OpenJDK / jdk / jdk10
changeset 26967:c182469301ee
8037550: Update RFC references in javadoc to RFC 5280
Reviewed-by: mullan
line wrap: on
line diff
--- a/jdk/src/java.base/share/classes/java/security/Key.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/Key.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ * </pre> * * For more information, see - * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: + * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>. * * <LI>A Format
--- a/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,8 +27,8 @@ /** * The CRLReason enumeration specifies the reason that a certificate - * is revoked, as defined in <a href="http://www.ietf.org/rfc/rfc3280.txt"> - * RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL + * is revoked, as defined in <a href="http://tools.ietf.org/html/rfc5280"> + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL * Profile</a>. * * @author Sean Mullan
--- a/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ /** * The {@code PKIXReason} enumerates the potential PKIX-specific reasons * that an X.509 certification path may be invalid according to the PKIX - * (RFC 3280) standard. These reasons are in addition to those of the + * (RFC 5280) standard. These reasons are in addition to those of the * {@code CertPathValidatorException.BasicReason} enumeration. * * @since 1.7
--- a/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,7 +78,7 @@ * The name constraints are specified as a byte array. This byte array * should contain the DER encoded form of the name constraints, as they * would appear in the NameConstraints structure defined in - * <a href="http://www.ietf.org/rfc/rfc3280">RFC 3280</a> + * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a> * and X.509. The ASN.1 definition of this structure appears below. * * <pre>{@code @@ -140,7 +140,7 @@ * <p> * The name constraints are specified as a byte array. This byte array * contains the DER encoded form of the name constraints, as they - * would appear in the NameConstraints structure defined in RFC 3280 + * would appear in the NameConstraints structure defined in RFC 5280 * and X.509. The ASN.1 notation for this structure is supplied in the * documentation for * {@link #TrustAnchor(X509Certificate, byte[]) @@ -179,7 +179,7 @@ * <p> * The name constraints are specified as a byte array. This byte array * contains the DER encoded form of the name constraints, as they - * would appear in the NameConstraints structure defined in RFC 3280 + * would appear in the NameConstraints structure defined in RFC 5280 * and X.509. The ASN.1 notation for this structure is supplied in the * documentation for * {@link #TrustAnchor(X509Certificate, byte[]) @@ -294,7 +294,7 @@ * <p> * The name constraints are returned as a byte array. This byte array * contains the DER encoded form of the name constraints, as they - * would appear in the NameConstraints structure defined in RFC 3280 + * would appear in the NameConstraints structure defined in RFC 5280 * and X.509. The ASN.1 notation for this structure is supplied in the * documentation for * {@link #TrustAnchor(X509Certificate, byte[])
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,7 +69,7 @@ * </pre> * <p> * More information can be found in - * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 + * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile</a>. * <p> * The ASN.1 definition of {@code tbsCertList} is:
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,7 +52,7 @@ * {@link CertStore#getCRLs CertStore.getCRLs} or some similar * method. * <p> - * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: + * Please refer to <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a> * for definitions of the X.509 CRL fields and extensions mentioned below. * <p>
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -65,7 +65,7 @@ * number. Other unique combinations include the issuer, subject, * subjectKeyIdentifier and/or the subjectPublicKey criteria. * <p> - * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: + * Please refer to <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a> for * definitions of the X.509 certificate extensions mentioned below. * <p> @@ -728,7 +728,7 @@ * The name is provided in string format. * <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI * names use the well-established string formats for those types (subject to - * the restrictions included in RFC 3280). IPv4 address names are + * the restrictions included in RFC 5280). IPv4 address names are * supplied using dotted quad notation. OID address names are represented * as a series of nonnegative integers separated by periods. And * directory names (distinguished names) are supplied in RFC 2253 format. @@ -746,7 +746,7 @@ * String form of some distinguished names. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string form (not {@code null}) * @throws IOException if a parsing error occurs */ @@ -770,7 +770,7 @@ * <p> * The name is provided as a byte array. This byte array should contain * the DER encoded name, as it would appear in the GeneralName structure - * defined in RFC 3280 and X.509. The encoded byte array should only contain + * defined in RFC 5280 and X.509. The encoded byte array should only contain * the encoded value of the name, and should not include the tag associated * with the name in the GeneralName structure. The ASN.1 definition of this * structure appears below. @@ -806,7 +806,7 @@ * must contain the specified subjectAlternativeName. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string or byte array form * @throws IOException if a parsing error occurs */ @@ -995,7 +995,7 @@ * <p> * The name constraints are specified as a byte array. This byte array * should contain the DER encoded form of the name constraints, as they - * would appear in the NameConstraints structure defined in RFC 3280 + * would appear in the NameConstraints structure defined in RFC 5280 * and X.509. The ASN.1 definition of this structure appears below. * * <pre>{@code @@ -1197,7 +1197,7 @@ * <p> * The name is provided in string format. RFC 822, DNS, and URI names * use the well-established string formats for those types (subject to - * the restrictions included in RFC 3280). IPv4 address names are + * the restrictions included in RFC 5280). IPv4 address names are * supplied using dotted quad notation. OID address names are represented * as a series of nonnegative integers separated by periods. And * directory names (distinguished names) are supplied in RFC 2253 format. @@ -1214,7 +1214,7 @@ * String form of some distinguished names. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string form * @throws IOException if a parsing error occurs */ @@ -1234,7 +1234,7 @@ * <p> * The name is provided as a byte array. This byte array should contain * the DER encoded name, as it would appear in the GeneralName structure - * defined in RFC 3280 and X.509. The ASN.1 definition of this structure + * defined in RFC 5280 and X.509. The ASN.1 definition of this structure * appears in the documentation for * {@link #addSubjectAlternativeName(int type, byte [] name) * addSubjectAlternativeName(int type, byte [] name)}. @@ -1243,7 +1243,7 @@ * subsequent modifications. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name a byte array containing the name in ASN.1 DER encoded form * @throws IOException if a parsing error occurs */ @@ -1258,7 +1258,7 @@ * the specified pathToName. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string or byte array form * @throws IOException if an encoding error occurs (incorrect form for DN) */ @@ -1715,7 +1715,7 @@ * <p> * The name constraints are returned as a byte array. This byte array * contains the DER encoded form of the name constraints, as they - * would appear in the NameConstraints structure defined in RFC 3280 + * would appear in the NameConstraints structure defined in RFC 5280 * and X.509. The ASN.1 notation for this structure is supplied in the * documentation for * {@link #setNameConstraints(byte [] bytes) setNameConstraints(byte [] bytes)}.
--- a/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ * CA such as a "root" CA. * <p> * More information can be found in - * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 + * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile</a>. * <p> * The ASN.1 definition of {@code tbsCertificate} is: @@ -408,7 +408,7 @@ * Gets the {@code issuerUniqueID} value from the certificate. * The issuer unique identifier is present in the certificate * to handle the possibility of reuse of issuer names over time. - * RFC 3280 recommends that names not be reused and that + * RFC 5280 recommends that names not be reused and that * conforming certificates not make use of unique identifiers. * Applications conforming to that profile should be capable of * parsing unique identifiers and making comparisons. @@ -459,7 +459,7 @@ * encipherOnly (7), * decipherOnly (8) } * </pre> - * RFC 3280 recommends that when used, this be marked + * RFC 5280 recommends that when used, this be marked * as a critical extension. * * @return the KeyUsage extension of this certificate, represented as @@ -572,7 +572,7 @@ * <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI * names are returned as {@code String}s, * using the well-established string formats for those types (subject to - * the restrictions included in RFC 3280). IPv4 address names are + * the restrictions included in RFC 5280). IPv4 address names are * returned using dotted quad notation. IPv6 address names are returned * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values * representing the eight 16-bit pieces of the address. OID names are
--- a/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,13 +41,13 @@ * of the distinguished name, or by using the ASN.1 DER encoded byte * representation of the distinguished name. The current specification * for the string representation of a distinguished name is defined in - * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253: Lightweight + * <a href="http://tools.ietf.org/html/rfc2253">RFC 2253: Lightweight * Directory Access Protocol (v3): UTF-8 String Representation of * Distinguished Names</a>. This class, however, accepts string formats from - * both RFC 2253 and <a href="http://www.ietf.org/rfc/rfc1779.txt">RFC 1779: + * both RFC 2253 and <a href="http://tools.ietf.org/html/rfc1779">RFC 1779: * A String Representation of Distinguished Names</a>, and also recognizes * attribute type keywords whose OIDs (Object Identifiers) are defined in - * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 + * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile</a>. * * <p> The string representation for this {@code X500Principal} @@ -108,7 +108,7 @@ * (and listed in {@link #getName(String format) getName(String format)}), * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object - * Identifiers (OIDs) are defined in RFC 3280 and its successor. + * Identifiers (OIDs) are defined in RFC 5280. * Any other attribute type must be specified as an OID. * * <p>This implementation enforces a more restrictive OID syntax than @@ -456,7 +456,7 @@ * (obtained via the {@code getName(X500Principal.CANONICAL)} method) * of this object and <i>o</i> are equal. * - * <p> This implementation is compliant with the requirements of RFC 3280. + * <p> This implementation is compliant with the requirements of RFC 5280. * * @param o Object to be compared for equality with this * {@code X500Principal}
