attrs);
-        add(p, "MessageDigest", "SHA3-256", "sun.security.provider.SHA3$SHA256",
-                createAliasesWithOid(sha2BaseOid + ".8"), attrs);
-        add(p, "MessageDigest", "SHA3-384", "sun.security.provider.SHA3$SHA384",
-                createAliasesWithOid(sha2BaseOid + ".9"), attrs);
-        add(p, "MessageDigest", "SHA3-512", "sun.security.provider.SHA3$SHA512",
-                createAliasesWithOid(sha2BaseOid + ".10"), attrs);
+        addWithAlias(p, "MessageDigest", "SHA-224",
+                "sun.security.provider.SHA2$SHA224", attrs);
+        addWithAlias(p, "MessageDigest", "SHA-256",
+                "sun.security.provider.SHA2$SHA256", attrs);
+        addWithAlias(p, "MessageDigest", "SHA-384",
+                "sun.security.provider.SHA5$SHA384", attrs);
+        addWithAlias(p, "MessageDigest", "SHA-512",
+                "sun.security.provider.SHA5$SHA512", attrs);
+        addWithAlias(p, "MessageDigest", "SHA-512/224",
+                "sun.security.provider.SHA5$SHA512_224", attrs);
+        addWithAlias(p, "MessageDigest", "SHA-512/256",
+                "sun.security.provider.SHA5$SHA512_256", attrs);
+        addWithAlias(p, "MessageDigest", "SHA3-224",
+                "sun.security.provider.SHA3$SHA224", attrs);
+        addWithAlias(p, "MessageDigest", "SHA3-256",
+                "sun.security.provider.SHA3$SHA256", attrs);
+        addWithAlias(p, "MessageDigest", "SHA3-384",
+                "sun.security.provider.SHA3$SHA384", attrs);
+        addWithAlias(p, "MessageDigest", "SHA3-512",
+                "sun.security.provider.SHA3$SHA512", attrs);
 
         /*
          * Certificates
          */
-        add(p, "CertificateFactory", "X.509",
-                "sun.security.provider.X509Factory",
-                createAliases("X509"), attrs);
+        addWithAlias(p, "CertificateFactory", "X.509",
+                "sun.security.provider.X509Factory", attrs);
 
         /*
          * KeyStore
          */
         add(p, "KeyStore", "PKCS12",
-                "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12",
-                null, null);
+                "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
         add(p, "KeyStore", "JKS",
-                "sun.security.provider.JavaKeyStore$DualFormatJKS",
-                null, attrs);
+                "sun.security.provider.JavaKeyStore$DualFormatJKS", attrs);
         add(p, "KeyStore", "CaseExactJKS",
-                "sun.security.provider.JavaKeyStore$CaseExactJKS",
-                null, attrs);
+                "sun.security.provider.JavaKeyStore$CaseExactJKS", attrs);
         add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
-                null, attrs);
+                attrs);
 
 
         /*
@@ -259,22 +228,21 @@
          */
         add(p, "CertStore", "Collection",
                 "sun.security.provider.certpath.CollectionCertStore",
-                null, attrs);
+                attrs);
         add(p, "CertStore", "com.sun.security.IndexedCollection",
                 "sun.security.provider.certpath.IndexedCollectionCertStore",
-                null, attrs);
+                attrs);
 
         /*
          * Policy
          */
-        add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile",
-                null, null);
+        add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile");
 
         /*
          * Configuration
          */
         add(p, "Configuration", "JavaLoginConfig",
-                "sun.security.provider.ConfigFile$Spi", null, null);
+                "sun.security.provider.ConfigFile$Spi");
 
         /*
          * CertPathBuilder and CertPathValidator
@@ -285,19 +253,29 @@
 
         add(p, "CertPathBuilder", "PKIX",
                 "sun.security.provider.certpath.SunCertPathBuilder",
-                null, attrs);
+                attrs);
         add(p, "CertPathValidator", "PKIX",
                 "sun.security.provider.certpath.PKIXCertPathValidator",
-                null, attrs);
+                attrs);
     }
 
     Iterator<Provider.Service> iterator() {
         return services.iterator();
     }
 
+    private void add(Provider p, String type, String algo, String cn) {
+        services.add(new Provider.Service(p, type, algo, cn, null, null));
+    }
+
     private void add(Provider p, String type, String algo, String cn,
-            List<String> aliases, HashMap<String, String> attrs) {
-        services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
+            HashMap<String, String> attrs) {
+        services.add(new Provider.Service(p, type, algo, cn, null, attrs));
+    }
+
+    private void addWithAlias(Provider p, String type, String algo, String cn,
+            HashMap<String, String> attrs) {
+        services.add(new Provider.Service(p, type, algo, cn,
+            getAliases(algo), attrs));
     }
 
     private LinkedHashSet<Provider.Service> services;
--- a/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java	Tue May 19 04:05:03 2020 +0000
@@ -135,7 +135,7 @@
     private static final Debug debug = Debug.getInstance("certpath");
     private static final boolean dump = debug != null && Debug.isOn("ocsp");
     private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
-        ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
+        ObjectIdentifier.of(KnownOIDs.OCSPBasicResponse);
     private static final int CERT_STATUS_GOOD = 0;
     private static final int CERT_STATUS_REVOKED = 1;
     private static final int CERT_STATUS_UNKNOWN = 2;
@@ -144,9 +144,6 @@
     private static final int NAME_TAG = 1;
     private static final int KEY_TAG = 2;
 
-    // Object identifier for the OCSPSigning key purpose
-    private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";
-
     // Default maximum clock skew in milliseconds (15 minutes)
     // allowed when checking validity of OCSP responses
     private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
@@ -493,7 +490,7 @@
                 try {
                     List<String> keyPurposes = signerCert.getExtendedKeyUsage();
                     if (keyPurposes == null ||
-                        !keyPurposes.contains(KP_OCSP_SIGNING_OID)) {
+                        !keyPurposes.contains(KnownOIDs.OCSPSigning.value())) {
                         throw new CertPathValidatorException(
                             "Responder's certificate not valid for signing " +
                             "OCSP responses");
--- a/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java	Tue May 19 04:05:03 2020 +0000
@@ -46,6 +46,7 @@
 import sun.security.x509.*;
 import static sun.security.x509.PKIXExtensions.*;
 import sun.security.util.Debug;
+import sun.security.util.KnownOIDs;
 
 class RevocationChecker extends PKIXRevocationChecker {
 
@@ -722,7 +723,7 @@
                 // verify the response
                 byte[] nonce = null;
                 for (Extension ext : ocspExtensions) {
-                    if (ext.getId().equals("1.3.6.1.5.5.7.48.1.2")) {
+                    if (ext.getId().equals(KnownOIDs.OCSPNonceExt.value())) {
                         nonce = ext.getValue();
                     }
                 }
--- a/src/java.base/share/classes/sun/security/rsa/PSSParameters.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/rsa/PSSParameters.java	Tue May 19 04:05:03 2020 +0000
@@ -99,7 +99,7 @@
             } else if (d.isContextSpecific((byte) 0x01)) {
                 // mgf algid
                 AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
-                if (!val.getOID().equals(AlgorithmId.mgf1_oid)) {
+                if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
                     throw new IOException("Only MGF1 mgf is supported");
                 }
                 AlgorithmId params = AlgorithmId.parse(
@@ -242,7 +242,7 @@
 
         if (!mgfDigestId.getOID().equals(AlgorithmId.SHA_oid)) {
             tmp2 = new DerOutputStream();
-            tmp2.putOID(AlgorithmId.mgf1_oid);
+            tmp2.putOID(AlgorithmId.MGF1_oid);
             mgfDigestId.encode(tmp2);
             tmp3 = new DerOutputStream();
             tmp3.write(DerValue.tag_Sequence, tmp2);
--- a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@
 
 import java.util.*;
 import java.security.Provider;
-import static sun.security.provider.SunEntries.createAliasesWithOid;
+import static sun.security.util.SecurityProviderConstants.getAliases;
 
 /**
  * Defines the entries of the SunRsaSign provider.
@@ -38,7 +38,14 @@
 
     private void add(Provider p, String type, String algo, String cn,
              List<String> aliases, HashMap<String, String> attrs) {
-         services.add(new Provider.Service(p, type, algo, cn, aliases, attrs));
+         services.add(new Provider.Service(p, type, algo, cn,
+             aliases, attrs));
+    }
+
+    private void addA(Provider p, String type, String algo, String cn,
+             HashMap<String, String> attrs) {
+         services.add(new Provider.Service(p, type, algo, cn,
+             getAliases(algo), attrs));
     }
 
     // extend LinkedHashSet for consistency with SunEntries
@@ -47,13 +54,6 @@
         services = new LinkedHashSet<>(20, 0.9f);
 
         // start populating content using the specified provider
-
-        // common oids
-        String rsaOid = "1.2.840.113549.1.1";
-        List<String> rsaAliases = createAliasesWithOid(rsaOid);
-        List<String> rsapssAliases = createAliasesWithOid(rsaOid + ".10");
-        String sha1withRSAOid2 = "1.3.14.3.2.29";
-
         // common attribute map
         HashMap<String, String> attrs = new HashMap<>(3);
         attrs.put("SupportedKeyClasses",
@@ -62,50 +62,37 @@
 
         add(p, "KeyFactory", "RSA",
                 "sun.security.rsa.RSAKeyFactory$Legacy",
-                rsaAliases, null);
+                getAliases("PKCS1"), null);
         add(p, "KeyPairGenerator", "RSA",
                 "sun.security.rsa.RSAKeyPairGenerator$Legacy",
-                rsaAliases, null);
-        add(p, "Signature", "MD2withRSA",
-                "sun.security.rsa.RSASignature$MD2withRSA",
-                createAliasesWithOid(rsaOid + ".2"), attrs);
-        add(p, "Signature", "MD5withRSA",
-                "sun.security.rsa.RSASignature$MD5withRSA",
-                createAliasesWithOid(rsaOid + ".4"), attrs);
-        add(p, "Signature", "SHA1withRSA",
-                "sun.security.rsa.RSASignature$SHA1withRSA",
-                createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs);
-        add(p, "Signature", "SHA224withRSA",
-                "sun.security.rsa.RSASignature$SHA224withRSA",
-                createAliasesWithOid(rsaOid + ".14"), attrs);
-        add(p, "Signature", "SHA256withRSA",
-                "sun.security.rsa.RSASignature$SHA256withRSA",
-                createAliasesWithOid(rsaOid + ".11"), attrs);
-        add(p, "Signature", "SHA384withRSA",
-                "sun.security.rsa.RSASignature$SHA384withRSA",
-                createAliasesWithOid(rsaOid + ".12"), attrs);
-        add(p, "Signature", "SHA512withRSA",
-                "sun.security.rsa.RSASignature$SHA512withRSA",
-                createAliasesWithOid(rsaOid + ".13"), attrs);
-        add(p, "Signature", "SHA512/224withRSA",
-                "sun.security.rsa.RSASignature$SHA512_224withRSA",
-                createAliasesWithOid(rsaOid + ".15"), attrs);
-        add(p, "Signature", "SHA512/256withRSA",
-                "sun.security.rsa.RSASignature$SHA512_256withRSA",
-                createAliasesWithOid(rsaOid + ".16"), attrs);
+                getAliases("PKCS1"), null);
+        addA(p, "Signature", "MD2withRSA",
+                "sun.security.rsa.RSASignature$MD2withRSA", attrs);
+        addA(p, "Signature", "MD5withRSA",
+                "sun.security.rsa.RSASignature$MD5withRSA", attrs);
+        addA(p, "Signature", "SHA1withRSA",
+                "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
+        addA(p, "Signature", "SHA224withRSA",
+                "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
+        addA(p, "Signature", "SHA256withRSA",
+                "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
+        addA(p, "Signature", "SHA384withRSA",
+                "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
+        addA(p, "Signature", "SHA512withRSA",
+                "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
+        addA(p, "Signature", "SHA512/224withRSA",
+                "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
+        addA(p, "Signature", "SHA512/256withRSA",
+                "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
 
-        add(p, "KeyFactory", "RSASSA-PSS",
-                "sun.security.rsa.RSAKeyFactory$PSS",
-                rsapssAliases, null);
-        add(p, "KeyPairGenerator", "RSASSA-PSS",
-                "sun.security.rsa.RSAKeyPairGenerator$PSS",
-                rsapssAliases, null);
-        add(p, "Signature", "RSASSA-PSS",
-                "sun.security.rsa.RSAPSSSignature",
-                rsapssAliases, attrs);
-        add(p, "AlgorithmParameters", "RSASSA-PSS",
-                "sun.security.rsa.PSSParameters",
-                rsapssAliases, null);
+        addA(p, "KeyFactory", "RSASSA-PSS",
+                "sun.security.rsa.RSAKeyFactory$PSS", attrs);
+        addA(p, "KeyPairGenerator", "RSASSA-PSS",
+                "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
+        addA(p, "Signature", "RSASSA-PSS",
+                "sun.security.rsa.RSAPSSSignature", attrs);
+        addA(p, "AlgorithmParameters", "RSASSA-PSS",
+                "sun.security.rsa.PSSParameters", attrs);
     }
 
     public Iterator<Provider.Service> iterator() {
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 import java.security.*;
 import java.util.*;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
-import static sun.security.provider.SunEntries.createAliases;
+import static sun.security.util.SecurityProviderConstants.*;
 
 /**
  * The JSSE provider.
@@ -74,8 +74,8 @@
     }
 
     private void ps(String type, String algo, String cn,
-            List<String> aliases, HashMap<String, String> attrs) {
-        putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
+            List<String> a, HashMap<String, String> attrs) {
+        putService(new Provider.Service(this, type, algo, cn, a, attrs));
     }
 
     private void doRegister() {
@@ -86,18 +86,18 @@
             "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null);
         ps("KeyManagerFactory", "NewSunX509",
             "sun.security.ssl.KeyManagerFactoryImpl$X509",
-            createAliases("PKIX"), null);
+            List.of("PKIX"), null);
 
         ps("TrustManagerFactory", "SunX509",
             "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory",
             null, null);
         ps("TrustManagerFactory", "PKIX",
             "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
-            createAliases("SunPKIX", "X509", "X.509"), null);
+            List.of("SunPKIX", "X509", "X.509"), null);
 
         ps("SSLContext", "TLSv1",
             "sun.security.ssl.SSLContextImpl$TLS10Context",
-            createAliases("SSLv3"), null);
+            List.of("SSLv3"), null);
         ps("SSLContext", "TLSv1.1",
             "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
         ps("SSLContext", "TLSv1.2",
@@ -106,7 +106,7 @@
             "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
         ps("SSLContext", "TLS",
             "sun.security.ssl.SSLContextImpl$TLSContext",
-            createAliases("SSL"), null);
+            List.of("SSL"), null);
 
         ps("SSLContext", "DTLSv1.0",
             "sun.security.ssl.SSLContextImpl$DTLS10Context", null, null);
--- a/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,7 @@
 import javax.net.ssl.*;
 import sun.security.provider.certpath.AlgorithmChecker;
 import sun.security.validator.Validator;
+import sun.security.util.KnownOIDs;
 
 /**
  * The new X509 key manager implementation. The main differences to the
@@ -522,14 +523,19 @@
 
         // enum constant for "tls client" check
         // valid EKU for TLS client: any, tls_client
-        CLIENT(new HashSet<String>(Arrays.asList(new String[] {
-            "2.5.29.37.0", "1.3.6.1.5.5.7.3.2" }))),
+        CLIENT(new HashSet<String>(List.of(
+            KnownOIDs.anyExtendedKeyUsage.value(),
+            KnownOIDs.clientAuth.value()
+        ))),
 
         // enum constant for "tls server" check
         // valid EKU for TLS server: any, tls_server, ns_sgc, ms_sgc
-        SERVER(new HashSet<String>(Arrays.asList(new String[] {
-            "2.5.29.37.0", "1.3.6.1.5.5.7.3.1", "2.16.840.1.113730.4.1",
-            "1.3.6.1.4.1.311.10.3.3" })));
+        SERVER(new HashSet<String>(List.of(
+            KnownOIDs.anyExtendedKeyUsage.value(),
+            KnownOIDs.serverAuth.value(),
+            KnownOIDs.NETSCAPE_ExportApproved.value(),
+            KnownOIDs.MICROSOFT_ExportApproved.value()
+        )));
 
         // set of valid EKU values for this type
         final Set<String> validEku;
--- a/src/java.base/share/classes/sun/security/timestamp/TSRequest.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/timestamp/TSRequest.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -163,7 +163,7 @@
         // encode optional elements
 
         if (policyId != null) {
-            request.putOID(new ObjectIdentifier(policyId));
+            request.putOID(ObjectIdentifier.of(policyId));
         }
         if (nonce != null) {
             request.putInteger(nonce);
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Tue May 19 04:05:03 2020 +0000
@@ -82,6 +82,7 @@
 import sun.security.pkcs10.PKCS10Attribute;
 import sun.security.provider.X509Factory;
 import sun.security.provider.certpath.ssl.SSLServerCertStore;
+import sun.security.util.KnownOIDs;
 import sun.security.util.Password;
 import sun.security.util.SecurityProperties;
 import sun.security.util.SecurityProviderConstants;
@@ -4130,6 +4131,23 @@
      * partial, or case-insensitive.
      *
      * @param s the command provided by user
+     * @param list the legal command set represented by KnownOIDs enums.
+     * @return the position of a single match, or -1 if none matched
+     * @throws Exception if s is ambiguous
+     */
+    private static int oneOf(String s, KnownOIDs... list) throws Exception {
+        String[] convertedList = new String[list.length];
+        for (int i = 0; i < list.length; i++) {
+            convertedList[i] = list[i].stdName();
+        }
+        return oneOf(s, convertedList);
+    }
+
+    /**
+     * Match a command with a command set. The match can be exact, or
+     * partial, or case-insensitive.
+     *
+     * @param s the command provided by user
      * @param list the legal command set. If there is a null, commands after it
      *      are regarded experimental, which means they are supported but their
      *      existence should not be revealed to user.
@@ -4262,7 +4280,7 @@
             case 5: return PKIXExtensions.SubjectInfoAccess_Id;
             case 6: return PKIXExtensions.AuthInfoAccess_Id;
             case 8: return PKIXExtensions.CRLDistributionPoints_Id;
-            default: return new ObjectIdentifier(type);
+            default: return ObjectIdentifier.of(type);
         }
     }
 
@@ -4474,30 +4492,26 @@
                     case 2:     // EKU
                         if(value != null) {
                             Vector<ObjectIdentifier> v = new Vector<>();
+                            KnownOIDs[] choices = {
+                                    KnownOIDs.anyExtendedKeyUsage,
+                                    KnownOIDs.serverAuth,
+                                    KnownOIDs.clientAuth,
+                                    KnownOIDs.codeSigning,
+                                    KnownOIDs.emailProtection,
+                                    KnownOIDs.KP_TimeStamping,
+                                    KnownOIDs.OCSPSigning
+                            };
                             for (String s: value.split(",")) {
-                                int p = oneOf(s,
-                                        "anyExtendedKeyUsage",
-                                        "serverAuth",       //1
-                                        "clientAuth",       //2
-                                        "codeSigning",      //3
-                                        "emailProtection",  //4
-                                        "",                 //5
-                                        "",                 //6
-                                        "",                 //7
-                                        "timeStamping",     //8
-                                        "OCSPSigning"       //9
-                                       );
-                                if (p < 0) {
-                                    try {
-                                        v.add(new ObjectIdentifier(s));
-                                    } catch (Exception e) {
-                                        throw new Exception(rb.getString(
-                                                "Unknown.extendedkeyUsage.type.") + s);
-                                    }
-                                } else if (p == 0) {
-                                    v.add(new ObjectIdentifier("2.5.29.37.0"));
-                                } else {
-                                    v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p));
+                                int p = oneOf(s, choices);
+                                String o = s;
+                                if (p >= 0) {
+                                    o = choices[p].value();
+                                }
+                                try {
+                                    v.add(ObjectIdentifier.of(o));
+                                } catch (Exception e) {
+                                    throw new Exception(rb.getString(
+                                            "Unknown.extendedkeyUsage.type.") + s);
                                 }
                             }
                             setExt(result, new ExtendedKeyUsageExtension(isCritical, v));
@@ -4552,24 +4566,23 @@
                                 String m = item.substring(0, colonpos);
                                 String t = item.substring(colonpos+1, colonpos2);
                                 String v = item.substring(colonpos2+1);
-                                int p = oneOf(m,
-                                        "",
-                                        "ocsp",         //1
-                                        "caIssuers",    //2
-                                        "timeStamping", //3
-                                        "",
-                                        "caRepository"  //5
-                                        );
+                                KnownOIDs[] choices = {
+                                    KnownOIDs.OCSP,
+                                    KnownOIDs.caIssuers,
+                                    KnownOIDs.AD_TimeStamping,
+                                    KnownOIDs.caRepository
+                                };
+                                int p = oneOf(m, choices);
                                 ObjectIdentifier oid;
-                                if (p < 0) {
+                                if (p >= 0) {
+                                    oid = ObjectIdentifier.of(choices[p]);
+                                } else {
                                     try {
-                                        oid = new ObjectIdentifier(m);
+                                        oid = ObjectIdentifier.of(m);
                                     } catch (Exception e) {
                                         throw new Exception(rb.getString(
                                                 "Unknown.AccessDescription.type.") + m);
                                     }
-                                } else {
-                                    oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
                                 }
                                 accessDescriptions.add(new AccessDescription(
                                         oid, createGeneralName(t, v, exttype)));
@@ -4606,7 +4619,7 @@
                         }
                         break;
                     case -1:
-                        ObjectIdentifier oid = new ObjectIdentifier(name);
+                        ObjectIdentifier oid = ObjectIdentifier.of(name);
                         byte[] data = null;
                         if (value != null) {
                             data = new byte[value.length() / 2 + 1];
--- a/src/java.base/share/classes/sun/security/util/ConstraintsParameters.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/util/ConstraintsParameters.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -153,7 +153,7 @@
     public static String[] getNamedCurveFromKey(Key key) {
         if (key instanceof ECKey) {
             NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams());
-            return (nc == null ? EMPTYLIST : CurveDB.getNamesByOID(nc.getObjectId()));
+            return (nc == null ? EMPTYLIST : nc.getNameAndAliases());
         } else if (key instanceof XECKey) {
             String[] s = {
                     ((NamedParameterSpec)((XECKey)key).getParams()).getName()
--- a/src/java.base/share/classes/sun/security/util/CurveDB.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/util/CurveDB.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,6 @@
 import java.security.spec.*;
 
 import java.util.*;
-import java.util.regex.Pattern;
 
 /**
  * Repository for well-known Elliptic Curve parameters. It is used by both
@@ -54,8 +53,6 @@
 
     private static Collection<? extends NamedCurve> specCollection;
 
-    public static final String SPLIT_PATTERN = ",|\\[|\\]";
-
     // Used by SunECEntries
     public static Collection<? extends NamedCurve>getSupportedCurves() {
         return specCollection;
@@ -117,9 +114,8 @@
         return new BigInteger(s, 16);
     }
 
-    private static void add(String name, String soid, int type, String sfield,
-            String a, String b, String x, String y, String n, int h,
-            Pattern nameSplitPattern) {
+    private static void add(KnownOIDs o, int type, String sfield,
+            String a, String b, String x, String y, String n, int h) {
         BigInteger p = bi(sfield);
         ECField field;
         if ((type == P) || (type == PD)) {
@@ -133,16 +129,16 @@
         EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
         ECPoint g = new ECPoint(bi(x), bi(y));
 
-        NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h);
-        if (oidMap.put(soid, params) != null) {
-            throw new RuntimeException("Duplication oid: " + soid);
+        String oid = o.value();
+        NamedCurve params = new NamedCurve(o, curve, g, bi(n), h);
+        if (oidMap.put(oid, params) != null) {
+            throw new RuntimeException("Duplication oid: " + oid);
         }
 
-        String[] commonNames = nameSplitPattern.split(name);
-        for (String commonName : commonNames) {
-            if (nameMap.put(commonName.trim().toLowerCase(Locale.ENGLISH),
-                            params) != null) {
-                throw new RuntimeException("Duplication name: " + commonName);
+        for (String cn : params.getNameAndAliases()) {
+            if (nameMap.put(cn.toLowerCase(Locale.ENGLISH),
+                        params) != null) {
+                throw new RuntimeException("Duplication name: " + cn);
             }
         }
 
@@ -154,445 +150,424 @@
         }
     }
 
-    private static class Holder {
-        private static final Pattern nameSplitPattern = Pattern.compile(
-                SPLIT_PATTERN);
-    }
-
-    // Return all the names the EC curve could be using.
-    static String[] getNamesByOID(String oid) {
-        NamedCurve nc = oidMap.get(oid);
-        if (nc == null) {
-            return new String[0];
-        }
-        String[] list = Holder.nameSplitPattern.split(nc.getName());
-        int i = 0;
-        do {
-            list[i] = list[i].trim();
-        } while (++i < list.length);
-        return list;
-    }
-
     static {
-        Pattern nameSplitPattern = Holder.nameSplitPattern;
-
         /* SEC2 prime curves */
-        add("secp112r1", "1.3.132.0.6", P,
+        add(KnownOIDs.secp112r1, P,
             "DB7C2ABF62E35E668076BEAD208B",
             "DB7C2ABF62E35E668076BEAD2088",
             "659EF8BA043916EEDE8911702B22",
             "09487239995A5EE76B55F9C2F098",
             "A89CE5AF8724C0A23E0E0FF77500",
             "DB7C2ABF62E35E7628DFAC6561C5",
-            1, nameSplitPattern);
+            1);
 
-        add("secp112r2", "1.3.132.0.7", P,
+        add(KnownOIDs.secp112r2, P,
             "DB7C2ABF62E35E668076BEAD208B",
             "6127C24C05F38A0AAAF65C0EF02C",
             "51DEF1815DB5ED74FCC34C85D709",
             "4BA30AB5E892B4E1649DD0928643",
             "adcd46f5882e3747def36e956e97",
             "36DF0AAFD8B8D7597CA10520D04B",
-            4, nameSplitPattern);
+            4);
 
-        add("secp128r1", "1.3.132.0.28", P,
+        add(KnownOIDs.secp128r1, P,
             "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
             "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
             "E87579C11079F43DD824993C2CEE5ED3",
             "161FF7528B899B2D0C28607CA52C5B86",
             "CF5AC8395BAFEB13C02DA292DDED7A83",
             "FFFFFFFE0000000075A30D1B9038A115",
-            1, nameSplitPattern);
+            1);
 
