8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
Reviewed-by: mullan, weijun
diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux
index 3a2adc8..e3f78be 100644
--- a/src/share/lib/security/java.security-linux
+++ b/src/share/lib/security/java.security-linux
@@ -481,7 +481,7 @@
 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 #
 #
-jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
 
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
 # (SSL/TLS) processing
diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx
index 614defa..58a5916 100644
--- a/src/share/lib/security/java.security-macosx
+++ b/src/share/lib/security/java.security-macosx
@@ -484,7 +484,7 @@
 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 #
 #
-jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
 
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
 # (SSL/TLS) processing
diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris
index 45dfdf5..2bbeb35 100644
--- a/src/share/lib/security/java.security-solaris
+++ b/src/share/lib/security/java.security-solaris
@@ -483,7 +483,7 @@
 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 #
 #
-jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
 
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
 # (SSL/TLS) processing
diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows
index aedb39a..a5a814c 100644
--- a/src/share/lib/security/java.security-windows
+++ b/src/share/lib/security/java.security-windows
@@ -484,7 +484,7 @@
 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 #
 #
-jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
+jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
 
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
 # (SSL/TLS) processing
diff --git a/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java b/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java
index 8dbe8ac..9ce3ef4 100644
--- a/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java
+++ b/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,6 +21,12 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  * @bug 6852744
@@ -234,6 +240,10 @@
 
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
 
         X509CertSelector selector = generateSelector(args[0]);
diff --git a/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java b/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java
index 53b3ace..75bf2ec 100644
--- a/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java
+++ b/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,6 +21,12 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  * @bug 6852744
@@ -277,6 +283,10 @@
 
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
 
         X509CertSelector selector = generateSelector(args[0]);
diff --git a/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java b/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java
index 873237c..6d0b24b 100644
--- a/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java
+++ b/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,6 +21,12 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  * @bug 6852744
@@ -283,6 +289,10 @@
 
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
 
         X509CertSelector selector = generateSelector(args[0]);
diff --git a/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java b/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java
index 9f8d697..8c6e045 100644
--- a/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java
+++ b/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,12 +21,19 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  * @bug 5072953
  * @summary Verify that the URL for an OCSP responder can be extracted from a
  *          certificate's AuthorityInfoAccess extension when OCSP certifiate
  *          validation has been enabled.
+ * @run main/othervm AIACheck
  */
 
 import java.io.*;
@@ -51,6 +58,10 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         X509Certificate aiaCert = loadCertificate("AIACert.pem");
         X509Certificate rootCert = loadCertificate("RootCert.pem");
 
diff --git a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
index cd5f0e0..d1e4e8c 100644
--- a/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
+++ b/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,16 +21,24 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  * @bug 6383095
  * @summary CRL revoked certificate failures masked by OCSP failures
- *
+ * @run main/othervm FailoverToCRL
+ * @author Xuelei Fan
+ */
+
+/*
  * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to
  * Dec 1 14:55:35 2028 GMT, please update it with newer certificate if
  * expires.
- *
- * @author Xuelei Fan
  */
 
 /*
@@ -229,6 +237,10 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPath path = generateCertificatePath();
         Set<TrustAnchor> anchors = generateTrustAnchors();
         CertStore crls = generateCertificateStore();
diff --git a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java
index c850b82..9a21ae2 100644
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java
+++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,11 +21,18 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  *
  * @bug 6720721
  * @summary CRL check with circular depency support needed
+ * @run main/othervm CircularCRLOneLevel
  * @author Xuelei Fan
  */
 
@@ -158,6 +165,10 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPath path = generateCertificatePath();
         Set<TrustAnchor> anchors = generateTrustAnchors();
         CertStore crls = generateCertificateStore();
diff --git a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java
index ebbb3b0..9444836 100644
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java
+++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,11 +21,18 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  *
  * @bug 6720721
  * @summary CRL check with circular depency support needed
+ * @run main/othervm CircularCRLOneLevelRevoked
  * @author Xuelei Fan
  */
 
@@ -159,6 +166,10 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPath path = generateCertificatePath();
         Set<TrustAnchor> anchors = generateTrustAnchors();
         CertStore crls = generateCertificateStore();
diff --git a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java
index d8ca335..d67db44 100644
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java
+++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,11 +21,18 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  *
  * @bug 6720721
  * @summary CRL check with circular depency support needed
+ * @run main/othervm CircularCRLTwoLevel
  * @author Xuelei Fan
  */
 
