changeset 8556:1d93f62de76e

8017325: Cleanup of the javadoc <code> tag in java.security.cert Summary: Convert javadoc <code>...</code> and <tt>...</tt> tags to {@code ...} Reviewed-by: darcy
author juh
date Tue, 24 Jan 2017 00:54:36 +0000
parents cac5fa70a888
children 6486309cfd95
files src/share/classes/java/security/cert/CRLException.java src/share/classes/java/security/cert/CRLSelector.java src/share/classes/java/security/cert/CertPath.java src/share/classes/java/security/cert/CertPathBuilder.java src/share/classes/java/security/cert/CertPathBuilderException.java src/share/classes/java/security/cert/CertPathBuilderResult.java src/share/classes/java/security/cert/CertPathBuilderSpi.java src/share/classes/java/security/cert/CertPathParameters.java src/share/classes/java/security/cert/CertPathValidator.java src/share/classes/java/security/cert/CertPathValidatorException.java src/share/classes/java/security/cert/CertPathValidatorResult.java src/share/classes/java/security/cert/CertPathValidatorSpi.java src/share/classes/java/security/cert/CertSelector.java src/share/classes/java/security/cert/CertStore.java src/share/classes/java/security/cert/CertStoreException.java src/share/classes/java/security/cert/CertStoreParameters.java src/share/classes/java/security/cert/CertStoreSpi.java src/share/classes/java/security/cert/Certificate.java src/share/classes/java/security/cert/CertificateEncodingException.java src/share/classes/java/security/cert/CertificateException.java src/share/classes/java/security/cert/CertificateExpiredException.java src/share/classes/java/security/cert/CertificateFactory.java src/share/classes/java/security/cert/CertificateFactorySpi.java src/share/classes/java/security/cert/CertificateNotYetValidException.java src/share/classes/java/security/cert/CertificateParsingException.java src/share/classes/java/security/cert/CertificateRevokedException.java src/share/classes/java/security/cert/CollectionCertStoreParameters.java src/share/classes/java/security/cert/Extension.java src/share/classes/java/security/cert/LDAPCertStoreParameters.java src/share/classes/java/security/cert/PKIXBuilderParameters.java src/share/classes/java/security/cert/PKIXCertPathBuilderResult.java src/share/classes/java/security/cert/PKIXCertPathChecker.java src/share/classes/java/security/cert/PKIXCertPathValidatorResult.java src/share/classes/java/security/cert/PKIXParameters.java src/share/classes/java/security/cert/PKIXReason.java src/share/classes/java/security/cert/PolicyNode.java src/share/classes/java/security/cert/PolicyQualifierInfo.java src/share/classes/java/security/cert/TrustAnchor.java src/share/classes/java/security/cert/X509CRL.java src/share/classes/java/security/cert/X509CRLEntry.java src/share/classes/java/security/cert/X509CRLSelector.java src/share/classes/java/security/cert/X509CertSelector.java src/share/classes/java/security/cert/X509Certificate.java src/share/classes/java/security/cert/X509Extension.java
diffstat 44 files changed, 1385 insertions(+), 1385 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/security/cert/CRLException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CRLException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,13 +57,13 @@
     }
 
     /**
-     * Creates a <code>CRLException</code> with the specified
+     * Creates a {@code CRLException} with the specified
      * detail message and cause.
      *
      * @param message the detail message (which is saved for later retrieval
      *        by the {@link #getMessage()} method).
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
@@ -72,13 +72,13 @@
     }
 
     /**
-     * Creates a <code>CRLException</code> with the specified cause
-     * and a detail message of <tt>(cause==null ? null : cause.toString())</tt>
+     * Creates a {@code CRLException} with the specified cause
+     * and a detail message of {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <tt>cause</tt>).
+     * {@code cause}).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
--- a/src/share/classes/java/security/cert/CRLSelector.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CRLSelector.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,9 +26,9 @@
 package java.security.cert;
 
 /**
- * A selector that defines a set of criteria for selecting <code>CRL</code>s.
+ * A selector that defines a set of criteria for selecting {@code CRL}s.
  * Classes that implement this interface are often used to specify
- * which <code>CRL</code>s should be retrieved from a <code>CertStore</code>.
+ * which {@code CRL}s should be retrieved from a {@code CertStore}.
  * <p>
  * <b>Concurrent Access</b>
  * <p>
@@ -48,19 +48,19 @@
 public interface CRLSelector extends Cloneable {
 
     /**
-     * Decides whether a <code>CRL</code> should be selected.
+     * Decides whether a {@code CRL} should be selected.
      *
-     * @param   crl     the <code>CRL</code> to be checked
-     * @return  <code>true</code> if the <code>CRL</code> should be selected,
-     * <code>false</code> otherwise
+     * @param   crl     the {@code CRL} to be checked
+     * @return  {@code true} if the {@code CRL} should be selected,
+     * {@code false} otherwise
      */
     boolean match(CRL crl);
 
     /**
-     * Makes a copy of this <code>CRLSelector</code>. Changes to the
+     * Makes a copy of this {@code CRLSelector}. Changes to the
      * copy will not affect the original and vice versa.
      *
-     * @return a copy of this <code>CRLSelector</code>
+     * @return a copy of this {@code CRLSelector}
      */
     Object clone();
 }
--- a/src/share/classes/java/security/cert/CertPath.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPath.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,59 +36,59 @@
  * An immutable sequence of certificates (a certification path).
  * <p>
  * This is an abstract class that defines the methods common to all
- * <code>CertPath</code>s. Subclasses can handle different kinds of
+ * {@code CertPath}s. Subclasses can handle different kinds of
  * certificates (X.509, PGP, etc.).
  * <p>
- * All <code>CertPath</code> objects have a type, a list of
- * <code>Certificate</code>s, and one or more supported encodings. Because the
- * <code>CertPath</code> class is immutable, a <code>CertPath</code> cannot
+ * All {@code CertPath} objects have a type, a list of
+ * {@code Certificate}s, and one or more supported encodings. Because the
+ * {@code CertPath} class is immutable, a {@code CertPath} cannot
  * change in any externally visible way after being constructed. This
  * stipulation applies to all public fields and methods of this class and any
  * added or overridden by subclasses.
  * <p>
- * The type is a <code>String</code> that identifies the type of
- * <code>Certificate</code>s in the certification path. For each
- * certificate <code>cert</code> in a certification path <code>certPath</code>,
- * <code>cert.getType().equals(certPath.getType())</code> must be
- * <code>true</code>.
+ * The type is a {@code String} that identifies the type of
+ * {@code Certificate}s in the certification path. For each
+ * certificate {@code cert} in a certification path {@code certPath},
+ * {@code cert.getType().equals(certPath.getType())} must be
+ * {@code true}.
  * <p>
- * The list of <code>Certificate</code>s is an ordered <code>List</code> of
- * zero or more <code>Certificate</code>s. This <code>List</code> and all
- * of the <code>Certificate</code>s contained in it must be immutable.
+ * The list of {@code Certificate}s is an ordered {@code List} of
+ * zero or more {@code Certificate}s. This {@code List} and all
+ * of the {@code Certificate}s contained in it must be immutable.
  * <p>
- * Each <code>CertPath</code> object must support one or more encodings
+ * Each {@code CertPath} object must support one or more encodings
  * so that the object can be translated into a byte array for storage or
  * transmission to other parties. Preferably, these encodings should be
  * well-documented standards (such as PKCS#7). One of the encodings supported
- * by a <code>CertPath</code> is considered the default encoding. This
+ * by a {@code CertPath} is considered the default encoding. This
  * encoding is used if no encoding is explicitly requested (for the
  * {@link #getEncoded() getEncoded()} method, for instance).
  * <p>
- * All <code>CertPath</code> objects are also <code>Serializable</code>.
- * <code>CertPath</code> objects are resolved into an alternate
+ * All {@code CertPath} objects are also {@code Serializable}.
+ * {@code CertPath} objects are resolved into an alternate
  * {@link CertPathRep CertPathRep} object during serialization. This allows
- * a <code>CertPath</code> object to be serialized into an equivalent
+ * a {@code CertPath} object to be serialized into an equivalent
  * representation regardless of its underlying implementation.
  * <p>
- * <code>CertPath</code> objects can be created with a
- * <code>CertificateFactory</code> or they can be returned by other classes,
- * such as a <code>CertPathBuilder</code>.
+ * {@code CertPath} objects can be created with a
+ * {@code CertificateFactory} or they can be returned by other classes,
+ * such as a {@code CertPathBuilder}.
  * <p>
- * By convention, X.509 <code>CertPath</code>s (consisting of
- * <code>X509Certificate</code>s), are ordered starting with the target
+ * By convention, X.509 {@code CertPath}s (consisting of
+ * {@code X509Certificate}s), are ordered starting with the target
  * certificate and ending with a certificate issued by the trust anchor. That
  * is, the issuer of one certificate is the subject of the following one. The
  * certificate representing the {@link TrustAnchor TrustAnchor} should not be
- * included in the certification path. Unvalidated X.509 <code>CertPath</code>s
- * may not follow these conventions. PKIX <code>CertPathValidator</code>s will
+ * included in the certification path. Unvalidated X.509 {@code CertPath}s
+ * may not follow these conventions. PKIX {@code CertPathValidator}s will
  * detect any departure from these conventions that cause the certification
- * path to be invalid and throw a <code>CertPathValidatorException</code>.
+ * path to be invalid and throw a {@code CertPathValidatorException}.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>CertPath</code> encodings:
+ * following standard {@code CertPath} encodings:
  * <ul>
- * <li><tt>PKCS7</tt></li>
- * <li><tt>PkiPath</tt></li>
+ * <li>{@code PKCS7}</li>
+ * <li>{@code PkiPath}</li>
  * </ul>
  * These encodings are described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
@@ -99,17 +99,17 @@
  * <p>
  * <b>Concurrent Access</b>
  * <p>
- * All <code>CertPath</code> objects must be thread-safe. That is, multiple
+ * All {@code CertPath} objects must be thread-safe. That is, multiple
  * threads may concurrently invoke the methods defined in this class on a
- * single <code>CertPath</code> object (or more than one) with no
- * ill effects. This is also true for the <code>List</code> returned by
- * <code>CertPath.getCertificates</code>.
+ * single {@code CertPath} object (or more than one) with no
+ * ill effects. This is also true for the {@code List} returned by
+ * {@code CertPath.getCertificates}.
  * <p>
- * Requiring <code>CertPath</code> objects to be immutable and thread-safe
+ * Requiring {@code CertPath} objects to be immutable and thread-safe
  * allows them to be passed around to various pieces of code without worrying
  * about coordinating access.  Providing this thread-safety is
- * generally not difficult, since the <code>CertPath</code> and
- * <code>List</code> objects in question are immutable.
+ * generally not difficult, since the {@code CertPath} and
+ * {@code List} objects in question are immutable.
  *
  * @see CertificateFactory
  * @see CertPathBuilder
@@ -124,25 +124,25 @@
     private String type;        // the type of certificates in this chain
 
     /**
-     * Creates a <code>CertPath</code> of the specified type.
+     * Creates a {@code CertPath} of the specified type.
      * <p>
      * This constructor is protected because most users should use a
-     * <code>CertificateFactory</code> to create <code>CertPath</code>s.
+     * {@code CertificateFactory} to create {@code CertPath}s.
      *
      * @param type the standard name of the type of
-     * <code>Certificate</code>s in this path
+     * {@code Certificate}s in this path
      */
     protected CertPath(String type) {
         this.type = type;
     }
 
     /**
-     * Returns the type of <code>Certificate</code>s in this certification
+     * Returns the type of {@code Certificate}s in this certification
      * path. This is the same string that would be returned by
      * {@link java.security.cert.Certificate#getType() cert.getType()}
-     * for all <code>Certificate</code>s in the certification path.
+     * for all {@code Certificate}s in the certification path.
      *
-     * @return the type of <code>Certificate</code>s in this certification
+     * @return the type of {@code Certificate}s in this certification
      * path (never null)
      */
     public String getType() {
@@ -152,21 +152,21 @@
     /**
      * Returns an iteration of the encodings supported by this certification
      * path, with the default encoding first. Attempts to modify the returned
-     * <code>Iterator</code> via its <code>remove</code> method result in an
-     * <code>UnsupportedOperationException</code>.
+     * {@code Iterator} via its {@code remove} method result in an
+     * {@code UnsupportedOperationException}.
      *
-     * @return an <code>Iterator</code> over the names of the supported
+     * @return an {@code Iterator} over the names of the supported
      *         encodings (as Strings)
      */
     public abstract Iterator<String> getEncodings();
 
     /**
      * Compares this certification path for equality with the specified
-     * object. Two <code>CertPath</code>s are equal if and only if their
-     * types are equal and their certificate <code>List</code>s (and by
-     * implication the <code>Certificate</code>s in those <code>List</code>s)
-     * are equal. A <code>CertPath</code> is never equal to an object that is
-     * not a <code>CertPath</code>.
+     * object. Two {@code CertPath}s are equal if and only if their
+     * types are equal and their certificate {@code List}s (and by
+     * implication the {@code Certificate}s in those {@code List}s)
+     * are equal. A {@code CertPath} is never equal to an object that is
+     * not a {@code CertPath}.
      * <p>
      * This algorithm is implemented by this method. If it is overridden,
      * the behavior specified here must be maintained.
@@ -195,14 +195,14 @@
      * Returns the hashcode for this certification path. The hash code of
      * a certification path is defined to be the result of the following
      * calculation:
-     * <pre><code>
+     * <pre>{@code
      *  hashCode = path.getType().hashCode();
      *  hashCode = 31*hashCode + path.getCertificates().hashCode();
-     * </code></pre>
-     * This ensures that <code>path1.equals(path2)</code> implies that
-     * <code>path1.hashCode()==path2.hashCode()</code> for any two certification
-     * paths, <code>path1</code> and <code>path2</code>, as required by the
-     * general contract of <code>Object.hashCode</code>.
+     * }</pre>
+     * This ensures that {@code path1.equals(path2)} implies that
+     * {@code path1.hashCode()==path2.hashCode()} for any two certification
+     * paths, {@code path1} and {@code path2}, as required by the
+     * general contract of {@code Object.hashCode}.
      *
      * @return the hashcode value for this certification path
      */
@@ -214,8 +214,8 @@
 
     /**
      * Returns a string representation of this certification path.
-     * This calls the <code>toString</code> method on each of the
-     * <code>Certificate</code>s in the path.
+     * This calls the {@code toString} method on each of the
+     * {@code Certificate}s in the path.
      *
      * @return a string representation of this certification path
      */
@@ -266,20 +266,20 @@
 
     /**
      * Returns the list of certificates in this certification path.
-     * The <code>List</code> returned must be immutable and thread-safe.
+     * The {@code List} returned must be immutable and thread-safe.
      *
-     * @return an immutable <code>List</code> of <code>Certificate</code>s
+     * @return an immutable {@code List} of {@code Certificate}s
      *         (may be empty, but not null)
      */
     public abstract List<? extends Certificate> getCertificates();
 
     /**
-     * Replaces the <code>CertPath</code> to be serialized with a
-     * <code>CertPathRep</code> object.
+     * Replaces the {@code CertPath} to be serialized with a
+     * {@code CertPathRep} object.
      *
-     * @return the <code>CertPathRep</code> to be serialized
+     * @return the {@code CertPathRep} to be serialized
      *
-     * @throws ObjectStreamException if a <code>CertPathRep</code> object
+     * @throws ObjectStreamException if a {@code CertPathRep} object
      * representing this certification path could not be created
      */
     protected Object writeReplace() throws ObjectStreamException {
@@ -295,7 +295,7 @@
     }
 
     /**
-     * Alternate <code>CertPath</code> class for serialization.
+     * Alternate {@code CertPath} class for serialization.
      * @since 1.4
      */
     protected static class CertPathRep implements Serializable {
@@ -308,10 +308,10 @@
         private byte[] data;
 
         /**
-         * Creates a <code>CertPathRep</code> with the specified
+         * Creates a {@code CertPathRep} with the specified
          * type and encoded form of a certification path.
          *
-         * @param type the standard name of a <code>CertPath</code> type
+         * @param type the standard name of a {@code CertPath} type
          * @param data the encoded form of the certification path
          */
         protected CertPathRep(String type, byte[] data) {
@@ -320,11 +320,11 @@
         }
 
         /**
-         * Returns a <code>CertPath</code> constructed from the type and data.
+         * Returns a {@code CertPath} constructed from the type and data.
          *
-         * @return the resolved <code>CertPath</code> object
+         * @return the resolved {@code CertPath} object
          *
-         * @throws ObjectStreamException if a <code>CertPath</code> could not
+         * @throws ObjectStreamException if a {@code CertPath} could not
          * be constructed
          */
         protected Object readResolve() throws ObjectStreamException {
--- a/src/share/classes/java/security/cert/CertPathBuilder.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathBuilder.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,22 +41,22 @@
  * A class for building certification paths (also known as certificate chains).
  * <p>
  * This class uses a provider-based architecture.
- * To create a <code>CertPathBuilder</code>, call
- * one of the static <code>getInstance</code> methods, passing in the
- * algorithm name of the <code>CertPathBuilder</code> desired and optionally
+ * To create a {@code CertPathBuilder}, call
+ * one of the static {@code getInstance} methods, passing in the
+ * algorithm name of the {@code CertPathBuilder} desired and optionally
  * the name of the provider desired.
  * <p>
- * Once a <code>CertPathBuilder</code> object has been created, certification
+ * <p>Once a {@code CertPathBuilder} object has been created, certification
  * paths can be constructed by calling the {@link #build build} method and
  * passing it an algorithm-specific set of parameters. If successful, the
- * result (including the <code>CertPath</code> that was built) is returned
- * in an object that implements the <code>CertPathBuilderResult</code>
+ * result (including the {@code CertPath} that was built) is returned
+ * in an object that implements the {@code CertPathBuilderResult}
  * interface.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>CertPathBuilder</code> algorithm:
+ * following standard {@code CertPathBuilder} algorithm:
  * <ul>
- * <li><tt>PKIX</tt></li>
+ * <li>{@code PKIX}</li>
  * </ul>
  * This algorithm is described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
@@ -74,9 +74,9 @@
  * <p>
  * However, this is not true for the non-static methods defined by this class.
  * Unless otherwise documented by a specific provider, threads that need to
- * access a single <code>CertPathBuilder</code> instance concurrently should
+ * access a single {@code CertPathBuilder} instance concurrently should
  * synchronize amongst themselves and provide the necessary locking. Multiple
- * threads each manipulating a different <code>CertPathBuilder</code> instance
+ * threads each manipulating a different {@code CertPathBuilder} instance
  * need not synchronize.
  *
  * @see CertPath
@@ -102,7 +102,7 @@
     private String algorithm;
 
     /**
-     * Creates a <code>CertPathBuilder</code> object of the given algorithm,
+     * Creates a {@code CertPathBuilder} object of the given algorithm,
      * and encapsulates the given provider implementation (SPI object) in it.
      *
      * @param builderSpi the provider implementation
@@ -118,7 +118,7 @@
     }
 
     /**
-     * Returns a <code>CertPathBuilder</code> object that implements the
+     * Returns a {@code CertPathBuilder} object that implements the
      * specified algorithm.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -130,13 +130,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
-     * @param algorithm the name of the requested <code>CertPathBuilder</code>
+     * @param algorithm the name of the requested {@code CertPathBuilder}
      *  algorithm.  See the CertPathBuilder section in the <a href=
      *  "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return a <code>CertPathBuilder</code> object that implements the
+     * @return a {@code CertPathBuilder} object that implements the
      *          specified algorithm.
      *
      * @throws NoSuchAlgorithmException if no Provider supports a
@@ -154,7 +154,7 @@
     }
 
     /**
-     * Returns a <code>CertPathBuilder</code> object that implements the
+     * Returns a {@code CertPathBuilder} object that implements the
      * specified algorithm.
      *
      * <p> A new CertPathBuilder object encapsulating the
@@ -165,7 +165,7 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
-     * @param algorithm the name of the requested <code>CertPathBuilder</code>
+     * @param algorithm the name of the requested {@code CertPathBuilder}
      *  algorithm.  See the CertPathBuilder section in the <a href=
      *  "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
@@ -173,7 +173,7 @@
      *
      * @param provider the name of the provider.
      *
-     * @return a <code>CertPathBuilder</code> object that implements the
+     * @return a {@code CertPathBuilder} object that implements the
      *          specified algorithm.
      *
      * @throws NoSuchAlgorithmException if a CertPathBuilderSpi
@@ -183,7 +183,7 @@
      * @throws NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception IllegalArgumentException if the <code>provider</code> is
+     * @exception IllegalArgumentException if the {@code provider} is
      *          null or empty.
      *
      * @see java.security.Provider
@@ -197,7 +197,7 @@
     }
 
     /**
-     * Returns a <code>CertPathBuilder</code> object that implements the
+     * Returns a {@code CertPathBuilder} object that implements the
      * specified algorithm.
      *
      * <p> A new CertPathBuilder object encapsulating the
@@ -205,7 +205,7 @@
      * object is returned.  Note that the specified Provider object
      * does not have to be registered in the provider list.
      *
-     * @param algorithm the name of the requested <code>CertPathBuilder</code>
+     * @param algorithm the name of the requested {@code CertPathBuilder}
      *  algorithm.  See the CertPathBuilder section in the <a href=
      *  "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
@@ -213,14 +213,14 @@
      *
      * @param provider the provider.
      *
-     * @return a <code>CertPathBuilder</code> object that implements the
+     * @return a {@code CertPathBuilder} object that implements the
      *          specified algorithm.
      *
      * @exception NoSuchAlgorithmException if a CertPathBuilderSpi
      *          implementation for the specified algorithm is not available
      *          from the specified Provider object.
      *
-     * @exception IllegalArgumentException if the <code>provider</code> is
+     * @exception IllegalArgumentException if the {@code provider} is
      *          null.
      *
      * @see java.security.Provider
@@ -234,18 +234,18 @@
     }
 
     /**
-     * Returns the provider of this <code>CertPathBuilder</code>.
+     * Returns the provider of this {@code CertPathBuilder}.
      *
-     * @return the provider of this <code>CertPathBuilder</code>
+     * @return the provider of this {@code CertPathBuilder}
      */
     public final Provider getProvider() {
         return this.provider;
     }
 
     /**
-     * Returns the name of the algorithm of this <code>CertPathBuilder</code>.
+     * Returns the name of the algorithm of this {@code CertPathBuilder}.
      *
-     * @return the name of the algorithm of this <code>CertPathBuilder</code>
+     * @return the name of the algorithm of this {@code CertPathBuilder}
      */
     public final String getAlgorithm() {
         return this.algorithm;
@@ -260,7 +260,7 @@
      * @throws CertPathBuilderException if the builder is unable to construct
      *  a certification path that satisfies the specified parameters
      * @throws InvalidAlgorithmParameterException if the specified parameters
-     * are inappropriate for this <code>CertPathBuilder</code>
+     * are inappropriate for this {@code CertPathBuilder}
      */
     public final CertPathBuilderResult build(CertPathParameters params)
         throws CertPathBuilderException, InvalidAlgorithmParameterException
--- a/src/share/classes/java/security/cert/CertPathBuilderException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathBuilderException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,9 +29,9 @@
 
 /**
  * An exception indicating one of a variety of problems encountered when
- * building a certification path with a <code>CertPathBuilder</code>.
+ * building a certification path with a {@code CertPathBuilder}.
  * <p>
- * A <code>CertPathBuilderException</code> provides support for wrapping
+ * A {@code CertPathBuilderException} provides support for wrapping
  * exceptions. The {@link #getCause getCause} method returns the throwable,
  * if any, that caused this exception to be thrown.
  * <p>
@@ -53,7 +53,7 @@
     private static final long serialVersionUID = 5316471420178794402L;
 
     /**
-     * Creates a <code>CertPathBuilderException</code> with <code>null</code>
+     * Creates a {@code CertPathBuilderException} with {@code null}
      * as its detail message.
      */
     public CertPathBuilderException() {
@@ -61,8 +61,8 @@
     }
 
     /**
-     * Creates a <code>CertPathBuilderException</code> with the given
-     * detail message. The detail message is a <code>String</code> that
+     * Creates a {@code CertPathBuilderException} with the given
+     * detail message. The detail message is a {@code String} that
      * describes this particular exception in more detail.
      *
      * @param msg the detail message
@@ -72,16 +72,16 @@
     }
 
     /**
-     * Creates a <code>CertPathBuilderException</code> that wraps the specified
+     * Creates a {@code CertPathBuilderException} that wraps the specified
      * throwable. This allows any exception to be converted into a
-     * <code>CertPathBuilderException</code>, while retaining information
+     * {@code CertPathBuilderException}, while retaining information
      * about the wrapped exception, which may be useful for debugging. The
-     * detail message is set to (<code>cause==null ? null : cause.toString()
-     * </code>) (which typically contains the class and detail message of
+     * detail message is set to ({@code cause==null ? null : cause.toString()})
+     * (which typically contains the class and detail message of
      * cause).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     * {@link #getCause getCause()} method). (A <code>null</code> value is
+     * {@link #getCause getCause()} method). (A {@code null} value is
      * permitted, and indicates that the cause is nonexistent or unknown.)
      */
     public CertPathBuilderException(Throwable cause) {
@@ -89,12 +89,12 @@
     }
 
     /**
-     * Creates a <code>CertPathBuilderException</code> with the specified
+     * Creates a {@code CertPathBuilderException} with the specified
      * detail message and cause.
      *
      * @param msg the detail message
      * @param  cause the cause (which is saved for later retrieval by the
-     * {@link #getCause getCause()} method). (A <code>null</code> value is
+     * {@link #getCause getCause()} method). (A {@code null} value is
      * permitted, and indicates that the cause is nonexistent or unknown.)
      */
     public CertPathBuilderException(String msg, Throwable cause) {
--- a/src/share/classes/java/security/cert/CertPathBuilderResult.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathBuilderResult.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,8 +30,8 @@
  * All results returned by the {@link CertPathBuilder#build
  * CertPathBuilder.build} method must implement this interface.
  * <p>
- * At a minimum, a <code>CertPathBuilderResult</code> contains the
- * <code>CertPath</code> built by the <code>CertPathBuilder</code> instance.
+ * At a minimum, a {@code CertPathBuilderResult} contains the
+ * {@code CertPath} built by the {@code CertPathBuilder} instance.
  * Implementations of this interface may add methods to return implementation
  * or algorithm specific information, such as debugging information or
  * certification path validation results.
@@ -54,15 +54,15 @@
     /**
      * Returns the built certification path.
      *
-     * @return the certification path (never <code>null</code>)
+     * @return the certification path (never {@code null})
      */
     CertPath getCertPath();
 
     /**
-     * Makes a copy of this <code>CertPathBuilderResult</code>. Changes to the
+     * Makes a copy of this {@code CertPathBuilderResult}. Changes to the
      * copy will not affect the original and vice versa.
      *
-     * @return a copy of this <code>CertPathBuilderResult</code>
+     * @return a copy of this {@code CertPathBuilderResult}
      */
     Object clone();
 }
--- a/src/share/classes/java/security/cert/CertPathBuilderSpi.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathBuilderSpi.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,23 +30,23 @@
 /**
  * The <i>Service Provider Interface</i> (<b>SPI</b>)
  * for the {@link CertPathBuilder CertPathBuilder} class. All
- * <code>CertPathBuilder</code> implementations must include a class (the
- * SPI class) that extends this class (<code>CertPathBuilderSpi</code>) and
+ * {@code CertPathBuilder} implementations must include a class (the
+ * SPI class) that extends this class ({@code CertPathBuilderSpi}) and
  * implements all of its methods. In general, instances of this class should
- * only be accessed through the <code>CertPathBuilder</code> class. For
+ * only be accessed through the {@code CertPathBuilder} class. For
  * details, see the Java Cryptography Architecture.
  * <p>
  * <b>Concurrent Access</b>
  * <p>
  * Instances of this class need not be protected against concurrent
  * access from multiple threads. Threads that need to access a single
- * <code>CertPathBuilderSpi</code> instance concurrently should synchronize
+ * {@code CertPathBuilderSpi} instance concurrently should synchronize
  * amongst themselves and provide the necessary locking before calling the
- * wrapping <code>CertPathBuilder</code> object.
+ * wrapping {@code CertPathBuilder} object.
  * <p>
- * However, implementations of <code>CertPathBuilderSpi</code> may still
+ * However, implementations of {@code CertPathBuilderSpi} may still
  * encounter concurrency issues, since multiple threads each
- * manipulating a different <code>CertPathBuilderSpi</code> instance need not
+ * manipulating a different {@code CertPathBuilderSpi} instance need not
  * synchronize.
  *
  * @since       1.4
@@ -68,7 +68,7 @@
      * @throws CertPathBuilderException if the builder is unable to construct
      * a certification path that satisfies the specified parameters
      * @throws InvalidAlgorithmParameterException if the specified parameters
-     * are inappropriate for this <code>CertPathBuilder</code>
+     * are inappropriate for this {@code CertPathBuilder}
      */
     public abstract CertPathBuilderResult engineBuild(CertPathParameters params)
         throws CertPathBuilderException, InvalidAlgorithmParameterException;
--- a/src/share/classes/java/security/cert/CertPathParameters.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathParameters.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,8 +28,8 @@
 /**
  * A specification of certification path algorithm parameters.
  * The purpose of this interface is to group (and provide type safety for)
- * all <code>CertPath</code> parameter specifications. All
- * <code>CertPath</code> parameter specifications must implement this
+ * all {@code CertPath} parameter specifications. All
+ * {@code CertPath} parameter specifications must implement this
  * interface.
  *
  * @author      Yassir Elley
@@ -40,10 +40,10 @@
 public interface CertPathParameters extends Cloneable {
 
   /**
-   * Makes a copy of this <code>CertPathParameters</code>. Changes to the
+   * Makes a copy of this {@code CertPathParameters}. Changes to the
    * copy will not affect the original and vice versa.
    *
-   * @return a copy of this <code>CertPathParameters</code>
+   * @return a copy of this {@code CertPathParameters}
    */
   Object clone();
 }
--- a/src/share/classes/java/security/cert/CertPathValidator.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathValidator.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,22 +42,22 @@
  * chains).
  * <p>
  * This class uses a provider-based architecture.
- * To create a <code>CertPathValidator</code>,
- * call one of the static <code>getInstance</code> methods, passing in the
- * algorithm name of the <code>CertPathValidator</code> desired and
+ * To create a {@code CertPathValidator},
+ * call one of the static {@code getInstance} methods, passing in the
+ * algorithm name of the {@code CertPathValidator} desired and
  * optionally the name of the provider desired.
  * <p>
- * Once a <code>CertPathValidator</code> object has been created, it can
+ * <p>Once a {@code CertPathValidator} object has been created, it can
  * be used to validate certification paths by calling the {@link #validate
- * validate} method and passing it the <code>CertPath</code> to be validated
+ * validate} method and passing it the {@code CertPath} to be validated
  * and an algorithm-specific set of parameters. If successful, the result is
  * returned in an object that implements the
- * <code>CertPathValidatorResult</code> interface.
+ * {@code CertPathValidatorResult} interface.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>CertPathValidator</code> algorithm:
+ * following standard {@code CertPathValidator} algorithm:
  * <ul>
- * <li><tt>PKIX</tt></li>
+ * <li>{@code PKIX}</li>
  * </ul>
  * This algorithm is described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
@@ -75,9 +75,9 @@
  * <p>
  * However, this is not true for the non-static methods defined by this class.
  * Unless otherwise documented by a specific provider, threads that need to
- * access a single <code>CertPathValidator</code> instance concurrently should
+ * access a single {@code CertPathValidator} instance concurrently should
  * synchronize amongst themselves and provide the necessary locking. Multiple
- * threads each manipulating a different <code>CertPathValidator</code>
+ * threads each manipulating a different {@code CertPathValidator}
  * instance need not synchronize.
  *
  * @see CertPath
@@ -102,7 +102,7 @@
     private String algorithm;
 
     /**
-     * Creates a <code>CertPathValidator</code> object of the given algorithm,
+     * Creates a {@code CertPathValidator} object of the given algorithm,
      * and encapsulates the given provider implementation (SPI object) in it.
      *
      * @param validatorSpi the provider implementation
@@ -118,7 +118,7 @@
     }
 
     /**
-     * Returns a <code>CertPathValidator</code> object that implements the
+     * Returns a {@code CertPathValidator} object that implements the
      * specified algorithm.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -130,13 +130,13 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
-     * @param algorithm the name of the requested <code>CertPathValidator</code>
+     * @param algorithm the name of the requested {@code CertPathValidator}
      *  algorithm. See the CertPathValidator section in the <a href=
      *  "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return a <code>CertPathValidator</code> object that implements the
+     * @return a {@code CertPathValidator} object that implements the
      *          specified algorithm.
      *
      * @exception NoSuchAlgorithmException if no Provider supports a
@@ -154,7 +154,7 @@
     }
 
     /**
-     * Returns a <code>CertPathValidator</code> object that implements the
+     * Returns a {@code CertPathValidator} object that implements the
      * specified algorithm.
      *
      * <p> A new CertPathValidator object encapsulating the
@@ -165,7 +165,7 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
-     * @param algorithm the name of the requested <code>CertPathValidator</code>
+     * @param algorithm the name of the requested {@code CertPathValidator}
      *  algorithm. See the CertPathValidator section in the <a href=
      *  "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
@@ -173,7 +173,7 @@
      *
      * @param provider the name of the provider.
      *
-     * @return a <code>CertPathValidator</code> object that implements the
+     * @return a {@code CertPathValidator} object that implements the
      *          specified algorithm.
      *
      * @exception NoSuchAlgorithmException if a CertPathValidatorSpi
@@ -183,7 +183,7 @@
      * @exception NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception IllegalArgumentException if the <code>provider</code> is
+     * @exception IllegalArgumentException if the {@code provider} is
      *          null or empty.
      *
      * @see java.security.Provider
@@ -198,7 +198,7 @@
     }
 