-        add("secp128r2", "1.3.132.0.29", P,
+        add(KnownOIDs.secp128r2, P,
             "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
             "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
             "5EEEFCA380D02919DC2C6558BB6D8A5D",
             "7B6AA5D85E572983E6FB32A7CDEBC140",
             "27B6916A894D3AEE7106FE805FC34B44",
             "3FFFFFFF7FFFFFFFBE0024720613B5A3",
-            4, nameSplitPattern);
+            4);
 
-        add("secp160k1", "1.3.132.0.9", P,
+        add(KnownOIDs.secp160k1, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
             "0000000000000000000000000000000000000000",
             "0000000000000000000000000000000000000007",
             "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
             "938CF935318FDCED6BC28286531733C3F03C4FEE",
             "0100000000000000000001B8FA16DFAB9ACA16B6B3",
-            1, nameSplitPattern);
+            1);
 
-        add("secp160r1", "1.3.132.0.8", P,
+        add(KnownOIDs.secp160r1, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
             "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
             "4A96B5688EF573284664698968C38BB913CBFC82",
             "23A628553168947D59DCC912042351377AC5FB32",
             "0100000000000000000001F4C8F927AED3CA752257",
-            1, nameSplitPattern);
+            1);
 
-        add("secp160r2", "1.3.132.0.30", P,
+        add(KnownOIDs.secp160r2, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
             "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
             "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
             "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
             "0100000000000000000000351EE786A818F3A1A16B",
-            1, nameSplitPattern);
+            1);
 
-        add("secp192k1", "1.3.132.0.31", P,
+        add(KnownOIDs.secp192k1, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
             "000000000000000000000000000000000000000000000000",
             "000000000000000000000000000000000000000000000003",
             "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
             "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
             "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
-            1, nameSplitPattern);
+            1);
 
-        add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
+        add(KnownOIDs.secp192r1, PD,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
             "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
             "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
             "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
             "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
-            1, nameSplitPattern);
+            1);
 
-        add("secp224k1", "1.3.132.0.32", P,
+        add(KnownOIDs.secp224k1, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
             "00000000000000000000000000000000000000000000000000000000",
             "00000000000000000000000000000000000000000000000000000005",
             "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
             "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
             "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
-            1, nameSplitPattern);
+            1);
 
-        add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
+        add(KnownOIDs.secp224r1, PD,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
             "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
             "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
             "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
-            1, nameSplitPattern);
+            1);
 
-        add("secp256k1", "1.3.132.0.10", P,
+        add(KnownOIDs.secp256k1, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
             "0000000000000000000000000000000000000000000000000000000000000000",
             "0000000000000000000000000000000000000000000000000000000000000007",
             "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
             "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
-            1, nameSplitPattern);
+            1);
 
-        add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
+        add(KnownOIDs.secp256r1, PD,
             "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
             "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
             "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
             "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
             "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
             "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
-            1, nameSplitPattern);
+            1);
 
-        add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD,
+        add(KnownOIDs.secp384r1, PD,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
             "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
             "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
             "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
-            1, nameSplitPattern);
+            1);
 
-        add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD,
+        add(KnownOIDs.secp521r1, PD,
             "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
             "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
             "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
             "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
             "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
             "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
-            1, nameSplitPattern);
+            1);
 
         /* ANSI X9.62 prime curves */
-        add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
+        add(KnownOIDs.prime192v2, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
             "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
             "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
             "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
             "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
-            1, nameSplitPattern);
+            1);
 
-        add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
+        add(KnownOIDs.prime192v3, P,
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
             "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
             "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
             "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
             "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
-            1, nameSplitPattern);
+            1);
 
-        add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
+        add(KnownOIDs.prime239v1, P,
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
             "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
             "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
             "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
-            1, nameSplitPattern);
+            1);
 
-        add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
+        add(KnownOIDs.prime239v2, P,
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
             "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
             "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
             "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
             "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
-            1, nameSplitPattern);
+            1);
 
-        add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
+        add(KnownOIDs.prime239v3, P,
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
             "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
             "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
             "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
             "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
-            1, nameSplitPattern);
+            1);
 
         /* SEC2 binary curves */
-        add("sect113r1", "1.3.132.0.4", B,
+        add(KnownOIDs.sect113r1, B,
             "020000000000000000000000000201",
             "003088250CA6E7C7FE649CE85820F7",
             "00E8BEE4D3E2260744188BE0E9C723",
             "009D73616F35F4AB1407D73562C10F",
             "00A52830277958EE84D1315ED31886",
             "0100000000000000D9CCEC8A39E56F",
-            2, nameSplitPattern);
+            2);
 
-        add("sect113r2", "1.3.132.0.5", B,
+        add(KnownOIDs.sect113r2, B,
             "020000000000000000000000000201",
             "00689918DBEC7E5A0DD6DFC0AA55C7",
             "0095E9A9EC9B297BD4BF36E059184F",
             "01A57A6A7B26CA5EF52FCDB8164797",
             "00B3ADC94ED1FE674C06E695BABA1D",
             "010000000000000108789B2496AF93",
-            2, nameSplitPattern);
+            2);
 
-        add("sect131r1", "1.3.132.0.22", B,
+        add(KnownOIDs.sect131r1, B,
             "080000000000000000000000000000010D",
             "07A11B09A76B562144418FF3FF8C2570B8",
             "0217C05610884B63B9C6C7291678F9D341",
             "0081BAF91FDF9833C40F9C181343638399",
             "078C6E7EA38C001F73C8134B1B4EF9E150",
             "0400000000000000023123953A9464B54D",
-            2, nameSplitPattern);
+            2);
 
-        add("sect131r2", "1.3.132.0.23", B,
+        add(KnownOIDs.sect131r2, B,
             "080000000000000000000000000000010D",
             "03E5A88919D7CAFCBF415F07C2176573B2",
             "04B8266A46C55657AC734CE38F018F2192",
             "0356DCD8F2F95031AD652D23951BB366A8",
             "0648F06D867940A5366D9E265DE9EB240F",
             "0400000000000000016954A233049BA98F",
-            2, nameSplitPattern);
+            2);
 
-        add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
+        add(KnownOIDs.sect163k1, BD,
             "0800000000000000000000000000000000000000C9",
             "000000000000000000000000000000000000000001",
             "000000000000000000000000000000000000000001",
             "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
             "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
             "04000000000000000000020108A2E0CC0D99F8A5EF",
-            2, nameSplitPattern);
+            2);
 
-        add("sect163r1", "1.3.132.0.2", B,
+        add(KnownOIDs.sect163r1, B,
             "0800000000000000000000000000000000000000C9",
             "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
             "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
             "0369979697AB43897789566789567F787A7876A654",
             "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
             "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
-            2, nameSplitPattern);
+            2);
 
-        add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
+        add(KnownOIDs.sect163r2, BD,
             "0800000000000000000000000000000000000000C9",
             "000000000000000000000000000000000000000001",
             "020A601907B8C953CA1481EB10512F78744A3205FD",
             "03F0EBA16286A2D57EA0991168D4994637E8343E36",
             "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
             "040000000000000000000292FE77E70C12A4234C33",
-            2, nameSplitPattern);
+            2);
 
-        add("sect193r1", "1.3.132.0.24", B,
+        add(KnownOIDs.sect193r1, B,
             "02000000000000000000000000000000000000000000008001",
             "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
             "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
             "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
             "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
             "01000000000000000000000000C7F34A778F443ACC920EBA49",
-            2, nameSplitPattern);
+            2);
 
-        add("sect193r2", "1.3.132.0.25", B,
+        add(KnownOIDs.sect193r2, B,
             "02000000000000000000000000000000000000000000008001",
             "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
             "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
             "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
             "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
             "010000000000000000000000015AAB561B005413CCD4EE99D5",
-            2, nameSplitPattern);
+            2);
 
-        add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
+        add(KnownOIDs.sect233k1, BD,
             "020000000000000000000000000000000000000004000000000000000001",
             "000000000000000000000000000000000000000000000000000000000000",
             "000000000000000000000000000000000000000000000000000000000001",
             "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
             "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
             "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
-            4, nameSplitPattern);
+            4);
 
-        add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
+        add(KnownOIDs.sect233r1, B,
             "020000000000000000000000000000000000000004000000000000000001",
             "000000000000000000000000000000000000000000000000000000000001",
             "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
             "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
             "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
             "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
-            2, nameSplitPattern);
+            2);
 
-        add("sect239k1", "1.3.132.0.3", B,
+        add(KnownOIDs.sect239k1, B,
             "800000000000000000004000000000000000000000000000000000000001",
             "000000000000000000000000000000000000000000000000000000000000",
             "000000000000000000000000000000000000000000000000000000000001",
             "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
             "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
             "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
-            4, nameSplitPattern);
+            4);
 
-        add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
+        add(KnownOIDs.sect283k1, BD,
             "0800000000000000000000000000000000000000000000000000000000000000000010A1",
             "000000000000000000000000000000000000000000000000000000000000000000000000",
             "000000000000000000000000000000000000000000000000000000000000000000000001",
             "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
             "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
             "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
-            4, nameSplitPattern);
+            4);
 
-        add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
+        add(KnownOIDs.sect283r1, B,
             "0800000000000000000000000000000000000000000000000000000000000000000010A1",
             "000000000000000000000000000000000000000000000000000000000000000000000001",
             "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
             "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
             "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
             "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
-            2, nameSplitPattern);
+            2);
 
-        add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
+        add(KnownOIDs.sect409k1, BD,
             "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
             "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
             "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
             "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
             "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
             "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
-            4, nameSplitPattern);
+            4);
 
-        add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
+        add(KnownOIDs.sect409r1, B,
             "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
             "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
             "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
             "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
             "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
             "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
-            2, nameSplitPattern);
+            2);
 
-        add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
+        add(KnownOIDs.sect571k1, BD,
             "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
             "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
             "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
             "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
             "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
             "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
-            4, nameSplitPattern);
+            4);
 
-        add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
+        add(KnownOIDs.sect571r1, B,
             "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
             "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
             "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
             "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
             "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
             "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
-            2, nameSplitPattern);
+            2);
 
         /* ANSI X9.62 binary curves */
-        add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
+        add(KnownOIDs.c2tnb191v1, B,
             "800000000000000000000000000000000000000000000201",
             "2866537B676752636A68F56554E12640276B649EF7526267",
             "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
             "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
             "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
             "40000000000000000000000004A20E90C39067C893BBB9A5",
-            2, nameSplitPattern);
+            2);
 
-        add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
+        add(KnownOIDs.c2tnb191v2, B,
             "800000000000000000000000000000000000000000000201",
             "401028774D7777C7B7666D1366EA432071274F89FF01E718",
             "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
             "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
             "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
             "20000000000000000000000050508CB89F652824E06B8173",
-            4, nameSplitPattern);
+            4);
 
-        add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
+        add(KnownOIDs.c2tnb191v3, B,
             "800000000000000000000000000000000000000000000201",
             "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
             "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
             "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
             "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
             "155555555555555555555555610C0B196812BFB6288A3EA3",
-            6, nameSplitPattern);
+            6);
 
-        add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
+        add(KnownOIDs.c2tnb239v1, B,
             "800000000000000000000000000000000000000000000000001000000001",
             "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
             "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
             "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
             "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
             "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
-            4, nameSplitPattern);
+            4);
 
-        add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
+        add(KnownOIDs.c2tnb239v2, B,
             "800000000000000000000000000000000000000000000000001000000001",
             "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
             "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
             "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
             "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
             "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
-            6, nameSplitPattern);
+            6);
 
-        add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
+        add(KnownOIDs.c2tnb239v3, B,
             "800000000000000000000000000000000000000000000000001000000001",
             "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
             "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
             "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
             "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
             "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
-            0xA, nameSplitPattern);
+            0xA);
 
-        add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
+        add(KnownOIDs.c2tnb359v1, B,
             "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
             "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
             "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
             "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
             "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
             "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
-            0x4C, nameSplitPattern);
+            0x4C);
 
-        add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
+        add(KnownOIDs.c2tnb431r1, B,
             "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
             "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
             "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
             "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
             "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
             "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
-            0x2760, nameSplitPattern);
+            0x2760);
 
         /* ANSI X9.62 binary curves from the 1998 standard but forbidden
          * in the 2005 version of the standard.
@@ -600,77 +575,77 @@
          * case we need to support them after all.
          */
 /*
-        add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
+        add(KnownOIDs.c2pnb163v1, B,
             "080000000000000000000000000000000000000107",
             "072546B5435234A422E0789675F432C89435DE5242",
             "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
             "07AF69989546103D79329FCC3D74880F33BBE803CB",
             "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
             "0400000000000000000001E60FC8821CC74DAEAFC1",
-            2, nameSplitPattern);
+            2);
 
-        add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
+        add(KnownOIDs.c2pnb163v2, B,
             "080000000000000000000000000000000000000107",
             "0108B39E77C4B108BED981ED0E890E117C511CF072",
             "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
             "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
             "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
             "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
-            2, nameSplitPattern);
+            2);
 
-        add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
+        add(KnownOIDs.c2pnb163v3, B,
             "080000000000000000000000000000000000000107",
             "07A526C63D3E25A256A007699F5447E32AE456B50E",
             "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
             "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
             "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
             "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
-            2, nameSplitPattern);
+            2);
 
-        add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
+        add(KnownOIDs.c2pnb176w1, B,
             "0100000000000000000000000000000000080000000007",
             "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
             "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
             "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
             "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
             "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
-            0xFF6E, nameSplitPattern);
+            0xFF6E);
 
-        add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
+        add(KnownOIDs.c2pnb208w1, B,
             "010000000000000000000000000000000800000000000000000007",
             "0000000000000000000000000000000000000000000000000000",
             "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
             "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
             "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
             "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
-            0xFE48, nameSplitPattern);
+            0xFE48);
 
-        add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
+        add(KnownOIDs.c2pnb272w1, B,
             "010000000000000000000000000000000000000000000000000000010000000000000B",
             "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
             "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
             "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
             "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
             "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
-            0xFF06, nameSplitPattern);
+            0xFF06);
 
-        add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
+        add(KnownOIDs.c2pnb304w1, B,
             "010000000000000000000000000000000000000000000000000000000000000000000000000807",
             "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
             "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
             "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
             "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
             "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
-            0xFE2E, nameSplitPattern);
+            0xFE2E);
 
-        add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
+        add(KnownOIDs.c2pnb368w1, B,
             "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
             "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
             "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
             "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
             "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
             "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
-            0xFF70, nameSplitPattern);
+            0xFF70);
 */
 
         /*
@@ -678,68 +653,68 @@
          * (Twisted curves are not included)
          */
 
-        add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P,
+        add(KnownOIDs.brainpoolP160r1, P,
             "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
             "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
             "1E589A8595423412134FAA2DBDEC95C8D8675E58",
             "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
             "1667CB477A1A8EC338F94741669C976316DA6321",
             "E95E4A5F737059DC60DF5991D45029409E60FC09",
-            1, nameSplitPattern);
+            1);
 
-        add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P,
+        add(KnownOIDs.brainpoolP192r1, P,
             "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
             "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
             "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
             "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
             "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
             "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
-            1, nameSplitPattern);
+            1);
 
-        add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P,
+        add(KnownOIDs.brainpoolP224r1, P,
             "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
             "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
             "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
             "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
             "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
             "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
-            1, nameSplitPattern);
+            1);
 
-        add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P,
+        add(KnownOIDs.brainpoolP256r1, P,
             "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
             "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
             "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
             "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
             "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
             "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
-            1, nameSplitPattern);
+            1);
 
-        add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P,
+        add(KnownOIDs.brainpoolP320r1, P,
             "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
             "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
             "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
             "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
             "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
             "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
-            1, nameSplitPattern);
+            1);
 
-        add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P,
+        add(KnownOIDs.brainpoolP384r1, P,
             "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
             "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
             "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
             "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
             "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
             "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
-            1, nameSplitPattern);
+            1);
 
-        add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P,
+        add(KnownOIDs.brainpoolP512r1, P,
             "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
             "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
             "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
             "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
             "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
             "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
-            1, nameSplitPattern);
+            1);
 