@@ -210,6 +217,10 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPath path = generateCertificatePath();
         Set<TrustAnchor> anchors = generateTrustAnchors();
         CertStore crls = generateCertificateStore();
diff --git a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java
index 4405ded..e67934b 100644
--- a/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java
+++ b/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,11 +21,18 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /**
  * @test
  *
  * @bug 6720721
  * @summary CRL check with circular depency support needed
+ * @run main/othervm CircularCRLTwoLevelRevoked
  * @author Xuelei Fan
  */
 
@@ -211,6 +218,10 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         CertPath path = generateCertificatePath();
         Set<TrustAnchor> anchors = generateTrustAnchors();
         CertStore crls = generateCertificateStore();
diff --git a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
index 66d5d71..0ab26b5 100644
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
+++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
@@ -53,6 +53,10 @@
     }
 
     public void main(Provider p) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (p.getService("KeyFactory", "EC") == null) {
             System.out.println("Provider does not support EC, skipping");
             return;
diff --git a/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java b/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java
new file mode 100644
index 0000000..0483e7e
--- /dev/null
+++ b/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java
@@ -0,0 +1,449 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// This test case relies on static security property, no way to re-use
+// security property in samevm/agentvm mode.
+
+/**
+ * @test
+ *
+ * @bug 8030829
+ * @summary Add MD5 to jdk.certpath.disabledAlgorithms security property
+ *
+ * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_1024 0 true
+ * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_512  0 true
+ * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_1024 1 true
+ * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_512  1 false
+ * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_1024  1 false
+ * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_512  1 false
+ * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_1024  1 false
+ * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_512  1 false
+ * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_1024  2 true
+ * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_512  2 false
+ * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_1024  2 false
+ * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_512  2 false
+ * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_1024  2 false
+ * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_512  2 false
+ *
+ * @author Xuelei Fan
+ */
+
+/*
+ * The generate.sh was designed to generate MD2 signed certificates.  The
+ * certificates used in this test are generated by an updated generate.sh that
+ * replacing MD2 with MD5 algorithm.
+ */
+import java.io.*;
+import java.net.SocketException;
+import java.util.*;
+import java.security.Security;
+import java.security.cert.*;
+import sun.security.util.DerInputStream;
+
+public class CPBuilderWithMD5 {
+
+    // SHA1withRSA 1024
+    static String trustAnchor_SHA1withRSA_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
+        "AQUAA4GNADCBiQKBgQDn3JSHACqi/bcohVy7eFqDs3L5ehnXmF9Jrg4rMRUeNrxA\n" +
+        "61F8bJ9JXx4j8WyqmT0TtokgXuqGxbsXRQVVw4AdXLF2PwCs/y+Y+AwU59uDHA3J\n" +
+        "AMk4VvjV9MB2Ea6YzuLnbbj/TNrfxB6LZ7KBvh0fYGt2T40yMvOvilU/f6e3zQID\n" +
+        "AQABo4GJMIGGMB0GA1UdDgQWBBSIxINDFVm8GpUz3v+BbWNmDEKP7TBHBgNVHSME\n" +
+        "QDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
+        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
+        "DQYJKoZIhvcNAQEFBQADgYEAt0mYDXTpInrGvEOylIL2gx65A/bpdz9iDQsSs5sZ\n" +
+        "r3m0v9zJnzR8lRqN4GbaD1vrFdkUrIoObcvXjXitnf5QqDzmc9BbIYj83Ft8QSUj\n" +
+        "jCMy04EGT/7ATss4SiFEu6sJpmOBjsgH6wYuobR27wl/01XOu2CXUo3OOjgAoPBs\n" +
+        "QoQ=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512
+    static String trustAnchor_SHA1withRSA_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" +
+        "BQADSwAwSAJBANLqQkOpH7rBTo/a2ccYjJxvNib/Lxm6UXO1uAd/0AUzPWzJsOpB\n" +
+        "u2zyD26UYc0GNyXCkWMZ44FrtSQ8VI146j8CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" +
+        "5PVLxBY//smN31jHb/MAmCEz5NIwRwYDVR0jBEAwPoAU5PVLxBY//smN31jHb/MA\n" +
+        "mCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" +
+        "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAzF9E\n" +
