While Cipher transform can be easily wildcarded by specifying a portion of the transformation, MessageDigest and Mac are not so easy. I recently noticed "SHA1:SUN" was not triggering HMAC because SunPKCS11 intercepts the request.

While the internals of SunJCE do the right thing to get an instance for the message digest for use with HMAC, SunPKCS11 does not get an instance of the message digest and just sends it back to the native library. SunPKCS11 is not doing the wrong thing here, this wasn't anticipated during the project.

As a result of this, each HMAC transformation would need to be specified on the jdk.security.provider.preferred. This will create a long list of algorithm names. It would be better to group them together in simple names. We will also use the 'type' to specify the group. The 'type' is used for the Service type, such as MessageDigest.SHA1 or Cipher.RSA. For these groups we will use a new type called "Group". New groups would be: Group.SHA2 and Group.HmacSHA2, Group.SHA2RSA, Group.SHA2DSA, Group.SHA2ECDSA, Group.SHA3, Group.HmacSHA3,

Group.SHA2 = SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256

Group.HmacSHA2 = HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
Group.SHA2RSA = SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA
Group.SHA2DSA = SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA
Group.SHA2ECDSA = SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA
Group.SHA3 = SHA3-224, SHA3-256, SHA3-384, SHA3-512
Group.HmacSHA3 = HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512

A new sparc jdk.security.provider.preferred line would be:
  jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, HmacSHA1:SunJCE, Group.SHA2:SUN, Group.HmacSHA2:SunJCE