         specCollection = Collections.unmodifiableCollection(oidMap.values());
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java	Tue May 19 04:05:03 2020 +0000
@@ -0,0 +1,495 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.util.List;
+import java.util.Locale;
+import java.util.Objects;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * This utility class maps algorithm name to the corresponding oid strings.
+ * NOTE: for 100% backward compatibility, the standard name for the enum
+ * is determined by existing usage and may be in lowercase/uppercase in
+ * order to match existing output.
+ */
+public enum KnownOIDs {
+
+    // X.500 Attributes 2.5.4.*
+    CommonName("2.5.4.3"),
+    Surname("2.5.4.4"),
+    SerialNumber("2.5.4.5"),
+    CountryName("2.5.4.6"),
+    LocalityName("2.5.4.7"),
+    StateName("2.5.4.8"),
+    StreetAddress("2.5.4.9"),
+    OrgName("2.5.4.10"),
+    OrgUnitName("2.5.4.11"),
+    Title("2.5.4.12"),
+    GivenName("2.5.4.42"),
+    Initials("2.5.4.43"),
+    GenerationQualifier("2.5.4.44"),
+    DNQualifier("2.5.4.46"),
+
+    // Certificate Extension 2.5.29.*
+    SubjectDirectoryAttributes("2.5.29.9"),
+    SubjectKeyID("2.5.29.14"),
+    KeyUsage("2.5.29.15"),
+    PrivateKeyUsage("2.5.29.16"),
+    SubjectAlternativeName("2.5.29.17"),
+    IssuerAlternativeName("2.5.29.18"),
+    BasicConstraints("2.5.29.19"),
+    CRLNumber("2.5.29.20"),
+    ReasonCode("2.5.29.21"),
+    HoldInstructionCode("2.5.29.23"),
+    InvalidityDate("2.5.29.24"),
+    DeltaCRLIndicator("2.5.29.27"),
+    IssuingDistributionPoint("2.5.29.28"),
+    CertificateIssuer("2.5.29.29"),
+    NameConstraints("2.5.29.30"),
+    CRLDistributionPoints("2.5.29.31"),
+    CertificatePolicies("2.5.29.32"),
+    CE_CERT_POLICIES_ANY("2.5.29.32.0"),
+    PolicyMappings("2.5.29.33"),
+    AuthorityKeyID("2.5.29.35"),
+    PolicyConstraints("2.5.29.36"),
+    extendedKeyUsage("2.5.29.37"),
+    anyExtendedKeyUsage("2.5.29.37.0"),
+    FreshestCRL("2.5.29.46"),
+    InhibitAnyPolicy("2.5.29.54"),
+
+    // PKIX 1.3.6.1.5.5.7.
+    AuthInfoAccess("1.3.6.1.5.5.7.1.1"),
+    SubjectInfoAccess("1.3.6.1.5.5.7.1.11"),
+    // key usage purposes - PKIX.3.*
+    serverAuth("1.3.6.1.5.5.7.3.1"),
+    clientAuth("1.3.6.1.5.5.7.3.2"),
+    codeSigning("1.3.6.1.5.5.7.3.3"),
+    emailProtection("1.3.6.1.5.5.7.3.4"),
+    ipsecEndSystem("1.3.6.1.5.5.7.3.5"),
+    ipsecTunnel("1.3.6.1.5.5.7.3.6"),
+    ipsecUser("1.3.6.1.5.5.7.3.7"),
+    KP_TimeStamping("1.3.6.1.5.5.7.3.8", "timeStamping") {
+        @Override
+        boolean registerNames() { return false; }
+    },
+    OCSPSigning("1.3.6.1.5.5.7.3.9"),
+    // access descriptors - PKIX.48.*
+    OCSP("1.3.6.1.5.5.7.48.1"),
+    OCSPBasicResponse("1.3.6.1.5.5.7.48.1.1"),
+    OCSPNonceExt("1.3.6.1.5.5.7.48.1.2"),
+    OCSPNoCheck("1.3.6.1.5.5.7.48.1.5"),
+    caIssuers("1.3.6.1.5.5.7.48.2"),
+    AD_TimeStamping("1.3.6.1.5.5.7.48.3", "timeStamping") {
+        @Override
+        boolean registerNames() { return false; }
+    },
+    caRepository("1.3.6.1.5.5.7.48.5", "caRepository"),
+
+    // NIST --
+    // AES 2.16.840.1.101.3.4.1.*
+    AES("2.16.840.1.101.3.4.1"),
+    AES_128$ECB$NoPadding("2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"),
+    AES_128$CBC$NoPadding("2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"),
+    AES_128$OFB$NoPadding("2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"),
+    AES_128$CFB$NoPadding("2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"),
+    AESWRAP_128("2.16.840.1.101.3.4.1.5"),
+    AES_128$GCM$NoPadding("2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"),
+    AES_192$ECB$NoPadding("2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"),
+    AES_192$CBC$NoPadding("2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"),
+    AES_192$OFB$NoPadding("2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"),
+    AES_192$CFB$NoPadding("2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"),
+    AESWRAP_192("2.16.840.1.101.3.4.1.25"),
+    AES_192$GCM$NoPadding("2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"),
+    AES_256$ECB$NoPadding("2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"),
+    AES_256$CBC$NoPadding("2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"),
+    AES_256$OFB$NoPadding("2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"),
+    AES_256$CFB$NoPadding("2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"),
+    AESWRAP_256("2.16.840.1.101.3.4.1.45"),
+    AES_256$GCM$NoPadding("2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"),
+
+    // hashAlgs 2.16.840.1.101.3.4.2.*
+    SHA_256("2.16.840.1.101.3.4.2.1", "SHA-256", "SHA256"),
+    SHA_384("2.16.840.1.101.3.4.2.2", "SHA-384", "SHA384"),
+    SHA_512("2.16.840.1.101.3.4.2.3", "SHA-512", "SHA512"),
+    SHA_224("2.16.840.1.101.3.4.2.4", "SHA-224", "SHA224"),
+    SHA_512$224("2.16.840.1.101.3.4.2.5", "SHA-512/224", "SHA512/224"),
+    SHA_512$256("2.16.840.1.101.3.4.2.6", "SHA-512/256", "SHA512/256"),
+    SHA3_224("2.16.840.1.101.3.4.2.7", "SHA3-224"),
+    SHA3_256("2.16.840.1.101.3.4.2.8", "SHA3-256"),
+    SHA3_384("2.16.840.1.101.3.4.2.9", "SHA3-384"),
+    SHA3_512("2.16.840.1.101.3.4.2.10", "SHA3-512"),
+    SHAKE128("2.16.840.1.101.3.4.2.11"),
+    SHAKE256("2.16.840.1.101.3.4.2.12"),
+    HmacSHA3_224("2.16.840.1.101.3.4.2.13", "HmacSHA3-224"),
+    HmacSHA3_256("2.16.840.1.101.3.4.2.14", "HmacSHA3-256"),
+    HmacSHA3_384("2.16.840.1.101.3.4.2.15", "HmacSHA3-384"),
+    HmacSHA3_512("2.16.840.1.101.3.4.2.16", "HmacSHA3-512"),
+
+    // sigAlgs 2.16.840.1.101.3.4.3.*
+    SHA224withDSA("2.16.840.1.101.3.4.3.1"),
+    SHA256withDSA("2.16.840.1.101.3.4.3.2"),
+    SHA384withDSA("2.16.840.1.101.3.4.3.3"),
+    SHA512withDSA("2.16.840.1.101.3.4.3.4"),
+    SHA3_224withRSA("2.16.840.1.101.3.4.3.13", "SHA3-224withRSA"),
+    SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
+    SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
+    SHA3_512withRSA("2.16.840.1.101.3.4.3.16", "SHA3-512withRSA"),
+
+    // RSASecurity
+    // PKCS1 1.2.840.113549.1.1.*
+    PKCS1("1.2.840.113549.1.1", "RSA") { // RSA KeyPairGenerator and KeyFactory
+        @Override
+        boolean registerNames() { return false; }
+    },
+    RSA("1.2.840.113549.1.1.1"), // RSA encryption
+
+    MD2withRSA("1.2.840.113549.1.1.2"),
+    MD5withRSA("1.2.840.113549.1.1.4"),
+    SHA1withRSA("1.2.840.113549.1.1.5"),
+    OAEP("1.2.840.113549.1.1.7"),
+    MGF1("1.2.840.113549.1.1.8"),
+    PSpecified("1.2.840.113549.1.1.9"),
+    RSASSA_PSS("1.2.840.113549.1.1.10", "RSASSA-PSS"),
+    SHA256withRSA("1.2.840.113549.1.1.11"),
+    SHA384withRSA("1.2.840.113549.1.1.12"),
+    SHA512withRSA("1.2.840.113549.1.1.13"),
+    SHA224withRSA("1.2.840.113549.1.1.14"),
+    SHA512$224withRSA("1.2.840.113549.1.1.15", "SHA512/224withRSA"),
+    SHA512$256withRSA("1.2.840.113549.1.1.16", "SHA512/256withRSA"),
+
+    // PKCS3 1.2.840.113549.1.3.*
+    DiffieHellman("1.2.840.113549.1.3.1", "DiffieHellman", "DH"),
+
+    // PKCS5 1.2.840.113549.1.5.*
+    PBEWithMD5AndDES("1.2.840.113549.1.5.3"),
+    PBEWithMD5AndRC2("1.2.840.113549.1.5.6"),
+    PBEWithSHA1AndDES("1.2.840.113549.1.5.10"),
+    PBEWithSHA1AndRC2("1.2.840.113549.1.5.11"),
+    PBKDF2WithHmacSHA1("1.2.840.113549.1.5.12"),
+    PBES2("1.2.840.113549.1.5.13"),
+
+    // PKCS7 1.2.840.113549.1.7.*
+    PKCS7("1.2.840.113549.1.7"),
+    Data("1.2.840.113549.1.7.1"),
+    SignedData("1.2.840.113549.1.7.2"),
+    JDK_OLD_Data("1.2.840.1113549.1.7.1"), // extra 1 in 4th component
+    JDK_OLD_SignedData("1.2.840.1113549.1.7.2"),
+    EnvelopedData("1.2.840.113549.1.7.3"),
+    SignedAndEnvelopedData("1.2.840.113549.1.7.4"),
+    DigestedData("1.2.840.113549.1.7.5"),
+    EncryptedData("1.2.840.113549.1.7.6"),
+
+    // PKCS9 1.2.840.113549.1.9.*
+    EmailAddress("1.2.840.113549.1.9.1"),
+    UnstructuredName("1.2.840.113549.1.9.2"),
+    ContentType("1.2.840.113549.1.9.3"),
+    MessageDigest("1.2.840.113549.1.9.4"),
+    SigningTime("1.2.840.113549.1.9.5"),
+    CounterSignature("1.2.840.113549.1.9.6"),
+    ChallengePassword("1.2.840.113549.1.9.7"),
+    UnstructuredAddress("1.2.840.113549.1.9.8"),
+    ExtendedCertificateAttributes("1.2.840.113549.1.9.9"),
+    IssuerAndSerialNumber("1.2.840.113549.1.9.10"),
+    ExtensionRequest("1.2.840.113549.1.9.14"),
+    SMIMECapability("1.2.840.113549.1.9.15"),
+    TimeStampTokenInfo("1.2.840.113549.1.9.16.1.4"),
+    SigningCertificate("1.2.840.113549.1.9.16.2.12"),
+    SignatureTimestampToken("1.2.840.113549.1.9.16.2.14"),
+    CHACHA20_POLY1305("1.2.840.113549.1.9.16.3.18", "CHACHA20-POLY1305"),
+    FriendlyName("1.2.840.113549.1.9.20"),
+    LocalKeyID("1.2.840.113549.1.9.21"),
+    CertTypeX509("1.2.840.113549.1.9.22.1"),
+
+    // PKCS12 1.2.840.113549.1.12.*
+    PBEWithSHA1AndRC4_128("1.2.840.113549.1.12.1.1"),
+    PBEWithSHA1AndRC4_40("1.2.840.113549.1.12.1.2"),
+    PBEWithSHA1AndDESede("1.2.840.113549.1.12.1.3"),
+    PBEWithSHA1AndRC2_128("1.2.840.113549.1.12.1.5"),
+    PBEWithSHA1AndRC2_40("1.2.840.113549.1.12.1.6"),
+    PKCS8ShroudedKeyBag("1.2.840.113549.1.12.10.1.2"),
+    CertBag("1.2.840.113549.1.12.10.1.3"),
+    SecretBag("1.2.840.113549.1.12.10.1.5"),
+
+    // digestAlgs 1.2.840.113549.2.*
+    MD2("1.2.840.113549.2.2"),
+    MD5("1.2.840.113549.2.5"),
+    HmacSHA1("1.2.840.113549.2.7"),
+    HmacSHA224("1.2.840.113549.2.8"),
+    HmacSHA256("1.2.840.113549.2.9"),
+    HmacSHA384("1.2.840.113549.2.10"),
+    HmacSHA512("1.2.840.113549.2.11"),
+    HmacSHA512$224("1.2.840.113549.2.12", "HmacSHA512/224"),
+    HmacSHA512$256("1.2.840.113549.2.13", "HmacSHA512/256"),
+
+    // encryptionAlgs 1.2.840.113549.3.*
+    RC2$CBC$PKCS5Padding("1.2.840.113549.3.2", "RC2/CBC/PKCS5Padding"),
+    ARCFOUR("1.2.840.113549.3.4", "ARCFOUR", "RC4"),
+    DESede$CBC$NoPadding("1.2.840.113549.3.7", "DESede/CBC/NoPadding"),
+    RC5$CBC$PKCS5Padding("1.2.840.113549.3.9", "RC5/CBC/PKCS5Padding"),
+
+    // ANSI --
+    // X9 1.2.840.10040.4.*
+    DSA("1.2.840.10040.4.1"),
+    SHA1withDSA("1.2.840.10040.4.3", "SHA1withDSA", "DSS"),
+    // X9.62 1.2.840.10045.*
+    EC("1.2.840.10045.2.1"),
+
+    //c2pnb163v1("1.2.840.10045.3.0.1", "X9.62 c2pnb163v1"),
+    //c2pnb163v2("1.2.840.10045.3.0.2", "X9.62 c2pnb163v2"),
+    //c2pnb163v3("1.2.840.10045.3.0.3", "X9.62 c2pnb163v3"),
+    //c2pnb176w1("1.2.840.10045.3.0.4", "X9.62 c2pnb176w1"),
+    c2tnb191v1("1.2.840.10045.3.0.5", "X9.62 c2tnb191v1"),
+    c2tnb191v2("1.2.840.10045.3.0.6", "X9.62 c2tnb191v2"),
+    c2tnb191v3("1.2.840.10045.3.0.7", "X9.62 c2tnb191v3"),
+    //c2pnb208w1("1.2.840.10045.3.0.10", "X9.62 c2pnb208w1"),
+    c2tnb239v1("1.2.840.10045.3.0.11", "X9.62 c2tnb239v1"),
+    c2tnb239v2("1.2.840.10045.3.0.12", "X9.62 c2tnb239v2"),
+    c2tnb239v3("1.2.840.10045.3.0.13", "X9.62 c2tnb239v3"),
+    //c2pnb272w1("1.2.840.10045.3.0.16", "X9.62 c2pnb272w1"),
+    //c2pnb304w1("1.2.840.10045.3.0.17", "X9.62 c2pnb304w1"),
+    c2tnb359v1("1.2.840.10045.3.0.18", "X9.62 c2tnb359v1"),
+    //c2pnb368w1("1.2.840.10045.3.0.19", "X9.62 c2pnb368w1"),
+    c2tnb431r1("1.2.840.10045.3.0.20", "X9.62 c2tnb431r1"),
+
+    secp192r1("1.2.840.10045.3.1.1",
+            "secp192r1", "NIST P-192", "X9.62 prime192v1"),
+    prime192v2("1.2.840.10045.3.1.2", "X9.62 prime192v2"),
+    prime192v3("1.2.840.10045.3.1.3", "X9.62 prime192v3"),
+    prime239v1("1.2.840.10045.3.1.4", "X9.62 prime239v1"),
+    prime239v2("1.2.840.10045.3.1.5", "X9.62 prime239v2"),
+    prime239v3("1.2.840.10045.3.1.6", "X9.62 prime239v3"),
+    secp256r1("1.2.840.10045.3.1.7",
+            "secp256r1", "NIST P-256", "X9.62 prime256v1"),
+    SHA1withECDSA("1.2.840.10045.4.1"),
+    SHA224withECDSA("1.2.840.10045.4.3.1"),
+    SHA256withECDSA("1.2.840.10045.4.3.2"),
+    SHA384withECDSA("1.2.840.10045.4.3.3"),
+    SHA512withECDSA("1.2.840.10045.4.3.4"),
+    SpecifiedSHA2withECDSA("1.2.840.10045.4.3"),
+
+    // X9.42 1.2.840.10046.2.*
+    X942_DH("1.2.840.10046.2.1", "DiffieHellman") { // unused by JDK providers
+        @Override
+        boolean registerNames() { return false; }
+    },
+
+    // Teletrust 1.3.36.*
+    brainpoolP160r1("1.3.36.3.3.2.8.1.1.1"),
+    brainpoolP192r1("1.3.36.3.3.2.8.1.1.3"),
+    brainpoolP224r1("1.3.36.3.3.2.8.1.1.5"),
+    brainpoolP256r1("1.3.36.3.3.2.8.1.1.7"),
+    brainpoolP320r1("1.3.36.3.3.2.8.1.1.9"),
+    brainpoolP384r1("1.3.36.3.3.2.8.1.1.11"),
+    brainpoolP512r1("1.3.36.3.3.2.8.1.1.13"),
+
+    // Certicom 1.3.132.*
+    sect163k1("1.3.132.0.1", "sect163k1", "NIST K-163"),
+    sect163r1("1.3.132.0.2"),
+    sect239k1("1.3.132.0.3"),
+    sect113r1("1.3.132.0.4"),
+    sect113r2("1.3.132.0.5"),
+    secp112r1("1.3.132.0.6"),
+    secp112r2("1.3.132.0.7"),
+    secp160r1("1.3.132.0.8"),
+    secp160k1("1.3.132.0.9"),
+    secp256k1("1.3.132.0.10"),
+    sect163r2("1.3.132.0.15", "sect163r2", "NIST B-163"),
+    sect283k1("1.3.132.0.16", "sect283k1", "NIST K-283"),
+    sect283r1("1.3.132.0.17", "sect283r1", "NIST B-283"),
+
+    sect131r1("1.3.132.0.22"),
+    sect131r2("1.3.132.0.23"),
+    sect193r1("1.3.132.0.24"),
+    sect193r2("1.3.132.0.25"),
+    sect233k1("1.3.132.0.26", "sect233k1", "NIST K-233"),
+    sect233r1("1.3.132.0.27", "sect233r1", "NIST B-233"),
+    secp128r1("1.3.132.0.28"),
+    secp128r2("1.3.132.0.29"),
+    secp160r2("1.3.132.0.30"),
+    secp192k1("1.3.132.0.31"),
+    secp224k1("1.3.132.0.32"),
+    secp224r1("1.3.132.0.33", "secp224r1", "NIST P-224"),
+    secp384r1("1.3.132.0.34", "secp384r1", "NIST P-384"),
+    secp521r1("1.3.132.0.35", "secp521r1", "NIST P-521"),
+    sect409k1("1.3.132.0.36", "sect409k1", "NIST K-409"),
+    sect409r1("1.3.132.0.37", "sect409r1", "NIST B-409"),
+    sect571k1("1.3.132.0.38", "sect571k1", "NIST K-571"),
+    sect571r1("1.3.132.0.39", "sect571r1", "NIST B-571"),
+
+    ECDH("1.3.132.1.12"),
+
+    // OIW secsig 1.3.14.3.*
+    OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC"),
+
+    OIW_DSA("1.3.14.3.2.12", "DSA") {
+        @Override
+        boolean registerNames() { return false; }
+    },
+
+    OIW_JDK_SHA1withDSA("1.3.14.3.2.13", "SHA1withDSA") {
+        @Override
+        boolean registerNames() { return false; }
+    },
+
+    SHA_1("1.3.14.3.2.26", "SHA-1", "SHA", "SHA1"),
+
+    OIW_SHA1withDSA("1.3.14.3.2.27", "SHA1withDSA") {
+        @Override
+        boolean registerNames() { return false; }
+    },
+
+    OIW_SHA1withRSA("1.3.14.3.2.29", "SHA1withRSA") {
+        @Override
+        boolean registerNames() { return false; }
+    },
+
+    // Thawte 1.3.101.*
+    X25519("1.3.101.110"),
+    X448("1.3.101.111"),
+    Ed25519("1.3.101.112"),
+    Ed448("1.3.101.113"),
+
+    // University College London (UCL) 0.9.2342.19200300.*
+    UCL_UserID("0.9.2342.19200300.100.1.1"),
+    UCL_DomainComponent("0.9.2342.19200300.100.1.25"),
+
+    // Netscape 2.16.840.1.113730.*
+    NETSCAPE_CertType("2.16.840.1.113730.1.1"),
+    NETSCAPE_CertSequence("2.16.840.1.113730.2.5"),
+    NETSCAPE_ExportApproved("2.16.840.1.113730.4.1"),
+
+    // Oracle 2.16.840.1.113894.*
+    ORACLE_TrustedKeyUsage("2.16.840.1.113894.746875.1.1"),
+
+    // Miscellaneous oids below which are legacy, and not well known
+    // Consider removing them in future releases when their usage
+    // have died out
+
+    ITUX509_RSA("2.5.8.1.1", "RSA") { // unused by JDK providers
+                                      // defined in X.509 for RSA keys
+        @Override                     // with modulus length as its parameter
+        boolean registerNames() { return false; }
+    },
+
+    SkipIPAddress("1.3.6.1.4.1.42.2.11.2.1"),
+    JAVASOFT_JDKKeyProtector("1.3.6.1.4.1.42.2.17.1.1"),
+    JAVASOFT_JCEKeyProtector("1.3.6.1.4.1.42.2.19.1"),
+    MICROSOFT_ExportApproved("1.3.6.1.4.1.311.10.3.3");
+
+    private String stdName;
+    private String oid;
+    private String[] aliases;
+
+    // find the matching enum using either name or oid string
+    // return null if no match found
+    public static KnownOIDs findMatch(String s) {
+        s = s.toUpperCase(Locale.ENGLISH);
+        KnownOIDs res = name2enum.get(s);
+        if (res == null && debug != null) {
+            debug.println("No KnownOIDs enum found for " + s);
+        }
+        return res;
+    }
+
+    private static final Debug debug = Debug.getInstance("jca");
+    //private static final java.io.PrintStream debug = System.out;
+    private static final ConcurrentHashMap<String, KnownOIDs> name2enum =
+            new ConcurrentHashMap<>();
+
+    static {
+        if (debug != null) {
+            debug.println("Setting up name2enum:");
+        }
+        List.of(KnownOIDs.values()).forEach(o -> {
+            register(o);
+        });
+    }
+
+    private static void register(KnownOIDs o) {
+        KnownOIDs ov = name2enum.put(o.oid, o);
+        if (ov != null) {
+            throw new RuntimeException("ERROR: Duplicate " + o.oid +
+                    " between " + o + " and " + ov);
+        } else if (debug != null) {
+            debug.println(o.oid + " => " + o.name());
+        }
+        // only register the stdName and aliases if o.registerNames()
+        // returns true
+        if (o.registerNames()) {
+            String stdNameUpper = o.stdName.toUpperCase(Locale.ENGLISH);
+            if (Objects.nonNull(name2enum.put(stdNameUpper, o))) {
+                throw new RuntimeException("ERROR: Duplicate " +
+                        stdNameUpper + " exists already");
+            }
+            if (debug != null) {
+                debug.println(stdNameUpper + " => " + o.name());
+            }
+
+            for (String a :  o.aliases) {
+                String aliasUpper = a.toUpperCase(Locale.ENGLISH);
+                if (Objects.nonNull(name2enum.put(aliasUpper, o))) {
+                    throw new RuntimeException("ERROR: Duplicate " +
+                            aliasUpper + " exists already");
+                }
+                if (debug != null) {
+                    debug.println(aliasUpper + " => " + o.name());
+                }
+            }
+        }
+    }
+
+    private KnownOIDs(String oid) {
+        this.oid = oid;
+        this.stdName = name(); // defaults to enum name
+        this.aliases = new String[0];
+    }
+
+    private KnownOIDs(String oid, String stdName, String ... aliases) {
+        this.oid = oid;
+        this.stdName = stdName;
+        this.aliases = aliases;
+    }
+
+    // returns the oid string associated with this enum
+    public String value() {
+        return oid;
+    }
+
+    // returns the user-friendly standard algorithm name
+    public String stdName() {
+        return stdName;
+    }
+
+    // return the internal aliases
+    public String[] aliases() {
+        return aliases;
+    }
+
+    boolean registerNames() {
+        return true;
+    }
+}
--- a/src/java.base/share/classes/sun/security/util/NamedCurve.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/util/NamedCurve.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@
 import java.math.BigInteger;
 
 import java.security.spec.*;
-
+import java.util.Arrays;
 
 /**
  * Contains Elliptic Curve parameters.
@@ -39,8 +39,8 @@
  */
 public final class NamedCurve extends ECParameterSpec {
 
-    // friendly name for toString() output
-    private final String name;
+    // friendly names with stdName followed by aliases
+    private final String[] nameAndAliases;
 
     // well known OID
     private final String oid;
@@ -48,25 +48,28 @@
     // encoded form (as NamedCurve identified via OID)
     private final byte[] encoded;
 
-    NamedCurve(String name, String oid, EllipticCurve curve,
+    NamedCurve(KnownOIDs ko, EllipticCurve curve,
             ECPoint g, BigInteger n, int h) {
         super(curve, g, n, h);
-        this.name = name;
-        this.oid = oid;
+        String[] aliases = ko.aliases();
+        this.nameAndAliases = new String[aliases.length + 1];
+        nameAndAliases[0] = ko.stdName();
+        System.arraycopy(aliases, 0, nameAndAliases, 1, aliases.length);
+
+        this.oid = ko.value();
 
         DerOutputStream out = new DerOutputStream();
-
         try {
-            out.putOID(new ObjectIdentifier(oid));
+            out.putOID(ObjectIdentifier.of(ko));
         } catch (IOException e) {
             throw new RuntimeException("Internal error", e);
         }
-
         encoded = out.toByteArray();
     }
 
-    public String getName() {
-        return name;
+    // returns the curve's standard name followed by its aliases
+    public String[] getNameAndAliases() {
+        return nameAndAliases;
     }
 
     public byte[] getEncoded() {
@@ -78,6 +81,17 @@
     }
 
     public String toString() {
-        return name + " (" + oid + ")";
+        StringBuilder sb = new StringBuilder(nameAndAliases[0]);
+        if (nameAndAliases.length > 1) {
+            sb.append(" [");
+            int j = 1;
+            while (j < nameAndAliases.length - 1) {
+                sb.append(nameAndAliases[j++]);
+                sb.append(',');
+            }
+            sb.append(nameAndAliases[j] + "]");
+        }
+        sb.append(" (" + oid + ")");
+        return sb.toString();
     }
 }
--- a/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java	Tue May 19 04:05:03 2020 +0000
@@ -28,6 +28,7 @@
 import java.io.*;
 import java.math.BigInteger;
 import java.util.Arrays;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * Represent an ISO Object Identifier.
@@ -148,7 +149,7 @@
      * Constructs, from a string.  This string should be of the form 1.23.56.
      * Validity check included.
      */
-    public ObjectIdentifier(String oid) throws IOException {
+    private ObjectIdentifier(String oid) throws IOException {
         int ch = '.';
         int start = 0;
         int end = 0;
@@ -290,18 +291,42 @@
         System.arraycopy(tmp, 0, encoding, 0, pos);
     }
 
+    // oid cache index'ed by the oid string
+    private static ConcurrentHashMap<String,ObjectIdentifier> oidTable =
+            new ConcurrentHashMap<>();
+
     /**
-     * Returns an ObjectIdentifier instance for the specific string OID.
+     * Returns an ObjectIdentifier instance for the specific String.
      *
-     * Note: Please use legal string OID only.  Otherwise, a RuntimeException
-     * is thrown.
+     * If the String is not a valid OID string, an IOException is thrown.
      */
-    public static ObjectIdentifier of(String oid) {
-        try {
-            return new ObjectIdentifier(oid);
-        } catch (IOException ioe) {
-            throw new RuntimeException(ioe);
+    public static ObjectIdentifier of(String oidStr) throws IOException {
+        // check cache first
+        ObjectIdentifier oid = oidTable.get(oidStr);
+        if (oid == null) {
+            oid = new ObjectIdentifier(oidStr);
+            oidTable.put(oidStr, oid);
         }
+        return oid;
+    }
+
+    /**
+     * Returns an ObjectIdentifier instance for the specific KnownOIDs.
+     */
+    public static ObjectIdentifier of(KnownOIDs o) {
+        // check cache first
+        String oidStr = o.value();
+        ObjectIdentifier oid = oidTable.get(oidStr);
+        if (oid == null) {
+            try {
+                oid = new ObjectIdentifier(oidStr);
+            } catch (IOException ioe) {
+                // should not happen as oid string for KnownOIDs is internal
+                throw new RuntimeException(ioe);
+            }
+            oidTable.put(oidStr, oid);
+        }
+        return oid;
     }
 
     /*
--- a/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java	Tue May 19 04:05:03 2020 +0000
@@ -25,8 +25,11 @@
 
 package sun.security.util;
 
+import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.regex.PatternSyntaxException;
 import java.security.InvalidParameterException;
+import java.security.ProviderException;
 import sun.security.action.GetPropertyAction;
 
 /**
@@ -34,11 +37,59 @@
  * the JDK security/crypto providers.
  */
 public final class SecurityProviderConstants {
+    // Cannot create one of these
+    private SecurityProviderConstants () {}
+
     private static final Debug debug =
         Debug.getInstance("jca", "ProviderConfig");
 
-    // Cannot create one of these
-    private SecurityProviderConstants () {
+    // cache for provider aliases; key is the standard algorithm name
+    // value is the associated aliases List
+    private static final ConcurrentHashMap<String, List<String>> aliasesMap;
+
+    // utility method for generating aliases list using the supplied
+    // 'oid' and 'extraAliases', then store into "aliasesMap" cache under the
+    // key 'stdName'
+    private static List<String> store(String stdName, KnownOIDs oid,
+            String ... extraAliases) {
+        List<String> value;
+        if (oid == null && extraAliases.length != 0) {
+            value = List.of(extraAliases);
+        } else {
+            value = new ArrayList<>();
+            if (oid != null) {
+                value.add("OID." + oid.value());
+                value.add(oid.value());
+                String[] knownAliases = oid.aliases();
+                if (knownAliases != null) {
+                    for (String ka : knownAliases) {
+                        value.add(ka);
+                    }
+                }
+            }
+            for (String ea : extraAliases) {
+                value.add(ea);
+            }
+        }
+        aliasesMap.put(stdName, value);
+        return value;
+    }
+
+    // returns an aliases List for the specified algorithm name o
+    // NOTE: exception is thrown if no aliases nor oid found, so
+    // only call this method if aliases are expected
+    public static List<String> getAliases(String o) {
+        List<String> res = aliasesMap.get(o);
+        if (res == null) {
+            KnownOIDs e = KnownOIDs.findMatch(o);
+            if (e != null) {
+                return store(o, e);
+            }
+            ProviderException pe =
+                    new ProviderException("Cannot find aliases for " + o);
+            throw pe;
+        }
+        return res;
     }
 
     public static final int getDefDSASubprimeSize(int primeSize) {
@@ -63,6 +114,7 @@
 
     private static final String KEY_LENGTH_PROP =
         "jdk.security.defaultKeySize";
+
     static {
         String keyLengthStr = GetPropertyAction.privilegedGetProperty
             (KEY_LENGTH_PROP);
@@ -137,5 +189,39 @@
         DEF_DH_KEY_SIZE = dhKeySize;
         DEF_EC_KEY_SIZE = ecKeySize;
         DEF_ED_KEY_SIZE = edKeySize;
+
+        // Set up aliases with default mappings
+        // This is needed when the mapping contains non-oid
+        // aliases
+        aliasesMap = new ConcurrentHashMap<>();
+
+        store("SHA1withDSA", KnownOIDs.SHA1withDSA,
+                KnownOIDs.OIW_JDK_SHA1withDSA.value(),
+                KnownOIDs.OIW_SHA1withDSA.value(),
+                "DSA", "SHA/DSA", "SHA-1/DSA",
+                "SHA1/DSA", "SHAwithDSA", "DSAWithSHA1");
+
+        store("DSA", KnownOIDs.DSA, KnownOIDs.OIW_DSA.value());
+
+        store("SHA1withRSA", KnownOIDs.SHA1withRSA,
+                KnownOIDs.OIW_SHA1withRSA.value());
+
+        store("SHA-1", KnownOIDs.SHA_1);
+
+        store("PBEWithMD5AndDES", KnownOIDs.PBEWithMD5AndDES, "PBE");
+
+        store("DiffieHellman", KnownOIDs.DiffieHellman);
+
+        store("AES", KnownOIDs.AES, "Rijndael");
+
+        store("EC", KnownOIDs.EC, "EllipticCurve");
+
+        store("X.509", null, "X509");
+        store("NONEwithDSA", null, "RawDSA");
+        store("DESede", null, "TripleDES");
+        store("ARCFOUR", KnownOIDs.ARCFOUR);
+        // For backward compatility, refer to PKCS1 mapping for RSA
+        // KeyPairGenerator and KeyFactory
+        store("PKCS1", KnownOIDs.PKCS1, KnownOIDs.RSA.value());
     }
 }
--- a/src/java.base/share/classes/sun/security/validator/EndEntityChecker.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/validator/EndEntityChecker.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 import java.util.*;
 
 import java.security.cert.*;
-
+import sun.security.util.KnownOIDs;
 import sun.security.x509.NetscapeCertTypeExtension;
 
 /**
@@ -71,24 +71,32 @@
     private static final String OID_EXTENDED_KEY_USAGE =
                                 SimpleValidator.OID_EXTENDED_KEY_USAGE;
 
-    private static final String OID_EKU_TLS_SERVER = "1.3.6.1.5.5.7.3.1";
+    private static final String OID_EKU_TLS_SERVER =
+            KnownOIDs.serverAuth.value();
 
-    private static final String OID_EKU_TLS_CLIENT = "1.3.6.1.5.5.7.3.2";
+    private static final String OID_EKU_TLS_CLIENT =
+            KnownOIDs.clientAuth.value();
 
-    private static final String OID_EKU_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
+    private static final String OID_EKU_CODE_SIGNING =
+            KnownOIDs.codeSigning.value();
 
-    private static final String OID_EKU_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
+    private static final String OID_EKU_TIME_STAMPING =
+            KnownOIDs.KP_TimeStamping.value();
 
-    private static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
+    private static final String OID_EKU_ANY_USAGE =
+            KnownOIDs.anyExtendedKeyUsage.value();
 
     // the Netscape Server-Gated-Cryptography EKU extension OID
-    private static final String OID_EKU_NS_SGC = "2.16.840.1.113730.4.1";
+    private static final String OID_EKU_NS_SGC =
+            KnownOIDs.NETSCAPE_ExportApproved.value();
 
     // the Microsoft Server-Gated-Cryptography EKU extension OID
-    private static final String OID_EKU_MS_SGC = "1.3.6.1.4.1.311.10.3.3";
+    private static final String OID_EKU_MS_SGC =
+            KnownOIDs.MICROSOFT_ExportApproved.value();
 
     // the recognized extension OIDs
-    private static final String OID_SUBJECT_ALT_NAME = "2.5.29.17";
+    private static final String OID_SUBJECT_ALT_NAME =
+            KnownOIDs.SubjectAlternativeName.value();
 
     private static final String NSCT_SSL_CLIENT =
                                 NetscapeCertTypeExtension.SSL_CLIENT;
--- a/src/java.base/share/classes/sun/security/validator/SimpleValidator.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/validator/SimpleValidator.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,7 @@
 import sun.security.util.DerValue;
 import sun.security.util.DerInputStream;
 import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
 
 import sun.security.provider.certpath.AlgorithmChecker;
 import sun.security.provider.certpath.UntrustedChecker;
@@ -60,24 +61,28 @@
 
     // Constants for the OIDs we need
 
-    static final String OID_BASIC_CONSTRAINTS = "2.5.29.19";
+    static final String OID_BASIC_CONSTRAINTS =
+            KnownOIDs.BasicConstraints.value();
 
-    static final String OID_NETSCAPE_CERT_TYPE = "2.16.840.1.113730.1.1";
+    static final String OID_NETSCAPE_CERT_TYPE =
+            KnownOIDs.NETSCAPE_CertType.value();
 
-    static final String OID_KEY_USAGE = "2.5.29.15";
+    static final String OID_KEY_USAGE = KnownOIDs.KeyUsage.value();
 
-    static final String OID_EXTENDED_KEY_USAGE = "2.5.29.37";
+    static final String OID_EXTENDED_KEY_USAGE =
+            KnownOIDs.extendedKeyUsage.value();
 