+        "dXYPLqziCRY45IHCUtxaLjLQmwsjEu91TV4xyuuozGEumcqH7m6Hg6Ohnd1FGfsN\n" +
+        "X+vt1tdaDIu9+OzGjQ==\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 1024
+    static String intermediate_SHA1withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
+        "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
+        "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
+        "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
+        "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA0673aIUF2k20jkpR\n" +
+        "4USN9UkbfX57Uazhl4n765EeAiteWnTzKztISeH1GTrCw7bSl1r07aaflsnbKOHC\n" +
+        "RrL2RxbxNwQARvuuCxr664vXnsGrt86xA5F2iNF22uDM/5HA5sIfBmEk5xXSLrgH\n" +
+        "I7jOaYqAA1b8C+4DU2Z5ZgO4LOA=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 512
+    static String intermediate_SHA1withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
+        "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
+        "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
+        "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
+        "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQAihshnF7RWZ13tUGsH\n" +
+        "iM4i8HmBjw2+pwW/cs0E8BcycYEy3beWMcL1Np2yfOa/7K5ZvGPhe/piwzTel+Kt\n" +
+        "5VLm\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 1024
+    static String intermediate_SHA1withRSA_512_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDDCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" +
+        "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" +
+        "PoAUiMSDQxVZvBqVM97/gW1jZgxCj+2hI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA4GBAAHN8XUTT6asa1MvpfqAvKTH6tNrMOmzoFsUamPxSrUB\n" +
+        "tnBv/fa/E9+1QvQwl3g6luVXBkQf2/nVD0195IdkEuD/C6psuGKerXmiaRMv5Wcs\n" +
+        "B+8bTzhNxMzHKPZDJ8Tf/RD3XpPvtxw0T+I5xud68FH/WDhJtu7TiXPAhs7srtHt\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 512
+    static String intermediate_SHA1withRSA_512_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIByzCCAXWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" +
+        "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" +
+        "PoAU5PVLxBY//smN31jHb/MAmCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA0EASLN+1/pfo+9ty5EaYkoPu4QeYGr+5wmXyDceiaED/Lok\n" +
+        "RdV0ZH0qwD4kiarlJssNOgMCk+2EzgvXcIhEMDa5hA==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD5withRSA 1024 signed with RSA 1024
+    static String intermediate_MD5withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
+        "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
+        "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
+        "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
+        "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAerx2je3FBVn2eoPs\n" +
+        "nTzLKILezqCTCO7mXWiyBidRhh4RGdM8JggMN5SRmuwRurxfYFgPfqmAenWtEFqO\n" +
+        "xZrTXQUvIrrEgpzqkfppFnkCh4kDsX4roD5Nho3J4MTBQkqE0r676Yq6Rp6cywCq\n" +
+        "CHQQztRGY7n/ZYRNJ3uzvuoT1tk=\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD5withRSA 1024 signed with RSA 512
+    static String intermediate_MD5withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBCDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MTBaFw0zMzA5MTQxMTA5MTBa\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
+        "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
+        "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
+        "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
+        "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADQQA3XGQPNin8cDIsJ4vx\n" +
+        "tTxUO6XVJoWOdTsjwzlMrPmLvjJNZeXLtQe3pQu0vjgyUpQ59VYLW3qKN/LF3UH0\n" +
+        "Ep7V\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 1024
+    static String endentiry_SHA1withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
+        "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
+        "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
+        "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
+        "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
+        "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" +
+        "9w0BAQUFAAOBgQB2RkWHOaL4WTOGoeTS4J4o9FW+4UXihbocdI/64rMExERjDkE/\n" +
+        "Jh31TEmatnP1gPrF1AfmqQPubqVSbRtCHrZF+Ilk6L6YeyRNzKvsLiMUtgrLYLas\n" +
+        "Vop0DFZxR02xHgaJdoJkcWBjNadb9zG7eZtt8OOOJ4lRwg02aLTy+WDqPA==\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 512
+    static String endentiry_SHA1withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
+        "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
+        "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
+        "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
+        "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