--- a/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,15 +31,15 @@ * <h2>Package Specification</h2> * * <ul> - * <li><a href="http://www.ietf.org/rfc/rfc1779.txt"> + * <li><a href="http://tools.ietf.org/html/rfc1779"> * RFC 1779: A String Representation of Distinguished Names</a></li> - * <li><a href="http://www.ietf.org/rfc/rfc2253.txt"> + * <li><a href="http://tools.ietf.org/html/rfc2253"> * RFC 2253: Lightweight Directory Access Protocol (v3): * UTF-8 String Representation of Distinguished Names</a></li> - * <li><a href="http://www.ietf.org/rfc/rfc3280.txt"> - * RFC 3280: Internet X.509 Public Key Infrastructure + * <li><a href="http://tools.ietf.org/html/rfc5280"> + * RFC 5280: Internet X.509 Public Key Infrastructure * Certificate and Certificate Revocation List (CRL) Profile</a></li> - * <li><a href="http://www.ietf.org/rfc/rfc4512.txt"> + * <li><a href="http://tools.ietf.org/html/rfc4512"> * RFC 4512: Lightweight Directory Access Protocol (LDAP): * Directory Information Models</a></li> * </ul>
--- a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -64,7 +64,7 @@ * and CRLs. Aliases for X.509 are X509. * * - PKIX is the certification path validation algorithm described - * in RFC 3280. The ValidationAlgorithm attribute notes the + * in RFC 5280. The ValidationAlgorithm attribute notes the * specification that this provider implements. * * - LDAP is the CertStore type for LDAP repositories. The @@ -250,7 +250,7 @@ map.put("CertPathBuilder.PKIX", "sun.security.provider.certpath.SunCertPathBuilder"); map.put("CertPathBuilder.PKIX ValidationAlgorithm", - "RFC3280"); + "RFC5280"); /* * CertPathValidator @@ -258,7 +258,7 @@ map.put("CertPathValidator.PKIX", "sun.security.provider.certpath.PKIXCertPathValidator"); map.put("CertPathValidator.PKIX ValidationAlgorithm", - "RFC3280"); + "RFC5280"); /* * CertStores
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Tue Oct 07 22:23:19 2014 -0700 @@ -434,7 +434,7 @@ } if (indirectCRL) { if (pointCrlIssuers.size() != 1) { - // RFC 3280: there must be only 1 CRL issuer + // RFC 5280: there must be only 1 CRL issuer // name when relativeName is present if (debug != null) { debug.println("must only be one CRL " +
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -578,7 +578,7 @@ } /** - * Rewrite leaf nodes at the end of validation as described in RFC 3280 + * Rewrite leaf nodes at the end of validation as described in RFC 5280 * section 6.1.5: Step (g)(iii). Leaf nodes with anyPolicy are replaced * by nodes explicitly representing initial policies not already * represented by leaf nodes.
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -56,7 +56,7 @@ private PolicyNodeImpl mParent; private HashSet<PolicyNodeImpl> mChildren; - // the 4 fields specified by RFC 3280 + // the 4 fields specified by RFC 5280 private String mValidPolicy; private HashSet<PolicyQualifierInfo> mQualifierSet; private boolean mCriticalityIndicator;
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java Tue Oct 07 22:23:19 2014 -0700 @@ -472,9 +472,9 @@ " ---checking revocation status ..."); } - // reject circular dependencies - RFC 3280 is not explicit on how - // to handle this, so we feel it is safest to reject them until - // the issue is resolved in the PKIX WG. + // Reject circular dependencies - RFC 5280 is not explicit on how + // to handle this, but does suggest that they can be a security + // risk and can create unresolvable dependencies if (stackedCerts != null && stackedCerts.contains(cert)) { if (debug != null) { debug.println("RevocationChecker.checkCRLs()" + @@ -628,7 +628,7 @@ /* * Abort CRL validation and throw exception if there are any * unrecognized critical CRL entry extensions (see section - * 5.3 of RFC 3280). + * 5.3 of RFC 5280). */ Set<String> unresCritExts = entry.getCriticalExtensionOIDs(); if (unresCritExts != null && !unresCritExts.isEmpty()) { @@ -880,9 +880,9 @@ " ---checking " + msg + "..."); } - // reject circular dependencies - RFC 3280 is not explicit on how - // to handle this, so we feel it is safest to reject them until - // the issue is resolved in the PKIX WG. + // Reject circular dependencies - RFC 5280 is not explicit on how + // to handle this, but does suggest that they can be a security + // risk and can create unresolvable dependencies if ((stackedCerts != null) && stackedCerts.contains(cert)) { if (debug != null) { debug.println(