-    static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
+    static final String OID_EKU_ANY_USAGE =
+            KnownOIDs.anyExtendedKeyUsage.value();
 
     static final ObjectIdentifier OBJID_NETSCAPE_CERT_TYPE =
-        NetscapeCertTypeExtension.NetscapeCertType_Id;
+            NetscapeCertTypeExtension.NetscapeCertType_Id;
 
     private static final String NSCT_SSL_CA =
-                                NetscapeCertTypeExtension.SSL_CA;
+            NetscapeCertTypeExtension.SSL_CA;
 
     private static final String NSCT_CODE_SIGNING_CA =
-                                NetscapeCertTypeExtension.OBJECT_SIGNING_CA;
+            NetscapeCertTypeExtension.OBJECT_SIGNING_CA;
 
     /**
      * The trusted certificates as:
--- a/src/java.base/share/classes/sun/security/x509/AVA.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/AVA.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1225,7 +1225,7 @@
                 return ak.oid;
             }
         } else {
-            return new ObjectIdentifier(oidString);
+            return ObjectIdentifier.of(oidString);
         }
 
         // no keyword found, check if OID string
@@ -1243,7 +1243,7 @@
         if (number == false) {
             throw new IOException("Invalid keyword \"" + keyword + "\"");
         }
-        return new ObjectIdentifier(keyword);
+        return ObjectIdentifier.of(keyword);
     }
 
     /**
--- a/src/java.base/share/classes/sun/security/x509/AccessDescription.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/AccessDescription.java	Tue May 19 04:05:03 2020 +0000
@@ -42,16 +42,16 @@
     private GeneralName accessLocation;
 
     public static final ObjectIdentifier Ad_OCSP_Id =
-        ObjectIdentifier.of("1.3.6.1.5.5.7.48.1");
+        ObjectIdentifier.of(KnownOIDs.OCSP);
 
     public static final ObjectIdentifier Ad_CAISSUERS_Id =
-        ObjectIdentifier.of("1.3.6.1.5.5.7.48.2");
+        ObjectIdentifier.of(KnownOIDs.caIssuers);
 
     public static final ObjectIdentifier Ad_TIMESTAMPING_Id =
-        ObjectIdentifier.of("1.3.6.1.5.5.7.48.3");
+        ObjectIdentifier.of(KnownOIDs.AD_TimeStamping);
 
     public static final ObjectIdentifier Ad_CAREPOSITORY_Id =
-        ObjectIdentifier.of("1.3.6.1.5.5.7.48.5");
+        ObjectIdentifier.of(KnownOIDs.caRepository);
 
     public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) {
         this.accessMethod = accessMethod;
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Tue May 19 04:05:03 2020 +0000
@@ -33,6 +33,7 @@
 import java.security.spec.MGF1ParameterSpec;
 import java.security.spec.PSSParameterSpec;
 import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
 import java.security.*;
 import java.security.interfaces.*;
 
@@ -248,21 +249,31 @@
      * returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.
      */
     public String getName() {
-        String algName = nameTable.get(algid);
-        if (algName != null) {
-            return algName;
-        }
-        if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
-            try {
-                AlgorithmId paramsId =
+        String oidStr = algid.toString();
+        // first check the list of support oids
+        KnownOIDs o = KnownOIDs.findMatch(oidStr);
+        if (o == KnownOIDs.SpecifiedSHA2withECDSA) {
+            if (params != null) {
+                try {
+                    AlgorithmId paramsId =
                         AlgorithmId.parse(new DerValue(params.toByteArray()));
-                String paramsName = paramsId.getName();
-                algName = makeSigAlg(paramsName, "EC");
-            } catch (IOException e) {
-                // ignore
+                    String paramsName = paramsId.getName();
+                    return makeSigAlg(paramsName, "EC");
+                } catch (IOException e) {
+                    // ignore
+                }
             }
         }
-        return (algName == null) ? algid.toString() : algName;
+        if (o != null) {
+            return o.stdName();
+        } else {
+            String n = aliasOidsTable().get(oidStr);
+            if (n != null) {
+                return n;
+            } else {
+                return algid.toString();
+            }
+        }
     }
 
     public AlgorithmParameters getParameters() {
@@ -280,7 +291,8 @@
      * @return DER encoded parameters, or null not present.
      */
     public byte[] getEncodedParams() throws IOException {
-        return (params == null || algid.equals(specifiedWithECDSA_oid))
+        return (params == null ||
+            algid.toString().equals(KnownOIDs.SpecifiedSHA2withECDSA.value()))
                 ? null
                 : params.toByteArray();
     }
@@ -474,505 +486,147 @@
      * used as a "KeyPairGenerator" algorithm.
      */
     private static ObjectIdentifier algOID(String name) throws IOException {
-        // See if algname is in printable OID ("dot-dot") notation
-        if (name.indexOf('.') != -1) {
-            if (name.startsWith("OID.")) {
-                return new ObjectIdentifier(name.substring("OID.".length()));
-            } else {
-                return new ObjectIdentifier(name);
-            }
+        if (name.startsWith("OID.")) {
+            name = name.substring("OID.".length());
         }
 
-        // Digesting algorithms
-        if (name.equalsIgnoreCase("MD5")) {
-            return AlgorithmId.MD5_oid;
-        }
-        if (name.equalsIgnoreCase("MD2")) {
-            return AlgorithmId.MD2_oid;
-        }
-        if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
-            || name.equalsIgnoreCase("SHA-1")) {
-            return AlgorithmId.SHA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA-256") ||
-            name.equalsIgnoreCase("SHA256")) {
-            return AlgorithmId.SHA256_oid;
-        }
-        if (name.equalsIgnoreCase("SHA-384") ||
-            name.equalsIgnoreCase("SHA384")) {
-            return AlgorithmId.SHA384_oid;
-        }
-        if (name.equalsIgnoreCase("SHA-512") ||
-            name.equalsIgnoreCase("SHA512")) {
-            return AlgorithmId.SHA512_oid;
-        }
-        if (name.equalsIgnoreCase("SHA-224") ||
-            name.equalsIgnoreCase("SHA224")) {
-            return AlgorithmId.SHA224_oid;
-        }
-        if (name.equalsIgnoreCase("SHA-512/224") ||
-            name.equalsIgnoreCase("SHA512/224")) {
-            return AlgorithmId.SHA512_224_oid;
-        }
-        if (name.equalsIgnoreCase("SHA-512/256") ||
-            name.equalsIgnoreCase("SHA512/256")) {
-            return AlgorithmId.SHA512_256_oid;
-        }
-        // Various public key algorithms
-        if (name.equalsIgnoreCase("RSA")) {
-            return AlgorithmId.RSAEncryption_oid;
-        }
-        if (name.equalsIgnoreCase("RSASSA-PSS")) {
-            return AlgorithmId.RSASSA_PSS_oid;
-        }
-        if (name.equalsIgnoreCase("RSAES-OAEP")) {
-            return AlgorithmId.RSAES_OAEP_oid;
-        }
-        if (name.equalsIgnoreCase("Diffie-Hellman")
-            || name.equalsIgnoreCase("DH")) {
-            return AlgorithmId.DH_oid;
-        }
-        if (name.equalsIgnoreCase("DSA")) {
-            return AlgorithmId.DSA_oid;
-        }
-        if (name.equalsIgnoreCase("EC")) {
-            return EC_oid;
-        }
-        if (name.equalsIgnoreCase("ECDH")) {
-            return AlgorithmId.ECDH_oid;
+        KnownOIDs k = KnownOIDs.findMatch(name);
+        if (k != null) {
+            return ObjectIdentifier.of(k);
         }
 
-        // Secret key algorithms
-        if (name.equalsIgnoreCase("AES")) {
-            return AlgorithmId.AES_oid;
+        // unknown algorithm oids
+        if (name.indexOf(".") == -1) {
+            // see if there is a matching oid string alias mapping from
+            // 3rd party providers
+            name = name.toUpperCase(Locale.ENGLISH);
+            String oidStr = aliasOidsTable().get(name);
+            if (oidStr != null) {
+                return ObjectIdentifier.of(oidStr);
+            } return null;
+        } else {
+            return ObjectIdentifier.of(name);
         }
-
-        // Common signature types
-        if (name.equalsIgnoreCase("MD5withRSA")
-            || name.equalsIgnoreCase("MD5/RSA")) {
-            return AlgorithmId.md5WithRSAEncryption_oid;
-        }
-        if (name.equalsIgnoreCase("MD2withRSA")
-            || name.equalsIgnoreCase("MD2/RSA")) {
-            return AlgorithmId.md2WithRSAEncryption_oid;
-        }
-        if (name.equalsIgnoreCase("SHAwithDSA")
-            || name.equalsIgnoreCase("SHA1withDSA")
-            || name.equalsIgnoreCase("SHA/DSA")
-            || name.equalsIgnoreCase("SHA1/DSA")
-            || name.equalsIgnoreCase("DSAWithSHA1")
-            || name.equalsIgnoreCase("DSS")
-            || name.equalsIgnoreCase("SHA-1/DSA")) {
-            return AlgorithmId.sha1WithDSA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA224WithDSA")) {
-            return AlgorithmId.sha224WithDSA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA256WithDSA")) {
-            return AlgorithmId.sha256WithDSA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA1WithRSA")
-            || name.equalsIgnoreCase("SHA1/RSA")) {
-            return AlgorithmId.sha1WithRSAEncryption_oid;
-        }
-        if (name.equalsIgnoreCase("SHA1withECDSA")
-                || name.equalsIgnoreCase("ECDSA")) {
-            return AlgorithmId.sha1WithECDSA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA224withECDSA")) {
-            return AlgorithmId.sha224WithECDSA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA256withECDSA")) {
-            return AlgorithmId.sha256WithECDSA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA384withECDSA")) {
-            return AlgorithmId.sha384WithECDSA_oid;
-        }
-        if (name.equalsIgnoreCase("SHA512withECDSA")) {
-            return AlgorithmId.sha512WithECDSA_oid;
-        }
-        if (name.equalsIgnoreCase("ED25519")) {
-            return AlgorithmId.ed25519_oid;
-        }
-        if (name.equalsIgnoreCase("ED448")) {
-            return AlgorithmId.ed448_oid;
-        }
-
-        return oidTable().get(name.toUpperCase(Locale.ENGLISH));
     }
 
-    private static volatile Map<String,ObjectIdentifier> oidTable;
-    private static final Map<ObjectIdentifier,String> nameTable;
+    // oid string cache index'ed by algorithm name and oid strings
+    private static volatile Map<String,String> aliasOidsTable;
 
-    /** Returns the oidTable, lazily initializing it on first access. */
-    private static Map<String,ObjectIdentifier> oidTable()
-        throws IOException {
-        // Double checked locking; safe because oidTable is volatile
-        Map<String,ObjectIdentifier> tab;
-        if ((tab = oidTable) == null) {
+    // returns the aliasOidsTable, lazily initializing it on first access.
+    private static Map<String,String> aliasOidsTable() {
+        // Double checked locking; safe because aliasOidsTable is volatile
+        Map<String,String> tab = aliasOidsTable;
+        if (tab == null) {
             synchronized (AlgorithmId.class) {
-                if ((tab = oidTable) == null)
-                    oidTable = tab = computeOidTable();
-            }
-        }
-        return tab;
-    }
-
-    /** Collects the algorithm names from the installed providers. */
-    private static HashMap<String,ObjectIdentifier> computeOidTable()
-        throws IOException {
-        HashMap<String,ObjectIdentifier> tab = new HashMap<>();
-        for (Provider provider : Security.getProviders()) {
-            for (Object key : provider.keySet()) {
-                String alias = (String)key;
-                String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
-                int index;
-                if (upperCaseAlias.startsWith("ALG.ALIAS") &&
-                    (index=upperCaseAlias.indexOf("OID.", 0)) != -1) {
-                    index += "OID.".length();
-                    if (index == alias.length()) {
-                        // invalid alias entry
-                        break;
-                    }
-                    String oidString = alias.substring(index);
-                    String stdAlgName = provider.getProperty(alias);
-                    if (stdAlgName != null) {
-                        stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
-                    }
-                    if (stdAlgName != null &&
-                        tab.get(stdAlgName) == null) {
-                        tab.put(stdAlgName, new ObjectIdentifier(oidString));
-                    }
+                if ((tab = aliasOidsTable) == null) {
+                    aliasOidsTable = tab = collectOIDAliases();
                 }
             }
         }
         return tab;
     }
 
-    /*****************************************************************/
+    private static boolean isKnownProvider(Provider p) {
+        String pn = p.getName();
+        String mn = p.getClass().getModule().getName();
+        if (pn != null && mn != null) {
+            return ((mn.equals("java.base") &&
+                    (pn.equals("SUN") || pn.equals("SunRsaSign") ||
+                    pn.equals("SunJCE") || pn.equals("SunJSSE"))) ||
+                (mn.equals("jdk.crypto.ec") && pn.equals("SunEC")) ||
+                (mn.equals("jdk.crypto.mscapi") && pn.equals("SunMSCAPI")) ||
+                (mn.equals("jdk.crypto.cryptoki") &&
+                    pn.startsWith("SunPKCS11")));
+        } else {
+            return false;
+        }
+    }
 
-    /*
-     * HASHING ALGORITHMS
-     */
+    private static ConcurrentHashMap<String, String> collectOIDAliases() {
+        ConcurrentHashMap<String, String> t = new ConcurrentHashMap<>();
+        for (Provider provider : Security.getProviders()) {
+            // skip providers which are already using SecurityProviderConstants
+            // and KnownOIDs
+            if (isKnownProvider(provider)) {
+                continue;
+            }
+            for (Object key : provider.keySet()) {
+                String alias = (String)key;
+                String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
+                int index;
+                if (upperCaseAlias.startsWith("ALG.ALIAS") &&
+                    (index = upperCaseAlias.indexOf("OID.", 0)) != -1) {
+                    index += "OID.".length();
+                    if (index == alias.length()) {
+                        // invalid alias entry
+                        break;
+                    }
+                    String ostr = alias.substring(index);
+                    String stdAlgName = provider.getProperty(alias);
+                    if (stdAlgName != null) {
+                        stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
+                    }
+                    // add the name->oid and oid->name mappings if none exists
+                    if (KnownOIDs.findMatch(stdAlgName) == null) {
+                        // not override earlier entries if it exists
+                        t.putIfAbsent(stdAlgName, ostr);
+                    }
+                    if (KnownOIDs.findMatch(ostr) == null) {
+                        // not override earlier entries if it exists
+                        t.putIfAbsent(ostr, stdAlgName);
+                    }
+                }
+            }
+        }
+        return t;
+    }
 
-    /**
-     * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
-     * OID = 1.2.840.113549.2.2
-     */
     public static final ObjectIdentifier MD2_oid =
-        ObjectIdentifier.of("1.2.840.113549.2.2");
+            ObjectIdentifier.of(KnownOIDs.MD2);
 
-    /**
-     * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
-     * OID = 1.2.840.113549.2.5
-     */
     public static final ObjectIdentifier MD5_oid =
-        ObjectIdentifier.of("1.2.840.113549.2.5");
+            ObjectIdentifier.of(KnownOIDs.MD5);
 
-    /**
-     * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
-     * This is sometimes called "SHA", though that is often confusing since
-     * many people refer to FIPS 180 (which has an error) as defining SHA.
-     * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
-     */
     public static final ObjectIdentifier SHA_oid =
-        ObjectIdentifier.of("1.3.14.3.2.26");
+            ObjectIdentifier.of(KnownOIDs.SHA_1);
 
     public static final ObjectIdentifier SHA224_oid =
-        ObjectIdentifier.of("2.16.840.1.101.3.4.2.4");
+            ObjectIdentifier.of(KnownOIDs.SHA_224);
 
     public static final ObjectIdentifier SHA256_oid =
-        ObjectIdentifier.of("2.16.840.1.101.3.4.2.1");
+            ObjectIdentifier.of(KnownOIDs.SHA_256);
 
     public static final ObjectIdentifier SHA384_oid =
-        ObjectIdentifier.of("2.16.840.1.101.3.4.2.2");
+            ObjectIdentifier.of(KnownOIDs.SHA_384);
 
     public static final ObjectIdentifier SHA512_oid =
-        ObjectIdentifier.of("2.16.840.1.101.3.4.2.3");
+            ObjectIdentifier.of(KnownOIDs.SHA_512);
 
     public static final ObjectIdentifier SHA512_224_oid =
-        ObjectIdentifier.of("2.16.840.1.101.3.4.2.5");
+            ObjectIdentifier.of(KnownOIDs.SHA_512$224);
 
     public static final ObjectIdentifier SHA512_256_oid =
-        ObjectIdentifier.of("2.16.840.1.101.3.4.2.6");
+            ObjectIdentifier.of(KnownOIDs.SHA_512$256);
 
-    /*
-     * COMMON PUBLIC KEY TYPES
-     */
-    /*
-     * Note the preferred OIDs are named simply with no "OIW" or
-     * "PKIX" in them, even though they may point to data from these
-     * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
-     */
-    /**
-     * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
-     * Parameters include public values P and G, and may optionally specify
-     * the length of the private key X.  Alternatively, algorithm parameters
-     * may be derived from another source such as a Certificate Authority's
-     * certificate.
-     * OID = 1.2.840.113549.1.3.1
-     */
-    public static final ObjectIdentifier DH_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.3.1");
-
-    /**
-     * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
-     * Parameters may include public values P and G.
-     * OID = 1.2.840.10046.2.1
-     */
-    public static final ObjectIdentifier DH_PKIX_oid =
-            ObjectIdentifier.of("1.2.840.10046.2.1");
-
-    /**
-     * Algorithm ID for the Digital Signing Algorithm (DSA), from the
-     * NIST OIW Stable Agreements part 12.
-     * Parameters may include public values P, Q, and G; or these may be
-     * derived from
-     * another source such as a Certificate Authority's certificate.
-     * OID = 1.3.14.3.2.12
-     */
-    public static final ObjectIdentifier DSA_OIW_oid =
-            ObjectIdentifier.of("1.3.14.3.2.12");
-
-    /**
-     * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
-     * Parameters may include public values P, Q, and G; or these may be
-     * derived from another source such as a Certificate Authority's
-     * certificate.
-     * OID = 1.2.840.10040.4.1
-     */
     public static final ObjectIdentifier DSA_oid =
-            ObjectIdentifier.of("1.2.840.10040.4.1");
-
-    /**
-     * Algorithm ID for RSA keys used for any purpose, as defined in X.509.
-     * The algorithm parameter is a single value, the number of bits in the
-     * public modulus.
-     * OID = 2.5.8.1.1
-     */
-    public static final ObjectIdentifier RSA_oid =
-            ObjectIdentifier.of("2.5.8.1.1");
+            ObjectIdentifier.of(KnownOIDs.DSA);
 
     public static final ObjectIdentifier EC_oid =
-            ObjectIdentifier.of("1.2.840.10045.2.1");
-    public static final ObjectIdentifier ECDH_oid =
-            ObjectIdentifier.of("1.3.132.1.12");
+            ObjectIdentifier.of(KnownOIDs.EC);
+
     public static final ObjectIdentifier RSAEncryption_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.1.1");
-    public static final ObjectIdentifier RSAES_OAEP_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.1.7");
-    public static final ObjectIdentifier mgf1_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.1.8");
+            ObjectIdentifier.of(KnownOIDs.RSA);
+
     public static final ObjectIdentifier RSASSA_PSS_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.1.10");
+            ObjectIdentifier.of(KnownOIDs.RSASSA_PSS);
 
-    /*
-     * COMMON SECRET KEY TYPES
-     */
-    public static final ObjectIdentifier AES_oid =
-            ObjectIdentifier.of("2.16.840.1.101.3.4.1");
-
-    /*
-     * COMMON SIGNATURE ALGORITHMS
-     */
-    /**
-     * Identifies a signing algorithm where an MD2 digest is encrypted
-     * using an RSA private key; defined in PKCS #1.  Use of this
-     * signing algorithm is discouraged due to MD2 vulnerabilities.
-     * OID = 1.2.840.113549.1.1.2
-     */
-    public static final ObjectIdentifier md2WithRSAEncryption_oid =
-        ObjectIdentifier.of("1.2.840.113549.1.1.2");
-
-    /**
-     * Identifies a signing algorithm where an MD5 digest is
-     * encrypted using an RSA private key; defined in PKCS #1.
-     * OID = 1.2.840.113549.1.1.4
-     */
-    public static final ObjectIdentifier md5WithRSAEncryption_oid =
-        ObjectIdentifier.of("1.2.840.113549.1.1.4");
-
-    /**
-     * Identifies a signing algorithm where a SHA1 digest is
-     * encrypted using an RSA private key; defined by RSA DSI.
-     * OID = 1.2.840.113549.1.1.5
-     */
-    public static final ObjectIdentifier sha1WithRSAEncryption_oid =
-        ObjectIdentifier.of("1.2.840.113549.1.1.5");
-
-    /**
-     * Identifies a signing algorithm where a SHA1 digest is
-     * encrypted using an RSA private key; defined in NIST OIW.
-     * OID = 1.3.14.3.2.29
-     */
-    public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid =
-        ObjectIdentifier.of("1.3.14.3.2.29");
-
-    /**
-     * Identifies a signing algorithm where a SHA224 digest is
-     * encrypted using an RSA private key; defined by PKCS #1.
-     * OID = 1.2.840.113549.1.1.14
-     */
-    public static final ObjectIdentifier sha224WithRSAEncryption_oid =
-        ObjectIdentifier.of("1.2.840.113549.1.1.14");
-
-    /**
-     * Identifies a signing algorithm where a SHA256 digest is
-     * encrypted using an RSA private key; defined by PKCS #1.
-     * OID = 1.2.840.113549.1.1.11
-     */
-    public static final ObjectIdentifier sha256WithRSAEncryption_oid =
-        ObjectIdentifier.of("1.2.840.113549.1.1.11");
-
-    /**
-     * Identifies a signing algorithm where a SHA384 digest is
-     * encrypted using an RSA private key; defined by PKCS #1.
-     * OID = 1.2.840.113549.1.1.12
-     */
-    public static final ObjectIdentifier sha384WithRSAEncryption_oid =
-        ObjectIdentifier.of("1.2.840.113549.1.1.12");
-
-    /**
-     * Identifies a signing algorithm where a SHA512 digest is
-     * encrypted using an RSA private key; defined by PKCS #1.
-     * OID = 1.2.840.113549.1.1.13
-     */
-    public static final ObjectIdentifier sha512WithRSAEncryption_oid =
-        ObjectIdentifier.of("1.2.840.113549.1.1.13");
-
-    /**
-     * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
-     * SHA digest is signed using the Digital Signing Algorithm (DSA).
-     * This should not be used.
-     * OID = 1.3.14.3.2.13
-     */
-    public static final ObjectIdentifier shaWithDSA_OIW_oid =
-            ObjectIdentifier.of("1.3.14.3.2.13");
-
-    /**
-     * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
-     * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
-     * OID = 1.3.14.3.2.27
-     */
-    public static final ObjectIdentifier sha1WithDSA_OIW_oid =
-            ObjectIdentifier.of("1.3.14.3.2.27");
-
-    /**
-     * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
-     * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
-     * OID = 1.2.840.10040.4.3
-     */
-    public static final ObjectIdentifier sha1WithDSA_oid =
-            ObjectIdentifier.of("1.2.840.10040.4.3");
-
-    public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.1.15");
-    public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.1.16");
-
-    public static final ObjectIdentifier sha224WithDSA_oid =
-            ObjectIdentifier.of("2.16.840.1.101.3.4.3.1");
-    public static final ObjectIdentifier sha256WithDSA_oid =
-            ObjectIdentifier.of("2.16.840.1.101.3.4.3.2");
-
-    public static final ObjectIdentifier sha1WithECDSA_oid =
-            ObjectIdentifier.of("1.2.840.10045.4.1");
-    public static final ObjectIdentifier sha224WithECDSA_oid =
-            ObjectIdentifier.of("1.2.840.10045.4.3.1");
-    public static final ObjectIdentifier sha256WithECDSA_oid =
-            ObjectIdentifier.of("1.2.840.10045.4.3.2");
-    public static final ObjectIdentifier sha384WithECDSA_oid =
-            ObjectIdentifier.of("1.2.840.10045.4.3.3");
-    public static final ObjectIdentifier sha512WithECDSA_oid =
-            ObjectIdentifier.of("1.2.840.10045.4.3.4");
-    public static final ObjectIdentifier specifiedWithECDSA_oid =
-            ObjectIdentifier.of("1.2.840.10045.4.3");
-
-    /**
-     * Algorithm ID for the PBE encryption algorithms from PKCS#5 and
-     * PKCS#12.
-     */
-    public static final ObjectIdentifier pbeWithMD5AndDES_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.5.3");
-    public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.5.6");
-    public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.5.10");
-    public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.5.11");
-    public static final ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.12.1.1");
-    public static final ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.12.1.2");
-    public static final ObjectIdentifier pbeWithSHA1AndDESede_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
-    public static final ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.12.1.5");
-    public static final ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
-            ObjectIdentifier.of("1.2.840.113549.1.12.1.6");
+    public static final ObjectIdentifier MGF1_oid =
+            ObjectIdentifier.of(KnownOIDs.MGF1);
 
     public static final ObjectIdentifier ed25519_oid =
-        ObjectIdentifier.of("1.3.101.112");
+            ObjectIdentifier.of(KnownOIDs.Ed25519);
     public static final ObjectIdentifier ed448_oid =
-        ObjectIdentifier.of("1.3.101.113");
-
-    static {
-        nameTable = new HashMap<>();
-        nameTable.put(MD5_oid, "MD5");
-        nameTable.put(MD2_oid, "MD2");
-        nameTable.put(SHA_oid, "SHA-1");
-        nameTable.put(SHA224_oid, "SHA-224");
-        nameTable.put(SHA256_oid, "SHA-256");
-        nameTable.put(SHA384_oid, "SHA-384");
-        nameTable.put(SHA512_oid, "SHA-512");
-        nameTable.put(SHA512_224_oid, "SHA-512/224");
-        nameTable.put(SHA512_256_oid, "SHA-512/256");
-        nameTable.put(RSAEncryption_oid, "RSA");
-        nameTable.put(RSA_oid, "RSA");
-        nameTable.put(DH_oid, "Diffie-Hellman");
-        nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
-        nameTable.put(DSA_oid, "DSA");
-        nameTable.put(DSA_OIW_oid, "DSA");
-        nameTable.put(EC_oid, "EC");
-        nameTable.put(ECDH_oid, "ECDH");
-        nameTable.put(ed25519_oid, "ED25519");
-        nameTable.put(ed448_oid, "ED448");
-
-        nameTable.put(AES_oid, "AES");
-
-        nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
-        nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
-        nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
-        nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
-        nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
-        nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
-        nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
-        nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
-        nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
-        nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
-        nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
-        nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
-        nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
-        nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
-        nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
-        nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
-        nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
-        nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
-        nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
-        nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
-        nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
-        nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
-
-        nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
-        nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
-        nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
-        nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
-        nameTable.put(pbeWithSHA1AndRC4_128_oid, "PBEWithSHA1AndRC4_128");
-        nameTable.put(pbeWithSHA1AndRC4_40_oid, "PBEWithSHA1AndRC4_40");
-        nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
-        nameTable.put(pbeWithSHA1AndRC2_128_oid, "PBEWithSHA1AndRC2_128");
-        nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
-    }
+            ObjectIdentifier.of(KnownOIDs.Ed448);
 