+        "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" +
+        "9w0BAQUFAANBAIapvjECUm4YD4O99G0v2SM17cKQzjZtSWkScS7FSk4sxS+dP3hM\n" +
+        "Qb2UpoRl6CGynhOVVy2G/VJN8BEqOfywj8k=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 1024
+    static String endentiry_SHA1withRSA_512_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
+        "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
+        "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" +
+        "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" +
+        "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" +
+        "CLGg2S/eJC7oPwNTeBJDTgOM+OwwDQYJKoZIhvcNAQEFBQADgYEAMd/8XnjRz5jK\n" +
+        "nbss9DDQQC2mUuCbV/tGdke7eQ1DtBVZLBU6wDgisGr52sUXmyZIPmSVKpQqwCG5\n" +
+        "8cY5uQhaNwPtPmMMKXzX32zN9NhVkiDNceL+zHs3vdjD1i/QiUTST+NKfLYVb6dF\n" +
+        "YMG65lxe3gMVxMweiHSZSukmk1k3gUA=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 512
+    static String endentiry_SHA1withRSA_512_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
+        "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
+        "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" +
+        "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" +
+        "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" +
+        "88OD48Osuh7lJiLnhfMhrySqW8QwDQYJKoZIhvcNAQEFBQADQQB4xFWtC6ijDBIe\n" +
+        "/Gkf3B9+ycmP52pTPNiPwMS6u1a5vTRXMn5xRDexWfxJKJVZ2s9UR1jheZvWgPC8\n" +
+        "VUWO8bbG\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD5withRSA 1024 signed with RSA 1024
+    static String endentiry_MD5withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
+        "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
+        "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
+        "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
+        "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
+        "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" +
+        "9w0BAQQFAAOBgQBCVn9/JQxsRTaKIKSrgB+KtEreat+33k3SXuJICuRxcmvjOXIx\n" +
+        "wSdq+mRCA+DpIPSNtgnDAUyipnyxRxpdmRRUHuRYpkALq4a5QtTJK0Y/CEMfsd2J\n" +
+        "Yd2zKcfynDLW6LVeNdtjlY7fTemJnbA/WImNhwyW55V9vbnk3J04EZN8jw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD5withRSA 1024 signed with RSA 512
+    static String endentiry_MD5withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
+        "MTNaFw0zMzA5MTQxMTA5MTNaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
+        "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
+        "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
+        "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
+        "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" +
+        "9w0BAQQFAANBAAbZwmkqb6sfiiIxuLnj6PjhJsXGfvPomkkbLu5CapAMhen/p6ZG\n" +
+        "6vh69TbIsBR9UHu7qDyTl5Xax7bmYeW+sDQ=\n" +
+        "-----END CERTIFICATE-----";
+
+    static HashMap<String, String> certmap = new HashMap<String, String>();
+    static {
+        certmap.put("trustAnchor_SHA1withRSA_1024",
+                                    trustAnchor_SHA1withRSA_1024);
+        certmap.put("trustAnchor_SHA1withRSA_512",
+                                    trustAnchor_SHA1withRSA_512);
+        certmap.put("intermediate_SHA1withRSA_1024_1024",
+                                    intermediate_SHA1withRSA_1024_1024);
+        certmap.put("intermediate_SHA1withRSA_1024_512",
+                                    intermediate_SHA1withRSA_1024_512);
+        certmap.put("intermediate_SHA1withRSA_512_1024",
+                                    intermediate_SHA1withRSA_512_1024);
+        certmap.put("intermediate_SHA1withRSA_512_512",
+                                    intermediate_SHA1withRSA_512_512);
+        certmap.put("intermediate_MD5withRSA_1024_1024",
+                                    intermediate_MD5withRSA_1024_1024);
+        certmap.put("intermediate_MD5withRSA_1024_512",
+                                    intermediate_MD5withRSA_1024_512);
+        certmap.put("endentiry_SHA1withRSA_1024_1024",
+                                    endentiry_SHA1withRSA_1024_1024);
+        certmap.put("endentiry_SHA1withRSA_1024_512",
+                                    endentiry_SHA1withRSA_1024_512);
+        certmap.put("endentiry_SHA1withRSA_512_1024",
+                                    endentiry_SHA1withRSA_512_1024);
+        certmap.put("endentiry_SHA1withRSA_512_512",
+                                    endentiry_SHA1withRSA_512_512);
+        certmap.put("endentiry_MD5withRSA_1024_1024",
+                                    endentiry_MD5withRSA_1024_1024);
+        certmap.put("endentiry_MD5withRSA_1024_512",
+                                    endentiry_MD5withRSA_1024_512);
