--- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Tue Apr 09 16:32:22 2019 -0700
+++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Wed Apr 10 02:35:18 2019 +0000
@@ -422,18 +422,16 @@
         }
         // Verify the signature ...
         Signature sigVerf = null;
+        String sigName = algId.getName();
         if (sigProvider.isEmpty()) {
-            sigVerf = Signature.getInstance(algId.getName());
+            sigVerf = Signature.getInstance(sigName);
         } else {
-            sigVerf = Signature.getInstance(algId.getName(), sigProvider);
+            sigVerf = Signature.getInstance(sigName, sigProvider);
         }
 
-        sigVerf.initVerify(key);
-
-        // set parameters after Signature.initSign/initVerify call,
-        // so the deferred provider selection happens when key is set
         try {
-            SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
+            SignatureUtil.initVerifyWithParam(sigVerf, key,
+                SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
         } catch (ProviderException e) {
             throw new CertificateException(e.getMessage(), e.getCause());
         } catch (InvalidAlgorithmParameterException e) {
@@ -478,18 +476,16 @@
         }
         // Verify the signature ...
         Signature sigVerf = null;
+        String sigName = algId.getName();
         if (sigProvider == null) {
-            sigVerf = Signature.getInstance(algId.getName());
+            sigVerf = Signature.getInstance(sigName);
         } else {
-            sigVerf = Signature.getInstance(algId.getName(), sigProvider);
+            sigVerf = Signature.getInstance(sigName, sigProvider);
         }
 
-        sigVerf.initVerify(key);
-
-        // set parameters after Signature.initSign/initVerify call,
-        // so the deferred provider selection happens when key is set
         try {
-            SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
+            SignatureUtil.initVerifyWithParam(sigVerf, key,
+                SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
         } catch (ProviderException e) {
             throw new CertificateException(e.getMessage(), e.getCause());
         } catch (InvalidAlgorithmParameterException e) {
@@ -587,22 +583,19 @@
             InvalidKeyException, InvalidAlgorithmParameterException,
             NoSuchProviderException, SignatureException {
         try {
-            if (readOnly)
+            if (readOnly) {
                 throw new CertificateEncodingException(
-                              "cannot over-write existing certificate");
+                        "cannot over-write existing certificate");
+            }
             Signature sigEngine = null;
-            if (provider == null || provider.isEmpty())
+            if (provider == null || provider.isEmpty()) {
                 sigEngine = Signature.getInstance(algorithm);
-            else
+            } else {
                 sigEngine = Signature.getInstance(algorithm, provider);
-
-            sigEngine.initSign(key);
+            }
 
-            if (signingParams != null) {
-                // set parameters after Signature.initSign/initVerify call, so
-                // the deferred provider selection happens when the key is set
-                sigEngine.setParameter(signingParams);
-            }
+            SignatureUtil.initSignWithParam(sigEngine, key, signingParams,
+                    null);
 
             // in case the name is reset
             if (signingParams != null) {