# HG changeset patch # User juh # Date 1372195889 25200 # Node ID 882a3948c6e601a70b349c3e25b788b7843882ca # Parent 6d0f51c9993088491d12e73bcdf24e8aaddd47fb 8017325: Cleanup of the javadoc tag in java.security.cert Summary: Convert javadoc ... and ... tags to {@code ...} Reviewed-by: darcy diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CRLException.java --- a/jdk/src/share/classes/java/security/cert/CRLException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CRLException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,13 +57,13 @@ } /** - * Creates a CRLException with the specified + * Creates a {@code CRLException} with the specified * detail message and cause. * * @param message the detail message (which is saved for later retrieval * by the {@link #getMessage()} method). * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ @@ -72,13 +72,13 @@ } /** - * Creates a CRLException with the specified cause - * and a detail message of (cause==null ? null : cause.toString()) + * Creates a {@code CRLException} with the specified cause + * and a detail message of {@code (cause==null ? null : cause.toString())} * (which typically contains the class and detail message of - * cause). + * {@code cause}). * * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CRLSelector.java --- a/jdk/src/share/classes/java/security/cert/CRLSelector.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CRLSelector.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,9 +26,9 @@ package java.security.cert; /** - * A selector that defines a set of criteria for selecting CRLs. + * A selector that defines a set of criteria for selecting {@code CRL}s. * Classes that implement this interface are often used to specify - * which CRLs should be retrieved from a CertStore. + * which {@code CRL}s should be retrieved from a {@code CertStore}. *

* Concurrent Access *

@@ -48,19 +48,19 @@ public interface CRLSelector extends Cloneable { /** - * Decides whether a CRL should be selected. + * Decides whether a {@code CRL} should be selected. * - * @param crl the CRL to be checked - * @return true if the CRL should be selected, - * false otherwise + * @param crl the {@code CRL} to be checked + * @return {@code true} if the {@code CRL} should be selected, + * {@code false} otherwise */ boolean match(CRL crl); /** - * Makes a copy of this CRLSelector. Changes to the + * Makes a copy of this {@code CRLSelector}. Changes to the * copy will not affect the original and vice versa. * - * @return a copy of this CRLSelector + * @return a copy of this {@code CRLSelector} */ Object clone(); } diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPath.java --- a/jdk/src/share/classes/java/security/cert/CertPath.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPath.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,59 +36,59 @@ * An immutable sequence of certificates (a certification path). *

* This is an abstract class that defines the methods common to all - * CertPaths. Subclasses can handle different kinds of + * {@code CertPath}s. Subclasses can handle different kinds of * certificates (X.509, PGP, etc.). *

- * All CertPath objects have a type, a list of - * Certificates, and one or more supported encodings. Because the - * CertPath class is immutable, a CertPath cannot + * All {@code CertPath} objects have a type, a list of + * {@code Certificate}s, and one or more supported encodings. Because the + * {@code CertPath} class is immutable, a {@code CertPath} cannot * change in any externally visible way after being constructed. This * stipulation applies to all public fields and methods of this class and any * added or overridden by subclasses. *

- * The type is a String that identifies the type of - * Certificates in the certification path. For each - * certificate cert in a certification path certPath, - * cert.getType().equals(certPath.getType()) must be - * true. + * The type is a {@code String} that identifies the type of + * {@code Certificate}s in the certification path. For each + * certificate {@code cert} in a certification path {@code certPath}, + * {@code cert.getType().equals(certPath.getType())} must be + * {@code true}. *

- * The list of Certificates is an ordered List of - * zero or more Certificates. This List and all - * of the Certificates contained in it must be immutable. + * The list of {@code Certificate}s is an ordered {@code List} of + * zero or more {@code Certificate}s. This {@code List} and all + * of the {@code Certificate}s contained in it must be immutable. *

- * Each CertPath object must support one or more encodings + * Each {@code CertPath} object must support one or more encodings * so that the object can be translated into a byte array for storage or * transmission to other parties. Preferably, these encodings should be * well-documented standards (such as PKCS#7). One of the encodings supported - * by a CertPath is considered the default encoding. This + * by a {@code CertPath} is considered the default encoding. This * encoding is used if no encoding is explicitly requested (for the * {@link #getEncoded() getEncoded()} method, for instance). *

- * All CertPath objects are also Serializable. - * CertPath objects are resolved into an alternate + * All {@code CertPath} objects are also {@code Serializable}. + * {@code CertPath} objects are resolved into an alternate * {@link CertPathRep CertPathRep} object during serialization. This allows - * a CertPath object to be serialized into an equivalent + * a {@code CertPath} object to be serialized into an equivalent * representation regardless of its underlying implementation. *

- * CertPath objects can be created with a - * CertificateFactory or they can be returned by other classes, - * such as a CertPathBuilder. + * {@code CertPath} objects can be created with a + * {@code CertificateFactory} or they can be returned by other classes, + * such as a {@code CertPathBuilder}. *

- * By convention, X.509 CertPaths (consisting of - * X509Certificates), are ordered starting with the target + * By convention, X.509 {@code CertPath}s (consisting of + * {@code X509Certificate}s), are ordered starting with the target * certificate and ending with a certificate issued by the trust anchor. That * is, the issuer of one certificate is the subject of the following one. The * certificate representing the {@link TrustAnchor TrustAnchor} should not be - * included in the certification path. Unvalidated X.509 CertPaths - * may not follow these conventions. PKIX CertPathValidators will + * included in the certification path. Unvalidated X.509 {@code CertPath}s + * may not follow these conventions. PKIX {@code CertPathValidator}s will * detect any departure from these conventions that cause the certification - * path to be invalid and throw a CertPathValidatorException. + * path to be invalid and throw a {@code CertPathValidatorException}. * *

Every implementation of the Java platform is required to support the - * following standard CertPath encodings: + * following standard {@code CertPath} encodings: *

* These encodings are described in the @@ -99,17 +99,17 @@ *

* Concurrent Access *

- * All CertPath objects must be thread-safe. That is, multiple + * All {@code CertPath} objects must be thread-safe. That is, multiple * threads may concurrently invoke the methods defined in this class on a - * single CertPath object (or more than one) with no - * ill effects. This is also true for the List returned by - * CertPath.getCertificates. + * single {@code CertPath} object (or more than one) with no + * ill effects. This is also true for the {@code List} returned by + * {@code CertPath.getCertificates}. *

- * Requiring CertPath objects to be immutable and thread-safe + * Requiring {@code CertPath} objects to be immutable and thread-safe * allows them to be passed around to various pieces of code without worrying * about coordinating access. Providing this thread-safety is - * generally not difficult, since the CertPath and - * List objects in question are immutable. + * generally not difficult, since the {@code CertPath} and + * {@code List} objects in question are immutable. * * @see CertificateFactory * @see CertPathBuilder @@ -124,25 +124,25 @@ private String type; // the type of certificates in this chain /** - * Creates a CertPath of the specified type. + * Creates a {@code CertPath} of the specified type. *

* This constructor is protected because most users should use a - * CertificateFactory to create CertPaths. + * {@code CertificateFactory} to create {@code CertPath}s. * * @param type the standard name of the type of - * Certificates in this path + * {@code Certificate}s in this path */ protected CertPath(String type) { this.type = type; } /** - * Returns the type of Certificates in this certification + * Returns the type of {@code Certificate}s in this certification * path. This is the same string that would be returned by * {@link java.security.cert.Certificate#getType() cert.getType()} - * for all Certificates in the certification path. + * for all {@code Certificate}s in the certification path. * - * @return the type of Certificates in this certification + * @return the type of {@code Certificate}s in this certification * path (never null) */ public String getType() { @@ -152,21 +152,21 @@ /** * Returns an iteration of the encodings supported by this certification * path, with the default encoding first. Attempts to modify the returned - * Iterator via its remove method result in an - * UnsupportedOperationException. + * {@code Iterator} via its {@code remove} method result in an + * {@code UnsupportedOperationException}. * - * @return an Iterator over the names of the supported + * @return an {@code Iterator} over the names of the supported * encodings (as Strings) */ public abstract Iterator getEncodings(); /** * Compares this certification path for equality with the specified - * object. Two CertPaths are equal if and only if their - * types are equal and their certificate Lists (and by - * implication the Certificates in those Lists) - * are equal. A CertPath is never equal to an object that is - * not a CertPath. + * object. Two {@code CertPath}s are equal if and only if their + * types are equal and their certificate {@code List}s (and by + * implication the {@code Certificate}s in those {@code List}s) + * are equal. A {@code CertPath} is never equal to an object that is + * not a {@code CertPath}. *

* This algorithm is implemented by this method. If it is overridden, * the behavior specified here must be maintained. @@ -195,14 +195,14 @@ * Returns the hashcode for this certification path. The hash code of * a certification path is defined to be the result of the following * calculation: - * 


+     * 
{@code
      *  hashCode = path.getType().hashCode();
      *  hashCode = 31*hashCode + path.getCertificates().hashCode();
-     * 

-     * This ensures that path1.equals(path2) implies that
-     * path1.hashCode()==path2.hashCode() for any two certification
-     * paths, path1 and path2, as required by the
-     * general contract of Object.hashCode.
+     * }
+ * This ensures that {@code path1.equals(path2)} implies that + * {@code path1.hashCode()==path2.hashCode()} for any two certification + * paths, {@code path1} and {@code path2}, as required by the + * general contract of {@code Object.hashCode}. * * @return the hashcode value for this certification path */ @@ -214,8 +214,8 @@ /** * Returns a string representation of this certification path. - * This calls the toString method on each of the - * Certificates in the path. + * This calls the {@code toString} method on each of the + * {@code Certificate}s in the path. * * @return a string representation of this certification path */ @@ -266,20 +266,20 @@ /** * Returns the list of certificates in this certification path. - * The List returned must be immutable and thread-safe. + * The {@code List} returned must be immutable and thread-safe. * - * @return an immutable List of Certificates + * @return an immutable {@code List} of {@code Certificate}s * (may be empty, but not null) */ public abstract List getCertificates(); /** - * Replaces the CertPath to be serialized with a - * CertPathRep object. + * Replaces the {@code CertPath} to be serialized with a + * {@code CertPathRep} object. * - * @return the CertPathRep to be serialized + * @return the {@code CertPathRep} to be serialized * - * @throws ObjectStreamException if a CertPathRep object + * @throws ObjectStreamException if a {@code CertPathRep} object * representing this certification path could not be created */ protected Object writeReplace() throws ObjectStreamException { @@ -295,7 +295,7 @@ } /** - * Alternate CertPath class for serialization. + * Alternate {@code CertPath} class for serialization. * @since 1.4 */ protected static class CertPathRep implements Serializable { @@ -308,10 +308,10 @@ private byte[] data; /** - * Creates a CertPathRep with the specified + * Creates a {@code CertPathRep} with the specified * type and encoded form of a certification path. * - * @param type the standard name of a CertPath type + * @param type the standard name of a {@code CertPath} type * @param data the encoded form of the certification path */ protected CertPathRep(String type, byte[] data) { @@ -320,11 +320,11 @@ } /** - * Returns a CertPath constructed from the type and data. + * Returns a {@code CertPath} constructed from the type and data. * - * @return the resolved CertPath object + * @return the resolved {@code CertPath} object * - * @throws ObjectStreamException if a CertPath could not + * @throws ObjectStreamException if a {@code CertPath} could not * be constructed */ protected Object readResolve() throws ObjectStreamException { diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathBuilder.java --- a/jdk/src/share/classes/java/security/cert/CertPathBuilder.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathBuilder.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,16 +41,16 @@ * A class for building certification paths (also known as certificate chains). *

* This class uses a provider-based architecture. - * To create a CertPathBuilder, call - * one of the static getInstance methods, passing in the - * algorithm name of the CertPathBuilder desired and optionally + * To create a {@code CertPathBuilder}, call + * one of the static {@code getInstance} methods, passing in the + * algorithm name of the {@code CertPathBuilder} desired and optionally * the name of the provider desired. * - *

Once a CertPathBuilder object has been created, certification + *

Once a {@code CertPathBuilder} object has been created, certification * paths can be constructed by calling the {@link #build build} method and * passing it an algorithm-specific set of parameters. If successful, the - * result (including the CertPath that was built) is returned - * in an object that implements the CertPathBuilderResult + * result (including the {@code CertPath} that was built) is returned + * in an object that implements the {@code CertPathBuilderResult} * interface. * *

The {@link #getRevocationChecker} method allows an application to specify @@ -67,9 +67,9 @@ * * *

Every implementation of the Java platform is required to support the - * following standard CertPathBuilder algorithm: + * following standard {@code CertPathBuilder} algorithm: *

* This algorithm is described in the @@ -87,9 +87,9 @@ *

* However, this is not true for the non-static methods defined by this class. * Unless otherwise documented by a specific provider, threads that need to - * access a single CertPathBuilder instance concurrently should + * access a single {@code CertPathBuilder} instance concurrently should * synchronize amongst themselves and provide the necessary locking. Multiple - * threads each manipulating a different CertPathBuilder instance + * threads each manipulating a different {@code CertPathBuilder} instance * need not synchronize. * * @see CertPath @@ -114,7 +114,7 @@ private final String algorithm; /** - * Creates a CertPathBuilder object of the given algorithm, + * Creates a {@code CertPathBuilder} object of the given algorithm, * and encapsulates the given provider implementation (SPI object) in it. * * @param builderSpi the provider implementation @@ -130,7 +130,7 @@ } /** - * Returns a CertPathBuilder object that implements the + * Returns a {@code CertPathBuilder} object that implements the * specified algorithm. * *

This method traverses the list of registered security Providers, @@ -142,13 +142,13 @@ *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * - * @param algorithm the name of the requested CertPathBuilder + * @param algorithm the name of the requested {@code CertPathBuilder} * algorithm. See the CertPathBuilder section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard algorithm names. * - * @return a CertPathBuilder object that implements the + * @return a {@code CertPathBuilder} object that implements the * specified algorithm. * * @throws NoSuchAlgorithmException if no Provider supports a @@ -166,7 +166,7 @@ } /** - * Returns a CertPathBuilder object that implements the + * Returns a {@code CertPathBuilder} object that implements the * specified algorithm. * *

A new CertPathBuilder object encapsulating the @@ -177,7 +177,7 @@ *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * - * @param algorithm the name of the requested CertPathBuilder + * @param algorithm the name of the requested {@code CertPathBuilder} * algorithm. See the CertPathBuilder section in the * Java Cryptography Architecture Standard Algorithm Name Documentation @@ -185,7 +185,7 @@ * * @param provider the name of the provider. * - * @return a CertPathBuilder object that implements the + * @return a {@code CertPathBuilder} object that implements the * specified algorithm. * * @throws NoSuchAlgorithmException if a CertPathBuilderSpi @@ -195,7 +195,7 @@ * @throws NoSuchProviderException if the specified provider is not * registered in the security provider list. * - * @exception IllegalArgumentException if the provider is + * @exception IllegalArgumentException if the {@code provider} is * null or empty. * * @see java.security.Provider @@ -209,7 +209,7 @@ } /** - * Returns a CertPathBuilder object that implements the + * Returns a {@code CertPathBuilder} object that implements the * specified algorithm. * *

A new CertPathBuilder object encapsulating the @@ -217,7 +217,7 @@ * object is returned. Note that the specified Provider object * does not have to be registered in the provider list. * - * @param algorithm the name of the requested CertPathBuilder + * @param algorithm the name of the requested {@code CertPathBuilder} * algorithm. See the CertPathBuilder section in the * Java Cryptography Architecture Standard Algorithm Name Documentation @@ -225,14 +225,14 @@ * * @param provider the provider. * - * @return a CertPathBuilder object that implements the + * @return a {@code CertPathBuilder} object that implements the * specified algorithm. * * @exception NoSuchAlgorithmException if a CertPathBuilderSpi * implementation for the specified algorithm is not available * from the specified Provider object. * - * @exception IllegalArgumentException if the provider is + * @exception IllegalArgumentException if the {@code provider} is * null. * * @see java.security.Provider @@ -246,18 +246,18 @@ } /** - * Returns the provider of this CertPathBuilder. + * Returns the provider of this {@code CertPathBuilder}. * - * @return the provider of this CertPathBuilder + * @return the provider of this {@code CertPathBuilder} */ public final Provider getProvider() { return this.provider; } /** - * Returns the name of the algorithm of this CertPathBuilder. + * Returns the name of the algorithm of this {@code CertPathBuilder}. * - * @return the name of the algorithm of this CertPathBuilder + * @return the name of the algorithm of this {@code CertPathBuilder} */ public final String getAlgorithm() { return this.algorithm; @@ -272,7 +272,7 @@ * @throws CertPathBuilderException if the builder is unable to construct * a certification path that satisfies the specified parameters * @throws InvalidAlgorithmParameterException if the specified parameters - * are inappropriate for this CertPathBuilder + * are inappropriate for this {@code CertPathBuilder} */ public final CertPathBuilderResult build(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathBuilderException.java --- a/jdk/src/share/classes/java/security/cert/CertPathBuilderException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathBuilderException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,9 +29,9 @@ /** * An exception indicating one of a variety of problems encountered when - * building a certification path with a CertPathBuilder. + * building a certification path with a {@code CertPathBuilder}. *

- * A CertPathBuilderException provides support for wrapping + * A {@code CertPathBuilderException} provides support for wrapping * exceptions. The {@link #getCause getCause} method returns the throwable, * if any, that caused this exception to be thrown. *

@@ -53,7 +53,7 @@ private static final long serialVersionUID = 5316471420178794402L; /** - * Creates a CertPathBuilderException with null + * Creates a {@code CertPathBuilderException} with {@code null} * as its detail message. */ public CertPathBuilderException() { @@ -61,8 +61,8 @@ } /** - * Creates a CertPathBuilderException with the given - * detail message. The detail message is a String that + * Creates a {@code CertPathBuilderException} with the given + * detail message. The detail message is a {@code String} that * describes this particular exception in more detail. * * @param msg the detail message @@ -72,16 +72,16 @@ } /** - * Creates a CertPathBuilderException that wraps the specified + * Creates a {@code CertPathBuilderException} that wraps the specified * throwable. This allows any exception to be converted into a - * CertPathBuilderException, while retaining information + * {@code CertPathBuilderException}, while retaining information * about the wrapped exception, which may be useful for debugging. The - * detail message is set to (cause==null ? null : cause.toString() - * ) (which typically contains the class and detail message of + * detail message is set to ({@code cause==null ? null : cause.toString()}) + * (which typically contains the class and detail message of * cause). * * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause getCause()} method). (A null value is + * {@link #getCause getCause()} method). (A {@code null} value is * permitted, and indicates that the cause is nonexistent or unknown.) */ public CertPathBuilderException(Throwable cause) { @@ -89,12 +89,12 @@ } /** - * Creates a CertPathBuilderException with the specified + * Creates a {@code CertPathBuilderException} with the specified * detail message and cause. * * @param msg the detail message * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause getCause()} method). (A null value is + * {@link #getCause getCause()} method). (A {@code null} value is * permitted, and indicates that the cause is nonexistent or unknown.) */ public CertPathBuilderException(String msg, Throwable cause) { diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathBuilderResult.java --- a/jdk/src/share/classes/java/security/cert/CertPathBuilderResult.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathBuilderResult.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,8 +30,8 @@ * All results returned by the {@link CertPathBuilder#build * CertPathBuilder.build} method must implement this interface. *

- * At a minimum, a CertPathBuilderResult contains the - * CertPath built by the CertPathBuilder instance. + * At a minimum, a {@code CertPathBuilderResult} contains the + * {@code CertPath} built by the {@code CertPathBuilder} instance. * Implementations of this interface may add methods to return implementation * or algorithm specific information, such as debugging information or * certification path validation results. @@ -54,15 +54,15 @@ /** * Returns the built certification path. * - * @return the certification path (never null) + * @return the certification path (never {@code null}) */ CertPath getCertPath(); /** - * Makes a copy of this CertPathBuilderResult. Changes to the + * Makes a copy of this {@code CertPathBuilderResult}. Changes to the * copy will not affect the original and vice versa. * - * @return a copy of this CertPathBuilderResult + * @return a copy of this {@code CertPathBuilderResult} */ Object clone(); } diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathBuilderSpi.java --- a/jdk/src/share/classes/java/security/cert/CertPathBuilderSpi.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathBuilderSpi.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,23 +30,23 @@ /** * The Service Provider Interface (SPI) * for the {@link CertPathBuilder CertPathBuilder} class. All - * CertPathBuilder implementations must include a class (the - * SPI class) that extends this class (CertPathBuilderSpi) and + * {@code CertPathBuilder} implementations must include a class (the + * SPI class) that extends this class ({@code CertPathBuilderSpi}) and * implements all of its methods. In general, instances of this class should - * only be accessed through the CertPathBuilder class. For + * only be accessed through the {@code CertPathBuilder} class. For * details, see the Java Cryptography Architecture. *

* Concurrent Access *

* Instances of this class need not be protected against concurrent * access from multiple threads. Threads that need to access a single - * CertPathBuilderSpi instance concurrently should synchronize + * {@code CertPathBuilderSpi} instance concurrently should synchronize * amongst themselves and provide the necessary locking before calling the - * wrapping CertPathBuilder object. + * wrapping {@code CertPathBuilder} object. *

- * However, implementations of CertPathBuilderSpi may still + * However, implementations of {@code CertPathBuilderSpi} may still * encounter concurrency issues, since multiple threads each - * manipulating a different CertPathBuilderSpi instance need not + * manipulating a different {@code CertPathBuilderSpi} instance need not * synchronize. * * @since 1.4 @@ -68,7 +68,7 @@ * @throws CertPathBuilderException if the builder is unable to construct * a certification path that satisfies the specified parameters * @throws InvalidAlgorithmParameterException if the specified parameters - * are inappropriate for this CertPathBuilder + * are inappropriate for this {@code CertPathBuilder} */ public abstract CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException; diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathParameters.java --- a/jdk/src/share/classes/java/security/cert/CertPathParameters.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathParameters.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,8 @@ /** * A specification of certification path algorithm parameters. * The purpose of this interface is to group (and provide type safety for) - * all CertPath parameter specifications. All - * CertPath parameter specifications must implement this + * all {@code CertPath} parameter specifications. All + * {@code CertPath} parameter specifications must implement this * interface. * * @author Yassir Elley @@ -40,10 +40,10 @@ public interface CertPathParameters extends Cloneable { /** - * Makes a copy of this CertPathParameters. Changes to the + * Makes a copy of this {@code CertPathParameters}. Changes to the * copy will not affect the original and vice versa. * - * @return a copy of this CertPathParameters + * @return a copy of this {@code CertPathParameters} */ Object clone(); } diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathValidator.java --- a/jdk/src/share/classes/java/security/cert/CertPathValidator.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathValidator.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,17 +42,17 @@ * chains). *

* This class uses a provider-based architecture. - * To create a CertPathValidator, - * call one of the static getInstance methods, passing in the - * algorithm name of the CertPathValidator desired and + * To create a {@code CertPathValidator}, + * call one of the static {@code getInstance} methods, passing in the + * algorithm name of the {@code CertPathValidator} desired and * optionally the name of the provider desired. * - *

Once a CertPathValidator object has been created, it can + *

Once a {@code CertPathValidator} object has been created, it can * be used to validate certification paths by calling the {@link #validate - * validate} method and passing it the CertPath to be validated + * validate} method and passing it the {@code CertPath} to be validated * and an algorithm-specific set of parameters. If successful, the result is * returned in an object that implements the - * CertPathValidatorResult interface. + * {@code CertPathValidatorResult} interface. * *

The {@link #getRevocationChecker} method allows an application to specify * additional algorithm-specific parameters and options used by the @@ -69,9 +69,9 @@ * * *

Every implementation of the Java platform is required to support the - * following standard CertPathValidator algorithm: + * following standard {@code CertPathValidator} algorithm: *

* This algorithm is described in the @@ -89,9 +89,9 @@ *

* However, this is not true for the non-static methods defined by this class. * Unless otherwise documented by a specific provider, threads that need to - * access a single CertPathValidator instance concurrently should + * access a single {@code CertPathValidator} instance concurrently should * synchronize amongst themselves and provide the necessary locking. Multiple - * threads each manipulating a different CertPathValidator + * threads each manipulating a different {@code CertPathValidator} * instance need not synchronize. * * @see CertPath @@ -115,7 +115,7 @@ private final String algorithm; /** - * Creates a CertPathValidator object of the given algorithm, + * Creates a {@code CertPathValidator} object of the given algorithm, * and encapsulates the given provider implementation (SPI object) in it. * * @param validatorSpi the provider implementation @@ -131,7 +131,7 @@ } /** - * Returns a CertPathValidator object that implements the + * Returns a {@code CertPathValidator} object that implements the * specified algorithm. * *