+    }
+
+    private static Set<TrustAnchor> generateTrustAnchors()
+            throws CertificateException {
+        // generate certificate from cert string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>();
+
+        ByteArrayInputStream is =
+            new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes());
+        Certificate cert = cf.generateCertificate(is);
+        TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes());
+        cert = cf.generateCertificate(is);
+        anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        return anchors;
+    }
+
+    private static CertStore generateCertificateStore() throws Exception {
+        Collection entries = new HashSet();
+
+        // generate certificate from certificate string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        for (String key : certmap.keySet()) {
+            String certStr = certmap.get(key);
+            ByteArrayInputStream is =
+                        new ByteArrayInputStream(certStr.getBytes());;
+            Certificate cert = cf.generateCertificate(is);
+            entries.add(cert);
+        }
+
+        return CertStore.getInstance("Collection",
+                            new CollectionCertStoreParameters(entries));
+    }
+
+    private static X509CertSelector generateSelector(String name)
+                throws Exception {
+        X509CertSelector selector = new X509CertSelector();
+
+        String certStr = certmap.get(name);
+        if (certStr == null) {
+            return null;
+        }
+
+        // generate certificate from certificate string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
+        X509Certificate target = (X509Certificate)cf.generateCertificate(is);
+
+        selector.setCertificate(target);
+
+        return selector;
+    }
+
+    private static boolean match(String name, Certificate cert)
+                throws Exception {
+        X509CertSelector selector = new X509CertSelector();
+
+        String certStr = certmap.get(name);
+        if (certStr == null) {
+            return false;
+        }
+
+        // generate certificate from certificate string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
+        X509Certificate target = (X509Certificate)cf.generateCertificate(is);
+
+        return target.equals(cert);
+    }
+
+    public static void main(String args[]) throws Exception {
+        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
+
+        X509CertSelector selector = generateSelector(args[0]);
+        if (selector == null) {
+            // no target certificate, ignore it
+            return;
+        }
+
+        Set<TrustAnchor> anchors = generateTrustAnchors();
+        CertStore certs = generateCertificateStore();
+
+        PKIXBuilderParameters params =
+                new PKIXBuilderParameters(anchors, selector);
+        params.addCertStore(certs);
+        params.setRevocationEnabled(false);
+        params.setDate(new Date(114, 9, 1));   // 2014-09-01
+
+        boolean success = Boolean.valueOf(args[2]);
+        try {
+            PKIXCertPathBuilderResult result =
+                        (PKIXCertPathBuilderResult)builder.build(params);
+            if (!success) {
+                throw new Exception("expected algorithm disabled exception");
+            }
+
+            int length = Integer.parseInt(args[1]);
+            List<? extends Certificate> path =
+                                    result.getCertPath().getCertificates();
+            if (length != path.size()) {
+                throw new Exception("unexpected certification path length");
+            }
+
+            if (!path.isEmpty()) {    // the target is not a trust anchor
+                if (!match(args[0], path.get(0))) {
+                    throw new Exception("unexpected certificate");
+                }
+            }
+        } catch (CertPathBuilderException cpbe) {
+            if (success) {
+                throw new Exception("unexpected exception", cpbe);
+            } else {
+                System.out.println("Get the expected exception " + cpbe);
+            }
+        }
+    }
+
+}
diff --git a/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java b/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java
index 21736ea..abb18eb 100644
--- a/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java
+++ b/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,15 +21,23 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /*
  * @test
  * @bug 7167988
  * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than
  *          one trust anchor is specified
+ * @run main/othervm ReverseBuild
  */
 import java.io.*;
 import java.util.*;
 import java.security.cert.*;
+import java.security.Security;
 
