From 77e1b3496cd9f3ade17745f560d3b6d4a0ba9976 Mon Sep 17 00:00:00 2001 From: andrew Date: Mon, 13 Jan 2020 03:43:59 +0000 Subject: [PATCH] 8037550: Update RFC references in javadoc to RFC 5280 Summary: Finish the job started by 8176536 Reviewed-by: mbalao --- src/share/classes/java/security/Key.java | 4 +-- .../classes/java/security/cert/CRLReason.java | 6 ++--- .../java/security/cert/PKIXReason.java | 4 +-- .../java/security/cert/TrustAnchor.java | 10 +++---- .../classes/java/security/cert/X509CRL.java | 4 +-- .../java/security/cert/X509CRLSelector.java | 2 +- .../java/security/cert/X509CertSelector.java | 26 +++++++++---------- .../java/security/cert/X509Certificate.java | 10 +++---- .../security/auth/x500/X500Principal.java | 12 ++++----- .../security/auth/x500/package-info.java | 12 ++++----- .../sun/security/provider/SunEntries.java | 6 ++--- .../provider/certpath/PolicyChecker.java | 4 +-- .../provider/certpath/PolicyNodeImpl.java | 4 +-- .../tools/jarsigner/TimestampedSigner.java | 2 +- .../sun/security/util/DerInputBuffer.java | 2 +- .../sun/security/util/DerOutputStream.java | 4 +-- .../classes/sun/security/util/DerValue.java | 4 +-- .../x509/AuthorityInfoAccessExtension.java | 4 +-- .../x509/CertificateIssuerExtension.java | 4 +-- .../x509/DeltaCRLIndicatorExtension.java | 4 +-- .../x509/ExtendedKeyUsageExtension.java | 4 +-- .../security/x509/FreshestCRLExtension.java | 4 +-- .../x509/InvalidityDateExtension.java | 4 +-- .../IssuingDistributionPointExtension.java | 4 +-- src/share/classes/sun/security/x509/RDN.java | 4 +-- src/share/classes/sun/security/x509/README | 2 +- .../x509/SubjectInfoAccessExtension.java | 4 +-- .../classes/sun/security/x509/URIName.java | 14 +++++----- .../classes/sun/security/x509/X500Name.java | 10 +++---- .../sun/security/x509/X509CRLImpl.java | 4 +-- .../sun/security/x509/X509CertInfo.java | 4 +-- src/share/lib/security/java.security-aix | 2 +- src/share/lib/security/java.security-linux | 2 +- src/share/lib/security/java.security-macosx | 2 +- src/share/lib/security/java.security-solaris | 2 +- src/share/lib/security/java.security-windows | 2 +- 36 files changed, 98 insertions(+), 98 deletions(-) diff --git a/src/share/classes/java/security/Key.java b/src/share/classes/java/security/Key.java index c0c63d7c7..09542e394 100644 --- a/src/share/classes/java/security/Key.java +++ b/src/share/classes/java/security/Key.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ package java.security; * * * For more information, see - * RFC 3280: + * RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile. * *
  • A Format diff --git a/src/share/classes/java/security/cert/CRLReason.java b/src/share/classes/java/security/cert/CRLReason.java index ac0b9e9c2..79d4729d0 100644 --- a/src/share/classes/java/security/cert/CRLReason.java +++ b/src/share/classes/java/security/cert/CRLReason.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,8 +27,8 @@ package java.security.cert; /** * The CRLReason enumeration specifies the reason that a certificate - * is revoked, as defined in - * RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL + * is revoked, as defined in + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL * Profile. * * @author Sean Mullan diff --git a/src/share/classes/java/security/cert/PKIXReason.java b/src/share/classes/java/security/cert/PKIXReason.java index d58ded975..e9c487299 100644 --- a/src/share/classes/java/security/cert/PKIXReason.java +++ b/src/share/classes/java/security/cert/PKIXReason.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ package java.security.cert; /** * The {@code PKIXReason} enumerates the potential PKIX-specific reasons * that an X.509 certification path may be invalid according to the PKIX - * (RFC 3280) standard. These reasons are in addition to those of the + * (RFC 5280) standard. These reasons are in addition to those of the * {@code CertPathValidatorException.BasicReason} enumeration. * * @since 1.7 diff --git a/src/share/classes/java/security/cert/TrustAnchor.java b/src/share/classes/java/security/cert/TrustAnchor.java index c98bf814c..e5be6a6da 100644 --- a/src/share/classes/java/security/cert/TrustAnchor.java +++ b/src/share/classes/java/security/cert/TrustAnchor.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,7 +78,7 @@ public class TrustAnchor { * The name constraints are specified as a byte array. This byte array * should contain the DER encoded form of the name constraints, as they * would appear in the NameConstraints structure defined in - * RFC 3280 + * RFC 5280 * and X.509. The ASN.1 definition of this structure appears below. * * 
    {@code
@@ -140,7 +140,7 @@ public class TrustAnchor {
      * 
    