     /**
      * Creates a signature algorithm name from a digest algorithm
--- a/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java	Tue May 19 04:05:03 2020 +0000
@@ -34,9 +34,7 @@
 import java.util.Map;
 import java.util.Vector;
 
-import sun.security.util.DerValue;
-import sun.security.util.DerOutputStream;
-import sun.security.util.ObjectIdentifier;
+import sun.security.util.*;
 
 /**
  * This class defines the Extended Key Usage Extension, which
@@ -94,24 +92,6 @@
     public static final String NAME = "ExtendedKeyUsage";
     public static final String USAGES = "usages";
 
-    // OID defined in RFC 5280 Sections 4.2.1.12
-    // more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
-    private static final Map <ObjectIdentifier, String> map =
-            new HashMap<ObjectIdentifier, String>();
-
-    static {
-        map.put(ObjectIdentifier.of("2.5.29.37.0"), "anyExtendedKeyUsage");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.1"), "serverAuth");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.2"), "clientAuth");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.3"), "codeSigning");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.4"), "emailProtection");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.5"), "ipsecEndSystem");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.6"), "ipsecTunnel");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.7"), "ipsecUser");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.8"), "timeStamping");
-        map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.9"), "OCSPSigning");
-    };
-
     /**
      * Vector of KeyUsages for this object.
      */
@@ -198,11 +178,12 @@
                 usage += "\n  ";
             }
 
-            String result = map.get(oid);
-            if (result != null) {
-                usage += result;
+            String res = oid.toString();
+            KnownOIDs os = KnownOIDs.findMatch(res);
+            if (os != null) {
+                usage += os.stdName();
             } else {
-                usage += oid.toString();
+                usage += res;
             }
             first = false;
         }
--- a/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java	Tue May 19 04:05:03 2020 +0000
@@ -29,10 +29,7 @@
 import java.io.OutputStream;
 import java.util.Enumeration;
 
-import sun.security.util.Debug;
-import sun.security.util.DerOutputStream;
-import sun.security.util.DerValue;
-import sun.security.util.ObjectIdentifier;
+import sun.security.util.*;
 
 /**
  * This class represents the Inhibit Any-Policy Extension.
@@ -76,7 +73,7 @@
      * Object identifier for "any-policy"
      */
     public static ObjectIdentifier AnyPolicy_Id =
-            ObjectIdentifier.of("2.5.29.32.0");
+            ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY);
 
     /**
      * Attribute names.
--- a/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java	Tue May 19 04:05:03 2020 +0000
@@ -73,7 +73,7 @@
      * Object identifier for the Netscape-Cert-Type extension.
      */
     public static ObjectIdentifier NetscapeCertType_Id =
-            ObjectIdentifier.of("2.16.840.1.113730.1.1");
+            ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType);
 
     private boolean[] bitString;
 
--- a/src/java.base/share/classes/sun/security/x509/OIDMap.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/OIDMap.java	Tue May 19 04:05:03 2020 +0000
@@ -136,7 +136,7 @@
         addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id,
                     "sun.security.x509.PolicyConstraintsExtension");
         addInternal(NETSCAPE_CERT,
-                    ObjectIdentifier.of("2.16.840.1.113730.1.1"),
+                    ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType),
                     "sun.security.x509.NetscapeCertTypeExtension");
         addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id,
                     "sun.security.x509.CertificatePoliciesExtension");
@@ -227,7 +227,7 @@
             throws CertificateException {
         ObjectIdentifier objId;
         try {
-            objId = new ObjectIdentifier(oid);
+            objId = ObjectIdentifier.of(oid);
         } catch (IOException ioe) {
             throw new CertificateException
                                 ("Invalid Object identifier: " + oid);
--- a/src/java.base/share/classes/sun/security/x509/OIDName.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/OIDName.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,7 @@
      */
     public OIDName(String name) throws IOException {
         try {
-            oid = new ObjectIdentifier(name);
+            oid = ObjectIdentifier.of(name);
         } catch (Exception e) {
             throw new IOException("Unable to create OIDName: " + e);
         }
--- a/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java	Tue May 19 04:05:03 2020 +0000
@@ -51,112 +51,112 @@
      * Identifies the particular public key used to sign the certificate.
      */
     public static final ObjectIdentifier AuthorityKey_Id =
-            ObjectIdentifier.of("2.5.29.35");
+            ObjectIdentifier.of(KnownOIDs.AuthorityKeyID);
 
     /**
      * Identifies the particular public key used in an application.
      */
     public static final ObjectIdentifier SubjectKey_Id =
-            ObjectIdentifier.of("2.5.29.14");
+            ObjectIdentifier.of(KnownOIDs.SubjectKeyID);
 
     /**
      * Defines the purpose of the key contained in the certificate.
      */
     public static final ObjectIdentifier KeyUsage_Id =
-            ObjectIdentifier.of("2.5.29.15");
+            ObjectIdentifier.of(KnownOIDs.KeyUsage);
 
     /**
      * Allows the certificate issuer to specify a different validity period
      * for the private key than the certificate.
      */
     public static final ObjectIdentifier PrivateKeyUsage_Id =
-            ObjectIdentifier.of("2.5.29.16");
+            ObjectIdentifier.of(KnownOIDs.PrivateKeyUsage);
 
     /**
      * Contains the sequence of policy information terms.
      */
     public static final ObjectIdentifier CertificatePolicies_Id =
-            ObjectIdentifier.of("2.5.29.32");
+            ObjectIdentifier.of(KnownOIDs.CertificatePolicies);
 
     /**
      * Lists pairs of object identifiers of policies considered equivalent by
      * the issuing CA to the subject CA.
      */
     public static final ObjectIdentifier PolicyMappings_Id =
-            ObjectIdentifier.of("2.5.29.33");
+            ObjectIdentifier.of(KnownOIDs.PolicyMappings);
 
     /**
      * Allows additional identities to be bound to the subject of the
      * certificate.
      */
     public static final ObjectIdentifier SubjectAlternativeName_Id =
-            ObjectIdentifier.of("2.5.29.17");
+            ObjectIdentifier.of(KnownOIDs.SubjectAlternativeName);
 
     /**
      * Allows additional identities to be associated with the certificate
      * issuer.
      */
     public static final ObjectIdentifier IssuerAlternativeName_Id =
-            ObjectIdentifier.of("2.5.29.18");
+            ObjectIdentifier.of(KnownOIDs.IssuerAlternativeName);
 
     /**
      * Identifies additional directory attributes.
      * This extension is always non-critical.
      */
     public static final ObjectIdentifier SubjectDirectoryAttributes_Id =
-            ObjectIdentifier.of("2.5.29.9");
+            ObjectIdentifier.of(KnownOIDs.SubjectDirectoryAttributes);
 
     /**
      * Identifies whether the subject of the certificate is a CA and how deep
      * a certification path may exist through that CA.
      */
     public static final ObjectIdentifier BasicConstraints_Id =
-            ObjectIdentifier.of("2.5.29.19");
+            ObjectIdentifier.of(KnownOIDs.BasicConstraints);
 
     /**
      * Provides for permitted and excluded subtrees that place restrictions
      * on names that may be included within a certificate issued by a given CA.
      */
     public static final ObjectIdentifier NameConstraints_Id =
-            ObjectIdentifier.of("2.5.29.30");
+            ObjectIdentifier.of(KnownOIDs.NameConstraints);
 
     /**
      * Used to either prohibit policy mapping or limit the set of policies
      * that can be in subsequent certificates.
      */
     public static final ObjectIdentifier PolicyConstraints_Id =
-            ObjectIdentifier.of("2.5.29.36");
+            ObjectIdentifier.of(KnownOIDs.PolicyConstraints);
 
     /**
      * Identifies how CRL information is obtained.
      */
     public static final ObjectIdentifier CRLDistributionPoints_Id =
-            ObjectIdentifier.of("2.5.29.31");
+            ObjectIdentifier.of(KnownOIDs.CRLDistributionPoints);
 
     /**
      * Conveys a monotonically increasing sequence number for each CRL
      * issued by a given CA.
      */
     public static final ObjectIdentifier CRLNumber_Id =
-            ObjectIdentifier.of("2.5.29.20");
+            ObjectIdentifier.of(KnownOIDs.CRLNumber);
 
     /**
      * Identifies the CRL distribution point for a particular CRL.
      */
     public static final ObjectIdentifier IssuingDistributionPoint_Id =
-            ObjectIdentifier.of("2.5.29.28");
+            ObjectIdentifier.of(KnownOIDs.IssuingDistributionPoint);
 
     /**
      * Identifies the delta CRL.
      */
     public static final ObjectIdentifier DeltaCRLIndicator_Id =
-            ObjectIdentifier.of("2.5.29.27");
+            ObjectIdentifier.of(KnownOIDs.DeltaCRLIndicator);
 
     /**
      * Identifies the reason for the certificate revocation.
      */
     public static final ObjectIdentifier ReasonCode_Id =
-            ObjectIdentifier.of("2.5.29.21");
+            ObjectIdentifier.of(KnownOIDs.ReasonCode);
 
     /**
      * This extension provides a registered instruction identifier indicating
@@ -164,34 +164,34 @@
      * placed on hold.
      */
     public static final ObjectIdentifier HoldInstructionCode_Id =
-            ObjectIdentifier.of("2.5.29.23");
+            ObjectIdentifier.of(KnownOIDs.HoldInstructionCode);
 
     /**
      * Identifies the date on which it is known or suspected that the private
      * key was compromised or that the certificate otherwise became invalid.
      */
     public static final ObjectIdentifier InvalidityDate_Id =
-            ObjectIdentifier.of("2.5.29.24");
+            ObjectIdentifier.of(KnownOIDs.InvalidityDate);
     /**
      * Identifies one or more purposes for which the certified public key
      * may be used, in addition to or in place of the basic purposes
      * indicated in the key usage extension field.
      */
     public static final ObjectIdentifier ExtendedKeyUsage_Id =
-            ObjectIdentifier.of("2.5.29.37");
+            ObjectIdentifier.of(KnownOIDs.extendedKeyUsage);
 
     /**
      * Specifies whether any-policy policy OID is permitted
      */
     public static final ObjectIdentifier InhibitAnyPolicy_Id =
-            ObjectIdentifier.of("2.5.29.54");
+            ObjectIdentifier.of(KnownOIDs.InhibitAnyPolicy);
 
     /**
      * Identifies the certificate issuer associated with an entry in an
      * indirect CRL.
      */
     public static final ObjectIdentifier CertificateIssuer_Id =
-            ObjectIdentifier.of("2.5.29.29");
+            ObjectIdentifier.of(KnownOIDs.CertificateIssuer);
 
     /**
      * This extension indicates how to access CA information and services for
@@ -200,32 +200,32 @@
      * services.
      */
     public static final ObjectIdentifier AuthInfoAccess_Id =
-            ObjectIdentifier.of("1.3.6.1.5.5.7.1.1");
+            ObjectIdentifier.of(KnownOIDs.AuthInfoAccess);
 
     /**
      * This extension indicates how to access CA information and services for
      * the subject of the certificate in which the extension appears.
      */
     public static final ObjectIdentifier SubjectInfoAccess_Id =
-            ObjectIdentifier.of("1.3.6.1.5.5.7.1.11");
+            ObjectIdentifier.of(KnownOIDs.SubjectInfoAccess);
 
     /**
      * Identifies how delta CRL information is obtained.
      */
     public static final ObjectIdentifier FreshestCRL_Id =
-            ObjectIdentifier.of("2.5.29.46");
+            ObjectIdentifier.of(KnownOIDs.FreshestCRL);
 
     /**
      * Identifies the OCSP client can trust the responder for the
      * lifetime of the responder's certificate.
      */
     public static final ObjectIdentifier OCSPNoCheck_Id =
-            ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.5");
+            ObjectIdentifier.of(KnownOIDs.OCSPNoCheck);
 
     /**
      * This extension is used to provide nonce data for OCSP requests
      * or responses.
      */
     public static final ObjectIdentifier OCSPNonce_Id =
-            ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.2");
+            ObjectIdentifier.of(KnownOIDs.OCSPNonceExt);
 }
--- a/src/java.base/share/classes/sun/security/x509/X500Name.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/X500Name.java	Tue May 19 04:05:03 2020 +0000
@@ -1105,80 +1105,80 @@
 
     // OID for the "CN=" attribute, denoting a person's common name.
     public static final ObjectIdentifier commonName_oid =
-            ObjectIdentifier.of("2.5.4.3");
+            ObjectIdentifier.of(KnownOIDs.CommonName);
 
     // OID for the "SURNAME=" attribute, denoting a person's surname.
     public static final ObjectIdentifier SURNAME_OID =
-            ObjectIdentifier.of("2.5.4.4");
+            ObjectIdentifier.of(KnownOIDs.Surname);
 
     // OID for the "SERIALNUMBER=" attribute, denoting a serial number for.
     // a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the
     // certificate serial number.
     public static final ObjectIdentifier SERIALNUMBER_OID =
-            ObjectIdentifier.of("2.5.4.5");
+            ObjectIdentifier.of(KnownOIDs.SerialNumber);
 
     // OID for the "C=" attribute, denoting a country.
     public static final ObjectIdentifier countryName_oid =
-            ObjectIdentifier.of("2.5.4.6");
+            ObjectIdentifier.of(KnownOIDs.CountryName);
 
     // OID for the "L=" attribute, denoting a locality (such as a city).
     public static final ObjectIdentifier localityName_oid =
-            ObjectIdentifier.of("2.5.4.7");
+            ObjectIdentifier.of(KnownOIDs.LocalityName);
 
     // OID for the "S=" attribute, denoting a state (such as Delaware).
     public static final ObjectIdentifier stateName_oid =
-            ObjectIdentifier.of("2.5.4.8");
+            ObjectIdentifier.of(KnownOIDs.StateName);
 
     // OID for the "STREET=" attribute, denoting a street address.
     public static final ObjectIdentifier streetAddress_oid =
-            ObjectIdentifier.of("2.5.4.9");
+            ObjectIdentifier.of(KnownOIDs.StreetAddress);
 
     // OID for the "O=" attribute, denoting an organization name.
     public static final ObjectIdentifier orgName_oid =
-            ObjectIdentifier.of("2.5.4.10");
+            ObjectIdentifier.of(KnownOIDs.OrgName);
 
     // OID for the "OU=" attribute, denoting an organizational unit name.
     public static final ObjectIdentifier orgUnitName_oid =
-            ObjectIdentifier.of("2.5.4.11");
+            ObjectIdentifier.of(KnownOIDs.OrgUnitName);
 
     // OID for the "T=" attribute, denoting a person's title.
     public static final ObjectIdentifier title_oid =
-            ObjectIdentifier.of("2.5.4.12");
+            ObjectIdentifier.of(KnownOIDs.Title);
 
     // OID for the "GIVENNAME=" attribute, denoting a person's given name.
     public static final ObjectIdentifier GIVENNAME_OID =
-            ObjectIdentifier.of("2.5.4.42");
+            ObjectIdentifier.of(KnownOIDs.GivenName);
 
     // OID for the "INITIALS=" attribute, denoting a person's initials.
     public static final ObjectIdentifier INITIALS_OID =
-            ObjectIdentifier.of("2.5.4.43");
+            ObjectIdentifier.of(KnownOIDs.Initials);
 
     // OID for the "GENERATION=" attribute, denoting Jr., II, etc.
     public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
-            ObjectIdentifier.of("2.5.4.44");
+            ObjectIdentifier.of(KnownOIDs.GenerationQualifier);
 
     // OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN
     // disambiguating information.
     public static final ObjectIdentifier DNQUALIFIER_OID =
-            ObjectIdentifier.of("2.5.4.46");
+            ObjectIdentifier.of(KnownOIDs.DNQualifier);
 
     // OIDs from other sources which show up in X.500 names we
     // expect to deal with often.
     //
     // OID for "IP=" IP address attributes, used with SKIP.
     public static final ObjectIdentifier ipAddress_oid =
-            ObjectIdentifier.of("1.3.6.1.4.1.42.2.11.2.1");
+            ObjectIdentifier.of(KnownOIDs.SkipIPAddress);
 
     // Domain component OID from RFC 1274, RFC 2247, RFC 5280.
     //
     // OID for "DC=" domain component attributes.used with DNSNames in DN
     // format.
     public static final ObjectIdentifier DOMAIN_COMPONENT_OID =
-            ObjectIdentifier.of("0.9.2342.19200300.100.1.25");
+            ObjectIdentifier.of(KnownOIDs.UCL_DomainComponent);
 
     // OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798.
     public static final ObjectIdentifier userid_oid =
-            ObjectIdentifier.of("0.9.2342.19200300.100.1.1");
+            ObjectIdentifier.of(KnownOIDs.UCL_UserID);
 
     /**
      * Return constraint type:<ul>
--- a/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java	Tue May 19 04:05:03 2020 +0000
@@ -252,7 +252,8 @@
      */
     public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
         try {
-            byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
+            byte[] ext = crlEntry.getExtensionValue
+                    (KnownOIDs.ReasonCode.value());
             if (ext == null) {
                 return null;
             }
@@ -402,11 +403,11 @@
         if (extensions == null)
             return null;
         try {
-            String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
+            String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
             Extension crlExt = null;
 
             if (extAlias == null) { // may be unknown
-                ObjectIdentifier findOID = new ObjectIdentifier(oid);
+                ObjectIdentifier findOID = ObjectIdentifier.of(oid);
                 Extension ex = null;
                 ObjectIdentifier inCertOID;
                 for (Enumeration<Extension> e = extensions.getElements();
--- a/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java	Tue May 19 04:05:03 2020 +0000
@@ -1036,11 +1036,11 @@
         if (extensions == null)
             return null;
         try {
-            String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
+            String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
             Extension crlExt = null;
 
             if (extAlias == null) { // may be unknown
-                ObjectIdentifier findOID = new ObjectIdentifier(oid);
+                ObjectIdentifier findOID = ObjectIdentifier.of(oid);
                 Extension ex = null;
                 ObjectIdentifier inCertOID;
                 for (Enumeration<Extension> e = extensions.getElements();
--- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Tue May 19 04:05:03 2020 +0000
@@ -128,14 +128,6 @@
     protected AlgorithmId       algId = null;
     protected byte[]            signature = null;
 
-    // recognized extension OIDS
-    private static final String KEY_USAGE_OID = "2.5.29.15";
-    private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
-    private static final String BASIC_CONSTRAINT_OID = "2.5.29.19";
-    private static final String SUBJECT_ALT_NAME_OID = "2.5.29.17";
-    private static final String ISSUER_ALT_NAME_OID = "2.5.29.18";
-    private static final String AUTH_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.1";
-
     // number of standard key usage bits.
     private static final int NUM_STANDARD_KEY_USAGE = 9;
 
@@ -1423,7 +1415,7 @@
      */
     public byte[] getExtensionValue(String oid) {
         try {
-            ObjectIdentifier findOID = new ObjectIdentifier(oid);
+            ObjectIdentifier findOID = ObjectIdentifier.of(oid);
             String extAlias = OIDMap.getName(findOID);
             Extension certExt = null;
             CertificateExtensions exts = (CertificateExtensions)info.get(
@@ -1526,7 +1518,8 @@
     public static List<String> getExtendedKeyUsage(X509Certificate cert)
         throws CertificateParsingException {
         try {
-            byte[] ext = cert.getExtensionValue(EXTENDED_KEY_USAGE_OID);
+            byte[] ext = cert.getExtensionValue
+                    (KnownOIDs.extendedKeyUsage.value());
             if (ext == null)
                 return null;
             DerValue val = new DerValue(ext);
@@ -1696,7 +1689,8 @@
     public static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
         throws CertificateParsingException {
         try {
-            byte[] ext = cert.getExtensionValue(SUBJECT_ALT_NAME_OID);
+            byte[] ext = cert.getExtensionValue
+                    (KnownOIDs.SubjectAlternativeName.value());
             if (ext == null) {
                 return null;
             }
@@ -1759,7 +1753,8 @@
     public static Collection<List<?>> getIssuerAlternativeNames(X509Certificate cert)
         throws CertificateParsingException {
         try {
-            byte[] ext = cert.getExtensionValue(ISSUER_ALT_NAME_OID);
+            byte[] ext = cert.getExtensionValue
+                    (KnownOIDs.IssuerAlternativeName.value());
             if (ext == null) {
                 return null;
             }
--- a/src/java.security.jgss/share/classes/org/ietf/jgss/Oid.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.security.jgss/share/classes/org/ietf/jgss/Oid.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,7 +65,7 @@
     public Oid(String strOid) throws GSSException {
 
         try {
-            oid = new ObjectIdentifier(strOid);
+            oid = ObjectIdentifier.of(strOid);
             derEncoding = null;
         } catch (Exception e) {
             throw new GSSException(GSSException.FAILURE,
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSContextImpl.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSContextImpl.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -241,7 +241,7 @@
                 mechCtxt.setChannelBinding(channelBindings);
                 mechCtxt.requestDelegPolicy(reqDelegPolicyState);
 
-                objId = new ObjectIdentifier(mechOid.toString());
+                objId = ObjectIdentifier.of(mechOid.toString());
 
                 currentState = IN_PROGRESS;
                 firstToken = true;
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -403,7 +403,7 @@
         ObjectIdentifier oid = null;
 
         try {
-            oid = new ObjectIdentifier
+            oid = ObjectIdentifier.of
                 (mechElement.getMechanism().toString());
         } catch (IOException e) {
             throw new GSSExceptionImpl(GSSException.FAILURE,
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Token.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Token.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -77,7 +77,7 @@
 
     static {
         try {
-            OID = new ObjectIdentifier(Krb5MechFactory.
+            OID = ObjectIdentifier.of(Krb5MechFactory.
                                        GSS_KRB5_MECH_OID.toString());
         } catch (IOException ioe) {
           // should not happen
--- a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,7 +68,7 @@
 
     static {
         try {
-            OID = new ObjectIdentifier(SpNegoMechFactory.
+            OID = ObjectIdentifier.of(SpNegoMechFactory.
                                        GSS_SPNEGO_MECH_OID.toString());
         } catch (IOException ioe) {
           // should not happen
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -130,7 +130,7 @@
                 DerOutputStream dout = new DerOutputStream();
                 Oid mech = cStub.getMech();
                 try {
-                    dout.putOID(new ObjectIdentifier(mech.toString()));
+                    dout.putOID(ObjectIdentifier.of(mech.toString()));
                 } catch (IOException e) {
                     throw new GSSExceptionImpl(GSSException.FAILURE, e);
                 }
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -164,7 +164,7 @@
                 SunNativeProvider.debug("Precomputed mechToken length: " +
                                          mechTokenLen);
                 GSSHeader gssHeader = new GSSHeader
-                    (new ObjectIdentifier(cStub.getMech().toString()),
+                    (ObjectIdentifier.of(cStub.getMech().toString()),
                      mechTokenLen);
                 ByteArrayOutputStream baos = new ByteArrayOutputStream(600);
 
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,7 @@
 import sun.security.util.Debug;
 import sun.security.util.ResourcesMgr;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
+import static sun.security.util.SecurityProviderConstants.getAliases;
 
 import sun.security.pkcs11.Secmod.*;
 
@@ -405,19 +406,15 @@
         return System.identityHashCode(this);
     }
 
-    private static String[] s(String ...aliases) {
-        return aliases;
-    }
-
     private static final class Descriptor {
         final String type;
         final String algorithm;
         final String className;
-        final String[] aliases;
+        final List<String> aliases;
         final int[] mechanisms;
 
         private Descriptor(String type, String algorithm, String className,
-                String[] aliases, int[] mechanisms) {
+                List<String> aliases, int[] mechanisms) {
             this.type = type;
             this.algorithm = algorithm;
             this.className = className;
@@ -460,10 +457,16 @@
     }
 
     private static void d(String type, String algorithm, String className,
-            String[] aliases, int[] m) {
+            List<String> aliases, int[] m) {
         register(new Descriptor(type, algorithm, className, aliases, m));
     }
 
+    private static void dA(String type, String algorithm, String className,
+            int[] m) {
+        register(new Descriptor(type, algorithm, className,
+                getAliases(algorithm), m));
+    }
+
     private static void register(Descriptor d) {
         for (int i = 0; i < d.mechanisms.length; i++) {
             int m = d.mechanisms[i];
@@ -525,51 +528,37 @@
                 m(CKM_MD2));
         d(MD, "MD5",            P11Digest,
                 m(CKM_MD5));
-        d(MD, "SHA1",           P11Digest,
-                s("SHA", "SHA-1", "1.3.14.3.2.26", "OID.1.3.14.3.2.26"),
+        dA(MD, "SHA-1",           P11Digest,
                 m(CKM_SHA_1));
 