This method traverses the list of registered security Providers, @@ -143,13 +143,13 @@ *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * - * @param algorithm the name of the requested CertPathValidator + * @param algorithm the name of the requested {@code CertPathValidator} * algorithm. See the CertPathValidator section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard algorithm names. * - * @return a CertPathValidator object that implements the + * @return a {@code CertPathValidator} object that implements the * specified algorithm. * * @exception NoSuchAlgorithmException if no Provider supports a @@ -167,7 +167,7 @@ } /** - * Returns a CertPathValidator object that implements the + * Returns a {@code CertPathValidator} object that implements the * specified algorithm. * *

A new CertPathValidator object encapsulating the @@ -178,7 +178,7 @@ *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * - * @param algorithm the name of the requested CertPathValidator + * @param algorithm the name of the requested {@code CertPathValidator} * algorithm. See the CertPathValidator section in the * Java Cryptography Architecture Standard Algorithm Name Documentation @@ -186,7 +186,7 @@ * * @param provider the name of the provider. * - * @return a CertPathValidator object that implements the + * @return a {@code CertPathValidator} object that implements the * specified algorithm. * * @exception NoSuchAlgorithmException if a CertPathValidatorSpi @@ -196,7 +196,7 @@ * @exception NoSuchProviderException if the specified provider is not * registered in the security provider list. * - * @exception IllegalArgumentException if the provider is + * @exception IllegalArgumentException if the {@code provider} is * null or empty. * * @see java.security.Provider @@ -211,7 +211,7 @@ } /** - * Returns a CertPathValidator object that implements the + * Returns a {@code CertPathValidator} object that implements the * specified algorithm. * *

A new CertPathValidator object encapsulating the @@ -219,7 +219,7 @@ * object is returned. Note that the specified Provider object * does not have to be registered in the provider list. * - * @param algorithm the name of the requested CertPathValidator + * @param algorithm the name of the requested {@code CertPathValidator} * algorithm. See the CertPathValidator section in the * Java Cryptography Architecture Standard Algorithm Name Documentation @@ -227,14 +227,14 @@ * * @param provider the provider. * - * @return a CertPathValidator object that implements the + * @return a {@code CertPathValidator} object that implements the * specified algorithm. * * @exception NoSuchAlgorithmException if a CertPathValidatorSpi * implementation for the specified algorithm is not available * from the specified Provider object. * - * @exception IllegalArgumentException if the provider is + * @exception IllegalArgumentException if the {@code provider} is * null. * * @see java.security.Provider @@ -248,19 +248,19 @@ } /** - * Returns the Provider of this - * CertPathValidator. + * Returns the {@code Provider} of this + * {@code CertPathValidator}. * - * @return the Provider of this CertPathValidator + * @return the {@code Provider} of this {@code CertPathValidator} */ public final Provider getProvider() { return this.provider; } /** - * Returns the algorithm name of this CertPathValidator. + * Returns the algorithm name of this {@code CertPathValidator}. * - * @return the algorithm name of this CertPathValidator + * @return the algorithm name of this {@code CertPathValidator} */ public final String getAlgorithm() { return this.algorithm; @@ -270,20 +270,20 @@ * Validates the specified certification path using the specified * algorithm parameter set. *

- * The CertPath specified must be of a type that is + * The {@code CertPath} specified must be of a type that is * supported by the validation algorithm, otherwise an - * InvalidAlgorithmParameterException will be thrown. For - * example, a CertPathValidator that implements the PKIX - * algorithm validates CertPath objects of type X.509. + * {@code InvalidAlgorithmParameterException} will be thrown. For + * example, a {@code CertPathValidator} that implements the PKIX + * algorithm validates {@code CertPath} objects of type X.509. * - * @param certPath the CertPath to be validated + * @param certPath the {@code CertPath} to be validated * @param params the algorithm parameters * @return the result of the validation algorithm - * @exception CertPathValidatorException if the CertPath + * @exception CertPathValidatorException if the {@code CertPath} * does not validate * @exception InvalidAlgorithmParameterException if the specified - * parameters or the type of the specified CertPath are - * inappropriate for this CertPathValidator + * parameters or the type of the specified {@code CertPath} are + * inappropriate for this {@code CertPathValidator} */ public final CertPathValidatorResult validate(CertPath certPath, CertPathParameters params) diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathValidatorException.java --- a/jdk/src/share/classes/java/security/cert/CertPathValidatorException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathValidatorException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,11 +34,11 @@ * An exception indicating one of a variety of problems encountered when * validating a certification path. *

- * A CertPathValidatorException provides support for wrapping + * A {@code CertPathValidatorException} provides support for wrapping * exceptions. The {@link #getCause getCause} method returns the throwable, * if any, that caused this exception to be thrown. *

- * A CertPathValidatorException may also include the + * A {@code CertPathValidatorException} may also include the * certification path that was being validated when the exception was thrown, * the index of the certificate in the certification path that caused the * exception to be thrown, and the reason that caused the failure. Use the @@ -70,7 +70,7 @@ private int index = -1; /** - * @serial the CertPath that was being validated when + * @serial the {@code CertPath} that was being validated when * the exception was thrown */ private CertPath certPath; @@ -81,7 +81,7 @@ private Reason reason = BasicReason.UNSPECIFIED; /** - * Creates a CertPathValidatorException with + * Creates a {@code CertPathValidatorException} with * no detail message. */ public CertPathValidatorException() { @@ -89,8 +89,8 @@ } /** - * Creates a CertPathValidatorException with the given - * detail message. A detail message is a String that + * Creates a {@code CertPathValidatorException} with the given + * detail message. A detail message is a {@code String} that * describes this particular exception. * * @param msg the detail message @@ -100,16 +100,16 @@ } /** - * Creates a CertPathValidatorException that wraps the + * Creates a {@code CertPathValidatorException} that wraps the * specified throwable. This allows any exception to be converted into a - * CertPathValidatorException, while retaining information + * {@code CertPathValidatorException}, while retaining information * about the wrapped exception, which may be useful for debugging. The - * detail message is set to (cause==null ? null : cause.toString() - * ) (which typically contains the class and detail message of + * detail message is set to ({@code cause==null ? null : cause.toString()}) + * (which typically contains the class and detail message of * cause). * * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause getCause()} method). (A null value is + * {@link #getCause getCause()} method). (A {@code null} value is * permitted, and indicates that the cause is nonexistent or unknown.) */ public CertPathValidatorException(Throwable cause) { @@ -117,12 +117,12 @@ } /** - * Creates a CertPathValidatorException with the specified + * Creates a {@code CertPathValidatorException} with the specified * detail message and cause. * * @param msg the detail message * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause getCause()} method). (A null value is + * {@link #getCause getCause()} method). (A {@code null} value is * permitted, and indicates that the cause is nonexistent or unknown.) */ public CertPathValidatorException(String msg, Throwable cause) { @@ -130,21 +130,21 @@ } /** - * Creates a CertPathValidatorException with the specified + * Creates a {@code CertPathValidatorException} with the specified * detail message, cause, certification path, and index. * - * @param msg the detail message (or null if none) - * @param cause the cause (or null if none) + * @param msg the detail message (or {@code null} if none) + * @param cause the cause (or {@code null} if none) * @param certPath the certification path that was in the process of * being validated when the error was encountered * @param index the index of the certificate in the certification path * that caused the error (or -1 if not applicable). Note that - * the list of certificates in a CertPath is zero based. + * the list of certificates in a {@code CertPath} is zero based. * @throws IndexOutOfBoundsException if the index is out of range * {@code (index < -1 || (certPath != null && index >= * certPath.getCertificates().size()) } - * @throws IllegalArgumentException if certPath is - * null and index is not -1 + * @throws IllegalArgumentException if {@code certPath} is + * {@code null} and {@code index} is not -1 */ public CertPathValidatorException(String msg, Throwable cause, CertPath certPath, int index) { @@ -152,23 +152,23 @@ } /** - * Creates a CertPathValidatorException with the specified + * Creates a {@code CertPathValidatorException} with the specified * detail message, cause, certification path, index, and reason. * - * @param msg the detail message (or null if none) - * @param cause the cause (or null if none) + * @param msg the detail message (or {@code null} if none) + * @param cause the cause (or {@code null} if none) * @param certPath the certification path that was in the process of * being validated when the error was encountered * @param index the index of the certificate in the certification path * that caused the error (or -1 if not applicable). Note that - * the list of certificates in a CertPath is zero based. + * the list of certificates in a {@code CertPath} is zero based. * @param reason the reason the validation failed * @throws IndexOutOfBoundsException if the index is out of range * {@code (index < -1 || (certPath != null && index >= * certPath.getCertificates().size()) } - * @throws IllegalArgumentException if certPath is - * null and index is not -1 - * @throws NullPointerException if reason is null + * @throws IllegalArgumentException if {@code certPath} is + * {@code null} and {@code index} is not -1 + * @throws NullPointerException if {@code reason} is {@code null} * * @since 1.7 */ @@ -194,8 +194,8 @@ * Returns the certification path that was being validated when * the exception was thrown. * - * @return the CertPath that was being validated when - * the exception was thrown (or null if not specified) + * @return the {@code CertPath} that was being validated when + * the exception was thrown (or {@code null} if not specified) */ public CertPath getCertPath() { return this.certPath; @@ -204,7 +204,7 @@ /** * Returns the index of the certificate in the certification path * that caused the exception to be thrown. Note that the list of - * certificates in a CertPath is zero based. If no + * certificates in a {@code CertPath} is zero based. If no * index has been set, -1 is returned. * * @return the index that has been set, or -1 if none has been set @@ -219,7 +219,7 @@ * {@link #getIndex}. * * @return the reason that the validation failed, or - * BasicReason.UNSPECIFIED if a reason has not been + * {@code BasicReason.UNSPECIFIED} if a reason has not been * specified * * @since 1.7 diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathValidatorResult.java --- a/jdk/src/share/classes/java/security/cert/CertPathValidatorResult.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathValidatorResult.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,10 +41,10 @@ public interface CertPathValidatorResult extends Cloneable { /** - * Makes a copy of this CertPathValidatorResult. Changes to the + * Makes a copy of this {@code CertPathValidatorResult}. Changes to the * copy will not affect the original and vice versa. * - * @return a copy of this CertPathValidatorResult + * @return a copy of this {@code CertPathValidatorResult} */ Object clone(); } diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertPathValidatorSpi.java --- a/jdk/src/share/classes/java/security/cert/CertPathValidatorSpi.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertPathValidatorSpi.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,23 +31,23 @@ * * The Service Provider Interface (SPI) * for the {@link CertPathValidator CertPathValidator} class. All - * CertPathValidator implementations must include a class (the - * SPI class) that extends this class (CertPathValidatorSpi) + * {@code CertPathValidator} implementations must include a class (the + * SPI class) that extends this class ({@code CertPathValidatorSpi}) * and implements all of its methods. In general, instances of this class - * should only be accessed through the CertPathValidator class. + * should only be accessed through the {@code CertPathValidator} class. * For details, see the Java Cryptography Architecture. *

* Concurrent Access *

* Instances of this class need not be protected against concurrent * access from multiple threads. Threads that need to access a single - * CertPathValidatorSpi instance concurrently should synchronize + * {@code CertPathValidatorSpi} instance concurrently should synchronize * amongst themselves and provide the necessary locking before calling the - * wrapping CertPathValidator object. + * wrapping {@code CertPathValidator} object. *

- * However, implementations of CertPathValidatorSpi may still + * However, implementations of {@code CertPathValidatorSpi} may still * encounter concurrency issues, since multiple threads each - * manipulating a different CertPathValidatorSpi instance need not + * manipulating a different {@code CertPathValidatorSpi} instance need not * synchronize. * * @since 1.4 @@ -64,20 +64,20 @@ * Validates the specified certification path using the specified * algorithm parameter set. *

- * The CertPath specified must be of a type that is + * The {@code CertPath} specified must be of a type that is * supported by the validation algorithm, otherwise an - * InvalidAlgorithmParameterException will be thrown. For - * example, a CertPathValidator that implements the PKIX - * algorithm validates CertPath objects of type X.509. + * {@code InvalidAlgorithmParameterException} will be thrown. For + * example, a {@code CertPathValidator} that implements the PKIX + * algorithm validates {@code CertPath} objects of type X.509. * - * @param certPath the CertPath to be validated + * @param certPath the {@code CertPath} to be validated * @param params the algorithm parameters * @return the result of the validation algorithm - * @exception CertPathValidatorException if the CertPath + * @exception CertPathValidatorException if the {@code CertPath} * does not validate * @exception InvalidAlgorithmParameterException if the specified - * parameters or the type of the specified CertPath are - * inappropriate for this CertPathValidator + * parameters or the type of the specified {@code CertPath} are + * inappropriate for this {@code CertPathValidator} */ public abstract CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertSelector.java --- a/jdk/src/share/classes/java/security/cert/CertSelector.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertSelector.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,9 +27,9 @@ /** * A selector that defines a set of criteria for selecting - * Certificates. Classes that implement this interface - * are often used to specify which Certificates should - * be retrieved from a CertStore. + * {@code Certificate}s. Classes that implement this interface + * are often used to specify which {@code Certificate}s should + * be retrieved from a {@code CertStore}. *

* Concurrent Access *

@@ -49,19 +49,19 @@ public interface CertSelector extends Cloneable { /** - * Decides whether a Certificate should be selected. + * Decides whether a {@code Certificate} should be selected. * - * @param cert the Certificate to be checked - * @return true if the Certificate - * should be selected, false otherwise + * @param cert the {@code Certificate} to be checked + * @return {@code true} if the {@code Certificate} + * should be selected, {@code false} otherwise */ boolean match(Certificate cert); /** - * Makes a copy of this CertSelector. Changes to the + * Makes a copy of this {@code CertSelector}. Changes to the * copy will not affect the original and vice versa. * - * @return a copy of this CertSelector + * @return a copy of this {@code CertSelector} */ Object clone(); } diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertStore.java --- a/jdk/src/share/classes/java/security/cert/CertStore.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertStore.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,32 +38,32 @@ import sun.security.jca.GetInstance.Instance; /** - * A class for retrieving Certificates and CRLs + * A class for retrieving {@code Certificate}s and {@code CRL}s * from a repository. *

* This class uses a provider-based architecture. - * To create a CertStore, call one of the static - * getInstance methods, passing in the type of - * CertStore desired, any applicable initialization parameters + * To create a {@code CertStore}, call one of the static + * {@code getInstance} methods, passing in the type of + * {@code CertStore} desired, any applicable initialization parameters * and optionally the name of the provider desired. *

- * Once the CertStore has been created, it can be used to - * retrieve Certificates and CRLs by calling its + * Once the {@code CertStore} has been created, it can be used to + * retrieve {@code Certificate}s and {@code CRL}s by calling its * {@link #getCertificates(CertSelector selector) getCertificates} and * {@link #getCRLs(CRLSelector selector) getCRLs} methods. *

* Unlike a {@link java.security.KeyStore KeyStore}, which provides access * to a cache of private keys and trusted certificates, a - * CertStore is designed to provide access to a potentially + * {@code CertStore} is designed to provide access to a potentially * vast repository of untrusted certificates and CRLs. For example, an LDAP - * implementation of CertStore provides access to certificates + * implementation of {@code CertStore} provides access to certificates * and CRLs stored in one or more directories using the LDAP protocol and the * schema as defined in the RFC service attribute. * *

Every implementation of the Java platform is required to support the - * following standard CertStore type: + * following standard {@code CertStore} type: *

* This type is described in the @@ -75,10 +75,10 @@ *

* Concurrent Access *

- * All public methods of CertStore objects must be thread-safe. + * All public methods of {@code CertStore} objects must be thread-safe. * That is, multiple threads may concurrently invoke these methods on a - * single CertStore object (or more than one) with no - * ill effects. This allows a CertPathBuilder to search for a + * single {@code CertStore} object (or more than one) with no + * ill effects. This allows a {@code CertPathBuilder} to search for a * CRL while simultaneously searching for further certificates, for instance. *

* The static methods of this class are also guaranteed to be thread-safe. @@ -104,13 +104,13 @@ private CertStoreParameters params; /** - * Creates a CertStore object of the given type, and + * Creates a {@code CertStore} object of the given type, and * encapsulates the given provider implementation (SPI object) in it. * * @param storeSpi the provider implementation * @param provider the provider * @param type the type - * @param params the initialization parameters (may be null) + * @param params the initialization parameters (may be {@code null}) */ protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params) { @@ -122,28 +122,28 @@ } /** - * Returns a Collection of Certificates that - * match the specified selector. If no Certificates - * match the selector, an empty Collection will be returned. + * Returns a {@code Collection} of {@code Certificate}s that + * match the specified selector. If no {@code Certificate}s + * match the selector, an empty {@code Collection} will be returned. *

- * For some CertStore types, the resulting - * Collection may not contain all of the - * Certificates that match the selector. For instance, - * an LDAP CertStore may not search all entries in the + * For some {@code CertStore} types, the resulting + * {@code Collection} may not contain all of the + * {@code Certificate}s that match the selector. For instance, + * an LDAP {@code CertStore} may not search all entries in the * directory. Instead, it may just search entries that are likely to - * contain the Certificates it is looking for. + * contain the {@code Certificate}s it is looking for. *

- * Some CertStore implementations (especially LDAP - * CertStores) may throw a CertStoreException - * unless a non-null CertSelector is provided that + * Some {@code CertStore} implementations (especially LDAP + * {@code CertStore}s) may throw a {@code CertStoreException} + * unless a non-null {@code CertSelector} is provided that * includes specific criteria that can be used to find the certificates. * Issuer and/or subject names are especially useful criteria. * - * @param selector A CertSelector used to select which - * Certificates should be returned. Specify null - * to return all Certificates (if supported). - * @return A Collection of Certificates that - * match the specified selector (never null) + * @param selector A {@code CertSelector} used to select which + * {@code Certificate}s should be returned. Specify {@code null} + * to return all {@code Certificate}s (if supported). + * @return A {@code Collection} of {@code Certificate}s that + * match the specified selector (never {@code null}) * @throws CertStoreException if an exception occurs */ public final Collection getCertificates @@ -152,28 +152,28 @@ } /** - * Returns a Collection of CRLs that - * match the specified selector. If no CRLs - * match the selector, an empty Collection will be returned. + * Returns a {@code Collection} of {@code CRL}s that + * match the specified selector. If no {@code CRL}s + * match the selector, an empty {@code Collection} will be returned. *

- * For some CertStore types, the resulting - * Collection may not contain all of the - * CRLs that match the selector. For instance, - * an LDAP CertStore may not search all entries in the + * For some {@code CertStore} types, the resulting + * {@code Collection} may not contain all of the + * {@code CRL}s that match the selector. For instance, + * an LDAP {@code CertStore} may not search all entries in the * directory. Instead, it may just search entries that are likely to - * contain the CRLs it is looking for. + * contain the {@code CRL}s it is looking for. *

- * Some CertStore implementations (especially LDAP - * CertStores) may throw a CertStoreException - * unless a non-null CRLSelector is provided that + * Some {@code CertStore} implementations (especially LDAP + * {@code CertStore}s) may throw a {@code CertStoreException} + * unless a non-null {@code CRLSelector} is provided that * includes specific criteria that can be used to find the CRLs. * Issuer names and/or the certificate to be checked are especially useful. * - * @param selector A CRLSelector used to select which - * CRLs should be returned. Specify null - * to return all CRLs (if supported). - * @return A Collection of CRLs that - * match the specified selector (never null) + * @param selector A {@code CRLSelector} used to select which + * {@code CRL}s should be returned. Specify {@code null} + * to return all {@code CRL}s (if supported). + * @return A {@code Collection} of {@code CRL}s that + * match the specified selector (never {@code null}) * @throws CertStoreException if an exception occurs */ public final Collection getCRLs(CRLSelector selector) @@ -182,8 +182,8 @@ } /** - * Returns a CertStore object that implements the specified - * CertStore type and is initialized with the specified + * Returns a {@code CertStore} object that implements the specified + * {@code CertStore} type and is initialized with the specified * parameters. * *

This method traverses the list of registered security Providers, @@ -195,29 +195,29 @@ *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * - *

The CertStore that is returned is initialized with the - * specified CertStoreParameters. The type of parameters - * needed may vary between different types of CertStores. - * Note that the specified CertStoreParameters object is + *

The {@code CertStore} that is returned is initialized with the + * specified {@code CertStoreParameters}. The type of parameters + * needed may vary between different types of {@code CertStore}s. + * Note that the specified {@code CertStoreParameters} object is * cloned. * - * @param type the name of the requested CertStore type. + * @param type the name of the requested {@code CertStore} type. * See the CertStore section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard types. * - * @param params the initialization parameters (may be null). + * @param params the initialization parameters (may be {@code null}). * - * @return a CertStore object that implements the specified - * CertStore type. + * @return a {@code CertStore} object that implements the specified + * {@code CertStore} type. * * @throws NoSuchAlgorithmException if no Provider supports a * CertStoreSpi implementation for the specified type. * * @throws InvalidAlgorithmParameterException if the specified * initialization parameters are inappropriate for this - * CertStore. + * {@code CertStore}. * * @see java.security.Provider */ @@ -244,8 +244,8 @@ } /** - * Returns a CertStore object that implements the specified - * CertStore type. + * Returns a {@code CertStore} object that implements the specified + * {@code CertStore} type. * *

A new CertStore object encapsulating the * CertStoreSpi implementation from the specified provider @@ -255,23 +255,23 @@ *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * - *

The CertStore that is returned is initialized with the - * specified CertStoreParameters. The type of parameters - * needed may vary between different types of CertStores. - * Note that the specified CertStoreParameters object is + *

The {@code CertStore} that is returned is initialized with the + * specified {@code CertStoreParameters}. The type of parameters + * needed may vary between different types of {@code CertStore}s. + * Note that the specified {@code CertStoreParameters} object is * cloned. * - * @param type the requested CertStore type. + * @param type the requested {@code CertStore} type. * See the CertStore section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard types. * - * @param params the initialization parameters (may be null). + * @param params the initialization parameters (may be {@code null}). * * @param provider the name of the provider. * - * @return a CertStore object that implements the + * @return a {@code CertStore} object that implements the * specified type. * * @throws NoSuchAlgorithmException if a CertStoreSpi @@ -280,12 +280,12 @@ * * @throws InvalidAlgorithmParameterException if the specified * initialization parameters are inappropriate for this - * CertStore. + * {@code CertStore}. * * @throws NoSuchProviderException if the specified provider is not * registered in the security provider list. * - * @exception IllegalArgumentException if the provider is + * @exception IllegalArgumentException if the {@code provider} is * null or empty. * * @see java.security.Provider @@ -305,31 +305,31 @@ } /** - * Returns a CertStore object that implements the specified - * CertStore type. + * Returns a {@code CertStore} object that implements the specified + * {@code CertStore} type. * *

A new CertStore object encapsulating the * CertStoreSpi implementation from the specified Provider * object is returned. Note that the specified Provider object * does not have to be registered in the provider list. * - *

The CertStore that is returned is initialized with the - * specified CertStoreParameters. The type of parameters - * needed may vary between different types of CertStores. - * Note that the specified CertStoreParameters object is + *

The {@code CertStore} that is returned is initialized with the + * specified {@code CertStoreParameters}. The type of parameters + * needed may vary between different types of {@code CertStore}s. + * Note that the specified {@code CertStoreParameters} object is * cloned. * - * @param type the requested CertStore type. + * @param type the requested {@code CertStore} type. * See the CertStore section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard types. * - * @param params the initialization parameters (may be null). + * @param params the initialization parameters (may be {@code null}). * * @param provider the provider. * - * @return a CertStore object that implements the + * @return a {@code CertStore} object that implements the * specified type. * * @exception NoSuchAlgorithmException if a CertStoreSpi @@ -338,9 +338,9 @@ * * @throws InvalidAlgorithmParameterException if the specified * initialization parameters are inappropriate for this - * CertStore + * {@code CertStore} * - * @exception IllegalArgumentException if the provider is + * @exception IllegalArgumentException if the {@code provider} is * null. * * @see java.security.Provider @@ -359,30 +359,30 @@ } /** - * Returns the parameters used to initialize this CertStore. - * Note that the CertStoreParameters object is cloned before + * Returns the parameters used to initialize this {@code CertStore}. + * Note that the {@code CertStoreParameters} object is cloned before * it is returned. * - * @return the parameters used to initialize this CertStore - * (may be null) + * @return the parameters used to initialize this {@code CertStore} + * (may be {@code null}) */ public final CertStoreParameters getCertStoreParameters() { return (params == null ? null : (CertStoreParameters) params.clone()); } /** - * Returns the type of this CertStore. + * Returns the type of this {@code CertStore}. * - * @return the type of this CertStore + * @return the type of this {@code CertStore} */ public final String getType() { return this.type; } /** - * Returns the provider of this CertStore. + * Returns the provider of this {@code CertStore}. * - * @return the provider of this CertStore + * @return the provider of this {@code CertStore} */ public final Provider getProvider() { return this.provider; diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertStoreException.java --- a/jdk/src/share/classes/java/security/cert/CertStoreException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertStoreException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,9 +29,9 @@ /** * An exception indicating one of a variety of problems retrieving - * certificates and CRLs from a CertStore. + * certificates and CRLs from a {@code CertStore}. *