     /**
-     * Returns a <code>CertPathValidator</code> object that implements the
+     * Returns a {@code CertPathValidator} object that implements the
      * specified algorithm.
      *
      * <p> A new CertPathValidator object encapsulating the
@@ -206,7 +206,7 @@
      * object is returned.  Note that the specified Provider object
      * does not have to be registered in the provider list.
      *
-     * @param algorithm the name of the requested <code>CertPathValidator</code>
+     * @param algorithm the name of the requested {@code CertPathValidator}
      * algorithm. See the CertPathValidator section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
@@ -214,14 +214,14 @@
      *
      * @param provider the provider.
      *
-     * @return a <code>CertPathValidator</code> object that implements the
+     * @return a {@code CertPathValidator} object that implements the
      *          specified algorithm.
      *
      * @exception NoSuchAlgorithmException if a CertPathValidatorSpi
      *          implementation for the specified algorithm is not available
      *          from the specified Provider object.
      *
-     * @exception IllegalArgumentException if the <code>provider</code> is
+     * @exception IllegalArgumentException if the {@code provider} is
      *          null.
      *
      * @see java.security.Provider
@@ -235,19 +235,19 @@
     }
 
     /**
-     * Returns the <code>Provider</code> of this
-     * <code>CertPathValidator</code>.
+     * Returns the {@code Provider} of this
+     * {@code CertPathValidator}.
      *
-     * @return the <code>Provider</code> of this <code>CertPathValidator</code>
+     * @return the {@code Provider} of this {@code CertPathValidator}
      */
     public final Provider getProvider() {
         return this.provider;
     }
 
     /**
-     * Returns the algorithm name of this <code>CertPathValidator</code>.
+     * Returns the algorithm name of this {@code CertPathValidator}.
      *
-     * @return the algorithm name of this <code>CertPathValidator</code>
+     * @return the algorithm name of this {@code CertPathValidator}
      */
     public final String getAlgorithm() {
         return this.algorithm;
@@ -257,20 +257,20 @@
      * Validates the specified certification path using the specified
      * algorithm parameter set.
      * <p>
-     * The <code>CertPath</code> specified must be of a type that is
+     * The {@code CertPath} specified must be of a type that is
      * supported by the validation algorithm, otherwise an
-     * <code>InvalidAlgorithmParameterException</code> will be thrown. For
-     * example, a <code>CertPathValidator</code> that implements the PKIX
-     * algorithm validates <code>CertPath</code> objects of type X.509.
+     * {@code InvalidAlgorithmParameterException} will be thrown. For
+     * example, a {@code CertPathValidator} that implements the PKIX
+     * algorithm validates {@code CertPath} objects of type X.509.
      *
-     * @param certPath the <code>CertPath</code> to be validated
+     * @param certPath the {@code CertPath} to be validated
      * @param params the algorithm parameters
      * @return the result of the validation algorithm
-     * @exception CertPathValidatorException if the <code>CertPath</code>
+     * @exception CertPathValidatorException if the {@code CertPath}
      * does not validate
      * @exception InvalidAlgorithmParameterException if the specified
-     * parameters or the type of the specified <code>CertPath</code> are
-     * inappropriate for this <code>CertPathValidator</code>
+     * parameters or the type of the specified {@code CertPath} are
+     * inappropriate for this {@code CertPathValidator}
      */
     public final CertPathValidatorResult validate(CertPath certPath,
         CertPathParameters params)
--- a/src/share/classes/java/security/cert/CertPathValidatorException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathValidatorException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,11 +34,11 @@
  * An exception indicating one of a variety of problems encountered when
  * validating a certification path.
  * <p>
- * A <code>CertPathValidatorException</code> provides support for wrapping
+ * A {@code CertPathValidatorException} provides support for wrapping
  * exceptions. The {@link #getCause getCause} method returns the throwable,
  * if any, that caused this exception to be thrown.
  * <p>
- * A <code>CertPathValidatorException</code> may also include the
+ * A {@code CertPathValidatorException} may also include the
  * certification path that was being validated when the exception was thrown,
  * the index of the certificate in the certification path that caused the
  * exception to be thrown, and the reason that caused the failure. Use the
@@ -70,7 +70,7 @@
     private int index = -1;
 
     /**
-     * @serial the <code>CertPath</code> that was being validated when
+     * @serial the {@code CertPath} that was being validated when
      * the exception was thrown
      */
     private CertPath certPath;
@@ -81,7 +81,7 @@
     private Reason reason = BasicReason.UNSPECIFIED;
 
     /**
-     * Creates a <code>CertPathValidatorException</code> with
+     * Creates a {@code CertPathValidatorException} with
      * no detail message.
      */
     public CertPathValidatorException() {
@@ -89,8 +89,8 @@
     }
 
     /**
-     * Creates a <code>CertPathValidatorException</code> with the given
-     * detail message. A detail message is a <code>String</code> that
+     * Creates a {@code CertPathValidatorException} with the given
+     * detail message. A detail message is a {@code String} that
      * describes this particular exception.
      *
      * @param msg the detail message
@@ -100,16 +100,16 @@
     }
 
     /**
-     * Creates a <code>CertPathValidatorException</code> that wraps the
+     * Creates a {@code CertPathValidatorException} that wraps the
      * specified throwable. This allows any exception to be converted into a
-     * <code>CertPathValidatorException</code>, while retaining information
+     * {@code CertPathValidatorException}, while retaining information
      * about the wrapped exception, which may be useful for debugging. The
-     * detail message is set to (<code>cause==null ? null : cause.toString()
-     * </code>) (which typically contains the class and detail message of
+     * detail message is set to ({@code cause==null ? null : cause.toString()})
+     * (which typically contains the class and detail message of
      * cause).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     * {@link #getCause getCause()} method). (A <code>null</code> value is
+     * {@link #getCause getCause()} method). (A {@code null} value is
      * permitted, and indicates that the cause is nonexistent or unknown.)
      */
     public CertPathValidatorException(Throwable cause) {
@@ -117,12 +117,12 @@
     }
 
     /**
-     * Creates a <code>CertPathValidatorException</code> with the specified
+     * Creates a {@code CertPathValidatorException} with the specified
      * detail message and cause.
      *
      * @param msg the detail message
      * @param cause the cause (which is saved for later retrieval by the
-     * {@link #getCause getCause()} method). (A <code>null</code> value is
+     * {@link #getCause getCause()} method). (A {@code null} value is
      * permitted, and indicates that the cause is nonexistent or unknown.)
      */
     public CertPathValidatorException(String msg, Throwable cause) {
@@ -130,21 +130,21 @@
     }
 
     /**
-     * Creates a <code>CertPathValidatorException</code> with the specified
+     * Creates a {@code CertPathValidatorException} with the specified
      * detail message, cause, certification path, and index.
      *
-     * @param msg the detail message (or <code>null</code> if none)
-     * @param cause the cause (or <code>null</code> if none)
+     * @param msg the detail message (or {@code null} if none)
+     * @param cause the cause (or {@code null} if none)
      * @param certPath the certification path that was in the process of
      * being validated when the error was encountered
      * @param index the index of the certificate in the certification path
      * that caused the error (or -1 if not applicable). Note that
-     * the list of certificates in a <code>CertPath</code> is zero based.
+     * the list of certificates in a {@code CertPath} is zero based.
      * @throws IndexOutOfBoundsException if the index is out of range
      * {@code (index < -1 || (certPath != null && index >=
      * certPath.getCertificates().size()) }
-     * @throws IllegalArgumentException if <code>certPath</code> is
-     * <code>null</code> and <code>index</code> is not -1
+     * @throws IllegalArgumentException if {@code certPath} is
+     * {@code null} and {@code index} is not -1
      */
     public CertPathValidatorException(String msg, Throwable cause,
             CertPath certPath, int index) {
@@ -152,23 +152,23 @@
     }
 
     /**
-     * Creates a <code>CertPathValidatorException</code> with the specified
+     * Creates a {@code CertPathValidatorException} with the specified
      * detail message, cause, certification path, index, and reason.
      *
-     * @param msg the detail message (or <code>null</code> if none)
-     * @param cause the cause (or <code>null</code> if none)
+     * @param msg the detail message (or {@code null} if none)
+     * @param cause the cause (or {@code null} if none)
      * @param certPath the certification path that was in the process of
      * being validated when the error was encountered
      * @param index the index of the certificate in the certification path
      * that caused the error (or -1 if not applicable). Note that
-     * the list of certificates in a <code>CertPath</code> is zero based.
+     * the list of certificates in a {@code CertPath} is zero based.
      * @param reason the reason the validation failed
      * @throws IndexOutOfBoundsException if the index is out of range
      * {@code (index < -1 || (certPath != null && index >=
      * certPath.getCertificates().size()) }
-     * @throws IllegalArgumentException if <code>certPath</code> is
-     * <code>null</code> and <code>index</code> is not -1
-     * @throws NullPointerException if <code>reason</code> is <code>null</code>
+     * @throws IllegalArgumentException if {@code certPath} is
+     * {@code null} and {@code index} is not -1
+     * @throws NullPointerException if {@code reason} is {@code null}
      *
      * @since 1.7
      */
@@ -194,8 +194,8 @@
      * Returns the certification path that was being validated when
      * the exception was thrown.
      *
-     * @return the <code>CertPath</code> that was being validated when
-     * the exception was thrown (or <code>null</code> if not specified)
+     * @return the {@code CertPath} that was being validated when
+     * the exception was thrown (or {@code null} if not specified)
      */
     public CertPath getCertPath() {
         return this.certPath;
@@ -204,7 +204,7 @@
     /**
      * Returns the index of the certificate in the certification path
      * that caused the exception to be thrown. Note that the list of
-     * certificates in a <code>CertPath</code> is zero based. If no
+     * certificates in a {@code CertPath} is zero based. If no
      * index has been set, -1 is returned.
      *
      * @return the index that has been set, or -1 if none has been set
@@ -219,7 +219,7 @@
      * {@link #getIndex}.
      *
      * @return the reason that the validation failed, or
-     *    <code>BasicReason.UNSPECIFIED</code> if a reason has not been
+     *    {@code BasicReason.UNSPECIFIED} if a reason has not been
      *    specified
      *
      * @since 1.7
--- a/src/share/classes/java/security/cert/CertPathValidatorResult.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathValidatorResult.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,10 +41,10 @@
 public interface CertPathValidatorResult extends Cloneable {
 
     /**
-     * Makes a copy of this <code>CertPathValidatorResult</code>. Changes to the
+     * Makes a copy of this {@code CertPathValidatorResult}. Changes to the
      * copy will not affect the original and vice versa.
      *
-     * @return a copy of this <code>CertPathValidatorResult</code>
+     * @return a copy of this {@code CertPathValidatorResult}
      */
     Object clone();
 }
--- a/src/share/classes/java/security/cert/CertPathValidatorSpi.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertPathValidatorSpi.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,23 +31,23 @@
  *
  * The <i>Service Provider Interface</i> (<b>SPI</b>)
  * for the {@link CertPathValidator CertPathValidator} class. All
- * <code>CertPathValidator</code> implementations must include a class (the
- * SPI class) that extends this class (<code>CertPathValidatorSpi</code>)
+ * {@code CertPathValidator} implementations must include a class (the
+ * SPI class) that extends this class ({@code CertPathValidatorSpi})
  * and implements all of its methods. In general, instances of this class
- * should only be accessed through the <code>CertPathValidator</code> class.
+ * should only be accessed through the {@code CertPathValidator} class.
  * For details, see the Java Cryptography Architecture.
  * <p>
  * <b>Concurrent Access</b>
  * <p>
  * Instances of this class need not be protected against concurrent
  * access from multiple threads. Threads that need to access a single
- * <code>CertPathValidatorSpi</code> instance concurrently should synchronize
+ * {@code CertPathValidatorSpi} instance concurrently should synchronize
  * amongst themselves and provide the necessary locking before calling the
- * wrapping <code>CertPathValidator</code> object.
+ * wrapping {@code CertPathValidator} object.
  * <p>
- * However, implementations of <code>CertPathValidatorSpi</code> may still
+ * However, implementations of {@code CertPathValidatorSpi} may still
  * encounter concurrency issues, since multiple threads each
- * manipulating a different <code>CertPathValidatorSpi</code> instance need not
+ * manipulating a different {@code CertPathValidatorSpi} instance need not
  * synchronize.
  *
  * @since       1.4
@@ -64,20 +64,20 @@
      * Validates the specified certification path using the specified
      * algorithm parameter set.
      * <p>
-     * The <code>CertPath</code> specified must be of a type that is
+     * The {@code CertPath} specified must be of a type that is
      * supported by the validation algorithm, otherwise an
-     * <code>InvalidAlgorithmParameterException</code> will be thrown. For
-     * example, a <code>CertPathValidator</code> that implements the PKIX
-     * algorithm validates <code>CertPath</code> objects of type X.509.
+     * {@code InvalidAlgorithmParameterException} will be thrown. For
+     * example, a {@code CertPathValidator} that implements the PKIX
+     * algorithm validates {@code CertPath} objects of type X.509.
      *
-     * @param certPath the <code>CertPath</code> to be validated
+     * @param certPath the {@code CertPath} to be validated
      * @param params the algorithm parameters
      * @return the result of the validation algorithm
-     * @exception CertPathValidatorException if the <code>CertPath</code>
+     * @exception CertPathValidatorException if the {@code CertPath}
      * does not validate
      * @exception InvalidAlgorithmParameterException if the specified
-     * parameters or the type of the specified <code>CertPath</code> are
-     * inappropriate for this <code>CertPathValidator</code>
+     * parameters or the type of the specified {@code CertPath} are
+     * inappropriate for this {@code CertPathValidator}
      */
     public abstract CertPathValidatorResult
         engineValidate(CertPath certPath, CertPathParameters params)
--- a/src/share/classes/java/security/cert/CertSelector.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertSelector.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,9 +27,9 @@
 
 /**
  * A selector that defines a set of criteria for selecting
- * <code>Certificate</code>s. Classes that implement this interface
- * are often used to specify which <code>Certificate</code>s should
- * be retrieved from a <code>CertStore</code>.
+ * {@code Certificate}s. Classes that implement this interface
+ * are often used to specify which {@code Certificate}s should
+ * be retrieved from a {@code CertStore}.
  * <p>
  * <b>Concurrent Access</b>
  * <p>
@@ -49,19 +49,19 @@
 public interface CertSelector extends Cloneable {
 
     /**
-     * Decides whether a <code>Certificate</code> should be selected.
+     * Decides whether a {@code Certificate} should be selected.
      *
-     * @param   cert    the <code>Certificate</code> to be checked
-     * @return  <code>true</code> if the <code>Certificate</code>
-     * should be selected, <code>false</code> otherwise
+     * @param   cert    the {@code Certificate} to be checked
+     * @return  {@code true} if the {@code Certificate}
+     * should be selected, {@code false} otherwise
      */
     boolean match(Certificate cert);
 
     /**
-     * Makes a copy of this <code>CertSelector</code>. Changes to the
+     * Makes a copy of this {@code CertSelector}. Changes to the
      * copy will not affect the original and vice versa.
      *
-     * @return a copy of this <code>CertSelector</code>
+     * @return a copy of this {@code CertSelector}
      */
     Object clone();
 }
--- a/src/share/classes/java/security/cert/CertStore.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertStore.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,32 +38,32 @@
 import sun.security.jca.GetInstance.Instance;
 
 /**
- * A class for retrieving <code>Certificate</code>s and <code>CRL</code>s
+ * A class for retrieving {@code Certificate}s and {@code CRL}s
  * from a repository.
  * <p>
  * This class uses a provider-based architecture.
- * To create a <code>CertStore</code>, call one of the static
- * <code>getInstance</code> methods, passing in the type of
- * <code>CertStore</code> desired, any applicable initialization parameters
+ * To create a {@code CertStore}, call one of the static
+ * {@code getInstance} methods, passing in the type of
+ * {@code CertStore} desired, any applicable initialization parameters
  * and optionally the name of the provider desired.
  * <p>
- * Once the <code>CertStore</code> has been created, it can be used to
- * retrieve <code>Certificate</code>s and <code>CRL</code>s by calling its
+ * Once the {@code CertStore} has been created, it can be used to
+ * retrieve {@code Certificate}s and {@code CRL}s by calling its
  * {@link #getCertificates(CertSelector selector) getCertificates} and
  * {@link #getCRLs(CRLSelector selector) getCRLs} methods.
  * <p>
  * Unlike a {@link java.security.KeyStore KeyStore}, which provides access
  * to a cache of private keys and trusted certificates, a
- * <code>CertStore</code> is designed to provide access to a potentially
+ * {@code CertStore} is designed to provide access to a potentially
  * vast repository of untrusted certificates and CRLs. For example, an LDAP
- * implementation of <code>CertStore</code> provides access to certificates
+ * implementation of {@code CertStore} provides access to certificates
  * and CRLs stored in one or more directories using the LDAP protocol and the
  * schema as defined in the RFC service attribute.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>CertStore</code> type:
+ * following standard {@code CertStore} type:
  * <ul>
- * <li><tt>Collection</tt></li>
+ * <li>{@code Collection}</li>
  * </ul>
  * This type is described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
@@ -75,10 +75,10 @@
  * <p>
  * <b>Concurrent Access</b>
  * <p>
- * All public methods of <code>CertStore</code> objects must be thread-safe.
+ * All public methods of {@code CertStore} objects must be thread-safe.
  * That is, multiple threads may concurrently invoke these methods on a
- * single <code>CertStore</code> object (or more than one) with no
- * ill effects. This allows a <code>CertPathBuilder</code> to search for a
+ * single {@code CertStore} object (or more than one) with no
+ * ill effects. This allows a {@code CertPathBuilder} to search for a
  * CRL while simultaneously searching for further certificates, for instance.
  * <p>
  * The static methods of this class are also guaranteed to be thread-safe.
@@ -104,13 +104,13 @@
     private CertStoreParameters params;
 
     /**
-     * Creates a <code>CertStore</code> object of the given type, and
+     * Creates a {@code CertStore} object of the given type, and
      * encapsulates the given provider implementation (SPI object) in it.
      *
      * @param storeSpi the provider implementation
      * @param provider the provider
      * @param type the type
-     * @param params the initialization parameters (may be <code>null</code>)
+     * @param params the initialization parameters (may be {@code null})
      */
     protected CertStore(CertStoreSpi storeSpi, Provider provider,
                         String type, CertStoreParameters params) {
@@ -122,28 +122,28 @@
     }
 
     /**
-     * Returns a <code>Collection</code> of <code>Certificate</code>s that
-     * match the specified selector. If no <code>Certificate</code>s
-     * match the selector, an empty <code>Collection</code> will be returned.
+     * Returns a {@code Collection} of {@code Certificate}s that
+     * match the specified selector. If no {@code Certificate}s
+     * match the selector, an empty {@code Collection} will be returned.
      * <p>
-     * For some <code>CertStore</code> types, the resulting
-     * <code>Collection</code> may not contain <b>all</b> of the
-     * <code>Certificate</code>s that match the selector. For instance,
-     * an LDAP <code>CertStore</code> may not search all entries in the
+     * For some {@code CertStore} types, the resulting
+     * {@code Collection} may not contain <b>all</b> of the
+     * {@code Certificate}s that match the selector. For instance,
+     * an LDAP {@code CertStore} may not search all entries in the
      * directory. Instead, it may just search entries that are likely to
-     * contain the <code>Certificate</code>s it is looking for.
+     * contain the {@code Certificate}s it is looking for.
      * <p>
-     * Some <code>CertStore</code> implementations (especially LDAP
-     * <code>CertStore</code>s) may throw a <code>CertStoreException</code>
-     * unless a non-null <code>CertSelector</code> is provided that
+     * Some {@code CertStore} implementations (especially LDAP
+     * {@code CertStore}s) may throw a {@code CertStoreException}
+     * unless a non-null {@code CertSelector} is provided that
      * includes specific criteria that can be used to find the certificates.
      * Issuer and/or subject names are especially useful criteria.
      *
-     * @param selector A <code>CertSelector</code> used to select which
-     *  <code>Certificate</code>s should be returned. Specify <code>null</code>
-     *  to return all <code>Certificate</code>s (if supported).
-     * @return A <code>Collection</code> of <code>Certificate</code>s that
-     *         match the specified selector (never <code>null</code>)
+     * @param selector A {@code CertSelector} used to select which
+     *  {@code Certificate}s should be returned. Specify {@code null}
+     *  to return all {@code Certificate}s (if supported).
+     * @return A {@code Collection} of {@code Certificate}s that
+     *         match the specified selector (never {@code null})
      * @throws CertStoreException if an exception occurs
      */
     public final Collection<? extends Certificate> getCertificates
@@ -152,28 +152,28 @@
     }
 
     /**
-     * Returns a <code>Collection</code> of <code>CRL</code>s that
-     * match the specified selector. If no <code>CRL</code>s
-     * match the selector, an empty <code>Collection</code> will be returned.
+     * Returns a {@code Collection} of {@code CRL}s that
+     * match the specified selector. If no {@code CRL}s
+     * match the selector, an empty {@code Collection} will be returned.
      * <p>
-     * For some <code>CertStore</code> types, the resulting
-     * <code>Collection</code> may not contain <b>all</b> of the
-     * <code>CRL</code>s that match the selector. For instance,
-     * an LDAP <code>CertStore</code> may not search all entries in the
+     * For some {@code CertStore} types, the resulting
+     * {@code Collection} may not contain <b>all</b> of the
+     * {@code CRL}s that match the selector. For instance,
+     * an LDAP {@code CertStore} may not search all entries in the
      * directory. Instead, it may just search entries that are likely to
-     * contain the <code>CRL</code>s it is looking for.
+     * contain the {@code CRL}s it is looking for.
      * <p>
-     * Some <code>CertStore</code> implementations (especially LDAP
-     * <code>CertStore</code>s) may throw a <code>CertStoreException</code>
-     * unless a non-null <code>CRLSelector</code> is provided that
+     * Some {@code CertStore} implementations (especially LDAP
+     * {@code CertStore}s) may throw a {@code CertStoreException}
+     * unless a non-null {@code CRLSelector} is provided that
      * includes specific criteria that can be used to find the CRLs.
      * Issuer names and/or the certificate to be checked are especially useful.
      *
-     * @param selector A <code>CRLSelector</code> used to select which
-     *  <code>CRL</code>s should be returned. Specify <code>null</code>
-     *  to return all <code>CRL</code>s (if supported).
-     * @return A <code>Collection</code> of <code>CRL</code>s that
-     *         match the specified selector (never <code>null</code>)
+     * @param selector A {@code CRLSelector} used to select which
+     *  {@code CRL}s should be returned. Specify {@code null}
+     *  to return all {@code CRL}s (if supported).
+     * @return A {@code Collection} of {@code CRL}s that
+     *         match the specified selector (never {@code null})
      * @throws CertStoreException if an exception occurs
      */
     public final Collection<? extends CRL> getCRLs(CRLSelector selector)
@@ -182,8 +182,8 @@
     }
 
     /**
-     * Returns a <code>CertStore</code> object that implements the specified
-     * <code>CertStore</code> type and is initialized with the specified
+     * Returns a {@code CertStore} object that implements the specified
+     * {@code CertStore} type and is initialized with the specified
      * parameters.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -195,29 +195,29 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
-     * <p>The <code>CertStore</code> that is returned is initialized with the
-     * specified <code>CertStoreParameters</code>. The type of parameters
-     * needed may vary between different types of <code>CertStore</code>s.
-     * Note that the specified <code>CertStoreParameters</code> object is
+     * <p>The {@code CertStore} that is returned is initialized with the
+     * specified {@code CertStoreParameters}. The type of parameters
+     * needed may vary between different types of {@code CertStore}s.
+     * Note that the specified {@code CertStoreParameters} object is
      * cloned.
      *
-     * @param type the name of the requested <code>CertStore</code> type.
+     * @param type the name of the requested {@code CertStore} type.
      * See the CertStore section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard types.
      *
-     * @param params the initialization parameters (may be <code>null</code>).
+     * @param params the initialization parameters (may be {@code null}).
      *
-     * @return a <code>CertStore</code> object that implements the specified
-     *          <code>CertStore</code> type.
+     * @return a {@code CertStore} object that implements the specified
+     *          {@code CertStore} type.
      *
      * @throws NoSuchAlgorithmException if no Provider supports a
      *          CertStoreSpi implementation for the specified type.
      *
      * @throws InvalidAlgorithmParameterException if the specified
      *          initialization parameters are inappropriate for this
-     *          <code>CertStore</code>.
+     *          {@code CertStore}.
      *
      * @see java.security.Provider
      */
@@ -244,8 +244,8 @@
     }
 
     /**
-     * Returns a <code>CertStore</code> object that implements the specified
-     * <code>CertStore</code> type.
+     * Returns a {@code CertStore} object that implements the specified
+     * {@code CertStore} type.
      *
      * <p> A new CertStore object encapsulating the
      * CertStoreSpi implementation from the specified provider
@@ -255,23 +255,23 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
-     * <p>The <code>CertStore</code> that is returned is initialized with the
-     * specified <code>CertStoreParameters</code>. The type of parameters
-     * needed may vary between different types of <code>CertStore</code>s.
-     * Note that the specified <code>CertStoreParameters</code> object is
+     * <p>The {@code CertStore} that is returned is initialized with the
+     * specified {@code CertStoreParameters}. The type of parameters
+     * needed may vary between different types of {@code CertStore}s.
+     * Note that the specified {@code CertStoreParameters} object is
      * cloned.
      *
-     * @param type the requested <code>CertStore</code> type.
+     * @param type the requested {@code CertStore} type.
      * See the CertStore section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard types.
      *
-     * @param params the initialization parameters (may be <code>null</code>).
+     * @param params the initialization parameters (may be {@code null}).
      *
      * @param provider the name of the provider.
      *
-     * @return a <code>CertStore</code> object that implements the
+     * @return a {@code CertStore} object that implements the
      *          specified type.
      *
      * @throws NoSuchAlgorithmException if a CertStoreSpi
@@ -280,12 +280,12 @@
      *
      * @throws InvalidAlgorithmParameterException if the specified
      *          initialization parameters are inappropriate for this
-     *          <code>CertStore</code>.
+     *          {@code CertStore}.
      *
      * @throws NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception IllegalArgumentException if the <code>provider</code> is
+     * @exception IllegalArgumentException if the {@code provider} is
      *          null or empty.
      *
      * @see java.security.Provider
@@ -305,31 +305,31 @@
     }
 
     /**
-     * Returns a <code>CertStore</code> object that implements the specified
-     * <code>CertStore</code> type.
+     * Returns a {@code CertStore} object that implements the specified
+     * {@code CertStore} type.
      *
      * <p> A new CertStore object encapsulating the
      * CertStoreSpi implementation from the specified Provider
      * object is returned.  Note that the specified Provider object
      * does not have to be registered in the provider list.
      *
-     * <p>The <code>CertStore</code> that is returned is initialized with the
-     * specified <code>CertStoreParameters</code>. The type of parameters
-     * needed may vary between different types of <code>CertStore</code>s.
-     * Note that the specified <code>CertStoreParameters</code> object is
+     * <p>The {@code CertStore} that is returned is initialized with the
+     * specified {@code CertStoreParameters}. The type of parameters
+     * needed may vary between different types of {@code CertStore}s.
+     * Note that the specified {@code CertStoreParameters} object is
      * cloned.
      *
-     * @param type the requested <code>CertStore</code> type.
+     * @param type the requested {@code CertStore} type.
      * See the CertStore section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard types.
      *
-     * @param params the initialization parameters (may be <code>null</code>).
+     * @param params the initialization parameters (may be {@code null}).
      *
      * @param provider the provider.
      *
-     * @return a <code>CertStore</code> object that implements the
+     * @return a {@code CertStore} object that implements the
      *          specified type.
      *
      * @exception NoSuchAlgorithmException if a CertStoreSpi
@@ -338,9 +338,9 @@
      *
      * @throws InvalidAlgorithmParameterException if the specified
      *          initialization parameters are inappropriate for this
-     *          <code>CertStore</code>
+     *          {@code CertStore}
      *
-     * @exception IllegalArgumentException if the <code>provider</code> is
+     * @exception IllegalArgumentException if the {@code provider} is
      *          null.
      *
      * @see java.security.Provider
@@ -359,30 +359,30 @@
     }
 
     /**
-     * Returns the parameters used to initialize this <code>CertStore</code>.
-     * Note that the <code>CertStoreParameters</code> object is cloned before
+     * Returns the parameters used to initialize this {@code CertStore}.
+     * Note that the {@code CertStoreParameters} object is cloned before
      * it is returned.
      *
-     * @return the parameters used to initialize this <code>CertStore</code>
-     * (may be <code>null</code>)
+     * @return the parameters used to initialize this {@code CertStore}
+     * (may be {@code null})
      */
     public final CertStoreParameters getCertStoreParameters() {
         return (params == null ? null : (CertStoreParameters) params.clone());
     }
 
     /**
-     * Returns the type of this <code>CertStore</code>.
+     * Returns the type of this {@code CertStore}.
      *
-     * @return the type of this <code>CertStore</code>
+     * @return the type of this {@code CertStore}
      */
     public final String getType() {
         return this.type;
     }
 
     /**
-     * Returns the provider of this <code>CertStore</code>.
+     * Returns the provider of this {@code CertStore}.
      *
-     * @return the provider of this <code>CertStore</code>
+     * @return the provider of this {@code CertStore}
      */
     public final Provider getProvider() {
         return this.provider;
--- a/src/share/classes/java/security/cert/CertStoreException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertStoreException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,9 +29,9 @@
 
 /**
  * An exception indicating one of a variety of problems retrieving
- * certificates and CRLs from a <code>CertStore</code>.
+ * certificates and CRLs from a {@code CertStore}.
  * <p>
- * A <code>CertStoreException</code> provides support for wrapping
+ * A {@code CertStoreException} provides support for wrapping
  * exceptions. The {@link #getCause getCause} method returns the throwable,
  * if any, that caused this exception to be thrown.
  * <p>
@@ -53,7 +53,7 @@
     private static final long serialVersionUID = 2395296107471573245L;
 
     /**
-     * Creates a <code>CertStoreException</code> with <code>null</code> as
+     * Creates a {@code CertStoreException} with {@code null} as
      * its detail message.
      */
     public CertStoreException() {
@@ -61,8 +61,8 @@
     }
 
     /**
-     * Creates a <code>CertStoreException</code> with the given detail
-     * message. A detail message is a <code>String</code> that describes this
+     * Creates a {@code CertStoreException} with the given detail
+     * message. A detail message is a {@code String} that describes this
      * particular exception.
      *
      * @param msg the detail message
@@ -72,15 +72,15 @@
     }
 
     /**
-     * Creates a <code>CertStoreException</code> that wraps the specified
+     * Creates a {@code CertStoreException} that wraps the specified
      * throwable. This allows any exception to be converted into a
-     * <code>CertStoreException</code>, while retaining information about the
+     * {@code CertStoreException}, while retaining information about the
      * cause, which may be useful for debugging. The detail message is
-     * set to (<code>cause==null ? null : cause.toString()</code>) (which
+     * set to ({@code cause==null ? null : cause.toString()}) (which
      * typically contains the class and detail message of cause).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     * {@link #getCause getCause()} method). (A <code>null</code> value is
+     * {@link #getCause getCause()} method). (A {@code null} value is
      * permitted, and indicates that the cause is nonexistent or unknown.)
      */
     public CertStoreException(Throwable cause) {
@@ -88,12 +88,12 @@
     }
 
     /**
-     * Creates a <code>CertStoreException</code> with the specified detail
+     * Creates a {@code CertStoreException} with the specified detail
      * message and cause.
      *
      * @param msg the detail message
      * @param cause the cause (which is saved for later retrieval by the
-     * {@link #getCause getCause()} method). (A <code>null</code> value is
+     * {@link #getCause getCause()} method). (A {@code null} value is
      * permitted, and indicates that the cause is nonexistent or unknown.)
      */
     public CertStoreException(String msg, Throwable cause) {
--- a/src/share/classes/java/security/cert/CertStoreParameters.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertStoreParameters.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,20 +26,20 @@
 package java.security.cert;
 
 /**
- * A specification of <code>CertStore</code> parameters.
+ * A specification of {@code CertStore} parameters.
  * <p>
  * The purpose of this interface is to group (and provide type safety for)
- * all <code>CertStore</code> parameter specifications. All
- * <code>CertStore</code> parameter specifications must implement this
+ * all {@code CertStore} parameter specifications. All
+ * {@code CertStore} parameter specifications must implement this
  * interface.
  * <p>
- * Typically, a <code>CertStoreParameters</code> object is passed as a parameter
+ * Typically, a {@code CertStoreParameters} object is passed as a parameter
  * to one of the {@link CertStore#getInstance CertStore.getInstance} methods.
- * The <code>getInstance</code> method returns a <code>CertStore</code> that
- * is used for retrieving <code>Certificate</code>s and <code>CRL</code>s. The
- * <code>CertStore</code> that is returned is initialized with the specified
+ * The {@code getInstance} method returns a {@code CertStore} that
+ * is used for retrieving {@code Certificate}s and {@code CRL}s. The
+ * {@code CertStore} that is returned is initialized with the specified
  * parameters. The type of parameters needed may vary between different types
- * of <code>CertStore</code>s.
+ * of {@code CertStore}s.
  *
  * @see CertStore#getInstance
  *
@@ -49,32 +49,32 @@
 public interface CertStoreParameters extends Cloneable {
 