-        d(MD, "SHA-224",        P11Digest,
-                s("2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4"),
+        dA(MD, "SHA-224",        P11Digest,
                 m(CKM_SHA224));
-        d(MD, "SHA-256",        P11Digest,
-                s("2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1"),
+        dA(MD, "SHA-256",        P11Digest,
                 m(CKM_SHA256));
-        d(MD, "SHA-384",        P11Digest,
-                s("2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"),
+        dA(MD, "SHA-384",        P11Digest,
                 m(CKM_SHA384));
-        d(MD, "SHA-512",        P11Digest,
-                s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"),
+        dA(MD, "SHA-512",        P11Digest,
                 m(CKM_SHA512));
-        d(MD, "SHA-512/224",        P11Digest,
-                s("2.16.840.1.101.3.4.2.5", "OID.2.16.840.1.101.3.4.2.5"),
+        dA(MD, "SHA-512/224",        P11Digest,
                 m(CKM_SHA512_224));
-        d(MD, "SHA-512/256",        P11Digest,
-                s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"),
+        dA(MD, "SHA-512/256",        P11Digest,
                 m(CKM_SHA512_256));
 
         d(MAC, "HmacMD5",       P11MAC,
                 m(CKM_MD5_HMAC));
-        d(MAC, "HmacSHA1",      P11MAC,
-                s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
+        dA(MAC, "HmacSHA1",      P11MAC,
                 m(CKM_SHA_1_HMAC));
-        d(MAC, "HmacSHA224",    P11MAC,
-                s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
+        dA(MAC, "HmacSHA224",    P11MAC,
                 m(CKM_SHA224_HMAC));
-        d(MAC, "HmacSHA256",    P11MAC,
-                s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
+        dA(MAC, "HmacSHA256",    P11MAC,
                 m(CKM_SHA256_HMAC));
-        d(MAC, "HmacSHA384",    P11MAC,
-                s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
+        dA(MAC, "HmacSHA384",    P11MAC,
                 m(CKM_SHA384_HMAC));
-        d(MAC, "HmacSHA512",    P11MAC,
-                s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
+        dA(MAC, "HmacSHA512",    P11MAC,
                 m(CKM_SHA512_HMAC));
-        d(MAC, "HmacSHA512/224",    P11MAC,
-                s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"),
+        dA(MAC, "HmacSHA512/224",    P11MAC,
                 m(CKM_SHA512_224_HMAC));
-        d(MAC, "HmacSHA512/256",    P11MAC,
-                s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
+        dA(MAC, "HmacSHA512/256",    P11MAC,
                 m(CKM_SHA512_256_HMAC));
 
         d(MAC, "SslMacMD5",     P11MAC,
@@ -578,18 +567,20 @@
                 m(CKM_SSL3_SHA1_MAC));
 
         d(KPG, "RSA",           P11KeyPairGenerator,
-                s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"),
+                getAliases("PKCS1"),
                 m(CKM_RSA_PKCS_KEY_PAIR_GEN));
 
-        d(KPG, "DSA",           P11KeyPairGenerator,
-                s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
+        List<String> dhAlias = List.of("DiffieHellman");
+
+        dA(KPG, "DSA",           P11KeyPairGenerator,
                 m(CKM_DSA_KEY_PAIR_GEN));
-        d(KPG, "DH",            P11KeyPairGenerator,    s("DiffieHellman"),
+        d(KPG, "DH",            P11KeyPairGenerator,
+                dhAlias,
                 m(CKM_DH_PKCS_KEY_PAIR_GEN));
         d(KPG, "EC",            P11KeyPairGenerator,
                 m(CKM_EC_KEY_PAIR_GEN));
 
-        d(KG,  "ARCFOUR",       P11KeyGenerator,        s("RC4"),
+        dA(KG,  "ARCFOUR",       P11KeyGenerator,
                 m(CKM_RC4_KEY_GEN));
         d(KG,  "DES",           P11KeyGenerator,
                 m(CKM_DES_KEY_GEN));
@@ -603,12 +594,12 @@
         // register (Secret)KeyFactories if there are any mechanisms
         // for a particular algorithm that we support
         d(KF, "RSA",            P11RSAKeyFactory,
-                s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"),
+                getAliases("PKCS1"),
                 m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(KF, "DSA",            P11DSAKeyFactory,
-                s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
+        dA(KF, "DSA",            P11DSAKeyFactory,
                 m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1));
-        d(KF, "DH",             P11DHKeyFactory,        s("DiffieHellman"),
+        d(KF, "DH",             P11DHKeyFactory,
+                dhAlias,
                 m(CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE));
         d(KF, "EC",             P11DHKeyFactory,
                 m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
@@ -616,8 +607,7 @@
 
         // AlgorithmParameters for EC.
         // Only needed until we have an EC implementation in the SUN provider.
-        d(AGP, "EC",            "sun.security.util.ECParameters",
-                s("1.2.840.10045.2.1"),
+        dA(AGP, "EC",            "sun.security.util.ECParameters",
                 m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
                     CKM_ECDSA, CKM_ECDSA_SHA1));
 
@@ -625,25 +615,25 @@
         d(AGP, "GCM",            "sun.security.util.GCMParameters",
                 m(CKM_AES_GCM));
 
-        d(KA, "DH",             P11KeyAgreement,        s("DiffieHellman"),
+        d(KA, "DH",             P11KeyAgreement,
+                dhAlias,
                 m(CKM_DH_PKCS_DERIVE));
         d(KA, "ECDH",           "sun.security.pkcs11.P11ECDHKeyAgreement",
                 m(CKM_ECDH1_DERIVE));
 
-        d(SKF, "ARCFOUR",       P11SecretKeyFactory,    s("RC4"),
+        dA(SKF, "ARCFOUR",       P11SecretKeyFactory,
                 m(CKM_RC4));
         d(SKF, "DES",           P11SecretKeyFactory,
                 m(CKM_DES_CBC));
         d(SKF, "DESede",        P11SecretKeyFactory,
                 m(CKM_DES3_CBC));
-        d(SKF, "AES",           P11SecretKeyFactory,
-                s("2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"),
+        dA(SKF, "AES",           P11SecretKeyFactory,
                 m(CKM_AES_CBC));
         d(SKF, "Blowfish",      P11SecretKeyFactory,
                 m(CKM_BLOWFISH_CBC));
 
         // XXX attributes for Ciphers (supported modes, padding)
-        d(CIP, "ARCFOUR",                       P11Cipher,      s("RC4"),
+        dA(CIP, "ARCFOUR",                      P11Cipher,
                 m(CKM_RC4));
         d(CIP, "DES/CBC/NoPadding",             P11Cipher,
                 m(CKM_DES_CBC));
@@ -651,7 +641,8 @@
                 m(CKM_DES_CBC_PAD, CKM_DES_CBC));
         d(CIP, "DES/ECB/NoPadding",             P11Cipher,
                 m(CKM_DES_ECB));
-        d(CIP, "DES/ECB/PKCS5Padding",          P11Cipher,      s("DES"),
+        d(CIP, "DES/ECB/PKCS5Padding",          P11Cipher,
+                List.of("DES"),
                 m(CKM_DES_ECB));
 
         d(CIP, "DESede/CBC/NoPadding",          P11Cipher,
@@ -660,47 +651,40 @@
                 m(CKM_DES3_CBC_PAD, CKM_DES3_CBC));
         d(CIP, "DESede/ECB/NoPadding",          P11Cipher,
                 m(CKM_DES3_ECB));
-        d(CIP, "DESede/ECB/PKCS5Padding",       P11Cipher,      s("DESede"),
+        d(CIP, "DESede/ECB/PKCS5Padding",       P11Cipher,
+                List.of("DESede"),
                 m(CKM_DES3_ECB));
         d(CIP, "AES/CBC/NoPadding",             P11Cipher,
                 m(CKM_AES_CBC));
-        d(CIP, "AES_128/CBC/NoPadding",          P11Cipher,
-                s("2.16.840.1.101.3.4.1.2", "OID.2.16.840.1.101.3.4.1.2"),
+        dA(CIP, "AES_128/CBC/NoPadding",          P11Cipher,
                 m(CKM_AES_CBC));
-        d(CIP, "AES_192/CBC/NoPadding",          P11Cipher,
-                s("2.16.840.1.101.3.4.1.22", "OID.2.16.840.1.101.3.4.1.22"),
+        dA(CIP, "AES_192/CBC/NoPadding",          P11Cipher,
                 m(CKM_AES_CBC));
-        d(CIP, "AES_256/CBC/NoPadding",          P11Cipher,
-                s("2.16.840.1.101.3.4.1.42", "OID.2.16.840.1.101.3.4.1.42"),
+        dA(CIP, "AES_256/CBC/NoPadding",          P11Cipher,
                 m(CKM_AES_CBC));
         d(CIP, "AES/CBC/PKCS5Padding",          P11Cipher,
                 m(CKM_AES_CBC_PAD, CKM_AES_CBC));
         d(CIP, "AES/ECB/NoPadding",             P11Cipher,
                 m(CKM_AES_ECB));
-        d(CIP, "AES_128/ECB/NoPadding",          P11Cipher,
-                s("2.16.840.1.101.3.4.1.1", "OID.2.16.840.1.101.3.4.1.1"),
+        dA(CIP, "AES_128/ECB/NoPadding",          P11Cipher,
                 m(CKM_AES_ECB));
-        d(CIP, "AES_192/ECB/NoPadding",          P11Cipher,
-                s("2.16.840.1.101.3.4.1.21", "OID.2.16.840.1.101.3.4.1.21"),
+        dA(CIP, "AES_192/ECB/NoPadding",          P11Cipher,
                 m(CKM_AES_ECB));
-        d(CIP, "AES_256/ECB/NoPadding",          P11Cipher,
-                s("2.16.840.1.101.3.4.1.41", "OID.2.16.840.1.101.3.4.1.41"),
+        dA(CIP, "AES_256/ECB/NoPadding",          P11Cipher,
                 m(CKM_AES_ECB));
-        d(CIP, "AES/ECB/PKCS5Padding",          P11Cipher,      s("AES"),
+        d(CIP, "AES/ECB/PKCS5Padding",          P11Cipher,
+                List.of("AES"),
                 m(CKM_AES_ECB));
         d(CIP, "AES/CTR/NoPadding",             P11Cipher,
                 m(CKM_AES_CTR));
 
         d(CIP, "AES/GCM/NoPadding",             P11AEADCipher,
                 m(CKM_AES_GCM));
-        d(CIP, "AES_128/GCM/NoPadding",          P11AEADCipher,
-                s("2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"),
+        dA(CIP, "AES_128/GCM/NoPadding",          P11AEADCipher,
                 m(CKM_AES_GCM));
-        d(CIP, "AES_192/GCM/NoPadding",          P11AEADCipher,
-                s("2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"),
+        dA(CIP, "AES_192/GCM/NoPadding",          P11AEADCipher,
                 m(CKM_AES_GCM));
-        d(CIP, "AES_256/GCM/NoPadding",          P11AEADCipher,
-                s("2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46"),
+        dA(CIP, "AES_256/GCM/NoPadding",          P11AEADCipher,
                 m(CKM_AES_GCM));
 
         d(CIP, "Blowfish/CBC/NoPadding",        P11Cipher,
@@ -708,52 +692,43 @@
         d(CIP, "Blowfish/CBC/PKCS5Padding",     P11Cipher,
                 m(CKM_BLOWFISH_CBC));
 
-        d(CIP, "RSA/ECB/PKCS1Padding",          P11RSACipher,   s("RSA"),
+        d(CIP, "RSA/ECB/PKCS1Padding",          P11RSACipher,
+                List.of("RSA"),
                 m(CKM_RSA_PKCS));
         d(CIP, "RSA/ECB/NoPadding",             P11RSACipher,
                 m(CKM_RSA_X_509));
 
-        d(SIG, "RawDSA",        P11Signature,   s("NONEwithDSA"),
+        d(SIG, "RawDSA",        P11Signature,
+                List.of("NONEwithDSA"),
                 m(CKM_DSA));
-        d(SIG, "DSA",           P11Signature,
-                s("SHA1withDSA", "1.3.14.3.2.13", "1.3.14.3.2.27",
-                  "1.2.840.10040.4.3", "OID.1.2.840.10040.4.3"),
+        dA(SIG, "SHA1withDSA",           P11Signature,
                 m(CKM_DSA_SHA1, CKM_DSA));
-        d(SIG, "SHA224withDSA", P11Signature,
-                s("2.16.840.1.101.3.4.3.1", "OID.2.16.840.1.101.3.4.3.1"),
+        dA(SIG, "SHA224withDSA", P11Signature,
                 m(CKM_DSA_SHA224));
-        d(SIG, "SHA256withDSA", P11Signature,
-                s("2.16.840.1.101.3.4.3.2", "OID.2.16.840.1.101.3.4.3.2"),
+        dA(SIG, "SHA256withDSA", P11Signature,
                 m(CKM_DSA_SHA256));
-        d(SIG, "SHA384withDSA", P11Signature,
-                s("2.16.840.1.101.3.4.3.3", "OID.2.16.840.1.101.3.4.3.3"),
+        dA(SIG, "SHA384withDSA", P11Signature,
                 m(CKM_DSA_SHA384));
-        d(SIG, "SHA512withDSA", P11Signature,
-                s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"),
+        dA(SIG, "SHA512withDSA", P11Signature,
                 m(CKM_DSA_SHA512));
         d(SIG, "RawDSAinP1363Format",   P11Signature,
-                s("NONEwithDSAinP1363Format"),
+                List.of("NONEwithDSAinP1363Format"),
                 m(CKM_DSA));
         d(SIG, "DSAinP1363Format",      P11Signature,
-                s("SHA1withDSAinP1363Format"),
+                List.of("SHA1withDSAinP1363Format"),
                 m(CKM_DSA_SHA1, CKM_DSA));
 
         d(SIG, "NONEwithECDSA", P11Signature,
                 m(CKM_ECDSA));
-        d(SIG, "SHA1withECDSA", P11Signature,
-                s("ECDSA", "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1"),
+        dA(SIG, "SHA1withECDSA", P11Signature,
                 m(CKM_ECDSA_SHA1, CKM_ECDSA));
-        d(SIG, "SHA224withECDSA",       P11Signature,
-                s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
+        dA(SIG, "SHA224withECDSA",       P11Signature,
                 m(CKM_ECDSA));
-        d(SIG, "SHA256withECDSA",       P11Signature,
-                s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
+        dA(SIG, "SHA256withECDSA",       P11Signature,
                 m(CKM_ECDSA));
-        d(SIG, "SHA384withECDSA",       P11Signature,
-                s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
+        dA(SIG, "SHA384withECDSA",       P11Signature,
                 m(CKM_ECDSA));
-        d(SIG, "SHA512withECDSA",       P11Signature,
-                s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
+        dA(SIG, "SHA512withECDSA",       P11Signature,
                 m(CKM_ECDSA));
         d(SIG, "NONEwithECDSAinP1363Format",   P11Signature,
                 m(CKM_ECDSA));
@@ -767,30 +742,21 @@
                 m(CKM_ECDSA));
         d(SIG, "SHA512withECDSAinP1363Format", P11Signature,
                 m(CKM_ECDSA));
-        d(SIG, "MD2withRSA",    P11Signature,
-                s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
+        dA(SIG, "MD2withRSA",    P11Signature,
                 m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(SIG, "MD5withRSA",    P11Signature,
-                s("1.2.840.113549.1.1.4", "OID.1.2.840.113549.1.1.4"),
+        dA(SIG, "MD5withRSA",    P11Signature,
                 m(CKM_MD5_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(SIG, "SHA1withRSA",   P11Signature,
-                s("1.2.840.113549.1.1.5", "OID.1.2.840.113549.1.1.5",
-                  "1.3.14.3.2.29"),
+        dA(SIG, "SHA1withRSA",   P11Signature,
                 m(CKM_SHA1_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(SIG, "SHA224withRSA", P11Signature,
-                s("1.2.840.113549.1.1.14", "OID.1.2.840.113549.1.1.14"),
+        dA(SIG, "SHA224withRSA", P11Signature,
                 m(CKM_SHA224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(SIG, "SHA256withRSA", P11Signature,
-                s("1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11"),
+        dA(SIG, "SHA256withRSA", P11Signature,
                 m(CKM_SHA256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(SIG, "SHA384withRSA", P11Signature,
-                s("1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12"),
+        dA(SIG, "SHA384withRSA", P11Signature,
                 m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(SIG, "SHA512withRSA", P11Signature,
-                s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
+        dA(SIG, "SHA512withRSA", P11Signature,
                 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
-        d(SIG, "RSASSA-PSS", P11PSSSignature,
-                s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"),
+        dA(SIG, "RSASSA-PSS", P11PSSSignature,
                 m(CKM_RSA_PKCS_PSS));
         d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature,
                 m(CKM_SHA1_RSA_PKCS_PSS));
@@ -805,7 +771,7 @@
 
         d(KG, "SunTlsRsaPremasterSecret",
                     "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
-                    s("SunTls12RsaPremasterSecret"),
+                List.of("SunTls12RsaPremasterSecret"),
                 m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
         d(KG, "SunTlsMasterSecret",
                     "sun.security.pkcs11.P11TlsMasterSecretGenerator",
@@ -1048,7 +1014,7 @@
                 if (config.isEnabled(PCKM_KEYSTORE)) {
                     putService(new P11Service(token, KS, "PKCS11",
                         "sun.security.pkcs11.P11KeyStore",
-                        s("PKCS11-" + config.getName()),
+                        List.of("PKCS11-" + config.getName()),
                         PCKM_KEYSTORE));
                 }
                 return null;
@@ -1065,17 +1031,13 @@
         private final long mechanism;
 
         P11Service(Token token, String type, String algorithm,
-                String className, String[] al, long mechanism) {
-            super(token.provider, type, algorithm, className, toList(al),
+                String className, List<String> al, long mechanism) {
+            super(token.provider, type, algorithm, className, al,
                     type.equals(SR) ? Map.of("ThreadSafe", "true") : null);
             this.token = token;
             this.mechanism = mechanism & 0xFFFFFFFFL;
         }
 
-        private static List<String> toList(String[] aliases) {
-            return (aliases == null) ? null : Arrays.asList(aliases);
-        }
-
         public Object newInstance(Object param)
                 throws NoSuchAlgorithmException {
             if (token.isValid() == false) {
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java	Tue May 19 04:05:03 2020 +0000
@@ -31,12 +31,10 @@
 import java.security.PrivilegedAction;
 import java.security.Provider;
 import java.security.ProviderException;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
-import java.util.regex.Pattern;
 
 import sun.security.ec.ed.EdDSAAlgorithmParameters;
 import sun.security.ec.ed.EdDSAKeyFactory;
@@ -46,6 +44,7 @@
 import sun.security.util.NamedCurve;
 
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
+import static sun.security.util.SecurityProviderConstants.*;
 
 /**
  * Provider class for the Elliptic Curve provider.
@@ -97,6 +96,13 @@
         return SunEC.disableNative;
     }
 
+    private static class ProviderServiceA extends ProviderService {
+        ProviderServiceA(Provider p, String type, String algo, String cn,
+            HashMap<String, String> attrs) {
+            super(p, type, algo, cn, getAliases(algo), attrs);
+        }
+    }
+
     private static class ProviderService extends Provider.Service {
 
         ProviderService(Provider p, String type, String algo, String cn) {
@@ -104,9 +110,8 @@
         }
 
         ProviderService(Provider p, String type, String algo, String cn,
-            String[] aliases, HashMap<String, String> attrs) {
-            super(p, type, algo, cn,
-                  (aliases == null? null : Arrays.asList(aliases)), attrs);
+            List<String> aliases, HashMap<String, String> attrs) {
+            super(p, type, algo, cn, aliases, attrs);
         }
 
         @Override
@@ -232,7 +237,7 @@
          */
         putService(new ProviderService(this, "KeyFactory",
             "EC", "sun.security.ec.ECKeyFactory",
-            new String[] { "EllipticCurve" }, ATTRS));
+            List.of("EllipticCurve"), ATTRS));
 
         /*
          * Algorithm Parameter engine
@@ -240,7 +245,6 @@
         // "AlgorithmParameters.EC SupportedCurves" prop used by unit test
         boolean firstCurve = true;
         StringBuilder names = new StringBuilder();
-        Pattern nameSplitPattern = Pattern.compile(CurveDB.SPLIT_PATTERN);
 
         Collection<? extends NamedCurve> supportedCurves;
         if (SunEC.isNativeDisabled()) {
@@ -260,10 +264,9 @@
             }
 
             names.append("[");
-
-            String[] commonNames = nameSplitPattern.split(namedCurve.getName());
+            String[] commonNames = namedCurve.getNameAndAliases();
             for (String commonName : commonNames) {
-                names.append(commonName.trim());
+                names.append(commonName);
                 names.append(",");
             }
 
@@ -274,10 +277,8 @@
         HashMap<String, String> apAttrs = new HashMap<>(ATTRS);
         apAttrs.put("SupportedCurves", names.toString());
 
-        putService(new ProviderService(this, "AlgorithmParameters",
-            "EC", "sun.security.util.ECParameters",
-            new String[] { "EllipticCurve", "1.2.840.10045.2.1", "OID.1.2.840.10045.2.1" },
-            apAttrs));
+        putService(new ProviderServiceA(this, "AlgorithmParameters",
+            "EC", "sun.security.util.ECParameters", apAttrs));
 
         putXDHEntries();
         putEdDSAEntries();
@@ -288,25 +289,20 @@
         putService(new ProviderService(this, "Signature",
             "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
             null, ATTRS));
-        putService(new ProviderService(this, "Signature",
+        putService(new ProviderServiceA(this, "Signature",
             "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
-            new String[] { "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1" },
             ATTRS));
-        putService(new ProviderService(this, "Signature",
+        putService(new ProviderServiceA(this, "Signature",
             "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
-            new String[] { "1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"},
             ATTRS));
-        putService(new ProviderService(this, "Signature",
+        putService(new ProviderServiceA(this, "Signature",
             "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
-            new String[] { "1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"},
             ATTRS));
-        putService(new ProviderService(this, "Signature",
+        putService(new ProviderServiceA(this, "Signature",
             "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
-            new String[] { "1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3" },
             ATTRS));
-        putService(new ProviderService(this, "Signature",
+        putService(new ProviderServiceA(this, "Signature",
             "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
-            new String[] { "1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4" },
             ATTRS));
 
         putService(new ProviderService(this, "Signature",
@@ -333,7 +329,7 @@
          */
         putService(new ProviderService(this, "KeyPairGenerator",
             "EC", "sun.security.ec.ECKeyPairGenerator",
-            new String[] { "EllipticCurve" }, ATTRS));
+            List.of("EllipticCurve"), ATTRS));
 
         /*
          * Key Agreement engine
@@ -350,31 +346,30 @@
         /* XDH does not require native implementation */
         putService(new ProviderService(this, "KeyFactory",
             "XDH", "sun.security.ec.XDHKeyFactory", null, ATTRS));
-        putService(new ProviderService(this, "KeyFactory",
+        putService(new ProviderServiceA(this, "KeyFactory",
             "X25519", "sun.security.ec.XDHKeyFactory.X25519",
-            new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
-        putService(new ProviderService(this, "KeyFactory",
+            ATTRS));
+        putService(new ProviderServiceA(this, "KeyFactory",
             "X448", "sun.security.ec.XDHKeyFactory.X448",
-            new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
+            ATTRS));
 
         putService(new ProviderService(this, "KeyPairGenerator",
             "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
-        putService(new ProviderService(this, "KeyPairGenerator",
+        putService(new ProviderServiceA(this, "KeyPairGenerator",
             "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
-            new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
-        putService(new ProviderService(this, "KeyPairGenerator",
+            ATTRS));
+        putService(new ProviderServiceA(this, "KeyPairGenerator",
             "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
-            new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
+            ATTRS));
 
         putService(new ProviderService(this, "KeyAgreement",
             "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
-        putService(new ProviderService(this, "KeyAgreement",
+        putService(new ProviderServiceA(this, "KeyAgreement",
             "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
-            new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
-        putService(new ProviderService(this, "KeyAgreement",
+            ATTRS));
+        putService(new ProviderServiceA(this, "KeyAgreement",
             "X448", "sun.security.ec.XDHKeyAgreement.X448",
-            new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
-
+            ATTRS));
     }
 
     private void putEdDSAEntries() {
@@ -385,30 +380,26 @@
         /* EdDSA does not require native implementation */
         putService(new ProviderService(this, "KeyFactory",
             "EdDSA", "sun.security.ec.ed.EdDSAKeyFactory", null, ATTRS));
-        putService(new ProviderService(this, "KeyFactory",
-            "Ed25519", "sun.security.ec.ed.EdDSAKeyFactory.Ed25519",
-            new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS));
-        putService(new ProviderService(this, "KeyFactory",
-            "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448",
-            new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
+        putService(new ProviderServiceA(this, "KeyFactory",
+            "Ed25519", "sun.security.ec.ed.EdDSAKeyFactory.Ed25519", ATTRS));
+        putService(new ProviderServiceA(this, "KeyFactory",
+            "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS));
 
         putService(new ProviderService(this, "KeyPairGenerator",
             "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
-        putService(new ProviderService(this, "KeyPairGenerator",
+        putService(new ProviderServiceA(this, "KeyPairGenerator",
             "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
-            new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS));
-        putService(new ProviderService(this, "KeyPairGenerator",
+            ATTRS));
+        putService(new ProviderServiceA(this, "KeyPairGenerator",
             "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
-            new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
+            ATTRS));
 
         putService(new ProviderService(this, "Signature",
             "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
-        putService(new ProviderService(this, "Signature",
-            "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519",
-            new String[]{"1.3.101.112", "OID.1.3.101.112"}, ATTRS));
-        putService(new ProviderService(this, "Signature",
-            "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448",
-            new String[]{"1.3.101.113", "OID.1.3.101.113"}, ATTRS));
+        putService(new ProviderServiceA(this, "Signature",
+            "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
+        putService(new ProviderServiceA(this, "Signature",
+            "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
 
     }
 }
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java	Tue May 19 04:05:03 2020 +0000
@@ -144,7 +144,7 @@
         Map<ObjectIdentifier, XECParameters> byOid,
         Map<String, XECParameters> byName) throws IOException {
 