- * A CertStoreException provides support for wrapping + * A {@code CertStoreException} provides support for wrapping * exceptions. The {@link #getCause getCause} method returns the throwable, * if any, that caused this exception to be thrown. *

@@ -53,7 +53,7 @@ private static final long serialVersionUID = 2395296107471573245L; /** - * Creates a CertStoreException with null as + * Creates a {@code CertStoreException} with {@code null} as * its detail message. */ public CertStoreException() { @@ -61,8 +61,8 @@ } /** - * Creates a CertStoreException with the given detail - * message. A detail message is a String that describes this + * Creates a {@code CertStoreException} with the given detail + * message. A detail message is a {@code String} that describes this * particular exception. * * @param msg the detail message @@ -72,15 +72,15 @@ } /** - * Creates a CertStoreException that wraps the specified + * Creates a {@code CertStoreException} that wraps the specified * throwable. This allows any exception to be converted into a - * CertStoreException, while retaining information about the + * {@code CertStoreException}, while retaining information about the * cause, which may be useful for debugging. The detail message is - * set to (cause==null ? null : cause.toString()) (which + * set to ({@code cause==null ? null : cause.toString()}) (which * typically contains the class and detail message of cause). * * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause getCause()} method). (A null value is + * {@link #getCause getCause()} method). (A {@code null} value is * permitted, and indicates that the cause is nonexistent or unknown.) */ public CertStoreException(Throwable cause) { @@ -88,12 +88,12 @@ } /** - * Creates a CertStoreException with the specified detail + * Creates a {@code CertStoreException} with the specified detail * message and cause. * * @param msg the detail message * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause getCause()} method). (A null value is + * {@link #getCause getCause()} method). (A {@code null} value is * permitted, and indicates that the cause is nonexistent or unknown.) */ public CertStoreException(String msg, Throwable cause) { diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertStoreParameters.java --- a/jdk/src/share/classes/java/security/cert/CertStoreParameters.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertStoreParameters.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,20 +26,20 @@ package java.security.cert; /** - * A specification of CertStore parameters. + * A specification of {@code CertStore} parameters. *

* The purpose of this interface is to group (and provide type safety for) - * all CertStore parameter specifications. All - * CertStore parameter specifications must implement this + * all {@code CertStore} parameter specifications. All + * {@code CertStore} parameter specifications must implement this * interface. *

- * Typically, a CertStoreParameters object is passed as a parameter + * Typically, a {@code CertStoreParameters} object is passed as a parameter * to one of the {@link CertStore#getInstance CertStore.getInstance} methods. - * The getInstance method returns a CertStore that - * is used for retrieving Certificates and CRLs. The - * CertStore that is returned is initialized with the specified + * The {@code getInstance} method returns a {@code CertStore} that + * is used for retrieving {@code Certificate}s and {@code CRL}s. The + * {@code CertStore} that is returned is initialized with the specified * parameters. The type of parameters needed may vary between different types - * of CertStores. + * of {@code CertStore}s. * * @see CertStore#getInstance * @@ -49,32 +49,32 @@ public interface CertStoreParameters extends Cloneable { /** - * Makes a copy of this CertStoreParameters. + * Makes a copy of this {@code CertStoreParameters}. *

* The precise meaning of "copy" may depend on the class of - * the CertStoreParameters object. A typical implementation + * the {@code CertStoreParameters} object. A typical implementation * performs a "deep copy" of this object, but this is not an absolute * requirement. Some implementations may perform a "shallow copy" of some * or all of the fields of this object. *

- * Note that the CertStore.getInstance methods make a copy - * of the specified CertStoreParameters. A deep copy - * implementation of clone is safer and more robust, as it - * prevents the caller from corrupting a shared CertStore by + * Note that the {@code CertStore.getInstance} methods make a copy + * of the specified {@code CertStoreParameters}. A deep copy + * implementation of {@code clone} is safer and more robust, as it + * prevents the caller from corrupting a shared {@code CertStore} by * subsequently modifying the contents of its initialization parameters. - * However, a shallow copy implementation of clone is more + * However, a shallow copy implementation of {@code clone} is more * appropriate for applications that need to hold a reference to a - * parameter contained in the CertStoreParameters. For example, + * parameter contained in the {@code CertStoreParameters}. For example, * a shallow copy clone allows an application to release the resources of - * a particular CertStore initialization parameter immediately, + * a particular {@code CertStore} initialization parameter immediately, * rather than waiting for the garbage collection mechanism. This should - * be done with the utmost care, since the CertStore may still + * be done with the utmost care, since the {@code CertStore} may still * be in use by other threads. *

* Each subclass should state the precise behavior of this method so * that users and developers know what to expect. * - * @return a copy of this CertStoreParameters + * @return a copy of this {@code CertStoreParameters} */ Object clone(); } diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertStoreSpi.java --- a/jdk/src/share/classes/java/security/cert/CertStoreSpi.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertStoreSpi.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,26 +30,26 @@ /** * The Service Provider Interface (SPI) - * for the {@link CertStore CertStore} class. All CertStore + * for the {@link CertStore CertStore} class. All {@code CertStore} * implementations must include a class (the SPI class) that extends - * this class (CertStoreSpi), provides a constructor with - * a single argument of type CertStoreParameters, and implements + * this class ({@code CertStoreSpi}), provides a constructor with + * a single argument of type {@code CertStoreParameters}, and implements * all of its methods. In general, instances of this class should only be - * accessed through the CertStore class. + * accessed through the {@code CertStore} class. * For details, see the Java Cryptography Architecture. *

* Concurrent Access *

- * The public methods of all CertStoreSpi objects must be + * The public methods of all {@code CertStoreSpi} objects must be * thread-safe. That is, multiple threads may concurrently invoke these - * methods on a single CertStoreSpi object (or more than one) - * with no ill effects. This allows a CertPathBuilder to search + * methods on a single {@code CertStoreSpi} object (or more than one) + * with no ill effects. This allows a {@code CertPathBuilder} to search * for a CRL while simultaneously searching for further certificates, for * instance. *

- * Simple CertStoreSpi implementations will probably ensure - * thread safety by adding a synchronized keyword to their - * engineGetCertificates and engineGetCRLs methods. + * Simple {@code CertStoreSpi} implementations will probably ensure + * thread safety by adding a {@code synchronized} keyword to their + * {@code engineGetCertificates} and {@code engineGetCRLs} methods. * More sophisticated ones may allow truly concurrent access. * * @since 1.4 @@ -60,64 +60,64 @@ /** * The sole constructor. * - * @param params the initialization parameters (may be null) + * @param params the initialization parameters (may be {@code null}) * @throws InvalidAlgorithmParameterException if the initialization - * parameters are inappropriate for this CertStoreSpi + * parameters are inappropriate for this {@code CertStoreSpi} */ public CertStoreSpi(CertStoreParameters params) throws InvalidAlgorithmParameterException { } /** - * Returns a Collection of Certificates that - * match the specified selector. If no Certificates - * match the selector, an empty Collection will be returned. + * Returns a {@code Collection} of {@code Certificate}s that + * match the specified selector. If no {@code Certificate}s + * match the selector, an empty {@code Collection} will be returned. *

- * For some CertStore types, the resulting - * Collection may not contain all of the - * Certificates that match the selector. For instance, - * an LDAP CertStore may not search all entries in the + * For some {@code CertStore} types, the resulting + * {@code Collection} may not contain all of the + * {@code Certificate}s that match the selector. For instance, + * an LDAP {@code CertStore} may not search all entries in the * directory. Instead, it may just search entries that are likely to - * contain the Certificates it is looking for. + * contain the {@code Certificate}s it is looking for. *

- * Some CertStore implementations (especially LDAP - * CertStores) may throw a CertStoreException - * unless a non-null CertSelector is provided that includes + * Some {@code CertStore} implementations (especially LDAP + * {@code CertStore}s) may throw a {@code CertStoreException} + * unless a non-null {@code CertSelector} is provided that includes * specific criteria that can be used to find the certificates. Issuer * and/or subject names are especially useful criteria. * - * @param selector A CertSelector used to select which - * Certificates should be returned. Specify null - * to return all Certificates (if supported). - * @return A Collection of Certificates that - * match the specified selector (never null) + * @param selector A {@code CertSelector} used to select which + * {@code Certificate}s should be returned. Specify {@code null} + * to return all {@code Certificate}s (if supported). + * @return A {@code Collection} of {@code Certificate}s that + * match the specified selector (never {@code null}) * @throws CertStoreException if an exception occurs */ public abstract Collection engineGetCertificates (CertSelector selector) throws CertStoreException; /** - * Returns a Collection of CRLs that - * match the specified selector. If no CRLs - * match the selector, an empty Collection will be returned. + * Returns a {@code Collection} of {@code CRL}s that + * match the specified selector. If no {@code CRL}s + * match the selector, an empty {@code Collection} will be returned. *

- * For some CertStore types, the resulting - * Collection may not contain all of the - * CRLs that match the selector. For instance, - * an LDAP CertStore may not search all entries in the + * For some {@code CertStore} types, the resulting + * {@code Collection} may not contain all of the + * {@code CRL}s that match the selector. For instance, + * an LDAP {@code CertStore} may not search all entries in the * directory. Instead, it may just search entries that are likely to - * contain the CRLs it is looking for. + * contain the {@code CRL}s it is looking for. *

- * Some CertStore implementations (especially LDAP - * CertStores) may throw a CertStoreException - * unless a non-null CRLSelector is provided that includes + * Some {@code CertStore} implementations (especially LDAP + * {@code CertStore}s) may throw a {@code CertStoreException} + * unless a non-null {@code CRLSelector} is provided that includes * specific criteria that can be used to find the CRLs. Issuer names * and/or the certificate to be checked are especially useful. * - * @param selector A CRLSelector used to select which - * CRLs should be returned. Specify null - * to return all CRLs (if supported). - * @return A Collection of CRLs that - * match the specified selector (never null) + * @param selector A {@code CRLSelector} used to select which + * {@code CRL}s should be returned. Specify {@code null} + * to return all {@code CRL}s (if supported). + * @return A {@code Collection} of {@code CRL}s that + * match the specified selector (never {@code null}) * @throws CertStoreException if an exception occurs */ public abstract Collection engineGetCRLs diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/Certificate.java --- a/jdk/src/share/classes/java/security/cert/Certificate.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/Certificate.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -90,8 +90,8 @@ /** * Compares this certificate for equality with the specified - * object. If the other object is an - * instanceof Certificate, then + * object. If the {@code other} object is an + * {@code instanceof} {@code Certificate}, then * its encoded form is retrieved and compared with the * encoded form of this certificate. * @@ -196,8 +196,8 @@ * *

This method was added to version 1.8 of the Java Platform * Standard Edition. In order to maintain backwards compatibility with - * existing service providers, this method cannot be abstract - * and by default throws an UnsupportedOperationException. + * existing service providers, this method cannot be {@code abstract} + * and by default throws an {@code UnsupportedOperationException}. * * @param key the PublicKey used to carry out the verification. * @param sigProvider the signature provider. diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateEncodingException.java --- a/jdk/src/share/classes/java/security/cert/CertificateEncodingException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateEncodingException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -56,13 +56,13 @@ } /** - * Creates a CertificateEncodingException with the specified + * Creates a {@code CertificateEncodingException} with the specified * detail message and cause. * * @param message the detail message (which is saved for later retrieval * by the {@link #getMessage()} method). * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ @@ -71,14 +71,14 @@ } /** - * Creates a CertificateEncodingException + * Creates a {@code CertificateEncodingException} * with the specified cause and a detail message of - * (cause==null ? null : cause.toString()) + * {@code (cause==null ? null : cause.toString())} * (which typically contains the class and detail message of - * cause). + * {@code cause}). * * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateException.java --- a/jdk/src/share/classes/java/security/cert/CertificateException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,13 +57,13 @@ } /** - * Creates a CertificateException with the specified + * Creates a {@code CertificateException} with the specified * detail message and cause. * * @param message the detail message (which is saved for later retrieval * by the {@link #getMessage()} method). * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ @@ -72,13 +72,13 @@ } /** - * Creates a CertificateException with the specified cause - * and a detail message of (cause==null ? null : cause.toString()) + * Creates a {@code CertificateException} with the specified cause + * and a detail message of {@code (cause==null ? null : cause.toString())} * (which typically contains the class and detail message of - * cause). + * {@code cause}). * * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateExpiredException.java --- a/jdk/src/share/classes/java/security/cert/CertificateExpiredException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateExpiredException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,8 +27,8 @@ /** * Certificate Expired Exception. This is thrown whenever the current - * Date or the specified Date is after the - * notAfter date/time specified in the validity period + * {@code Date} or the specified {@code Date} is after the + * {@code notAfter} date/time specified in the validity period * of the certificate. * * @author Hemma Prafullchandra diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateFactory.java --- a/jdk/src/share/classes/java/security/cert/CertificateFactory.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateFactory.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,27 +41,27 @@ /** * This class defines the functionality of a certificate factory, which is - * used to generate certificate, certification path (CertPath) + * used to generate certificate, certification path ({@code CertPath}) * and certificate revocation list (CRL) objects from their encodings. * *

For encodings consisting of multiple certificates, use - * generateCertificates when you want to + * {@code generateCertificates} when you want to * parse a collection of possibly unrelated certificates. Otherwise, - * use generateCertPath when you want to generate - * a CertPath (a certificate chain) and subsequently - * validate it with a CertPathValidator. + * use {@code generateCertPath} when you want to generate + * a {@code CertPath} (a certificate chain) and subsequently + * validate it with a {@code CertPathValidator}. * *

A certificate factory for X.509 must return certificates that are an - * instance of java.security.cert.X509Certificate, and CRLs - * that are an instance of java.security.cert.X509CRL. + * instance of {@code java.security.cert.X509Certificate}, and CRLs + * that are an instance of {@code java.security.cert.X509CRL}. * *

The following example reads a file with Base64 encoded certificates, * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and * bounded at the end by -----END CERTIFICATE-----. We convert the - * FileInputStream (which does not support mark - * and reset) to a BufferedInputStream (which + * {@code FileInputStream} (which does not support {@code mark} + * and {@code reset}) to a {@code BufferedInputStream} (which * supports those methods), so that each call to - * generateCertificate consumes only one certificate, and the + * {@code generateCertificate} consumes only one certificate, and the * read position of the input stream is positioned to the next certificate in * the file:

* @@ -92,14 +92,14 @@ * * *

Every implementation of the Java platform is required to support the - * following standard CertificateFactory type: + * following standard {@code CertificateFactory} type: *

- * and the following standard CertPath encodings: + * and the following standard {@code CertPath} encodings: * * The type and encodings are described in the @@ -258,7 +258,7 @@ * implementation for the specified algorithm is not available * from the specified Provider object. * - * @exception IllegalArgumentException if the provider is + * @exception IllegalArgumentException if the {@code provider} is * null. * * @see java.security.Provider @@ -299,17 +299,17 @@ /** * Generates a certificate object and initializes it with - * the data read from the input stream inStream. + * the data read from the input stream {@code inStream}. * *

In order to take advantage of the specialized certificate format * supported by this certificate factory, * the returned certificate object can be typecast to the corresponding * certificate class. For example, if this certificate * factory implements X.509 certificates, the returned certificate object - * can be typecast to the X509Certificate class. + * can be typecast to the {@code X509Certificate} class. * *

In the case of a certificate factory for X.509 certificates, the - * certificate provided in inStream must be DER-encoded and + * certificate provided in {@code inStream} must be DER-encoded and * may be supplied in binary or printable (Base64) encoding. If the * certificate is provided in Base64 encoding, it must be bounded at * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at @@ -324,7 +324,7 @@ * the inherent end-of-certificate marker. If the data in the input stream * does not contain an inherent end-of-certificate marker (other * than EOF) and there is trailing data after the certificate is parsed, a - * CertificateException is thrown. + * {@code CertificateException} is thrown. * * @param inStream an input stream with the certificate data. * @@ -340,19 +340,19 @@ } /** - * Returns an iteration of the CertPath encodings supported + * Returns an iteration of the {@code CertPath} encodings supported * by this certificate factory, with the default encoding first. See * the CertPath Encodings section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard encoding names and their formats. *

- * Attempts to modify the returned Iterator via its - * remove method result in an - * UnsupportedOperationException. + * Attempts to modify the returned {@code Iterator} via its + * {@code remove} method result in an + * {@code UnsupportedOperationException}. * - * @return an Iterator over the names of the supported - * CertPath encodings (as Strings) + * @return an {@code Iterator} over the names of the supported + * {@code CertPath} encodings (as {@code String}s) * @since 1.4 */ public final Iterator getCertPathEncodings() { @@ -360,15 +360,15 @@ } /** - * Generates a CertPath object and initializes it with - * the data read from the InputStream inStream. The data + * Generates a {@code CertPath} object and initializes it with + * the data read from the {@code InputStream} inStream. The data * is assumed to be in the default encoding. The name of the default - * encoding is the first element of the Iterator returned by + * encoding is the first element of the {@code Iterator} returned by * the {@link #getCertPathEncodings getCertPathEncodings} method. * - * @param inStream an InputStream containing the data - * @return a CertPath initialized with the data from the - * InputStream + * @param inStream an {@code InputStream} containing the data + * @return a {@code CertPath} initialized with the data from the + * {@code InputStream} * @exception CertificateException if an exception occurs while decoding * @since 1.4 */ @@ -379,18 +379,18 @@ } /** - * Generates a CertPath object and initializes it with - * the data read from the InputStream inStream. The data + * Generates a {@code CertPath} object and initializes it with + * the data read from the {@code InputStream} inStream. The data * is assumed to be in the specified encoding. See * the CertPath Encodings section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard encoding names and their formats. * - * @param inStream an InputStream containing the data + * @param inStream an {@code InputStream} containing the data * @param encoding the encoding used for the data - * @return a CertPath initialized with the data from the - * InputStream + * @return a {@code CertPath} initialized with the data from the + * {@code InputStream} * @exception CertificateException if an exception occurs while decoding or * the encoding requested is not supported * @since 1.4 @@ -402,15 +402,15 @@ } /** - * Generates a CertPath object and initializes it with - * a List of Certificates. + * Generates a {@code CertPath} object and initializes it with + * a {@code List} of {@code Certificate}s. *

* The certificates supplied must be of a type supported by the - * CertificateFactory. They will be copied out of the supplied - * List object. + * {@code CertificateFactory}. They will be copied out of the supplied + * {@code List} object. * - * @param certificates a List of Certificates - * @return a CertPath initialized with the supplied list of + * @param certificates a {@code List} of {@code Certificate}s + * @return a {@code CertPath} initialized with the supplied list of * certificates * @exception CertificateException if an exception occurs * @since 1.4 @@ -424,20 +424,20 @@ /** * Returns a (possibly empty) collection view of the certificates read - * from the given input stream inStream. + * from the given input stream {@code inStream}. * *

In order to take advantage of the specialized certificate format * supported by this certificate factory, each element in * the returned collection view can be typecast to the corresponding * certificate class. For example, if this certificate * factory implements X.509 certificates, the elements in the returned - * collection can be typecast to the X509Certificate class. + * collection can be typecast to the {@code X509Certificate} class. * *

In the case of a certificate factory for X.509 certificates, - * inStream may contain a sequence of DER-encoded certificates + * {@code inStream} may contain a sequence of DER-encoded certificates * in the formats described for * {@link #generateCertificate(java.io.InputStream) generateCertificate}. - * In addition, inStream may contain a PKCS#7 certificate + * In addition, {@code inStream} may contain a PKCS#7 certificate * chain. This is a PKCS#7 SignedData object, with the only * significant field being certificates. In particular, the * signature and the contents are ignored. This format allows multiple @@ -464,14 +464,14 @@ /** * Generates a certificate revocation list (CRL) object and initializes it - * with the data read from the input stream inStream. + * with the data read from the input stream {@code inStream}. * *

In order to take advantage of the specialized CRL format * supported by this certificate factory, * the returned CRL object can be typecast to the corresponding * CRL class. For example, if this certificate * factory implements X.509 CRLs, the returned CRL object - * can be typecast to the X509CRL class. + * can be typecast to the {@code X509CRL} class. * *

Note that if the given input stream does not support * {@link java.io.InputStream#mark(int) mark} and @@ -482,7 +482,7 @@ * end-of-CRL marker. If the data in the * input stream does not contain an inherent end-of-CRL marker (other * than EOF) and there is trailing data after the CRL is parsed, a - * CRLException is thrown. + * {@code CRLException} is thrown. * * @param inStream an input stream with the CRL data. * @@ -499,18 +499,18 @@ /** * Returns a (possibly empty) collection view of the CRLs read - * from the given input stream inStream. + * from the given input stream {@code inStream}. * *

In order to take advantage of the specialized CRL format * supported by this certificate factory, each element in * the returned collection view can be typecast to the corresponding * CRL class. For example, if this certificate * factory implements X.509 CRLs, the elements in the returned - * collection can be typecast to the X509CRL class. + * collection can be typecast to the {@code X509CRL} class. * *

In the case of a certificate factory for X.509 CRLs, - * inStream may contain a sequence of DER-encoded CRLs. - * In addition, inStream may contain a PKCS#7 CRL + * {@code inStream} may contain a sequence of DER-encoded CRLs. + * In addition, {@code inStream} may contain a PKCS#7 CRL * set. This is a PKCS#7 SignedData object, with the only * significant field being crls. In particular, the * signature and the contents are ignored. This format allows multiple diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateFactorySpi.java --- a/jdk/src/share/classes/java/security/cert/CertificateFactorySpi.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateFactorySpi.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,18 +35,18 @@ /** * This class defines the Service Provider Interface (SPI) - * for the CertificateFactory class. + * for the {@code CertificateFactory} class. * All the abstract methods in this class must be implemented by each * cryptographic service provider who wishes to supply the implementation * of a certificate factory for a particular certificate type, e.g., X.509. * *

Certificate factories are used to generate certificate, certification path - * (CertPath) and certificate revocation list (CRL) objects from + * ({@code CertPath}) and certificate revocation list (CRL) objects from * their encodings. * *

A certificate factory for X.509 must return certificates that are an - * instance of java.security.cert.X509Certificate, and CRLs - * that are an instance of java.security.cert.X509CRL. + * instance of {@code java.security.cert.X509Certificate}, and CRLs + * that are an instance of {@code java.security.cert.X509CRL}. * * @author Hemma Prafullchandra * @author Jan Luehe @@ -67,17 +67,17 @@ /** * Generates a certificate object and initializes it with - * the data read from the input stream inStream. + * the data read from the input stream {@code inStream}. * *

In order to take advantage of the specialized certificate format * supported by this certificate factory, * the returned certificate object can be typecast to the corresponding * certificate class. For example, if this certificate * factory implements X.509 certificates, the returned certificate object - * can be typecast to the X509Certificate class. + * can be typecast to the {@code X509Certificate} class. * *

In the case of a certificate factory for X.509 certificates, the - * certificate provided in inStream must be DER-encoded and + * certificate provided in {@code inStream} must be DER-encoded and * may be supplied in binary or printable (Base64) encoding. If the * certificate is provided in Base64 encoding, it must be bounded at * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at @@ -92,7 +92,7 @@ * end-of-certificate marker. If the data in the * input stream does not contain an inherent end-of-certificate marker (other * than EOF) and there is trailing data after the certificate is parsed, a - * CertificateException is thrown. + * {@code CertificateException} is thrown. * * @param inStream an input stream with the certificate data. * @@ -105,18 +105,18 @@ throws CertificateException; /** - * Generates a CertPath object and initializes it with - * the data read from the InputStream inStream. The data + * Generates a {@code CertPath} object and initializes it with + * the data read from the {@code InputStream} inStream. The data * is assumed to be in the default encoding. * *

This method was added to version 1.4 of the Java 2 Platform * Standard Edition. In order to maintain backwards compatibility with - * existing service providers, this method cannot be abstract - * and by default throws an UnsupportedOperationException. + * existing service providers, this method cannot be {@code abstract} + * and by default throws an {@code UnsupportedOperationException}. * - * @param inStream an InputStream containing the data - * @return a CertPath initialized with the data from the - * InputStream + * @param inStream an {@code InputStream} containing the data + * @return a {@code CertPath} initialized with the data from the + * {@code InputStream} * @exception CertificateException if an exception occurs while decoding * @exception UnsupportedOperationException if the method is not supported * @since 1.4 @@ -128,19 +128,19 @@ } /** - * Generates a CertPath object and initializes it with - * the data read from the InputStream inStream. The data + * Generates a {@code CertPath} object and initializes it with + * the data read from the {@code InputStream} inStream. The data * is assumed to be in the specified encoding. * *