     /**
-     * Makes a copy of this <code>CertStoreParameters</code>.
+     * Makes a copy of this {@code CertStoreParameters}.
      * <p>
      * The precise meaning of "copy" may depend on the class of
-     * the <code>CertStoreParameters</code> object. A typical implementation
+     * the {@code CertStoreParameters} object. A typical implementation
      * performs a "deep copy" of this object, but this is not an absolute
      * requirement. Some implementations may perform a "shallow copy" of some
      * or all of the fields of this object.
      * <p>
-     * Note that the <code>CertStore.getInstance</code> methods make a copy
-     * of the specified <code>CertStoreParameters</code>. A deep copy
-     * implementation of <code>clone</code> is safer and more robust, as it
-     * prevents the caller from corrupting a shared <code>CertStore</code> by
+     * Note that the {@code CertStore.getInstance} methods make a copy
+     * of the specified {@code CertStoreParameters}. A deep copy
+     * implementation of {@code clone} is safer and more robust, as it
+     * prevents the caller from corrupting a shared {@code CertStore} by
      * subsequently modifying the contents of its initialization parameters.
-     * However, a shallow copy implementation of <code>clone</code> is more
+     * However, a shallow copy implementation of {@code clone} is more
      * appropriate for applications that need to hold a reference to a
-     * parameter contained in the <code>CertStoreParameters</code>. For example,
+     * parameter contained in the {@code CertStoreParameters}. For example,
      * a shallow copy clone allows an application to release the resources of
-     * a particular <code>CertStore</code> initialization parameter immediately,
+     * a particular {@code CertStore} initialization parameter immediately,
      * rather than waiting for the garbage collection mechanism. This should
-     * be done with the utmost care, since the <code>CertStore</code> may still
+     * be done with the utmost care, since the {@code CertStore} may still
      * be in use by other threads.
      * <p>
      * Each subclass should state the precise behavior of this method so
      * that users and developers know what to expect.
      *
-     * @return a copy of this <code>CertStoreParameters</code>
+     * @return a copy of this {@code CertStoreParameters}
      */
     Object clone();
 }
--- a/src/share/classes/java/security/cert/CertStoreSpi.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertStoreSpi.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,26 +30,26 @@
 
 /**
  * The <i>Service Provider Interface</i> (<b>SPI</b>)
- * for the {@link CertStore CertStore} class. All <code>CertStore</code>
+ * for the {@link CertStore CertStore} class. All {@code CertStore}
  * implementations must include a class (the SPI class) that extends
- * this class (<code>CertStoreSpi</code>), provides a constructor with
- * a single argument of type <code>CertStoreParameters</code>, and implements
+ * this class ({@code CertStoreSpi}), provides a constructor with
+ * a single argument of type {@code CertStoreParameters}, and implements
  * all of its methods. In general, instances of this class should only be
- * accessed through the <code>CertStore</code> class.
+ * accessed through the {@code CertStore} class.
  * For details, see the Java Cryptography Architecture.
  * <p>
  * <b>Concurrent Access</b>
  * <p>
- * The public methods of all <code>CertStoreSpi</code> objects must be
+ * The public methods of all {@code CertStoreSpi} objects must be
  * thread-safe. That is, multiple threads may concurrently invoke these
- * methods on a single <code>CertStoreSpi</code> object (or more than one)
- * with no ill effects. This allows a <code>CertPathBuilder</code> to search
+ * methods on a single {@code CertStoreSpi} object (or more than one)
+ * with no ill effects. This allows a {@code CertPathBuilder} to search
  * for a CRL while simultaneously searching for further certificates, for
  * instance.
  * <p>
- * Simple <code>CertStoreSpi</code> implementations will probably ensure
- * thread safety by adding a <code>synchronized</code> keyword to their
- * <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods.
+ * Simple {@code CertStoreSpi} implementations will probably ensure
+ * thread safety by adding a {@code synchronized} keyword to their
+ * {@code engineGetCertificates} and {@code engineGetCRLs} methods.
  * More sophisticated ones may allow truly concurrent access.
  *
  * @since       1.4
@@ -60,64 +60,64 @@
     /**
      * The sole constructor.
      *
-     * @param params the initialization parameters (may be <code>null</code>)
+     * @param params the initialization parameters (may be {@code null})
      * @throws InvalidAlgorithmParameterException if the initialization
-     * parameters are inappropriate for this <code>CertStoreSpi</code>
+     * parameters are inappropriate for this {@code CertStoreSpi}
      */
     public CertStoreSpi(CertStoreParameters params)
     throws InvalidAlgorithmParameterException { }
 
     /**
-     * Returns a <code>Collection</code> of <code>Certificate</code>s that
-     * match the specified selector. If no <code>Certificate</code>s
-     * match the selector, an empty <code>Collection</code> will be returned.
+     * Returns a {@code Collection} of {@code Certificate}s that
+     * match the specified selector. If no {@code Certificate}s
+     * match the selector, an empty {@code Collection} will be returned.
      * <p>
-     * For some <code>CertStore</code> types, the resulting
-     * <code>Collection</code> may not contain <b>all</b> of the
-     * <code>Certificate</code>s that match the selector. For instance,
-     * an LDAP <code>CertStore</code> may not search all entries in the
+     * For some {@code CertStore} types, the resulting
+     * {@code Collection} may not contain <b>all</b> of the
+     * {@code Certificate}s that match the selector. For instance,
+     * an LDAP {@code CertStore} may not search all entries in the
      * directory. Instead, it may just search entries that are likely to
-     * contain the <code>Certificate</code>s it is looking for.
+     * contain the {@code Certificate}s it is looking for.
      * <p>
-     * Some <code>CertStore</code> implementations (especially LDAP
-     * <code>CertStore</code>s) may throw a <code>CertStoreException</code>
-     * unless a non-null <code>CertSelector</code> is provided that includes
+     * Some {@code CertStore} implementations (especially LDAP
+     * {@code CertStore}s) may throw a {@code CertStoreException}
+     * unless a non-null {@code CertSelector} is provided that includes
      * specific criteria that can be used to find the certificates. Issuer
      * and/or subject names are especially useful criteria.
      *
-     * @param selector A <code>CertSelector</code> used to select which
-     *  <code>Certificate</code>s should be returned. Specify <code>null</code>
-     *  to return all <code>Certificate</code>s (if supported).
-     * @return A <code>Collection</code> of <code>Certificate</code>s that
-     *         match the specified selector (never <code>null</code>)
+     * @param selector A {@code CertSelector} used to select which
+     *  {@code Certificate}s should be returned. Specify {@code null}
+     *  to return all {@code Certificate}s (if supported).
+     * @return A {@code Collection} of {@code Certificate}s that
+     *         match the specified selector (never {@code null})
      * @throws CertStoreException if an exception occurs
      */
     public abstract Collection<? extends Certificate> engineGetCertificates
             (CertSelector selector) throws CertStoreException;
 
     /**
-     * Returns a <code>Collection</code> of <code>CRL</code>s that
-     * match the specified selector. If no <code>CRL</code>s
-     * match the selector, an empty <code>Collection</code> will be returned.
+     * Returns a {@code Collection} of {@code CRL}s that
+     * match the specified selector. If no {@code CRL}s
+     * match the selector, an empty {@code Collection} will be returned.
      * <p>
-     * For some <code>CertStore</code> types, the resulting
-     * <code>Collection</code> may not contain <b>all</b> of the
-     * <code>CRL</code>s that match the selector. For instance,
-     * an LDAP <code>CertStore</code> may not search all entries in the
+     * For some {@code CertStore} types, the resulting
+     * {@code Collection} may not contain <b>all</b> of the
+     * {@code CRL}s that match the selector. For instance,
+     * an LDAP {@code CertStore} may not search all entries in the
      * directory. Instead, it may just search entries that are likely to
-     * contain the <code>CRL</code>s it is looking for.
+     * contain the {@code CRL}s it is looking for.
      * <p>
-     * Some <code>CertStore</code> implementations (especially LDAP
-     * <code>CertStore</code>s) may throw a <code>CertStoreException</code>
-     * unless a non-null <code>CRLSelector</code> is provided that includes
+     * Some {@code CertStore} implementations (especially LDAP
+     * {@code CertStore}s) may throw a {@code CertStoreException}
+     * unless a non-null {@code CRLSelector} is provided that includes
      * specific criteria that can be used to find the CRLs. Issuer names
      * and/or the certificate to be checked are especially useful.
      *
-     * @param selector A <code>CRLSelector</code> used to select which
-     *  <code>CRL</code>s should be returned. Specify <code>null</code>
-     *  to return all <code>CRL</code>s (if supported).
-     * @return A <code>Collection</code> of <code>CRL</code>s that
-     *         match the specified selector (never <code>null</code>)
+     * @param selector A {@code CRLSelector} used to select which
+     *  {@code CRL}s should be returned. Specify {@code null}
+     *  to return all {@code CRL}s (if supported).
+     * @return A {@code Collection} of {@code CRL}s that
+     *         match the specified selector (never {@code null})
      * @throws CertStoreException if an exception occurs
      */
     public abstract Collection<? extends CRL> engineGetCRLs
--- a/src/share/classes/java/security/cert/Certificate.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/Certificate.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -89,8 +89,8 @@
 
     /**
      * Compares this certificate for equality with the specified
-     * object. If the <code>other</code> object is an
-     * <code>instanceof</code> <code>Certificate</code>, then
+     * object. If the {@code other} object is an
+     * {@code instanceof} {@code Certificate}, then
      * its encoded form is retrieved and compared with the
      * encoded form of this certificate.
      *
--- a/src/share/classes/java/security/cert/CertificateEncodingException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateEncodingException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,13 +56,13 @@
     }
 
     /**
-     * Creates a <code>CertificateEncodingException</code> with the specified
+     * Creates a {@code CertificateEncodingException} with the specified
      * detail message and cause.
      *
      * @param message the detail message (which is saved for later retrieval
      *        by the {@link #getMessage()} method).
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
@@ -71,14 +71,14 @@
     }
 
     /**
-     * Creates a <code>CertificateEncodingException</code>
+     * Creates a {@code CertificateEncodingException}
      * with the specified cause and a detail message of
-     * <tt>(cause==null ? null : cause.toString())</tt>
+     * {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <tt>cause</tt>).
+     * {@code cause}).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
--- a/src/share/classes/java/security/cert/CertificateException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,13 +57,13 @@
     }
 
     /**
-     * Creates a <code>CertificateException</code> with the specified
+     * Creates a {@code CertificateException} with the specified
      * detail message and cause.
      *
      * @param message the detail message (which is saved for later retrieval
      *        by the {@link #getMessage()} method).
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
@@ -72,13 +72,13 @@
     }
 
     /**
-     * Creates a <code>CertificateException</code> with the specified cause
-     * and a detail message of <tt>(cause==null ? null : cause.toString())</tt>
+     * Creates a {@code CertificateException} with the specified cause
+     * and a detail message of {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <tt>cause</tt>).
+     * {@code cause}).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
--- a/src/share/classes/java/security/cert/CertificateExpiredException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateExpiredException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,8 +27,8 @@
 
 /**
  * Certificate Expired Exception. This is thrown whenever the current
- * <code>Date</code> or the specified <code>Date</code> is after the
- * <code>notAfter</code> date/time specified in the validity period
+ * {@code Date} or the specified {@code Date} is after the
+ * {@code notAfter} date/time specified in the validity period
  * of the certificate.
  *
  * @author Hemma Prafullchandra
--- a/src/share/classes/java/security/cert/CertificateFactory.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateFactory.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,27 +41,27 @@
 
 /**
  * This class defines the functionality of a certificate factory, which is
- * used to generate certificate, certification path (<code>CertPath</code>)
+ * used to generate certificate, certification path ({@code CertPath})
  * and certificate revocation list (CRL) objects from their encodings.
  *
  * <p>For encodings consisting of multiple certificates, use
- * <code>generateCertificates</code> when you want to
+ * {@code generateCertificates} when you want to
  * parse a collection of possibly unrelated certificates. Otherwise,
- * use <code>generateCertPath</code> when you want to generate
- * a <code>CertPath</code> (a certificate chain) and subsequently
- * validate it with a <code>CertPathValidator</code>.
+ * use {@code generateCertPath} when you want to generate
+ * a {@code CertPath} (a certificate chain) and subsequently
+ * validate it with a {@code CertPathValidator}.
  *
  * <p>A certificate factory for X.509 must return certificates that are an
- * instance of <code>java.security.cert.X509Certificate</code>, and CRLs
- * that are an instance of <code>java.security.cert.X509CRL</code>.
+ * instance of {@code java.security.cert.X509Certificate}, and CRLs
+ * that are an instance of {@code java.security.cert.X509CRL}.
  *
  * <p>The following example reads a file with Base64 encoded certificates,
  * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and
  * bounded at the end by -----END CERTIFICATE-----. We convert the
- * <code>FileInputStream</code> (which does not support <code>mark</code>
- * and <code>reset</code>) to a <code>BufferedInputStream</code> (which
+ * {@code FileInputStream} (which does not support {@code mark}
+ * and {@code reset}) to a {@code BufferedInputStream} (which
  * supports those methods), so that each call to
- * <code>generateCertificate</code> consumes only one certificate, and the
+ * {@code generateCertificate} consumes only one certificate, and the
  * read position of the input stream is positioned to the next certificate in
  * the file:<p>
  *
@@ -92,14 +92,14 @@
  * </pre>
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>CertificateFactory</code> type:
+ * following standard {@code CertificateFactory} type:
  * <ul>
- * <li><tt>X.509</tt></li>
+ * <li>{@code X.509}</li>
  * </ul>
- * and the following standard <code>CertPath</code> encodings:
+ * and the following standard {@code CertPath} encodings:
  * <ul>
- * <li><tt>PKCS7</tt></li>
- * <li><tt>PkiPath</tt></li>
+ * <li>{@code PKCS7}</li>
+ * <li>{@code PkiPath}</li>
  * </ul>
  * The type and encodings are described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
@@ -258,7 +258,7 @@
      *          implementation for the specified algorithm is not available
      *          from the specified Provider object.
      *
-     * @exception IllegalArgumentException if the <code>provider</code> is
+     * @exception IllegalArgumentException if the {@code provider} is
      *          null.
      *
      * @see java.security.Provider
@@ -299,17 +299,17 @@
 
     /**
      * Generates a certificate object and initializes it with
-     * the data read from the input stream <code>inStream</code>.
+     * the data read from the input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized certificate format
      * supported by this certificate factory,
      * the returned certificate object can be typecast to the corresponding
      * certificate class. For example, if this certificate
      * factory implements X.509 certificates, the returned certificate object
-     * can be typecast to the <code>X509Certificate</code> class.
+     * can be typecast to the {@code X509Certificate} class.
      *
      * <p>In the case of a certificate factory for X.509 certificates, the
-     * certificate provided in <code>inStream</code> must be DER-encoded and
+     * certificate provided in {@code inStream} must be DER-encoded and
      * may be supplied in binary or printable (Base64) encoding. If the
      * certificate is provided in Base64 encoding, it must be bounded at
      * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at
@@ -324,7 +324,7 @@
      * the inherent end-of-certificate marker. If the data in the input stream
      * does not contain an inherent end-of-certificate marker (other
      * than EOF) and there is trailing data after the certificate is parsed, a
-     * <code>CertificateException</code> is thrown.
+     * {@code CertificateException} is thrown.
      *
      * @param inStream an input stream with the certificate data.
      *
@@ -340,19 +340,19 @@
     }
 
     /**
-     * Returns an iteration of the <code>CertPath</code> encodings supported
+     * Returns an iteration of the {@code CertPath} encodings supported
      * by this certificate factory, with the default encoding first. See
      * the CertPath Encodings section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard encoding names and their formats.
      * <p>
-     * Attempts to modify the returned <code>Iterator</code> via its
-     * <code>remove</code> method result in an
-     * <code>UnsupportedOperationException</code>.
+     * Attempts to modify the returned {@code Iterator} via its
+     * {@code remove} method result in an
+     * {@code UnsupportedOperationException}.
      *
-     * @return an <code>Iterator</code> over the names of the supported
-     *         <code>CertPath</code> encodings (as <code>String</code>s)
+     * @return an {@code Iterator} over the names of the supported
+     *         {@code CertPath} encodings (as {@code String}s)
      * @since 1.4
      */
     public final Iterator<String> getCertPathEncodings() {
@@ -360,15 +360,15 @@
     }
 
     /**
-     * Generates a <code>CertPath</code> object and initializes it with
-     * the data read from the <code>InputStream</code> inStream. The data
+     * Generates a {@code CertPath} object and initializes it with
+     * the data read from the {@code InputStream} inStream. The data
      * is assumed to be in the default encoding. The name of the default
-     * encoding is the first element of the <code>Iterator</code> returned by
+     * encoding is the first element of the {@code Iterator} returned by
      * the {@link #getCertPathEncodings getCertPathEncodings} method.
      *
-     * @param inStream an <code>InputStream</code> containing the data
-     * @return a <code>CertPath</code> initialized with the data from the
-     *   <code>InputStream</code>
+     * @param inStream an {@code InputStream} containing the data
+     * @return a {@code CertPath} initialized with the data from the
+     *   {@code InputStream}
      * @exception CertificateException if an exception occurs while decoding
      * @since 1.4
      */
@@ -379,18 +379,18 @@
     }
 
     /**
-     * Generates a <code>CertPath</code> object and initializes it with
-     * the data read from the <code>InputStream</code> inStream. The data
+     * Generates a {@code CertPath} object and initializes it with
+     * the data read from the {@code InputStream} inStream. The data
      * is assumed to be in the specified encoding. See
      * the CertPath Encodings section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard encoding names and their formats.
      *
-     * @param inStream an <code>InputStream</code> containing the data
+     * @param inStream an {@code InputStream} containing the data
      * @param encoding the encoding used for the data
-     * @return a <code>CertPath</code> initialized with the data from the
-     *   <code>InputStream</code>
+     * @return a {@code CertPath} initialized with the data from the
+     *   {@code InputStream}
      * @exception CertificateException if an exception occurs while decoding or
      *   the encoding requested is not supported
      * @since 1.4
@@ -402,15 +402,15 @@
     }
 
     /**
-     * Generates a <code>CertPath</code> object and initializes it with
-     * a <code>List</code> of <code>Certificate</code>s.
+     * Generates a {@code CertPath} object and initializes it with
+     * a {@code List} of {@code Certificate}s.
      * <p>
      * The certificates supplied must be of a type supported by the
-     * <code>CertificateFactory</code>. They will be copied out of the supplied
-     * <code>List</code> object.
+     * {@code CertificateFactory}. They will be copied out of the supplied
+     * {@code List} object.
      *
-     * @param certificates a <code>List</code> of <code>Certificate</code>s
-     * @return a <code>CertPath</code> initialized with the supplied list of
+     * @param certificates a {@code List} of {@code Certificate}s
+     * @return a {@code CertPath} initialized with the supplied list of
      *   certificates
      * @exception CertificateException if an exception occurs
      * @since 1.4
@@ -424,20 +424,20 @@
 
     /**
      * Returns a (possibly empty) collection view of the certificates read
-     * from the given input stream <code>inStream</code>.
+     * from the given input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized certificate format
      * supported by this certificate factory, each element in
      * the returned collection view can be typecast to the corresponding
      * certificate class. For example, if this certificate
      * factory implements X.509 certificates, the elements in the returned
-     * collection can be typecast to the <code>X509Certificate</code> class.
+     * collection can be typecast to the {@code X509Certificate} class.
      *
      * <p>In the case of a certificate factory for X.509 certificates,
-     * <code>inStream</code> may contain a sequence of DER-encoded certificates
+     * {@code inStream} may contain a sequence of DER-encoded certificates
      * in the formats described for
      * {@link #generateCertificate(java.io.InputStream) generateCertificate}.
-     * In addition, <code>inStream</code> may contain a PKCS#7 certificate
+     * In addition, {@code inStream} may contain a PKCS#7 certificate
      * chain. This is a PKCS#7 <i>SignedData</i> object, with the only
      * significant field being <i>certificates</i>. In particular, the
      * signature and the contents are ignored. This format allows multiple
@@ -464,14 +464,14 @@
 
     /**
      * Generates a certificate revocation list (CRL) object and initializes it
-     * with the data read from the input stream <code>inStream</code>.
+     * with the data read from the input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized CRL format
      * supported by this certificate factory,
      * the returned CRL object can be typecast to the corresponding
      * CRL class. For example, if this certificate
      * factory implements X.509 CRLs, the returned CRL object
-     * can be typecast to the <code>X509CRL</code> class.
+     * can be typecast to the {@code X509CRL} class.
      *
      * <p>Note that if the given input stream does not support
      * {@link java.io.InputStream#mark(int) mark} and
@@ -482,7 +482,7 @@
      * end-of-CRL marker. If the data in the
      * input stream does not contain an inherent end-of-CRL marker (other
      * than EOF) and there is trailing data after the CRL is parsed, a
-     * <code>CRLException</code> is thrown.
+     * {@code CRLException} is thrown.
      *
      * @param inStream an input stream with the CRL data.
      *
@@ -499,18 +499,18 @@
 
     /**
      * Returns a (possibly empty) collection view of the CRLs read
-     * from the given input stream <code>inStream</code>.
+     * from the given input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized CRL format
      * supported by this certificate factory, each element in
      * the returned collection view can be typecast to the corresponding
      * CRL class. For example, if this certificate
      * factory implements X.509 CRLs, the elements in the returned
-     * collection can be typecast to the <code>X509CRL</code> class.
+     * collection can be typecast to the {@code X509CRL} class.
      *
      * <p>In the case of a certificate factory for X.509 CRLs,
-     * <code>inStream</code> may contain a sequence of DER-encoded CRLs.
-     * In addition, <code>inStream</code> may contain a PKCS#7 CRL
+     * {@code inStream} may contain a sequence of DER-encoded CRLs.
+     * In addition, {@code inStream} may contain a PKCS#7 CRL
      * set. This is a PKCS#7 <i>SignedData</i> object, with the only
      * significant field being <i>crls</i>. In particular, the
      * signature and the contents are ignored. This format allows multiple
--- a/src/share/classes/java/security/cert/CertificateFactorySpi.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateFactorySpi.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,18 +35,18 @@
 
 /**
  * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
- * for the <code>CertificateFactory</code> class.
+ * for the {@code CertificateFactory} class.
  * All the abstract methods in this class must be implemented by each
  * cryptographic service provider who wishes to supply the implementation
  * of a certificate factory for a particular certificate type, e.g., X.509.
  *
  * <p>Certificate factories are used to generate certificate, certification path
- * (<code>CertPath</code>) and certificate revocation list (CRL) objects from
+ * ({@code CertPath}) and certificate revocation list (CRL) objects from
  * their encodings.
  *
  * <p>A certificate factory for X.509 must return certificates that are an
- * instance of <code>java.security.cert.X509Certificate</code>, and CRLs
- * that are an instance of <code>java.security.cert.X509CRL</code>.
+ * instance of {@code java.security.cert.X509Certificate}, and CRLs
+ * that are an instance of {@code java.security.cert.X509CRL}.
  *
  * @author Hemma Prafullchandra
  * @author Jan Luehe
@@ -67,17 +67,17 @@
 
     /**
      * Generates a certificate object and initializes it with
-     * the data read from the input stream <code>inStream</code>.
+     * the data read from the input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized certificate format
      * supported by this certificate factory,
      * the returned certificate object can be typecast to the corresponding
      * certificate class. For example, if this certificate
      * factory implements X.509 certificates, the returned certificate object
-     * can be typecast to the <code>X509Certificate</code> class.
+     * can be typecast to the {@code X509Certificate} class.
      *
      * <p>In the case of a certificate factory for X.509 certificates, the
-     * certificate provided in <code>inStream</code> must be DER-encoded and
+     * certificate provided in {@code inStream} must be DER-encoded and
      * may be supplied in binary or printable (Base64) encoding. If the
      * certificate is provided in Base64 encoding, it must be bounded at
      * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at
@@ -92,7 +92,7 @@
      * end-of-certificate marker. If the data in the
      * input stream does not contain an inherent end-of-certificate marker (other
      * than EOF) and there is trailing data after the certificate is parsed, a
-     * <code>CertificateException</code> is thrown.
+     * {@code CertificateException} is thrown.
      *
      * @param inStream an input stream with the certificate data.
      *
@@ -105,18 +105,18 @@
         throws CertificateException;
 
     /**
-     * Generates a <code>CertPath</code> object and initializes it with
-     * the data read from the <code>InputStream</code> inStream. The data
+     * Generates a {@code CertPath} object and initializes it with
+     * the data read from the {@code InputStream} inStream. The data
      * is assumed to be in the default encoding.
      *
      * <p> This method was added to version 1.4 of the Java 2 Platform
      * Standard Edition. In order to maintain backwards compatibility with
-     * existing service providers, this method cannot be <code>abstract</code>
-     * and by default throws an <code>UnsupportedOperationException</code>.
+     * existing service providers, this method cannot be {@code abstract}
+     * and by default throws an {@code UnsupportedOperationException}.
      *
-     * @param inStream an <code>InputStream</code> containing the data
-     * @return a <code>CertPath</code> initialized with the data from the
-     *   <code>InputStream</code>
+     * @param inStream an {@code InputStream} containing the data
+     * @return a {@code CertPath} initialized with the data from the
+     *   {@code InputStream}
      * @exception CertificateException if an exception occurs while decoding
      * @exception UnsupportedOperationException if the method is not supported
      * @since 1.4
@@ -128,19 +128,19 @@
     }
 
     /**
-     * Generates a <code>CertPath</code> object and initializes it with
-     * the data read from the <code>InputStream</code> inStream. The data
+     * Generates a {@code CertPath} object and initializes it with
+     * the data read from the {@code InputStream} inStream. The data
      * is assumed to be in the specified encoding.
      *
      * <p> This method was added to version 1.4 of the Java 2 Platform
      * Standard Edition. In order to maintain backwards compatibility with
-     * existing service providers, this method cannot be <code>abstract</code>
-     * and by default throws an <code>UnsupportedOperationException</code>.
+     * existing service providers, this method cannot be {@code abstract}
+     * and by default throws an {@code UnsupportedOperationException}.
      *
-     * @param inStream an <code>InputStream</code> containing the data
+     * @param inStream an {@code InputStream} containing the data
      * @param encoding the encoding used for the data
-     * @return a <code>CertPath</code> initialized with the data from the
-     *   <code>InputStream</code>
+     * @return a {@code CertPath} initialized with the data from the
+     *   {@code InputStream}
      * @exception CertificateException if an exception occurs while decoding or
      *   the encoding requested is not supported
      * @exception UnsupportedOperationException if the method is not supported
@@ -153,20 +153,20 @@
     }
 
     /**
-     * Generates a <code>CertPath</code> object and initializes it with
-     * a <code>List</code> of <code>Certificate</code>s.
+     * Generates a {@code CertPath} object and initializes it with
+     * a {@code List} of {@code Certificate}s.
      * <p>
      * The certificates supplied must be of a type supported by the
-     * <code>CertificateFactory</code>. They will be copied out of the supplied
-     * <code>List</code> object.
+     * {@code CertificateFactory}. They will be copied out of the supplied
+     * {@code List} object.
      *
      * <p> This method was added to version 1.4 of the Java 2 Platform
      * Standard Edition. In order to maintain backwards compatibility with
-     * existing service providers, this method cannot be <code>abstract</code>
-     * and by default throws an <code>UnsupportedOperationException</code>.
+     * existing service providers, this method cannot be {@code abstract}
+     * and by default throws an {@code UnsupportedOperationException}.
      *
-     * @param certificates a <code>List</code> of <code>Certificate</code>s
-     * @return a <code>CertPath</code> initialized with the supplied list of
+     * @param certificates a {@code List} of {@code Certificate}s
+     * @return a {@code CertPath} initialized with the supplied list of
      *   certificates
      * @exception CertificateException if an exception occurs
      * @exception UnsupportedOperationException if the method is not supported
@@ -180,24 +180,24 @@
     }
 
     /**
-     * Returns an iteration of the <code>CertPath</code> encodings supported
+     * Returns an iteration of the {@code CertPath} encodings supported
      * by this certificate factory, with the default encoding first. See
      * the CertPath Encodings section in the <a href=
      * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard encoding names.
      * <p>
-     * Attempts to modify the returned <code>Iterator</code> via its
-     * <code>remove</code> method result in an
-     * <code>UnsupportedOperationException</code>.
+     * Attempts to modify the returned {@code Iterator} via its
+     * {@code remove} method result in an
+     * {@code UnsupportedOperationException}.
      *
      * <p> This method was added to version 1.4 of the Java 2 Platform
      * Standard Edition. In order to maintain backwards compatibility with
-     * existing service providers, this method cannot be <code>abstract</code>
-     * and by default throws an <code>UnsupportedOperationException</code>.
+     * existing service providers, this method cannot be {@code abstract}
+     * and by default throws an {@code UnsupportedOperationException}.
      *
-     * @return an <code>Iterator</code> over the names of the supported
-     *         <code>CertPath</code> encodings (as <code>String</code>s)
+     * @return an {@code Iterator} over the names of the supported
+     *         {@code CertPath} encodings (as {@code String}s)
      * @exception UnsupportedOperationException if the method is not supported
      * @since 1.4
      */
@@ -207,21 +207,21 @@
 
     /**
      * Returns a (possibly empty) collection view of the certificates read
-     * from the given input stream <code>inStream</code>.
+     * from the given input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized certificate format
      * supported by this certificate factory, each element in
      * the returned collection view can be typecast to the corresponding
      * certificate class. For example, if this certificate
      * factory implements X.509 certificates, the elements in the returned
-     * collection can be typecast to the <code>X509Certificate</code> class.
+     * collection can be typecast to the {@code X509Certificate} class.
      *
      * <p>In the case of a certificate factory for X.509 certificates,
-     * <code>inStream</code> may contain a single DER-encoded certificate
+     * {@code inStream} may contain a single DER-encoded certificate
      * in the formats described for
      * {@link CertificateFactory#generateCertificate(java.io.InputStream)
      * generateCertificate}.
-     * In addition, <code>inStream</code> may contain a PKCS#7 certificate
+     * In addition, {@code inStream} may contain a PKCS#7 certificate
      * chain. This is a PKCS#7 <i>SignedData</i> object, with the only
      * significant field being <i>certificates</i>. In particular, the
      * signature and the contents are ignored. This format allows multiple
@@ -247,14 +247,14 @@
 
     /**
      * Generates a certificate revocation list (CRL) object and initializes it
-     * with the data read from the input stream <code>inStream</code>.
+     * with the data read from the input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized CRL format
      * supported by this certificate factory,
      * the returned CRL object can be typecast to the corresponding
      * CRL class. For example, if this certificate
      * factory implements X.509 CRLs, the returned CRL object
-     * can be typecast to the <code>X509CRL</code> class.
+     * can be typecast to the {@code X509CRL} class.
      *
      * <p>Note that if the given input stream does not support
      * {@link java.io.InputStream#mark(int) mark} and
@@ -265,7 +265,7 @@
      * end-of-CRL marker. If the data in the
      * input stream does not contain an inherent end-of-CRL marker (other
      * than EOF) and there is trailing data after the CRL is parsed, a
-     * <code>CRLException</code> is thrown.
+     * {@code CRLException} is thrown.
      *
      * @param inStream an input stream with the CRL data.
      *
@@ -279,18 +279,18 @@
 
     /**
      * Returns a (possibly empty) collection view of the CRLs read
-     * from the given input stream <code>inStream</code>.
+     * from the given input stream {@code inStream}.
      *
      * <p>In order to take advantage of the specialized CRL format
      * supported by this certificate factory, each element in
      * the returned collection view can be typecast to the corresponding
      * CRL class. For example, if this certificate
      * factory implements X.509 CRLs, the elements in the returned
-     * collection can be typecast to the <code>X509CRL</code> class.
+     * collection can be typecast to the {@code X509CRL} class.
      *
      * <p>In the case of a certificate factory for X.509 CRLs,
-     * <code>inStream</code> may contain a single DER-encoded CRL.
-     * In addition, <code>inStream</code> may contain a PKCS#7 CRL
+     * {@code inStream} may contain a single DER-encoded CRL.
+     * In addition, {@code inStream} may contain a PKCS#7 CRL
      * set. This is a PKCS#7 <i>SignedData</i> object, with the only
      * significant field being <i>crls</i>. In particular, the
      * signature and the contents are ignored. This format allows multiple
--- a/src/share/classes/java/security/cert/CertificateNotYetValidException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateNotYetValidException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,8 +27,8 @@
 
 /**
  * Certificate is not yet valid exception. This is thrown whenever
- * the current <code>Date</code> or the specified <code>Date</code>
- * is before the <code>notBefore</code> date/time in the Certificate
+ * the current {@code Date} or the specified {@code Date}
+ * is before the {@code notBefore} date/time in the Certificate
  * validity period.
  *
  * @author Hemma Prafullchandra
--- a/src/share/classes/java/security/cert/CertificateParsingException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateParsingException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,13 +57,13 @@
     }
 
     /**
-     * Creates a <code>CertificateParsingException</code> with the specified
+     * Creates a {@code CertificateParsingException} with the specified
      * detail message and cause.
      *
      * @param message the detail message (which is saved for later retrieval
      *        by the {@link #getMessage()} method).
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
@@ -72,14 +72,14 @@
     }
 
     /**
-     * Creates a <code>CertificateParsingException</code> with the
+     * Creates a {@code CertificateParsingException} with the
      * specified cause and a detail message of
-     * <tt>(cause==null ? null : cause.toString())</tt>
+     * {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <tt>cause</tt>).
+     * {@code cause}).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     *        {@link #getCause()} method).  (A <tt>null</tt> value is permitted,
+     *        {@link #getCause()} method).  (A {@code null} value is permitted,
      *        and indicates that the cause is nonexistent or unknown.)
      * @since 1.5
      */
--- a/src/share/classes/java/security/cert/CertificateRevokedException.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CertificateRevokedException.java	Tue Jan 24 00:54:36 2017 +0000
@@ -39,7 +39,7 @@
 
 /**
  * An exception that indicates an X.509 certificate is revoked. A
- * <code>CertificateRevokedException</code> contains additional information
+ * {@code CertificateRevokedException} contains additional information
  * about the revoked certificate, such as the date on which the
  * certificate was revoked and the reason it was revoked.
  *
@@ -60,7 +60,7 @@
      */
     private final CRLReason reason;
     /**
-     * @serial the <code>X500Principal</code> that represents the name of the
+     * @serial the {@code X500Principal} that represents the name of the
      * authority that signed the certificate's revocation status information
      */
     private final X500Principal authority;
@@ -68,7 +68,7 @@
     private transient Map<String, Extension> extensions;
 
     /**
-     * Constructs a <code>CertificateRevokedException</code> with
+     * Constructs a {@code CertificateRevokedException} with
      * the specified revocation date, reason code, authority name, and map
      * of extensions.
      *
@@ -78,12 +78,12 @@
      * @param extensions a map of X.509 Extensions. Each key is an OID String
      *    that maps to the corresponding Extension. The map is copied to
      *    prevent subsequent modification.
-     * @param authority the <code>X500Principal</code> that represents the name
+     * @param authority the {@code X500Principal} that represents the name
      *    of the authority that signed the certificate's revocation status
      *    information
-     * @throws NullPointerException if <code>revocationDate</code>,
-     *    <code>reason</code>, <code>authority</code>, or
-     *    <code>extensions</code> is <code>null</code>
+     * @throws NullPointerException if {@code revocationDate},
+     *    {@code reason}, {@code authority}, or
+     *    {@code extensions} is {@code null}
      */
     public CertificateRevokedException(Date revocationDate, CRLReason reason,
         X500Principal authority, Map<String, Extension> extensions) {
@@ -124,7 +124,7 @@
      * Returns the name of the authority that signed the certificate's
      * revocation status information.
      *
-     * @return the <code>X500Principal</code> that represents the name of the
+     * @return the {@code X500Principal} that represents the name of the
      *     authority that signed the certificate's revocation status information
      */
     public X500Principal getAuthorityName() {
@@ -133,16 +133,16 @@
 
     /**
      * Returns the invalidity date, as specifed in the Invalidity Date
-     * extension of this <code>CertificateRevokedException</code>. The
+     * extension of this {@code CertificateRevokedException}. The
      * invalidity date is the date on which it is known or suspected that the
      * private key was compromised or that the certificate otherwise became
-     * invalid. This implementation calls <code>getExtensions()</code> and
+     * invalid. This implementation calls {@code getExtensions()} and
      * checks the returned map for an entry for the Invalidity Date extension
      * OID ("2.5.29.24"). If found, it returns the invalidity date in the
      * extension; otherwise null. A new Date object is returned each time the
      * method is invoked to protect against subsequent modification.
      *
-     * @return the invalidity date, or <code>null</code> if not specified
+     * @return the invalidity date, or {@code null} if not specified
      */
     public Date getInvalidityDate() {
         Extension ext = getExtensions().get("2.5.29.24");
@@ -180,7 +180,7 @@
     }
 
     /**
-     * Serialize this <code>CertificateRevokedException</code> instance.
+     * Serialize this {@code CertificateRevokedException} instance.
      *
      * @serialData the size of the extensions map (int), followed by all of
      * the extensions in the map, in no particular order. For each extension,
@@ -212,7 +212,7 @@
     }
 
     /**
-     * Deserialize the <code>CertificateRevokedException</code> instance.
+     * Deserialize the {@code CertificateRevokedException} instance.
      */
     private void readObject(ObjectInputStream ois)
         throws IOException, ClassNotFoundException {
--- a/src/share/classes/java/security/cert/CollectionCertStoreParameters.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/CollectionCertStoreParameters.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,13 +30,13 @@
 import java.util.Collections;
 
 /**
- * Parameters used as input for the Collection <code>CertStore</code>
+ * Parameters used as input for the Collection {@code CertStore}
  * algorithm.
  * <p>
  * This class is used to provide necessary configuration parameters
- * to implementations of the Collection <code>CertStore</code>
+ * to implementations of the Collection {@code CertStore}
  * algorithm. The only parameter included in this class is the
- * <code>Collection</code> from which the <code>CertStore</code> will
+ * {@code Collection} from which the {@code CertStore} will
  * retrieve certificates and CRLs.
  * <p>
  * <b>Concurrent Access</b>
@@ -58,30 +58,30 @@
     private Collection<?> coll;
 
     /**
-     * Creates an instance of <code>CollectionCertStoreParameters</code>
+     * Creates an instance of {@code CollectionCertStoreParameters}
      * which will allow certificates and CRLs to be retrieved from the
-     * specified <code>Collection</code>. If the specified
-     * <code>Collection</code> contains an object that is not a
-     * <code>Certificate</code> or <code>CRL</code>, that object will be
-     * ignored by the Collection <code>CertStore</code>.
+     * specified {@code Collection}. If the specified
+     * {@code Collection} contains an object that is not a
+     * {@code Certificate} or {@code CRL}, that object will be
+     * ignored by the Collection {@code CertStore}.
      * <p>
-     * The <code>Collection</code> is <b>not</b> copied. Instead, a
+     * The {@code Collection} is <b>not</b> copied. Instead, a
      * reference is used. This allows the caller to subsequently add or
-     * remove <code>Certificates</code> or <code>CRL</code>s from the
-     * <code>Collection</code>, thus changing the set of
-     * <code>Certificates</code> or <code>CRL</code>s available to the
-     * Collection <code>CertStore</code>. The Collection <code>CertStore</code>
-     * will not modify the contents of the <code>Collection</code>.
+     * remove {@code Certificates} or {@code CRL}s from the
+     * {@code Collection}, thus changing the set of
+     * {@code Certificates} or {@code CRL}s available to the
+     * Collection {@code CertStore}. The Collection {@code CertStore}
+     * will not modify the contents of the {@code Collection}.
      * <p>
-     * If the <code>Collection</code> will be modified by one thread while
-     * another thread is calling a method of a Collection <code>CertStore</code>
-     * that has been initialized with this <code>Collection</code>, the
-     * <code>Collection</code> must have fail-fast iterators.
+     * If the {@code Collection} will be modified by one thread while
+     * another thread is calling a method of a Collection {@code CertStore}
+     * that has been initialized with this {@code Collection}, the
+     * {@code Collection} must have fail-fast iterators.
      *
-     * @param collection a <code>Collection</code> of
-     *        <code>Certificate</code>s and <code>CRL</code>s
-     * @exception NullPointerException if <code>collection</code> is
-     * <code>null</code>
+     * @param collection a {@code Collection} of
+     *        {@code Certificate}s and {@code CRL}s
+     * @exception NullPointerException if {@code collection} is
+     * {@code null}
      */
     public CollectionCertStoreParameters(Collection<?> collection) {
         if (collection == null)
@@ -90,22 +90,22 @@
     }
 
     /**
-     * Creates an instance of <code>CollectionCertStoreParameters</code> with
+     * Creates an instance of {@code CollectionCertStoreParameters} with
      * the default parameter values (an empty and immutable
-     * <code>Collection</code>).
+     * {@code Collection}).
      */
     public CollectionCertStoreParameters() {
         coll = Collections.EMPTY_SET;
     }
 
     /**
-     * Returns the <code>Collection</code> from which <code>Certificate</code>s
-     * and <code>CRL</code>s are retrieved. This is <b>not</b> a copy of the
-     * <code>Collection</code>, it is a reference. This allows the caller to
-     * subsequently add or remove <code>Certificates</code> or
-     * <code>CRL</code>s from the <code>Collection</code>.
+     * Returns the {@code Collection} from which {@code Certificate}s
+     * and {@code CRL}s are retrieved. This is <b>not</b> a copy of the
+     * {@code Collection}, it is a reference. This allows the caller to
+     * subsequently add or remove {@code Certificates} or
+     * {@code CRL}s from the {@code Collection}.
      *
-     * @return the <code>Collection</code> (never null)
+     * @return the {@code Collection} (never null)
      */
     public Collection<?> getCollection() {
         return coll;
@@ -113,7 +113,7 @@
 
     /**
      * Returns a copy of this object. Note that only a reference to the
-     * <code>Collection</code> is copied, and not the contents.
+     * {@code Collection} is copied, and not the contents.
      *
      * @return the copy
      */
--- a/src/share/classes/java/security/cert/Extension.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/Extension.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -84,7 +84,7 @@
      * that are encoded as an OCTET STRING. It does not include the OCTET
      * STRING tag and length.
      *
-     * @return a copy of the extension's value, or <code>null</code> if no
+     * @return a copy of the extension's value, or {@code null} if no
      *    extension value is present.
      */
     byte[] getValue();
@@ -95,7 +95,7 @@
      *
      * @param out the output stream
      * @exception IOException on encoding or output error.
-     * @exception NullPointerException if <code>out</code> is <code>null</code>.
+     * @exception NullPointerException if {@code out} is {@code null}.
      */
     void encode(OutputStream out) throws IOException;
 }
--- a/src/share/classes/java/security/cert/LDAPCertStoreParameters.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/LDAPCertStoreParameters.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,10 +26,10 @@
 package java.security.cert;
 
 /**
- * Parameters used as input for the LDAP <code>CertStore</code> algorithm.
+ * Parameters used as input for the LDAP {@code CertStore} algorithm.
  * <p>
  * This class is used to provide necessary configuration parameters (server
- * name and port number) to implementations of the LDAP <code>CertStore</code>
+ * name and port number) to implementations of the LDAP {@code CertStore}
  * algorithm.
  * <p>
  * <b>Concurrent Access</b>
@@ -59,13 +59,13 @@
     private String serverName;
 
     /**
-     * Creates an instance of <code>LDAPCertStoreParameters</code> with the
+     * Creates an instance of {@code LDAPCertStoreParameters} with the
      * specified parameter values.
      *
      * @param serverName the DNS name of the LDAP server
      * @param port the port number of the LDAP server
-     * @exception NullPointerException if <code>serverName</code> is
-     * <code>null</code>
+     * @exception NullPointerException if {@code serverName} is
+     * {@code null}
      */
     public LDAPCertStoreParameters(String serverName, int port) {
         if (serverName == null)
@@ -75,19 +75,19 @@
     }
 
     /**
-     * Creates an instance of <code>LDAPCertStoreParameters</code> with the
+     * Creates an instance of {@code LDAPCertStoreParameters} with the
      * specified server name and a default port of 389.
      *
      * @param serverName the DNS name of the LDAP server
-     * @exception NullPointerException if <code>serverName</code> is
-     * <code>null</code>
+     * @exception NullPointerException if {@code serverName} is
+     * {@code null}
      */
     public LDAPCertStoreParameters(String serverName) {
         this(serverName, LDAP_DEFAULT_PORT);
     }
 
     /**
-     * Creates an instance of <code>LDAPCertStoreParameters</code> with the
+     * Creates an instance of {@code LDAPCertStoreParameters} with the
      * default parameter values (server name "localhost", port 389).
      */
     public LDAPCertStoreParameters() {
@@ -97,7 +97,7 @@
     /**
      * Returns the DNS name of the LDAP server.
      *
-     * @return the name (not <code>null</code>)
+     * @return the name (not {@code null})
      */
     public String getServerName() {
         return serverName;
@@ -117,7 +117,7 @@
      * the original and vice versa.
      * <p>
      * Note: this method currently performs a shallow copy of the object
-     * (simply calls <code>Object.clone()</code>). This may be changed in a
+     * (simply calls {@code Object.clone()}). This may be changed in a
      * future revision to perform a deep copy if new parameters are added
      * that should not be shared.
      *
--- a/src/share/classes/java/security/cert/PKIXBuilderParameters.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PKIXBuilderParameters.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,35 +32,35 @@
 import java.util.Set;
 
 /**
- * Parameters used as input for the PKIX <code>CertPathBuilder</code>
+ * Parameters used as input for the PKIX {@code CertPathBuilder}
  * algorithm.
  * <p>
- * A PKIX <code>CertPathBuilder</code> uses these parameters to {@link
- * CertPathBuilder#build build} a <code>CertPath</code> which has been
+ * A PKIX {@code CertPathBuilder} uses these parameters to {@link
+ * CertPathBuilder#build build} a {@code CertPath} which has been
  * validated according to the PKIX certification path validation algorithm.
  *
- * <p>To instantiate a <code>PKIXBuilderParameters</code> object, an
+ * <p>To instantiate a {@code PKIXBuilderParameters} object, an
  * application must specify one or more <i>most-trusted CAs</i> as defined by
  * the PKIX certification path validation algorithm. The most-trusted CA
  * can be specified using one of two constructors. An application
  * can call {@link #PKIXBuilderParameters(Set, CertSelector)
  * PKIXBuilderParameters(Set, CertSelector)}, specifying a
- * <code>Set</code> of <code>TrustAnchor</code> objects, each of which
+ * {@code Set} of {@code TrustAnchor} objects, each of which
  * identifies a most-trusted CA. Alternatively, an application can call
  * {@link #PKIXBuilderParameters(KeyStore, CertSelector)
  * PKIXBuilderParameters(KeyStore, CertSelector)}, specifying a
- * <code>KeyStore</code> instance containing trusted certificate entries, each
+ * {@code KeyStore} instance containing trusted certificate entries, each
  * of which will be considered as a most-trusted CA.
  *
  * <p>In addition, an application must specify constraints on the target
- * certificate that the <code>CertPathBuilder</code> will attempt
+ * certificate that the {@code CertPathBuilder} will attempt
  * to build a path to. The constraints are specified as a
- * <code>CertSelector</code> object. These constraints should provide the
- * <code>CertPathBuilder</code> with enough search criteria to find the target
- * certificate. Minimal criteria for an <code>X509Certificate</code> usually
+ * {@code CertSelector} object. These constraints should provide the
+ * {@code CertPathBuilder} with enough search criteria to find the target
+ * certificate. Minimal criteria for an {@code X509Certificate} usually
  * include the subject name and/or one or more subject alternative names.
- * If enough criteria is not specified, the <code>CertPathBuilder</code>
- * may throw a <code>CertPathBuilderException</code>.
+ * If enough criteria is not specified, the {@code CertPathBuilder}
+ * may throw a {@code CertPathBuilderException}.
  * <p>
  * <b>Concurrent Access</b>
  * <p>
@@ -80,23 +80,23 @@
     private int maxPathLength = 5;
 
     /**
-     * Creates an instance of <code>PKIXBuilderParameters</code> with
-     * the specified <code>Set</code> of most-trusted CAs.
+     * Creates an instance of {@code PKIXBuilderParameters} with
+     * the specified {@code Set} of most-trusted CAs.
      * Each element of the set is a {@link TrustAnchor TrustAnchor}.
      *
-     * <p>Note that the <code>Set</code> is copied to protect against
+     * <p>Note that the {@code Set} is copied to protect against
      * subsequent modifications.
      *
-     * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
-     * @param targetConstraints a <code>CertSelector</code> specifying the
+     * @param trustAnchors a {@code Set} of {@code TrustAnchor}s
+     * @param targetConstraints a {@code CertSelector} specifying the
      * constraints on the target certificate
-     * @throws InvalidAlgorithmParameterException if <code>trustAnchors</code>
-     * is empty <code>(trustAnchors.isEmpty() == true)</code>
-     * @throws NullPointerException if <code>trustAnchors</code> is
-     * <code>null</code>
+     * @throws InvalidAlgorithmParameterException if {@code trustAnchors}
+     * is empty {@code (trustAnchors.isEmpty() == true)}
+     * @throws NullPointerException if {@code trustAnchors} is
+     * {@code null}
      * @throws ClassCastException if any of the elements of
-     * <code>trustAnchors</code> are not of type
-     * <code>java.security.cert.TrustAnchor</code>
+     * {@code trustAnchors} are not of type
+     * {@code java.security.cert.TrustAnchor}
      */
     public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector
         targetConstraints) throws InvalidAlgorithmParameterException
@@ -106,22 +106,22 @@
     }
 
     /**
-     * Creates an instance of <code>PKIXBuilderParameters</code> that
+     * Creates an instance of {@code PKIXBuilderParameters} that
      * populates the set of most-trusted CAs from the trusted
-     * certificate entries contained in the specified <code>KeyStore</code>.
-     * Only keystore entries that contain trusted <code>X509Certificate</code>s
+     * certificate entries contained in the specified {@code KeyStore}.
+     * Only keystore entries that contain trusted {@code X509Certificate}s
      * are considered; all other certificate types are ignored.
      *
-     * @param keystore a <code>KeyStore</code> from which the set of
+     * @param keystore a {@code KeyStore} from which the set of
      * most-trusted CAs will be populated
-     * @param targetConstraints a <code>CertSelector</code> specifying the
+     * @param targetConstraints a {@code CertSelector} specifying the
      * constraints on the target certificate
-     * @throws KeyStoreException if <code>keystore</code> has not been
+     * @throws KeyStoreException if {@code keystore} has not been
      * initialized
-     * @throws InvalidAlgorithmParameterException if <code>keystore</code> does
+     * @throws InvalidAlgorithmParameterException if {@code keystore} does
      * not contain at least one trusted certificate entry
-     * @throws NullPointerException if <code>keystore</code> is
-     * <code>null</code>
+     * @throws NullPointerException if {@code keystore} is
+     * {@code null}
      */
     public PKIXBuilderParameters(KeyStore keystore,
         CertSelector targetConstraints)
@@ -139,7 +139,7 @@
      * in a certification path is not an intermediate certificate, and is not
      * included in this limit. Usually the last certificate is an end entity
      * certificate, but it can be a CA certificate. A PKIX
-     * <code>CertPathBuilder</code> instance must not build
+     * {@code CertPathBuilder} instance must not build
      * paths longer than the length specified.
      *
      * <p> A value of 0 implies that the path can only contain
@@ -149,14 +149,14 @@
      * Setting a value less than -1 will cause an exception to be thrown.
      *
      * <p> If any of the CA certificates contain the
-     * <code>BasicConstraintsExtension</code>, the value of the
-     * <code>pathLenConstraint</code> field of the extension overrides
+     * {@code BasicConstraintsExtension}, the value of the
+     * {@code pathLenConstraint} field of the extension overrides
      * the maximum path length parameter whenever the result is a
      * certification path of smaller length.
      *
      * @param maxPathLength the maximum number of non-self-issued intermediate
      *  certificates that may exist in a certification path
-     * @throws InvalidParameterException if <code>maxPathLength</code> is set
+     * @throws InvalidParameterException if {@code maxPathLength} is set
      *  to a value less than -1
      *
      * @see #getMaxPathLength
--- a/src/share/classes/java/security/cert/PKIXCertPathBuilderResult.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PKIXCertPathBuilderResult.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,14 +33,14 @@
  * returned using this algorithm are also validated according to the PKIX
  * certification path validation algorithm.
  *
- * <p>Instances of <code>PKIXCertPathBuilderResult</code> are returned by
- * the <code>build</code> method of <code>CertPathBuilder</code>
+ * <p>Instances of {@code PKIXCertPathBuilderResult} are returned by
+ * the {@code build} method of {@code CertPathBuilder}
  * objects implementing the PKIX algorithm.
  *
- * <p>All <code>PKIXCertPathBuilderResult</code> objects contain the
+ * <p>All {@code PKIXCertPathBuilderResult} objects contain the
  * certification path constructed by the build algorithm, the
  * valid policy tree and subject public key resulting from the build
- * algorithm, and a <code>TrustAnchor</code> describing the certification
+ * algorithm, and a {@code TrustAnchor} describing the certification
  * authority (CA) that served as a trust anchor for the certification path.
  * <p>
  * <b>Concurrent Access</b>
@@ -62,18 +62,18 @@
     private CertPath certPath;
 
     /**
-     * Creates an instance of <code>PKIXCertPathBuilderResult</code>
+     * Creates an instance of {@code PKIXCertPathBuilderResult}
      * containing the specified parameters.
      *
-     * @param certPath the validated <code>CertPath</code>
-     * @param trustAnchor a <code>TrustAnchor</code> describing the CA that
+     * @param certPath the validated {@code CertPath}
+     * @param trustAnchor a {@code TrustAnchor} describing the CA that
      * served as a trust anchor for the certification path
-     * @param policyTree the immutable valid policy tree, or <code>null</code>
+     * @param policyTree the immutable valid policy tree, or {@code null}
      * if there are no valid policies
      * @param subjectPublicKey the public key of the subject
-     * @throws NullPointerException if the <code>certPath</code>,
-     * <code>trustAnchor</code> or <code>subjectPublicKey</code> parameters
-     * are <code>null</code>
+     * @throws NullPointerException if the {@code certPath},
+     * {@code trustAnchor} or {@code subjectPublicKey} parameters
+     * are {@code null}
      */
     public PKIXCertPathBuilderResult(CertPath certPath,
         TrustAnchor trustAnchor, PolicyNode policyTree,
@@ -87,13 +87,13 @@
 
     /**
      * Returns the built and validated certification path. The
-     * <code>CertPath</code> object does not include the trust anchor.
+     * {@code CertPath} object does not include the trust anchor.
      * Instead, use the {@link #getTrustAnchor() getTrustAnchor()} method to
-     * obtain the <code>TrustAnchor</code> that served as the trust anchor
+     * obtain the {@code TrustAnchor} that served as the trust anchor
      * for the certification path.
      *
-     * @return the built and validated <code>CertPath</code> (never
-     * <code>null</code>)
+     * @return the built and validated {@code CertPath} (never
+     * {@code null})
      */
     public CertPath getCertPath() {
         return certPath;
@@ -101,10 +101,10 @@
 
     /**
      * Return a printable representation of this
-     * <code>PKIXCertPathBuilderResult</code>.
+     * {@code PKIXCertPathBuilderResult}.
      *
-     * @return a <code>String</code> describing the contents of this
-     *         <code>PKIXCertPathBuilderResult</code>
+     * @return a {@code String} describing the contents of this
+     *         {@code PKIXCertPathBuilderResult}
      */
     public String toString() {
         StringBuffer sb = new StringBuffer();
--- a/src/share/classes/java/security/cert/PKIXCertPathChecker.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PKIXCertPathChecker.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,38 +30,38 @@
 
 /**
  * An abstract class that performs one or more checks on an
- * <code>X509Certificate</code>.
+ * {@code X509Certificate}.
  *
- * <p>A concrete implementation of the <code>PKIXCertPathChecker</code> class
+ * <p>A concrete implementation of the {@code PKIXCertPathChecker} class
  * can be created to extend the PKIX certification path validation algorithm.
  * For example, an implementation may check for and process a critical private
  * extension of each certificate in a certification path.
  *
- * <p>Instances of <code>PKIXCertPathChecker</code> are passed as parameters
+ * <p>Instances of {@code PKIXCertPathChecker} are passed as parameters
  * using the {@link PKIXParameters#setCertPathCheckers setCertPathCheckers}
  * or {@link PKIXParameters#addCertPathChecker addCertPathChecker} methods
- * of the <code>PKIXParameters</code> and <code>PKIXBuilderParameters</code>
- * class. Each of the <code>PKIXCertPathChecker</code>s {@link #check check}
+ * of the {@code PKIXParameters} and {@code PKIXBuilderParameters}
+ * class. Each of the {@code PKIXCertPathChecker}s {@link #check check}
  * methods will be called, in turn, for each certificate processed by a PKIX
- * <code>CertPathValidator</code> or <code>CertPathBuilder</code>
+ * {@code CertPathValidator} or {@code CertPathBuilder}
  * implementation.
  *
- * <p>A <code>PKIXCertPathChecker</code> may be called multiple times on
+ * <p>A {@code PKIXCertPathChecker} may be called multiple times on
  * successive certificates in a certification path. Concrete subclasses
  * are expected to maintain any internal state that may be necessary to
  * check successive certificates. The {@link #init init} method is used
  * to initialize the internal state of the checker so that the certificates
  * of a new certification path may be checked. A stateful implementation
  * <b>must</b> override the {@link #clone clone} method if necessary in
- * order to allow a PKIX <code>CertPathBuilder</code> to efficiently
+ * order to allow a PKIX {@code CertPathBuilder} to efficiently
  * backtrack and try other paths. In these situations, the
- * <code>CertPathBuilder</code> is able to restore prior path validation
- * states by restoring the cloned <code>PKIXCertPathChecker</code>s.
+ * {@code CertPathBuilder} is able to restore prior path validation
+ * states by restoring the cloned {@code PKIXCertPathChecker}s.
  *
  * <p>The order in which the certificates are presented to the
- * <code>PKIXCertPathChecker</code> may be either in the forward direction
+ * {@code PKIXCertPathChecker} may be either in the forward direction
  * (from target to most-trusted CA) or in the reverse direction (from
- * most-trusted CA to target). A <code>PKIXCertPathChecker</code> implementation
+ * most-trusted CA to target). A {@code PKIXCertPathChecker} implementation
  * <b>must</b> support reverse checking (the ability to perform its checks when
  * it is presented with certificates in the reverse direction) and <b>may</b>
  * support forward checking (the ability to perform its checks when it is
@@ -95,19 +95,19 @@
     protected PKIXCertPathChecker() {}
 
     /**
-     * Initializes the internal state of this <code>PKIXCertPathChecker</code>.
+     * Initializes the internal state of this {@code PKIXCertPathChecker}.
      * <p>
-     * The <code>forward</code> flag specifies the order that
+     * The {@code forward} flag specifies the order that
      * certificates will be passed to the {@link #check check} method
-     * (forward or reverse). A <code>PKIXCertPathChecker</code> <b>must</b>
+     * (forward or reverse). A {@code PKIXCertPathChecker} <b>must</b>
      * support reverse checking and <b>may</b> support forward checking.
      *
      * @param forward the order that certificates are presented to
-     * the <code>check</code> method. If <code>true</code>, certificates
+     * the {@code check} method. If {@code true}, certificates
      * are presented from target to most-trusted CA (forward); if
-     * <code>false</code>, from most-trusted CA to target (reverse).
+     * {@code false}, from most-trusted CA to target (reverse).
      * @throws CertPathValidatorException if this
-     * <code>PKIXCertPathChecker</code> is unable to check certificates in
+     * {@code PKIXCertPathChecker} is unable to check certificates in
      * the specified order; it should never be thrown if the forward flag
      * is false since reverse checking must be supported
      */
@@ -116,31 +116,31 @@
 
     /**
      * Indicates if forward checking is supported. Forward checking refers
-     * to the ability of the <code>PKIXCertPathChecker</code> to perform
-     * its checks when certificates are presented to the <code>check</code>
+     * to the ability of the {@code PKIXCertPathChecker} to perform
+     * its checks when certificates are presented to the {@code check}
      * method in the forward direction (from target to most-trusted CA).
      *
-     * @return <code>true</code> if forward checking is supported,
-     * <code>false</code> otherwise
+     * @return {@code true} if forward checking is supported,
+     * {@code false} otherwise
      */
     public abstract boolean isForwardCheckingSupported();
 
     /**
-     * Returns an immutable <code>Set</code> of X.509 certificate extensions
-     * that this <code>PKIXCertPathChecker</code> supports (i.e. recognizes, is
-     * able to process), or <code>null</code> if no extensions are supported.
+     * Returns an immutable {@code Set} of X.509 certificate extensions
+     * that this {@code PKIXCertPathChecker} supports (i.e. recognizes, is
+     * able to process), or {@code null} if no extensions are supported.
      * <p>
-     * Each element of the set is a <code>String</code> representing the
+     * Each element of the set is a {@code String} representing the
      * Object Identifier (OID) of the X.509 extension that is supported.
      * The OID is represented by a set of nonnegative integers separated by
      * periods.
      * <p>
-     * All X.509 certificate extensions that a <code>PKIXCertPathChecker</code>
+     * All X.509 certificate extensions that a {@code PKIXCertPathChecker}
      * might possibly be able to process should be included in the set.
      *
-     * @return an immutable <code>Set</code> of X.509 extension OIDs (in
-     * <code>String</code> format) supported by this
-     * <code>PKIXCertPathChecker</code>, or <code>null</code> if no
+     * @return an immutable {@code Set} of X.509 extension OIDs (in
+     * {@code String} format) supported by this
+     * {@code PKIXCertPathChecker}, or {@code null} if no
      * extensions are supported
      */
     public abstract Set<String> getSupportedExtensions();
@@ -150,10 +150,10 @@
      * state and removes any critical extensions that it processes from the
      * specified collection of OID strings that represent the unresolved
      * critical extensions. The certificates are presented in the order
-     * specified by the <code>init</code> method.
+     * specified by the {@code init} method.
      *
-     * @param cert the <code>Certificate</code> to be checked
-     * @param unresolvedCritExts a <code>Collection</code> of OID strings
+     * @param cert the {@code Certificate} to be checked
+     * @param unresolvedCritExts a {@code Collection} of OID strings
      * representing the current set of unresolved critical extensions
      * @exception CertPathValidatorException if the specified certificate does
      * not pass the check
@@ -163,12 +163,12 @@
             throws CertPathValidatorException;
 
     /**
-     * Returns a clone of this object. Calls the <code>Object.clone()</code>
+     * Returns a clone of this object. Calls the {@code Object.clone()}
      * method.
      * All subclasses which maintain state must support and
      * override this method, if necessary.
      *
-     * @return a copy of this <code>PKIXCertPathChecker</code>
+     * @return a copy of this {@code PKIXCertPathChecker}
      */
     public Object clone() {
         try {
--- a/src/share/classes/java/security/cert/PKIXCertPathValidatorResult.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PKIXCertPathValidatorResult.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,13 +31,13 @@
  * This class represents the successful result of the PKIX certification
  * path validation algorithm.
  *
- * <p>Instances of <code>PKIXCertPathValidatorResult</code> are returned by the
+ * <p>Instances of {@code PKIXCertPathValidatorResult} are returned by the
  * {@link CertPathValidator#validate validate} method of
- * <code>CertPathValidator</code> objects implementing the PKIX algorithm.
+ * {@code CertPathValidator} objects implementing the PKIX algorithm.
  *
- * <p> All <code>PKIXCertPathValidatorResult</code> objects contain the
+ * <p> All {@code PKIXCertPathValidatorResult} objects contain the
  * valid policy tree and subject public key resulting from the
- * validation algorithm, as well as a <code>TrustAnchor</code> describing
+ * validation algorithm, as well as a {@code TrustAnchor} describing
  * the certification authority (CA) that served as a trust anchor for the
  * certification path.
  * <p>
@@ -62,16 +62,16 @@
     private PublicKey subjectPublicKey;
 
     /**
-     * Creates an instance of <code>PKIXCertPathValidatorResult</code>
+     * Creates an instance of {@code PKIXCertPathValidatorResult}
      * containing the specified parameters.
      *
-     * @param trustAnchor a <code>TrustAnchor</code> describing the CA that
+     * @param trustAnchor a {@code TrustAnchor} describing the CA that
      * served as a trust anchor for the certification path
-     * @param policyTree the immutable valid policy tree, or <code>null</code>
+     * @param policyTree the immutable valid policy tree, or {@code null}
      * if there are no valid policies
      * @param subjectPublicKey the public key of the subject
-     * @throws NullPointerException if the <code>subjectPublicKey</code> or
-     * <code>trustAnchor</code> parameters are <code>null</code>
+     * @throws NullPointerException if the {@code subjectPublicKey} or
+     * {@code trustAnchor} parameters are {@code null}
      */
     public PKIXCertPathValidatorResult(TrustAnchor trustAnchor,
         PolicyNode policyTree, PublicKey subjectPublicKey)
@@ -86,10 +86,10 @@
     }
 
     /**
-     * Returns the <code>TrustAnchor</code> describing the CA that served
+     * Returns the {@code TrustAnchor} describing the CA that served
      * as a trust anchor for the certification path.
      *
-     * @return the <code>TrustAnchor</code> (never <code>null</code>)
+     * @return the {@code TrustAnchor} (never {@code null})
      */
     public TrustAnchor getTrustAnchor() {
         return trustAnchor;
@@ -98,18 +98,18 @@
     /**
      * Returns the root node of the valid policy tree resulting from the
      * PKIX certification path validation algorithm. The
-     * <code>PolicyNode</code> object that is returned and any objects that
+     * {@code PolicyNode} object that is returned and any objects that
      * it returns through public methods are immutable.
      *
      * <p>Most applications will not need to examine the valid policy tree.
      * They can achieve their policy processing goals by setting the
-     * policy-related parameters in <code>PKIXParameters</code>. However, more
+     * policy-related parameters in {@code PKIXParameters}. However, more
      * sophisticated applications, especially those that process policy
      * qualifiers, may need to traverse the valid policy tree using the
      * {@link PolicyNode#getParent PolicyNode.getParent} and
      * {@link PolicyNode#getChildren PolicyNode.getChildren} methods.
      *
-     * @return the root node of the valid policy tree, or <code>null</code>
+     * @return the root node of the valid policy tree, or {@code null}
      * if there are no valid policies
      */
     public PolicyNode getPolicyTree() {
@@ -120,7 +120,7 @@
      * Returns the public key of the subject (target) of the certification
      * path, including any inherited public key parameters if applicable.
      *
-     * @return the public key of the subject (never <code>null</code>)
+     * @return the public key of the subject (never {@code null})
      */
     public PublicKey getPublicKey() {
         return subjectPublicKey;
@@ -142,10 +142,10 @@
 
     /**
      * Return a printable representation of this
-     * <code>PKIXCertPathValidatorResult</code>.
+     * {@code PKIXCertPathValidatorResult}.
      *
-     * @return a <code>String</code> describing the contents of this
-     *         <code>PKIXCertPathValidatorResult</code>
+     * @return a {@code String} describing the contents of this
+     *         {@code PKIXCertPathValidatorResult}
      */
     public String toString() {
         StringBuffer sb = new StringBuffer();
--- a/src/share/classes/java/security/cert/PKIXParameters.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PKIXParameters.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,34 +38,34 @@
 import java.util.Set;
 
 /**
- * Parameters used as input for the PKIX <code>CertPathValidator</code>
+ * Parameters used as input for the PKIX {@code CertPathValidator}
  * algorithm.
  * <p>
- * A PKIX <code>CertPathValidator</code> uses these parameters to
- * validate a <code>CertPath</code> according to the PKIX certification path
+ * A PKIX {@code CertPathValidator} uses these parameters to
+ * validate a {@code CertPath} according to the PKIX certification path
  * validation algorithm.
  *
- * <p>To instantiate a <code>PKIXParameters</code> object, an
+ * <p>To instantiate a {@code PKIXParameters} object, an
  * application must specify one or more <i>most-trusted CAs</i> as defined by
  * the PKIX certification path validation algorithm. The most-trusted CAs
  * can be specified using one of two constructors. An application
  * can call {@link #PKIXParameters(Set) PKIXParameters(Set)},
- * specifying a <code>Set</code> of <code>TrustAnchor</code> objects, each
+ * specifying a {@code Set} of {@code TrustAnchor} objects, each
  * of which identify a most-trusted CA. Alternatively, an application can call
  * {@link #PKIXParameters(KeyStore) PKIXParameters(KeyStore)}, specifying a
- * <code>KeyStore</code> instance containing trusted certificate entries, each
+ * {@code KeyStore} instance containing trusted certificate entries, each
  * of which will be considered as a most-trusted CA.
  * <p>
- * Once a <code>PKIXParameters</code> object has been created, other parameters
+ * Once a {@code PKIXParameters} object has been created, other parameters
  * can be specified (by calling {@link #setInitialPolicies setInitialPolicies}
  * or {@link #setDate setDate}, for instance) and then the
- * <code>PKIXParameters</code> is passed along with the <code>CertPath</code>
+ * {@code PKIXParameters} is passed along with the {@code CertPath}
  * to be validated to {@link CertPathValidator#validate
  * CertPathValidator.validate}.
  * <p>
- * Any parameter that is not set (or is set to <code>null</code>) will
+ * Any parameter that is not set (or is set to {@code null}) will
  * be set to the default value for that parameter. The default value for the
- * <code>date</code> parameter is <code>null</code>, which indicates
+ * {@code date} parameter is {@code null}, which indicates
  * the current time when the path is validated. The default for the
  * remaining parameters is the least constrained.
  * <p>
@@ -99,20 +99,20 @@
     private CertSelector certSelector;
 
     /**
-     * Creates an instance of <code>PKIXParameters</code> with the specified
-     * <code>Set</code> of most-trusted CAs. Each element of the
+     * Creates an instance of {@code PKIXParameters} with the specified
+     * {@code Set} of most-trusted CAs. Each element of the
      * set is a {@link TrustAnchor TrustAnchor}.
      * <p>
-     * Note that the <code>Set</code> is copied to protect against
+     * Note that the {@code Set} is copied to protect against
      * subsequent modifications.
      *
-     * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
+     * @param trustAnchors a {@code Set} of {@code TrustAnchor}s
      * @throws InvalidAlgorithmParameterException if the specified
-     * <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code>
-     * @throws NullPointerException if the specified <code>Set</code> is
-     * <code>null</code>
-     * @throws ClassCastException if any of the elements in the <code>Set</code>
-     * are not of type <code>java.security.cert.TrustAnchor</code>
+     * {@code Set} is empty {@code (trustAnchors.isEmpty() == true)}
+     * @throws NullPointerException if the specified {@code Set} is
+     * {@code null}
+     * @throws ClassCastException if any of the elements in the {@code Set}
+     * are not of type {@code java.security.cert.TrustAnchor}
      */
     public PKIXParameters(Set<TrustAnchor> trustAnchors)
         throws InvalidAlgorithmParameterException
@@ -125,18 +125,18 @@
     }
 
     /**
-     * Creates an instance of <code>PKIXParameters</code> that
+     * Creates an instance of {@code PKIXParameters} that
      * populates the set of most-trusted CAs from the trusted
-     * certificate entries contained in the specified <code>KeyStore</code>.
-     * Only keystore entries that contain trusted <code>X509Certificates</code>
+     * certificate entries contained in the specified {@code KeyStore}.
+     * Only keystore entries that contain trusted {@code X509Certificates}
      * are considered; all other certificate types are ignored.
      *
-     * @param keystore a <code>KeyStore</code> from which the set of
+     * @param keystore a {@code KeyStore} from which the set of
      * most-trusted CAs will be populated
      * @throws KeyStoreException if the keystore has not been initialized
      * @throws InvalidAlgorithmParameterException if the keystore does
      * not contain at least one trusted certificate entry
-     * @throws NullPointerException if the keystore is <code>null</code>
+     * @throws NullPointerException if the keystore is {@code null}
      */
     public PKIXParameters(KeyStore keystore)
         throws KeyStoreException, InvalidAlgorithmParameterException
@@ -161,11 +161,11 @@
     }
 
     /**
-     * Returns an immutable <code>Set</code> of the most-trusted
+     * Returns an immutable {@code Set} of the most-trusted
      * CAs.
      *
-     * @return an immutable <code>Set</code> of <code>TrustAnchor</code>s
-     * (never <code>null</code>)
+     * @return an immutable {@code Set} of {@code TrustAnchor}s
+     * (never {@code null})
      *
      * @see #setTrustAnchors
      */
@@ -174,18 +174,18 @@
     }
 
     /**
-     * Sets the <code>Set</code> of most-trusted CAs.
+     * Sets the {@code Set} of most-trusted CAs.
      * <p>
-     * Note that the <code>Set</code> is copied to protect against
+     * Note that the {@code Set} is copied to protect against
      * subsequent modifications.
      *
-     * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
+     * @param trustAnchors a {@code Set} of {@code TrustAnchor}s
      * @throws InvalidAlgorithmParameterException if the specified
-     * <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code>
-     * @throws NullPointerException if the specified <code>Set</code> is
-     * <code>null</code>
+     * {@code Set} is empty {@code (trustAnchors.isEmpty() == true)}
+     * @throws NullPointerException if the specified {@code Set} is
+     * {@code null}
      * @throws ClassCastException if any of the elements in the set
-     * are not of type <code>java.security.cert.TrustAnchor</code>
+     * are not of type {@code java.security.cert.TrustAnchor}
      *
      * @see #getTrustAnchors
      */
@@ -211,16 +211,16 @@
     }
 
     /**
-     * Returns an immutable <code>Set</code> of initial
+     * Returns an immutable {@code Set} of initial
      * policy identifiers (OID strings), indicating that any one of these
      * policies would be acceptable to the certificate user for the purposes of
      * certification path processing. The default return value is an empty
-     * <code>Set</code>, which is interpreted as meaning that any policy would
+     * {@code Set}, which is interpreted as meaning that any policy would
      * be acceptable.
      *
-     * @return an immutable <code>Set</code> of initial policy OIDs in
-     * <code>String</code> format, or an empty <code>Set</code> (implying any
-     * policy is acceptable). Never returns <code>null</code>.
+     * @return an immutable {@code Set} of initial policy OIDs in
+     * {@code String} format, or an empty {@code Set} (implying any
+     * policy is acceptable). Never returns {@code null}.
      *
      * @see #setInitialPolicies
      */
@@ -229,21 +229,21 @@
     }
 
     /**
-     * Sets the <code>Set</code> of initial policy identifiers
+     * Sets the {@code Set} of initial policy identifiers
      * (OID strings), indicating that any one of these
      * policies would be acceptable to the certificate user for the purposes of
      * certification path processing. By default, any policy is acceptable
      * (i.e. all policies), so a user that wants to allow any policy as
      * acceptable does not need to call this method, or can call it
-     * with an empty <code>Set</code> (or <code>null</code>).
+     * with an empty {@code Set} (or {@code null}).
      * <p>
-     * Note that the <code>Set</code> is copied to protect against
+     * Note that the {@code Set} is copied to protect against
      * subsequent modifications.
      *
-     * @param initialPolicies a <code>Set</code> of initial policy
-     * OIDs in <code>String</code> format (or <code>null</code>)
+     * @param initialPolicies a {@code Set} of initial policy
+     * OIDs in {@code String} format (or {@code null})
      * @throws ClassCastException if any of the elements in the set are
-     * not of type <code>String</code>
+     * not of type {@code String}
      *
      * @see #getInitialPolicies
      */
@@ -262,19 +262,19 @@
     }
 
     /**
-     * Sets the list of <code>CertStore</code>s to be used in finding
-     * certificates and CRLs. May be <code>null</code>, in which case
-     * no <code>CertStore</code>s will be used. The first
-     * <code>CertStore</code>s in the list may be preferred to those that
+     * Sets the list of {@code CertStore}s to be used in finding
+     * certificates and CRLs. May be {@code null}, in which case
+     * no {@code CertStore}s will be used. The first
+     * {@code CertStore}s in the list may be preferred to those that
      * appear later.
      * <p>
-     * Note that the <code>List</code> is copied to protect against
+     * Note that the {@code List} is copied to protect against
      * subsequent modifications.
      *
-     * @param stores a <code>List</code> of <code>CertStore</code>s (or
-     * <code>null</code>)
+     * @param stores a {@code List} of {@code CertStore}s (or
+     * {@code null})
      * @throws ClassCastException if any of the elements in the list are
-     * not of type <code>java.security.cert.CertStore</code>
+     * not of type {@code java.security.cert.CertStore}
      *
      * @see #getCertStores
      */
@@ -293,10 +293,10 @@
     }
 
     /**
-     * Adds a <code>CertStore</code> to the end of the list of
-     * <code>CertStore</code>s used in finding certificates and CRLs.
+     * Adds a {@code CertStore} to the end of the list of
+     * {@code CertStore}s used in finding certificates and CRLs.
      *
-     * @param store the <code>CertStore</code> to add. If <code>null</code>,
+     * @param store the {@code CertStore} to add. If {@code null},
      * the store is ignored (not added to list).
      */
     public void addCertStore(CertStore store) {
@@ -306,11 +306,11 @@
     }
 
     /**
-     * Returns an immutable <code>List</code> of <code>CertStore</code>s that
+     * Returns an immutable {@code List} of {@code CertStore}s that
      * are used to find certificates and CRLs.
      *
-     * @return an immutable <code>List</code> of <code>CertStore</code>s
-     * (may be empty, but never <code>null</code>)
+     * @return an immutable {@code List} of {@code CertStore}s
+     * (may be empty, but never {@code null})
      *
      * @see #setCertStores
      */
@@ -325,7 +325,7 @@
      * will be used. If this flag is false, the default revocation checking
      * mechanism will be disabled (not used).
      * <p>
-     * When a <code>PKIXParameters</code> object is created, this flag is set
+     * When a {@code PKIXParameters} object is created, this flag is set
      * to true. This setting reflects the most common strategy for checking
      * revocation, since each service provider must support revocation
      * checking to be PKIX compliant. Sophisticated applications should set
@@ -360,8 +360,8 @@
      * acceptable policy needs to be explicitly identified in every certificate.
      * By default, the ExplicitPolicyRequired flag is false.
      *
-     * @param val <code>true</code> if explicit policy is to be required,
-     * <code>false</code> otherwise
+     * @param val {@code true} if explicit policy is to be required,
+     * {@code false} otherwise
      */
     public void setExplicitPolicyRequired(boolean val) {
         explicitPolicyRequired = val;
@@ -372,8 +372,8 @@
      * acceptable policy needs to be explicitly identified in every certificate.
      * By default, the ExplicitPolicyRequired flag is false.
      *
-     * @return <code>true</code> if explicit policy is required,
-     * <code>false</code> otherwise
+     * @return {@code true} if explicit policy is required,
+     * {@code false} otherwise
      */
     public boolean isExplicitPolicyRequired() {
         return explicitPolicyRequired;
@@ -384,8 +384,8 @@
      * mapping is inhibited. By default, policy mapping is not inhibited (the
      * flag is false).
      *
-     * @param val <code>true</code> if policy mapping is to be inhibited,
-     * <code>false</code> otherwise
+     * @param val {@code true} if policy mapping is to be inhibited,
+     * {@code false} otherwise
      */
     public void setPolicyMappingInhibited(boolean val) {
         policyMappingInhibited = val;
@@ -406,10 +406,10 @@
      * Sets state to determine if the any policy OID should be processed
      * if it is included in a certificate. By default, the any policy OID
      * is not inhibited ({@link #isAnyPolicyInhibited isAnyPolicyInhibited()}
-     * returns <code>false</code>).
+     * returns {@code false}).
      *
-     * @param val <code>true</code> if the any policy OID is to be
-     * inhibited, <code>false</code> otherwise
+     * @param val {@code true} if the any policy OID is to be
+     * inhibited, {@code false} otherwise
      */
     public void setAnyPolicyInhibited(boolean val) {
         anyPolicyInhibited = val;
@@ -419,8 +419,8 @@
      * Checks whether the any policy OID should be processed if it
      * is included in a certificate.
      *
-     * @return <code>true</code> if the any policy OID is inhibited,
-     * <code>false</code> otherwise
+     * @return {@code true} if the any policy OID is inhibited,
+     * {@code false} otherwise
      */
     public boolean isAnyPolicyInhibited() {
         return anyPolicyInhibited;
@@ -432,7 +432,7 @@
      * policies extension that is marked critical are rejected.
      * If the flag is false, certificates are not rejected on this basis.
      *
-     * <p> When a <code>PKIXParameters</code> object is created, this flag is
+     * <p> When a {@code PKIXParameters} object is created, this flag is
      * set to true. This setting reflects the most common (and simplest)
      * strategy for processing policy qualifiers. Applications that want to use
      * a more sophisticated policy must set this flag to false.
@@ -459,7 +459,7 @@
      * extension that is marked critical are rejected.
      * If the flag is false, certificates are not rejected on this basis.
      *
-     * <p> When a <code>PKIXParameters</code> object is created, this flag is
+     * <p> When a {@code PKIXParameters} object is created, this flag is
      * set to true. This setting reflects the most common (and simplest)
      * strategy for processing policy qualifiers. Applications that want to use
      * a more sophisticated policy must set this flag to false.
@@ -473,12 +473,12 @@
 
     /**
      * Returns the time for which the validity of the certification path
-     * should be determined. If <code>null</code>, the current time is used.
+     * should be determined. If {@code null}, the current time is used.
      * <p>
-     * Note that the <code>Date</code> returned is copied to protect against
+     * Note that the {@code Date} returned is copied to protect against
      * subsequent modifications.
      *
-     * @return the <code>Date</code>, or <code>null</code> if not set
+     * @return the {@code Date}, or {@code null} if not set
      * @see #setDate
      */
     public Date getDate() {
@@ -490,12 +490,12 @@
 
     /**
      * Sets the time for which the validity of the certification path
-     * should be determined. If <code>null</code>, the current time is used.
+     * should be determined. If {@code null}, the current time is used.
      * <p>
-     * Note that the <code>Date</code> supplied here is copied to protect
+     * Note that the {@code Date} supplied here is copied to protect
      * against subsequent modifications.
      *
-     * @param date the <code>Date</code>, or <code>null</code> for the
+     * @param date the {@code Date}, or {@code null} for the
      * current time
      * @see #getDate
      */
@@ -507,39 +507,39 @@
     }
 
     /**
-     * Sets a <code>List</code> of additional certification path checkers. If
-     * the specified <code>List</code> contains an object that is not a
-     * <code>PKIXCertPathChecker</code>, it is ignored.
+     * Sets a {@code List} of additional certification path checkers. If
+     * the specified {@code List} contains an object that is not a
+     * {@code PKIXCertPathChecker}, it is ignored.
      * <p>
-     * Each <code>PKIXCertPathChecker</code> specified implements
+     * Each {@code PKIXCertPathChecker} specified implements
      * additional checks on a certificate. Typically, these are checks to
      * process and verify private extensions contained in certificates.
-     * Each <code>PKIXCertPathChecker</code> should be instantiated with any
+     * Each {@code PKIXCertPathChecker} should be instantiated with any
      * initialization parameters needed to execute the check.
      * <p>
      * This method allows sophisticated applications to extend a PKIX
-     * <code>CertPathValidator</code> or <code>CertPathBuilder</code>.
-     * Each of the specified <code>PKIXCertPathChecker</code>s will be called,
-     * in turn, by a PKIX <code>CertPathValidator</code> or
-     * <code>CertPathBuilder</code> for each certificate processed or
+     * {@code CertPathValidator} or {@code CertPathBuilder}.
+     * Each of the specified {@code PKIXCertPathChecker}s will be called,
+     * in turn, by a PKIX {@code CertPathValidator} or
+     * {@code CertPathBuilder} for each certificate processed or
      * validated.
      * <p>
-     * Regardless of whether these additional <code>PKIXCertPathChecker</code>s
-     * are set, a PKIX <code>CertPathValidator</code> or
-     * <code>CertPathBuilder</code> must perform all of the required PKIX
+     * Regardless of whether these additional {@code PKIXCertPathChecker}s
+     * are set, a PKIX {@code CertPathValidator} or
+     * {@code CertPathBuilder} must perform all of the required PKIX
      * checks on each certificate. The one exception to this rule is if the
      * RevocationEnabled flag is set to false (see the {@link
      * #setRevocationEnabled setRevocationEnabled} method).
      * <p>
-     * Note that the <code>List</code> supplied here is copied and each
-     * <code>PKIXCertPathChecker</code> in the list is cloned to protect
+     * Note that the {@code List} supplied here is copied and each
+     * {@code PKIXCertPathChecker} in the list is cloned to protect
      * against subsequent modifications.
      *
-     * @param checkers a <code>List</code> of <code>PKIXCertPathChecker</code>s.
-     * May be <code>null</code>, in which case no additional checkers will be
+     * @param checkers a {@code List} of {@code PKIXCertPathChecker}s.
+     * May be {@code null}, in which case no additional checkers will be
      * used.
      * @throws ClassCastException if any of the elements in the list
-     * are not of type <code>java.security.cert.PKIXCertPathChecker</code>
+     * are not of type {@code java.security.cert.PKIXCertPathChecker}
      * @see #getCertPathCheckers
      */
     public void setCertPathCheckers(List<PKIXCertPathChecker> checkers) {
@@ -556,14 +556,14 @@
     }
 
     /**
-     * Returns the <code>List</code> of certification path checkers.
-     * The returned <code>List</code> is immutable, and each
-     * <code>PKIXCertPathChecker</code> in the <code>List</code> is cloned
+     * Returns the {@code List} of certification path checkers.
+     * The returned {@code List} is immutable, and each
+     * {@code PKIXCertPathChecker} in the {@code List} is cloned
      * to protect against subsequent modifications.
      *
-     * @return an immutable <code>List</code> of
-     * <code>PKIXCertPathChecker</code>s (may be empty, but not
-     * <code>null</code>)
+     * @return an immutable {@code List} of
+     * {@code PKIXCertPathChecker}s (may be empty, but not
+     * {@code null})
      * @see #setCertPathCheckers
      */
     public List<PKIXCertPathChecker> getCertPathCheckers() {
@@ -575,15 +575,15 @@
     }
 
     /**
-     * Adds a <code>PKIXCertPathChecker</code> to the list of certification
+     * Adds a {@code PKIXCertPathChecker} to the list of certification
      * path checkers. See the {@link #setCertPathCheckers setCertPathCheckers}
      * method for more details.
      * <p>
-     * Note that the <code>PKIXCertPathChecker</code> is cloned to protect
+     * Note that the {@code PKIXCertPathChecker} is cloned to protect
      * against subsequent modifications.
      *
-     * @param checker a <code>PKIXCertPathChecker</code> to add to the list of
-     * checks. If <code>null</code>, the checker is ignored (not added to list).
+     * @param checker a {@code PKIXCertPathChecker} to add to the list of
+     * checks. If {@code null}, the checker is ignored (not added to list).
      */
     public void addCertPathChecker(PKIXCertPathChecker checker) {
         if (checker != null) {
@@ -592,10 +592,10 @@
     }
 
     /**
-     * Returns the signature provider's name, or <code>null</code>
+     * Returns the signature provider's name, or {@code null}
      * if not set.
      *
-     * @return the signature provider's name (or <code>null</code>)
+     * @return the signature provider's name (or {@code null})
      * @see #setSigProvider
      */
     public String getSigProvider() {
@@ -605,10 +605,10 @@
     /**
      * Sets the signature provider's name. The specified provider will be
      * preferred when creating {@link java.security.Signature Signature}
-     * objects. If <code>null</code> or not set, the first provider found
+     * objects. If {@code null} or not set, the first provider found
      * supporting the algorithm will be used.
      *
-     * @param sigProvider the signature provider's name (or <code>null</code>)
+     * @param sigProvider the signature provider's name (or {@code null})
      * @see #getSigProvider
     */
     public void setSigProvider(String sigProvider) {
@@ -617,14 +617,14 @@
 
     /**
      * Returns the required constraints on the target certificate.
-     * The constraints are returned as an instance of <code>CertSelector</code>.
-     * If <code>null</code>, no constraints are defined.
+     * The constraints are returned as an instance of {@code CertSelector}.
+     * If {@code null}, no constraints are defined.
      *
-     * <p>Note that the <code>CertSelector</code> returned is cloned
+     * <p>Note that the {@code CertSelector} returned is cloned
      * to protect against subsequent modifications.
      *
-     * @return a <code>CertSelector</code> specifying the constraints
-     * on the target certificate (or <code>null</code>)
+     * @return a {@code CertSelector} specifying the constraints
+     * on the target certificate (or {@code null})
      * @see #setTargetCertConstraints
      */
     public CertSelector getTargetCertConstraints() {
@@ -638,14 +638,14 @@
     /**
      * Sets the required constraints on the target certificate.
      * The constraints are specified as an instance of
-     * <code>CertSelector</code>. If <code>null</code>, no constraints are
+     * {@code CertSelector}. If {@code null}, no constraints are
      * defined.
      *
-     * <p>Note that the <code>CertSelector</code> specified is cloned
+     * <p>Note that the {@code CertSelector} specified is cloned
      * to protect against subsequent modifications.
      *
-     * @param selector a <code>CertSelector</code> specifying the constraints
-     * on the target certificate (or <code>null</code>)
+     * @param selector a {@code CertSelector} specifying the constraints
+     * on the target certificate (or {@code null})
      * @see #getTargetCertConstraints
      */
     public void setTargetCertConstraints(CertSelector selector) {
@@ -656,10 +656,10 @@
     }
 
     /**
-     * Makes a copy of this <code>PKIXParameters</code> object. Changes
+     * Makes a copy of this {@code PKIXParameters} object. Changes
      * to the copy will not affect the original and vice versa.
      *
-     * @return a copy of this <code>PKIXParameters</code> object
+     * @return a copy of this {@code PKIXParameters} object
      */
     public Object clone() {
         try {
--- a/src/share/classes/java/security/cert/PKIXReason.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PKIXReason.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,10 +26,10 @@
 package java.security.cert;
 
 /**
- * The <code>PKIXReason</code> enumerates the potential PKIX-specific reasons
+ * The {@code PKIXReason} enumerates the potential PKIX-specific reasons
  * that an X.509 certification path may be invalid according to the PKIX
  * (RFC 3280) standard. These reasons are in addition to those of the
- * <code>CertPathValidatorException.BasicReason</code> enumeration.
+ * {@code CertPathValidatorException.BasicReason} enumeration.
  *
  * @since 1.7
  */
--- a/src/share/classes/java/security/cert/PolicyNode.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PolicyNode.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,7 @@
  *
  * <p>Most applications will not need to examine the valid policy tree.
  * They can achieve their policy processing goals by setting the
- * policy-related parameters in <code>PKIXParameters</code>. However,
+ * policy-related parameters in {@code PKIXParameters}. However,
  * the valid policy tree is available for more sophisticated applications,
  * especially those that process policy qualifiers.
  *
@@ -50,12 +50,12 @@
  * valid policy tree. The tree can be traversed using the
  * {@link #getChildren getChildren} and {@link #getParent getParent} methods.
  * Data about a particular node can be retrieved using other methods of
- * <code>PolicyNode</code>.
+ * {@code PolicyNode}.
  *
  * <p><b>Concurrent Access</b>
- * <p>All <code>PolicyNode</code> objects must be immutable and
+ * <p>All {@code PolicyNode} objects must be immutable and
  * thread-safe. Multiple threads may concurrently invoke the methods defined
- * in this class on a single <code>PolicyNode</code> object (or more than one)
+ * in this class on a single {@code PolicyNode} object (or more than one)
  * with no ill effects. This stipulation applies to all public fields and
  * methods of this class and any added or overridden by subclasses.
  *
@@ -65,10 +65,10 @@
 public interface PolicyNode {
 
     /**
-     * Returns the parent of this node, or <code>null</code> if this is the
+     * Returns the parent of this node, or {@code null} if this is the
      * root node.
      *
-     * @return the parent of this node, or <code>null</code> if this is the
+     * @return the parent of this node, or {@code null} if this is the
      * root node
      */
     PolicyNode getParent();
@@ -76,8 +76,8 @@
     /**
      * Returns an iterator over the children of this node. Any attempts to
      * modify the children of this node through the
-     * <code>Iterator</code>'s remove method must throw an
-     * <code>UnsupportedOperationException</code>.
+     * {@code Iterator}'s remove method must throw an
+     * {@code UnsupportedOperationException}.
      *
      * @return an iterator over the children of this node
      */
@@ -94,7 +94,7 @@
     /**
      * Returns the valid policy represented by this node.
      *
-     * @return the <code>String</code> OID of the valid policy
+     * @return the {@code String} OID of the valid policy
      * represented by this node. For the root node, this method always returns
      * the special anyPolicy OID: "2.5.29.32.0".
      */
@@ -104,9 +104,9 @@
      * Returns the set of policy qualifiers associated with the
      * valid policy represented by this node.
      *
-     * @return an immutable <code>Set</code> of
-     * <code>PolicyQualifierInfo</code>s. For the root node, this
-     * is always an empty <code>Set</code>.
+     * @return an immutable {@code Set} of
+     * {@code PolicyQualifierInfo}s. For the root node, this
+     * is always an empty {@code Set}.
      */
     Set<? extends PolicyQualifierInfo> getPolicyQualifiers();
 
@@ -114,9 +114,9 @@
      * Returns the set of expected policies that would satisfy this
      * node's valid policy in the next certificate to be processed.
      *
-     * @return an immutable <code>Set</code> of expected policy
-     * <code>String</code> OIDs. For the root node, this method
-     * always returns a <code>Set</code> with one element, the
+     * @return an immutable {@code Set} of expected policy
+     * {@code String} OIDs. For the root node, this method
+     * always returns a {@code Set} with one element, the
      * special anyPolicy OID: "2.5.29.32.0".
      */
     Set<String> getExpectedPolicies();
@@ -125,8 +125,8 @@
      * Returns the criticality indicator of the certificate policy extension
      * in the most recently processed certificate.
      *
-     * @return <code>true</code> if extension marked critical,
-     * <code>false</code> otherwise. For the root node, <code>false</code>
+     * @return {@code true} if extension marked critical,
+     * {@code false} otherwise. For the root node, {@code false}
      * is always returned.
      */
     boolean isCritical();
--- a/src/share/classes/java/security/cert/PolicyQualifierInfo.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/PolicyQualifierInfo.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,12 +50,12 @@
  * policy information terms limit the set of policies for certification paths
  * which include this certificate.
  * <p>
- * A <code>Set</code> of <code>PolicyQualifierInfo</code> objects are returned
+ * A {@code Set} of {@code PolicyQualifierInfo} objects are returned
  * by the {@link PolicyNode#getPolicyQualifiers PolicyNode.getPolicyQualifiers}
  * method. This allows applications with specific policy requirements to
  * process and validate each policy qualifier. Applications that need to
  * process policy qualifiers should explicitly set the
- * <code>policyQualifiersRejected</code> flag to false (by calling the
+ * {@code policyQualifiersRejected} flag to false (by calling the
  * {@link PKIXParameters#setPolicyQualifiersRejected
  * PKIXParameters.setPolicyQualifiersRejected} method) before validating
  * a certification path.
@@ -64,17 +64,17 @@
  * that any policy qualifier in a certificate policies extension that is
  * marked critical must be processed and validated. Otherwise the
  * certification path must be rejected. If the
- * <code>policyQualifiersRejected</code> flag is set to false, it is up to
+ * {@code policyQualifiersRejected} flag is set to false, it is up to
  * the application to validate all policy qualifiers in this manner in order
  * to be PKIX compliant.
  *
  * <p><b>Concurrent Access</b>
  *
- * <p>All <code>PolicyQualifierInfo</code> objects must be immutable and
+ * <p>All {@code PolicyQualifierInfo} objects must be immutable and
  * thread-safe. That is, multiple threads may concurrently invoke the
- * methods defined in this class on a single <code>PolicyQualifierInfo</code>
+ * methods defined in this class on a single {@code PolicyQualifierInfo}
  * object (or more than one) with no ill effects. Requiring
- * <code>PolicyQualifierInfo</code> objects to be immutable and thread-safe
+ * {@code PolicyQualifierInfo} objects to be immutable and thread-safe
  * allows them to be passed around to various pieces of code without
  * worrying about coordinating access.
  *
@@ -90,7 +90,7 @@
     private String pqiString;
 
     /**
-     * Creates an instance of <code>PolicyQualifierInfo</code> from the
+     * Creates an instance of {@code PolicyQualifierInfo} from the
      * encoded bytes. The encoded byte array is copied on construction.
      *
      * @param encoded a byte array containing the qualifier in DER encoding
@@ -115,12 +115,12 @@
     }
 
     /**
-     * Returns the <code>policyQualifierId</code> field of this
-     * <code>PolicyQualifierInfo</code>. The <code>policyQualifierId</code>
+     * Returns the {@code policyQualifierId} field of this
+     * {@code PolicyQualifierInfo}. The {@code policyQualifierId}
      * is an Object Identifier (OID) represented by a set of nonnegative
      * integers separated by periods.
      *
-     * @return the OID (never <code>null</code>)
+     * @return the OID (never {@code null})
      */
     public final String getPolicyQualifierId() {
         return mId;
@@ -128,9 +128,9 @@
 
     /**
      * Returns the ASN.1 DER encoded form of this
-     * <code>PolicyQualifierInfo</code>.
+     * {@code PolicyQualifierInfo}.
      *
-     * @return the ASN.1 DER encoded bytes (never <code>null</code>).
+     * @return the ASN.1 DER encoded bytes (never {@code null}).
      * Note that a copy is returned, so the data is cloned each time
      * this method is called.
      */
@@ -139,10 +139,10 @@
     }
 
     /**
-     * Returns the ASN.1 DER encoded form of the <code>qualifier</code>
-     * field of this <code>PolicyQualifierInfo</code>.
+     * Returns the ASN.1 DER encoded form of the {@code qualifier}
+     * field of this {@code PolicyQualifierInfo}.
      *
-     * @return the ASN.1 DER encoded bytes of the <code>qualifier</code>
+     * @return the ASN.1 DER encoded bytes of the {@code qualifier}
      * field. Note that a copy is returned, so the data is cloned each
      * time this method is called.
      */
@@ -152,10 +152,10 @@
 
     /**
      * Return a printable representation of this
-     * <code>PolicyQualifierInfo</code>.
+     * {@code PolicyQualifierInfo}.
      *
-     * @return a <code>String</code> describing the contents of this
-     *         <code>PolicyQualifierInfo</code>
+     * @return a {@code String} describing the contents of this
+     *         {@code PolicyQualifierInfo}
      */
     public String toString() {
         if (pqiString != null)
--- a/src/share/classes/java/security/cert/TrustAnchor.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/TrustAnchor.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,16 +40,16 @@
  * for validating X.509 certification paths. A most-trusted CA includes the
  * public key of the CA, the CA's name, and any constraints upon the set of
  * paths which may be validated using this key. These parameters can be
- * specified in the form of a trusted <code>X509Certificate</code> or as
+ * specified in the form of a trusted {@code X509Certificate} or as
  * individual parameters.
  * <p>
  * <b>Concurrent Access</b>
  * <p>
- * <p>All <code>TrustAnchor</code> objects must be immutable and
+ * <p>All {@code TrustAnchor} objects must be immutable and
  * thread-safe. That is, multiple threads may concurrently invoke the
- * methods defined in this class on a single <code>TrustAnchor</code>
+ * methods defined in this class on a single {@code TrustAnchor}
  * object (or more than one) with no ill effects. Requiring
- * <code>TrustAnchor</code> objects to be immutable and thread-safe
+ * {@code TrustAnchor} objects to be immutable and thread-safe
  * allows them to be passed around to various pieces of code without
  * worrying about coordinating access. This stipulation applies to all
  * public fields and methods of this class and any added or overridden
@@ -71,8 +71,8 @@
     private NameConstraintsExtension nc;
 
     /**
-     * Creates an instance of <code>TrustAnchor</code> with the specified
-     * <code>X509Certificate</code> and optional name constraints, which
+     * Creates an instance of {@code TrustAnchor} with the specified
+     * {@code X509Certificate} and optional name constraints, which
      * are intended to be used as additional constraints when validating
      * an X.509 certification path.
      * <p>
@@ -82,7 +82,7 @@
      * <a href="http://www.ietf.org/rfc/rfc3280">RFC 3280</a>
      * and X.509. The ASN.1 definition of this structure appears below.
      *
-     * <pre><code>
+     * <pre>{@code
      *  NameConstraints ::= SEQUENCE {
      *       permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
      *       excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
@@ -106,20 +106,20 @@
      *       uniformResourceIdentifier       [6]     IA5String,
      *       iPAddress                       [7]     OCTET STRING,
      *       registeredID                    [8]     OBJECT IDENTIFIER}
-     * </code></pre>
+     * }</pre>
      * <p>
      * Note that the name constraints byte array supplied is cloned to protect
      * against subsequent modifications.
      *
-     * @param trustedCert a trusted <code>X509Certificate</code>
+     * @param trustedCert a trusted {@code X509Certificate}
      * @param nameConstraints a byte array containing the ASN.1 DER encoding of
      * a NameConstraints extension to be used for checking name constraints.
      * Only the value of the extension is included, not the OID or criticality
-     * flag. Specify <code>null</code> to omit the parameter.
+     * flag. Specify {@code null} to omit the parameter.
      * @throws IllegalArgumentException if the name constraints cannot be
      * decoded
      * @throws NullPointerException if the specified
-     * <code>X509Certificate</code> is <code>null</code>
+     * {@code X509Certificate} is {@code null}
      */
     public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
     {
@@ -134,7 +134,7 @@
     }
 