      * The name constraints are specified as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #TrustAnchor(X509Certificate, byte[])
@@ -179,7 +179,7 @@ public class TrustAnchor {
      * 
    
      * The name constraints are specified as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #TrustAnchor(X509Certificate, byte[])
@@ -294,7 +294,7 @@ public class TrustAnchor {
      * 
    
      * The name constraints are returned as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #TrustAnchor(X509Certificate, byte[])
diff --git a/src/share/classes/java/security/cert/X509CRL.java b/src/share/classes/java/security/cert/X509CRL.java
index 5ce84847f..213329073 100644
--- a/src/share/classes/java/security/cert/X509CRL.java
+++ b/src/share/classes/java/security/cert/X509CRL.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,7 @@ import sun.security.x509.X509CRLImpl;
  *
    *

    * More information can be found in - * RFC 3280: Internet X.509 + * RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. *

    * The ASN.1 definition of {@code tbsCertList} is: diff --git a/src/share/classes/java/security/cert/X509CRLSelector.java b/src/share/classes/java/security/cert/X509CRLSelector.java index face5ff52..cf2e6b446 100644 --- a/src/share/classes/java/security/cert/X509CRLSelector.java +++ b/src/share/classes/java/security/cert/X509CRLSelector.java @@ -52,7 +52,7 @@ import sun.security.x509.X500Name; * {@link CertStore#getCRLs CertStore.getCRLs} or some similar * method. *

    - * Please refer to RFC 3280: + * Please refer to RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile * for definitions of the X.509 CRL fields and extensions mentioned below. *

    diff --git a/src/share/classes/java/security/cert/X509CertSelector.java b/src/share/classes/java/security/cert/X509CertSelector.java index 0fe97a602..905e45401 100644 --- a/src/share/classes/java/security/cert/X509CertSelector.java +++ b/src/share/classes/java/security/cert/X509CertSelector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -65,7 +65,7 @@ import sun.security.x509.*; * number. Other unique combinations include the issuer, subject, * subjectKeyIdentifier and/or the subjectPublicKey criteria. *

    - * Please refer to RFC 3280: + * Please refer to RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile for * definitions of the X.509 certificate extensions mentioned below. *

    @@ -728,7 +728,7 @@ public class X509CertSelector implements CertSelector { * The name is provided in string format. * RFC 822, DNS, and URI * names use the well-established string formats for those types (subject to - * the restrictions included in RFC 3280). IPv4 address names are + * the restrictions included in RFC 5280). IPv4 address names are * supplied using dotted quad notation. OID address names are represented * as a series of nonnegative integers separated by periods. And * directory names (distinguished names) are supplied in RFC 2253 format. @@ -746,7 +746,7 @@ public class X509CertSelector implements CertSelector { * String form of some distinguished names. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string form (not {@code null}) * @throws IOException if a parsing error occurs */ @@ -770,7 +770,7 @@ public class X509CertSelector implements CertSelector { *