-        ObjectIdentifier oid = new ObjectIdentifier(objectId);
+        ObjectIdentifier oid = ObjectIdentifier.of(objectId);
         XECParameters params =
             new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
         namedParams.put(name.toLowerCase(), oid, bits, params);
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSAParameters.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSAParameters.java	Tue May 19 04:05:03 2020 +0000
@@ -27,6 +27,7 @@
 import sun.security.ec.ParametersMap;
 import sun.security.provider.SHAKE256;
 import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
 import sun.security.util.math.*;
 import sun.security.util.math.intpoly.*;
 import sun.security.x509.AlgorithmId;
@@ -250,58 +251,47 @@
 
     static {
         // set up Ed25519
-        try {
-            IntegerFieldModuloP ed25519Field = new IntegerPolynomial25519();
-            IntegerFieldModuloP ed25519OrderField = new Curve25519OrderField();
-            BigInteger biD = new BigInteger("3709570593466943934313808350875" +
+        IntegerFieldModuloP ed25519Field = new IntegerPolynomial25519();
+        IntegerFieldModuloP ed25519OrderField = new Curve25519OrderField();
+        BigInteger biD = new BigInteger("3709570593466943934313808350875" +
                 "4565189542113879843219016388785533085940283555");
-            ImmutableIntegerModuloP d = ed25519Field.getElement(biD);
-            BigInteger baseX = new BigInteger("15112221349535400772501151409" +
+        ImmutableIntegerModuloP d = ed25519Field.getElement(biD);
+        BigInteger baseX = new BigInteger("15112221349535400772501151409" +
                 "588531511454012693041857206046113283949847762202");
-            BigInteger baseY = new BigInteger("46316835694926478169428394003" +
+        BigInteger baseY = new BigInteger("46316835694926478169428394003" +
                 "475163141307993866256225615783033603165251855960");
-            EdECOperations edOps = new Ed25519Operations(d, baseX, baseY);
-            String name = NamedParameterSpec.ED25519.getName();
-            ObjectIdentifier oid = new ObjectIdentifier("1.3.101.112");
-            int bits = 255;
-            DigesterFactory digester = new SHA512DigesterFactory();
-            EdDSAParameters params = new EdDSAParameters(name, oid,
+        EdECOperations edOps = new Ed25519Operations(d, baseX, baseY);
+        String name = NamedParameterSpec.ED25519.getName();
+        ObjectIdentifier oid = ObjectIdentifier.of(KnownOIDs.Ed25519);
+        int bits = 255;
+        DigesterFactory digester = new SHA512DigesterFactory();
+        EdDSAParameters params = new EdDSAParameters(name, oid,
                 ed25519Field, ed25519OrderField, d, edOps,
                 digester, EdDSAParameters::dom2, 32, bits, 3);
 
-            namedParams.put(name, oid, bits, params);
-
-        } catch (IOException ex) {
-            // Unable to set Ed25519 parameters---it will be disabled
-        }
+        namedParams.put(name, oid, bits, params);
 
         // set up Ed448
-        try {
-            IntegerFieldModuloP ed448Field = new IntegerPolynomial448();
-            IntegerFieldModuloP ed448OrderField = new Curve448OrderField();
-            BigInteger biD = ed448Field.getSize().subtract(
-                new BigInteger("39081"));
-            ImmutableIntegerModuloP d = ed448Field.getElement(biD);
-            BigInteger baseX = new BigInteger("224580040295924300187604334" +
+        IntegerFieldModuloP ed448Field = new IntegerPolynomial448();
+        IntegerFieldModuloP ed448OrderField = new Curve448OrderField();
+        biD = ed448Field.getSize().subtract(new BigInteger("39081"));
+        d = ed448Field.getElement(biD);
+        baseX = new BigInteger("224580040295924300187604334" +
                 "099896036246789641632564134246125461686950415467406032909" +
                 "029192869357953282578032075146446173674602635247710");
-            BigInteger baseY = new BigInteger("298819210078481492676017930" +
+        baseY = new BigInteger("298819210078481492676017930" +
                 "443930673437544040154080242095928241372331506189835876003" +
                 "536878655418784733982303233503462500531545062832660");
-            EdECOperations edOps = new Ed448Operations(d, baseX, baseY);
-            String name = NamedParameterSpec.ED448.getName();
-            ObjectIdentifier oid = new ObjectIdentifier("1.3.101.113");
-            int bits = 448;
-            DigesterFactory digester = new SHAKE256DigesterFactory();
-            EdDSAParameters params = new EdDSAParameters(name, oid,
+        edOps = new Ed448Operations(d, baseX, baseY);
+        name = NamedParameterSpec.ED448.getName();
+        oid = ObjectIdentifier.of(KnownOIDs.Ed448);
+        bits = 448;
+        digester = new SHAKE256DigesterFactory();
+        params = new EdDSAParameters(name, oid,
                 ed448Field, ed448OrderField, d, edOps,
                 digester, EdDSAParameters::dom4, 57, bits, 2);
 
-            namedParams.put(name, oid, bits, params);
-
-        } catch (IOException ex) {
-            // Unable to set Ed448 parameters---it will be disabled
-        }
+        namedParams.put(name, oid, bits, params);
 
         namedParams.fix();
     }
--- a/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,9 +32,10 @@
 import java.security.InvalidParameterException;
 import java.security.ProviderException;
 import java.util.HashMap;
-import java.util.Arrays;
+import java.util.List;
 
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
+import static sun.security.util.SecurityProviderConstants.getAliases;
 
 /**
  * A Cryptographic Service Provider for the Microsoft Crypto API.
@@ -56,16 +57,21 @@
             }
         });
     }
+    private static class ProviderServiceA extends ProviderService {
+        ProviderServiceA(Provider p, String type, String algo, String cn,
+                HashMap<String, String> attrs) {
+            super(p, type, algo, cn, getAliases(algo), attrs);
+        }
+    }
 
-    private static final class ProviderService extends Provider.Service {
+    private static class ProviderService extends Provider.Service {
         ProviderService(Provider p, String type, String algo, String cn) {
             super(p, type, algo, cn, null, null);
         }
 
         ProviderService(Provider p, String type, String algo, String cn,
-            String[] aliases, HashMap<String, String> attrs) {
-            super(p, type, algo, cn,
-                  (aliases == null? null : Arrays.asList(aliases)), attrs);
+            List<String> aliases, HashMap<String, String> attrs) {
+            super(p, type, algo, cn, aliases, attrs);
         }
 
         @Override
@@ -176,48 +182,47 @@
                 putService(new ProviderService(p, "Signature",
                            "SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA",
                            null, attrs));
-                putService(new ProviderService(p, "Signature",
-                           "SHA256withRSA", "sun.security.mscapi.CSignature$SHA256withRSA",
-                           new String[] { "1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11" },
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA256withRSA",
+                           "sun.security.mscapi.CSignature$SHA256withRSA",
                            attrs));
-                putService(new ProviderService(p, "Signature",
-                           "SHA384withRSA", "sun.security.mscapi.CSignature$SHA384withRSA",
-                           new String[] { "1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12" },
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA384withRSA",
+                           "sun.security.mscapi.CSignature$SHA384withRSA",
                            attrs));
-                putService(new ProviderService(p, "Signature",
-                           "SHA512withRSA", "sun.security.mscapi.CSignature$SHA512withRSA",
-                           new String[] { "1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13" },
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA512withRSA",
+                           "sun.security.mscapi.CSignature$SHA512withRSA",
                            attrs));
-                putService(new ProviderService(p, "Signature",
-                        "RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
-                        new String[] { "1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10" },
-                        attrs));
+                putService(new ProviderServiceA(p, "Signature",
+                           "RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
+                           attrs));
                 putService(new ProviderService(p, "Signature",
                            "MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA",
                            null, attrs));
                 putService(new ProviderService(p, "Signature",
                            "MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA",
                            null, attrs));
-                putService(new ProviderService(p, "Signature",
-                        "SHA1withECDSA", "sun.security.mscapi.CSignature$SHA1withECDSA",
-                        new String[] { "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1" },
-                        attrs));
-                putService(new ProviderService(p, "Signature",
-                        "SHA224withECDSA", "sun.security.mscapi.CSignature$SHA224withECDSA",
-                        new String[] { "1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"},
-                        attrs));
-                putService(new ProviderService(p, "Signature",
-                        "SHA256withECDSA", "sun.security.mscapi.CSignature$SHA256withECDSA",
-                        new String[] { "1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"},
-                        attrs));
-                putService(new ProviderService(p, "Signature",
-                        "SHA384withECDSA", "sun.security.mscapi.CSignature$SHA384withECDSA",
-                        new String[] { "1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"},
-                        attrs));
-                putService(new ProviderService(p, "Signature",
-                        "SHA512withECDSA", "sun.security.mscapi.CSignature$SHA512withECDSA",
-                        new String[] { "1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"},
-                        attrs));
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA1withECDSA",
+                           "sun.security.mscapi.CSignature$SHA1withECDSA",
+                           attrs));
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA224withECDSA",
+                           "sun.security.mscapi.CSignature$SHA224withECDSA",
+                           attrs));
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA256withECDSA",
+                           "sun.security.mscapi.CSignature$SHA256withECDSA",
+                           attrs));
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA384withECDSA",
+                           "sun.security.mscapi.CSignature$SHA384withECDSA",
+                           attrs));
+                putService(new ProviderServiceA(p, "Signature",
+                           "SHA512withECDSA",
+                           "sun.security.mscapi.CSignature$SHA512withECDSA",
+                           attrs));
                 /*
                  * Key Pair Generator engines
                  */
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/LibMDMech.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/LibMDMech.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
 
 package com.oracle.security.ucrypto;
 
+import java.util.List;
+import static sun.security.util.SecurityProviderConstants.getAliases;
+
 /**
  * Enum for representing the ucrypto mechanisms.
  *
@@ -36,25 +39,30 @@
         { sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigestMD$MD5")
         }),
     SHA_1(new ServiceDesc[]
-        { sd("MessageDigest", "SHA", "com.oracle.security.ucrypto.NativeDigestMD$SHA1",
-             "SHA-1", "SHA1")
+        { sd("MessageDigest", "SHA-1", "com.oracle.security.ucrypto.NativeDigestMD$SHA1",
+             getAliases("SHA-1"))
         }),
     SHA_256(new ServiceDesc[]
         { sd("MessageDigest", "SHA-256", "com.oracle.security.ucrypto.NativeDigestMD$SHA256",
-             "2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1")
+             getAliases("SHA-256"))
         }),
     SHA_384(new ServiceDesc[]
         { sd("MessageDigest", "SHA-384", "com.oracle.security.ucrypto.NativeDigestMD$SHA384",
-             "2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2")
+             getAliases("SHA-384"))
         }),
     SHA_512(new ServiceDesc[]
         { sd("MessageDigest", "SHA-512", "com.oracle.security.ucrypto.NativeDigestMD$SHA512",
-             "2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3")
+             getAliases("SHA-512"))
         });
 
     ServiceDesc[] serviceDescs;
 
-    private static ServiceDesc sd(String type, String algo, String cn, String... aliases) {
+    private static ServiceDesc sd(String type, String algo, String cn) {
+        return new ServiceDesc(type, algo, cn, null);
+    }
+
+    private static ServiceDesc sd(String type, String algo, String cn,
+            List<String> aliases) {
         return new ServiceDesc(type, algo, cn, aliases);
     }
 
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/ServiceDesc.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/ServiceDesc.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,15 +42,11 @@
         this(type, algo, cn, null);
     }
 
-    ServiceDesc(String type, String algo, String cn, String[] aliases) {
+    ServiceDesc(String type, String algo, String cn, List<String> aliases) {
         this.type = type;
         this.algo = algo;
         this.cn = cn;
-        if (aliases != null) {
-            this.aliases = Arrays.asList(aliases);
-        } else {
-            this.aliases = null;
-        }
+        this.aliases = aliases;
     }
     String getType() {
         return type;
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
 
 package com.oracle.security.ucrypto;
 
+import java.util.List;
+import static sun.security.util.SecurityProviderConstants.getAliases;
+
 /**
  * Enum for representing the ucrypto mechanisms.
  *
@@ -36,23 +39,23 @@
     CRYPTO_AES_ECB(new ServiceDesc[]
         { sd("Cipher", "AES/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
           sd("Cipher", "AES/ECB/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesEcbPKCS5",
-             "AES"),
-          sd("Cipher", "AES_128/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding",
-             "2.16.840.1.101.3.4.1.1", "OID.2.16.840.1.101.3.4.1.1"),
-          sd("Cipher", "AES_192/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding",
-             "2.16.840.1.101.3.4.1.21", "OID.2.16.840.1.101.3.4.1.21"),
-          sd("Cipher", "AES_256/ECB/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding",
-             "2.16.840.1.101.3.4.1.41", "OID.2.16.840.1.101.3.4.1.41")
+             List.of("AES")),
+          sdA("Cipher", "AES_128/ECB/NoPadding",
+              "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
+          sdA("Cipher", "AES_192/ECB/NoPadding",
+              "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding"),
+          sdA("Cipher", "AES_256/ECB/NoPadding",
+              "com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding")
         }),
     CRYPTO_AES_CBC(new ServiceDesc[]
         { sd("Cipher", "AES/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
           sd("Cipher", "AES/CBC/PKCS5Padding", "com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesCbcPKCS5"),
-          sd("Cipher", "AES_128/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding",
-             "2.16.840.1.101.3.4.1.2", "OID.2.16.840.1.101.3.4.1.2"),
-          sd("Cipher", "AES_192/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding",
-             "2.16.840.1.101.3.4.1.22", "OID.2.16.840.1.101.3.4.1.22"),
-          sd("Cipher", "AES_256/CBC/NoPadding", "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding",
-             "2.16.840.1.101.3.4.1.42", "OID.2.16.840.1.101.3.4.1.42")
+          sdA("Cipher", "AES_128/CBC/NoPadding",
+              "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
+          sdA("Cipher", "AES_192/CBC/NoPadding",
+              "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding"),
+          sdA("Cipher", "AES_256/CBC/NoPadding",
+              "com.oracle.security.ucrypto.NativeCipher$AesCbcNoPadding")
         }),
 //  CRYPTO_AES_CBC_PAD(null), // Support added since S11.1; however we still use CRYPTO_AES_CBC due to known bug
     CRYPTO_AES_CTR(new ServiceDesc[]
@@ -60,12 +63,12 @@
 //  CRYPTO_AES_CCM(null), // Need Java API for CK_AES_CCM_PARAMS
     CRYPTO_AES_GCM(new ServiceDesc[]
         { sd("Cipher", "AES/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
-          sd("Cipher", "AES_128/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding",
-             "2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"),
-          sd("Cipher", "AES_192/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding",
-             "2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"),
-          sd("Cipher", "AES_256/GCM/NoPadding", "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding",
-             "2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46")
+          sdA("Cipher", "AES_128/GCM/NoPadding",
+              "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
+          sdA("Cipher", "AES_192/GCM/NoPadding",
+              "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding"),
+          sdA("Cipher", "AES_256/GCM/NoPadding",
+              "com.oracle.security.ucrypto.NativeGCMCipher$AesGcmNoPadding")
         }),
 //  CRYPTO_AES_GMAC(null), // No support from Solaris
     CRYPTO_AES_CFB128(new ServiceDesc[]
@@ -75,76 +78,87 @@
 
     CRYPTO_RSA_PKCS(new ServiceDesc[]
         { sd("Cipher", "RSA/ECB/PKCS1Padding", "com.oracle.security.ucrypto.NativeRSACipher$PKCS1Padding",
-             "RSA")
+             List.of("RSA"))
         }),
     CRYPTO_RSA_X_509(new ServiceDesc[]
         { sd("Cipher", "RSA/ECB/NoPadding", "com.oracle.security.ucrypto.NativeRSACipher$NoPadding") }),
     CRYPTO_MD5_RSA_PKCS(new ServiceDesc[]
-        { sd("Signature", "MD5withRSA", "com.oracle.security.ucrypto.NativeRSASignature$MD5",
-             "1.2.840.113549.1.1.4", "OID.1.2.840.113549.1.1.4")
+        { sdA("Signature", "MD5withRSA",
+              "com.oracle.security.ucrypto.NativeRSASignature$MD5")
         }),
     CRYPTO_SHA1_RSA_PKCS(new ServiceDesc[]
-        { sd("Signature", "SHA1withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA1",
-             "1.2.840.113549.1.1.5", "OID.1.2.840.113549.1.1.5",
-             "1.3.14.3.2.29")
+        { sdA("Signature", "SHA1withRSA",
+              "com.oracle.security.ucrypto.NativeRSASignature$SHA1")
         }),
     CRYPTO_SHA256_RSA_PKCS(new ServiceDesc[]
-        { sd("Signature", "SHA256withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA256",
-             "1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11")
+        { sdA("Signature", "SHA256withRSA",
+              "com.oracle.security.ucrypto.NativeRSASignature$SHA256")
         }),
     CRYPTO_SHA384_RSA_PKCS(new ServiceDesc[]
-        { sd("Signature", "SHA384withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA384",
-             "1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12")
+        { sdA("Signature", "SHA384withRSA",
+              "com.oracle.security.ucrypto.NativeRSASignature$SHA384")
         }),
     CRYPTO_SHA512_RSA_PKCS(new ServiceDesc[]
-        { sd("Signature", "SHA512withRSA", "com.oracle.security.ucrypto.NativeRSASignature$SHA512",
-             "1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13")
+        { sdA("Signature", "SHA512withRSA",
+             "com.oracle.security.ucrypto.NativeRSASignature$SHA512")
         }),
 
     CRYPTO_MD5(new ServiceDesc[]
-        { sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigest$MD5") }),
+        { sd("MessageDigest", "MD5", "com.oracle.security.ucrypto.NativeDigest$MD5")
+        }),
     CRYPTO_SHA1(new ServiceDesc[]
-        { sd("MessageDigest", "SHA", "com.oracle.security.ucrypto.NativeDigest$SHA1", "SHA-1", "SHA1") }),
+        { sdA("MessageDigest", "SHA-1",
+              "com.oracle.security.ucrypto.NativeDigest$SHA1")
+        }),
     CRYPTO_SHA224(new ServiceDesc[]
-        { sd("MessageDigest", "SHA-224", "com.oracle.security.ucrypto.NativeDigest$SHA224",
-             "2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4")
-    }),
+        { sdA("MessageDigest", "SHA-224",
+              "com.oracle.security.ucrypto.NativeDigest$SHA224")
+        }),
     CRYPTO_SHA256(new ServiceDesc[]
-        { sd("MessageDigest", "SHA-256", "com.oracle.security.ucrypto.NativeDigest$SHA256",
-             "2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1")
-    }),
+        { sdA("MessageDigest", "SHA-256",
+              "com.oracle.security.ucrypto.NativeDigest$SHA256")
+        }),
     CRYPTO_SHA384(new ServiceDesc[]
-        { sd("MessageDigest", "SHA-384", "com.oracle.security.ucrypto.NativeDigest$SHA384",
-             "2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2")
-    }),
+        { sdA("MessageDigest", "SHA-384",
+              "com.oracle.security.ucrypto.NativeDigest$SHA384")
+        }),
     CRYPTO_SHA512(new ServiceDesc[]
-        { sd("MessageDigest", "SHA-512", "com.oracle.security.ucrypto.NativeDigest$SHA512",
-             "2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3")
-    }),
+        { sdA("MessageDigest", "SHA-512",
+              "com.oracle.security.ucrypto.NativeDigest$SHA512")
+        }),
     CRYPTO_SHA3_224(new ServiceDesc[]
-        { sd("MessageDigest", "SHA3-224", "com.oracle.security.ucrypto.NativeDigest$SHA3_224",
-             "2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7")
-    }),
+        { sdA("MessageDigest", "SHA3-224",
+              "com.oracle.security.ucrypto.NativeDigest$SHA3_224")
+        }),
     CRYPTO_SHA3_256(new ServiceDesc[]
-        { sd("MessageDigest", "SHA3-256", "com.oracle.security.ucrypto.NativeDigest$SHA3_256",
-             "2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8")
-    }),
+        { sdA("MessageDigest", "SHA3-256",
+              "com.oracle.security.ucrypto.NativeDigest$SHA3_256")
+        }),
     CRYPTO_SHA3_384(new ServiceDesc[]
-        { sd("MessageDigest", "SHA3-384", "com.oracle.security.ucrypto.NativeDigest$SHA3_384",
-             "2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9")
-    }),
+        { sdA("MessageDigest", "SHA3-384",
+              "com.oracle.security.ucrypto.NativeDigest$SHA3_384")
+        }),
     CRYPTO_SHA3_512(new ServiceDesc[]
-        { sd("MessageDigest", "SHA3-512", "com.oracle.security.ucrypto.NativeDigest$SHA3_512",
-             "2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10")
-    });
+        { sdA("MessageDigest", "SHA3-512",
+              "com.oracle.security.ucrypto.NativeDigest$SHA3_512")
+        });
 
     private int mech = 0;
     private final ServiceDesc[] serviceDescs;
 
-    private static ServiceDesc sd(String type, String algo, String cn, String... aliases) {
+    private static ServiceDesc sd(String type, String algo, String cn) {
+        return new ServiceDesc(type, algo, cn, null);
+    }
+
+    private static ServiceDesc sd(String type, String algo, String cn,
+            List<String> aliases) {
         return new ServiceDesc(type, algo, cn, aliases);
     }
 
+    private static ServiceDesc sdA(String type, String algo, String cn) {
+        return new ServiceDesc(type, algo, cn, getAliases(algo));
+    }
+
     UcryptoMech(ServiceDesc[] serviceDescs) {
         this.serviceDescs = serviceDescs;
     }
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,6 @@
 import java.security.*;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 
-
 /**
  * OracleUcrypto provider main class.
  *
@@ -134,9 +133,8 @@
         }
     }
 
-    private static ServiceDesc sd(String type, String algo, String cn,
-        String... aliases) {
-        return new ServiceDesc(type, algo, cn, aliases);
+    private static ServiceDesc sd(String type, String algo, String cn) {
+        return new ServiceDesc(type, algo, cn, null);
     }
 
     private static final class ProviderService extends Provider.Service {
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java	Tue May 19 11:55:44 2020 +0800
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java	Tue May 19 04:05:03 2020 +0000
@@ -49,24 +49,10 @@
 public final class TimestampedSigner extends ContentSigner {
 
     /*
-     * Object identifier for the subject information access X.509 certificate
-     * extension.
-     */
-    private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11";
-
-    /*
      * Object identifier for the timestamping access descriptors.
      */
-    private static final ObjectIdentifier AD_TIMESTAMPING_Id;
-    static {
-        ObjectIdentifier tmp = null;
-        try {
-            tmp = new ObjectIdentifier("1.3.6.1.5.5.7.48.3");
-        } catch (IOException e) {
-            // ignore
-        }
-        AD_TIMESTAMPING_Id = tmp;
-    }
+    private static final ObjectIdentifier AD_TIMESTAMPING_Id =
+            ObjectIdentifier.of(KnownOIDs.AD_TimeStamping);
 
     /**
      * Instantiates a content signer that supports timestamped signatures.
@@ -155,8 +141,8 @@
         }
         // Parse the extensions
         try {
-            byte[] extensionValue =
-                tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID);
+            byte[] extensionValue = tsaCertificate.getExtensionValue
+                    (KnownOIDs.SubjectInfoAccess.value());
             if (extensionValue == null) {
                 return null;
             }
--- a/test/jdk/java/security/testlibrary/CertificateBuilder.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/java/security/testlibrary/CertificateBuilder.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -322,7 +322,7 @@
         if (!ekuOids.isEmpty()) {
             Vector<ObjectIdentifier> oidVector = new Vector<>();
             for (String oid : ekuOids) {
-                oidVector.add(new ObjectIdentifier(oid));
+                oidVector.add(ObjectIdentifier.of(oid));
             }
             addExtension(new ExtendedKeyUsageExtension(oidVector));
         }
--- a/test/jdk/java/security/testlibrary/SimpleOCSPServer.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/java/security/testlibrary/SimpleOCSPServer.java	Tue May 19 04:05:03 2020 +0000
@@ -45,11 +45,7 @@
 import sun.security.provider.certpath.CertId;
 import sun.security.provider.certpath.OCSPResponse;
 import sun.security.provider.certpath.OCSPResponse.ResponseStatus;
-import sun.security.util.Debug;
-import sun.security.util.DerInputStream;
-import sun.security.util.DerOutputStream;
-import sun.security.util.DerValue;
-import sun.security.util.ObjectIdentifier;
+import sun.security.util.*;
 
 
 /**
@@ -59,7 +55,8 @@
 public class SimpleOCSPServer {
     private final Debug debug = Debug.getInstance("oserv");
     private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
-            ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.1");
+            ObjectIdentifier.of(KnownOIDs.OCSPBasicResponse);
+
     private static final SimpleDateFormat utcDateFmt =
             new SimpleDateFormat("MMM dd yyyy, HH:mm:ss z");
 
--- a/test/jdk/sun/security/jgss/spnego/NotPreferredMech.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/jgss/spnego/NotPreferredMech.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8048194
+ * @bug 8048194 8242151
  * @modules java.base/sun.security.util
  *          java.security.jgss/sun.security.jgss
  *          java.security.jgss/sun.security.jgss.spnego:+open
@@ -57,7 +57,7 @@
         mechTypeList.write(DerValue.tag_Sequence, mech);
 
         // Generates a NegTokenInit mechToken field for 1.2.3.4 mech
-        GSSHeader h1 = new GSSHeader(new ObjectIdentifier("1.2.3.4"), 1);
+        GSSHeader h1 = new GSSHeader(ObjectIdentifier.of("1.2.3.4"), 1);
         ByteArrayOutputStream bout = new ByteArrayOutputStream();
         h1.encode(bout);
         bout.write(new byte[1]);
@@ -78,7 +78,7 @@
 
         // and wraps it into a GSSToken
         GSSHeader h = new GSSHeader(
-                new ObjectIdentifier(GSSUtil.GSS_SPNEGO_MECH_OID.toString()),
+                ObjectIdentifier.of(GSSUtil.GSS_SPNEGO_MECH_OID.toString()),
                 spnegoToken.length);
         bout = new ByteArrayOutputStream();
         h.encode(bout);
--- a/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8048357
+ * @bug 8048357 8242151
  * @summary test DER encoding of PKCS10 attributes
  * @modules java.base/sun.security.pkcs
  *          java.base/sun.security.pkcs10
@@ -62,7 +62,7 @@
         // initializations
         int len = ids.length;
         Object[] values = {
-            new ObjectIdentifier("1.2.3.4"),
+            ObjectIdentifier.of("1.2.3.4"),
             new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(),
             "challenging"
         };
--- a/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttributeReader.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttributeReader.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8048357
+ * @bug 8048357 8242151
  * @summary Read in a file containing a DER encoded PKCS10 certificate request,
  * flanked with "begin" and "end" lines.
  * @modules java.base/sun.security.pkcs
@@ -86,7 +86,7 @@
                 put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
                 put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
                 put(PKCS9Attribute.CONTENT_TYPE_OID,
-                        new ObjectIdentifier("1.9.50.51.52"));
+                        ObjectIdentifier.of("1.9.50.51.52"));
             }
         };
 
