jdk-sandbox: comparison jdk/src/share/classes/java/security/cert/X509CRLSelector.java

equal deleted inserted replaced

-:6d0f51c99930
+:882a3948c6e6
 /*
-* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 import sun.security.util.DerInputStream;
 import sun.security.x509.CRLNumberExtension;
 import sun.security.x509.X500Name;
 /**
-* A <code>CRLSelector</code> that selects <code>X509CRLs</code> that
+* A {@code CRLSelector} that selects {@code X509CRLs} that
 * match all specified criteria. This class is particularly useful when
-* selecting CRLs from a <code>CertStore</code> to check revocation status
+* selecting CRLs from a {@code CertStore} to check revocation status
 * of a particular certificate.
 * <p>
-* When first constructed, an <code>X509CRLSelector</code> has no criteria
+* When first constructed, an {@code X509CRLSelector} has no criteria
-* enabled and each of the <code>get</code> methods return a default
+* enabled and each of the {@code get} methods return a default
-* value (<code>null</code>). Therefore, the {@link #match match} method
+* value ({@code null}). Therefore, the {@link #match match} method
-* would return <code>true</code> for any <code>X509CRL</code>. Typically,
+* would return {@code true} for any {@code X509CRL}. Typically,
 * several criteria are enabled (by calling {@link #setIssuers setIssuers}
 * or {@link #setDateAndTime setDateAndTime}, for instance) and then the
-* <code>X509CRLSelector</code> is passed to
+* {@code X509CRLSelector} is passed to
 * {@link CertStore#getCRLs CertStore.getCRLs} or some similar
 * method.
 * <p>
 * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
 * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>
 private Date dateAndTime;
 private X509Certificate certChecking;
 private long skew = 0;
 /**
-* Creates an <code>X509CRLSelector</code>. Initially, no criteria are set
+* Creates an {@code X509CRLSelector}. Initially, no criteria are set
-* so any <code>X509CRL</code> will match.
+* so any {@code X509CRL} will match.
 */
 public X509CRLSelector() {}
 /**
 * Sets the issuerNames criterion. The issuer distinguished name in the
-* <code>X509CRL</code> must match at least one of the specified
+* {@code X509CRL} must match at least one of the specified
-* distinguished names. If <code>null</code>, any issuer distinguished name
+* distinguished names. If {@code null}, any issuer distinguished name
 * will do.
 * <p>
 * This method allows the caller to specify, with a single method call,
-* the complete set of issuer names which <code>X509CRLs</code> may contain.
+* the complete set of issuer names which {@code X509CRLs} may contain.
 * The specified value replaces the previous value for the issuerNames
 * criterion.
 * <p>
-* The <code>names</code> parameter (if not <code>null</code>) is a
+* The {@code names} parameter (if not {@code null}) is a
-* <code>Collection</code> of <code>X500Principal</code>s.
+* {@code Collection} of {@code X500Principal}s.
 * <p>
-* Note that the <code>names</code> parameter can contain duplicate
+* Note that the {@code names} parameter can contain duplicate
 * distinguished names, but they may be removed from the
-* <code>Collection</code> of names returned by the
+* {@code Collection} of names returned by the
 * {@link #getIssuers getIssuers} method.
 * <p>
-* Note that a copy is performed on the <code>Collection</code> to
+* Note that a copy is performed on the {@code Collection} to
 * protect against subsequent modifications.
 *
-* @param issuers a <code>Collection</code> of X500Principals
+* @param issuers a {@code Collection} of X500Principals
-*   (or <code>null</code>)
+*   (or {@code null})
 * @see #getIssuers
 * @since 1.5
 */
 public void setIssuers(Collection<X500Principal> issuers) {
 if ((issuers == null) || issuers.isEmpty()) {
 * <strong>Note:</strong> use {@linkplain #setIssuers(Collection)} instead
 * or only specify the byte array form of distinguished names when using
 * this method. See {@link #addIssuerName(String)} for more information.
 * <p>
 * Sets the issuerNames criterion. The issuer distinguished name in the
-* <code>X509CRL</code> must match at least one of the specified
+* {@code X509CRL} must match at least one of the specified
-* distinguished names. If <code>null</code>, any issuer distinguished name
+* distinguished names. If {@code null}, any issuer distinguished name
 * will do.