 import sun.security.provider.certpath.SunCertPathBuilderParameters;
 
@@ -279,6 +287,9 @@
 
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
 
         // generate certificate from cert string
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java
index 464cf97..9b695a2 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,13 +23,15 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /*
  * @test
  * @bug 7113275
  * @summary compatibility issue with MD2 trust anchor and old X509TrustManager
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @run main/othervm MD2InTrustAnchor PKIX TLSv1.1
  * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1
  * @run main/othervm MD2InTrustAnchor PKIX TLSv1.2
@@ -40,6 +42,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -283,6 +286,10 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java
index 19ab671..01fc5dc 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,13 +23,15 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /*
  * @test
  * @bug 7113275
  * @summary compatibility issue with MD2 trust anchor and old X509TrustManager
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @run main/othervm TrustTrustedCert PKIX TLSv1.1
  * @run main/othervm TrustTrustedCert SunX509 TLSv1.1
  * @run main/othervm TrustTrustedCert PKIX TLSv1.2
@@ -336,6 +338,10 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java
index 4ac150b..47e1e77 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,11 +21,18 @@
  * questions.
  */
 
+//
+// Security properties, once set, cannot revert to unset.  To avoid
+// conflicts with tests running in the same VM isolate this test by
+// running it in otherVM mode.
+//
+
 /*
  * @test
  * @bug 6302644
  * @summary X509KeyManager implementation for NewSunX509 doesn't return most
  *          preferable key
+ * @run main/othervm PreferredKey
  */
 import java.io.*;
 import java.net.*;
@@ -49,6 +56,10 @@
 
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         KeyStore ks;
         KeyManagerFactory kmf;
         X509KeyManager km;
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java
index c333e68..4f64cd1 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,14 +21,16 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /*
  * @test
  * @bug 7166570
  * @summary JSSE certificate validation has started to fail for
  *     certificate chains
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @run main/othervm BasicConstraints PKIX
  * @run main/othervm BasicConstraints SunX509
  */
@@ -37,6 +39,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.*;
@@ -454,6 +457,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java
index aaf5fb2..3b2587f 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,21 +21,23 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
 
 /*
  * @test
  * @bug 6916074
  * @summary Add support for TLS 1.2
  * @run main/othervm PKIXExtendedTM
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  */
 
 import java.net.*;
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -791,6 +793,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java
index 0d3abc6..a175412 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,15 +21,17 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /*
  * @test
  * @bug 6822460
  * @summary support self-issued certificate
  * @run main/othervm SelfIssuedCert PKIX
  * @run main/othervm SelfIssuedCert SunX509
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -37,6 +39,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -302,6 +305,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java
index 561718f..54b2de8 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,20 +21,23 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /*
  * @test
  * @bug 6916074
  * @summary Add support for TLS 1.2
  * @run main/othervm SunX509ExtendedTM
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  */
 
 import java.net.*;
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -792,6 +795,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java
index e011152..f9abcd6 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,18 +21,21 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /*
  * @test
  * @bug 6668231
  * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to
  *          fail trusted checks
  * @run main/othervm CriticalSubjectAltName
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
- *
  * @author Xuelei Fan
- *
+ */
+
+/*
  * This test depends on binary keystore, crisubn.jks and trusted.jks. Because
  * JAVA keytool cannot generate X509 certificate with SubjectAltName extension,
  * the certificates are generated with openssl toolkits and then imported into
@@ -47,6 +50,7 @@
 import java.io.*;
 import java.net.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.cert.Certificate;
 
 public class CriticalSubjectAltName implements HostnameVerifier {
@@ -154,6 +158,10 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         String keyFilename =
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + keyStoreFile;
diff --git a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
index 42d0ce3..ac4f8a1 100644
--- a/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
+++ b/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -431,6 +432,10 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java b/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
index 07503cb..3b11d2a 100644
--- a/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
+++ b/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,15 +23,16 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /*
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
  * @run main/othervm EmptyCertificateAuthorities
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
- *
  * @author Xuelei Fan
  */
 
@@ -228,6 +229,10 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         String keyFilename =
             System.getProperty("test.src", ".") + "/" + pathToStores +
                 "/" + keyStoreFile;
diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
index 4e740fa..b5295f3 100644
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
+++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,15 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /* @test
  * @bug 6766775
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @run main/othervm DNSIdentities
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -35,6 +37,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -743,6 +746,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
index 2fc92a2..bbf6892 100644
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
+++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,15 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /* @test
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
  * @run main/othervm IPAddressIPIdentities
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -35,6 +37,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -744,6 +747,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
index 1d93e9c..c0d897b 100644
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
+++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,15 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /* @test
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
  * @run main/othervm IPIdentities
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -35,6 +37,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -743,6 +746,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
diff --git a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
index e7396d5..55dfb1c 100644
--- a/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
+++ b/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,15 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /* @test
  * @bug 6766775
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @run main/othervm Identities
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -35,6 +37,7 @@
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -743,6 +746,10 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
+        // MD5 is used in this test case, don't disable MD5 algorithm.
+        Security.setProperty(
+                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
+
         if (debug)
             System.setProperty("javax.net.debug", "all");