--- a/test/jdk/sun/security/pkcs/pkcs9/UnknownAttribute.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/pkcs/pkcs9/UnknownAttribute.java	Tue May 19 04:05:03 2020 +0000
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8011867
+ * @bug 8011867 8242151
  * @summary Accept unknown PKCS #9 attributes
  * @library /test/lib
  * @modules java.base/sun.security.pkcs
@@ -43,7 +43,7 @@
     public static void main(String[] args) throws Exception {
         // Unknown attr
         PKCS9Attribute p1 = new PKCS9Attribute(
-                PKCS9Attribute.CHALLENGE_PASSWORD_STR, "t0p5ecr3t");
+                PKCS9Attribute.CHALLENGE_PASSWORD_OID, "t0p5ecr3t");
         if (!p1.isKnown()) {
             throw new Exception();
         }
@@ -65,13 +65,13 @@
         }
         // Unknown attr from value
         try {
-            new PKCS9Attribute(new ObjectIdentifier("1.2.3"), "hello");
+            new PKCS9Attribute(ObjectIdentifier.of("1.2.3"), "hello");
             throw new Exception();
         } catch (IllegalArgumentException iae) {
             // Good. Unknown attr must have byte[] value type
         }
         PKCS9Attribute p3 = new PKCS9Attribute(
-                new ObjectIdentifier("1.2.3"), new byte[]{0x31,0x02,0x05,0x00});
+                ObjectIdentifier.of("1.2.3"), new byte[]{0x31,0x02,0x05,0x00});
         if (p3.isKnown()) {
             throw new Exception();
         }
--- a/test/jdk/sun/security/pkcs12/PKCS12SameKeyId.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/pkcs12/PKCS12SameKeyId.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6958026
+ * @bug 6958026 8242151
  * @summary Problem with PKCS12 keystore
  * @modules java.base/sun.security.pkcs
  *          java.base/sun.security.tools.keytool
@@ -75,7 +75,7 @@
                 AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
         algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
         AlgorithmId algid = new AlgorithmId(
-                new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
+                ObjectIdentifier.of("1.2.840.113549.1.12.1.3"), algParams);
 
         PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
         SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
--- a/test/jdk/sun/security/pkcs12/ParamsPreferences.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/pkcs12/ParamsPreferences.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,14 +32,14 @@
 import static jdk.test.lib.security.DerUtils.*;
 import static sun.security.pkcs.ContentInfo.DATA_OID;
 import static sun.security.pkcs.ContentInfo.ENCRYPTED_DATA_OID;
-import static sun.security.x509.AlgorithmId.*;
+import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
 
 /*
  * @test
- * @bug 8076190
+ * @bug 8076190 8242151
  * @library /test/lib
  * @modules java.base/sun.security.pkcs
- *          java.base/sun.security.x509
  *          java.base/sun.security.util
  * @summary Checks the preferences order of pkcs12 params
  */
@@ -50,16 +50,16 @@
 
         // with storepass
         test(c++, "-", "-",
-                pbeWithSHA1AndRC2_40_oid, 50000,
-                pbeWithSHA1AndDESede_oid, 50000,
-                SHA_oid, 100000);
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
+                oid(KnownOIDs.SHA_1), 100000);
 
         // password-less with system property
         test(c++, "keystore.pkcs12.certProtectionAlgorithm", "NONE",
                 "keystore.pkcs12.macAlgorithm", "NONE",
                 "-", "-",
                 null, 0,
-                pbeWithSHA1AndDESede_oid, 50000,
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
                 null, 0);
 
         // password-less with security property
@@ -68,7 +68,7 @@
                 "keystore.pkcs12.macAlgorithm", "NONE",
                 "-",
                 null, 0,
-                pbeWithSHA1AndDESede_oid, 50000,
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
                 null, 0);
 
         // back to with storepass by overriding security property with system property
@@ -78,9 +78,9 @@
                 "keystore.pkcs12.certProtectionAlgorithm", "NONE",
                 "keystore.pkcs12.macAlgorithm", "NONE",
                 "-",
-                pbeWithSHA1AndDESede_oid, 50000,
-                pbeWithSHA1AndDESede_oid, 50000,
-                SHA256_oid, 100000);
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
+                oid(KnownOIDs.SHA_256), 100000);
 
         // back to with storepass by using "" to force hardcoded default
         test(c++, "keystore.pkcs12.certProtectionAlgorithm", "",
@@ -91,9 +91,9 @@
                 "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
                 "keystore.pkcs12.macAlgorithm", "NONE",
                 "-",
-                pbeWithSHA1AndRC2_40_oid, 50000,
-                pbeWithSHA1AndDESede_oid, 50000,
-                SHA_oid, 100000);
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 50000,
+                oid(KnownOIDs.SHA_1), 100000);
 
         // change everything with system property
         test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",
@@ -103,9 +103,9 @@
                 "keystore.pkcs12.macAlgorithm", "HmacPBESHA256",
                 "keystore.pkcs12.macIterationCount", 2000,
                 "-", "-",
-                pbeWithSHA1AndDESede_oid, 3000,
-                pbeWithSHA1AndRC2_40_oid, 4000,
-                SHA256_oid, 2000);
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 3000,
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 4000,
+                oid(KnownOIDs.SHA_256), 2000);
 
         // change everything with security property
         test(c++, "-",
@@ -116,9 +116,9 @@
                 "keystore.pkcs12.macAlgorithm", "HmacPBESHA256",
                 "keystore.pkcs12.macIterationCount", 2000,
                 "-",
-                pbeWithSHA1AndDESede_oid, 3000,
-                pbeWithSHA1AndRC2_40_oid, 4000,
-                SHA256_oid, 2000);
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 3000,
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 4000,
+                oid(KnownOIDs.SHA_256), 2000);
 
         // override security property with system property
         test(c++, "keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",
@@ -135,9 +135,9 @@
                 "keystore.pkcs12.macAlgorithm", "HmacPBESHA1",
                 "keystore.pkcs12.macIterationCount", 2000,
                 "-",
-                pbeWithSHA1AndDESede_oid, 13000,
-                pbeWithSHA1AndRC2_40_oid, 14000,
-                SHA256_oid, 12000);
+                oid(KnownOIDs.PBEWithSHA1AndDESede), 13000,
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 14000,
+                oid(KnownOIDs.SHA_256), 12000);
 
         // check keyProtectionAlgorithm old behavior. Preferences of
         // 4 different settings.
@@ -145,25 +145,25 @@
         test(c++, "-",
                 "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
                 "-",
-                pbeWithSHA1AndRC2_40_oid, 50000,
-                pbeWithSHA1AndRC2_128_oid, 50000,
-                SHA_oid, 100000);
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
+                oid(KnownOIDs.PBEWithSHA1AndRC2_128), 50000,
+                oid(KnownOIDs.SHA_1), 100000);
         test(c++, "-",
                 "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
                 "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
                 "-",
-                pbeWithSHA1AndRC2_40_oid, 50000,
-                pbeWithSHA1AndRC2_40_oid, 50000,
-                SHA_oid, 100000);
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
+                oid(KnownOIDs.SHA_1), 100000);
         test(c++,
                 "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128",
                 "-",
                 "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
                 "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
                 "-",
-                pbeWithSHA1AndRC2_40_oid, 50000,
-                pbeWithSHA1AndRC4_128_oid, 50000,
-                SHA_oid, 100000);
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
+                oid(KnownOIDs.PBEWithSHA1AndRC4_128), 50000,
+                oid(KnownOIDs.SHA_1), 100000);
         test(c++,
                 "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128",
                 "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_40",
@@ -171,9 +171,13 @@
                 "keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",
                 "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",
                 "-",
-                pbeWithSHA1AndRC2_40_oid, 50000,
-                pbeWithSHA1AndRC4_40_oid, 50000,
-                SHA_oid, 100000);
+                oid(KnownOIDs.PBEWithSHA1AndRC2_40), 50000,
+                oid(KnownOIDs.PBEWithSHA1AndRC4_40), 50000,
+                oid(KnownOIDs.SHA_1), 100000);
+    }
+
+    private static ObjectIdentifier oid(KnownOIDs o) {
+        return ObjectIdentifier.of(o);
     }
 
     /**
--- a/test/jdk/sun/security/pkcs12/ParamsTest.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/pkcs12/ParamsTest.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,10 +23,9 @@
 
 /*
  * @test
- * @bug 8076190
+ * @bug 8076190 8242151
  * @library /test/lib
  * @modules java.base/sun.security.pkcs
- *          java.base/sun.security.x509
  *          java.base/sun.security.util
  * @summary Customizing the generation of a PKCS12 keystore
  */
@@ -49,7 +48,8 @@
 import java.util.Objects;
 
 import static jdk.test.lib.security.DerUtils.*;
-import static sun.security.x509.AlgorithmId.*;
+import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
 import static sun.security.pkcs.ContentInfo.*;
 
 public class ParamsTest  {
@@ -102,11 +102,11 @@
                 + "-destkeystore ksnormal -deststorepass changeit");
         data = Files.readAllBytes(Path.of("ksnormal"));
         checkInt(data, "22", 100000); // Mac ic
-        checkAlg(data, "2000", SHA_oid); // Mac alg
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
+        checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
         checkInt(data, "110c010c010011", 50000); // key ic
         checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
-        checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
+        checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
         checkInt(data, "110c1101111", 50000); // cert ic
 
         check("ksnormal", "a", "changeit", "changeit", true, true, true);
@@ -120,13 +120,13 @@
                 + "-J-Dkeystore.pkcs12.macAlgorithm=NONE");
         data = Files.readAllBytes(Path.of("ksnormal"));
         checkInt(data, "22", 100000); // Mac ic
-        checkAlg(data, "2000", SHA_oid); // Mac alg
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
+        checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
         checkInt(data, "110c010c010011", 50000); // key ic
-        checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg
+        checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // new key alg
         checkInt(data, "110c010c110011", 50000); // new key ic
         checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
-        checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
+        checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
         checkInt(data, "110c1101111", 50000); // cert ic
         check("ksnormal", "b", null, "changeit", true, false, true);
         check("ksnormal", "b", "changeit", "changeit", true, true, true);
@@ -139,7 +139,7 @@
                 + "-J-Dkeystore.pkcs12.macAlgorithm=NONE");
         data = Files.readAllBytes(Path.of("ksnopass"));
         shouldNotExist(data, "2"); // no Mac
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid);
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
         checkInt(data, "110c010c010011", 50000);
         checkAlg(data, "110c10", DATA_OID);
         check("ksnopass", "a", null, "changeit", true, true, true);
@@ -151,9 +151,9 @@
                 + "-storepass changeit -alias b -dname CN=B");
         data = Files.readAllBytes(Path.of("ksnopass"));
         shouldNotExist(data, "2"); // no Mac
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid);
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
         checkInt(data, "110c010c010011", 50000);
-        checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid);
+        checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede));
         checkInt(data, "110c010c110011", 50000);
         checkAlg(data, "110c10", DATA_OID);
         check("ksnopass", "a", null, "changeit", true, true, true);
@@ -166,10 +166,10 @@
                 + "-J-Dkeystore.pkcs12.keyPbeIterationCount=7777");
         data = Files.readAllBytes(Path.of("ksnewic"));
         checkInt(data, "22", 5555); // Mac ic
-        checkAlg(data, "2000", SHA_oid); // Mac alg
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
+        checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
         checkInt(data, "110c010c010011", 7777); // key ic
-        checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
+        checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
         checkInt(data, "110c1101111", 6666); // cert ic
 
         // keypbe alg cannot be NONE
@@ -185,12 +185,12 @@
                 + "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128");
         data = Files.readAllBytes(Path.of("ksnewic"));
         checkInt(data, "22", 5555); // Mac ic
-        checkAlg(data, "2000", SHA_oid); // Mac alg
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
+        checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
         checkInt(data, "110c010c010011", 7777); // key ic
-        checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg
+        checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndRC4_128)); // new key alg
         checkInt(data, "110c010c110011", 50000); // new key ic
-        checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
+        checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
         checkInt(data, "110c1101111", 6666); // cert ic
 
         // Check KeyStore loading multiple keystores
@@ -202,13 +202,13 @@
         }
         data = Files.readAllBytes(Path.of("ksnormaldup"));
         checkInt(data, "22", 100000); // Mac ic
-        checkAlg(data, "2000", SHA_oid); // Mac alg
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
+        checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
         checkInt(data, "110c010c010011", 50000); // key ic
-        checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg
+        checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // new key alg
         checkInt(data, "110c010c110011", 50000); // new key ic
         checkAlg(data, "110c10", ENCRYPTED_DATA_OID);
-        checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
+        checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
         checkInt(data, "110c1101111", 50000); // cert ic
 
         try (FileInputStream fis = new FileInputStream("ksnopass");
@@ -218,9 +218,9 @@
         }
         data = Files.readAllBytes(Path.of("ksnopassdup"));
         shouldNotExist(data, "2"); // no Mac
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid);
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndRC4_128));
         checkInt(data, "110c010c010011", 50000);
-        checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid);
+        checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndDESede));
         checkInt(data, "110c010c110011", 50000);
         checkAlg(data, "110c10", DATA_OID);
 
@@ -231,12 +231,12 @@
         }
         data = Files.readAllBytes(Path.of("ksnewicdup"));
         checkInt(data, "22", 5555); // Mac ic
-        checkAlg(data, "2000", SHA_oid); // Mac alg
-        checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg
+        checkAlg(data, "2000", oid(KnownOIDs.SHA_1)); // Mac alg
+        checkAlg(data, "110c010c01000", oid(KnownOIDs.PBEWithSHA1AndDESede)); // key alg
         checkInt(data, "110c010c010011", 7777); // key ic
-        checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg
+        checkAlg(data, "110c010c11000", oid(KnownOIDs.PBEWithSHA1AndRC4_128)); // new key alg
         checkInt(data, "110c010c110011", 50000); // new key ic
-        checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg
+        checkAlg(data, "110c110110", oid(KnownOIDs.PBEWithSHA1AndRC2_40)); // cert alg
         checkInt(data, "110c1101111", 6666); // cert ic
 
         // Check keytool behavior
@@ -434,6 +434,10 @@
         Asserts.assertEQ(expectedKey, actualKey, label + "-key");
     }
 
+    private static ObjectIdentifier oid(KnownOIDs o) {
+        return ObjectIdentifier.of(o);
+    }
+
     static OutputAnalyzer keytool(String s) throws Throwable {
         return SecurityTools.keytool(s);
     }
--- a/test/jdk/sun/security/tools/jarsigner/TimestampCheck.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/tools/jarsigner/TimestampCheck.java	Tue May 19 04:05:03 2020 +0000
@@ -63,6 +63,7 @@
 /*
  * @test
  * @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8180289 8172404
+ *          8242151
  * @summary checking response of timestamp
  * @modules java.base/sun.security.pkcs
  *          java.base/sun.security.timestamp
@@ -134,7 +135,7 @@
                     messageImprint.data.getDerValue());
             System.out.println("# AlgorithmId: " + aid);
 
-            ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
+            ObjectIdentifier policyId = ObjectIdentifier.of(defaultPolicyId);
             BigInteger nonce = null;
             while (value.data.available() > 0) {
                 DerValue v = value.data.getDerValue();
@@ -158,7 +159,7 @@
             String alias = path.startsWith("ts") ? path : "ts";
 
             if (path.equals("diffpolicy")) {
-                policyId = new ObjectIdentifier(defaultPolicyId);
+                policyId = ObjectIdentifier.of(defaultPolicyId);
             }
 
             DerOutputStream statusInfo = new DerOutputStream();
@@ -230,7 +231,7 @@
                     alias, "changeit".toCharArray())));
             sig.update(tstInfo.toByteArray());
 
-            ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier(
+            ContentInfo contentInfo = new ContentInfo(ObjectIdentifier.of(
                     "1.2.840.113549.1.9.16.1.4"),
                     new DerValue(tstInfo2.toByteArray()));
 
--- a/test/jdk/sun/security/tools/keytool/KeyToolTest.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/tools/keytool/KeyToolTest.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6251120 8231950
+ * @bug 6251120 8231950 8242151
  * @summary Testing keytool
  *
  * Run through autotest.sh and manualtest.sh
@@ -1602,7 +1602,7 @@
                 int pos = 0;
                 System.err.print("x");
                 Extension ex = ((X509CertImpl)ks.getCertificate(alias))
-                        .getExtension(new ObjectIdentifier(oid));
+                        .getExtension(ObjectIdentifier.of(oid));
                 if (!Arrays.equals(value, ex.getValue())) {
                     throw new RuntimeException("Not same content in " +
                             alias + " for " + oid);
@@ -1611,9 +1611,9 @@
         }
         CheckOid coid = new CheckOid();
         assertTrue(((X509CertImpl)ks.getCertificate("oid1"))
-                .getExtension(new ObjectIdentifier("1.2.3")).isCritical());
+                .getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
         assertTrue(!((X509CertImpl)ks.getCertificate("oid2"))
-                .getExtension(new ObjectIdentifier("1.2.3")).isCritical());
+                .getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
         coid.check(ks, "oid1", "1.2.3", new byte[]{1,2});
         coid.check(ks, "oid2", "1.2.3", new byte[]{});
         coid.check(ks, "oid12", "1.2.3", new byte[]{});
@@ -1643,14 +1643,14 @@
         assertTrue(a.getAuthorityKeyIdentifierExtension() != null);
         assertTrue(a.getSubjectKeyIdentifierExtension() != null);
         assertTrue(a.getKeyUsage() == null);
-        assertTrue(a.getExtension(new ObjectIdentifier("1.2.3")).isCritical());
-        assertTrue(!a.getExtension(new ObjectIdentifier("1.2.4")).isCritical());
-        assertTrue(!a.getExtension(new ObjectIdentifier("1.2.5")).isCritical());
+        assertTrue(a.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
+        assertTrue(!a.getExtension(ObjectIdentifier.of("1.2.4")).isCritical());
+        assertTrue(!a.getExtension(ObjectIdentifier.of("1.2.5")).isCritical());
         assertTrue(a.getExtensionValue("1.2.3").length == 3);
         assertTrue(a.getExtensionValue("1.2.4").length == 4);
         assertTrue(a.getExtensionValue("1.2.5").length == 5);
         assertTrue(a.getBasicConstraints() == 2);
-        assertTrue(!a.getExtension(new ObjectIdentifier("2.3.4")).isCritical());
+        assertTrue(!a.getExtension(ObjectIdentifier.of("2.3.4")).isCritical());
         assertTrue(a.getExtensionValue("2.3.4").length == 6);
 
         // 8073181: keytool -ext honored not working correctly
@@ -1660,8 +1660,8 @@
         testOK("", simple+"-importcert -file test2.cert -alias b");
         ks = loadStore("x.jks", "changeit", "JKS");
         X509CertImpl b = (X509CertImpl)ks.getCertificate("b");
-        assertTrue(!b.getExtension(new ObjectIdentifier("1.2.3")).isCritical());
-        assertTrue(b.getExtension(new ObjectIdentifier("1.2.4")).isCritical());
+        assertTrue(!b.getExtension(ObjectIdentifier.of("1.2.3")).isCritical());
+        assertTrue(b.getExtension(ObjectIdentifier.of("1.2.4")).isCritical());
 
         // 8073182: keytool may generate duplicate extensions
         testOK("", pre+"dup -ext bc=2 -ext 2.5.29.19=30030101FF -ext bc=3");
--- a/test/jdk/sun/security/util/Oid/OidEquals.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/util/Oid/OidEquals.java	Tue May 19 04:05:03 2020 +0000
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8022444
+ * @bug 8022444 8242151
  * @summary Test ObjectIdentifier.equals(Object obj)
  * @modules java.base/sun.security.util
  */
@@ -32,8 +32,8 @@
 
 public class OidEquals {
     public static void main(String[] args) throws Exception {
-        ObjectIdentifier oid1 = new ObjectIdentifier("1.3.6.1.4.1.42.2.17");
-        ObjectIdentifier oid2 = new ObjectIdentifier("1.2.3.4");
+        ObjectIdentifier oid1 = ObjectIdentifier.of("1.3.6.1.4.1.42.2.17");
+        ObjectIdentifier oid2 = ObjectIdentifier.of("1.2.3.4");
 
         assertEquals(oid1, oid1);
         assertNotEquals(oid1, oid2);
--- a/test/jdk/sun/security/util/Oid/OidFormat.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/util/Oid/OidFormat.java	Tue May 19 04:05:03 2020 +0000
@@ -24,9 +24,7 @@
 /*
  * @test
  * @author Weijun Wang
- * @bug 6418422
- * @bug 6418425
- * @bug 6418433
+ * @bug 6418422 6418425 6418433 8242151
  * @summary ObjectIdentifier should reject 1.2.3.-4 and throw IOException on all format errors
  * @modules java.base/sun.security.util
  *          java.security.jgss
@@ -90,7 +88,7 @@
 
     static void testGood(String s) throws Exception {
         System.err.println("Trying " + s);
-        ObjectIdentifier oid = new ObjectIdentifier(s);
+        ObjectIdentifier oid = ObjectIdentifier.of(s);
         if (!oid.toString().equals(s)) {
             throw new Exception("equal test fail");
         }
@@ -106,7 +104,7 @@
     static void testBad(String s) throws Exception {
         System.err.println("Trying " + s);
         try {
-            new ObjectIdentifier(s);
+            ObjectIdentifier.of(s);
             throw new Exception("should be invalid ObjectIdentifier");
         } catch (IOException ioe) {
             System.err.println(ioe);
--- a/test/jdk/sun/security/util/Oid/S11N.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/util/Oid/S11N.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4811968 6908628 8006564 8130696
+ * @bug 4811968 6908628 8006564 8130696 8242151
  * @modules java.base/sun.security.util
  * @run main S11N check
  * @summary Serialization compatibility with old versions (and fixes)
@@ -118,7 +118,7 @@
     // Gets the serialized form for this java
     private static byte[] out(String oid) throws Exception {
         ByteArrayOutputStream bout = new ByteArrayOutputStream();
-        new ObjectOutputStream(bout).writeObject(new ObjectIdentifier(oid));
+        new ObjectOutputStream(bout).writeObject(ObjectIdentifier.of(oid));
         return bout.toByteArray();
     }
 
--- a/test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/x509/AVA/AVAEqualsHashCode.java	Tue May 19 04:05:03 2020 +0000
@@ -24,7 +24,7 @@
 /*
  * @test
  * @author Gary Ellison
- * @bug 4170635
+ * @bug 4170635 8242151
  * @summary Verify equals()/hashCode() contract honored
  * @modules java.base/sun.security.util
  *          java.base/sun.security.x509
@@ -44,7 +44,7 @@
         String name = "CN=eve s. dropper";
         X500Name dn = new X500Name(name);
         DerOutputStream deros = new DerOutputStream();
-        ObjectIdentifier oid = new ObjectIdentifier("1.2.840.113549.2.5");
+        ObjectIdentifier oid = ObjectIdentifier.of("1.2.840.113549.2.5");
 
         dn.encode(deros);
         byte[] ba = deros.toByteArray();
--- a/test/jdk/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,8 +23,9 @@
 
 /*
  * @test
- * @bug 4162868 8130181
+ * @bug 4162868 8130181 8242151
  * @modules java.base/sun.security.x509
+ * @modules java.base/sun.security.util
  * @run main/othervm ExtensibleAlgorithmId
  * @summary Algorithm Name-to-OID mapping needs to be made extensible.
  */
@@ -39,31 +40,43 @@
     public static void main(String[] args) throws Exception {
         TestProvider p = new TestProvider();
         Security.addProvider(p);
-        AlgorithmId algid = AlgorithmId.getAlgorithmId("XYZ");
-        String alias = "Alg.Alias.Signature.OID." + algid.toString();
+        AlgorithmId algid = AlgorithmId.getAlgorithmId(TestProvider.ALG_NAME);
+        String oid = algid.getOID().toString();
+        if (!oid.equals(TestProvider.ALG_OID)) {
+            throw new Exception("Provider alias oid not used, found " + oid);
+        }
+        String name = algid.getName();
+        if (!name.equalsIgnoreCase(TestProvider.ALG_NAME)) {
+            throw new Exception("provider alias name not used, found " + name);
+        }
+        String alias = "Alg.Alias.Signature.OID." + oid;
         String stdAlgName = p.getProperty(alias);
-        if (stdAlgName == null || !stdAlgName.equalsIgnoreCase("XYZ")) {
+        if (stdAlgName == null ||
+                !stdAlgName.equalsIgnoreCase(TestProvider.ALG_NAME)) {
             throw new Exception("Wrong OID");
         }
     }
-}
 
-class TestProvider extends Provider {
+    static class TestProvider extends Provider {
 
-    public TestProvider() {
+        static String ALG_OID = "1.2.3.4.5.6.7.8.9.0";
+        static String ALG_NAME = "XYZ";
+
+        public TestProvider() {
         super("Dummy", "1.0", "XYZ algorithm");
 
-        AccessController.doPrivileged(new PrivilegedAction() {
-            public Object run() {
+            AccessController.doPrivileged(new PrivilegedAction() {
+                public Object run() {
 
-                put("Signature.XYZ", "test.xyz");
-                // preferred OID
-                put("Alg.Alias.Signature.OID.1.2.3.4.5.6.7.8.9.0",
-                    "XYZ");
-                put("Alg.Alias.Signature.9.8.7.6.5.4.3.2.1.0",
-                    "XYZ");
-                return null;
-            }
-        });
+                    put("Signature." + ALG_NAME, "test.xyz");
+                    // preferred OID
+                    put("Alg.Alias.Signature.OID." + ALG_OID,
+                        ALG_NAME);
+                    put("Alg.Alias.Signature.9.8.7.6.5.4.3.2.1.0",
+                        ALG_NAME);
+                    return null;
+                }
+            });
+        }
     }
 }
--- a/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java	Tue May 19 04:05:03 2020 +0000
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8049237
+ * @bug 8049237 8242151
  * @modules java.base/sun.security.x509
  *          java.base/sun.security.util
  *          jdk.crypto.ec
@@ -155,7 +155,7 @@
         GeneralName ip = new GeneralName(ipInf);
 
         GeneralNameInterface oidInf =
-                new OIDName(new ObjectIdentifier("1.2.3.4"));
+                new OIDName(ObjectIdentifier.of("1.2.3.4"));
         GeneralName oid = new GeneralName(oidInf);
 
         SubjectAlternativeNameExtension subjectName
--- a/test/jdk/sun/security/x509/equalNames/AltNamesEqualsTest.java	Tue May 19 11:55:44 2020 +0800
+++ b/test/jdk/sun/security/x509/equalNames/AltNamesEqualsTest.java	Tue May 19 04:05:03 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@
 /*
  * @test
  * @summary Make sure names that are equal are treated as such.
- * @bug 4273559
+ * @bug 4273559 8242151
  * @author Yassir Elley
  * @modules java.base/sun.security.util
  *          java.base/sun.security.x509
@@ -114,7 +114,7 @@
         throws Exception
     {
         OIDName oidName = null;
-        ObjectIdentifier oid = new ObjectIdentifier(name);
+        ObjectIdentifier oid = ObjectIdentifier.of(name);
         oidName = new OIDName(oid);
         return oidName;
     }