Thanks for the comments, there are only < 3 months left for this to be
implemented.
Besides just assigning the mech numbers, we need the underlying PKCS11
library (Solaris or NSS) to support SHA-3.
Once we have that, enhancing SunPKCS11 provider is fairly trivial and
can be done via an RFE.
I
I need a code review of this change:
http://cr.openjdk.java.net/~ascarpino/8140422/webrev/
Currently CertPath algorithm restrictions allow or deny all
certificates. This change adds the ability to reject certificate chains
that contain a restricted algorithm and the chain terminates at a root