This method was added to version 1.4 of the Java 2 Platform * Standard Edition. In order to maintain backwards compatibility with - * existing service providers, this method cannot be abstract - * and by default throws an UnsupportedOperationException. + * existing service providers, this method cannot be {@code abstract} + * and by default throws an {@code UnsupportedOperationException}. * - * @param inStream an InputStream containing the data + * @param inStream an {@code InputStream} containing the data * @param encoding the encoding used for the data - * @return a CertPath initialized with the data from the - * InputStream + * @return a {@code CertPath} initialized with the data from the + * {@code InputStream} * @exception CertificateException if an exception occurs while decoding or * the encoding requested is not supported * @exception UnsupportedOperationException if the method is not supported @@ -153,20 +153,20 @@ } /** - * Generates a CertPath object and initializes it with - * a List of Certificates. + * Generates a {@code CertPath} object and initializes it with + * a {@code List} of {@code Certificate}s. *

* The certificates supplied must be of a type supported by the - * CertificateFactory. They will be copied out of the supplied - * List object. + * {@code CertificateFactory}. They will be copied out of the supplied + * {@code List} object. * *

This method was added to version 1.4 of the Java 2 Platform * Standard Edition. In order to maintain backwards compatibility with - * existing service providers, this method cannot be abstract - * and by default throws an UnsupportedOperationException. + * existing service providers, this method cannot be {@code abstract} + * and by default throws an {@code UnsupportedOperationException}. * - * @param certificates a List of Certificates - * @return a CertPath initialized with the supplied list of + * @param certificates a {@code List} of {@code Certificate}s + * @return a {@code CertPath} initialized with the supplied list of * certificates * @exception CertificateException if an exception occurs * @exception UnsupportedOperationException if the method is not supported @@ -180,24 +180,24 @@ } /** - * Returns an iteration of the CertPath encodings supported + * Returns an iteration of the {@code CertPath} encodings supported * by this certificate factory, with the default encoding first. See * the CertPath Encodings section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard encoding names. *

- * Attempts to modify the returned Iterator via its - * remove method result in an - * UnsupportedOperationException. + * Attempts to modify the returned {@code Iterator} via its + * {@code remove} method result in an + * {@code UnsupportedOperationException}. * *

This method was added to version 1.4 of the Java 2 Platform * Standard Edition. In order to maintain backwards compatibility with - * existing service providers, this method cannot be abstract - * and by default throws an UnsupportedOperationException. + * existing service providers, this method cannot be {@code abstract} + * and by default throws an {@code UnsupportedOperationException}. * - * @return an Iterator over the names of the supported - * CertPath encodings (as Strings) + * @return an {@code Iterator} over the names of the supported + * {@code CertPath} encodings (as {@code String}s) * @exception UnsupportedOperationException if the method is not supported * @since 1.4 */ @@ -207,21 +207,21 @@ /** * Returns a (possibly empty) collection view of the certificates read - * from the given input stream inStream. + * from the given input stream {@code inStream}. * *

In order to take advantage of the specialized certificate format * supported by this certificate factory, each element in * the returned collection view can be typecast to the corresponding * certificate class. For example, if this certificate * factory implements X.509 certificates, the elements in the returned - * collection can be typecast to the X509Certificate class. + * collection can be typecast to the {@code X509Certificate} class. * *

In the case of a certificate factory for X.509 certificates, - * inStream may contain a single DER-encoded certificate + * {@code inStream} may contain a single DER-encoded certificate * in the formats described for * {@link CertificateFactory#generateCertificate(java.io.InputStream) * generateCertificate}. - * In addition, inStream may contain a PKCS#7 certificate + * In addition, {@code inStream} may contain a PKCS#7 certificate * chain. This is a PKCS#7 SignedData object, with the only * significant field being certificates. In particular, the * signature and the contents are ignored. This format allows multiple @@ -247,14 +247,14 @@ /** * Generates a certificate revocation list (CRL) object and initializes it - * with the data read from the input stream inStream. + * with the data read from the input stream {@code inStream}. * *

In order to take advantage of the specialized CRL format * supported by this certificate factory, * the returned CRL object can be typecast to the corresponding * CRL class. For example, if this certificate * factory implements X.509 CRLs, the returned CRL object - * can be typecast to the X509CRL class. + * can be typecast to the {@code X509CRL} class. * *

Note that if the given input stream does not support * {@link java.io.InputStream#mark(int) mark} and @@ -265,7 +265,7 @@ * end-of-CRL marker. If the data in the * input stream does not contain an inherent end-of-CRL marker (other * than EOF) and there is trailing data after the CRL is parsed, a - * CRLException is thrown. + * {@code CRLException} is thrown. * * @param inStream an input stream with the CRL data. * @@ -279,18 +279,18 @@ /** * Returns a (possibly empty) collection view of the CRLs read - * from the given input stream inStream. + * from the given input stream {@code inStream}. * *

In order to take advantage of the specialized CRL format * supported by this certificate factory, each element in * the returned collection view can be typecast to the corresponding * CRL class. For example, if this certificate * factory implements X.509 CRLs, the elements in the returned - * collection can be typecast to the X509CRL class. + * collection can be typecast to the {@code X509CRL} class. * *

In the case of a certificate factory for X.509 CRLs, - * inStream may contain a single DER-encoded CRL. - * In addition, inStream may contain a PKCS#7 CRL + * {@code inStream} may contain a single DER-encoded CRL. + * In addition, {@code inStream} may contain a PKCS#7 CRL * set. This is a PKCS#7 SignedData object, with the only * significant field being crls. In particular, the * signature and the contents are ignored. This format allows multiple diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateNotYetValidException.java --- a/jdk/src/share/classes/java/security/cert/CertificateNotYetValidException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateNotYetValidException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,8 +27,8 @@ /** * Certificate is not yet valid exception. This is thrown whenever - * the current Date or the specified Date - * is before the notBefore date/time in the Certificate + * the current {@code Date} or the specified {@code Date} + * is before the {@code notBefore} date/time in the Certificate * validity period. * * @author Hemma Prafullchandra diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateParsingException.java --- a/jdk/src/share/classes/java/security/cert/CertificateParsingException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateParsingException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,13 +57,13 @@ } /** - * Creates a CertificateParsingException with the specified + * Creates a {@code CertificateParsingException} with the specified * detail message and cause. * * @param message the detail message (which is saved for later retrieval * by the {@link #getMessage()} method). * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ @@ -72,14 +72,14 @@ } /** - * Creates a CertificateParsingException with the + * Creates a {@code CertificateParsingException} with the * specified cause and a detail message of - * (cause==null ? null : cause.toString()) + * {@code (cause==null ? null : cause.toString())} * (which typically contains the class and detail message of - * cause). + * {@code cause}). * * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A null value is permitted, + * {@link #getCause()} method). (A {@code null} value is permitted, * and indicates that the cause is nonexistent or unknown.) * @since 1.5 */ diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CertificateRevokedException.java --- a/jdk/src/share/classes/java/security/cert/CertificateRevokedException.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CertificateRevokedException.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,7 +39,7 @@ /** * An exception that indicates an X.509 certificate is revoked. A - * CertificateRevokedException contains additional information + * {@code CertificateRevokedException} contains additional information * about the revoked certificate, such as the date on which the * certificate was revoked and the reason it was revoked. * @@ -60,7 +60,7 @@ */ private final CRLReason reason; /** - * @serial the X500Principal that represents the name of the + * @serial the {@code X500Principal} that represents the name of the * authority that signed the certificate's revocation status information */ private final X500Principal authority; @@ -68,7 +68,7 @@ private transient Map extensions; /** - * Constructs a CertificateRevokedException with + * Constructs a {@code CertificateRevokedException} with * the specified revocation date, reason code, authority name, and map * of extensions. * @@ -78,12 +78,12 @@ * @param extensions a map of X.509 Extensions. Each key is an OID String * that maps to the corresponding Extension. The map is copied to * prevent subsequent modification. - * @param authority the X500Principal that represents the name + * @param authority the {@code X500Principal} that represents the name * of the authority that signed the certificate's revocation status * information - * @throws NullPointerException if revocationDate, - * reason, authority, or - * extensions is null + * @throws NullPointerException if {@code revocationDate}, + * {@code reason}, {@code authority}, or + * {@code extensions} is {@code null} */ public CertificateRevokedException(Date revocationDate, CRLReason reason, X500Principal authority, Map extensions) { @@ -121,7 +121,7 @@ * Returns the name of the authority that signed the certificate's * revocation status information. * - * @return the X500Principal that represents the name of the + * @return the {@code X500Principal} that represents the name of the * authority that signed the certificate's revocation status information */ public X500Principal getAuthorityName() { @@ -130,16 +130,16 @@ /** * Returns the invalidity date, as specifed in the Invalidity Date - * extension of this CertificateRevokedException. The + * extension of this {@code CertificateRevokedException}. The * invalidity date is the date on which it is known or suspected that the * private key was compromised or that the certificate otherwise became - * invalid. This implementation calls getExtensions() and + * invalid. This implementation calls {@code getExtensions()} and * checks the returned map for an entry for the Invalidity Date extension * OID ("2.5.29.24"). If found, it returns the invalidity date in the * extension; otherwise null. A new Date object is returned each time the * method is invoked to protect against subsequent modification. * - * @return the invalidity date, or null if not specified + * @return the invalidity date, or {@code null} if not specified */ public Date getInvalidityDate() { Extension ext = getExtensions().get("2.5.29.24"); @@ -176,7 +176,7 @@ } /** - * Serialize this CertificateRevokedException instance. + * Serialize this {@code CertificateRevokedException} instance. * * @serialData the size of the extensions map (int), followed by all of * the extensions in the map, in no particular order. For each extension, @@ -208,7 +208,7 @@ } /** - * Deserialize the CertificateRevokedException instance. + * Deserialize the {@code CertificateRevokedException} instance. */ private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException { diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/CollectionCertStoreParameters.java --- a/jdk/src/share/classes/java/security/cert/CollectionCertStoreParameters.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/CollectionCertStoreParameters.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,13 +30,13 @@ import java.util.Collections; /** - * Parameters used as input for the Collection CertStore + * Parameters used as input for the Collection {@code CertStore} * algorithm. *

* This class is used to provide necessary configuration parameters - * to implementations of the Collection CertStore + * to implementations of the Collection {@code CertStore} * algorithm. The only parameter included in this class is the - * Collection from which the CertStore will + * {@code Collection} from which the {@code CertStore} will * retrieve certificates and CRLs. *

* Concurrent Access @@ -58,30 +58,30 @@ private Collection coll; /** - * Creates an instance of CollectionCertStoreParameters + * Creates an instance of {@code CollectionCertStoreParameters} * which will allow certificates and CRLs to be retrieved from the - * specified Collection. If the specified - * Collection contains an object that is not a - * Certificate or CRL, that object will be - * ignored by the Collection CertStore. + * specified {@code Collection}. If the specified + * {@code Collection} contains an object that is not a + * {@code Certificate} or {@code CRL}, that object will be + * ignored by the Collection {@code CertStore}. *

- * The Collection is not copied. Instead, a + * The {@code Collection} is not copied. Instead, a * reference is used. This allows the caller to subsequently add or - * remove Certificates or CRLs from the - * Collection, thus changing the set of - * Certificates or CRLs available to the - * Collection CertStore. The Collection CertStore - * will not modify the contents of the Collection. + * remove {@code Certificates} or {@code CRL}s from the + * {@code Collection}, thus changing the set of + * {@code Certificates} or {@code CRL}s available to the + * Collection {@code CertStore}. The Collection {@code CertStore} + * will not modify the contents of the {@code Collection}. *

- * If the Collection will be modified by one thread while - * another thread is calling a method of a Collection CertStore - * that has been initialized with this Collection, the - * Collection must have fail-fast iterators. + * If the {@code Collection} will be modified by one thread while + * another thread is calling a method of a Collection {@code CertStore} + * that has been initialized with this {@code Collection}, the + * {@code Collection} must have fail-fast iterators. * - * @param collection a Collection of - * Certificates and CRLs - * @exception NullPointerException if collection is - * null + * @param collection a {@code Collection} of + * {@code Certificate}s and {@code CRL}s + * @exception NullPointerException if {@code collection} is + * {@code null} */ public CollectionCertStoreParameters(Collection collection) { if (collection == null) @@ -90,22 +90,22 @@ } /** - * Creates an instance of CollectionCertStoreParameters with + * Creates an instance of {@code CollectionCertStoreParameters} with * the default parameter values (an empty and immutable - * Collection). + * {@code Collection}). */ public CollectionCertStoreParameters() { coll = Collections.EMPTY_SET; } /** - * Returns the Collection from which Certificates - * and CRLs are retrieved. This is not a copy of the - * Collection, it is a reference. This allows the caller to - * subsequently add or remove Certificates or - * CRLs from the Collection. + * Returns the {@code Collection} from which {@code Certificate}s + * and {@code CRL}s are retrieved. This is not a copy of the + * {@code Collection}, it is a reference. This allows the caller to + * subsequently add or remove {@code Certificates} or + * {@code CRL}s from the {@code Collection}. * - * @return the Collection (never null) + * @return the {@code Collection} (never null) */ public Collection getCollection() { return coll; @@ -113,7 +113,7 @@ /** * Returns a copy of this object. Note that only a reference to the - * Collection is copied, and not the contents. + * {@code Collection} is copied, and not the contents. * * @return the copy */ diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/Extension.java --- a/jdk/src/share/classes/java/security/cert/Extension.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/Extension.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -84,7 +84,7 @@ * that are encoded as an OCTET STRING. It does not include the OCTET * STRING tag and length. * - * @return a copy of the extension's value, or null if no + * @return a copy of the extension's value, or {@code null} if no * extension value is present. */ byte[] getValue(); @@ -95,7 +95,7 @@ * * @param out the output stream * @exception IOException on encoding or output error. - * @exception NullPointerException if out is null. + * @exception NullPointerException if {@code out} is {@code null}. */ void encode(OutputStream out) throws IOException; } diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/LDAPCertStoreParameters.java --- a/jdk/src/share/classes/java/security/cert/LDAPCertStoreParameters.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/LDAPCertStoreParameters.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,10 +26,10 @@ package java.security.cert; /** - * Parameters used as input for the LDAP CertStore algorithm. + * Parameters used as input for the LDAP {@code CertStore} algorithm. *

* This class is used to provide necessary configuration parameters (server - * name and port number) to implementations of the LDAP CertStore + * name and port number) to implementations of the LDAP {@code CertStore} * algorithm. *

* Concurrent Access @@ -59,13 +59,13 @@ private String serverName; /** - * Creates an instance of LDAPCertStoreParameters with the + * Creates an instance of {@code LDAPCertStoreParameters} with the * specified parameter values. * * @param serverName the DNS name of the LDAP server * @param port the port number of the LDAP server - * @exception NullPointerException if serverName is - * null + * @exception NullPointerException if {@code serverName} is + * {@code null} */ public LDAPCertStoreParameters(String serverName, int port) { if (serverName == null) @@ -75,19 +75,19 @@ } /** - * Creates an instance of LDAPCertStoreParameters with the + * Creates an instance of {@code LDAPCertStoreParameters} with the * specified server name and a default port of 389. * * @param serverName the DNS name of the LDAP server - * @exception NullPointerException if serverName is - * null + * @exception NullPointerException if {@code serverName} is + * {@code null} */ public LDAPCertStoreParameters(String serverName) { this(serverName, LDAP_DEFAULT_PORT); } /** - * Creates an instance of LDAPCertStoreParameters with the + * Creates an instance of {@code LDAPCertStoreParameters} with the * default parameter values (server name "localhost", port 389). */ public LDAPCertStoreParameters() { @@ -97,7 +97,7 @@ /** * Returns the DNS name of the LDAP server. * - * @return the name (not null) + * @return the name (not {@code null}) */ public String getServerName() { return serverName; @@ -117,7 +117,7 @@ * the original and vice versa. *

* Note: this method currently performs a shallow copy of the object - * (simply calls Object.clone()). This may be changed in a + * (simply calls {@code Object.clone()}). This may be changed in a * future revision to perform a deep copy if new parameters are added * that should not be shared. * diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PKIXBuilderParameters.java --- a/jdk/src/share/classes/java/security/cert/PKIXBuilderParameters.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PKIXBuilderParameters.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,35 +32,35 @@ import java.util.Set; /** - * Parameters used as input for the PKIX CertPathBuilder + * Parameters used as input for the PKIX {@code CertPathBuilder} * algorithm. *

- * A PKIX CertPathBuilder uses these parameters to {@link - * CertPathBuilder#build build} a CertPath which has been + * A PKIX {@code CertPathBuilder} uses these parameters to {@link + * CertPathBuilder#build build} a {@code CertPath} which has been * validated according to the PKIX certification path validation algorithm. * - *

To instantiate a PKIXBuilderParameters object, an + *

To instantiate a {@code PKIXBuilderParameters} object, an * application must specify one or more most-trusted CAs as defined by * the PKIX certification path validation algorithm. The most-trusted CA * can be specified using one of two constructors. An application * can call {@link #PKIXBuilderParameters(Set, CertSelector) * PKIXBuilderParameters(Set, CertSelector)}, specifying a - * Set of TrustAnchor objects, each of which + * {@code Set} of {@code TrustAnchor} objects, each of which * identifies a most-trusted CA. Alternatively, an application can call * {@link #PKIXBuilderParameters(KeyStore, CertSelector) * PKIXBuilderParameters(KeyStore, CertSelector)}, specifying a - * KeyStore instance containing trusted certificate entries, each + * {@code KeyStore} instance containing trusted certificate entries, each * of which will be considered as a most-trusted CA. * *

In addition, an application must specify constraints on the target - * certificate that the CertPathBuilder will attempt + * certificate that the {@code CertPathBuilder} will attempt * to build a path to. The constraints are specified as a - * CertSelector object. These constraints should provide the - * CertPathBuilder with enough search criteria to find the target - * certificate. Minimal criteria for an X509Certificate usually + * {@code CertSelector} object. These constraints should provide the + * {@code CertPathBuilder} with enough search criteria to find the target + * certificate. Minimal criteria for an {@code X509Certificate} usually * include the subject name and/or one or more subject alternative names. - * If enough criteria is not specified, the CertPathBuilder - * may throw a CertPathBuilderException. + * If enough criteria is not specified, the {@code CertPathBuilder} + * may throw a {@code CertPathBuilderException}. *

* Concurrent Access *

@@ -80,23 +80,23 @@ private int maxPathLength = 5; /** - * Creates an instance of PKIXBuilderParameters with - * the specified Set of most-trusted CAs. + * Creates an instance of {@code PKIXBuilderParameters} with + * the specified {@code Set} of most-trusted CAs. * Each element of the set is a {@link TrustAnchor TrustAnchor}. * - *

Note that the Set is copied to protect against + *

Note that the {@code Set} is copied to protect against * subsequent modifications. * - * @param trustAnchors a Set of TrustAnchors - * @param targetConstraints a CertSelector specifying the + * @param trustAnchors a {@code Set} of {@code TrustAnchor}s + * @param targetConstraints a {@code CertSelector} specifying the * constraints on the target certificate - * @throws InvalidAlgorithmParameterException if trustAnchors - * is empty (trustAnchors.isEmpty() == true) - * @throws NullPointerException if trustAnchors is - * null + * @throws InvalidAlgorithmParameterException if {@code trustAnchors} + * is empty {@code (trustAnchors.isEmpty() == true)} + * @throws NullPointerException if {@code trustAnchors} is + * {@code null} * @throws ClassCastException if any of the elements of - * trustAnchors are not of type - * java.security.cert.TrustAnchor + * {@code trustAnchors} are not of type + * {@code java.security.cert.TrustAnchor} */ public PKIXBuilderParameters(Set trustAnchors, CertSelector targetConstraints) throws InvalidAlgorithmParameterException @@ -106,22 +106,22 @@ } /** - * Creates an instance of PKIXBuilderParameters that + * Creates an instance of {@code PKIXBuilderParameters} that * populates the set of most-trusted CAs from the trusted - * certificate entries contained in the specified KeyStore. - * Only keystore entries that contain trusted X509Certificates + * certificate entries contained in the specified {@code KeyStore}. + * Only keystore entries that contain trusted {@code X509Certificate}s * are considered; all other certificate types are ignored. * - * @param keystore a KeyStore from which the set of + * @param keystore a {@code KeyStore} from which the set of * most-trusted CAs will be populated - * @param targetConstraints a CertSelector specifying the + * @param targetConstraints a {@code CertSelector} specifying the * constraints on the target certificate - * @throws KeyStoreException if keystore has not been + * @throws KeyStoreException if {@code keystore} has not been * initialized - * @throws InvalidAlgorithmParameterException if keystore does + * @throws InvalidAlgorithmParameterException if {@code keystore} does * not contain at least one trusted certificate entry - * @throws NullPointerException if keystore is - * null + * @throws NullPointerException if {@code keystore} is + * {@code null} */ public PKIXBuilderParameters(KeyStore keystore, CertSelector targetConstraints) @@ -139,7 +139,7 @@ * in a certification path is not an intermediate certificate, and is not * included in this limit. Usually the last certificate is an end entity * certificate, but it can be a CA certificate. A PKIX - * CertPathBuilder instance must not build + * {@code CertPathBuilder} instance must not build * paths longer than the length specified. * *

A value of 0 implies that the path can only contain @@ -149,14 +149,14 @@ * Setting a value less than -1 will cause an exception to be thrown. * *

If any of the CA certificates contain the - * BasicConstraintsExtension, the value of the - * pathLenConstraint field of the extension overrides + * {@code BasicConstraintsExtension}, the value of the + * {@code pathLenConstraint} field of the extension overrides * the maximum path length parameter whenever the result is a * certification path of smaller length. * * @param maxPathLength the maximum number of non-self-issued intermediate * certificates that may exist in a certification path - * @throws InvalidParameterException if maxPathLength is set + * @throws InvalidParameterException if {@code maxPathLength} is set * to a value less than -1 * * @see #getMaxPathLength diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PKIXCertPathBuilderResult.java --- a/jdk/src/share/classes/java/security/cert/PKIXCertPathBuilderResult.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PKIXCertPathBuilderResult.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,14 +33,14 @@ * returned using this algorithm are also validated according to the PKIX * certification path validation algorithm. * - *

Instances of PKIXCertPathBuilderResult are returned by - * the build method of CertPathBuilder + *

Instances of {@code PKIXCertPathBuilderResult} are returned by + * the {@code build} method of {@code CertPathBuilder} * objects implementing the PKIX algorithm. * - *

All PKIXCertPathBuilderResult objects contain the + *

All {@code PKIXCertPathBuilderResult} objects contain the * certification path constructed by the build algorithm, the * valid policy tree and subject public key resulting from the build - * algorithm, and a TrustAnchor describing the certification + * algorithm, and a {@code TrustAnchor} describing the certification * authority (CA) that served as a trust anchor for the certification path. *

* Concurrent Access @@ -62,18 +62,18 @@ private CertPath certPath; /** - * Creates an instance of PKIXCertPathBuilderResult + * Creates an instance of {@code PKIXCertPathBuilderResult} * containing the specified parameters. * - * @param certPath the validated CertPath - * @param trustAnchor a TrustAnchor describing the CA that + * @param certPath the validated {@code CertPath} + * @param trustAnchor a {@code TrustAnchor} describing the CA that * served as a trust anchor for the certification path - * @param policyTree the immutable valid policy tree, or null + * @param policyTree the immutable valid policy tree, or {@code null} * if there are no valid policies * @param subjectPublicKey the public key of the subject - * @throws NullPointerException if the certPath, - * trustAnchor or subjectPublicKey parameters - * are null + * @throws NullPointerException if the {@code certPath}, + * {@code trustAnchor} or {@code subjectPublicKey} parameters + * are {@code null} */ public PKIXCertPathBuilderResult(CertPath certPath, TrustAnchor trustAnchor, PolicyNode policyTree, @@ -87,13 +87,13 @@ /** * Returns the built and validated certification path. The - * CertPath object does not include the trust anchor. + * {@code CertPath} object does not include the trust anchor. * Instead, use the {@link #getTrustAnchor() getTrustAnchor()} method to - * obtain the TrustAnchor that served as the trust anchor + * obtain the {@code TrustAnchor} that served as the trust anchor * for the certification path. * - * @return the built and validated CertPath (never - * null) + * @return the built and validated {@code CertPath} (never + * {@code null}) */ public CertPath getCertPath() { return certPath; @@ -101,10 +101,10 @@ /** * Return a printable representation of this - * PKIXCertPathBuilderResult. + * {@code PKIXCertPathBuilderResult}. * - * @return a String describing the contents of this - * PKIXCertPathBuilderResult + * @return a {@code String} describing the contents of this + * {@code PKIXCertPathBuilderResult} */ public String toString() { StringBuffer sb = new StringBuffer(); diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PKIXCertPathChecker.java --- a/jdk/src/share/classes/java/security/cert/PKIXCertPathChecker.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PKIXCertPathChecker.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,38 +30,38 @@ /** * An abstract class that performs one or more checks on an - * X509Certificate. + * {@code X509Certificate}. * - *

A concrete implementation of the PKIXCertPathChecker class + *

A concrete implementation of the {@code PKIXCertPathChecker} class * can be created to extend the PKIX certification path validation algorithm. * For example, an implementation may check for and process a critical private * extension of each certificate in a certification path. * - *