    * The name is provided as a byte array. This byte array should contain * the DER encoded name, as it would appear in the GeneralName structure - * defined in RFC 3280 and X.509. The encoded byte array should only contain + * defined in RFC 5280 and X.509. The encoded byte array should only contain * the encoded value of the name, and should not include the tag associated * with the name in the GeneralName structure. The ASN.1 definition of this * structure appears below. @@ -806,7 +806,7 @@ public class X509CertSelector implements CertSelector { * must contain the specified subjectAlternativeName. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string or byte array form * @throws IOException if a parsing error occurs */ @@ -995,7 +995,7 @@ public class X509CertSelector implements CertSelector { *

    * The name constraints are specified as a byte array. This byte array * should contain the DER encoded form of the name constraints, as they - * would appear in the NameConstraints structure defined in RFC 3280 + * would appear in the NameConstraints structure defined in RFC 5280 * and X.509. The ASN.1 definition of this structure appears below. * * 

    {@code
@@ -1197,7 +1197,7 @@ public class X509CertSelector implements CertSelector {
      * 
    
      * The name is provided in string format. RFC 822, DNS, and URI names
      * use the well-established string formats for those types (subject to
-     * the restrictions included in RFC 3280). IPv4 address names are
+     * the restrictions included in RFC 5280). IPv4 address names are
      * supplied using dotted quad notation. OID address names are represented
      * as a series of nonnegative integers separated by periods. And
      * directory names (distinguished names) are supplied in RFC 2253 format.
@@ -1214,7 +1214,7 @@ public class X509CertSelector implements CertSelector {
      * String form of some distinguished names.
      *
      * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
      * @param name the name in string form
      * @throws IOException if a parsing error occurs
      */
@@ -1234,7 +1234,7 @@ public class X509CertSelector implements CertSelector {
      * 
    
      * The name is provided as a byte array. This byte array should contain
      * the DER encoded name, as it would appear in the GeneralName structure
-     * defined in RFC 3280 and X.509. The ASN.1 definition of this structure
+     * defined in RFC 5280 and X.509. The ASN.1 definition of this structure
      * appears in the documentation for
      * {@link #addSubjectAlternativeName(int type, byte [] name)
      * addSubjectAlternativeName(int type, byte [] name)}.
@@ -1243,7 +1243,7 @@ public class X509CertSelector implements CertSelector {
      * subsequent modifications.
      *
      * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
      * @param name a byte array containing the name in ASN.1 DER encoded form
      * @throws IOException if a parsing error occurs
      */
@@ -1258,7 +1258,7 @@ public class X509CertSelector implements CertSelector {
      * the specified pathToName.
      *
      * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
      * @param name the name in string or byte array form
      * @throws IOException if an encoding error occurs (incorrect form for DN)
      */
@@ -1715,7 +1715,7 @@ public class X509CertSelector implements CertSelector {
      * 
    
      * The name constraints are returned as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #setNameConstraints(byte [] bytes) setNameConstraints(byte [] bytes)}.
diff --git a/src/share/classes/java/security/cert/X509Certificate.java b/src/share/classes/java/security/cert/X509Certificate.java
index 0aba5da60..174d6a738 100644
--- a/src/share/classes/java/security/cert/X509Certificate.java
+++ b/src/share/classes/java/security/cert/X509Certificate.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@ import sun.security.x509.X509CertImpl;
  * CA such as a "root" CA.
  * 
    
  * More information can be found in
- * RFC 3280: Internet X.509
+ * RFC 5280: Internet X.509
  * Public Key Infrastructure Certificate and CRL Profile.
  * 
    