 * <p>
 * This method allows the caller to specify, with a single method call,
-* the complete set of issuer names which <code>X509CRLs</code> may contain.
+* the complete set of issuer names which {@code X509CRLs} may contain.
 * The specified value replaces the previous value for the issuerNames
 * criterion.
 * <p>
-* The <code>names</code> parameter (if not <code>null</code>) is a
+* The {@code names} parameter (if not {@code null}) is a
-* <code>Collection</code> of names. Each name is a <code>String</code>
+* {@code Collection} of names. Each name is a {@code String}
 * or a byte array representing a distinguished name (in
 * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or
-* ASN.1 DER encoded form, respectively). If <code>null</code> is supplied
+* ASN.1 DER encoded form, respectively). If {@code null} is supplied
 * as the value for this argument, no issuerNames check will be performed.
 * <p>
-* Note that the <code>names</code> parameter can contain duplicate
+* Note that the {@code names} parameter can contain duplicate
 * distinguished names, but they may be removed from the
-* <code>Collection</code> of names returned by the
+* {@code Collection} of names returned by the
 * {@link #getIssuerNames getIssuerNames} method.
 * <p>
 * If a name is specified as a byte array, it should contain a single DER
 * encoded distinguished name, as defined in X.501. The ASN.1 notation for
 * this structure is as follows.
-* <pre><code>
+* <pre>{@code
 * Name ::= CHOICE {
 *   RDNSequence }
 *
 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
 *
 *       teletexString           TeletexString (SIZE (1..MAX)),
 *       printableString         PrintableString (SIZE (1..MAX)),
 *       universalString         UniversalString (SIZE (1..MAX)),
 *       utf8String              UTF8String (SIZE (1.. MAX)),
 *       bmpString               BMPString (SIZE (1..MAX)) }
-* </code></pre>
+* }</pre>
 * <p>
-* Note that a deep copy is performed on the <code>Collection</code> to
+* Note that a deep copy is performed on the {@code Collection} to
 * protect against subsequent modifications.
 *
-* @param names a <code>Collection</code> of names (or <code>null</code>)
+* @param names a {@code Collection} of names (or {@code null})
 * @throws IOException if a parsing error occurs
 * @see #getIssuerNames
 */
 public void setIssuerNames(Collection<?> names) throws IOException {
 if (names == null || names.size() == 0) {
 }
 }
 /**
 * Adds a name to the issuerNames criterion. The issuer distinguished
-* name in the <code>X509CRL</code> must match at least one of the specified
+* name in the {@code X509CRL} must match at least one of the specified
 * distinguished names.
 * <p>
 * This method allows the caller to add a name to the set of issuer names
-* which <code>X509CRLs</code> may contain. The specified name is added to
+* which {@code X509CRLs} may contain. The specified name is added to
 * any previous value for the issuerNames criterion.
 * If the specified name is a duplicate, it may be ignored.
 *
 * @param issuer the issuer as X500Principal
 * @since 1.5
 * relied on as it can fail to match some CRLs because of a loss of
 * encoding information in the RFC 2253 String form of some distinguished
 * names.
 * <p>
 * Adds a name to the issuerNames criterion. The issuer distinguished
-* name in the <code>X509CRL</code> must match at least one of the specified
+* name in the {@code X509CRL} must match at least one of the specified
 * distinguished names.
 * <p>
 * This method allows the caller to add a name to the set of issuer names
-* which <code>X509CRLs</code> may contain. The specified name is added to
+* which {@code X509CRLs} may contain. The specified name is added to
 * any previous value for the issuerNames criterion.
 * If the specified name is a duplicate, it may be ignored.
 *
 * @param name the name in RFC 2253 form
 * @throws IOException if a parsing error occurs
 addIssuerNameInternal(name, new X500Name(name).asX500Principal());
 }
 /**
 * Adds a name to the issuerNames criterion. The issuer distinguished
-* name in the <code>X509CRL</code> must match at least one of the specified
+* name in the {@code X509CRL} must match at least one of the specified
 * distinguished names.
 * <p>
 * This method allows the caller to add a name to the set of issuer names
-* which <code>X509CRLs</code> may contain. The specified name is added to
+* which {@code X509CRLs} may contain. The specified name is added to
 * any previous value for the issuerNames criterion. If the specified name
 * is a duplicate, it may be ignored.
 * If a name is specified as a byte array, it should contain a single DER
 * encoded distinguished name, as defined in X.501. The ASN.1 notation for
 * this structure is as follows.
 }
 /**
 * A private method that adds a name (String or byte array) to the
 * issuerNames criterion. The issuer distinguished
-* name in the <code>X509CRL</code> must match at least one of the specified
+* name in the {@code X509CRL} must match at least one of the specified
 * distinguished names.
 *
 * @param name the name in string or byte array form
 * @param principal the name in X500Principal form
 * @throws IOException if a parsing error occurs
 /**
 * Clone and check an argument of the form passed to
 * setIssuerNames. Throw an IOException if the argument is malformed.
 *
-* @param names a <code>Collection</code> of names. Each entry is a
+* @param names a {@code Collection} of names. Each entry is a
 *              String or a byte array (the name, in string or ASN.1
-*              DER encoded form, respectively). <code>null</code> is
+*              DER encoded form, respectively). {@code null} is
 *              not an acceptable value.
-* @return a deep copy of the specified <code>Collection</code>
+* @return a deep copy of the specified {@code Collection}
 * @throws IOException if a parsing error occurs
 */
 private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names)
 throws IOException
 {
 * <p>
 * This method wraps cloneAndCheckIssuerNames, changing any IOException
 * into a RuntimeException. This method should be used when the object being
 * cloned has already been checked, so there should never be any exceptions.
 *
-* @param names a <code>Collection</code> of names. Each entry is a
+* @param names a {@code Collection} of names. Each entry is a
 *              String or a byte array (the name, in string or ASN.1
-*              DER encoded form, respectively). <code>null</code> is
+*              DER encoded form, respectively). {@code null} is
 *              not an acceptable value.
-* @return a deep copy of the specified <code>Collection</code>
+* @return a deep copy of the specified {@code Collection}
 * @throws RuntimeException if a parsing error occurs
 */
 private static HashSet<Object> cloneIssuerNames(Collection<Object> names) {
 try {
 return cloneAndCheckIssuerNames(names);
 /**
 * Parse an argument of the form passed to setIssuerNames,
 * returning a Collection of issuerX500Principals.
 * Throw an IOException if the argument is malformed.
 *
-* @param names a <code>Collection</code> of names. Each entry is a
+* @param names a {@code Collection} of names. Each entry is a
 *              String or a byte array (the name, in string or ASN.1
 *              DER encoded form, respectively). <Code>Null</Code> is
 *              not an acceptable value.
 * @return a HashSet of issuerX500Principals
 * @throws IOException if a parsing error occurs
 }
 return x500Principals;
 }
 /**
-* Sets the minCRLNumber criterion. The <code>X509CRL</code> must have a
+* Sets the minCRLNumber criterion. The {@code X509CRL} must have a
 * CRL number extension whose value is greater than or equal to the
-* specified value. If <code>null</code>, no minCRLNumber check will be
+* specified value. If {@code null}, no minCRLNumber check will be
 * done.
 *
-* @param minCRL the minimum CRL number accepted (or <code>null</code>)
+* @param minCRL the minimum CRL number accepted (or {@code null})
 */
 public void setMinCRLNumber(BigInteger minCRL) {
 this.minCRL = minCRL;
 }
 /**
-* Sets the maxCRLNumber criterion. The <code>X509CRL</code> must have a
+* Sets the maxCRLNumber criterion. The {@code X509CRL} must have a
 * CRL number extension whose value is less than or equal to the
-* specified value. If <code>null</code>, no maxCRLNumber check will be
+* specified value. If {@code null}, no maxCRLNumber check will be
 * done.
 *
-* @param maxCRL the maximum CRL number accepted (or <code>null</code>)
+* @param maxCRL the maximum CRL number accepted (or {@code null})
 */
 public void setMaxCRLNumber(BigInteger maxCRL) {
 this.maxCRL = maxCRL;
 }
 /**
 * Sets the dateAndTime criterion. The specified date must be
 * equal to or later than the value of the thisUpdate component
-* of the <code>X509CRL</code> and earlier than the value of the
+* of the {@code X509CRL} and earlier than the value of the
-* nextUpdate component. There is no match if the <code>X509CRL</code>
+* nextUpdate component. There is no match if the {@code X509CRL}
 * does not contain a nextUpdate component.
-* If <code>null</code>, no dateAndTime check will be done.
+* If {@code null}, no dateAndTime check will be done.
 * <p>
-* Note that the <code>Date</code> supplied here is cloned to protect
+* Note that the {@code Date} supplied here is cloned to protect
 * against subsequent modifications.
 *
-* @param dateAndTime the <code>Date</code> to match against
+* @param dateAndTime the {@code Date} to match against
-*                    (or <code>null</code>)
+*                    (or {@code null})
 * @see #getDateAndTime
 */
 public void setDateAndTime(Date dateAndTime) {
 if (dateAndTime == null)
 this.dateAndTime = null;
 this.skew = skew;
 }
 /**
 * Sets the certificate being checked. This is not a criterion. Rather,
-* it is optional information that may help a <code>CertStore</code>
+* it is optional information that may help a {@code CertStore}
 * find CRLs that would be relevant when checking revocation for the
-* specified certificate. If <code>null</code> is specified, then no
+* specified certificate. If {@code null} is specified, then no
 * such optional information is provided.
 *
-* @param cert the <code>X509Certificate</code> being checked
+* @param cert the {@code X509Certificate} being checked
-*             (or <code>null</code>)
+*             (or {@code null})
 * @see #getCertificateChecking
 */
 public void setCertificateChecking(X509Certificate cert) {
 certChecking = cert;
 }
 /**
 * Returns the issuerNames criterion. The issuer distinguished
-* name in the <code>X509CRL</code> must match at least one of the specified
+* name in the {@code X509CRL} must match at least one of the specified
-* distinguished names. If the value returned is <code>null</code>, any
+* distinguished names. If the value returned is {@code null}, any
 * issuer distinguished name will do.
 * <p>
-* If the value returned is not <code>null</code>, it is a
+* If the value returned is not {@code null}, it is a
-* unmodifiable <code>Collection</code> of <code>X500Principal</code>s.
+* unmodifiable {@code Collection} of {@code X500Principal}s.
 *
-* @return an unmodifiable <code>Collection</code> of names
+* @return an unmodifiable {@code Collection} of names
-*   (or <code>null</code>)
+*   (or {@code null})
 * @see #setIssuers
 * @since 1.5
 */
 public Collection<X500Principal> getIssuers() {
 if (issuerX500Principals == null) {
 return Collections.unmodifiableCollection(issuerX500Principals);
 }
 /**
 * Returns a copy of the issuerNames criterion. The issuer distinguished
-* name in the <code>X509CRL</code> must match at least one of the specified
+* name in the {@code X509CRL} must match at least one of the specified
-* distinguished names. If the value returned is <code>null</code>, any
+* distinguished names. If the value returned is {@code null}, any
 * issuer distinguished name will do.
 * <p>
-* If the value returned is not <code>null</code>, it is a
+* If the value returned is not {@code null}, it is a
-* <code>Collection</code> of names. Each name is a <code>String</code>
+* {@code Collection} of names. Each name is a {@code String}
 * or a byte array representing a distinguished name (in RFC 2253 or
 * ASN.1 DER encoded form, respectively).  Note that the
-* <code>Collection</code> returned may contain duplicate names.
+* {@code Collection} returned may contain duplicate names.
 * <p>
 * If a name is specified as a byte array, it should contain a single DER
 * encoded distinguished name, as defined in X.501. The ASN.1 notation for
 * this structure is given in the documentation for
 * {@link #setIssuerNames setIssuerNames(Collection names)}.
 * <p>
-* Note that a deep copy is performed on the <code>Collection</code> to
+* Note that a deep copy is performed on the {@code Collection} to
 * protect against subsequent modifications.
 *
-* @return a <code>Collection</code> of names (or <code>null</code>)
+* @return a {@code Collection} of names (or {@code null})
 * @see #setIssuerNames
 */
 public Collection<Object> getIssuerNames() {
 if (issuerNames == null) {
 return null;
 }
 return cloneIssuerNames(issuerNames);
 }
 /**
-* Returns the minCRLNumber criterion. The <code>X509CRL</code> must have a
+* Returns the minCRLNumber criterion. The {@code X509CRL} must have a
 * CRL number extension whose value is greater than or equal to the
-* specified value. If <code>null</code>, no minCRLNumber check will be done.
+* specified value. If {@code null}, no minCRLNumber check will be done.
 *
-* @return the minimum CRL number accepted (or <code>null</code>)
+* @return the minimum CRL number accepted (or {@code null})
 */
 public BigInteger getMinCRL() {
 return minCRL;
 }
 /**
-* Returns the maxCRLNumber criterion. The <code>X509CRL</code> must have a
+* Returns the maxCRLNumber criterion. The {@code X509CRL} must have a
 * CRL number extension whose value is less than or equal to the
-* specified value. If <code>null</code>, no maxCRLNumber check will be
+* specified value. If {@code null}, no maxCRLNumber check will be
 * done.
 *
-* @return the maximum CRL number accepted (or <code>null</code>)
+* @return the maximum CRL number accepted (or {@code null})
 */
 public BigInteger getMaxCRL() {
 return maxCRL;
 }
 /**
 * Returns the dateAndTime criterion. The specified date must be
 * equal to or later than the value of the thisUpdate component
-* of the <code>X509CRL</code> and earlier than the value of the
+* of the {@code X509CRL} and earlier than the value of the
 * nextUpdate component. There is no match if the
-* <code>X509CRL</code> does not contain a nextUpdate component.
+* {@code X509CRL} does not contain a nextUpdate component.
-* If <code>null</code>, no dateAndTime check will be done.
+* If {@code null}, no dateAndTime check will be done.
 * <p>
-* Note that the <code>Date</code> returned is cloned to protect against
+* Note that the {@code Date} returned is cloned to protect against
 * subsequent modifications.
 *
-* @return the <code>Date</code> to match against (or <code>null</code>)
+* @return the {@code Date} to match against (or {@code null})
 * @see #setDateAndTime
 */
 public Date getDateAndTime() {
 if (dateAndTime == null)
 return null;
 return (Date) dateAndTime.clone();
 }
 /**
 * Returns the certificate being checked. This is not a criterion. Rather,
-* it is optional information that may help a <code>CertStore</code>
+* it is optional information that may help a {@code CertStore}
 * find CRLs that would be relevant when checking revocation for the
-* specified certificate. If the value returned is <code>null</code>, then
+* specified certificate. If the value returned is {@code null}, then
 * no such optional information is provided.
 *
-* @return the certificate being checked (or <code>null</code>)
+* @return the certificate being checked (or {@code null})
 * @see #setCertificateChecking
 */
 public X509Certificate getCertificateChecking() {
 return certChecking;
 }
 /**
-* Returns a printable representation of the <code>X509CRLSelector</code>.
+* Returns a printable representation of the {@code X509CRLSelector}.
 *
-* @return a <code>String</code> describing the contents of the
+* @return a {@code String} describing the contents of the
-*         <code>X509CRLSelector</code>.
+*         {@code X509CRLSelector}.
 */
 public String toString() {
 StringBuffer sb = new StringBuffer();
 sb.append("X509CRLSelector: [\n");
 if (issuerNames != null) {
 sb.append("]");
 return sb.toString();
 }
 /**
-* Decides whether a <code>CRL</code> should be selected.
+* Decides whether a {@code CRL} should be selected.
 *
-* @param crl the <code>CRL</code> to be checked
+* @param crl the {@code CRL} to be checked
-* @return <code>true</code> if the <code>CRL</code> should be selected,
+* @return {@code true} if the {@code CRL} should be selected,
-*         <code>false</code> otherwise
+*         {@code false} otherwise
 */
 public boolean match(CRL crl) {
 if (!(crl instanceof X509CRL)) {
 return false;
 }

changeset 18551	882a3948c6e6
parent 10419	12c063b39232
child 24969	afa6934dd8e8