Instances of PKIXCertPathChecker are passed as parameters + *

Instances of {@code PKIXCertPathChecker} are passed as parameters * using the {@link PKIXParameters#setCertPathCheckers setCertPathCheckers} * or {@link PKIXParameters#addCertPathChecker addCertPathChecker} methods - * of the PKIXParameters and PKIXBuilderParameters - * class. Each of the PKIXCertPathCheckers {@link #check check} + * of the {@code PKIXParameters} and {@code PKIXBuilderParameters} + * class. Each of the {@code PKIXCertPathChecker}s {@link #check check} * methods will be called, in turn, for each certificate processed by a PKIX - * CertPathValidator or CertPathBuilder + * {@code CertPathValidator} or {@code CertPathBuilder} * implementation. * - *

A PKIXCertPathChecker may be called multiple times on + *

A {@code PKIXCertPathChecker} may be called multiple times on * successive certificates in a certification path. Concrete subclasses * are expected to maintain any internal state that may be necessary to * check successive certificates. The {@link #init init} method is used * to initialize the internal state of the checker so that the certificates * of a new certification path may be checked. A stateful implementation * must override the {@link #clone clone} method if necessary in - * order to allow a PKIX CertPathBuilder to efficiently + * order to allow a PKIX {@code CertPathBuilder} to efficiently * backtrack and try other paths. In these situations, the - * CertPathBuilder is able to restore prior path validation - * states by restoring the cloned PKIXCertPathCheckers. + * {@code CertPathBuilder} is able to restore prior path validation + * states by restoring the cloned {@code PKIXCertPathChecker}s. * *

The order in which the certificates are presented to the - * PKIXCertPathChecker may be either in the forward direction + * {@code PKIXCertPathChecker} may be either in the forward direction * (from target to most-trusted CA) or in the reverse direction (from - * most-trusted CA to target). A PKIXCertPathChecker implementation + * most-trusted CA to target). A {@code PKIXCertPathChecker} implementation * must support reverse checking (the ability to perform its checks when * it is presented with certificates in the reverse direction) and may * support forward checking (the ability to perform its checks when it is @@ -96,19 +96,19 @@ protected PKIXCertPathChecker() {} /** - * Initializes the internal state of this PKIXCertPathChecker. + * Initializes the internal state of this {@code PKIXCertPathChecker}. *

- * The forward flag specifies the order that + * The {@code forward} flag specifies the order that * certificates will be passed to the {@link #check check} method - * (forward or reverse). A PKIXCertPathChecker must + * (forward or reverse). A {@code PKIXCertPathChecker} must * support reverse checking and may support forward checking. * * @param forward the order that certificates are presented to - * the check method. If true, certificates + * the {@code check} method. If {@code true}, certificates * are presented from target to most-trusted CA (forward); if - * false, from most-trusted CA to target (reverse). + * {@code false}, from most-trusted CA to target (reverse). * @throws CertPathValidatorException if this - * PKIXCertPathChecker is unable to check certificates in + * {@code PKIXCertPathChecker} is unable to check certificates in * the specified order; it should never be thrown if the forward flag * is false since reverse checking must be supported */ @@ -118,32 +118,32 @@ /** * Indicates if forward checking is supported. Forward checking refers - * to the ability of the PKIXCertPathChecker to perform - * its checks when certificates are presented to the check + * to the ability of the {@code PKIXCertPathChecker} to perform + * its checks when certificates are presented to the {@code check} * method in the forward direction (from target to most-trusted CA). * - * @return true if forward checking is supported, - * false otherwise + * @return {@code true} if forward checking is supported, + * {@code false} otherwise */ @Override public abstract boolean isForwardCheckingSupported(); /** - * Returns an immutable Set of X.509 certificate extensions - * that this PKIXCertPathChecker supports (i.e. recognizes, is - * able to process), or null if no extensions are supported. + * Returns an immutable {@code Set} of X.509 certificate extensions + * that this {@code PKIXCertPathChecker} supports (i.e. recognizes, is + * able to process), or {@code null} if no extensions are supported. *

- * Each element of the set is a String representing the + * Each element of the set is a {@code String} representing the * Object Identifier (OID) of the X.509 extension that is supported. * The OID is represented by a set of nonnegative integers separated by * periods. *

- * All X.509 certificate extensions that a PKIXCertPathChecker + * All X.509 certificate extensions that a {@code PKIXCertPathChecker} * might possibly be able to process should be included in the set. * - * @return an immutable Set of X.509 extension OIDs (in - * String format) supported by this - * PKIXCertPathChecker, or null if no + * @return an immutable {@code Set} of X.509 extension OIDs (in + * {@code String} format) supported by this + * {@code PKIXCertPathChecker}, or {@code null} if no * extensions are supported */ public abstract Set getSupportedExtensions(); @@ -153,10 +153,10 @@ * state and removes any critical extensions that it processes from the * specified collection of OID strings that represent the unresolved * critical extensions. The certificates are presented in the order - * specified by the init method. + * specified by the {@code init} method. * - * @param cert the Certificate to be checked - * @param unresolvedCritExts a Collection of OID strings + * @param cert the {@code Certificate} to be checked + * @param unresolvedCritExts a {@code Collection} of OID strings * representing the current set of unresolved critical extensions * @exception CertPathValidatorException if the specified certificate does * not pass the check @@ -177,12 +177,12 @@ } /** - * Returns a clone of this object. Calls the Object.clone() + * Returns a clone of this object. Calls the {@code Object.clone()} * method. * All subclasses which maintain state must support and * override this method, if necessary. * - * @return a copy of this PKIXCertPathChecker + * @return a copy of this {@code PKIXCertPathChecker} */ @Override public Object clone() { diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PKIXCertPathValidatorResult.java --- a/jdk/src/share/classes/java/security/cert/PKIXCertPathValidatorResult.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PKIXCertPathValidatorResult.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,13 +31,13 @@ * This class represents the successful result of the PKIX certification * path validation algorithm. * - *

Instances of PKIXCertPathValidatorResult are returned by the + *

Instances of {@code PKIXCertPathValidatorResult} are returned by the * {@link CertPathValidator#validate validate} method of - * CertPathValidator objects implementing the PKIX algorithm. + * {@code CertPathValidator} objects implementing the PKIX algorithm. * - *

All PKIXCertPathValidatorResult objects contain the + *

All {@code PKIXCertPathValidatorResult} objects contain the * valid policy tree and subject public key resulting from the - * validation algorithm, as well as a TrustAnchor describing + * validation algorithm, as well as a {@code TrustAnchor} describing * the certification authority (CA) that served as a trust anchor for the * certification path. *

@@ -62,16 +62,16 @@ private PublicKey subjectPublicKey; /** - * Creates an instance of PKIXCertPathValidatorResult + * Creates an instance of {@code PKIXCertPathValidatorResult} * containing the specified parameters. * - * @param trustAnchor a TrustAnchor describing the CA that + * @param trustAnchor a {@code TrustAnchor} describing the CA that * served as a trust anchor for the certification path - * @param policyTree the immutable valid policy tree, or null + * @param policyTree the immutable valid policy tree, or {@code null} * if there are no valid policies * @param subjectPublicKey the public key of the subject - * @throws NullPointerException if the subjectPublicKey or - * trustAnchor parameters are null + * @throws NullPointerException if the {@code subjectPublicKey} or + * {@code trustAnchor} parameters are {@code null} */ public PKIXCertPathValidatorResult(TrustAnchor trustAnchor, PolicyNode policyTree, PublicKey subjectPublicKey) @@ -86,10 +86,10 @@ } /** - * Returns the TrustAnchor describing the CA that served + * Returns the {@code TrustAnchor} describing the CA that served * as a trust anchor for the certification path. * - * @return the TrustAnchor (never null) + * @return the {@code TrustAnchor} (never {@code null}) */ public TrustAnchor getTrustAnchor() { return trustAnchor; @@ -98,18 +98,18 @@ /** * Returns the root node of the valid policy tree resulting from the * PKIX certification path validation algorithm. The - * PolicyNode object that is returned and any objects that + * {@code PolicyNode} object that is returned and any objects that * it returns through public methods are immutable. * *

Most applications will not need to examine the valid policy tree. * They can achieve their policy processing goals by setting the - * policy-related parameters in PKIXParameters. However, more + * policy-related parameters in {@code PKIXParameters}. However, more * sophisticated applications, especially those that process policy * qualifiers, may need to traverse the valid policy tree using the * {@link PolicyNode#getParent PolicyNode.getParent} and * {@link PolicyNode#getChildren PolicyNode.getChildren} methods. * - * @return the root node of the valid policy tree, or null + * @return the root node of the valid policy tree, or {@code null} * if there are no valid policies */ public PolicyNode getPolicyTree() { @@ -120,7 +120,7 @@ * Returns the public key of the subject (target) of the certification * path, including any inherited public key parameters if applicable. * - * @return the public key of the subject (never null) + * @return the public key of the subject (never {@code null}) */ public PublicKey getPublicKey() { return subjectPublicKey; @@ -142,10 +142,10 @@ /** * Return a printable representation of this - * PKIXCertPathValidatorResult. + * {@code PKIXCertPathValidatorResult}. * - * @return a String describing the contents of this - * PKIXCertPathValidatorResult + * @return a {@code String} describing the contents of this + * {@code PKIXCertPathValidatorResult} */ public String toString() { StringBuffer sb = new StringBuffer(); diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PKIXParameters.java --- a/jdk/src/share/classes/java/security/cert/PKIXParameters.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PKIXParameters.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,34 +38,34 @@ import java.util.Set; /** - * Parameters used as input for the PKIX CertPathValidator + * Parameters used as input for the PKIX {@code CertPathValidator} * algorithm. *

- * A PKIX CertPathValidator uses these parameters to - * validate a CertPath according to the PKIX certification path + * A PKIX {@code CertPathValidator} uses these parameters to + * validate a {@code CertPath} according to the PKIX certification path * validation algorithm. * - *

To instantiate a PKIXParameters object, an + *

To instantiate a {@code PKIXParameters} object, an * application must specify one or more most-trusted CAs as defined by * the PKIX certification path validation algorithm. The most-trusted CAs * can be specified using one of two constructors. An application * can call {@link #PKIXParameters(Set) PKIXParameters(Set)}, - * specifying a Set of TrustAnchor objects, each + * specifying a {@code Set} of {@code TrustAnchor} objects, each * of which identify a most-trusted CA. Alternatively, an application can call * {@link #PKIXParameters(KeyStore) PKIXParameters(KeyStore)}, specifying a - * KeyStore instance containing trusted certificate entries, each + * {@code KeyStore} instance containing trusted certificate entries, each * of which will be considered as a most-trusted CA. *

- * Once a PKIXParameters object has been created, other parameters + * Once a {@code PKIXParameters} object has been created, other parameters * can be specified (by calling {@link #setInitialPolicies setInitialPolicies} * or {@link #setDate setDate}, for instance) and then the - * PKIXParameters is passed along with the CertPath + * {@code PKIXParameters} is passed along with the {@code CertPath} * to be validated to {@link CertPathValidator#validate * CertPathValidator.validate}. *

- * Any parameter that is not set (or is set to null) will + * Any parameter that is not set (or is set to {@code null}) will * be set to the default value for that parameter. The default value for the - * date parameter is null, which indicates + * {@code date} parameter is {@code null}, which indicates * the current time when the path is validated. The default for the * remaining parameters is the least constrained. *

@@ -99,20 +99,20 @@ private CertSelector certSelector; /** - * Creates an instance of PKIXParameters with the specified - * Set of most-trusted CAs. Each element of the + * Creates an instance of {@code PKIXParameters} with the specified + * {@code Set} of most-trusted CAs. Each element of the * set is a {@link TrustAnchor TrustAnchor}. *

- * Note that the Set is copied to protect against + * Note that the {@code Set} is copied to protect against * subsequent modifications. * - * @param trustAnchors a Set of TrustAnchors + * @param trustAnchors a {@code Set} of {@code TrustAnchor}s * @throws InvalidAlgorithmParameterException if the specified - * Set is empty (trustAnchors.isEmpty() == true) - * @throws NullPointerException if the specified Set is - * null - * @throws ClassCastException if any of the elements in the Set - * are not of type java.security.cert.TrustAnchor + * {@code Set} is empty {@code (trustAnchors.isEmpty() == true)} + * @throws NullPointerException if the specified {@code Set} is + * {@code null} + * @throws ClassCastException if any of the elements in the {@code Set} + * are not of type {@code java.security.cert.TrustAnchor} */ public PKIXParameters(Set trustAnchors) throws InvalidAlgorithmParameterException @@ -125,18 +125,18 @@ } /** - * Creates an instance of PKIXParameters that + * Creates an instance of {@code PKIXParameters} that * populates the set of most-trusted CAs from the trusted - * certificate entries contained in the specified KeyStore. - * Only keystore entries that contain trusted X509Certificates + * certificate entries contained in the specified {@code KeyStore}. + * Only keystore entries that contain trusted {@code X509Certificates} * are considered; all other certificate types are ignored. * - * @param keystore a KeyStore from which the set of + * @param keystore a {@code KeyStore} from which the set of * most-trusted CAs will be populated * @throws KeyStoreException if the keystore has not been initialized * @throws InvalidAlgorithmParameterException if the keystore does * not contain at least one trusted certificate entry - * @throws NullPointerException if the keystore is null + * @throws NullPointerException if the keystore is {@code null} */ public PKIXParameters(KeyStore keystore) throws KeyStoreException, InvalidAlgorithmParameterException @@ -161,11 +161,11 @@ } /** - * Returns an immutable Set of the most-trusted + * Returns an immutable {@code Set} of the most-trusted * CAs. * - * @return an immutable Set of TrustAnchors - * (never null) + * @return an immutable {@code Set} of {@code TrustAnchor}s + * (never {@code null}) * * @see #setTrustAnchors */ @@ -174,18 +174,18 @@ } /** - * Sets the Set of most-trusted CAs. + * Sets the {@code Set} of most-trusted CAs. *

- * Note that the Set is copied to protect against + * Note that the {@code Set} is copied to protect against * subsequent modifications. * - * @param trustAnchors a Set of TrustAnchors + * @param trustAnchors a {@code Set} of {@code TrustAnchor}s * @throws InvalidAlgorithmParameterException if the specified - * Set is empty (trustAnchors.isEmpty() == true) - * @throws NullPointerException if the specified Set is - * null + * {@code Set} is empty {@code (trustAnchors.isEmpty() == true)} + * @throws NullPointerException if the specified {@code Set} is + * {@code null} * @throws ClassCastException if any of the elements in the set - * are not of type java.security.cert.TrustAnchor + * are not of type {@code java.security.cert.TrustAnchor} * * @see #getTrustAnchors */ @@ -211,16 +211,16 @@ } /** - * Returns an immutable Set of initial + * Returns an immutable {@code Set} of initial * policy identifiers (OID strings), indicating that any one of these * policies would be acceptable to the certificate user for the purposes of * certification path processing. The default return value is an empty - * Set, which is interpreted as meaning that any policy would + * {@code Set}, which is interpreted as meaning that any policy would * be acceptable. * - * @return an immutable Set of initial policy OIDs in - * String format, or an empty Set (implying any - * policy is acceptable). Never returns null. + * @return an immutable {@code Set} of initial policy OIDs in + * {@code String} format, or an empty {@code Set} (implying any + * policy is acceptable). Never returns {@code null}. * * @see #setInitialPolicies */ @@ -229,21 +229,21 @@ } /** - * Sets the Set of initial policy identifiers + * Sets the {@code Set} of initial policy identifiers * (OID strings), indicating that any one of these * policies would be acceptable to the certificate user for the purposes of * certification path processing. By default, any policy is acceptable * (i.e. all policies), so a user that wants to allow any policy as * acceptable does not need to call this method, or can call it - * with an empty Set (or null). + * with an empty {@code Set} (or {@code null}). *

- * Note that the Set is copied to protect against + * Note that the {@code Set} is copied to protect against * subsequent modifications. * - * @param initialPolicies a Set of initial policy - * OIDs in String format (or null) + * @param initialPolicies a {@code Set} of initial policy + * OIDs in {@code String} format (or {@code null}) * @throws ClassCastException if any of the elements in the set are - * not of type String + * not of type {@code String} * * @see #getInitialPolicies */ @@ -262,19 +262,19 @@ } /** - * Sets the list of CertStores to be used in finding - * certificates and CRLs. May be null, in which case - * no CertStores will be used. The first - * CertStores in the list may be preferred to those that + * Sets the list of {@code CertStore}s to be used in finding + * certificates and CRLs. May be {@code null}, in which case + * no {@code CertStore}s will be used. The first + * {@code CertStore}s in the list may be preferred to those that * appear later. *

- * Note that the List is copied to protect against + * Note that the {@code List} is copied to protect against * subsequent modifications. * - * @param stores a List of CertStores (or - * null) + * @param stores a {@code List} of {@code CertStore}s (or + * {@code null}) * @throws ClassCastException if any of the elements in the list are - * not of type java.security.cert.CertStore + * not of type {@code java.security.cert.CertStore} * * @see #getCertStores */ @@ -293,10 +293,10 @@ } /** - * Adds a CertStore to the end of the list of - * CertStores used in finding certificates and CRLs. + * Adds a {@code CertStore} to the end of the list of + * {@code CertStore}s used in finding certificates and CRLs. * - * @param store the CertStore to add. If null, + * @param store the {@code CertStore} to add. If {@code null}, * the store is ignored (not added to list). */ public void addCertStore(CertStore store) { @@ -306,11 +306,11 @@ } /** - * Returns an immutable List of CertStores that + * Returns an immutable {@code List} of {@code CertStore}s that * are used to find certificates and CRLs. * - * @return an immutable List of CertStores - * (may be empty, but never null) + * @return an immutable {@code List} of {@code CertStore}s + * (may be empty, but never {@code null}) * * @see #setCertStores */ @@ -325,7 +325,7 @@ * will be used. If this flag is false, the default revocation checking * mechanism will be disabled (not used). *

- * When a PKIXParameters object is created, this flag is set + * When a {@code PKIXParameters} object is created, this flag is set * to true. This setting reflects the most common strategy for checking * revocation, since each service provider must support revocation * checking to be PKIX compliant. Sophisticated applications should set @@ -360,8 +360,8 @@ * acceptable policy needs to be explicitly identified in every certificate. * By default, the ExplicitPolicyRequired flag is false. * - * @param val true if explicit policy is to be required, - * false otherwise + * @param val {@code true} if explicit policy is to be required, + * {@code false} otherwise */ public void setExplicitPolicyRequired(boolean val) { explicitPolicyRequired = val; @@ -372,8 +372,8 @@ * acceptable policy needs to be explicitly identified in every certificate. * By default, the ExplicitPolicyRequired flag is false. * - * @return true if explicit policy is required, - * false otherwise + * @return {@code true} if explicit policy is required, + * {@code false} otherwise */ public boolean isExplicitPolicyRequired() { return explicitPolicyRequired; @@ -384,8 +384,8 @@ * mapping is inhibited. By default, policy mapping is not inhibited (the * flag is false). * - * @param val true if policy mapping is to be inhibited, - * false otherwise + * @param val {@code true} if policy mapping is to be inhibited, + * {@code false} otherwise */ public void setPolicyMappingInhibited(boolean val) { policyMappingInhibited = val; @@ -406,10 +406,10 @@ * Sets state to determine if the any policy OID should be processed * if it is included in a certificate. By default, the any policy OID * is not inhibited ({@link #isAnyPolicyInhibited isAnyPolicyInhibited()} - * returns false). + * returns {@code false}). * - * @param val true if the any policy OID is to be - * inhibited, false otherwise + * @param val {@code true} if the any policy OID is to be + * inhibited, {@code false} otherwise */ public void setAnyPolicyInhibited(boolean val) { anyPolicyInhibited = val; @@ -419,8 +419,8 @@ * Checks whether the any policy OID should be processed if it * is included in a certificate. * - * @return true if the any policy OID is inhibited, - * false otherwise + * @return {@code true} if the any policy OID is inhibited, + * {@code false} otherwise */ public boolean isAnyPolicyInhibited() { return anyPolicyInhibited; @@ -432,7 +432,7 @@ * policies extension that is marked critical are rejected. * If the flag is false, certificates are not rejected on this basis. * - *

When a PKIXParameters object is created, this flag is + *

When a {@code PKIXParameters} object is created, this flag is * set to true. This setting reflects the most common (and simplest) * strategy for processing policy qualifiers. Applications that want to use * a more sophisticated policy must set this flag to false. @@ -459,7 +459,7 @@ * extension that is marked critical are rejected. * If the flag is false, certificates are not rejected on this basis. * - *

When a PKIXParameters object is created, this flag is + *

When a {@code PKIXParameters} object is created, this flag is * set to true. This setting reflects the most common (and simplest) * strategy for processing policy qualifiers. Applications that want to use * a more sophisticated policy must set this flag to false. @@ -473,12 +473,12 @@ /** * Returns the time for which the validity of the certification path - * should be determined. If null, the current time is used. + * should be determined. If {@code null}, the current time is used. *

- * Note that the Date returned is copied to protect against + * Note that the {@code Date} returned is copied to protect against * subsequent modifications. * - * @return the Date, or null if not set + * @return the {@code Date}, or {@code null} if not set * @see #setDate */ public Date getDate() { @@ -490,12 +490,12 @@ /** * Sets the time for which the validity of the certification path - * should be determined. If null, the current time is used. + * should be determined. If {@code null}, the current time is used. *

- * Note that the Date supplied here is copied to protect + * Note that the {@code Date} supplied here is copied to protect * against subsequent modifications. * - * @param date the Date, or null for the + * @param date the {@code Date}, or {@code null} for the * current time * @see #getDate */ @@ -507,39 +507,39 @@ } /** - * Sets a List of additional certification path checkers. If - * the specified List contains an object that is not a - * PKIXCertPathChecker, it is ignored. + * Sets a {@code List} of additional certification path checkers. If + * the specified {@code List} contains an object that is not a + * {@code PKIXCertPathChecker}, it is ignored. *

- * Each PKIXCertPathChecker specified implements + * Each {@code PKIXCertPathChecker} specified implements * additional checks on a certificate. Typically, these are checks to * process and verify private extensions contained in certificates. - * Each PKIXCertPathChecker should be instantiated with any + * Each {@code PKIXCertPathChecker} should be instantiated with any * initialization parameters needed to execute the check. *

* This method allows sophisticated applications to extend a PKIX - * CertPathValidator or CertPathBuilder. - * Each of the specified PKIXCertPathCheckers will be called, - * in turn, by a PKIX CertPathValidator or - * CertPathBuilder for each certificate processed or + * {@code CertPathValidator} or {@code CertPathBuilder}. + * Each of the specified {@code PKIXCertPathChecker}s will be called, + * in turn, by a PKIX {@code CertPathValidator} or + * {@code CertPathBuilder} for each certificate processed or * validated. *

- * Regardless of whether these additional PKIXCertPathCheckers - * are set, a PKIX CertPathValidator or - * CertPathBuilder must perform all of the required PKIX + * Regardless of whether these additional {@code PKIXCertPathChecker}s + * are set, a PKIX {@code CertPathValidator} or + * {@code CertPathBuilder} must perform all of the required PKIX * checks on each certificate. The one exception to this rule is if the * RevocationEnabled flag is set to false (see the {@link * #setRevocationEnabled setRevocationEnabled} method). *

- * Note that the List supplied here is copied and each - * PKIXCertPathChecker in the list is cloned to protect + * Note that the {@code List} supplied here is copied and each + * {@code PKIXCertPathChecker} in the list is cloned to protect * against subsequent modifications. * - * @param checkers a List of PKIXCertPathCheckers. - * May be null, in which case no additional checkers will be + * @param checkers a {@code List} of {@code PKIXCertPathChecker}s. + * May be {@code null}, in which case no additional checkers will be * used. * @throws ClassCastException if any of the elements in the list - * are not of type java.security.cert.PKIXCertPathChecker + * are not of type {@code java.security.cert.PKIXCertPathChecker} * @see #getCertPathCheckers */ public void setCertPathCheckers(List checkers) { @@ -556,14 +556,14 @@ } /** - * Returns the List of certification path checkers. - * The returned List is immutable, and each - * PKIXCertPathChecker in the List is cloned + * Returns the {@code List} of certification path checkers. + * The returned {@code List} is immutable, and each + * {@code PKIXCertPathChecker} in the {@code List} is cloned * to protect against subsequent modifications. * - * @return an immutable List of - * PKIXCertPathCheckers (may be empty, but not - * null) + * @return an immutable {@code List} of + * {@code PKIXCertPathChecker}s (may be empty, but not + * {@code null}) * @see #setCertPathCheckers */ public List getCertPathCheckers() { @@ -575,15 +575,15 @@ } /** - * Adds a PKIXCertPathChecker to the list of certification + * Adds a {@code PKIXCertPathChecker} to the list of certification * path checkers. See the {@link #setCertPathCheckers setCertPathCheckers} * method for more details. *