  * The ASN.1 definition of {@code tbsCertificate} is:
@@ -408,7 +408,7 @@ implements X509Extension {
      * Gets the {@code issuerUniqueID} value from the certificate.
      * The issuer unique identifier is present in the certificate
      * to handle the possibility of reuse of issuer names over time.
-     * RFC 3280 recommends that names not be reused and that
+     * RFC 5280 recommends that names not be reused and that
      * conforming certificates not make use of unique identifiers.
      * Applications conforming to that profile should be capable of
      * parsing unique identifiers and making comparisons.
@@ -459,7 +459,7 @@ implements X509Extension {
      *     encipherOnly            (7),
      *     decipherOnly            (8) }
      *
    - * RFC 3280 recommends that when used, this be marked + * RFC 5280 recommends that when used, this be marked * as a critical extension. * * @return the KeyUsage extension of this certificate, represented as @@ -572,7 +572,7 @@ implements X509Extension { * RFC 822, DNS, and URI * names are returned as {@code String}s, * using the well-established string formats for those types (subject to - * the restrictions included in RFC 3280). IPv4 address names are + * the restrictions included in RFC 5280). IPv4 address names are * returned using dotted quad notation. IPv6 address names are returned * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values * representing the eight 16-bit pieces of the address. OID names are diff --git a/src/share/classes/javax/security/auth/x500/X500Principal.java b/src/share/classes/javax/security/auth/x500/X500Principal.java index 77292b0be..223666109 100644 --- a/src/share/classes/javax/security/auth/x500/X500Principal.java +++ b/src/share/classes/javax/security/auth/x500/X500Principal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,13 +41,13 @@ import sun.security.util.*; * of the distinguished name, or by using the ASN.1 DER encoded byte * representation of the distinguished name. The current specification * for the string representation of a distinguished name is defined in - * RFC 2253: Lightweight + * RFC 2253: Lightweight * Directory Access Protocol (v3): UTF-8 String Representation of * Distinguished Names. This class, however, accepts string formats from - * both RFC 2253 and RFC 1779: + * both RFC 2253 and RFC 1779: * A String Representation of Distinguished Names, and also recognizes * attribute type keywords whose OIDs (Object Identifiers) are defined in - * RFC 3280: Internet X.509 + * RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. * *

    The string representation for this {@code X500Principal} @@ -108,7 +108,7 @@ public final class X500Principal implements Principal, java.io.Serializable { * (and listed in {@link #getName(String format) getName(String format)}), * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object - * Identifiers (OIDs) are defined in RFC 3280 and its successor. + * Identifiers (OIDs) are defined in RFC 5280. * Any other attribute type must be specified as an OID. * *

    This implementation enforces a more restrictive OID syntax than @@ -456,7 +456,7 @@ public final class X500Principal implements Principal, java.io.Serializable { * (obtained via the {@code getName(X500Principal.CANONICAL)} method) * of this object and o are equal. * - *

    This implementation is compliant with the requirements of RFC 3280. + *

    This implementation is compliant with the requirements of RFC 5280. * * @param o Object to be compared for equality with this * {@code X500Principal} diff --git a/src/share/classes/javax/security/auth/x500/package-info.java b/src/share/classes/javax/security/auth/x500/package-info.java index 12f8a5322..1e9ca1a82 100644 --- a/src/share/classes/javax/security/auth/x500/package-info.java +++ b/src/share/classes/javax/security/auth/x500/package-info.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,15 +31,15 @@ *