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,7 +53,7 @@ * <p> If successful, it returns a certification path which has successfully * satisfied all the constraints and requirements specified in the * PKIXBuilderParameters object and has been validated according to the PKIX - * path validation algorithm defined in RFC 3280. + * path validation algorithm defined in RFC 5280. * * <p> This implementation uses a depth-first search approach to finding * certification paths. If it comes to a point in which it cannot find
--- a/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -285,7 +285,7 @@ * YYMMDDhhmmss-hhmm * UTC Time is broken in storing only two digits of year. * If YY < 50, we assume 20YY; - * if YY >= 50, we assume 19YY, as per RFC 3280. + * if YY >= 50, we assume 19YY, as per RFC 5280. * * Generalized time has a four-digit year and allows any * precision specified in ISO 8601. However, for our purposes,
--- a/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java Tue Oct 07 22:23:19 2014 -0700 @@ -461,7 +461,7 @@ * Marshals a DER UTC time/date value. * * <P>YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per RFC 3280. + * and with seconds (even if seconds=0) as per RFC 5280. */ public void putUTCTime(Date d) throws IOException { putTime(d, DerValue.tag_UtcTime); @@ -471,7 +471,7 @@ * Marshals a DER Generalized Time/date value. * * <P>YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per RFC 3280. + * and with seconds (even if seconds=0) as per RFC 5280. */ public void putGeneralizedTime(Date d) throws IOException { putTime(d, DerValue.tag_GeneralizedTime);
--- a/jdk/src/java.base/share/classes/sun/security/util/DerValue.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/util/DerValue.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,8 +45,8 @@ * (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data). * * A note with respect to T61/Teletex strings: From RFC 1617, section 4.1.3 - * and RFC 3280, section 4.1.2.4., we assume that this kind of string will - * contain ISO-8859-1 characters only. + * and RFC 5280, section 8, we assume that this kind of string will contain + * ISO-8859-1 characters only. * * * @author David Brownell
--- a/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,7 +43,7 @@ * certificate that identifies the specific OCSP Responder to use when * performing on-line validation of that certificate. * <p> - * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt"> + * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280"> * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile</a>. The profile permits * the extension to be included in end-entity or CA certificates,
--- a/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,7 +44,7 @@ * <p> * If used by conforming CRL issuers, this extension is always * critical. If an implementation ignored this extension it could not - * correctly attribute CRL entries to certificates. PKIX (RFC 3280) + * correctly attribute CRL entries to certificates. PKIX (RFC 5280) * RECOMMENDS that implementations recognize this extension. * <p> * The ASN.1 definition for this is:
--- a/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ * * <p> * The extension is defined in Section 5.2.4 of - * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific + * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile</a>. * * <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,7 +94,7 @@ public static final String NAME = "ExtendedKeyUsage"; public static final String USAGES = "usages"; - // OID defined in RFC 3280 Sections 4.2.1.13 + // OID defined in RFC 5280 Sections 4.2.1.12 // more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html private static final Map <ObjectIdentifier, String> map = new HashMap <ObjectIdentifier, String> ();
--- a/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ * * <p> * The extension is defined in Section 5.2.6 of - * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific + * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile</a>. * * <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,7 @@ import sun.security.util.*; /** - * From RFC 3280: + * From RFC 5280: * <p> * The invalidity date is a non-critical CRL entry extension that * provides the date on which it is known or suspected that the private
--- a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -46,7 +46,7 @@ * * <p> * The extension is defined in Section 5.2.5 of - * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific + * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile</a>. * * <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -341,7 +341,7 @@ /* * Returns a printable form of this RDN, using RFC 1779 style catenation * of attribute/value assertions, and emitting attribute type keywords - * from RFCs 1779, 2253, and 3280. + * from RFCs 1779, 2253, and 5280. */ public String toString() { if (assertion.length == 1) {
--- a/jdk/src/java.base/share/classes/sun/security/x509/README Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/README Tue Oct 07 22:23:19 2014 -0700 @@ -34,7 +34,7 @@ Protocol (LDAP) that many organizations are expecting will help address online certificate distribution over the Internet. - RFC 3280, which describes the Internet X.509 Public Key + RFC 5280, which describes the Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which
--- a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,7 +47,7 @@ * included in end entity or CA certificates. Conforming CAs MUST mark * this extension as non-critical. * <p> - * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt"> + * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280"> * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile</a>. The profile permits * the extension to be included in end-entity or CA certificates,