- * Note that the PKIXCertPathChecker is cloned to protect + * Note that the {@code PKIXCertPathChecker} is cloned to protect * against subsequent modifications. * - * @param checker a PKIXCertPathChecker to add to the list of - * checks. If null, the checker is ignored (not added to list). + * @param checker a {@code PKIXCertPathChecker} to add to the list of + * checks. If {@code null}, the checker is ignored (not added to list). */ public void addCertPathChecker(PKIXCertPathChecker checker) { if (checker != null) { @@ -592,10 +592,10 @@ } /** - * Returns the signature provider's name, or null + * Returns the signature provider's name, or {@code null} * if not set. * - * @return the signature provider's name (or null) + * @return the signature provider's name (or {@code null}) * @see #setSigProvider */ public String getSigProvider() { @@ -605,10 +605,10 @@ /** * Sets the signature provider's name. The specified provider will be * preferred when creating {@link java.security.Signature Signature} - * objects. If null or not set, the first provider found + * objects. If {@code null} or not set, the first provider found * supporting the algorithm will be used. * - * @param sigProvider the signature provider's name (or null) + * @param sigProvider the signature provider's name (or {@code null}) * @see #getSigProvider */ public void setSigProvider(String sigProvider) { @@ -617,14 +617,14 @@ /** * Returns the required constraints on the target certificate. - * The constraints are returned as an instance of CertSelector. - * If null, no constraints are defined. + * The constraints are returned as an instance of {@code CertSelector}. + * If {@code null}, no constraints are defined. * - *

Note that the CertSelector returned is cloned + *

Note that the {@code CertSelector} returned is cloned * to protect against subsequent modifications. * - * @return a CertSelector specifying the constraints - * on the target certificate (or null) + * @return a {@code CertSelector} specifying the constraints + * on the target certificate (or {@code null}) * @see #setTargetCertConstraints */ public CertSelector getTargetCertConstraints() { @@ -638,14 +638,14 @@ /** * Sets the required constraints on the target certificate. * The constraints are specified as an instance of - * CertSelector. If null, no constraints are + * {@code CertSelector}. If {@code null}, no constraints are * defined. * - *

Note that the CertSelector specified is cloned + *

Note that the {@code CertSelector} specified is cloned * to protect against subsequent modifications. * - * @param selector a CertSelector specifying the constraints - * on the target certificate (or null) + * @param selector a {@code CertSelector} specifying the constraints + * on the target certificate (or {@code null}) * @see #getTargetCertConstraints */ public void setTargetCertConstraints(CertSelector selector) { @@ -656,10 +656,10 @@ } /** - * Makes a copy of this PKIXParameters object. Changes + * Makes a copy of this {@code PKIXParameters} object. Changes * to the copy will not affect the original and vice versa. * - * @return a copy of this PKIXParameters object + * @return a copy of this {@code PKIXParameters} object */ public Object clone() { try { diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PKIXReason.java --- a/jdk/src/share/classes/java/security/cert/PKIXReason.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PKIXReason.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,10 +26,10 @@ package java.security.cert; /** - * The PKIXReason enumerates the potential PKIX-specific reasons + * The {@code PKIXReason} enumerates the potential PKIX-specific reasons * that an X.509 certification path may be invalid according to the PKIX * (RFC 3280) standard. These reasons are in addition to those of the - * CertPathValidatorException.BasicReason enumeration. + * {@code CertPathValidatorException.BasicReason} enumeration. * * @since 1.7 */ diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PolicyNode.java --- a/jdk/src/share/classes/java/security/cert/PolicyNode.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PolicyNode.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,7 +41,7 @@ * *

Most applications will not need to examine the valid policy tree. * They can achieve their policy processing goals by setting the - * policy-related parameters in PKIXParameters. However, + * policy-related parameters in {@code PKIXParameters}. However, * the valid policy tree is available for more sophisticated applications, * especially those that process policy qualifiers. * @@ -50,12 +50,12 @@ * valid policy tree. The tree can be traversed using the * {@link #getChildren getChildren} and {@link #getParent getParent} methods. * Data about a particular node can be retrieved using other methods of - * PolicyNode. + * {@code PolicyNode}. * *

Concurrent Access - *

All PolicyNode objects must be immutable and + *

All {@code PolicyNode} objects must be immutable and * thread-safe. Multiple threads may concurrently invoke the methods defined - * in this class on a single PolicyNode object (or more than one) + * in this class on a single {@code PolicyNode} object (or more than one) * with no ill effects. This stipulation applies to all public fields and * methods of this class and any added or overridden by subclasses. * @@ -65,10 +65,10 @@ public interface PolicyNode { /** - * Returns the parent of this node, or null if this is the + * Returns the parent of this node, or {@code null} if this is the * root node. * - * @return the parent of this node, or null if this is the + * @return the parent of this node, or {@code null} if this is the * root node */ PolicyNode getParent(); @@ -76,8 +76,8 @@ /** * Returns an iterator over the children of this node. Any attempts to * modify the children of this node through the - * Iterator's remove method must throw an - * UnsupportedOperationException. + * {@code Iterator}'s remove method must throw an + * {@code UnsupportedOperationException}. * * @return an iterator over the children of this node */ @@ -94,7 +94,7 @@ /** * Returns the valid policy represented by this node. * - * @return the String OID of the valid policy + * @return the {@code String} OID of the valid policy * represented by this node. For the root node, this method always returns * the special anyPolicy OID: "2.5.29.32.0". */ @@ -104,9 +104,9 @@ * Returns the set of policy qualifiers associated with the * valid policy represented by this node. * - * @return an immutable Set of - * PolicyQualifierInfos. For the root node, this - * is always an empty Set. + * @return an immutable {@code Set} of + * {@code PolicyQualifierInfo}s. For the root node, this + * is always an empty {@code Set}. */ Set getPolicyQualifiers(); @@ -114,9 +114,9 @@ * Returns the set of expected policies that would satisfy this * node's valid policy in the next certificate to be processed. * - * @return an immutable Set of expected policy - * String OIDs. For the root node, this method - * always returns a Set with one element, the + * @return an immutable {@code Set} of expected policy + * {@code String} OIDs. For the root node, this method + * always returns a {@code Set} with one element, the * special anyPolicy OID: "2.5.29.32.0". */ Set getExpectedPolicies(); @@ -125,8 +125,8 @@ * Returns the criticality indicator of the certificate policy extension * in the most recently processed certificate. * - * @return true if extension marked critical, - * false otherwise. For the root node, false + * @return {@code true} if extension marked critical, + * {@code false} otherwise. For the root node, {@code false} * is always returned. */ boolean isCritical(); diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/PolicyQualifierInfo.java --- a/jdk/src/share/classes/java/security/cert/PolicyQualifierInfo.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/PolicyQualifierInfo.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,12 +50,12 @@ * policy information terms limit the set of policies for certification paths * which include this certificate. *

- * A Set of PolicyQualifierInfo objects are returned + * A {@code Set} of {@code PolicyQualifierInfo} objects are returned * by the {@link PolicyNode#getPolicyQualifiers PolicyNode.getPolicyQualifiers} * method. This allows applications with specific policy requirements to * process and validate each policy qualifier. Applications that need to * process policy qualifiers should explicitly set the - * policyQualifiersRejected flag to false (by calling the + * {@code policyQualifiersRejected} flag to false (by calling the * {@link PKIXParameters#setPolicyQualifiersRejected * PKIXParameters.setPolicyQualifiersRejected} method) before validating * a certification path. @@ -64,17 +64,17 @@ * that any policy qualifier in a certificate policies extension that is * marked critical must be processed and validated. Otherwise the * certification path must be rejected. If the - * policyQualifiersRejected flag is set to false, it is up to + * {@code policyQualifiersRejected} flag is set to false, it is up to * the application to validate all policy qualifiers in this manner in order * to be PKIX compliant. * *

Concurrent Access * - *

All PolicyQualifierInfo objects must be immutable and + *

All {@code PolicyQualifierInfo} objects must be immutable and * thread-safe. That is, multiple threads may concurrently invoke the - * methods defined in this class on a single PolicyQualifierInfo + * methods defined in this class on a single {@code PolicyQualifierInfo} * object (or more than one) with no ill effects. Requiring - * PolicyQualifierInfo objects to be immutable and thread-safe + * {@code PolicyQualifierInfo} objects to be immutable and thread-safe * allows them to be passed around to various pieces of code without * worrying about coordinating access. * @@ -90,7 +90,7 @@ private String pqiString; /** - * Creates an instance of PolicyQualifierInfo from the + * Creates an instance of {@code PolicyQualifierInfo} from the * encoded bytes. The encoded byte array is copied on construction. * * @param encoded a byte array containing the qualifier in DER encoding @@ -115,12 +115,12 @@ } /** - * Returns the policyQualifierId field of this - * PolicyQualifierInfo. The policyQualifierId + * Returns the {@code policyQualifierId} field of this + * {@code PolicyQualifierInfo}. The {@code policyQualifierId} * is an Object Identifier (OID) represented by a set of nonnegative * integers separated by periods. * - * @return the OID (never null) + * @return the OID (never {@code null}) */ public final String getPolicyQualifierId() { return mId; @@ -128,9 +128,9 @@ /** * Returns the ASN.1 DER encoded form of this - * PolicyQualifierInfo. + * {@code PolicyQualifierInfo}. * - * @return the ASN.1 DER encoded bytes (never null). + * @return the ASN.1 DER encoded bytes (never {@code null}). * Note that a copy is returned, so the data is cloned each time * this method is called. */ @@ -139,10 +139,10 @@ } /** - * Returns the ASN.1 DER encoded form of the qualifier - * field of this PolicyQualifierInfo. + * Returns the ASN.1 DER encoded form of the {@code qualifier} + * field of this {@code PolicyQualifierInfo}. * - * @return the ASN.1 DER encoded bytes of the qualifier + * @return the ASN.1 DER encoded bytes of the {@code qualifier} * field. Note that a copy is returned, so the data is cloned each * time this method is called. */ @@ -152,10 +152,10 @@ /** * Return a printable representation of this - * PolicyQualifierInfo. + * {@code PolicyQualifierInfo}. * - * @return a String describing the contents of this - * PolicyQualifierInfo + * @return a {@code String} describing the contents of this + * {@code PolicyQualifierInfo} */ public String toString() { if (pqiString != null) diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/TrustAnchor.java --- a/jdk/src/share/classes/java/security/cert/TrustAnchor.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/TrustAnchor.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,16 +40,16 @@ * for validating X.509 certification paths. A most-trusted CA includes the * public key of the CA, the CA's name, and any constraints upon the set of * paths which may be validated using this key. These parameters can be - * specified in the form of a trusted X509Certificate or as + * specified in the form of a trusted {@code X509Certificate} or as * individual parameters. *

* Concurrent Access *

- *

All TrustAnchor objects must be immutable and + *

All {@code TrustAnchor} objects must be immutable and * thread-safe. That is, multiple threads may concurrently invoke the - * methods defined in this class on a single TrustAnchor + * methods defined in this class on a single {@code TrustAnchor} * object (or more than one) with no ill effects. Requiring - * TrustAnchor objects to be immutable and thread-safe + * {@code TrustAnchor} objects to be immutable and thread-safe * allows them to be passed around to various pieces of code without * worrying about coordinating access. This stipulation applies to all * public fields and methods of this class and any added or overridden @@ -71,8 +71,8 @@ private NameConstraintsExtension nc; /** - * Creates an instance of TrustAnchor with the specified - * X509Certificate and optional name constraints, which + * Creates an instance of {@code TrustAnchor} with the specified + * {@code X509Certificate} and optional name constraints, which * are intended to be used as additional constraints when validating * an X.509 certification path. *

@@ -82,7 +82,7 @@ * RFC 3280 * and X.509. The ASN.1 definition of this structure appears below. * - * 


+     * 
{@code
      *  NameConstraints ::= SEQUENCE {
      *       permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
      *       excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
@@ -106,20 +106,20 @@
      *       uniformResourceIdentifier       [6]     IA5String,
      *       iPAddress                       [7]     OCTET STRING,
      *       registeredID                    [8]     OBJECT IDENTIFIER}
-     * 

+     * }
*

* Note that the name constraints byte array supplied is cloned to protect * against subsequent modifications. * - * @param trustedCert a trusted X509Certificate + * @param trustedCert a trusted {@code X509Certificate} * @param nameConstraints a byte array containing the ASN.1 DER encoding of * a NameConstraints extension to be used for checking name constraints. * Only the value of the extension is included, not the OID or criticality - * flag. Specify null to omit the parameter. + * flag. Specify {@code null} to omit the parameter. * @throws IllegalArgumentException if the name constraints cannot be * decoded * @throws NullPointerException if the specified - * X509Certificate is null + * {@code X509Certificate} is {@code null} */ public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) { @@ -134,7 +134,7 @@ } /** - * Creates an instance of TrustAnchor where the + * Creates an instance of {@code TrustAnchor} where the * most-trusted CA is specified as an X500Principal and public key. * Name constraints are an optional parameter, and are intended to be used * as additional constraints when validating an X.509 certification path. @@ -155,9 +155,9 @@ * @param nameConstraints a byte array containing the ASN.1 DER encoding of * a NameConstraints extension to be used for checking name constraints. * Only the value of the extension is included, not the OID or criticality - * flag. Specify null to omit the parameter. - * @throws NullPointerException if the specified caPrincipal or - * pubKey parameter is null + * flag. Specify {@code null} to omit the parameter. + * @throws NullPointerException if the specified {@code caPrincipal} or + * {@code pubKey} parameter is {@code null} * @since 1.5 */ public TrustAnchor(X500Principal caPrincipal, PublicKey pubKey, @@ -173,7 +173,7 @@ } /** - * Creates an instance of TrustAnchor where the + * Creates an instance of {@code TrustAnchor} where the * most-trusted CA is specified as a distinguished name and public key. * Name constraints are an optional parameter, and are intended to be used * as additional constraints when validating an X.509 certification path. @@ -191,17 +191,17 @@ * * @param caName the X.500 distinguished name of the most-trusted CA in * RFC 2253 - * String format + * {@code String} format * @param pubKey the public key of the most-trusted CA * @param nameConstraints a byte array containing the ASN.1 DER encoding of * a NameConstraints extension to be used for checking name constraints. * Only the value of the extension is included, not the OID or criticality - * flag. Specify null to omit the parameter. - * @throws IllegalArgumentException if the specified - * caName parameter is empty (caName.length() == 0) + * flag. Specify {@code null} to omit the parameter. + * @throws IllegalArgumentException if the specified + * {@code caName} parameter is empty {@code (caName.length() == 0)} * or incorrectly formatted or the name constraints cannot be decoded - * @throws NullPointerException if the specified caName or - * pubKey parameter is null + * @throws NullPointerException if the specified {@code caName} or + * {@code pubKey} parameter is {@code null} */ public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints) { @@ -225,7 +225,7 @@ /** * Returns the most-trusted CA certificate. * - * @return a trusted X509Certificate or null + * @return a trusted {@code X509Certificate} or {@code null} * if the trust anchor was not specified as a trusted certificate */ public final X509Certificate getTrustedCert() { @@ -236,7 +236,7 @@ * Returns the name of the most-trusted CA as an X500Principal. * * @return the X.500 distinguished name of the most-trusted CA, or - * null if the trust anchor was not specified as a trusted + * {@code null} if the trust anchor was not specified as a trusted * public key and name or X500Principal pair * @since 1.5 */ @@ -245,11 +245,11 @@ } /** - * Returns the name of the most-trusted CA in RFC 2253 String + * Returns the name of the most-trusted CA in RFC 2253 {@code String} * format. * * @return the X.500 distinguished name of the most-trusted CA, or - * null if the trust anchor was not specified as a trusted + * {@code null} if the trust anchor was not specified as a trusted * public key and name or X500Principal pair */ public final String getCAName() { @@ -259,7 +259,7 @@ /** * Returns the public key of the most-trusted CA. * - * @return the public key of the most-trusted CA, or null + * @return the public key of the most-trusted CA, or {@code null} * if the trust anchor was not specified as a trusted public key and name * or X500Principal pair */ @@ -306,16 +306,16 @@ * * @return a byte array containing the ASN.1 DER encoding of * a NameConstraints extension used for checking name constraints, - * or null if not set. + * or {@code null} if not set. */ public final byte [] getNameConstraints() { return ncBytes == null ? null : ncBytes.clone(); } /** - * Returns a formatted string describing the TrustAnchor. + * Returns a formatted string describing the {@code TrustAnchor}. * - * @return a formatted string describing the TrustAnchor + * @return a formatted string describing the {@code TrustAnchor} */ public String toString() { StringBuffer sb = new StringBuffer(); diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/X509CRL.java --- a/jdk/src/share/classes/java/security/cert/X509CRL.java Tue Jun 25 20:06:09 2013 +0100 +++ b/jdk/src/share/classes/java/security/cert/X509CRL.java Tue Jun 25 14:31:29 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -72,7 +72,7 @@ * RFC 3280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. *

- * The ASN.1 definition of tbsCertList is: + * The ASN.1 definition of {@code tbsCertList} is: * 

  * TBSCertList  ::=  SEQUENCE  {
  *     version                 Version OPTIONAL,
@@ -94,12 +94,12 @@
  * 

  * CRLs are instantiated using a certificate factory. The following is an
  * example of how to instantiate an X.509 CRL:
- * 

+ * 
{@code
  * try (InputStream inStream = new FileInputStream("fileName-of-crl")) {
  *     CertificateFactory cf = CertificateFactory.getInstance("X.509");
  *     X509CRL crl = (X509CRL)cf.generateCRL(inStream);
  * }
- * 

+ * }

  *
  * @author Hemma Prafullchandra
  *
@@ -122,8 +122,8 @@
 
     /**
      * Compares this CRL for equality with the given
-     * object. If the other object is an
-     * instanceof X509CRL, then
+     * object. If the {@code other} object is an
+     * {@code instanceof} {@code X509CRL}, then
      * its encoded form is retrieved and compared with the
      * encoded form of this CRL.
      *
@@ -225,7 +225,7 @@
      *
      * This method was added to version 1.8 of the Java Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not abstract
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation.
      *
      * @param key the PublicKey used to carry out the verification.
@@ -245,7 +245,7 @@
     }
 
     /**
-     * Gets the version (version number) value from the CRL.
+     * Gets the {@code version} (version number) value from the CRL.
      * The ASN.1 definition for this is:
      * 
      * version    Version OPTIONAL,
@@ -261,12 +261,12 @@
 
     /**
      * Denigrated, replaced by {@linkplain
-     * #getIssuerX500Principal()}. This method returns the issuer
+     * #getIssuerX500Principal()}. This method returns the {@code issuer}
      * as an implementation specific Principal object, which should not be
      * relied upon by portable code.
      *
      * 

-     * Gets the issuer (issuer distinguished name) value from
+     * Gets the {@code issuer} (issuer distinguished name) value from
      * the CRL. The issuer name identifies the entity that signed (and
      * issued) the CRL.
      *
@@ -287,14 +287,14 @@
      * AttributeType ::= OBJECT IDENTIFIER
      * AttributeValue ::= ANY
      * 

-     * The Name describes a hierarchical name composed of
+     * The {@code Name} describes a hierarchical name composed of
      * attributes,
      * such as country name, and corresponding values, such as US.
-     * The type of the AttributeValue component is determined by
-     * the AttributeType; in general it will be a
-     * directoryString. A directoryString is usually
-     * one of PrintableString,
-     * TeletexString or UniversalString.
+     * The type of the {@code AttributeValue} component is determined by
+     * the {@code AttributeType}; in general it will be a
+     * {@code directoryString}. A {@code directoryString} is usually
+     * one of {@code PrintableString},
+     * {@code TeletexString} or {@code UniversalString}.
      *
      * @return a Principal whose name is the issuer distinguished name.
      */
@@ -302,11 +302,11 @@
 
     /**
      * Returns the issuer (issuer distinguished name) value from the
-     * CRL as an X500Principal.
+     * CRL as an {@code X500Principal}.
      * 

      * It is recommended that subclasses override this method.
      *
-     * @return an X500Principal representing the issuer
+     * @return an {@code X500Principal} representing the issuer
      *          distinguished name
      * @since 1.4
      */
@@ -318,7 +318,7 @@
     }
 
     /**
-     * Gets the thisUpdate date from the CRL.
+     * Gets the {@code thisUpdate} date from the CRL.
      * The ASN.1 definition for this is:
      * 
      * thisUpdate   ChoiceOfTime
@@ -327,14 +327,14 @@
      *     generalTime    GeneralizedTime }
      * 

      *
-     * @return the thisUpdate date from the CRL.
+     * @return the {@code thisUpdate} date from the CRL.
      */
     public abstract Date getThisUpdate();
 
     /**
-     * Gets the nextUpdate date from the CRL.
+     * Gets the {@code nextUpdate} date from the CRL.
      *
-     * @return the nextUpdate date from the CRL, or null if
+     * @return the {@code nextUpdate} date from the CRL, or null if
      * not present.
      */
     public abstract Date getNextUpdate();
@@ -388,7 +388,7 @@
 
     /**
      * Gets the DER-encoded CRL information, the
-     * tbsCertList from this CRL.
+     * {@code tbsCertList} from this CRL.
      * This can be used to verify the signature independently.
      *
      * @return the DER-encoded CRL information.
@@ -397,7 +397,7 @@
     public abstract byte[] getTBSCertList() throws CRLException;
 
     /**
-     * Gets the signature value (the raw signature bits) from
+     * Gets the {@code signature} value (the raw signature bits) from
      * the CRL.
      * The ASN.1 definition for this is:
      * 
@@ -422,7 +422,7 @@
      *                             -- algorithm object identifier value
      * 

      *
-     * 
The algorithm name is determined from the algorithm
+     * 
The algorithm name is determined from the {@code algorithm}
      * OID string.
      *
      * @return the signature algorithm name.
diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/X509CRLEntry.java
--- a/jdk/src/share/classes/java/security/cert/X509CRLEntry.java	Tue Jun 25 20:06:09 2013 +0100
+++ b/jdk/src/share/classes/java/security/cert/X509CRLEntry.java	Tue Jun 25 14:31:29 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,8 +68,8 @@
 
     /**
      * Compares this CRL entry for equality with the given
-     * object. If the other object is an
-     * instanceof X509CRLEntry, then
+     * object. If the {@code other} object is an
+     * {@code instanceof} {@code X509CRLEntry}, then
      * its encoded form (the inner SEQUENCE) is retrieved and compared
      * with the encoded form of this CRL entry.
      *
@@ -178,7 +178,7 @@
      * in the Reason Code extension of this CRL entry.
      *
      * @return the reason the certificate has been revoked, or
-     *    null if this CRL entry does not have
+     *    {@code null} if this CRL entry does not have
      *    a Reason Code extension
      * @since 1.7
      */
diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/X509CRLSelector.java
--- a/jdk/src/share/classes/java/security/cert/X509CRLSelector.java	Tue Jun 25 20:06:09 2013 +0100
+++ b/jdk/src/share/classes/java/security/cert/X509CRLSelector.java	Tue Jun 25 14:31:29 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,18 +37,18 @@
 import sun.security.x509.X500Name;
 
 /**
- * A CRLSelector that selects X509CRLs that
+ * A {@code CRLSelector} that selects {@code X509CRLs} that
  * match all specified criteria. This class is particularly useful when
- * selecting CRLs from a CertStore to check revocation status
+ * selecting CRLs from a {@code CertStore} to check revocation status
  * of a particular certificate.
  * 

- * When first constructed, an X509CRLSelector has no criteria
- * enabled and each of the get methods return a default
- * value (null). Therefore, the {@link #match match} method
- * would return true for any X509CRL. Typically,
+ * When first constructed, an {@code X509CRLSelector} has no criteria
+ * enabled and each of the {@code get} methods return a default
+ * value ({@code null}). Therefore, the {@link #match match} method
+ * would return {@code true} for any {@code X509CRL}. Typically,
  * several criteria are enabled (by calling {@link #setIssuers setIssuers}
  * or {@link #setDateAndTime setDateAndTime}, for instance) and then the
- * X509CRLSelector is passed to
+ * {@code X509CRLSelector} is passed to
  * {@link CertStore#getCRLs CertStore.getCRLs} or some similar
  * method.
  * 

@@ -86,35 +86,35 @@
     private long skew = 0;
 
     /**
-     * Creates an X509CRLSelector. Initially, no criteria are set
-     * so any X509CRL will match.
+     * Creates an {@code X509CRLSelector}. Initially, no criteria are set
+     * so any {@code X509CRL} will match.
      */
     public X509CRLSelector() {}
 
     /**
      * Sets the issuerNames criterion. The issuer distinguished name in the
-     * X509CRL must match at least one of the specified
-     * distinguished names. If null, any issuer distinguished name
+     * {@code X509CRL} must match at least one of the specified
+     * distinguished names. If {@code null}, any issuer distinguished name
      * will do.
      * 

      * This method allows the caller to specify, with a single method call,
-     * the complete set of issuer names which X509CRLs may contain.
+     * the complete set of issuer names which {@code X509CRLs} may contain.
      * The specified value replaces the previous value for the issuerNames
      * criterion.
      * 

-     * The names parameter (if not null) is a
-     * Collection of X500Principals.
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} of {@code X500Principal}s.
      * 

-     * Note that the names parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * distinguished names, but they may be removed from the
-     * Collection of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getIssuers getIssuers} method.
      * 

-     * Note that a copy is performed on the Collection to
+     * Note that a copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param issuers a Collection of X500Principals
-     *   (or null)
+     * @param issuers a {@code Collection} of X500Principals
+     *   (or {@code null})
      * @see #getIssuers
      * @since 1.5
      */
@@ -138,31 +138,31 @@
      * this method. See {@link #addIssuerName(String)} for more information.
      * 

      * Sets the issuerNames criterion. The issuer distinguished name in the
-     * X509CRL must match at least one of the specified
-     * distinguished names. If null, any issuer distinguished name
+     * {@code X509CRL} must match at least one of the specified
+     * distinguished names. If {@code null}, any issuer distinguished name
      * will do.
      * 

      * This method allows the caller to specify, with a single method call,
-     * the complete set of issuer names which X509CRLs may contain.
+     * the complete set of issuer names which {@code X509CRLs} may contain.
      * The specified value replaces the previous value for the issuerNames
      * criterion.
      * 

-     * The names parameter (if not null) is a
-     * Collection of names. Each name is a String
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} of names. Each name is a {@code String}
      * or a byte array representing a distinguished name (in
      * RFC 2253 or
-     * ASN.1 DER encoded form, respectively). If null is supplied
+     * ASN.1 DER encoded form, respectively). If {@code null} is supplied
      * as the value for this argument, no issuerNames check will be performed.
      * 

-     * Note that the names parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * distinguished names, but they may be removed from the
-     * Collection of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getIssuerNames getIssuerNames} method.
      * 

      * If a name is specified as a byte array, it should contain a single DER
      * encoded distinguished name, as defined in X.501. The ASN.1 notation for
      * this structure is as follows.
-     * 

+     * 
{@code
      * Name ::= CHOICE {
      *   RDNSequence }
      *
@@ -185,12 +185,12 @@
      *       universalString         UniversalString (SIZE (1..MAX)),
      *       utf8String              UTF8String (SIZE (1.. MAX)),
      *       bmpString               BMPString (SIZE (1..MAX)) }
-     * 

+     * }

      * 

-     * Note that a deep copy is performed on the Collection to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param names a Collection of names (or null)
+     * @param names a {@code Collection} of names (or {@code null})
      * @throws IOException if a parsing error occurs
      * @see #getIssuerNames
      */
@@ -208,11 +208,11 @@
 
     /**
      * Adds a name to the issuerNames criterion. The issuer distinguished
-     * name in the X509CRL must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      * 

      * This method allows the caller to add a name to the set of issuer names
-     * which X509CRLs may contain. The specified name is added to
+     * which {@code X509CRLs} may contain. The specified name is added to
      * any previous value for the issuerNames criterion.
      * If the specified name is a duplicate, it may be ignored.
      *
@@ -232,11 +232,11 @@
      * names.
      * 

      * Adds a name to the issuerNames criterion. The issuer distinguished
-     * name in the X509CRL must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      * 

      * This method allows the caller to add a name to the set of issuer names
-     * which X509CRLs may contain. The specified name is added to
+     * which {@code X509CRLs} may contain. The specified name is added to
      * any previous value for the issuerNames criterion.
      * If the specified name is a duplicate, it may be ignored.
      *
@@ -249,11 +249,11 @@
 
     /**
      * Adds a name to the issuerNames criterion. The issuer distinguished
-     * name in the X509CRL must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      * 

      * This method allows the caller to add a name to the set of issuer names
-     * which X509CRLs may contain. The specified name is added to
+     * which {@code X509CRLs} may contain. The specified name is added to
      * any previous value for the issuerNames criterion. If the specified name
      * is a duplicate, it may be ignored.
      * If a name is specified as a byte array, it should contain a single DER
@@ -279,7 +279,7 @@
     /**
      * A private method that adds a name (String or byte array) to the
      * issuerNames criterion. The issuer distinguished
-     * name in the X509CRL must match at least one of the specified
+     * name in the {@code X509CRL} must match at least one of the specified
      * distinguished names.
      *
      * @param name the name in string or byte array form
@@ -301,11 +301,11 @@
      * Clone and check an argument of the form passed to
      * setIssuerNames. Throw an IOException if the argument is malformed.
      *
-     * @param names a Collection of names. Each entry is a
+     * @param names a {@code Collection} of names. Each entry is a
      *              String or a byte array (the name, in string or ASN.1
-     *              DER encoded form, respectively). null is
+     *              DER encoded form, respectively). {@code null} is
      *              not an acceptable value.
-     * @return a deep copy of the specified Collection
+     * @return a deep copy of the specified {@code Collection}
      * @throws IOException if a parsing error occurs
      */
     private static HashSet cloneAndCheckIssuerNames(Collection names)
@@ -334,11 +334,11 @@
      * into a RuntimeException. This method should be used when the object being
      * cloned has already been checked, so there should never be any exceptions.
      *
-     * @param names a Collection of names. Each entry is a
+     * @param names a {@code Collection} of names. Each entry is a
      *              String or a byte array (the name, in string or ASN.1
-     *              DER encoded form, respectively). null is
+     *              DER encoded form, respectively). {@code null} is
      *              not an acceptable value.
-     * @return a deep copy of the specified Collection
+     * @return a deep copy of the specified {@code Collection}
      * @throws RuntimeException if a parsing error occurs
      */
     private static HashSet cloneIssuerNames(Collection names) {
@@ -354,7 +354,7 @@
      * returning a Collection of issuerX500Principals.
      * Throw an IOException if the argument is malformed.
      *
-     * @param names a Collection of names. Each entry is a
+     * @param names a {@code Collection} of names. Each entry is a
      *              String or a byte array (the name, in string or ASN.1
      *              DER encoded form, respectively). Null is
      *              not an acceptable value.
@@ -380,24 +380,24 @@
     }
 
     /**
-     * Sets the minCRLNumber criterion. The X509CRL must have a
+     * Sets the minCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is greater than or equal to the
-     * specified value. If null, no minCRLNumber check will be
+     * specified value. If {@code null}, no minCRLNumber check will be
      * done.
      *
-     * @param minCRL the minimum CRL number accepted (or null)
+     * @param minCRL the minimum CRL number accepted (or {@code null})
      */
     public void setMinCRLNumber(BigInteger minCRL) {
         this.minCRL = minCRL;
     }
 
     /**
-     * Sets the maxCRLNumber criterion. The X509CRL must have a
+     * Sets the maxCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is less than or equal to the
-     * specified value. If null, no maxCRLNumber check will be
+     * specified value. If {@code null}, no maxCRLNumber check will be
      * done.
      *
-     * @param maxCRL the maximum CRL number accepted (or null)
+     * @param maxCRL the maximum CRL number accepted (or {@code null})
      */
     public void setMaxCRLNumber(BigInteger maxCRL) {
         this.maxCRL = maxCRL;
@@ -406,16 +406,16 @@
     /**
      * Sets the dateAndTime criterion. The specified date must be
      * equal to or later than the value of the thisUpdate component
-     * of the X509CRL and earlier than the value of the
-     * nextUpdate component. There is no match if the X509CRL
+     * of the {@code X509CRL} and earlier than the value of the
+     * nextUpdate component. There is no match if the {@code X509CRL}
      * does not contain a nextUpdate component.
-     * If null, no dateAndTime check will be done.
+     * If {@code null}, no dateAndTime check will be done.
      * 

-     * Note that the Date supplied here is cloned to protect
+     * Note that the {@code Date} supplied here is cloned to protect
      * against subsequent modifications.
      *
-     * @param dateAndTime the Date to match against
-     *                    (or null)
+     * @param dateAndTime the {@code Date} to match against
+     *                    (or {@code null})
      * @see #getDateAndTime
      */
     public void setDateAndTime(Date dateAndTime) {
@@ -438,13 +438,13 @@
 
     /**
      * Sets the certificate being checked. This is not a criterion. Rather,
-     * it is optional information that may help a CertStore
+     * it is optional information that may help a {@code CertStore}
      * find CRLs that would be relevant when checking revocation for the
-     * specified certificate. If null is specified, then no
+     * specified certificate. If {@code null} is specified, then no
      * such optional information is provided.
      *
-     * @param cert the X509Certificate being checked
-     *             (or null)
+     * @param cert the {@code X509Certificate} being checked
+     *             (or {@code null})
      * @see #getCertificateChecking
      */
     public void setCertificateChecking(X509Certificate cert) {
@@ -453,15 +453,15 @@
 
     /**
      * Returns the issuerNames criterion. The issuer distinguished
-     * name in the X509CRL must match at least one of the specified
-     * distinguished names. If the value returned is null, any
+     * name in the {@code X509CRL} must match at least one of the specified
+     * distinguished names. If the value returned is {@code null}, any
      * issuer distinguished name will do.
      * 

-     * If the value returned is not null, it is a
-     * unmodifiable Collection of X500Principals.
+     * If the value returned is not {@code null}, it is a
+     * unmodifiable {@code Collection} of {@code X500Principal}s.
      *
-     * @return an unmodifiable Collection of names
-     *   (or null)
+     * @return an unmodifiable {@code Collection} of names
+     *   (or {@code null})
      * @see #setIssuers
      * @since 1.5
      */
@@ -474,25 +474,25 @@
 
     /**
      * Returns a copy of the issuerNames criterion. The issuer distinguished
-     * name in the X509CRL must match at least one of the specified
-     * distinguished names. If the value returned is null, any
+     * name in the {@code X509CRL} must match at least one of the specified
+     * distinguished names. If the value returned is {@code null}, any
      * issuer distinguished name will do.
      * 

-     * If the value returned is not null, it is a
-     * Collection of names. Each name is a String
+     * If the value returned is not {@code null}, it is a
+     * {@code Collection} of names. Each name is a {@code String}
      * or a byte array representing a distinguished name (in RFC 2253 or
      * ASN.1 DER encoded form, respectively).  Note that the
-     * Collection returned may contain duplicate names.
+     * {@code Collection} returned may contain duplicate names.
      * 

      * If a name is specified as a byte array, it should contain a single DER
      * encoded distinguished name, as defined in X.501. The ASN.1 notation for
      * this structure is given in the documentation for
      * {@link #setIssuerNames setIssuerNames(Collection names)}.
      * 

-     * Note that a deep copy is performed on the Collection to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @return a Collection of names (or null)
+     * @return a {@code Collection} of names (or {@code null})
      * @see #setIssuerNames
      */
     public Collection getIssuerNames() {
@@ -503,23 +503,23 @@
     }
 
     /**
-     * Returns the minCRLNumber criterion. The X509CRL must have a
+     * Returns the minCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is greater than or equal to the
-     * specified value. If null, no minCRLNumber check will be done.
+     * specified value. If {@code null}, no minCRLNumber check will be done.
      *
-     * @return the minimum CRL number accepted (or null)
+     * @return the minimum CRL number accepted (or {@code null})
      */
     public BigInteger getMinCRL() {
         return minCRL;
     }
 
     /**
-     * Returns the maxCRLNumber criterion. The X509CRL must have a
+     * Returns the maxCRLNumber criterion. The {@code X509CRL} must have a
      * CRL number extension whose value is less than or equal to the
-     * specified value. If null, no maxCRLNumber check will be
+     * specified value. If {@code null}, no maxCRLNumber check will be
      * done.
      *
-     * @return the maximum CRL number accepted (or null)
+     * @return the maximum CRL number accepted (or {@code null})
      */
     public BigInteger getMaxCRL() {
         return maxCRL;
@@ -528,15 +528,15 @@
     /**
      * Returns the dateAndTime criterion. The specified date must be
      * equal to or later than the value of the thisUpdate component
-     * of the X509CRL and earlier than the value of the
+     * of the {@code X509CRL} and earlier than the value of the
      * nextUpdate component. There is no match if the
-     * X509CRL does not contain a nextUpdate component.
-     * If null, no dateAndTime check will be done.
+     * {@code X509CRL} does not contain a nextUpdate component.
+     * If {@code null}, no dateAndTime check will be done.
      * 

-     * Note that the Date returned is cloned to protect against
+     * Note that the {@code Date} returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the Date to match against (or null)
+     * @return the {@code Date} to match against (or {@code null})
      * @see #setDateAndTime
      */
     public Date getDateAndTime() {
@@ -547,12 +547,12 @@
 
     /**
      * Returns the certificate being checked. This is not a criterion. Rather,
-     * it is optional information that may help a CertStore
+     * it is optional information that may help a {@code CertStore}
      * find CRLs that would be relevant when checking revocation for the
-     * specified certificate. If the value returned is null, then
+     * specified certificate. If the value returned is {@code null}, then
      * no such optional information is provided.
      *
-     * @return the certificate being checked (or null)
+     * @return the certificate being checked (or {@code null})
      * @see #setCertificateChecking
      */
     public X509Certificate getCertificateChecking() {
@@ -560,10 +560,10 @@
     }
 
     /**
-     * Returns a printable representation of the X509CRLSelector.
+     * Returns a printable representation of the {@code X509CRLSelector}.
      *
-     * @return a String describing the contents of the
-     *         X509CRLSelector.
+     * @return a {@code String} describing the contents of the
+     *         {@code X509CRLSelector}.
      */
     public String toString() {
         StringBuffer sb = new StringBuffer();
@@ -587,11 +587,11 @@
     }
 
     /**
-     * Decides whether a CRL should be selected.
+     * Decides whether a {@code CRL} should be selected.
      *
-     * @param crl the CRL to be checked
-     * @return true if the CRL should be selected,
-     *         false otherwise
+     * @param crl the {@code CRL} to be checked
+     * @return {@code true} if the {@code CRL} should be selected,
+     *         {@code false} otherwise
      */
     public boolean match(CRL crl) {
         if (!(crl instanceof X509CRL)) {
diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/X509CertSelector.java
--- a/jdk/src/share/classes/java/security/cert/X509CertSelector.java	Tue Jun 25 20:06:09 2013 +0100
+++ b/jdk/src/share/classes/java/security/cert/X509CertSelector.java	Tue Jun 25 14:31:29 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,27 +39,27 @@
 import sun.security.x509.*;
 
 /**
- * A CertSelector that selects X509Certificates that
+ * A {@code CertSelector} that selects {@code X509Certificates} that
  * match all specified criteria. This class is particularly useful when
- * selecting certificates from a CertStore to build a
+ * selecting certificates from a {@code CertStore} to build a
  * PKIX-compliant certification path.
  * 

- * When first constructed, an X509CertSelector has no criteria
- * enabled and each of the get methods return a default value
- * (null, or -1 for the {@link #getBasicConstraints
+ * When first constructed, an {@code X509CertSelector} has no criteria
+ * enabled and each of the {@code get} methods return a default value
+ * ({@code null}, or {@code -1} for the {@link #getBasicConstraints
  * getBasicConstraints} method). Therefore, the {@link #match match}
- * method would return true for any X509Certificate.
+ * method would return {@code true} for any {@code X509Certificate}.
  * Typically, several criteria are enabled (by calling
  * {@link #setIssuer setIssuer} or
  * {@link #setKeyUsage setKeyUsage}, for instance) and then the
- * X509CertSelector is passed to
+ * {@code X509CertSelector} is passed to
  * {@link CertStore#getCertificates CertStore.getCertificates} or some similar
  * method.
  * 

  * Several criteria can be enabled (by calling {@link #setIssuer setIssuer}
  * and {@link #setSerialNumber setSerialNumber},
- * for example) such that the match method
- * usually uniquely matches a single X509Certificate. We say
+ * for example) such that the {@code match} method
+ * usually uniquely matches a single {@code X509Certificate}. We say
  * usually, since it is possible for two issuing CAs to have the same
  * distinguished name and each issue a certificate with the same serial
  * number. Other unique combinations include the issuer, subject,
@@ -149,8 +149,8 @@
     static final int NAME_OID = 8;
 
     /**
-     * Creates an X509CertSelector. Initially, no criteria are set
-     * so any X509Certificate will match.
+     * Creates an {@code X509CertSelector}. Initially, no criteria are set
+     * so any {@code X509Certificate} will match.
      */
     public X509CertSelector() {
         // empty
@@ -158,17 +158,17 @@
 
     /**
      * Sets the certificateEquals criterion. The specified
-     * X509Certificate must be equal to the
-     * X509Certificate passed to the match method.
-     * If null, then this check is not applied.
+     * {@code X509Certificate} must be equal to the
+     * {@code X509Certificate} passed to the {@code match} method.
+     * If {@code null}, then this check is not applied.
      *
      * 
This method is particularly useful when it is necessary to
      * match a single certificate. Although other criteria can be specified
      * in conjunction with the certificateEquals criterion, it is usually not
      * practical or necessary.
      *
-     * @param cert the X509Certificate to match (or
-     * null)
+     * @param cert the {@code X509Certificate} to match (or
+     * {@code null})
      * @see #getCertificate
      */
     public void setCertificate(X509Certificate cert) {
@@ -178,11 +178,11 @@
     /**
      * Sets the serialNumber criterion. The specified serial number
      * must match the certificate serial number in the
-     * X509Certificate. If null, any certificate
+     * {@code X509Certificate}. If {@code null}, any certificate
      * serial number will do.
      *
      * @param serial the certificate serial number to match
-     *        (or null)
+     *        (or {@code null})
      * @see #getSerialNumber
      */
     public void setSerialNumber(BigInteger serial) {
@@ -192,11 +192,11 @@
     /**
      * Sets the issuer criterion. The specified distinguished name
      * must match the issuer distinguished name in the
-     * X509Certificate. If null, any issuer
+     * {@code X509Certificate}. If {@code null}, any issuer
      * distinguished name will do.
      *
      * @param issuer a distinguished name as X500Principal
-     *                 (or null)
+     *                 (or {@code null})
      * @since 1.5
      */
     public void setIssuer(X500Principal issuer) {
@@ -213,14 +213,14 @@
      * 

      * Sets the issuer criterion. The specified distinguished name
      * must match the issuer distinguished name in the
-     * X509Certificate. If null, any issuer
+     * {@code X509Certificate}. If {@code null}, any issuer
      * distinguished name will do.
      * 

-     * If issuerDN is not null, it should contain a
+     * If {@code issuerDN} is not {@code null}, it should contain a
      * distinguished name, in RFC 2253 format.
      *
      * @param issuerDN a distinguished name in RFC 2253 format
-     *                 (or null)
+     *                 (or {@code null})
      * @throws IOException if a parsing error occurs (incorrect form for DN)
      */
     public void setIssuer(String issuerDN) throws IOException {
@@ -234,14 +234,14 @@
     /**
      * Sets the issuer criterion. The specified distinguished name
      * must match the issuer distinguished name in the
-     * X509Certificate. If null is specified,
+     * {@code X509Certificate}. If {@code null} is specified,
      * the issuer criterion is disabled and any issuer distinguished name will
      * do.
      * 

-     * If issuerDN is not null, it should contain a
+     * If {@code issuerDN} is not {@code null}, it should contain a
      * single DER encoded distinguished name, as defined in X.501. The ASN.1
      * notation for this structure is as follows.
-     * 

+     * 
{@code
      * Name ::= CHOICE {
      *   RDNSequence }
      *
@@ -264,13 +264,13 @@
      *       universalString         UniversalString (SIZE (1..MAX)),
      *       utf8String              UTF8String (SIZE (1.. MAX)),
      *       bmpString               BMPString (SIZE (1..MAX)) }
-     * 

+     * }

      * 

      * Note that the byte array specified here is cloned to protect against
      * subsequent modifications.
      *
      * @param issuerDN a byte array containing the distinguished name
-     *                 in ASN.1 DER encoded form (or null)
+     *                 in ASN.1 DER encoded form (or {@code null})
      * @throws IOException if an encoding error occurs (incorrect form for DN)
      */
     public void setIssuer(byte[] issuerDN) throws IOException {
@@ -284,11 +284,11 @@
     /**
      * Sets the subject criterion. The specified distinguished name
      * must match the subject distinguished name in the
-     * X509Certificate. If null, any subject
+     * {@code X509Certificate}. If {@code null}, any subject
      * distinguished name will do.
      *
      * @param subject a distinguished name as X500Principal
-     *                  (or null)
+     *                  (or {@code null})
      * @since 1.5
      */
     public void setSubject(X500Principal subject) {
@@ -304,14 +304,14 @@
      * 

      * Sets the subject criterion. The specified distinguished name
      * must match the subject distinguished name in the
-     * X509Certificate. If null, any subject
+     * {@code X509Certificate}. If {@code null}, any subject
      * distinguished name will do.
      * 

-     * If subjectDN is not null, it should contain a
+     * If {@code subjectDN} is not {@code null}, it should contain a
      * distinguished name, in RFC 2253 format.
      *
      * @param subjectDN a distinguished name in RFC 2253 format
-     *                  (or null)
+     *                  (or {@code null})
      * @throws IOException if a parsing error occurs (incorrect form for DN)
      */
     public void setSubject(String subjectDN) throws IOException {
@@ -325,16 +325,16 @@
     /**
      * Sets the subject criterion. The specified distinguished name
      * must match the subject distinguished name in the
-     * X509Certificate. If null, any subject
+     * {@code X509Certificate}. If {@code null}, any subject
      * distinguished name will do.
      * 

-     * If subjectDN is not null, it should contain a
+     * If {@code subjectDN} is not {@code null}, it should contain a
      * single DER encoded distinguished name, as defined in X.501. For the ASN.1
      * notation for this structure, see
      * {@link #setIssuer(byte [] issuerDN) setIssuer(byte [] issuerDN)}.
      *
      * @param subjectDN a byte array containing the distinguished name in
-     *                  ASN.1 DER format (or null)
+     *                  ASN.1 DER format (or {@code null})
      * @throws IOException if an encoding error occurs (incorrect form for DN)
      */
     public void setSubject(byte[] subjectDN) throws IOException {
@@ -347,34 +347,34 @@
 
     /**
      * Sets the subjectKeyIdentifier criterion. The
-     * X509Certificate must contain a SubjectKeyIdentifier
+     * {@code X509Certificate} must contain a SubjectKeyIdentifier
      * extension for which the contents of the extension
      * matches the specified criterion value.
-     * If the criterion value is null, no
+     * If the criterion value is {@code null}, no
      * subjectKeyIdentifier check will be done.
      * 

-     * If subjectKeyID is not null, it
+     * If {@code subjectKeyID} is not {@code null}, it
      * should contain a single DER encoded value corresponding to the contents
      * of the extension value (not including the object identifier,
      * criticality setting, and encapsulating OCTET STRING)
      * for a SubjectKeyIdentifier extension.
      * The ASN.1 notation for this structure follows.
      * 

-     * 

+     * 
{@code
      * SubjectKeyIdentifier ::= KeyIdentifier
      *
      * KeyIdentifier ::= OCTET STRING
-     * 

+     * }

      * 

      * Since the format of subject key identifiers is not mandated by
      * any standard, subject key identifiers are not parsed by the
-     * X509CertSelector. Instead, the values are compared using
+     * {@code X509CertSelector}. Instead, the values are compared using
      * a byte-by-byte comparison.
      * 

      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
      *
-     * @param subjectKeyID the subject key identifier (or null)
+     * @param subjectKeyID the subject key identifier (or {@code null})
      * @see #getSubjectKeyIdentifier
      */
     public void setSubjectKeyIdentifier(byte[] subjectKeyID) {
@@ -387,46 +387,46 @@
 
     /**
      * Sets the authorityKeyIdentifier criterion. The
-     * X509Certificate must contain an
+     * {@code X509Certificate} must contain an
      * AuthorityKeyIdentifier extension for which the contents of the
      * extension value matches the specified criterion value.
-     * If the criterion value is null, no
+     * If the criterion value is {@code null}, no
      * authorityKeyIdentifier check will be done.
      * 

-     * If authorityKeyID is not null, it
+     * If {@code authorityKeyID} is not {@code null}, it
      * should contain a single DER encoded value corresponding to the contents
      * of the extension value (not including the object identifier,
      * criticality setting, and encapsulating OCTET STRING)
      * for an AuthorityKeyIdentifier extension.
      * The ASN.1 notation for this structure follows.
      * 

-     * 

+     * 
{@code
      * AuthorityKeyIdentifier ::= SEQUENCE {
      *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
      *
      * KeyIdentifier ::= OCTET STRING
-     * 

+     * }

      * 

      * Authority key identifiers are not parsed by the
-     * X509CertSelector.  Instead, the values are
+     * {@code X509CertSelector}.  Instead, the values are
      * compared using a byte-by-byte comparison.
      * 