     /**
-     * Creates an instance of <code>TrustAnchor</code> where the
+     * Creates an instance of {@code TrustAnchor} where the
      * most-trusted CA is specified as an X500Principal and public key.
      * Name constraints are an optional parameter, and are intended to be used
      * as additional constraints when validating an X.509 certification path.
@@ -155,9 +155,9 @@
      * @param nameConstraints a byte array containing the ASN.1 DER encoding of
      * a NameConstraints extension to be used for checking name constraints.
      * Only the value of the extension is included, not the OID or criticality
-     * flag. Specify <code>null</code> to omit the parameter.
-     * @throws NullPointerException if the specified <code>caPrincipal</code> or
-     * <code>pubKey</code> parameter is <code>null</code>
+     * flag. Specify {@code null} to omit the parameter.
+     * @throws NullPointerException if the specified {@code caPrincipal} or
+     * {@code pubKey} parameter is {@code null}
      * @since 1.5
      */
     public TrustAnchor(X500Principal caPrincipal, PublicKey pubKey,
@@ -173,7 +173,7 @@
     }
 
     /**
-     * Creates an instance of <code>TrustAnchor</code> where the
+     * Creates an instance of {@code TrustAnchor} where the
      * most-trusted CA is specified as a distinguished name and public key.
      * Name constraints are an optional parameter, and are intended to be used
      * as additional constraints when validating an X.509 certification path.
@@ -191,17 +191,17 @@
      *
      * @param caName the X.500 distinguished name of the most-trusted CA in
      * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
-     * <code>String</code> format
+     * {@code String} format
      * @param pubKey the public key of the most-trusted CA
      * @param nameConstraints a byte array containing the ASN.1 DER encoding of
      * a NameConstraints extension to be used for checking name constraints.
      * Only the value of the extension is included, not the OID or criticality
-     * flag. Specify <code>null</code> to omit the parameter.
-     * @throws IllegalArgumentException if the specified <code>
-     * caName</code> parameter is empty <code>(caName.length() == 0)</code>
+     * flag. Specify {@code null} to omit the parameter.
+     * @throws IllegalArgumentException if the specified
+     * {@code caName} parameter is empty {@code (caName.length() == 0)}
      * or incorrectly formatted or the name constraints cannot be decoded
-     * @throws NullPointerException if the specified <code>caName</code> or
-     * <code>pubKey</code> parameter is <code>null</code>
+     * @throws NullPointerException if the specified {@code caName} or
+     * {@code pubKey} parameter is {@code null}
      */
     public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
     {
@@ -225,7 +225,7 @@
     /**
      * Returns the most-trusted CA certificate.
      *
-     * @return a trusted <code>X509Certificate</code> or <code>null</code>
+     * @return a trusted {@code X509Certificate} or {@code null}
      * if the trust anchor was not specified as a trusted certificate
      */
     public final X509Certificate getTrustedCert() {
@@ -236,7 +236,7 @@
      * Returns the name of the most-trusted CA as an X500Principal.
      *
      * @return the X.500 distinguished name of the most-trusted CA, or
-     * <code>null</code> if the trust anchor was not specified as a trusted
+     * {@code null} if the trust anchor was not specified as a trusted
      * public key and name or X500Principal pair
      * @since 1.5
      */
@@ -245,11 +245,11 @@
     }
 
     /**
-     * Returns the name of the most-trusted CA in RFC 2253 <code>String</code>
+     * Returns the name of the most-trusted CA in RFC 2253 {@code String}
      * format.
      *
      * @return the X.500 distinguished name of the most-trusted CA, or
-     * <code>null</code> if the trust anchor was not specified as a trusted
+     * {@code null} if the trust anchor was not specified as a trusted
      * public key and name or X500Principal pair
      */
     public final String getCAName() {
@@ -259,7 +259,7 @@
     /**
      * Returns the public key of the most-trusted CA.
      *
-     * @return the public key of the most-trusted CA, or <code>null</code>
+     * @return the public key of the most-trusted CA, or {@code null}
      * if the trust anchor was not specified as a trusted public key and name
      * or X500Principal pair
      */
@@ -306,16 +306,16 @@
      *
      * @return a byte array containing the ASN.1 DER encoding of
      *         a NameConstraints extension used for checking name constraints,
-     *         or <code>null</code> if not set.
+     *         or {@code null} if not set.
      */
     public final byte [] getNameConstraints() {
         return ncBytes == null ? null : ncBytes.clone();
     }
 
     /**
-     * Returns a formatted string describing the <code>TrustAnchor</code>.
+     * Returns a formatted string describing the {@code TrustAnchor}.
      *
-     * @return a formatted string describing the <code>TrustAnchor</code>
+     * @return a formatted string describing the {@code TrustAnchor}
      */
     public String toString() {
         StringBuffer sb = new StringBuffer();
--- a/src/share/classes/java/security/cert/X509CRL.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/X509CRL.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -71,7 +71,7 @@
  * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
  * Public Key Infrastructure Certificate and CRL Profile</a>.
  * <p>
- * The ASN.1 definition of <code>tbsCertList</code> is:
+ * The ASN.1 definition of {@code tbsCertList} is:
  * <pre>
  * TBSCertList  ::=  SEQUENCE  {
  *     version                 Version OPTIONAL,
@@ -93,12 +93,12 @@
  * <p>
  * CRLs are instantiated using a certificate factory. The following is an
  * example of how to instantiate an X.509 CRL:
- * <pre><code>
+ * <pre>{@code
  * try (InputStream inStream = new FileInputStream("fileName-of-crl")) {
  *     CertificateFactory cf = CertificateFactory.getInstance("X.509");
  *     X509CRL crl = (X509CRL)cf.generateCRL(inStream);
  * }
- * </code></pre>
+ * }</pre>
  *
  * @author Hemma Prafullchandra
  *
@@ -121,8 +121,8 @@
 
     /**
      * Compares this CRL for equality with the given
-     * object. If the <code>other</code> object is an
-     * <code>instanceof</code> <code>X509CRL</code>, then
+     * object. If the {@code other} object is an
+     * {@code instanceof} {@code X509CRL}, then
      * its encoded form is retrieved and compared with the
      * encoded form of this CRL.
      *
@@ -216,7 +216,7 @@
         SignatureException;
 
     /**
-     * Gets the <code>version</code> (version number) value from the CRL.
+     * Gets the {@code version} (version number) value from the CRL.
      * The ASN.1 definition for this is:
      * <pre>
      * version    Version OPTIONAL,
@@ -232,12 +232,12 @@
 
     /**
      * <strong>Denigrated</strong>, replaced by {@linkplain
-     * #getIssuerX500Principal()}. This method returns the <code>issuer</code>
+     * #getIssuerX500Principal()}. This method returns the {@code issuer}
      * as an implementation specific Principal object, which should not be
      * relied upon by portable code.
      *
      * <p>
-     * Gets the <code>issuer</code> (issuer distinguished name) value from
+     * Gets the {@code issuer} (issuer distinguished name) value from
      * the CRL. The issuer name identifies the entity that signed (and
      * issued) the CRL.
      *
@@ -258,14 +258,14 @@
      * AttributeType ::= OBJECT IDENTIFIER
      * AttributeValue ::= ANY
      * </pre>
-     * The <code>Name</code> describes a hierarchical name composed of
+     * The {@code Name} describes a hierarchical name composed of
      * attributes,
      * such as country name, and corresponding values, such as US.
-     * The type of the <code>AttributeValue</code> component is determined by
-     * the <code>AttributeType</code>; in general it will be a
-     * <code>directoryString</code>. A <code>directoryString</code> is usually
-     * one of <code>PrintableString</code>,
-     * <code>TeletexString</code> or <code>UniversalString</code>.
+     * The type of the {@code AttributeValue} component is determined by
+     * the {@code AttributeType}; in general it will be a
+     * {@code directoryString}. A {@code directoryString} is usually
+     * one of {@code PrintableString},
+     * {@code TeletexString} or {@code UniversalString}.
      *
      * @return a Principal whose name is the issuer distinguished name.
      */
@@ -273,11 +273,11 @@
 
     /**
      * Returns the issuer (issuer distinguished name) value from the
-     * CRL as an <code>X500Principal</code>.
+     * CRL as an {@code X500Principal}.
      * <p>
      * It is recommended that subclasses override this method.
      *
-     * @return an <code>X500Principal</code> representing the issuer
+     * @return an {@code X500Principal} representing the issuer
      *          distinguished name
      * @since 1.4
      */
@@ -289,7 +289,7 @@
     }
 
     /**
-     * Gets the <code>thisUpdate</code> date from the CRL.
+     * Gets the {@code thisUpdate} date from the CRL.
      * The ASN.1 definition for this is:
      * <pre>
      * thisUpdate   ChoiceOfTime
@@ -298,14 +298,14 @@
      *     generalTime    GeneralizedTime }
      * </pre>
      *
-     * @return the <code>thisUpdate</code> date from the CRL.
+     * @return the {@code thisUpdate} date from the CRL.
      */
     public abstract Date getThisUpdate();
 
     /**
-     * Gets the <code>nextUpdate</code> date from the CRL.
+     * Gets the {@code nextUpdate} date from the CRL.
      *
-     * @return the <code>nextUpdate</code> date from the CRL, or null if
+     * @return the {@code nextUpdate} date from the CRL, or null if
      * not present.
      */
     public abstract Date getNextUpdate();
@@ -359,7 +359,7 @@
 
     /**
      * Gets the DER-encoded CRL information, the
-     * <code>tbsCertList</code> from this CRL.
+     * {@code tbsCertList} from this CRL.
      * This can be used to verify the signature independently.
      *
      * @return the DER-encoded CRL information.
@@ -368,7 +368,7 @@
     public abstract byte[] getTBSCertList() throws CRLException;
 
     /**
-     * Gets the <code>signature</code> value (the raw signature bits) from
+     * Gets the {@code signature} value (the raw signature bits) from
      * the CRL.
      * The ASN.1 definition for this is:
      * <pre>
@@ -393,7 +393,7 @@
      *                             -- algorithm object identifier value
      * </pre>
      *
-     * <p>The algorithm name is determined from the <code>algorithm</code>
+     * <p>The algorithm name is determined from the {@code algorithm}
      * OID string.
      *
      * @return the signature algorithm name.
--- a/src/share/classes/java/security/cert/X509CRLEntry.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/X509CRLEntry.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,8 +68,8 @@
 
     /**
      * Compares this CRL entry for equality with the given
-     * object. If the <code>other</code> object is an
-     * <code>instanceof</code> <code>X509CRLEntry</code>, then
+     * object. If the {@code other} object is an
+     * {@code instanceof} {@code X509CRLEntry}, then
      * its encoded form (the inner SEQUENCE) is retrieved and compared
      * with the encoded form of this CRL entry.
      *
@@ -178,7 +178,7 @@
      * in the Reason Code extension of this CRL entry.
      *
      * @return the reason the certificate has been revoked, or
-     *    <code>null</code> if this CRL entry does not have
+     *    {@code null} if this CRL entry does not have
      *    a Reason Code extension
      * @since 1.7
      */
--- a/src/share/classes/java/security/cert/X509CRLSelector.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/X509CRLSelector.java	Tue Jan 24 00:54:36 2017 +0000
@@ -37,18 +37,18 @@
 import sun.security.x509.X500Name;
 
 /**
- * A <code>CRLSelector</code> that selects <code>X509CRLs</code> that
+ * A {@code CRLSelector} that selects {@code X509CRLs} that
  * match all specified criteria. This class is particularly useful when
- * selecting CRLs from a <code>CertStore</code> to check revocation status
+ * selecting CRLs from a {@code CertStore} to check revocation status
  * of a particular certificate.
  * <p>
- * When first constructed, an <code>X509CRLSelector</code> has no criteria
- * enabled and each of the <code>get</code> methods return a default
- * value (<code>null</code>). Therefore, the {@link #match match} method
- * would return <code>true</code> for any <code>X509CRL</code>. Typically,
+ * When first constructed, an {@code X509CRLSelector} has no criteria
+ * enabled and each of the {@code get} methods return a default
+ * value ({@code null}). Therefore, the {@link #match match} method
+ * would return {@code true} for any {@code X509CRL}. Typically,
  * several criteria are enabled (by calling {@link #setIssuers setIssuers}
  * or {@link #setDateAndTime setDateAndTime}, for instance) and then the
- * <code>X509CRLSelector</code> is passed to
+ * {@code X509CRLSelector} is passed to
  * {@link CertStore#getCRLs CertStore.getCRLs} or some similar
  * method.
  * <p>
@@ -86,35 +86,35 @@
     private long skew = 0;
 
     /**
-     * Creates an <code>X509CRLSelector</code>. Initially, no criteria are set
-     * so any <code>X509CRL</code> will match.
+     * Creates an {@code X509CRLSelector}. Initially, no criteria are set
+     * so any {@code X509CRL} will match.
      */
     public X509CRLSelector() {}
 
     /**
      * Sets the issuerNames criterion. The issuer distinguished name in the
-     * <code>X509CRL</code> must match at least one of the specified
-     * distinguished names. If <code>null</code>, any issuer distinguished name
+     * {@code X509CRL} must match at least one of the specified
+     * distinguished names. If {@code null}, any issuer distinguished name
      * will do.
      * <p>
      * This method allows the caller to specify, with a single method call,
-     * the complete set of issuer names which <code>X509CRLs</code> may contain.
+     * the complete set of issuer names which {@code X509CRLs} may contain.
      * The specified value replaces the previous value for the issuerNames
      * criterion.
      * <p>
-     * The <code>names</code> parameter (if not <code>null</code>) is a
-     * <code>Collection</code> of <code>X500Principal</code>s.
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} of {@code X500Principal}s.
      * <p>
-     * Note that the <code>names</code> parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * distinguished names, but they may be removed from the
-     * <code>Collection</code> of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getIssuers getIssuers} method.
      * <p>
-     * Note that a copy is performed on the <code>Collection</code> to
+     * Note that a copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param issuers a <code>Collection</code> of X500Principals
-     *   (or <code>null</code>)
+     * @param issuers a {@code Collection} of X500Principals
+     *   (or {@code null})
      * @see #getIssuers
      * @since 1.5
      */
@@ -138,31 +138,31 @@
      * this method. See {@link #addIssuerName(String)} for more information.
      * <p>
      * Sets the issuerNames criterion. The issuer distinguished name in the
-     * <code>X509CRL</code> must match at least one of the specified
-     * distinguished names. If <code>null</code>, any issuer distinguished name
+     * {@code X509CRL} must match at least one of the specified
+     * distinguished names. If {@code null}, any issuer distinguished name
      * will do.
      * <p>
      * This method allows the caller to specify, with a single method call,
-     * the complete set of issuer names which <code>X509CRLs</code> may contain.
+     * the complete set of issuer names which {@code X509CRLs} may contain.
      * The specified value replaces the previous value for the issuerNames
      * criterion.
      * <p>
-     * The <code>names</code> parameter (if not <code>null</code>) is a
-     * <code>Collection</code> of names. Each name is a <code>String</code>
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} of names. Each name is a {@code String}
      * or a byte array representing a distinguished name (in
      * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or
-     * ASN.1 DER encoded form, respectively). If <code>null</code> is supplied
+     * ASN.1 DER encoded form, respectively). If {@code null} is supplied
      * as the value for this argument, no issuerNames check will be performed.
      * <p>
-     * Note that the <code>names</code> parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * distinguished names, but they may be removed from the
-     * <code>Collection</code> of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getIssuerNames getIssuerNames} method.
      * <p>
      * If a name is specified as a byte array, it should contain a single DER
      * encoded distinguished name, as defined in X.501. The ASN.1 notation for
      * this structure is as follows.
-     * <pre><code>
+     * <pre>{@code
      * Name ::= CHOICE {
      *   RDNSequence }
      *
@@ -185,12 +185,12 @@
      *       universalString         UniversalString (SIZE (1..MAX)),
      *       utf8String              UTF8String (SIZE (1.. MAX)),
      *       bmpString               BMPString (SIZE (1..MAX)) }
-     * </code></pre>
+     * }</pre>
      * <p>
-     * Note that a deep copy is performed on the <code>Collection</code> to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param names a <code>Collection</code> of names (or <code>null</code>)
+     * @param names a {@code Collection} of names (or {@code null})
      * @throws IOException if a parsing error occurs
      * @see #getIssuerNames
      */
@@ -208,11 +208,11 @@
 
     /**
      * Adds a name to the issuerNames criterion. The issuer distinguished
-     * name in the <code>X509CRL</code> must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      * <p>
      * This method allows the caller to add a name to the set of issuer names
-     * which <code>X509CRLs</code> may contain. The specified name is added to
+     * which {@code X509CRLs} may contain. The specified name is added to
      * any previous value for the issuerNames criterion.
      * If the specified name is a duplicate, it may be ignored.
      *
@@ -232,11 +232,11 @@
      * names.
      * <p>
      * Adds a name to the issuerNames criterion. The issuer distinguished
-     * name in the <code>X509CRL</code> must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      * <p>
      * This method allows the caller to add a name to the set of issuer names
-     * which <code>X509CRLs</code> may contain. The specified name is added to
+     * which {@code X509CRLs} may contain. The specified name is added to
      * any previous value for the issuerNames criterion.
      * If the specified name is a duplicate, it may be ignored.
      *
@@ -249,11 +249,11 @@
 
     /**
      * Adds a name to the issuerNames criterion. The issuer distinguished
-     * name in the <code>X509CRL</code> must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      * <p>
      * This method allows the caller to add a name to the set of issuer names
-     * which <code>X509CRLs</code> may contain. The specified name is added to
+     * which {@code X509CRLs} may contain. The specified name is added to
      * any previous value for the issuerNames criterion. If the specified name
      * is a duplicate, it may be ignored.
      * If a name is specified as a byte array, it should contain a single DER
@@ -279,7 +279,7 @@
     /**
      * A private method that adds a name (String or byte array) to the
      * issuerNames criterion. The issuer distinguished
-     * name in the <code>X509CRL</code> must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      *
      * @param name the name in string or byte array form
@@ -301,11 +301,11 @@
      * Clone and check an argument of the form passed to
      * setIssuerNames. Throw an IOException if the argument is malformed.
      *
-     * @param names a <code>Collection</code> of names. Each entry is a
+     * @param names a {@code Collection} of names. Each entry is a
      *              String or a byte array (the name, in string or ASN.1
-     *              DER encoded form, respectively). <code>null</code> is
+     *              DER encoded form, respectively). {@code null} is
      *              not an acceptable value.
-     * @return a deep copy of the specified <code>Collection</code>
+     * @return a deep copy of the specified {@code Collection}
      * @throws IOException if a parsing error occurs
      */
     private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names)
@@ -334,11 +334,11 @@
      * into a RuntimeException. This method should be used when the object being
      * cloned has already been checked, so there should never be any exceptions.
      *
-     * @param names a <code>Collection</code> of names. Each entry is a
+     * @param names a {@code Collection} of names. Each entry is a
      *              String or a byte array (the name, in string or ASN.1
-     *              DER encoded form, respectively). <code>null</code> is
+     *              DER encoded form, respectively). {@code null} is
      *              not an acceptable value.
-     * @return a deep copy of the specified <code>Collection</code>
+     * @return a deep copy of the specified {@code Collection}
      * @throws RuntimeException if a parsing error occurs
      */
     private static HashSet<Object> cloneIssuerNames(Collection<Object> names) {
@@ -354,7 +354,7 @@
      * returning a Collection of issuerX500Principals.
      * Throw an IOException if the argument is malformed.
      *
-     * @param names a <code>Collection</code> of names. Each entry is a
+     * @param names a {@code Collection} of names. Each entry is a
      *              String or a byte array (the name, in string or ASN.1
      *              DER encoded form, respectively). <Code>Null</Code> is
      *              not an acceptable value.
@@ -380,24 +380,24 @@
     }
 
     /**
-     * Sets the minCRLNumber criterion. The <code>X509CRL</code> must have a
+     * Sets the minCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is greater than or equal to the
-     * specified value. If <code>null</code>, no minCRLNumber check will be
+     * specified value. If {@code null}, no minCRLNumber check will be
      * done.
      *
-     * @param minCRL the minimum CRL number accepted (or <code>null</code>)
+     * @param minCRL the minimum CRL number accepted (or {@code null})
      */
     public void setMinCRLNumber(BigInteger minCRL) {
         this.minCRL = minCRL;
     }
 
     /**
-     * Sets the maxCRLNumber criterion. The <code>X509CRL</code> must have a
+     * Sets the maxCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is less than or equal to the
-     * specified value. If <code>null</code>, no maxCRLNumber check will be
+     * specified value. If {@code null}, no maxCRLNumber check will be
      * done.
      *
-     * @param maxCRL the maximum CRL number accepted (or <code>null</code>)
+     * @param maxCRL the maximum CRL number accepted (or {@code null})
      */
     public void setMaxCRLNumber(BigInteger maxCRL) {
         this.maxCRL = maxCRL;
@@ -406,16 +406,16 @@
     /**
      * Sets the dateAndTime criterion. The specified date must be
      * equal to or later than the value of the thisUpdate component
-     * of the <code>X509CRL</code> and earlier than the value of the
-     * nextUpdate component. There is no match if the <code>X509CRL</code>
+     * of the {@code X509CRL} and earlier than the value of the
+     * nextUpdate component. There is no match if the {@code X509CRL}
      * does not contain a nextUpdate component.
-     * If <code>null</code>, no dateAndTime check will be done.
+     * If {@code null}, no dateAndTime check will be done.
      * <p>
-     * Note that the <code>Date</code> supplied here is cloned to protect
+     * Note that the {@code Date} supplied here is cloned to protect
      * against subsequent modifications.
      *
-     * @param dateAndTime the <code>Date</code> to match against
-     *                    (or <code>null</code>)
+     * @param dateAndTime the {@code Date} to match against
+     *                    (or {@code null})
      * @see #getDateAndTime
      */
     public void setDateAndTime(Date dateAndTime) {
@@ -438,13 +438,13 @@
 
     /**
      * Sets the certificate being checked. This is not a criterion. Rather,
-     * it is optional information that may help a <code>CertStore</code>
+     * it is optional information that may help a {@code CertStore}
      * find CRLs that would be relevant when checking revocation for the
-     * specified certificate. If <code>null</code> is specified, then no
+     * specified certificate. If {@code null} is specified, then no
      * such optional information is provided.
      *
-     * @param cert the <code>X509Certificate</code> being checked
-     *             (or <code>null</code>)
+     * @param cert the {@code X509Certificate} being checked
+     *             (or {@code null})
      * @see #getCertificateChecking
      */
     public void setCertificateChecking(X509Certificate cert) {
@@ -453,15 +453,15 @@
 
     /**
      * Returns the issuerNames criterion. The issuer distinguished
-     * name in the <code>X509CRL</code> must match at least one of the specified
-     * distinguished names. If the value returned is <code>null</code>, any
+     * name in the {@code X509CRL} must match at least one of the specified
+     * distinguished names. If the value returned is {@code null}, any
      * issuer distinguished name will do.
      * <p>
-     * If the value returned is not <code>null</code>, it is a
-     * unmodifiable <code>Collection</code> of <code>X500Principal</code>s.
+     * If the value returned is not {@code null}, it is a
+     * unmodifiable {@code Collection} of {@code X500Principal}s.
      *
-     * @return an unmodifiable <code>Collection</code> of names
-     *   (or <code>null</code>)
+     * @return an unmodifiable {@code Collection} of names
+     *   (or {@code null})
      * @see #setIssuers
      * @since 1.5
      */
@@ -474,25 +474,25 @@
 
     /**
      * Returns a copy of the issuerNames criterion. The issuer distinguished
-     * name in the <code>X509CRL</code> must match at least one of the specified
-     * distinguished names. If the value returned is <code>null</code>, any
+     * name in the {@code X509CRL} must match at least one of the specified
+     * distinguished names. If the value returned is {@code null}, any
      * issuer distinguished name will do.
      * <p>
-     * If the value returned is not <code>null</code>, it is a
-     * <code>Collection</code> of names. Each name is a <code>String</code>
+     * If the value returned is not {@code null}, it is a
+     * {@code Collection} of names. Each name is a {@code String}
      * or a byte array representing a distinguished name (in RFC 2253 or
      * ASN.1 DER encoded form, respectively).  Note that the
-     * <code>Collection</code> returned may contain duplicate names.
+     * {@code Collection} returned may contain duplicate names.
      * <p>
      * If a name is specified as a byte array, it should contain a single DER
      * encoded distinguished name, as defined in X.501. The ASN.1 notation for
      * this structure is given in the documentation for
      * {@link #setIssuerNames setIssuerNames(Collection names)}.
      * <p>
-     * Note that a deep copy is performed on the <code>Collection</code> to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @return a <code>Collection</code> of names (or <code>null</code>)
+     * @return a {@code Collection} of names (or {@code null})
      * @see #setIssuerNames
      */
     public Collection<Object> getIssuerNames() {
@@ -503,23 +503,23 @@
     }
 
     /**
-     * Returns the minCRLNumber criterion. The <code>X509CRL</code> must have a
+     * Returns the minCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is greater than or equal to the
-     * specified value. If <code>null</code>, no minCRLNumber check will be done.
+     * specified value. If {@code null}, no minCRLNumber check will be done.
      *
-     * @return the minimum CRL number accepted (or <code>null</code>)
+     * @return the minimum CRL number accepted (or {@code null})
      */
     public BigInteger getMinCRL() {
         return minCRL;
     }
 
     /**
-     * Returns the maxCRLNumber criterion. The <code>X509CRL</code> must have a
+     * Returns the maxCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is less than or equal to the
-     * specified value. If <code>null</code>, no maxCRLNumber check will be
+     * specified value. If {@code null}, no maxCRLNumber check will be
      * done.
      *
-     * @return the maximum CRL number accepted (or <code>null</code>)
+     * @return the maximum CRL number accepted (or {@code null})
      */
     public BigInteger getMaxCRL() {
         return maxCRL;
@@ -528,15 +528,15 @@
     /**
      * Returns the dateAndTime criterion. The specified date must be
      * equal to or later than the value of the thisUpdate component
-     * of the <code>X509CRL</code> and earlier than the value of the
+     * of the {@code X509CRL} and earlier than the value of the
      * nextUpdate component. There is no match if the
-     * <code>X509CRL</code> does not contain a nextUpdate component.
-     * If <code>null</code>, no dateAndTime check will be done.
+     * {@code X509CRL} does not contain a nextUpdate component.
+     * If {@code null}, no dateAndTime check will be done.
      * <p>
-     * Note that the <code>Date</code> returned is cloned to protect against
+     * Note that the {@code Date} returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the <code>Date</code> to match against (or <code>null</code>)
+     * @return the {@code Date} to match against (or {@code null})
      * @see #setDateAndTime
      */
     public Date getDateAndTime() {
@@ -547,12 +547,12 @@
 
     /**
      * Returns the certificate being checked. This is not a criterion. Rather,
-     * it is optional information that may help a <code>CertStore</code>
+     * it is optional information that may help a {@code CertStore}
      * find CRLs that would be relevant when checking revocation for the
-     * specified certificate. If the value returned is <code>null</code>, then
+     * specified certificate. If the value returned is {@code null}, then
      * no such optional information is provided.
      *
-     * @return the certificate being checked (or <code>null</code>)
+     * @return the certificate being checked (or {@code null})
      * @see #setCertificateChecking
      */
     public X509Certificate getCertificateChecking() {
@@ -560,10 +560,10 @@
     }
 
     /**
-     * Returns a printable representation of the <code>X509CRLSelector</code>.
+     * Returns a printable representation of the {@code X509CRLSelector}.
      *
-     * @return a <code>String</code> describing the contents of the
-     *         <code>X509CRLSelector</code>.
+     * @return a {@code String} describing the contents of the
+     *         {@code X509CRLSelector}.
      */
     public String toString() {
         StringBuffer sb = new StringBuffer();
@@ -587,11 +587,11 @@
     }
 
     /**
-     * Decides whether a <code>CRL</code> should be selected.
+     * Decides whether a {@code CRL} should be selected.
      *
-     * @param crl the <code>CRL</code> to be checked
-     * @return <code>true</code> if the <code>CRL</code> should be selected,
-     *         <code>false</code> otherwise
+     * @param crl the {@code CRL} to be checked
+     * @return {@code true} if the {@code CRL} should be selected,
+     *         {@code false} otherwise
      */
     public boolean match(CRL crl) {
         if (!(crl instanceof X509CRL)) {
--- a/src/share/classes/java/security/cert/X509CertSelector.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/X509CertSelector.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,27 +39,27 @@
 import sun.security.x509.*;
 
 /**
- * A <code>CertSelector</code> that selects <code>X509Certificates</code> that
+ * A {@code CertSelector} that selects {@code X509Certificates} that
  * match all specified criteria. This class is particularly useful when
- * selecting certificates from a <code>CertStore</code> to build a
+ * selecting certificates from a {@code CertStore} to build a
  * PKIX-compliant certification path.
  * <p>
- * When first constructed, an <code>X509CertSelector</code> has no criteria
- * enabled and each of the <code>get</code> methods return a default value
- * (<code>null</code>, or <code>-1</code> for the {@link #getBasicConstraints
+ * When first constructed, an {@code X509CertSelector} has no criteria
+ * enabled and each of the {@code get} methods return a default value
+ * ({@code null}, or {@code -1} for the {@link #getBasicConstraints
  * getBasicConstraints} method). Therefore, the {@link #match match}
- * method would return <code>true</code> for any <code>X509Certificate</code>.
+ * method would return {@code true} for any {@code X509Certificate}.
  * Typically, several criteria are enabled (by calling
  * {@link #setIssuer setIssuer} or
  * {@link #setKeyUsage setKeyUsage}, for instance) and then the
- * <code>X509CertSelector</code> is passed to
+ * {@code X509CertSelector} is passed to
  * {@link CertStore#getCertificates CertStore.getCertificates} or some similar
  * method.
  * <p>
  * Several criteria can be enabled (by calling {@link #setIssuer setIssuer}
  * and {@link #setSerialNumber setSerialNumber},
- * for example) such that the <code>match</code> method
- * usually uniquely matches a single <code>X509Certificate</code>. We say
+ * for example) such that the {@code match} method
+ * usually uniquely matches a single {@code X509Certificate}. We say
  * usually, since it is possible for two issuing CAs to have the same
  * distinguished name and each issue a certificate with the same serial
  * number. Other unique combinations include the issuer, subject,
@@ -149,8 +149,8 @@
     static final int NAME_OID = 8;
 
     /**
-     * Creates an <code>X509CertSelector</code>. Initially, no criteria are set
-     * so any <code>X509Certificate</code> will match.
+     * Creates an {@code X509CertSelector}. Initially, no criteria are set
+     * so any {@code X509Certificate} will match.
      */
     public X509CertSelector() {
         // empty
@@ -158,17 +158,17 @@
 
     /**
      * Sets the certificateEquals criterion. The specified
-     * <code>X509Certificate</code> must be equal to the
-     * <code>X509Certificate</code> passed to the <code>match</code> method.
-     * If <code>null</code>, then this check is not applied.
+     * {@code X509Certificate} must be equal to the
+     * {@code X509Certificate} passed to the {@code match} method.
+     * If {@code null}, then this check is not applied.
      *
      * <p>This method is particularly useful when it is necessary to
      * match a single certificate. Although other criteria can be specified
      * in conjunction with the certificateEquals criterion, it is usually not
      * practical or necessary.
      *
-     * @param cert the <code>X509Certificate</code> to match (or
-     * <code>null</code>)
+     * @param cert the {@code X509Certificate} to match (or
+     * {@code null})
      * @see #getCertificate
      */
     public void setCertificate(X509Certificate cert) {
@@ -178,11 +178,11 @@
     /**
      * Sets the serialNumber criterion. The specified serial number
      * must match the certificate serial number in the
-     * <code>X509Certificate</code>. If <code>null</code>, any certificate
+     * {@code X509Certificate}. If {@code null}, any certificate
      * serial number will do.
      *
      * @param serial the certificate serial number to match
-     *        (or <code>null</code>)
+     *        (or {@code null})
      * @see #getSerialNumber
      */
     public void setSerialNumber(BigInteger serial) {
@@ -192,11 +192,11 @@
     /**
      * Sets the issuer criterion. The specified distinguished name
      * must match the issuer distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, any issuer
+     * {@code X509Certificate}. If {@code null}, any issuer
      * distinguished name will do.
      *
      * @param issuer a distinguished name as X500Principal
-     *                 (or <code>null</code>)
+     *                 (or {@code null})
      * @since 1.5
      */
     public void setIssuer(X500Principal issuer) {
@@ -213,14 +213,14 @@
      * <p>
      * Sets the issuer criterion. The specified distinguished name
      * must match the issuer distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, any issuer
+     * {@code X509Certificate}. If {@code null}, any issuer
      * distinguished name will do.
      * <p>
-     * If <code>issuerDN</code> is not <code>null</code>, it should contain a
+     * If {@code issuerDN} is not {@code null}, it should contain a
      * distinguished name, in RFC 2253 format.
      *
      * @param issuerDN a distinguished name in RFC 2253 format
-     *                 (or <code>null</code>)
+     *                 (or {@code null})
      * @throws IOException if a parsing error occurs (incorrect form for DN)
      */
     public void setIssuer(String issuerDN) throws IOException {
@@ -234,14 +234,14 @@
     /**
      * Sets the issuer criterion. The specified distinguished name
      * must match the issuer distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code> is specified,
+     * {@code X509Certificate}. If {@code null} is specified,
      * the issuer criterion is disabled and any issuer distinguished name will
      * do.
      * <p>
-     * If <code>issuerDN</code> is not <code>null</code>, it should contain a
+     * If {@code issuerDN} is not {@code null}, it should contain a
      * single DER encoded distinguished name, as defined in X.501. The ASN.1
      * notation for this structure is as follows.
-     * <pre><code>
+     * <pre>{@code
      * Name ::= CHOICE {
      *   RDNSequence }
      *
@@ -264,13 +264,13 @@
      *       universalString         UniversalString (SIZE (1..MAX)),
      *       utf8String              UTF8String (SIZE (1.. MAX)),
      *       bmpString               BMPString (SIZE (1..MAX)) }
-     * </code></pre>
+     * }</pre>
      * <p>
      * Note that the byte array specified here is cloned to protect against
      * subsequent modifications.
      *
      * @param issuerDN a byte array containing the distinguished name
-     *                 in ASN.1 DER encoded form (or <code>null</code>)
+     *                 in ASN.1 DER encoded form (or {@code null})
      * @throws IOException if an encoding error occurs (incorrect form for DN)
      */
     public void setIssuer(byte[] issuerDN) throws IOException {
@@ -284,11 +284,11 @@
     /**
      * Sets the subject criterion. The specified distinguished name
      * must match the subject distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, any subject
+     * {@code X509Certificate}. If {@code null}, any subject
      * distinguished name will do.
      *
      * @param subject a distinguished name as X500Principal
-     *                  (or <code>null</code>)
+     *                  (or {@code null})
      * @since 1.5
      */
     public void setSubject(X500Principal subject) {
@@ -304,14 +304,14 @@
      * <p>
      * Sets the subject criterion. The specified distinguished name
      * must match the subject distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, any subject
+     * {@code X509Certificate}. If {@code null}, any subject
      * distinguished name will do.
      * <p>
-     * If <code>subjectDN</code> is not <code>null</code>, it should contain a
+     * If {@code subjectDN} is not {@code null}, it should contain a
      * distinguished name, in RFC 2253 format.
      *
      * @param subjectDN a distinguished name in RFC 2253 format
-     *                  (or <code>null</code>)
+     *                  (or {@code null})
      * @throws IOException if a parsing error occurs (incorrect form for DN)
      */
     public void setSubject(String subjectDN) throws IOException {
@@ -325,16 +325,16 @@
     /**
      * Sets the subject criterion. The specified distinguished name
      * must match the subject distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, any subject
+     * {@code X509Certificate}. If {@code null}, any subject
      * distinguished name will do.
      * <p>
-     * If <code>subjectDN</code> is not <code>null</code>, it should contain a
+     * If {@code subjectDN} is not {@code null}, it should contain a
      * single DER encoded distinguished name, as defined in X.501. For the ASN.1
      * notation for this structure, see
      * {@link #setIssuer(byte [] issuerDN) setIssuer(byte [] issuerDN)}.
      *
      * @param subjectDN a byte array containing the distinguished name in
-     *                  ASN.1 DER format (or <code>null</code>)
+     *                  ASN.1 DER format (or {@code null})
      * @throws IOException if an encoding error occurs (incorrect form for DN)
      */
     public void setSubject(byte[] subjectDN) throws IOException {
@@ -347,34 +347,34 @@
 
     /**
      * Sets the subjectKeyIdentifier criterion. The
-     * <code>X509Certificate</code> must contain a SubjectKeyIdentifier
+     * {@code X509Certificate} must contain a SubjectKeyIdentifier
      * extension for which the contents of the extension
      * matches the specified criterion value.
-     * If the criterion value is <code>null</code>, no
+     * If the criterion value is {@code null}, no
      * subjectKeyIdentifier check will be done.
      * <p>
-     * If <code>subjectKeyID</code> is not <code>null</code>, it
+     * If {@code subjectKeyID} is not {@code null}, it
      * should contain a single DER encoded value corresponding to the contents
      * of the extension value (not including the object identifier,
      * criticality setting, and encapsulating OCTET STRING)
      * for a SubjectKeyIdentifier extension.
      * The ASN.1 notation for this structure follows.
      * <p>
-     * <pre><code>
+     * <pre>{@code
      * SubjectKeyIdentifier ::= KeyIdentifier
      *
      * KeyIdentifier ::= OCTET STRING
-     * </code></pre>
+     * }</pre>
      * <p>
      * Since the format of subject key identifiers is not mandated by
      * any standard, subject key identifiers are not parsed by the
-     * <code>X509CertSelector</code>. Instead, the values are compared using
+     * {@code X509CertSelector}. Instead, the values are compared using
      * a byte-by-byte comparison.
      * <p>
      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
      *
-     * @param subjectKeyID the subject key identifier (or <code>null</code>)
+     * @param subjectKeyID the subject key identifier (or {@code null})
      * @see #getSubjectKeyIdentifier
      */
     public void setSubjectKeyIdentifier(byte[] subjectKeyID) {
@@ -387,46 +387,46 @@
 
     /**
      * Sets the authorityKeyIdentifier criterion. The
-     * <code>X509Certificate</code> must contain an
+     * {@code X509Certificate} must contain an
      * AuthorityKeyIdentifier extension for which the contents of the
      * extension value matches the specified criterion value.
-     * If the criterion value is <code>null</code>, no
+     * If the criterion value is {@code null}, no
      * authorityKeyIdentifier check will be done.
      * <p>
-     * If <code>authorityKeyID</code> is not <code>null</code>, it
+     * If {@code authorityKeyID} is not {@code null}, it
      * should contain a single DER encoded value corresponding to the contents
      * of the extension value (not including the object identifier,
      * criticality setting, and encapsulating OCTET STRING)
      * for an AuthorityKeyIdentifier extension.
      * The ASN.1 notation for this structure follows.
      * <p>
-     * <pre><code>
+     * <pre>{@code
      * AuthorityKeyIdentifier ::= SEQUENCE {
      *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
      *
      * KeyIdentifier ::= OCTET STRING
-     * </code></pre>
+     * }</pre>
      * <p>
      * Authority key identifiers are not parsed by the
-     * <code>X509CertSelector</code>.  Instead, the values are
+     * {@code X509CertSelector}.  Instead, the values are
      * compared using a byte-by-byte comparison.
      * <p>
-     * When the <code>keyIdentifier</code> field of
-     * <code>AuthorityKeyIdentifier</code> is populated, the value is
-     * usually taken from the <code>SubjectKeyIdentifier</code> extension
+     * When the {@code keyIdentifier} field of
+     * {@code AuthorityKeyIdentifier} is populated, the value is
+     * usually taken from the {@code SubjectKeyIdentifier} extension
      * in the issuer's certificate.  Note, however, that the result of
-     * <code>X509Certificate.getExtensionValue(&lt;SubjectKeyIdentifier Object
-     * Identifier&gt;)</code> on the issuer's certificate may NOT be used
-     * directly as the input to <code>setAuthorityKeyIdentifier</code>.
+     * {@code X509Certificate.getExtensionValue(<SubjectKeyIdentifier Object
+     * Identifier>)} on the issuer's certificate may NOT be used
+     * directly as the input to {@code setAuthorityKeyIdentifier}.
      * This is because the SubjectKeyIdentifier contains
      * only a KeyIdentifier OCTET STRING, and not a SEQUENCE of
      * KeyIdentifier, GeneralNames, and CertificateSerialNumber.
      * In order to use the extension value of the issuer certificate's
-     * <code>SubjectKeyIdentifier</code>
+     * {@code SubjectKeyIdentifier}
      * extension, it will be necessary to extract the value of the embedded
-     * <code>KeyIdentifier</code> OCTET STRING, then DER encode this OCTET
+     * {@code KeyIdentifier} OCTET STRING, then DER encode this OCTET
      * STRING inside a SEQUENCE.
      * For more details on SubjectKeyIdentifier, see
      * {@link #setSubjectKeyIdentifier(byte[] subjectKeyID)}.
@@ -435,7 +435,7 @@
      * subsequent modifications.
      *
      * @param authorityKeyID the authority key identifier
-     *        (or <code>null</code>)
+     *        (or {@code null})
      * @see #getAuthorityKeyIdentifier
      */
     public void setAuthorityKeyIdentifier(byte[] authorityKeyID) {
@@ -449,13 +449,13 @@
     /**
      * Sets the certificateValid criterion. The specified date must fall
      * within the certificate validity period for the
-     * <code>X509Certificate</code>. If <code>null</code>, no certificateValid
+     * {@code X509Certificate}. If {@code null}, no certificateValid
      * check will be done.
      * <p>
-     * Note that the <code>Date</code> supplied here is cloned to protect
+     * Note that the {@code Date} supplied here is cloned to protect
      * against subsequent modifications.
      *
-     * @param certValid the <code>Date</code> to check (or <code>null</code>)
+     * @param certValid the {@code Date} to check (or {@code null})
      * @see #getCertificateValid
      */
     public void setCertificateValid(Date certValid) {
@@ -469,14 +469,14 @@
     /**
      * Sets the privateKeyValid criterion. The specified date must fall
      * within the private key validity period for the
-     * <code>X509Certificate</code>. If <code>null</code>, no privateKeyValid
+     * {@code X509Certificate}. If {@code null}, no privateKeyValid
      * check will be done.
      * <p>
-     * Note that the <code>Date</code> supplied here is cloned to protect
+     * Note that the {@code Date} supplied here is cloned to protect
      * against subsequent modifications.
      *
-     * @param privateKeyValid the <code>Date</code> to check (or
-     *                        <code>null</code>)
+     * @param privateKeyValid the {@code Date} to check (or
+     *                        {@code null})
      * @see #getPrivateKeyValid
      */
     public void setPrivateKeyValid(Date privateKeyValid) {
@@ -489,12 +489,12 @@
 
     /**
      * Sets the subjectPublicKeyAlgID criterion. The
-     * <code>X509Certificate</code> must contain a subject public key
-     * with the specified algorithm. If <code>null</code>, no
+     * {@code X509Certificate} must contain a subject public key
+     * with the specified algorithm. If {@code null}, no
      * subjectPublicKeyAlgID check will be done.
      *
      * @param oid The object identifier (OID) of the algorithm to check
-     *            for (or <code>null</code>). An OID is represented by a
+     *            for (or {@code null}). An OID is represented by a
      *            set of nonnegative integers separated by periods.
      * @throws IOException if the OID is invalid, such as
      * the first component being not 0, 1 or 2 or the second component
@@ -512,10 +512,10 @@
 
     /**
      * Sets the subjectPublicKey criterion. The
-     * <code>X509Certificate</code> must contain the specified subject public
-     * key. If <code>null</code>, no subjectPublicKey check will be done.
+     * {@code X509Certificate} must contain the specified subject public
+     * key. If {@code null}, no subjectPublicKey check will be done.
      *
-     * @param key the subject public key to check for (or <code>null</code>)
+     * @param key the subject public key to check for (or {@code null})
      * @see #getSubjectPublicKey
      */
     public void setSubjectPublicKey(PublicKey key) {
@@ -529,17 +529,17 @@
     }
 
     /**
-     * Sets the subjectPublicKey criterion. The <code>X509Certificate</code>
-     * must contain the specified subject public key. If <code>null</code>,
+     * Sets the subjectPublicKey criterion. The {@code X509Certificate}
+     * must contain the specified subject public key. If {@code null},
      * no subjectPublicKey check will be done.
      * <p>
      * Because this method allows the public key to be specified as a byte
      * array, it may be used for unknown key types.
      * <p>
-     * If <code>key</code> is not <code>null</code>, it should contain a
+     * If {@code key} is not {@code null}, it should contain a
      * single DER encoded SubjectPublicKeyInfo structure, as defined in X.509.
      * The ASN.1 notation for this structure is as follows.
-     * <pre><code>
+     * <pre>{@code
      * SubjectPublicKeyInfo  ::=  SEQUENCE  {
      *   algorithm            AlgorithmIdentifier,
      *   subjectPublicKey     BIT STRING  }
@@ -550,13 +550,13 @@
      *                              -- contains a value of the type
      *                              -- registered for use with the
      *                              -- algorithm object identifier value
-     * </code></pre>
+     * }</pre>
      * <p>
      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
      *
      * @param key a byte array containing the subject public key in ASN.1 DER
-     *            form (or <code>null</code>)
+     *            form (or {@code null})
      * @throws IOException if an encoding error occurs (incorrect form for
      * subject public key)
      * @see #getSubjectPublicKey
@@ -572,9 +572,9 @@
     }
 
     /**
-     * Sets the keyUsage criterion. The <code>X509Certificate</code>
-     * must allow the specified keyUsage values. If <code>null</code>, no
-     * keyUsage check will be done. Note that an <code>X509Certificate</code>
+     * Sets the keyUsage criterion. The {@code X509Certificate}
+     * must allow the specified keyUsage values. If {@code null}, no
+     * keyUsage check will be done. Note that an {@code X509Certificate}
      * that has no keyUsage extension implicitly allows all keyUsage values.
      * <p>
      * Note that the boolean array supplied here is cloned to protect against
@@ -583,7 +583,7 @@
      * @param keyUsage a boolean array in the same format as the boolean
      *                 array returned by
      * {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}.
-     *                 Or <code>null</code>.
+     *                 Or {@code null}.
      * @see #getKeyUsage
      */
     public void setKeyUsage(boolean[] keyUsage) {
@@ -595,18 +595,18 @@
     }
 
     /**
-     * Sets the extendedKeyUsage criterion. The <code>X509Certificate</code>
+     * Sets the extendedKeyUsage criterion. The {@code X509Certificate}
      * must allow the specified key purposes in its extended key usage
-     * extension. If <code>keyPurposeSet</code> is empty or <code>null</code>,
+     * extension. If {@code keyPurposeSet} is empty or {@code null},
      * no extendedKeyUsage check will be done. Note that an
-     * <code>X509Certificate</code> that has no extendedKeyUsage extension
+     * {@code X509Certificate} that has no extendedKeyUsage extension
      * implicitly allows all key purposes.
      * <p>
-     * Note that the <code>Set</code> is cloned to protect against
+     * Note that the {@code Set} is cloned to protect against
      * subsequent modifications.
      *
-     * @param keyPurposeSet a <code>Set</code> of key purpose OIDs in string
-     * format (or <code>null</code>). Each OID is represented by a set of
+     * @param keyPurposeSet a {@code Set} of key purpose OIDs in string
+     * format (or {@code null}). Each OID is represented by a set of
      * nonnegative integers separated by periods.
      * @throws IOException if the OID is invalid, such as
      * the first component being not 0, 1 or 2 or the second component
@@ -632,15 +632,15 @@
      * specified in the {@link #setSubjectAlternativeNames
      * setSubjectAlternativeNames} or {@link #addSubjectAlternativeName
      * addSubjectAlternativeName} methods. If enabled,
-     * the <code>X509Certificate</code> must contain all of the
+     * the {@code X509Certificate} must contain all of the
      * specified subject alternative names. If disabled, the
-     * <code>X509Certificate</code> must contain at least one of the
+     * {@code X509Certificate} must contain at least one of the
      * specified subject alternative names.
      *
-     * <p>The matchAllNames flag is <code>true</code> by default.
+     * <p>The matchAllNames flag is {@code true} by default.
      *
-     * @param matchAllNames if <code>true</code>, the flag is enabled;
-     * if <code>false</code>, the flag is disabled.
+     * @param matchAllNames if {@code true}, the flag is enabled;
+     * if {@code false}, the flag is disabled.
      * @see #getMatchAllSubjectAltNames
      */
     public void setMatchAllSubjectAltNames(boolean matchAllNames) {
@@ -649,7 +649,7 @@
 
     /**
      * Sets the subjectAlternativeNames criterion. The
-     * <code>X509Certificate</code> must contain all or at least one of the
+     * {@code X509Certificate} must contain all or at least one of the
      * specified subjectAlternativeNames, depending on the value of
      * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
      * setMatchAllSubjectAltNames}).
@@ -659,19 +659,19 @@
      * subjectAlternativeNames criterion. The specified value replaces
      * the previous value for the subjectAlternativeNames criterion.
      * <p>
-     * The <code>names</code> parameter (if not <code>null</code>) is a
-     * <code>Collection</code> with one
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} with one
      * entry for each name to be included in the subject alternative name
-     * criterion. Each entry is a <code>List</code> whose first entry is an
-     * <code>Integer</code> (the name type, 0-8) and whose second
-     * entry is a <code>String</code> or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
-     * There can be multiple names of the same type. If <code>null</code>
+     * There can be multiple names of the same type. If {@code null}
      * is supplied as the value for this argument, no
      * subjectAlternativeNames check will be performed.
      * <p>
-     * Each subject alternative name in the <code>Collection</code>
-     * may be specified either as a <code>String</code> or as an ASN.1 encoded
+     * Each subject alternative name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addSubjectAlternativeName(int type, String name)
      * addSubjectAlternativeName(int type, String name)} and
@@ -682,15 +682,15 @@
      * array form instead of the String form. See the note in
      * {@link #addSubjectAlternativeName(int, String)} for more information.
      * <p>
-     * Note that the <code>names</code> parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * names (same name and name type), but they may be removed from the
-     * <code>Collection</code> of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getSubjectAlternativeNames getSubjectAlternativeNames} method.
      * <p>
-     * Note that a deep copy is performed on the <code>Collection</code> to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param names a <code>Collection</code> of names (or <code>null</code>)
+     * @param names a {@code Collection} of names (or {@code null})
      * @throws IOException if a parsing error occurs
      * @see #getSubjectAlternativeNames
      */
@@ -714,7 +714,7 @@
 
     /**
      * Adds a name to the subjectAlternativeNames criterion. The
-     * <code>X509Certificate</code> must contain all or at least one
+     * {@code X509Certificate} must contain all or at least one
      * of the specified subjectAlternativeNames, depending on the value of
      * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
      * setMatchAllSubjectAltNames}).
@@ -747,7 +747,7 @@
      *
      * @param type the name type (0-8, as specified in
      *             RFC 3280, section 4.2.1.7)
-     * @param name the name in string form (not <code>null</code>)
+     * @param name the name in string form (not {@code null})
      * @throws IOException if a parsing error occurs
      */
     public void addSubjectAlternativeName(int type, String name)
@@ -757,7 +757,7 @@
 
     /**
      * Adds a name to the subjectAlternativeNames criterion. The
-     * <code>X509Certificate</code> must contain all or at least one
+     * {@code X509Certificate} must contain all or at least one
      * of the specified subjectAlternativeNames, depending on the value of
      * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
      * setMatchAllSubjectAltNames}).
@@ -774,7 +774,7 @@
      * the encoded value of the name, and should not include the tag associated
      * with the name in the GeneralName structure. The ASN.1 definition of this
      * structure appears below.
-     * <pre><code>
+     * <pre>{@code
      *  GeneralName ::= CHOICE {
      *       otherName                       [0]     OtherName,
      *       rfc822Name                      [1]     IA5String,
@@ -785,7 +785,7 @@
      *       uniformResourceIdentifier       [6]     IA5String,
      *       iPAddress                       [7]     OCTET STRING,
      *       registeredID                    [8]     OBJECT IDENTIFIER}
-     * </code></pre>
+     * }</pre>
      * <p>
      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
@@ -802,7 +802,7 @@
 
     /**
      * A private method that adds a name (String or byte array) to the
-     * subjectAlternativeNames criterion. The <code>X509Certificate</code>
+     * subjectAlternativeNames criterion. The {@code X509Certificate}
      * must contain the specified subjectAlternativeName.
      *
      * @param type the name type (0-8, as specified in
@@ -829,19 +829,19 @@
 
     /**
      * Parse an argument of the form passed to setSubjectAlternativeNames,
-     * returning a <code>Collection</code> of
-     * <code>GeneralNameInterface</code>s.
+     * returning a {@code Collection} of
+     * {@code GeneralNameInterface}s.
      * Throw an IllegalArgumentException or a ClassCastException
      * if the argument is malformed.
      *
      * @param names a Collection with one entry per name.
-     *              Each entry is a <code>List</code> whose first entry
+     *              Each entry is a {@code List} whose first entry
      *              is an Integer (the name type, 0-8) and whose second
      *              entry is a String or a byte array (the name, in
      *              string or ASN.1 DER encoded form, respectively).
      *              There can be multiple names of the same type. Null is
      *              not an acceptable value.
-     * @return a Set of <code>GeneralNameInterface</code>s
+     * @return a Set of {@code GeneralNameInterface}s
      * @throws IOException if a parsing error occurs
      */
     private static Set<GeneralNameInterface> parseNames(Collection<List<?>> names) throws IOException {
@@ -865,8 +865,8 @@
     /**
      * Compare for equality two objects of the form passed to
      * setSubjectAlternativeNames (or X509CRLSelector.setIssuerNames).
-     * Throw an <code>IllegalArgumentException</code> or a
-     * <code>ClassCastException</code> if one of the objects is malformed.
+     * Throw an {@code IllegalArgumentException} or a
+     * {@code ClassCastException} if one of the objects is malformed.
      *
      * @param object1 a Collection containing the first object to compare
      * @param object2 a Collection containing the second object to compare
@@ -880,7 +880,7 @@
     }
 
     /**
-     * Make a <code>GeneralNameInterface</code> out of a name type (0-8) and an
+     * Make a {@code GeneralNameInterface} out of a name type (0-8) and an
      * Object that may be a byte array holding the ASN.1 DER encoded
      * name or a String form of the name.  Except for X.509
      * Distinguished Names, the String form of the name must not be the
@@ -989,7 +989,7 @@
 
 
     /**
-     * Sets the name constraints criterion. The <code>X509Certificate</code>
+     * Sets the name constraints criterion. The {@code X509Certificate}
      * must have subject and subject alternative names that
      * meet the specified name constraints.
      * <p>
@@ -998,7 +998,7 @@
      * would appear in the NameConstraints structure defined in RFC 3280
      * and X.509. The ASN.1 definition of this structure appears below.
      *
-     * <pre><code>
+     * <pre>{@code
      *  NameConstraints ::= SEQUENCE {
      *       permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
      *       excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
@@ -1022,7 +1022,7 @@
      *       uniformResourceIdentifier       [6]     IA5String,
      *       iPAddress                       [7]     OCTET STRING,
      *       registeredID                    [8]     OBJECT IDENTIFIER}
-     * </code></pre>
+     * }</pre>
      * <p>
      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
@@ -1031,7 +1031,7 @@
      *              a NameConstraints extension to be used for checking
      *              name constraints. Only the value of the extension is
      *              included, not the OID or criticality flag. Can be
-     *              <code>null</code>,
+     *              {@code null},
      *              in which case no name constraints check will be performed.
      * @throws IOException if a parsing error occurs
      * @see #getNameConstraints
@@ -1048,7 +1048,7 @@
 
     /**
      * Sets the basic constraints constraint. If the value is greater than or
-     * equal to zero, <code>X509Certificates</code> must include a
+     * equal to zero, {@code X509Certificates} must include a
      * basicConstraints extension with
      * a pathLen of at least this value. If the value is -2, only end-entity
      * certificates are accepted. If the value is -1, no check is done.
@@ -1070,18 +1070,18 @@
     }
 
     /**
-     * Sets the policy constraint. The <code>X509Certificate</code> must
+     * Sets the policy constraint. The {@code X509Certificate} must
      * include at least one of the specified policies in its certificate
-     * policies extension. If <code>certPolicySet</code> is empty, then the
-     * <code>X509Certificate</code> must include at least some specified policy
-     * in its certificate policies extension. If <code>certPolicySet</code> is
-     * <code>null</code>, no policy check will be performed.
+     * policies extension. If {@code certPolicySet} is empty, then the
+     * {@code X509Certificate} must include at least some specified policy
+     * in its certificate policies extension. If {@code certPolicySet} is
+     * {@code null}, no policy check will be performed.
      * <p>
-     * Note that the <code>Set</code> is cloned to protect against
+     * Note that the {@code Set} is cloned to protect against
      * subsequent modifications.
      *
-     * @param certPolicySet a <code>Set</code> of certificate policy OIDs in
-     *                      string format (or <code>null</code>). Each OID is
+     * @param certPolicySet a {@code Set} of certificate policy OIDs in
+     *                      string format (or {@code null}). Each OID is
      *                      represented by a set of nonnegative integers
      *                    separated by periods.
      * @throws IOException if a parsing error occurs on the OID such as
@@ -1115,12 +1115,12 @@
     }
 
     /**
-     * Sets the pathToNames criterion. The <code>X509Certificate</code> must
+     * Sets the pathToNames criterion. The {@code X509Certificate} must
      * not include name constraints that would prohibit building a
      * path to the specified names.
      * <p>
      * This method allows the caller to specify, with a single method call,
-     * the complete set of names which the <code>X509Certificates</code>'s
+     * the complete set of names which the {@code X509Certificates}'s
      * name constraints must permit. The specified value replaces
      * the previous value for the pathToNames criterion.
      * <p>
@@ -1129,19 +1129,19 @@
      * built, any candidate certificate must not include name constraints that
      * would prohibit building a path to any of the names in the partial path.
      * <p>
-     * The <code>names</code> parameter (if not <code>null</code>) is a
-     * <code>Collection</code> with one
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} with one
      * entry for each name to be included in the pathToNames
-     * criterion. Each entry is a <code>List</code> whose first entry is an
-     * <code>Integer</code> (the name type, 0-8) and whose second
-     * entry is a <code>String</code> or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
-     * There can be multiple names of the same type. If <code>null</code>
+     * There can be multiple names of the same type. If {@code null}
      * is supplied as the value for this argument, no
      * pathToNames check will be performed.
      * <p>
-     * Each name in the <code>Collection</code>
-     * may be specified either as a <code>String</code> or as an ASN.1 encoded
+     * Each name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addPathToName(int type, String name)
      * addPathToName(int type, String name)} and
@@ -1152,16 +1152,16 @@
      * array form instead of the String form. See the note in
      * {@link #addPathToName(int, String)} for more information.
      * <p>
-     * Note that the <code>names</code> parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * names (same name and name type), but they may be removed from the
-     * <code>Collection</code> of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getPathToNames getPathToNames} method.
      * <p>
-     * Note that a deep copy is performed on the <code>Collection</code> to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param names a <code>Collection</code> with one entry per name
-     *              (or <code>null</code>)
+     * @param names a {@code Collection} with one entry per name
+     *              (or {@code null})
      * @throws IOException if a parsing error occurs
      * @see #getPathToNames
      */
@@ -1186,12 +1186,12 @@
     }
 
     /**
-     * Adds a name to the pathToNames criterion. The <code>X509Certificate</code>
+     * Adds a name to the pathToNames criterion. The {@code X509Certificate}
      * must not include name constraints that would prohibit building a
      * path to the specified name.
      * <p>
      * This method allows the caller to add a name to the set of names which
-     * the <code>X509Certificates</code>'s name constraints must permit.
+     * the {@code X509Certificates}'s name constraints must permit.
      * The specified name is added to any previous value for the
      * pathToNames criterion.  If the name is a duplicate, it may be ignored.
      * <p>
@@ -1223,12 +1223,12 @@
     }
 
     /**
-     * Adds a name to the pathToNames criterion. The <code>X509Certificate</code>
+     * Adds a name to the pathToNames criterion. The {@code X509Certificate}
      * must not include name constraints that would prohibit building a
      * path to the specified name.
      * <p>
      * This method allows the caller to add a name to the set of names which
-     * the <code>X509Certificates</code>'s name constraints must permit.
+     * the {@code X509Certificates}'s name constraints must permit.
      * The specified name is added to any previous value for the
      * pathToNames criterion. If the name is a duplicate, it may be ignored.
      * <p>
@@ -1254,7 +1254,7 @@
 
     /**
      * A private method that adds a name (String or byte array) to the
-     * pathToNames criterion. The <code>X509Certificate</code> must contain
+     * pathToNames criterion. The {@code X509Certificate} must contain
      * the specified pathToName.
      *
      * @param type the name type (0-8, as specified in
@@ -1279,11 +1279,11 @@
 
     /**
      * Returns the certificateEquals criterion. The specified
-     * <code>X509Certificate</code> must be equal to the
-     * <code>X509Certificate</code> passed to the <code>match</code> method.
-     * If <code>null</code>, this check is not applied.
+     * {@code X509Certificate} must be equal to the
+     * {@code X509Certificate} passed to the {@code match} method.
+     * If {@code null}, this check is not applied.
      *
-     * @return the <code>X509Certificate</code> to match (or <code>null</code>)
+     * @return the {@code X509Certificate} to match (or {@code null})
      * @see #setCertificate
      */
     public X509Certificate getCertificate() {
@@ -1293,11 +1293,11 @@
     /**
      * Returns the serialNumber criterion. The specified serial number
      * must match the certificate serial number in the
-     * <code>X509Certificate</code>. If <code>null</code>, any certificate
+     * {@code X509Certificate}. If {@code null}, any certificate
      * serial number will do.
      *
      * @return the certificate serial number to match
-     *                (or <code>null</code>)
+     *                (or {@code null})
      * @see #setSerialNumber
      */
     public BigInteger getSerialNumber() {
@@ -1305,13 +1305,13 @@
     }
 
     /**
-     * Returns the issuer criterion as an <code>X500Principal</code>. This
+     * Returns the issuer criterion as an {@code X500Principal}. This
      * distinguished name must match the issuer distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, the issuer criterion
+     * {@code X509Certificate}. If {@code null}, the issuer criterion
      * is disabled and any issuer distinguished name will do.
      *
      * @return the required issuer distinguished name as X500Principal
-     *         (or <code>null</code>)
+     *         (or {@code null})
      * @since 1.5
      */
     public X500Principal getIssuer() {
@@ -1325,16 +1325,16 @@
      * encoding information in the RFC 2253 String form of some distinguished
      * names.
      * <p>
-     * Returns the issuer criterion as a <code>String</code>. This
+     * Returns the issuer criterion as a {@code String}. This
      * distinguished name must match the issuer distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, the issuer criterion
+     * {@code X509Certificate}. If {@code null}, the issuer criterion
      * is disabled and any issuer distinguished name will do.
      * <p>
-     * If the value returned is not <code>null</code>, it is a
+     * If the value returned is not {@code null}, it is a
      * distinguished name, in RFC 2253 format.
      *
      * @return the required issuer distinguished name in RFC 2253 format
-     *         (or <code>null</code>)
+     *         (or {@code null})
      */
     public String getIssuerAsString() {
         return (issuer == null ? null : issuer.getName());
@@ -1343,10 +1343,10 @@
     /**
      * Returns the issuer criterion as a byte array. This distinguished name
      * must match the issuer distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, the issuer criterion
+     * {@code X509Certificate}. If {@code null}, the issuer criterion
      * is disabled and any issuer distinguished name will do.
      * <p>
-     * If the value returned is not <code>null</code>, it is a byte
+     * If the value returned is not {@code null}, it is a byte
      * array containing a single DER encoded distinguished name, as defined in
      * X.501. The ASN.1 notation for this structure is supplied in the
      * documentation for
@@ -1356,7 +1356,7 @@
      * subsequent modifications.
      *
      * @return a byte array containing the required issuer distinguished name
-     *         in ASN.1 DER format (or <code>null</code>)
+     *         in ASN.1 DER format (or {@code null})
      * @throws IOException if an encoding error occurs
      */
     public byte[] getIssuerAsBytes() throws IOException {
@@ -1364,13 +1364,13 @@
     }
 
     /**
-     * Returns the subject criterion as an <code>X500Principal</code>. This
+     * Returns the subject criterion as an {@code X500Principal}. This
      * distinguished name must match the subject distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, the subject criterion
+     * {@code X509Certificate}. If {@code null}, the subject criterion
      * is disabled and any subject distinguished name will do.
      *
      * @return the required subject distinguished name as X500Principal
-     *         (or <code>null</code>)
+     *         (or {@code null})
      * @since 1.5
      */
     public X500Principal getSubject() {
@@ -1384,16 +1384,16 @@
      * encoding information in the RFC 2253 String form of some distinguished
      * names.
      * <p>
-     * Returns the subject criterion as a <code>String</code>. This
+     * Returns the subject criterion as a {@code String}. This
      * distinguished name must match the subject distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, the subject criterion
+     * {@code X509Certificate}. If {@code null}, the subject criterion
      * is disabled and any subject distinguished name will do.
      * <p>
-     * If the value returned is not <code>null</code>, it is a
+     * If the value returned is not {@code null}, it is a
      * distinguished name, in RFC 2253 format.
      *
      * @return the required subject distinguished name in RFC 2253 format
-     *         (or <code>null</code>)
+     *         (or {@code null})
      */
     public String getSubjectAsString() {
         return (subject == null ? null : subject.getName());
@@ -1402,10 +1402,10 @@
     /**
      * Returns the subject criterion as a byte array. This distinguished name
      * must match the subject distinguished name in the
-     * <code>X509Certificate</code>. If <code>null</code>, the subject criterion
+     * {@code X509Certificate}. If {@code null}, the subject criterion
      * is disabled and any subject distinguished name will do.
      * <p>
-     * If the value returned is not <code>null</code>, it is a byte
+     * If the value returned is not {@code null}, it is a byte
      * array containing a single DER encoded distinguished name, as defined in
      * X.501. The ASN.1 notation for this structure is supplied in the
      * documentation for
@@ -1415,7 +1415,7 @@
      * subsequent modifications.
      *
      * @return a byte array containing the required subject distinguished name
-     *         in ASN.1 DER format (or <code>null</code>)
+     *         in ASN.1 DER format (or {@code null})
      * @throws IOException if an encoding error occurs
      */
     public byte[] getSubjectAsBytes() throws IOException {
@@ -1424,14 +1424,14 @@
 
     /**
      * Returns the subjectKeyIdentifier criterion. The
-     * <code>X509Certificate</code> must contain a SubjectKeyIdentifier
-     * extension with the specified value. If <code>null</code>, no
+     * {@code X509Certificate} must contain a SubjectKeyIdentifier
+     * extension with the specified value. If {@code null}, no
      * subjectKeyIdentifier check will be done.
      * <p>
      * Note that the byte array returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the key identifier (or <code>null</code>)
+     * @return the key identifier (or {@code null})
      * @see #setSubjectKeyIdentifier
      */
     public byte[] getSubjectKeyIdentifier() {
@@ -1443,14 +1443,14 @@
 
     /**
      * Returns the authorityKeyIdentifier criterion. The
-     * <code>X509Certificate</code> must contain a AuthorityKeyIdentifier
-     * extension with the specified value. If <code>null</code>, no
+     * {@code X509Certificate} must contain a AuthorityKeyIdentifier
+     * extension with the specified value. If {@code null}, no
      * authorityKeyIdentifier check will be done.
      * <p>
      * Note that the byte array returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the key identifier (or <code>null</code>)
+     * @return the key identifier (or {@code null})
      * @see #setAuthorityKeyIdentifier
      */
     public byte[] getAuthorityKeyIdentifier() {
@@ -1463,13 +1463,13 @@
     /**
      * Returns the certificateValid criterion. The specified date must fall
      * within the certificate validity period for the
-     * <code>X509Certificate</code>. If <code>null</code>, no certificateValid
+     * {@code X509Certificate}. If {@code null}, no certificateValid
      * check will be done.
      * <p>
-     * Note that the <code>Date</code> returned is cloned to protect against
+     * Note that the {@code Date} returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the <code>Date</code> to check (or <code>null</code>)
+     * @return the {@code Date} to check (or {@code null})
      * @see #setCertificateValid
      */
     public Date getCertificateValid() {
@@ -1482,13 +1482,13 @@
     /**
      * Returns the privateKeyValid criterion. The specified date must fall
      * within the private key validity period for the
-     * <code>X509Certificate</code>. If <code>null</code>, no privateKeyValid
+     * {@code X509Certificate}. If {@code null}, no privateKeyValid
      * check will be done.
      * <p>
-     * Note that the <code>Date</code> returned is cloned to protect against
+     * Note that the {@code Date} returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the <code>Date</code> to check (or <code>null</code>)
+     * @return the {@code Date} to check (or {@code null})
      * @see #setPrivateKeyValid
      */
     public Date getPrivateKeyValid() {
@@ -1500,12 +1500,12 @@
 
     /**
      * Returns the subjectPublicKeyAlgID criterion. The
-     * <code>X509Certificate</code> must contain a subject public key
-     * with the specified algorithm. If <code>null</code>, no
+     * {@code X509Certificate} must contain a subject public key
+     * with the specified algorithm. If {@code null}, no
      * subjectPublicKeyAlgID check will be done.
      *
      * @return the object identifier (OID) of the signature algorithm to check
-     *         for (or <code>null</code>). An OID is represented by a set of
+     *         for (or {@code null}). An OID is represented by a set of
      *         nonnegative integers separated by periods.
      * @see #setSubjectPublicKeyAlgID
      */
@@ -1518,10 +1518,10 @@
 
     /**
      * Returns the subjectPublicKey criterion. The
-     * <code>X509Certificate</code> must contain the specified subject
-     * public key. If <code>null</code>, no subjectPublicKey check will be done.
+     * {@code X509Certificate} must contain the specified subject
+     * public key. If {@code null}, no subjectPublicKey check will be done.
      *
-     * @return the subject public key to check for (or <code>null</code>)
+     * @return the subject public key to check for (or {@code null})
      * @see #setSubjectPublicKey
      */
     public PublicKey getSubjectPublicKey() {
@@ -1529,7 +1529,7 @@
     }
 
     /**
-     * Returns the keyUsage criterion. The <code>X509Certificate</code>
+     * Returns the keyUsage criterion. The {@code X509Certificate}
      * must allow the specified keyUsage values. If null, no keyUsage
      * check will be done.
      * <p>
@@ -1539,7 +1539,7 @@
      * @return a boolean array in the same format as the boolean
      *                 array returned by
      * {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}.
-     *                 Or <code>null</code>.
+     *                 Or {@code null}.
      * @see #setKeyUsage
      */
     public boolean[] getKeyUsage() {
@@ -1550,15 +1550,15 @@
     }
 
     /**
-     * Returns the extendedKeyUsage criterion. The <code>X509Certificate</code>
+     * Returns the extendedKeyUsage criterion. The {@code X509Certificate}
      * must allow the specified key purposes in its extended key usage
-     * extension. If the <code>keyPurposeSet</code> returned is empty or
-     * <code>null</code>, no extendedKeyUsage check will be done. Note that an
-     * <code>X509Certificate</code> that has no extendedKeyUsage extension
+     * extension. If the {@code keyPurposeSet} returned is empty or
+     * {@code null}, no extendedKeyUsage check will be done. Note that an
+     * {@code X509Certificate} that has no extendedKeyUsage extension
      * implicitly allows all key purposes.
      *
-     * @return an immutable <code>Set</code> of key purpose OIDs in string
-     * format (or <code>null</code>)
+     * @return an immutable {@code Set} of key purpose OIDs in string
+     * format (or {@code null})
      * @see #setExtendedKeyUsage
      */
     public Set<String> getExtendedKeyUsage() {
@@ -1566,19 +1566,19 @@
     }
 
     /**
-     * Indicates if the <code>X509Certificate</code> must contain all
+     * Indicates if the {@code X509Certificate} must contain all
      * or at least one of the subjectAlternativeNames
      * specified in the {@link #setSubjectAlternativeNames
      * setSubjectAlternativeNames} or {@link #addSubjectAlternativeName
-     * addSubjectAlternativeName} methods. If <code>true</code>,
-     * the <code>X509Certificate</code> must contain all of the
-     * specified subject alternative names. If <code>false</code>, the
-     * <code>X509Certificate</code> must contain at least one of the
+     * addSubjectAlternativeName} methods. If {@code true},
+     * the {@code X509Certificate} must contain all of the
+     * specified subject alternative names. If {@code false}, the
+     * {@code X509Certificate} must contain at least one of the
      * specified subject alternative names.
      *
-     * @return <code>true</code> if the flag is enabled;
-     * <code>false</code> if the flag is disabled. The flag is
-     * <code>true</code> by default.
+     * @return {@code true} if the flag is enabled;
+     * {@code false} if the flag is disabled. The flag is
+     * {@code true} by default.
      * @see #setMatchAllSubjectAltNames
      */
     public boolean getMatchAllSubjectAltNames() {
@@ -1587,35 +1587,35 @@
 
     /**
      * Returns a copy of the subjectAlternativeNames criterion.
-     * The <code>X509Certificate</code> must contain all or at least one
+     * The {@code X509Certificate} must contain all or at least one
      * of the specified subjectAlternativeNames, depending on the value
      * of the matchAllNames flag (see {@link #getMatchAllSubjectAltNames
      * getMatchAllSubjectAltNames}). If the value returned is
-     * <code>null</code>, no subjectAlternativeNames check will be performed.
+     * {@code null}, no subjectAlternativeNames check will be performed.
      * <p>
-     * If the value returned is not <code>null</code>, it is a
-     * <code>Collection</code> with
+     * If the value returned is not {@code null}, it is a
+     * {@code Collection} with
      * one entry for each name to be included in the subject alternative name
-     * criterion. Each entry is a <code>List</code> whose first entry is an
-     * <code>Integer</code> (the name type, 0-8) and whose second
-     * entry is a <code>String</code> or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
      * There can be multiple names of the same type.  Note that the
-     * <code>Collection</code> returned may contain duplicate names (same name
+     * {@code Collection} returned may contain duplicate names (same name
      * and name type).
      * <p>
-     * Each subject alternative name in the <code>Collection</code>
-     * may be specified either as a <code>String</code> or as an ASN.1 encoded
+     * Each subject alternative name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addSubjectAlternativeName(int type, String name)
      * addSubjectAlternativeName(int type, String name)} and
      * {@link #addSubjectAlternativeName(int type, byte [] name)
      * addSubjectAlternativeName(int type, byte [] name)}.
      * <p>
-     * Note that a deep copy is performed on the <code>Collection</code> to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @return a <code>Collection</code> of names (or <code>null</code>)
+     * @return a {@code Collection} of names (or {@code null})
      * @see #setSubjectAlternativeNames
      */
     public Collection<List<?>> getSubjectAlternativeNames() {
@@ -1628,21 +1628,21 @@
     /**
      * Clone an object of the form passed to
      * setSubjectAlternativeNames and setPathToNames.
-     * Throw a <code>RuntimeException</code> if the argument is malformed.
+     * Throw a {@code RuntimeException} if the argument is malformed.
      * <p>
      * This method wraps cloneAndCheckNames, changing any
-     * <code>IOException</code> into a <code>RuntimeException</code>. This
+     * {@code IOException} into a {@code RuntimeException}. This
      * method should be used when the object being
      * cloned has already been checked, so there should never be any exceptions.
      *
-     * @param names a <code>Collection</code> with one entry per name.
-     *              Each entry is a <code>List</code> whose first entry
+     * @param names a {@code Collection} with one entry per name.
+     *              Each entry is a {@code List} whose first entry
      *              is an Integer (the name type, 0-8) and whose second
      *              entry is a String or a byte array (the name, in
      *              string or ASN.1 DER encoded form, respectively).
      *              There can be multiple names of the same type. Null
      *              is not an acceptable value.
-     * @return a deep copy of the specified <code>Collection</code>
+     * @return a deep copy of the specified {@code Collection}
      * @throws RuntimeException if a parsing error occurs
      */
     private static Set<List<?>> cloneNames(Collection<List<?>> names) {
@@ -1657,16 +1657,16 @@
     /**
      * Clone and check an argument of the form passed to
      * setSubjectAlternativeNames and setPathToNames.
-     * Throw an <code>IOException</code> if the argument is malformed.
+     * Throw an {@code IOException} if the argument is malformed.
      *
-     * @param names a <code>Collection</code> with one entry per name.
-     *              Each entry is a <code>List</code> whose first entry
+     * @param names a {@code Collection} with one entry per name.
+     *              Each entry is a {@code List} whose first entry
      *              is an Integer (the name type, 0-8) and whose second
      *              entry is a String or a byte array (the name, in
      *              string or ASN.1 DER encoded form, respectively).
      *              There can be multiple names of the same type.
-     *              <code>null</code> is not an acceptable value.
-     * @return a deep copy of the specified <code>Collection</code>
+     *              {@code null} is not an acceptable value.
+     * @return a deep copy of the specified {@code Collection}
      * @throws IOException if a parsing error occurs
      */
     private static Set<List<?>> cloneAndCheckNames(Collection<List<?>> names) throws IOException {
@@ -1709,7 +1709,7 @@
     }
 
     /**
-     * Returns the name constraints criterion. The <code>X509Certificate</code>
+     * Returns the name constraints criterion. The {@code X509Certificate}
      * must have subject and subject alternative names that
      * meet the specified name constraints.
      * <p>
@@ -1725,7 +1725,7 @@
      *
      * @return a byte array containing the ASN.1 DER encoding of
      *         a NameConstraints extension used for checking name constraints.
-     *         <code>null</code> if no name constraints check will be performed.
+     *         {@code null} if no name constraints check will be performed.
      * @see #setNameConstraints
      */
     public byte[] getNameConstraints() {
@@ -1738,7 +1738,7 @@
 
     /**
      * Returns the basic constraints constraint. If the value is greater than
-     * or equal to zero, the <code>X509Certificates</code> must include a
+     * or equal to zero, the {@code X509Certificates} must include a
      * basicConstraints extension with a pathLen of at least this value.
      * If the value is -2, only end-entity certificates are accepted. If
      * the value is -1, no basicConstraints check is done.
@@ -1751,15 +1751,15 @@
     }
 
     /**
-     * Returns the policy criterion. The <code>X509Certificate</code> must
+     * Returns the policy criterion. The {@code X509Certificate} must
      * include at least one of the specified policies in its certificate policies
-     * extension. If the <code>Set</code> returned is empty, then the
-     * <code>X509Certificate</code> must include at least some specified policy
-     * in its certificate policies extension. If the <code>Set</code> returned is
-     * <code>null</code>, no policy check will be performed.
+     * extension. If the {@code Set} returned is empty, then the
+     * {@code X509Certificate} must include at least some specified policy
+     * in its certificate policies extension. If the {@code Set} returned is
+     * {@code null}, no policy check will be performed.
      *
-     * @return an immutable <code>Set</code> of certificate policy OIDs in
-     *         string format (or <code>null</code>)
+     * @return an immutable {@code Set} of certificate policy OIDs in
+     *         string format (or {@code null})
      * @see #setPolicy
      */
     public Set<String> getPolicy() {
@@ -1768,33 +1768,33 @@
 
     /**
      * Returns a copy of the pathToNames criterion. The
-     * <code>X509Certificate</code> must not include name constraints that would
+     * {@code X509Certificate} must not include name constraints that would
      * prohibit building a path to the specified names. If the value
-     * returned is <code>null</code>, no pathToNames check will be performed.
+     * returned is {@code null}, no pathToNames check will be performed.
      * <p>
-     * If the value returned is not <code>null</code>, it is a
-     * <code>Collection</code> with one
+     * If the value returned is not {@code null}, it is a
+     * {@code Collection} with one
      * entry for each name to be included in the pathToNames
-     * criterion. Each entry is a <code>List</code> whose first entry is an
-     * <code>Integer</code> (the name type, 0-8) and whose second
-     * entry is a <code>String</code> or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
      * There can be multiple names of the same type. Note that the
-     * <code>Collection</code> returned may contain duplicate names (same
+     * {@code Collection} returned may contain duplicate names (same
      * name and name type).
      * <p>
-     * Each name in the <code>Collection</code>
-     * may be specified either as a <code>String</code> or as an ASN.1 encoded
+     * Each name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addPathToName(int type, String name)
      * addPathToName(int type, String name)} and
      * {@link #addPathToName(int type, byte [] name)
      * addPathToName(int type, byte [] name)}.
      * <p>
-     * Note that a deep copy is performed on the <code>Collection</code> to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @return a <code>Collection</code> of names (or <code>null</code>)
+     * @return a {@code Collection} of names (or {@code null})
      * @see #setPathToNames
      */
     public Collection<List<?>> getPathToNames() {
@@ -1805,10 +1805,10 @@
     }
 
     /**
-     * Return a printable representation of the <code>CertSelector</code>.
+     * Return a printable representation of the {@code CertSelector}.
      *
-     * @return a <code>String</code> describing the contents of the
-     *         <code>CertSelector</code>
+     * @return a {@code String} describing the contents of the
+     *         {@code CertSelector}
      */
     public String toString() {
         StringBuffer sb = new StringBuffer();
@@ -1927,22 +1927,22 @@
 
     /**
      * Returns an Extension object given any X509Certificate and extension oid.
-     * Throw an <code>IOException</code> if the extension byte value is
+     * Throw an {@code IOException} if the extension byte value is
      * malformed.
      *
-     * @param cert a <code>X509Certificate</code>
-     * @param extId an <code>integer</code> which specifies the extension index.
+     * @param cert a {@code X509Certificate}
+     * @param extId an {@code integer} which specifies the extension index.
      * Currently, the supported extensions are as follows:
      * index 0 - PrivateKeyUsageExtension
      * index 1 - SubjectAlternativeNameExtension
      * index 2 - NameConstraintsExtension
      * index 3 - CertificatePoliciesExtension
      * index 4 - ExtendedKeyUsageExtension
-     * @return an <code>Extension</code> object whose real type is as specified
+     * @return an {@code Extension} object whose real type is as specified
      * by the extension oid.
-     * @throws IOException if cannot construct the <code>Extension</code>
+     * @throws IOException if cannot construct the {@code Extension}
      * object with the extension encoding retrieved from the passed in
-     * <code>X509Certificate</code>.
+     * {@code X509Certificate}.
      */
     private static Extension getExtensionObject(X509Certificate cert, int extId)
             throws IOException {
@@ -1990,11 +1990,11 @@
     }
 
     /**
-     * Decides whether a <code>Certificate</code> should be selected.
+     * Decides whether a {@code Certificate} should be selected.
      *
-     * @param cert the <code>Certificate</code> to be checked
-     * @return <code>true</code> if the <code>Certificate</code> should be
-     *         selected, <code>false</code> otherwise
+     * @param cert the {@code Certificate} to be checked
+     * @return {@code true} if the {@code Certificate} should be
+     *         selected, {@code false} otherwise
      */
     public boolean match(Certificate cert) {
         if (!(cert instanceof X509Certificate)) {
--- a/src/share/classes/java/security/cert/X509Certificate.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/X509Certificate.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@
  * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
  * Public Key Infrastructure Certificate and CRL Profile</a>.
  * <p>
- * The ASN.1 definition of <code>tbsCertificate</code> is:
+ * The ASN.1 definition of {@code tbsCertificate} is:
  * <pre>
  * TBSCertificate  ::=  SEQUENCE  {
  *     version         [0]  EXPLICIT Version DEFAULT v1,
@@ -152,9 +152,9 @@
      *        is valid at that date/time.
      *
      * @exception CertificateExpiredException if the certificate has expired
-     * with respect to the <code>date</code> supplied.
+     * with respect to the {@code date} supplied.
      * @exception CertificateNotYetValidException if the certificate is not
-     * yet valid with respect to the <code>date</code> supplied.
+     * yet valid with respect to the {@code date} supplied.
      *
      * @see #checkValidity()
      */
@@ -162,7 +162,7 @@
         throws CertificateExpiredException, CertificateNotYetValidException;
 
     /**
-     * Gets the <code>version</code> (version number) value from the
+     * Gets the {@code version} (version number) value from the
      * certificate.
      * The ASN.1 definition for this is:
      * <pre>
@@ -174,7 +174,7 @@
     public abstract int getVersion();
 
     /**
-     * Gets the <code>serialNumber</code> value from the certificate.
+     * Gets the {@code serialNumber} value from the certificate.
      * The serial number is an integer assigned by the certification
      * authority to each certificate. It must be unique for each
      * certificate issued by a given CA (i.e., the issuer name and
@@ -192,12 +192,12 @@
 
     /**
      * <strong>Denigrated</strong>, replaced by {@linkplain
-     * #getIssuerX500Principal()}. This method returns the <code>issuer</code>
+     * #getIssuerX500Principal()}. This method returns the {@code issuer}
      * as an implementation specific Principal object, which should not be
      * relied upon by portable code.
      *
      * <p>
-     * Gets the <code>issuer</code> (issuer distinguished name) value from
+     * Gets the {@code issuer} (issuer distinguished name) value from
      * the certificate. The issuer name identifies the entity that signed (and
      * issued) the certificate.
      *
@@ -218,14 +218,14 @@
      * AttributeType ::= OBJECT IDENTIFIER
      * AttributeValue ::= ANY
      * </pre>
-     * The <code>Name</code> describes a hierarchical name composed of
+     * The {@code Name} describes a hierarchical name composed of
      * attributes,
      * such as country name, and corresponding values, such as US.
-     * The type of the <code>AttributeValue</code> component is determined by
-     * the <code>AttributeType</code>; in general it will be a
-     * <code>directoryString</code>. A <code>directoryString</code> is usually
-     * one of <code>PrintableString</code>,
-     * <code>TeletexString</code> or <code>UniversalString</code>.
+     * The type of the {@code AttributeValue} component is determined by
+     * the {@code AttributeType}; in general it will be a
+     * {@code directoryString}. A {@code directoryString} is usually
+     * one of {@code PrintableString},
+     * {@code TeletexString} or {@code UniversalString}.
      *
      * @return a Principal whose name is the issuer distinguished name.
      */
@@ -233,11 +233,11 @@
 
     /**
      * Returns the issuer (issuer distinguished name) value from the
-     * certificate as an <code>X500Principal</code>.
+     * certificate as an {@code X500Principal}.
      * <p>
      * It is recommended that subclasses override this method.
      *
-     * @return an <code>X500Principal</code> representing the issuer
+     * @return an {@code X500Principal} representing the issuer
      *          distinguished name
      * @since 1.4
      */
@@ -250,22 +250,22 @@
 
     /**
      * <strong>Denigrated</strong>, replaced by {@linkplain
-     * #getSubjectX500Principal()}. This method returns the <code>subject</code>
+     * #getSubjectX500Principal()}. This method returns the {@code subject}
      * as an implementation specific Principal object, which should not be
      * relied upon by portable code.
      *
      * <p>
-     * Gets the <code>subject</code> (subject distinguished name) value
-     * from the certificate.  If the <code>subject</code> value is empty,
-     * then the <code>getName()</code> method of the returned
-     * <code>Principal</code> object returns an empty string ("").
+     * Gets the {@code subject} (subject distinguished name) value
+     * from the certificate.  If the {@code subject} value is empty,
+     * then the {@code getName()} method of the returned
+     * {@code Principal} object returns an empty string ("").
      *
      * <p> The ASN.1 definition for this is:
      * <pre>
      * subject    Name
      * </pre>
      *
-     * <p>See {@link #getIssuerDN() getIssuerDN} for <code>Name</code>
+     * <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name}
      * and other relevant definitions.
      *
      * @return a Principal whose name is the subject name.
@@ -274,13 +274,13 @@
 
     /**
      * Returns the subject (subject distinguished name) value from the
-     * certificate as an <code>X500Principal</code>.  If the subject value
-     * is empty, then the <code>getName()</code> method of the returned
-     * <code>X500Principal</code> object returns an empty string ("").
+     * certificate as an {@code X500Principal}.  If the subject value
+     * is empty, then the {@code getName()} method of the returned
+     * {@code X500Principal} object returns an empty string ("").
      * <p>
      * It is recommended that subclasses override this method.
      *
-     * @return an <code>X500Principal</code> representing the subject
+     * @return an {@code X500Principal} representing the subject
      *          distinguished name
      * @since 1.4
      */
@@ -292,7 +292,7 @@
     }
 
     /**
-     * Gets the <code>notBefore</code> date from the validity period of
+     * Gets the {@code notBefore} date from the validity period of
      * the certificate.
      * The relevant ASN.1 definitions are:
      * <pre>
@@ -312,7 +312,7 @@
     public abstract Date getNotBefore();
 
     /**
-     * Gets the <code>notAfter</code> date from the validity period of
+     * Gets the {@code notAfter} date from the validity period of
      * the certificate. See {@link #getNotBefore() getNotBefore}
      * for relevant ASN.1 definitions.
      *
@@ -323,7 +323,7 @@
 
     /**
      * Gets the DER-encoded certificate information, the
-     * <code>tbsCertificate</code> from this certificate.
+     * {@code tbsCertificate} from this certificate.
      * This can be used to verify the signature independently.
      *
      * @return the DER-encoded certificate information.
@@ -333,7 +333,7 @@
         throws CertificateEncodingException;
 
     /**
-     * Gets the <code>signature</code> value (the raw signature bits) from
+     * Gets the {@code signature} value (the raw signature bits) from
      * the certificate.
      * The ASN.1 definition for this is:
      * <pre>
@@ -358,7 +358,7 @@
      *                             -- algorithm object identifier value
      * </pre>
      *
-     * <p>The algorithm name is determined from the <code>algorithm</code>
+     * <p>The algorithm name is determined from the {@code algorithm}
      * OID string.
      *
      * @return the signature algorithm name.
@@ -401,7 +401,7 @@
     public abstract byte[] getSigAlgParams();
 
     /**
-     * Gets the <code>issuerUniqueID</code> value from the certificate.
+     * Gets the {@code issuerUniqueID} value from the certificate.
      * The issuer unique identifier is present in the certificate
      * to handle the possibility of reuse of issuer names over time.
      * RFC 3280 recommends that names not be reused and that
@@ -421,7 +421,7 @@
     public abstract boolean[] getIssuerUniqueID();
 
     /**
-     * Gets the <code>subjectUniqueID</code> value from the certificate.
+     * Gets the {@code subjectUniqueID} value from the certificate.
      *
      * <p>The ASN.1 definition for this is:
      * <pre>
@@ -436,7 +436,7 @@
 
     /**
      * Gets a boolean array representing bits of
-     * the <code>KeyUsage</code> extension, (OID = 2.5.29.15).
+     * the {@code KeyUsage} extension, (OID = 2.5.29.15).
      * The key usage extension defines the purpose (e.g., encipherment,
      * signature, certificate signing) of the key contained in the
      * certificate.
@@ -468,7 +468,7 @@
 
     /**
      * Gets an unmodifiable list of Strings representing the OBJECT
-     * IDENTIFIERs of the <code>ExtKeyUsageSyntax</code> field of the
+     * IDENTIFIERs of the {@code ExtKeyUsageSyntax} field of the
      * extended key usage extension, (OID = 2.5.29.37).  It indicates
      * one or more purposes for which the certified public key may be
      * used, in addition to or in place of the basic purposes
@@ -487,7 +487,7 @@
      * <p>
      * This method was added to version 1.4 of the Java 2 Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not <code>abstract</code>
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation. Subclasses
      * should override this method with a correct implementation.
      *
@@ -504,13 +504,13 @@
 
     /**
      * Gets the certificate constraints path length from the
-     * critical <code>BasicConstraints</code> extension, (OID = 2.5.29.19).
+     * critical {@code BasicConstraints} extension, (OID = 2.5.29.19).
      * <p>
      * The basic constraints extension identifies whether the subject
      * of the certificate is a Certificate Authority (CA) and
      * how deep a certification path may exist through that CA. The
-     * <code>pathLenConstraint</code> field (see below) is meaningful
-     * only if <code>cA</code> is set to TRUE. In this case, it gives the
+     * {@code pathLenConstraint} field (see below) is meaningful
+     * only if {@code cA} is set to TRUE. In this case, it gives the
      * maximum number of CA certificates that may follow this certificate in a
      * certification path. A value of zero indicates that only an end-entity
      * certificate may follow in the path.
@@ -522,21 +522,21 @@
      *     pathLenConstraint   INTEGER (0..MAX) OPTIONAL }
      * </pre>
      *
-     * @return the value of <code>pathLenConstraint</code> if the
+     * @return the value of {@code pathLenConstraint} if the
      * BasicConstraints extension is present in the certificate and the
      * subject of the certificate is a CA, otherwise -1.
      * If the subject of the certificate is a CA and
-     * <code>pathLenConstraint</code> does not appear,
-     * <code>Integer.MAX_VALUE</code> is returned to indicate that there is no
+     * {@code pathLenConstraint} does not appear,
+     * {@code Integer.MAX_VALUE} is returned to indicate that there is no
      * limit to the allowed length of the certification path.
      */
     public abstract int getBasicConstraints();
 
     /**
      * Gets an immutable collection of subject alternative names from the
-     * <code>SubjectAltName</code> extension, (OID = 2.5.29.17).
+     * {@code SubjectAltName} extension, (OID = 2.5.29.17).
      * <p>
-     * The ASN.1 definition of the <code>SubjectAltName</code> extension is:
+     * The ASN.1 definition of the {@code SubjectAltName} extension is:
      * <pre>
      * SubjectAltName ::= GeneralNames
      *
@@ -554,23 +554,23 @@
      *      registeredID                    [8]     OBJECT IDENTIFIER}
      * </pre>
      * <p>
-     * If this certificate does not contain a <code>SubjectAltName</code>
-     * extension, <code>null</code> is returned. Otherwise, a
-     * <code>Collection</code> is returned with an entry representing each
-     * <code>GeneralName</code> included in the extension. Each entry is a
-     * <code>List</code> whose first entry is an <code>Integer</code>
-     * (the name type, 0-8) and whose second entry is a <code>String</code>
+     * If this certificate does not contain a {@code SubjectAltName}
+     * extension, {@code null} is returned. Otherwise, a
+     * {@code Collection} is returned with an entry representing each
+     * {@code GeneralName} included in the extension. Each entry is a
+     * {@code List} whose first entry is an {@code Integer}
+     * (the name type, 0-8) and whose second entry is a {@code String}
      * or a byte array (the name, in string or ASN.1 DER encoded form,
      * respectively).
      * <p>
      * <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI
-     * names are returned as <code>String</code>s,
+     * names are returned as {@code String}s,
      * using the well-established string formats for those types (subject to
      * the restrictions included in RFC 3280). IPv4 address names are
      * returned using dotted quad notation. IPv6 address names are returned
      * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
      * representing the eight 16-bit pieces of the address. OID names are
-     * returned as <code>String</code>s represented as a series of nonnegative
+     * returned as {@code String}s represented as a series of nonnegative
      * integers separated by periods. And directory names (distinguished names)
      * are returned in <a href="http://www.ietf.org/rfc/rfc2253.txt">
      * RFC 2253</a> string format. No standard string format is
@@ -578,19 +578,19 @@
      * other type of names. They are returned as byte arrays
      * containing the ASN.1 DER encoded form of the name.
      * <p>
-     * Note that the <code>Collection</code> returned may contain more
+     * Note that the {@code Collection} returned may contain more
      * than one name of the same type. Also, note that the returned
-     * <code>Collection</code> is immutable and any entries containing byte
+     * {@code Collection} is immutable and any entries containing byte
      * arrays are cloned to protect against subsequent modifications.
      * <p>
      * This method was added to version 1.4 of the Java 2 Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not <code>abstract</code>
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation. Subclasses
      * should override this method with a correct implementation.
      *
-     * @return an immutable <code>Collection</code> of subject alternative
-     * names (or <code>null</code>)
+     * @return an immutable {@code Collection} of subject alternative
+     * names (or {@code null})
      * @throws CertificateParsingException if the extension cannot be decoded
      * @since 1.4
      */
@@ -601,38 +601,38 @@
 
     /**
      * Gets an immutable collection of issuer alternative names from the
-     * <code>IssuerAltName</code> extension, (OID = 2.5.29.18).
+     * {@code IssuerAltName} extension, (OID = 2.5.29.18).
      * <p>
-     * The ASN.1 definition of the <code>IssuerAltName</code> extension is:
+     * The ASN.1 definition of the {@code IssuerAltName} extension is:
      * <pre>
      * IssuerAltName ::= GeneralNames
      * </pre>
-     * The ASN.1 definition of <code>GeneralNames</code> is defined
+     * The ASN.1 definition of {@code GeneralNames} is defined
      * in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}.
      * <p>
-     * If this certificate does not contain an <code>IssuerAltName</code>
-     * extension, <code>null</code> is returned. Otherwise, a
-     * <code>Collection</code> is returned with an entry representing each
-     * <code>GeneralName</code> included in the extension. Each entry is a
-     * <code>List</code> whose first entry is an <code>Integer</code>
-     * (the name type, 0-8) and whose second entry is a <code>String</code>
+     * If this certificate does not contain an {@code IssuerAltName}
+     * extension, {@code null} is returned. Otherwise, a
+     * {@code Collection} is returned with an entry representing each
+     * {@code GeneralName} included in the extension. Each entry is a
+     * {@code List} whose first entry is an {@code Integer}
+     * (the name type, 0-8) and whose second entry is a {@code String}
      * or a byte array (the name, in string or ASN.1 DER encoded form,
      * respectively). For more details about the formats used for each
-     * name type, see the <code>getSubjectAlternativeNames</code> method.
+     * name type, see the {@code getSubjectAlternativeNames} method.
      * <p>
-     * Note that the <code>Collection</code> returned may contain more
+     * Note that the {@code Collection} returned may contain more
      * than one name of the same type. Also, note that the returned
-     * <code>Collection</code> is immutable and any entries containing byte
+     * {@code Collection} is immutable and any entries containing byte
      * arrays are cloned to protect against subsequent modifications.
      * <p>
      * This method was added to version 1.4 of the Java 2 Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not <code>abstract</code>
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation. Subclasses
      * should override this method with a correct implementation.
      *
-     * @return an immutable <code>Collection</code> of issuer alternative
-     * names (or <code>null</code>)
+     * @return an immutable {@code Collection} of issuer alternative
+     * names (or {@code null})
      * @throws CertificateParsingException if the extension cannot be decoded
      * @since 1.4
      */
--- a/src/share/classes/java/security/cert/X509Extension.java	Tue Jan 24 00:25:46 2017 +0000
+++ b/src/share/classes/java/security/cert/X509Extension.java	Tue Jan 24 00:54:36 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,9 +59,9 @@
  *                   -- the extnId object identifier value
  * }
  * </pre>
- * Since not all extensions are known, the <code>getExtensionValue</code>
+ * Since not all extensions are known, the {@code getExtensionValue}
  * method returns the DER-encoded OCTET STRING of the
- * extension value (i.e., the <code>extnValue</code>). This can then
+ * extension value (i.e., the {@code extnValue}). This can then
  * be handled by a <em>Class</em> that understands the extension.
  *
  * @author Hemma Prafullchandra
@@ -72,8 +72,8 @@
     /**
      * Check if there is a critical extension that is not supported.
      *
-     * @return <tt>true</tt> if a critical extension is found that is
-     * not supported, otherwise <tt>false</tt>.
+     * @return {@code true} if a critical extension is found that is
+     * not supported, otherwise {@code false}.
      */
     public boolean hasUnsupportedCriticalExtension();
 
@@ -113,28 +113,28 @@
      *
      * Here is sample code to get a Set of non-critical extensions from an
      * X509CRL revoked certificate entry and print the OIDs:
-     * <pre><code>
+     * <pre>{@code
      * CertificateFactory cf = null;
      * X509CRL crl = null;
      * try (InputStream inStrm = new FileInputStream("DER-encoded-CRL")) {
      *     cf = CertificateFactory.getInstance("X.509");
      *     crl = (X509CRL)cf.generateCRL(inStrm);
-     * }<p>
+     * }
      *
-     * byte[] certData = &lt;DER-encoded certificate data&gt;
+     * byte[] certData = <DER-encoded certificate data>
      * ByteArrayInputStream bais = new ByteArrayInputStream(certData);
      * X509Certificate cert = (X509Certificate)cf.generateCertificate(bais);
      * X509CRLEntry badCert =
-     *              crl.getRevokedCertificate(cert.getSerialNumber());<p>
+     *              crl.getRevokedCertificate(cert.getSerialNumber());
      *
      * if (badCert != null) {
-     *     Set<String> nonCritSet = badCert.getNonCriticalExtensionOIDs();<p>
+     *     Set<String> nonCritSet = badCert.getNonCriticalExtensionOIDs();
      *     if (nonCritSet != null)
      *         for (String oid : nonCritSet) {
      *             System.out.println(oid);
      *         }
      * }
-     * </code></pre>
+     * }</pre>
      *
      * @return a Set (or an empty Set if none are marked non-critical) of
      * the extension OID strings for extensions that are marked non-critical.
@@ -145,9 +145,9 @@
 
     /**
      * Gets the DER-encoded OCTET string for the extension value
-     * (<em>extnValue</em>) identified by the passed-in <code>oid</code>
+     * (<em>extnValue</em>) identified by the passed-in {@code oid}
      * String.
-     * The <code>oid</code> string is
+     * The {@code oid} string is
      * represented by a set of nonnegative whole numbers separated
      * by periods.
      *