--- a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,15 +35,15 @@ * This class implements the URIName as required by the GeneralNames * ASN.1 object. * <p> - * [RFC3280] When the subjectAltName extension contains a URI, the name MUST be + * [RFC5280] When the subjectAltName extension contains a URI, the name MUST be * stored in the uniformResourceIdentifier (an IA5String). The name MUST * be a non-relative URL, and MUST follow the URL syntax and encoding - * rules specified in [RFC 1738]. The name must include both a scheme + * rules specified in [RFC 3986]. The name must include both a scheme * (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- * specific-part must include a fully qualified domain name or IP * address as the host. * <p> - * As specified in [RFC 1738], the scheme name is not case-sensitive + * As specified in [RFC 3986], the scheme name is not case-sensitive * (e.g., "http" is equivalent to "HTTP"). The host part is also not * case-sensitive, but other components of the scheme-specific-part may * be case-sensitive. When comparing URIs, conforming implementations @@ -113,7 +113,7 @@ } host = uri.getHost(); - // RFC 3280 says that the host should be non-null, but we allow it to + // RFC 5280 says that the host should be non-null, but we allow it to // be null because some widely deployed certificates contain CDP // extensions with URIs that have no hostname (see bugs 4802236 and // 5107944). @@ -148,7 +148,7 @@ /** * Create the URIName object with the specified name constraint. URI * name constraints syntax is different than SubjectAltNames, etc. See - * 4.2.1.11 of RFC 3280. + * 4.2.1.10 of RFC 5280. * * @param value the URI name constraint * @throws IOException if name is not a proper URI name constraint @@ -300,7 +300,7 @@ * These results are used in checking NameConstraints during * certification path verification. * <p> - * RFC3280: For URIs, the constraint applies to the host part of the name. + * RFC5280: For URIs, the constraint applies to the host part of the name. * The constraint may specify a host or a domain. Examples would be * "foo.bar.com"; and ".xyz.com". When the the constraint begins with * a period, it may be expanded with one or more subdomains. That is,
--- a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -605,7 +605,7 @@ * Returns a string form of the X.500 distinguished name. * The format of the string is from RFC 1779. The returned string * may contain non-standardised keywords for more readability - * (keywords from RFCs 1779, 2253, and 3280). + * (keywords from RFCs 1779, 2253, and 5280). */ public String toString() { if (dn == null) { @@ -866,7 +866,7 @@ * O="Sue, Grabbit and Runn" or * O=Sue\, Grabbit and Runn * - * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 3280 + * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 5280 * keywords. Additional keywords can be specified in the keyword/OID map. */ private void parseDN(String input, Map<String, String> keywordMap) @@ -1122,7 +1122,7 @@ /* * Selected OIDs from X.520 - * Includes all those specified in RFC 3280 as MUST or SHOULD + * Includes all those specified in RFC 5280 as MUST or SHOULD * be recognized */ private static final int commonName_data[] = { 2, 5, 4, 3 }; @@ -1220,7 +1220,7 @@ ipAddress_oid = intern(ObjectIdentifier.newInternal(ipAddress_data)); /* - * Domain component OID from RFC 1274, RFC 2247, RFC 3280 + * Domain component OID from RFC 1274, RFC 2247, RFC 5280 */ /*
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ * signature BIT STRING } * </pre> * More information can be found in - * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 + * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile</a>. * <p> * The ASN.1 definition of <code>tbsCertList</code> is:
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -708,7 +708,7 @@ } /* - * Verify if X.509 V3 Certificate is compliant with RFC 3280. + * Verify if X.509 V3 Certificate is compliant with RFC 5280. */ private void verifyCert(X500Name subject, CertificateExtensions extensions)
--- a/jdk/src/java.base/share/conf/security/java.security Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/java.base/share/conf/security/java.security Tue Oct 07 22:23:19 2014 -0700 @@ -345,7 +345,7 @@ # By default, the location of the OCSP responder is determined implicitly # from the certificate being validated. This property explicitly specifies # the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent +# Authority Information Access extension (defined in RFC 5280) is absent # from the certificate or when it requires overriding. # # Example,
--- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java Tue Oct 07 19:22:24 2014 -0700 +++ b/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java Tue Oct 07 22:23:19 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -140,7 +140,7 @@ /** * Examine the certificate for a Subject Information Access extension - * (<a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280</a>). + * (<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>). * The extension's <tt>accessMethod</tt> field should contain the object * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL.