changeset 53303:4c539cb11633

8214532: Update RFC 2459 references in javadoc to RFC 5280 Reviewed-by: mullan
author coffeys
date Wed, 19 Dec 2018 18:21:38 +0000
parents 82d3f0820d37
children 4359668ab678
files src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java src/java.base/share/classes/sun/security/x509/AVA.java src/java.base/share/classes/sun/security/x509/AlgorithmId.java src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java src/java.base/share/classes/sun/security/x509/DNSName.java src/java.base/share/classes/sun/security/x509/IPAddressName.java src/java.base/share/classes/sun/security/x509/KeyIdentifier.java src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java src/java.base/share/classes/sun/security/x509/OIDName.java src/java.base/share/classes/sun/security/x509/RFC822Name.java src/java.base/share/classes/sun/security/x509/URIName.java src/java.base/share/classes/sun/security/x509/X400Address.java src/java.base/share/classes/sun/security/x509/X509CertImpl.java
diffstat 14 files changed, 66 insertions(+), 70 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -770,7 +770,7 @@
          *
          * In practice, conforming CAs MUST use the key identifier method,
          * and MUST include authority key identifier extension in all CRLs
-         * issued. [section 5.2.1, RFC 2459]
+         * issued. [section 5.2.1, RFC 5280]
          */
         AuthorityKeyIdentifierExtension crlAKID = crl.getAuthKeyIdExtension();
         issuerSelector.setSkiAndSerialNumber(crlAKID);
--- a/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -668,7 +668,7 @@
      * Verifies a matching certificate.
      *
      * This method executes the validation steps in the PKIX path
-     * validation algorithm <draft-ietf-pkix-new-part1-08.txt> which were
+     * validation algorithm, RFC 5280, which were
      * not satisfied by the selection criteria used by getCertificates()
      * to find the certs and only the steps that can be executed in a
      * forward direction (target to trust anchor). Those steps that can
--- a/src/java.base/share/classes/sun/security/x509/AVA.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/AVA.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1045,7 +1045,7 @@
 
             if (valStr == null) {
 
-                // rfc1779 specifies that attribute values associated
+                // RFC 1779 specifies that attribute values associated
                 // with non-standard keyword attributes may be represented
                 // using the hex format below.  This will be used only
                 // when the value is not a string type
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Wed Dec 19 18:21:38 2018 +0000
@@ -166,15 +166,15 @@
 
             // Several AlgorithmId should omit the whole parameter part when
             // it's NULL. They are ---
-            // rfc3370 2.1: Implementations SHOULD generate SHA-1
+            // RFC 3370 2.1: Implementations SHOULD generate SHA-1
             // AlgorithmIdentifiers with absent parameters.
-            // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
+            // RFC 3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
             // id-sha512 are used in an AlgorithmIdentifier the parameters
             // (which are optional) SHOULD be omitted.
-            // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
+            // RFC 3279 2.3.2: The id-dsa algorithm syntax includes optional
             // domain parameters... When omitted, the parameters component
             // MUST be omitted entirely
-            // rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier
+            // RFC 3370 3.1: When the id-dsa-with-sha1 algorithm identifier
             // is used, the AlgorithmIdentifier parameters field MUST be absent.
             /*if (
                 algid.equals((Object)SHA_oid) ||
--- a/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
  * certificate.
  * <p>
  * Optional qualifiers are not supported in this implementation, as they are
- * not recommended by RFC2459.
+ * not recommended by RFC 5280.
  *
  * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the
  * module definition):
--- a/src/java.base/share/classes/sun/security/x509/DNSName.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/DNSName.java	Wed Dec 19 18:21:38 2018 +0000
@@ -181,7 +181,7 @@
      * For example, www.host.example.com would satisfy the constraint but
      * host1.example.com would not.
      * <p>
-     * draft-ietf-pkix-new-part1-00.txt:  DNSName restrictions are expressed as foo.bar.com.
+     * RFC 5280:  DNSName restrictions are expressed as foo.bar.com.
      * Any DNSName that
      * can be constructed by simply adding to the left hand side of the name
      * satisfies the name constraint. For example, www.foo.bar.com would
--- a/src/java.base/share/classes/sun/security/x509/IPAddressName.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/IPAddressName.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,27 +37,27 @@
 /**
  * This class implements the IPAddressName as required by the GeneralNames
  * ASN.1 object.  Both IPv4 and IPv6 addresses are supported using the
- * formats specified in IETF PKIX RFC2459.
+ * formats specified in IETF PKIX RFC 5280.
  * <p>
- * [RFC2459 4.2.1.7 Subject Alternative Name]
- * When the subjectAltName extension contains a iPAddress, the address
- * MUST be stored in the octet string in "network byte order," as
- * specified in RFC 791. The least significant bit (LSB) of
- * each octet is the LSB of the corresponding byte in the network
- * address. For IP Version 4, as specified in RFC 791, the octet string
- * MUST contain exactly four octets.  For IP Version 6, as specified in
- * RFC 1883, the octet string MUST contain exactly sixteen octets.
+ * [RFC 5280 4.2.1.6 Subject Alternative Name]
+ * When the subjectAltName extension contains an iPAddress, the address
+ * MUST be stored in the octet string in "network byte order", as
+ * specified in [RFC791].  The least significant bit (LSB) of each octet
+ * is the LSB of the corresponding byte in the network address.  For IP
+ * version 4, as specified in [RFC791], the octet string MUST contain
+ * exactly four octets.  For IP version 6, as specified in
+ * [RFC 2460], the octet string MUST contain exactly sixteen octets.
  * <p>
- * [RFC2459 4.2.1.11 Name Constraints]
- * The syntax of iPAddress MUST be as described in section 4.2.1.7 with
- * the following additions specifically for Name Constraints.  For IPv4
- * addresses, the ipAddress field of generalName MUST contain eight (8)
- * octets, encoded in the style of RFC 1519 (CIDR) to represent an
- * address range.[RFC 1519]  For IPv6 addresses, the ipAddress field
+ * [RFC 5280 4.2.1.10 Name Constraints]
+ * The syntax of iPAddress MUST be as described in Section 4.2.1.6 with
+ * the following additions specifically for name constraints.  For IPv4
+ * addresses, the iPAddress field of GeneralName MUST contain eight (8)
+ * octets, encoded in the style of RFC 4632 (CIDR) to represent an
+ * address range [RFC 4632].  For IPv6 addresses, the iPAddress field
  * MUST contain 32 octets similarly encoded.  For example, a name
- * constraint for "class C" subnet 10.9.8.0 shall be represented as the
- * octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation
- * 10.9.8.0/255.255.255.0.
+ * constraint for "class C" subnet 192.0.2.0 is represented as the
+ * octets C0 00 02 00 FF FF FF 00, representing the CIDR notation
+ * 192.0.2.0/24 (mask 255.255.255.0).
  * <p>
  * @see GeneralName
  * @see GeneralNameInterface
@@ -376,15 +376,16 @@
      * </ul>.  These results are used in checking NameConstraints during
      * certification path verification.
      * <p>
-     * [RFC2459] The syntax of iPAddress MUST be as described in section
-     * 4.2.1.7 with the following additions specifically for Name Constraints.
-     * For IPv4 addresses, the ipAddress field of generalName MUST contain
-     * eight (8) octets, encoded in the style of RFC 1519 (CIDR) to represent an
-     * address range.[RFC 1519]  For IPv6 addresses, the ipAddress field
+     * [RFC 5280 4.2.1.10 Name Constraints]
+     * The syntax of iPAddress MUST be as described in Section 4.2.1.6 with
+     * the following additions specifically for name constraints.  For IPv4
+     * addresses, the iPAddress field of GeneralName MUST contain eight (8)
+     * octets, encoded in the style of RFC 4632 (CIDR) to represent an
+     * address range [RFC 4632].  For IPv6 addresses, the iPAddress field
      * MUST contain 32 octets similarly encoded.  For example, a name
-     * constraint for "class C" subnet 10.9.8.0 shall be represented as the
-     * octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation
-     * 10.9.8.0/255.255.255.0.
+     * constraint for "class C" subnet 192.0.2.0 is represented as the
+     * octets C0 00 02 00 FF FF FF 00, representing the CIDR notation
+     * 192.0.2.0/24 (mask 255.255.255.0).
      *
      * @param inputName to be checked for being constrained
      * @return constraint type above
--- a/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@
     /**
      * Creates a KeyIdentifier from a public-key value.
      *
-     * <p>From RFC2459: Two common methods for generating key identifiers from
+     * <p>From RFC 5280: Two common methods for generating key identifiers from
      * the public key are:
      * <ol>
      * <li>The keyIdentifier is composed of the 160-bit SHA-1 hash of the
--- a/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -326,7 +326,7 @@
      * expanded by a merge, just remain constant or become more
      * limiting.
      * <p>
-     * IETF RFC2459 specifies the processing of Name Constraints as
+     * IETF RFC 5280 specifies the processing of Name Constraints as
      * follows:
      * <p>
      * (j)  If permittedSubtrees is present in the certificate, set the
--- a/src/java.base/share/classes/sun/security/x509/OIDName.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/OIDName.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -156,7 +156,7 @@
         else if (this.equals((OIDName)inputName))
             constraintType = NAME_MATCH;
         else
-            //widens and narrows not defined in RFC2459 for OIDName (aka registeredID)
+            //widens and narrows not defined in RFC 5280 for OIDName (aka registeredID)
             throw new UnsupportedOperationException("Narrowing and widening are not supported for OIDNames");
         return constraintType;
     }
--- a/src/java.base/share/classes/sun/security/x509/RFC822Name.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/RFC822Name.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,7 +68,7 @@
 
     /**
      * Parse an RFC822Name string to see if it is a valid
-     * addr-spec according to IETF RFC822 and RFC2459:
+     * addr-spec according to IETF RFC 822 and RFC 5280:
      * [local-part@]domain
      * <p>
      * local-part@ could be empty for an RFC822Name NameConstraint,
@@ -131,7 +131,7 @@
      * Compares this name with another, for equality.
      *
      * @return true iff the names are equivalent
-     * according to RFC2459.
+     * according to RFC 5280.
      */
     public boolean equals(Object obj) {
         if (this == obj)
@@ -142,7 +142,7 @@
 
         RFC822Name other = (RFC822Name)obj;
 
-        // RFC2459 mandates that these names are
+        // RFC 5280 mandates that these names are
         // not case-sensitive
         return name.equalsIgnoreCase(other.name);
     }
@@ -166,14 +166,15 @@
      * </ul>.  These results are used in checking NameConstraints during
      * certification path verification.
      * <p>
-     * [RFC2459]    When the subjectAltName extension contains an Internet mail address,
-     * the address MUST be included as an rfc822Name. The format of an
-     * rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. An
-     * addr-spec has the form "local-part@domain". Note that an addr-spec
-     * has no phrase (such as a common name) before it, has no comment (text
+     *
+     * [RFC 5280]:
+     * When the subjectAltName extension contains an Internet mail address,
+     * the address MUST be stored in the rfc822Name.  The format of an
+     * rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821].
+     * A Mailbox has the form "Local-part@Domain".  Note that a Mailbox has
+     * no phrase (such as a common name) before it, has no comment (text
      * surrounded in parentheses) after it, and is not surrounded by "&lt;" and
-     * "&gt;". Note that while upper and lower case letters are allowed in an
-     * RFC 822 addr-spec, no significance is attached to the case.
+     * "&gt;".
      *
      * @param inputName to be checked for being constrained
      * @return constraint type above
@@ -187,7 +188,7 @@
         else if (inputName.getType() != (GeneralNameInterface.NAME_RFC822)) {
             constraintType = NAME_DIFF_TYPE;
         } else {
-            //RFC2459 specifies that case is not significant in RFC822Names
+            //RFC 5280 specifies that case is not significant in RFC822Names
             String inName =
                 (((RFC822Name)inputName).getName()).toLowerCase(Locale.ENGLISH);
             String thisName = name.toLowerCase(Locale.ENGLISH);
--- a/src/java.base/share/classes/sun/security/x509/URIName.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/URIName.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -213,7 +213,7 @@
     /**
      * Compares this name with another, for equality.
      *
-     * @return true iff the names are equivalent according to RFC2459.
+     * @return true iff the names are equivalent according to RFC 5280.
      */
     public boolean equals(Object obj) {
         if (this == obj) {
--- a/src/java.base/share/classes/sun/security/x509/X400Address.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/X400Address.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -403,7 +403,7 @@
         else if (inputName.getType() != NAME_X400)
             constraintType = NAME_DIFF_TYPE;
         else
-            //Narrowing, widening, and match constraints not defined in rfc2459 for X400Address
+            //Narrowing, widening, and match constraints not defined in RFC 5280 for X400Address
             throw new UnsupportedOperationException("Narrowing, widening, and match are not supported for X400Address.");
         return constraintType;
     }
--- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,14 +63,8 @@
  * direct knowledge of each other.  CA certificates are either signed by
  * themselves, or by some other CA such as a "root" CA.
  *
- * <P>RFC 1422 is very informative, though it does not describe much
- * of the recent work being done with X.509 certificates.  That includes
- * a 1996 version (X.509v3) and a variety of enhancements being made to
- * facilitate an explosion of personal certificates used as "Internet
- * Drivers' Licences", or with SET for credit card transactions.
- *
- * <P>More recent work includes the IETF PKIX Working Group efforts,
- * especially RFC2459.
+ * <P> Standards relating to X.509 Public Key Infrastructure for the Internet
+ * can be referenced in RFC 5280.
  *
  * @author Dave Brownell
  * @author Amit Kapoor