    Package Specification

    * * diff --git a/src/share/classes/sun/security/provider/SunEntries.java b/src/share/classes/sun/security/provider/SunEntries.java index 008fea58e..0ec9813c9 100644 --- a/src/share/classes/sun/security/provider/SunEntries.java +++ b/src/share/classes/sun/security/provider/SunEntries.java @@ -65,7 +65,7 @@ import sun.security.action.GetPropertyAction; * and CRLs. Aliases for X.509 are X509. * * - PKIX is the certification path validation algorithm described - * in RFC 3280. The ValidationAlgorithm attribute notes the + * in RFC 5280. The ValidationAlgorithm attribute notes the * specification that this provider implements. * * - LDAP is the CertStore type for LDAP repositories. The @@ -257,7 +257,7 @@ final class SunEntries { map.put("CertPathBuilder.PKIX", "sun.security.provider.certpath.SunCertPathBuilder"); map.put("CertPathBuilder.PKIX ValidationAlgorithm", - "RFC3280"); + "RFC5280"); /* * CertPathValidator @@ -265,7 +265,7 @@ final class SunEntries { map.put("CertPathValidator.PKIX", "sun.security.provider.certpath.PKIXCertPathValidator"); map.put("CertPathValidator.PKIX ValidationAlgorithm", - "RFC3280"); + "RFC5280"); /* * CertStores diff --git a/src/share/classes/sun/security/provider/certpath/PolicyChecker.java b/src/share/classes/sun/security/provider/certpath/PolicyChecker.java index ab8282037..dd030d3d9 100644 --- a/src/share/classes/sun/security/provider/certpath/PolicyChecker.java +++ b/src/share/classes/sun/security/provider/certpath/PolicyChecker.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -578,7 +578,7 @@ class PolicyChecker extends PKIXCertPathChecker { } /** - * Rewrite leaf nodes at the end of validation as described in RFC 3280 + * Rewrite leaf nodes at the end of validation as described in RFC 5280 * section 6.1.5: Step (g)(iii). Leaf nodes with anyPolicy are replaced * by nodes explicitly representing initial policies not already * represented by leaf nodes. diff --git a/src/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java b/src/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java index 02109d49d..a42a1e8e2 100644 --- a/src/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java +++ b/src/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -56,7 +56,7 @@ final class PolicyNodeImpl implements PolicyNode { private PolicyNodeImpl mParent; private HashSet mChildren; - // the 4 fields specified by RFC 3280 + // the 4 fields specified by RFC 5280 private String mValidPolicy; private HashSet mQualifierSet; private boolean mCriticalityIndicator; diff --git a/src/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java b/src/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java index 0b97cee37..fa05a0d48 100644 --- a/src/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java +++ b/src/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java @@ -144,7 +144,7 @@ public final class TimestampedSigner extends ContentSigner { /** * Examine the certificate for a Subject Information Access extension - * (RFC 3280). + * (RFC 5280). * The extension's {@code accessMethod} field should contain the object * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its * {@code accessLocation} field should contain an HTTP or HTTPS URL. diff --git a/src/share/classes/sun/security/util/DerInputBuffer.java b/src/share/classes/sun/security/util/DerInputBuffer.java index b09b7b304..54eade390 100644 --- a/src/share/classes/sun/security/util/DerInputBuffer.java +++ b/src/share/classes/sun/security/util/DerInputBuffer.java @@ -300,7 +300,7 @@ class DerInputBuffer extends ByteArrayInputStream implements Cloneable { * YYMMDDhhmmss-hhmm * UTC Time is broken in storing only two digits of year. * If YY < 50, we assume 20YY; - * if YY >= 50, we assume 19YY, as per RFC 3280. + * if YY >= 50, we assume 19YY, as per RFC 5280. * * Generalized time has a four-digit year and allows any * precision specified in ISO 8601. However, for our purposes, diff --git a/src/share/classes/sun/security/util/DerOutputStream.java b/src/share/classes/sun/security/util/DerOutputStream.java index c517df8a4..05a7b6346 100644 --- a/src/share/classes/sun/security/util/DerOutputStream.java +++ b/src/share/classes/sun/security/util/DerOutputStream.java @@ -461,7 +461,7 @@ extends ByteArrayOutputStream implements DerEncoder { * Marshals a DER UTC time/date value. * *

    YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per RFC 3280. + * and with seconds (even if seconds=0) as per RFC 5280. */ public void putUTCTime(Date d) throws IOException { putTime(d, DerValue.tag_UtcTime); @@ -471,7 +471,7 @@ extends ByteArrayOutputStream implements DerEncoder { * Marshals a DER Generalized Time/date value. * *

    YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per RFC 3280. + * and with seconds (even if seconds=0) as per RFC 5280. */ public void putGeneralizedTime(Date d) throws IOException { putTime(d, DerValue.tag_GeneralizedTime); diff --git a/src/share/classes/sun/security/util/DerValue.java b/src/share/classes/sun/security/util/DerValue.java index 595c01169..937253737 100644 --- a/src/share/classes/sun/security/util/DerValue.java +++ b/src/share/classes/sun/security/util/DerValue.java @@ -45,8 +45,8 @@ import sun.misc.IOUtils; * (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data). * * A note with respect to T61/Teletex strings: From RFC 1617, section 4.1.3 - * and RFC 3280, section 4.1.2.4., we assume that this kind of string will - * contain ISO-8859-1 characters only. + * and RFC 5280, section 8, we assume that this kind of string will contain + * ISO-8859-1 characters only. * * * @author David Brownell diff --git a/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java b/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java index 725c753e6..afc642df2 100644 --- a/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java +++ b/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,7 +43,7 @@ import sun.security.util.DerValue; * certificate that identifies the specific OCSP Responder to use when * performing on-line validation of that certificate. *

    - * This extension is defined in + * This extension is defined in * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile. The profile permits * the extension to be included in end-entity or CA certificates, diff --git a/src/share/classes/sun/security/x509/CertificateIssuerExtension.java b/src/share/classes/sun/security/x509/CertificateIssuerExtension.java index b7739707d..0dd8f3964 100644 --- a/src/share/classes/sun/security/x509/CertificateIssuerExtension.java +++ b/src/share/classes/sun/security/x509/CertificateIssuerExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,7 +44,7 @@ import sun.security.util.DerOutputStream; *

    * If used by conforming CRL issuers, this extension is always * critical. If an implementation ignored this extension it could not - * correctly attribute CRL entries to certificates. PKIX (RFC 3280) + * correctly attribute CRL entries to certificates. PKIX (RFC 5280) * RECOMMENDS that implementations recognize this extension. *

    * The ASN.1 definition for this is: diff --git a/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java b/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java index 69be1457c..4b0322393 100644 --- a/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java +++ b/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ import sun.security.util.*; * *

    * The extension is defined in Section 5.2.4 of - * Internet X.509 PKI Certific + * Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile. * *

    diff --git a/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java b/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java index 680846029..dc820770e 100644 --- a/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java +++ b/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,7 +94,7 @@ implements CertAttrSet { public static final String NAME = "ExtendedKeyUsage"; public static final String USAGES = "usages"; - // OID defined in RFC 3280 Sections 4.2.1.13 + // OID defined in RFC 5280 Sections 4.2.1.12 // more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html private static final Map map = new HashMap (); diff --git a/src/share/classes/sun/security/x509/FreshestCRLExtension.java b/src/share/classes/sun/security/x509/FreshestCRLExtension.java index 775e2ac03..3d0723da5 100644 --- a/src/share/classes/sun/security/x509/FreshestCRLExtension.java +++ b/src/share/classes/sun/security/x509/FreshestCRLExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ import sun.security.util.*; * *

    * The extension is defined in Section 5.2.6 of - * Internet X.509 PKI Certific + * Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile. * *

    diff --git a/src/share/classes/sun/security/x509/InvalidityDateExtension.java b/src/share/classes/sun/security/x509/InvalidityDateExtension.java index eda021648..7fac65f3e 100644 --- a/src/share/classes/sun/security/x509/InvalidityDateExtension.java +++ b/src/share/classes/sun/security/x509/InvalidityDateExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,7 @@ import java.util.Enumeration; import sun.security.util.*; /** - * From RFC 3280: + * From RFC 5280: *

    * The invalidity date is a non-critical CRL entry extension that * provides the date on which it is known or suspected that the private diff --git a/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java b/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java index 6fe8eb3b1..6866af083 100644 --- a/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java +++ b/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -46,7 +46,7 @@ import sun.security.util.DerValue; * *

    * The extension is defined in Section 5.2.5 of - * Internet X.509 PKI Certific + * Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile. * *

    diff --git a/src/share/classes/sun/security/x509/RDN.java b/src/share/classes/sun/security/x509/RDN.java index e60e2e843..9eb60681f 100644 --- a/src/share/classes/sun/security/x509/RDN.java +++ b/src/share/classes/sun/security/x509/RDN.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -343,7 +343,7 @@ public class RDN { /* * Returns a printable form of this RDN, using RFC 1779 style catenation * of attribute/value assertions, and emitting attribute type keywords - * from RFCs 1779, 2253, and 3280. + * from RFCs 1779, 2253, and 5280. */ public String toString() { if (assertion.length == 1) { diff --git a/src/share/classes/sun/security/x509/README b/src/share/classes/sun/security/x509/README index 31a129186..f18a37352 100644 --- a/src/share/classes/sun/security/x509/README +++ b/src/share/classes/sun/security/x509/README @@ -34,7 +34,7 @@ found in: Protocol (LDAP) that many organizations are expecting will help address online certificate distribution over the Internet. - RFC 3280, which describes the Internet X.509 Public Key + RFC 5280, which describes the Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which diff --git a/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java b/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java index e1a0bc261..29d60eff8 100644 --- a/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java +++ b/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,7 +48,7 @@ import sun.security.util.DerValue; * included in end entity or CA certificates. Conforming CAs MUST mark * this extension as non-critical. *

    - * This extension is defined in + * This extension is defined in * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile. The profile permits * the extension to be included in end-entity or CA certificates, diff --git a/src/share/classes/sun/security/x509/URIName.java b/src/share/classes/sun/security/x509/URIName.java index 3c5b523b5..2d2cafd21 100644 --- a/src/share/classes/sun/security/x509/URIName.java +++ b/src/share/classes/sun/security/x509/URIName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,15 +35,15 @@ import sun.security.util.*; * This class implements the URIName as required by the GeneralNames * ASN.1 object. *

    - * [RFC3280] When the subjectAltName extension contains a URI, the name MUST be + * [RFC5280] When the subjectAltName extension contains a URI, the name MUST be * stored in the uniformResourceIdentifier (an IA5String). The name MUST * be a non-relative URL, and MUST follow the URL syntax and encoding - * rules specified in [RFC 1738]. The name must include both a scheme + * rules specified in [RFC 3986]. The name must include both a scheme * (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- * specific-part must include a fully qualified domain name or IP * address as the host. *

    - * As specified in [RFC 1738], the scheme name is not case-sensitive + * As specified in [RFC 3986], the scheme name is not case-sensitive * (e.g., "http" is equivalent to "HTTP"). The host part is also not * case-sensitive, but other components of the scheme-specific-part may * be case-sensitive. When comparing URIs, conforming implementations @@ -113,7 +113,7 @@ public class URIName implements GeneralNameInterface { } host = uri.getHost(); - // RFC 3280 says that the host should be non-null, but we allow it to + // RFC 5280 says that the host should be non-null, but we allow it to // be null because some widely deployed certificates contain CDP // extensions with URIs that have no hostname (see bugs 4802236 and // 5107944). @@ -148,7 +148,7 @@ public class URIName implements GeneralNameInterface { /** * Create the URIName object with the specified name constraint. URI * name constraints syntax is different than SubjectAltNames, etc. See - * 4.2.1.11 of RFC 3280. + * 4.2.1.10 of RFC 5280. * * @param value the URI name constraint * @throws IOException if name is not a proper URI name constraint @@ -300,7 +300,7 @@ public class URIName implements GeneralNameInterface { * These results are used in checking NameConstraints during * certification path verification. *

    - * RFC3280: For URIs, the constraint applies to the host part of the name. + * RFC5280: For URIs, the constraint applies to the host part of the name. * The constraint may specify a host or a domain. Examples would be * "foo.bar.com"; and ".xyz.com". When the the constraint begins with * a period, it may be expanded with one or more subdomains. That is, diff --git a/src/share/classes/sun/security/x509/X500Name.java b/src/share/classes/sun/security/x509/X500Name.java index 447395c50..8a6d93cf5 100644 --- a/src/share/classes/sun/security/x509/X500Name.java +++ b/src/share/classes/sun/security/x509/X500Name.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -604,7 +604,7 @@ public class X500Name implements GeneralNameInterface, Principal { * Returns a string form of the X.500 distinguished name. * The format of the string is from RFC 1779. The returned string * may contain non-standardised keywords for more readability - * (keywords from RFCs 1779, 2253, and 3280). + * (keywords from RFCs 1779, 2253, and 5280). */ public String toString() { if (dn == null) { @@ -865,7 +865,7 @@ public class X500Name implements GeneralNameInterface, Principal { * O="Sue, Grabbit and Runn" or * O=Sue\, Grabbit and Runn * - * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 3280 + * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 5280 * keywords. Additional keywords can be specified in the keyword/OID map. */ private void parseDN(String input, Map keywordMap) @@ -1117,7 +1117,7 @@ public class X500Name implements GeneralNameInterface, Principal { /* * Selected OIDs from X.520 - * Includes all those specified in RFC 3280 as MUST or SHOULD + * Includes all those specified in RFC 5280 as MUST or SHOULD * be recognized */ private static final int commonName_data[] = { 2, 5, 4, 3 }; @@ -1215,7 +1215,7 @@ public class X500Name implements GeneralNameInterface, Principal { ipAddress_oid = intern(ObjectIdentifier.newInternal(ipAddress_data)); /* - * Domain component OID from RFC 1274, RFC 2247, RFC 3280 + * Domain component OID from RFC 1274, RFC 2247, RFC 5280 */ /* diff --git a/src/share/classes/sun/security/x509/X509CRLImpl.java b/src/share/classes/sun/security/x509/X509CRLImpl.java index 84403b352..8cb54ff98 100644 --- a/src/share/classes/sun/security/x509/X509CRLImpl.java +++ b/src/share/classes/sun/security/x509/X509CRLImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ import sun.misc.HexDumpEncoder; * signature BIT STRING } * * More information can be found in - * RFC 3280: Internet X.509 + * RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. *

    * The ASN.1 definition of tbsCertList is: diff --git a/src/share/classes/sun/security/x509/X509CertInfo.java b/src/share/classes/sun/security/x509/X509CertInfo.java index b7f2dd85b..fa64e9d0f 100644 --- a/src/share/classes/sun/security/x509/X509CertInfo.java +++ b/src/share/classes/sun/security/x509/X509CertInfo.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -708,7 +708,7 @@ public class X509CertInfo implements CertAttrSet { } /* - * Verify if X.509 V3 Certificate is compliant with RFC 3280. + * Verify if X.509 V3 Certificate is compliant with RFC 5280. */ private void verifyCert(X500Name subject, CertificateExtensions extensions) diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix index 7ae1abdac..6e52f0ef8 100644 --- a/src/share/lib/security/java.security-aix +++ b/src/share/lib/security/java.security-aix @@ -341,7 +341,7 @@ networkaddress.cache.negative.ttl=10 # By default, the location of the OCSP responder is determined implicitly # from the certificate being validated. This property explicitly specifies # the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent +# Authority Information Access extension (defined in RFC 5280) is absent # from the certificate or when it requires overriding. # # Example, diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux index 507b78044..349c6c9d1 100644 --- a/src/share/lib/security/java.security-linux +++ b/src/share/lib/security/java.security-linux @@ -341,7 +341,7 @@ networkaddress.cache.negative.ttl=10 # By default, the location of the OCSP responder is determined implicitly # from the certificate being validated. This property explicitly specifies # the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent +# Authority Information Access extension (defined in RFC 5280) is absent # from the certificate or when it requires overriding. # # Example, diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx index d2229db52..6404a382e 100644 --- a/src/share/lib/security/java.security-macosx +++ b/src/share/lib/security/java.security-macosx @@ -344,7 +344,7 @@ networkaddress.cache.negative.ttl=10 # By default, the location of the OCSP responder is determined implicitly # from the certificate being validated. This property explicitly specifies # the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent +# Authority Information Access extension (defined in RFC 5280) is absent # from the certificate or when it requires overriding. # # Example, diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris index ed3d0c5f4..25c478537 100644 --- a/src/share/lib/security/java.security-solaris +++ b/src/share/lib/security/java.security-solaris @@ -343,7 +343,7 @@ networkaddress.cache.negative.ttl=10 # By default, the location of the OCSP responder is determined implicitly # from the certificate being validated. This property explicitly specifies # the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent +# Authority Information Access extension (defined in RFC 5280) is absent # from the certificate or when it requires overriding. # # Example, diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows index 5069b9f1c..36122ccee 100644 --- a/src/share/lib/security/java.security-windows +++ b/src/share/lib/security/java.security-windows @@ -344,7 +344,7 @@ networkaddress.cache.negative.ttl=10 # By default, the location of the OCSP responder is determined implicitly # from the certificate being validated. This property explicitly specifies # the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent +# Authority Information Access extension (defined in RFC 5280) is absent # from the certificate or when it requires overriding. # # Example, -- GitLab