-     * When the keyIdentifier field of
-     * AuthorityKeyIdentifier is populated, the value is
-     * usually taken from the SubjectKeyIdentifier extension
+     * When the {@code keyIdentifier} field of
+     * {@code AuthorityKeyIdentifier} is populated, the value is
+     * usually taken from the {@code SubjectKeyIdentifier} extension
      * in the issuer's certificate.  Note, however, that the result of
-     * X509Certificate.getExtensionValue(<SubjectKeyIdentifier Object
-     * Identifier>) on the issuer's certificate may NOT be used
-     * directly as the input to setAuthorityKeyIdentifier.
+     * {@code X509Certificate.getExtensionValue()} on the issuer's certificate may NOT be used
+     * directly as the input to {@code setAuthorityKeyIdentifier}.
      * This is because the SubjectKeyIdentifier contains
      * only a KeyIdentifier OCTET STRING, and not a SEQUENCE of
      * KeyIdentifier, GeneralNames, and CertificateSerialNumber.
      * In order to use the extension value of the issuer certificate's
-     * SubjectKeyIdentifier
+     * {@code SubjectKeyIdentifier}
      * extension, it will be necessary to extract the value of the embedded
-     * KeyIdentifier OCTET STRING, then DER encode this OCTET
+     * {@code KeyIdentifier} OCTET STRING, then DER encode this OCTET
      * STRING inside a SEQUENCE.
      * For more details on SubjectKeyIdentifier, see
      * {@link #setSubjectKeyIdentifier(byte[] subjectKeyID)}.
@@ -435,7 +435,7 @@
      * subsequent modifications.
      *
      * @param authorityKeyID the authority key identifier
-     *        (or null)
+     *        (or {@code null})
      * @see #getAuthorityKeyIdentifier
      */
     public void setAuthorityKeyIdentifier(byte[] authorityKeyID) {
@@ -449,13 +449,13 @@
     /**
      * Sets the certificateValid criterion. The specified date must fall
      * within the certificate validity period for the
-     * X509Certificate. If null, no certificateValid
+     * {@code X509Certificate}. If {@code null}, no certificateValid
      * check will be done.
      * 

-     * Note that the Date supplied here is cloned to protect
+     * Note that the {@code Date} supplied here is cloned to protect
      * against subsequent modifications.
      *
-     * @param certValid the Date to check (or null)
+     * @param certValid the {@code Date} to check (or {@code null})
      * @see #getCertificateValid
      */
     public void setCertificateValid(Date certValid) {
@@ -469,14 +469,14 @@
     /**
      * Sets the privateKeyValid criterion. The specified date must fall
      * within the private key validity period for the
-     * X509Certificate. If null, no privateKeyValid
+     * {@code X509Certificate}. If {@code null}, no privateKeyValid
      * check will be done.
      * 

-     * Note that the Date supplied here is cloned to protect
+     * Note that the {@code Date} supplied here is cloned to protect
      * against subsequent modifications.
      *
-     * @param privateKeyValid the Date to check (or
-     *                        null)
+     * @param privateKeyValid the {@code Date} to check (or
+     *                        {@code null})
      * @see #getPrivateKeyValid
      */
     public void setPrivateKeyValid(Date privateKeyValid) {
@@ -489,12 +489,12 @@
 
     /**
      * Sets the subjectPublicKeyAlgID criterion. The
-     * X509Certificate must contain a subject public key
-     * with the specified algorithm. If null, no
+     * {@code X509Certificate} must contain a subject public key
+     * with the specified algorithm. If {@code null}, no
      * subjectPublicKeyAlgID check will be done.
      *
      * @param oid The object identifier (OID) of the algorithm to check
-     *            for (or null). An OID is represented by a
+     *            for (or {@code null}). An OID is represented by a
      *            set of nonnegative integers separated by periods.
      * @throws IOException if the OID is invalid, such as
      * the first component being not 0, 1 or 2 or the second component
@@ -512,10 +512,10 @@
 
     /**
      * Sets the subjectPublicKey criterion. The
-     * X509Certificate must contain the specified subject public
-     * key. If null, no subjectPublicKey check will be done.
+     * {@code X509Certificate} must contain the specified subject public
+     * key. If {@code null}, no subjectPublicKey check will be done.
      *
-     * @param key the subject public key to check for (or null)
+     * @param key the subject public key to check for (or {@code null})
      * @see #getSubjectPublicKey
      */
     public void setSubjectPublicKey(PublicKey key) {
@@ -529,17 +529,17 @@
     }
 
     /**
-     * Sets the subjectPublicKey criterion. The X509Certificate
-     * must contain the specified subject public key. If null,
+     * Sets the subjectPublicKey criterion. The {@code X509Certificate}
+     * must contain the specified subject public key. If {@code null},
      * no subjectPublicKey check will be done.
      * 

      * Because this method allows the public key to be specified as a byte
      * array, it may be used for unknown key types.
      * 

-     * If key is not null, it should contain a
+     * If {@code key} is not {@code null}, it should contain a
      * single DER encoded SubjectPublicKeyInfo structure, as defined in X.509.
      * The ASN.1 notation for this structure is as follows.
-     * 

+     * 
{@code
      * SubjectPublicKeyInfo  ::=  SEQUENCE  {
      *   algorithm            AlgorithmIdentifier,
      *   subjectPublicKey     BIT STRING  }
@@ -550,13 +550,13 @@
      *                              -- contains a value of the type
      *                              -- registered for use with the
      *                              -- algorithm object identifier value
-     * 

+     * }

      * 

      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
      *
      * @param key a byte array containing the subject public key in ASN.1 DER
-     *            form (or null)
+     *            form (or {@code null})
      * @throws IOException if an encoding error occurs (incorrect form for
      * subject public key)
      * @see #getSubjectPublicKey
@@ -572,9 +572,9 @@
     }
 
     /**
-     * Sets the keyUsage criterion. The X509Certificate
-     * must allow the specified keyUsage values. If null, no
-     * keyUsage check will be done. Note that an X509Certificate
+     * Sets the keyUsage criterion. The {@code X509Certificate}
+     * must allow the specified keyUsage values. If {@code null}, no
+     * keyUsage check will be done. Note that an {@code X509Certificate}
      * that has no keyUsage extension implicitly allows all keyUsage values.
      * 

      * Note that the boolean array supplied here is cloned to protect against
@@ -583,7 +583,7 @@
      * @param keyUsage a boolean array in the same format as the boolean
      *                 array returned by
      * {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}.
-     *                 Or null.
+     *                 Or {@code null}.
      * @see #getKeyUsage
      */
     public void setKeyUsage(boolean[] keyUsage) {
@@ -595,18 +595,18 @@
     }
 
     /**
-     * Sets the extendedKeyUsage criterion. The X509Certificate
+     * Sets the extendedKeyUsage criterion. The {@code X509Certificate}
      * must allow the specified key purposes in its extended key usage
-     * extension. If keyPurposeSet is empty or null,
+     * extension. If {@code keyPurposeSet} is empty or {@code null},
      * no extendedKeyUsage check will be done. Note that an
-     * X509Certificate that has no extendedKeyUsage extension
+     * {@code X509Certificate} that has no extendedKeyUsage extension
      * implicitly allows all key purposes.
      * 

-     * Note that the Set is cloned to protect against
+     * Note that the {@code Set} is cloned to protect against
      * subsequent modifications.
      *
-     * @param keyPurposeSet a Set of key purpose OIDs in string
-     * format (or null). Each OID is represented by a set of
+     * @param keyPurposeSet a {@code Set} of key purpose OIDs in string
+     * format (or {@code null}). Each OID is represented by a set of
      * nonnegative integers separated by periods.
      * @throws IOException if the OID is invalid, such as
      * the first component being not 0, 1 or 2 or the second component
@@ -632,15 +632,15 @@
      * specified in the {@link #setSubjectAlternativeNames
      * setSubjectAlternativeNames} or {@link #addSubjectAlternativeName
      * addSubjectAlternativeName} methods. If enabled,
-     * the X509Certificate must contain all of the
+     * the {@code X509Certificate} must contain all of the
      * specified subject alternative names. If disabled, the
-     * X509Certificate must contain at least one of the
+     * {@code X509Certificate} must contain at least one of the
      * specified subject alternative names.
      *
-     * 
The matchAllNames flag is true by default.
+     * 
The matchAllNames flag is {@code true} by default.
      *
-     * @param matchAllNames if true, the flag is enabled;
-     * if false, the flag is disabled.
+     * @param matchAllNames if {@code true}, the flag is enabled;
+     * if {@code false}, the flag is disabled.
      * @see #getMatchAllSubjectAltNames
      */
     public void setMatchAllSubjectAltNames(boolean matchAllNames) {
@@ -649,7 +649,7 @@
 
     /**
      * Sets the subjectAlternativeNames criterion. The
-     * X509Certificate must contain all or at least one of the
+     * {@code X509Certificate} must contain all or at least one of the
      * specified subjectAlternativeNames, depending on the value of
      * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
      * setMatchAllSubjectAltNames}).
@@ -659,19 +659,19 @@
      * subjectAlternativeNames criterion. The specified value replaces
      * the previous value for the subjectAlternativeNames criterion.
      * 

-     * The names parameter (if not null) is a
-     * Collection with one
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} with one
      * entry for each name to be included in the subject alternative name
-     * criterion. Each entry is a List whose first entry is an
-     * Integer (the name type, 0-8) and whose second
-     * entry is a String or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
-     * There can be multiple names of the same type. If null
+     * There can be multiple names of the same type. If {@code null}
      * is supplied as the value for this argument, no
      * subjectAlternativeNames check will be performed.
      * 

-     * Each subject alternative name in the Collection
-     * may be specified either as a String or as an ASN.1 encoded
+     * Each subject alternative name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addSubjectAlternativeName(int type, String name)
      * addSubjectAlternativeName(int type, String name)} and
@@ -682,15 +682,15 @@
      * array form instead of the String form. See the note in
      * {@link #addSubjectAlternativeName(int, String)} for more information.
      * 

-     * Note that the names parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * names (same name and name type), but they may be removed from the
-     * Collection of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getSubjectAlternativeNames getSubjectAlternativeNames} method.
      * 

-     * Note that a deep copy is performed on the Collection to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param names a Collection of names (or null)
+     * @param names a {@code Collection} of names (or {@code null})
      * @throws IOException if a parsing error occurs
      * @see #getSubjectAlternativeNames
      */
@@ -714,7 +714,7 @@
 
     /**
      * Adds a name to the subjectAlternativeNames criterion. The
-     * X509Certificate must contain all or at least one
+     * {@code X509Certificate} must contain all or at least one
      * of the specified subjectAlternativeNames, depending on the value of
      * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
      * setMatchAllSubjectAltNames}).
@@ -747,7 +747,7 @@
      *
      * @param type the name type (0-8, as specified in
      *             RFC 3280, section 4.2.1.7)
-     * @param name the name in string form (not null)
+     * @param name the name in string form (not {@code null})
      * @throws IOException if a parsing error occurs
      */
     public void addSubjectAlternativeName(int type, String name)
@@ -757,7 +757,7 @@
 
     /**
      * Adds a name to the subjectAlternativeNames criterion. The
-     * X509Certificate must contain all or at least one
+     * {@code X509Certificate} must contain all or at least one
      * of the specified subjectAlternativeNames, depending on the value of
      * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
      * setMatchAllSubjectAltNames}).
@@ -774,7 +774,7 @@
      * the encoded value of the name, and should not include the tag associated
      * with the name in the GeneralName structure. The ASN.1 definition of this
      * structure appears below.
-     * 

+     * 
{@code
      *  GeneralName ::= CHOICE {
      *       otherName                       [0]     OtherName,
      *       rfc822Name                      [1]     IA5String,
@@ -785,7 +785,7 @@
      *       uniformResourceIdentifier       [6]     IA5String,
      *       iPAddress                       [7]     OCTET STRING,
      *       registeredID                    [8]     OBJECT IDENTIFIER}
-     * 

+     * }

      * 

      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
@@ -802,7 +802,7 @@
 
     /**
      * A private method that adds a name (String or byte array) to the
-     * subjectAlternativeNames criterion. The X509Certificate
+     * subjectAlternativeNames criterion. The {@code X509Certificate}
      * must contain the specified subjectAlternativeName.
      *
      * @param type the name type (0-8, as specified in
@@ -829,19 +829,19 @@
 
     /**
      * Parse an argument of the form passed to setSubjectAlternativeNames,
-     * returning a Collection of
-     * GeneralNameInterfaces.
+     * returning a {@code Collection} of
+     * {@code GeneralNameInterface}s.
      * Throw an IllegalArgumentException or a ClassCastException
      * if the argument is malformed.
      *
      * @param names a Collection with one entry per name.
-     *              Each entry is a List whose first entry
+     *              Each entry is a {@code List} whose first entry
      *              is an Integer (the name type, 0-8) and whose second
      *              entry is a String or a byte array (the name, in
      *              string or ASN.1 DER encoded form, respectively).
      *              There can be multiple names of the same type. Null is
      *              not an acceptable value.
-     * @return a Set of GeneralNameInterfaces
+     * @return a Set of {@code GeneralNameInterface}s
      * @throws IOException if a parsing error occurs
      */
     private static Set parseNames(Collection> names) throws IOException {
@@ -865,8 +865,8 @@
     /**
      * Compare for equality two objects of the form passed to
      * setSubjectAlternativeNames (or X509CRLSelector.setIssuerNames).
-     * Throw an IllegalArgumentException or a
-     * ClassCastException if one of the objects is malformed.
+     * Throw an {@code IllegalArgumentException} or a
+     * {@code ClassCastException} if one of the objects is malformed.
      *
      * @param object1 a Collection containing the first object to compare
      * @param object2 a Collection containing the second object to compare
@@ -880,7 +880,7 @@
     }
 
     /**
-     * Make a GeneralNameInterface out of a name type (0-8) and an
+     * Make a {@code GeneralNameInterface} out of a name type (0-8) and an
      * Object that may be a byte array holding the ASN.1 DER encoded
      * name or a String form of the name.  Except for X.509
      * Distinguished Names, the String form of the name must not be the
@@ -989,7 +989,7 @@
 
 
     /**
-     * Sets the name constraints criterion. The X509Certificate
+     * Sets the name constraints criterion. The {@code X509Certificate}
      * must have subject and subject alternative names that
      * meet the specified name constraints.
      * 

@@ -998,7 +998,7 @@
      * would appear in the NameConstraints structure defined in RFC 3280
      * and X.509. The ASN.1 definition of this structure appears below.
      *
-     * 

+     * 
{@code
      *  NameConstraints ::= SEQUENCE {
      *       permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
      *       excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
@@ -1022,7 +1022,7 @@
      *       uniformResourceIdentifier       [6]     IA5String,
      *       iPAddress                       [7]     OCTET STRING,
      *       registeredID                    [8]     OBJECT IDENTIFIER}
-     * 

+     * }

      * 

      * Note that the byte array supplied here is cloned to protect against
      * subsequent modifications.
@@ -1031,7 +1031,7 @@
      *              a NameConstraints extension to be used for checking
      *              name constraints. Only the value of the extension is
      *              included, not the OID or criticality flag. Can be
-     *              null,
+     *              {@code null},
      *              in which case no name constraints check will be performed.
      * @throws IOException if a parsing error occurs
      * @see #getNameConstraints
@@ -1048,7 +1048,7 @@
 
     /**
      * Sets the basic constraints constraint. If the value is greater than or
-     * equal to zero, X509Certificates must include a
+     * equal to zero, {@code X509Certificates} must include a
      * basicConstraints extension with
      * a pathLen of at least this value. If the value is -2, only end-entity
      * certificates are accepted. If the value is -1, no check is done.
@@ -1070,18 +1070,18 @@
     }
 
     /**
-     * Sets the policy constraint. The X509Certificate must
+     * Sets the policy constraint. The {@code X509Certificate} must
      * include at least one of the specified policies in its certificate
-     * policies extension. If certPolicySet is empty, then the
-     * X509Certificate must include at least some specified policy
-     * in its certificate policies extension. If certPolicySet is
-     * null, no policy check will be performed.
+     * policies extension. If {@code certPolicySet} is empty, then the
+     * {@code X509Certificate} must include at least some specified policy
+     * in its certificate policies extension. If {@code certPolicySet} is
+     * {@code null}, no policy check will be performed.
      * 

-     * Note that the Set is cloned to protect against
+     * Note that the {@code Set} is cloned to protect against
      * subsequent modifications.
      *
-     * @param certPolicySet a Set of certificate policy OIDs in
-     *                      string format (or null). Each OID is
+     * @param certPolicySet a {@code Set} of certificate policy OIDs in
+     *                      string format (or {@code null}). Each OID is
      *                      represented by a set of nonnegative integers
      *                    separated by periods.
      * @throws IOException if a parsing error occurs on the OID such as
@@ -1115,12 +1115,12 @@
     }
 
     /**
-     * Sets the pathToNames criterion. The X509Certificate must
+     * Sets the pathToNames criterion. The {@code X509Certificate} must
      * not include name constraints that would prohibit building a
      * path to the specified names.
      * 

      * This method allows the caller to specify, with a single method call,
-     * the complete set of names which the X509Certificates's
+     * the complete set of names which the {@code X509Certificates}'s
      * name constraints must permit. The specified value replaces
      * the previous value for the pathToNames criterion.
      * 

@@ -1129,19 +1129,19 @@
      * built, any candidate certificate must not include name constraints that
      * would prohibit building a path to any of the names in the partial path.
      * 

-     * The names parameter (if not null) is a
-     * Collection with one
+     * The {@code names} parameter (if not {@code null}) is a
+     * {@code Collection} with one
      * entry for each name to be included in the pathToNames
-     * criterion. Each entry is a List whose first entry is an
-     * Integer (the name type, 0-8) and whose second
-     * entry is a String or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
-     * There can be multiple names of the same type. If null
+     * There can be multiple names of the same type. If {@code null}
      * is supplied as the value for this argument, no
      * pathToNames check will be performed.
      * 

-     * Each name in the Collection
-     * may be specified either as a String or as an ASN.1 encoded
+     * Each name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addPathToName(int type, String name)
      * addPathToName(int type, String name)} and
@@ -1152,16 +1152,16 @@
      * array form instead of the String form. See the note in
      * {@link #addPathToName(int, String)} for more information.
      * 

-     * Note that the names parameter can contain duplicate
+     * Note that the {@code names} parameter can contain duplicate
      * names (same name and name type), but they may be removed from the
-     * Collection of names returned by the
+     * {@code Collection} of names returned by the
      * {@link #getPathToNames getPathToNames} method.
      * 

-     * Note that a deep copy is performed on the Collection to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @param names a Collection with one entry per name
-     *              (or null)
+     * @param names a {@code Collection} with one entry per name
+     *              (or {@code null})
      * @throws IOException if a parsing error occurs
      * @see #getPathToNames
      */
@@ -1186,12 +1186,12 @@
     }
 
     /**
-     * Adds a name to the pathToNames criterion. The X509Certificate
+     * Adds a name to the pathToNames criterion. The {@code X509Certificate}
      * must not include name constraints that would prohibit building a
      * path to the specified name.
      * 

      * This method allows the caller to add a name to the set of names which
-     * the X509Certificates's name constraints must permit.
+     * the {@code X509Certificates}'s name constraints must permit.
      * The specified name is added to any previous value for the
      * pathToNames criterion.  If the name is a duplicate, it may be ignored.
      * 

@@ -1223,12 +1223,12 @@
     }
 
     /**
-     * Adds a name to the pathToNames criterion. The X509Certificate
+     * Adds a name to the pathToNames criterion. The {@code X509Certificate}
      * must not include name constraints that would prohibit building a
      * path to the specified name.
      * 

      * This method allows the caller to add a name to the set of names which
-     * the X509Certificates's name constraints must permit.
+     * the {@code X509Certificates}'s name constraints must permit.
      * The specified name is added to any previous value for the
      * pathToNames criterion. If the name is a duplicate, it may be ignored.
      * 

@@ -1254,7 +1254,7 @@
 
     /**
      * A private method that adds a name (String or byte array) to the
-     * pathToNames criterion. The X509Certificate must contain
+     * pathToNames criterion. The {@code X509Certificate} must contain
      * the specified pathToName.
      *
      * @param type the name type (0-8, as specified in
@@ -1279,11 +1279,11 @@
 
     /**
      * Returns the certificateEquals criterion. The specified
-     * X509Certificate must be equal to the
-     * X509Certificate passed to the match method.
-     * If null, this check is not applied.
+     * {@code X509Certificate} must be equal to the
+     * {@code X509Certificate} passed to the {@code match} method.
+     * If {@code null}, this check is not applied.
      *
-     * @return the X509Certificate to match (or null)
+     * @return the {@code X509Certificate} to match (or {@code null})
      * @see #setCertificate
      */
     public X509Certificate getCertificate() {
@@ -1293,11 +1293,11 @@
     /**
      * Returns the serialNumber criterion. The specified serial number
      * must match the certificate serial number in the
-     * X509Certificate. If null, any certificate
+     * {@code X509Certificate}. If {@code null}, any certificate
      * serial number will do.
      *
      * @return the certificate serial number to match
-     *                (or null)
+     *                (or {@code null})
      * @see #setSerialNumber
      */
     public BigInteger getSerialNumber() {
@@ -1305,13 +1305,13 @@
     }
 
     /**
-     * Returns the issuer criterion as an X500Principal. This
+     * Returns the issuer criterion as an {@code X500Principal}. This
      * distinguished name must match the issuer distinguished name in the
-     * X509Certificate. If null, the issuer criterion
+     * {@code X509Certificate}. If {@code null}, the issuer criterion
      * is disabled and any issuer distinguished name will do.
      *
      * @return the required issuer distinguished name as X500Principal
-     *         (or null)
+     *         (or {@code null})
      * @since 1.5
      */
     public X500Principal getIssuer() {
@@ -1325,16 +1325,16 @@
      * encoding information in the RFC 2253 String form of some distinguished
      * names.
      * 

-     * Returns the issuer criterion as a String. This
+     * Returns the issuer criterion as a {@code String}. This
      * distinguished name must match the issuer distinguished name in the
-     * X509Certificate. If null, the issuer criterion
+     * {@code X509Certificate}. If {@code null}, the issuer criterion
      * is disabled and any issuer distinguished name will do.
      * 

-     * If the value returned is not null, it is a
+     * If the value returned is not {@code null}, it is a
      * distinguished name, in RFC 2253 format.
      *
      * @return the required issuer distinguished name in RFC 2253 format
-     *         (or null)
+     *         (or {@code null})
      */
     public String getIssuerAsString() {
         return (issuer == null ? null : issuer.getName());
@@ -1343,10 +1343,10 @@
     /**
      * Returns the issuer criterion as a byte array. This distinguished name
      * must match the issuer distinguished name in the
-     * X509Certificate. If null, the issuer criterion
+     * {@code X509Certificate}. If {@code null}, the issuer criterion
      * is disabled and any issuer distinguished name will do.
      * 

-     * If the value returned is not null, it is a byte
+     * If the value returned is not {@code null}, it is a byte
      * array containing a single DER encoded distinguished name, as defined in
      * X.501. The ASN.1 notation for this structure is supplied in the
      * documentation for
@@ -1356,7 +1356,7 @@
      * subsequent modifications.
      *
      * @return a byte array containing the required issuer distinguished name
-     *         in ASN.1 DER format (or null)
+     *         in ASN.1 DER format (or {@code null})
      * @throws IOException if an encoding error occurs
      */
     public byte[] getIssuerAsBytes() throws IOException {
@@ -1364,13 +1364,13 @@
     }
 
     /**
-     * Returns the subject criterion as an X500Principal. This
+     * Returns the subject criterion as an {@code X500Principal}. This
      * distinguished name must match the subject distinguished name in the
-     * X509Certificate. If null, the subject criterion
+     * {@code X509Certificate}. If {@code null}, the subject criterion
      * is disabled and any subject distinguished name will do.
      *
      * @return the required subject distinguished name as X500Principal
-     *         (or null)
+     *         (or {@code null})
      * @since 1.5
      */
     public X500Principal getSubject() {
@@ -1384,16 +1384,16 @@
      * encoding information in the RFC 2253 String form of some distinguished
      * names.
      * 

-     * Returns the subject criterion as a String. This
+     * Returns the subject criterion as a {@code String}. This
      * distinguished name must match the subject distinguished name in the
-     * X509Certificate. If null, the subject criterion
+     * {@code X509Certificate}. If {@code null}, the subject criterion
      * is disabled and any subject distinguished name will do.
      * 

-     * If the value returned is not null, it is a
+     * If the value returned is not {@code null}, it is a
      * distinguished name, in RFC 2253 format.
      *
      * @return the required subject distinguished name in RFC 2253 format
-     *         (or null)
+     *         (or {@code null})
      */
     public String getSubjectAsString() {
         return (subject == null ? null : subject.getName());
@@ -1402,10 +1402,10 @@
     /**
      * Returns the subject criterion as a byte array. This distinguished name
      * must match the subject distinguished name in the
-     * X509Certificate. If null, the subject criterion
+     * {@code X509Certificate}. If {@code null}, the subject criterion
      * is disabled and any subject distinguished name will do.
      * 

-     * If the value returned is not null, it is a byte
+     * If the value returned is not {@code null}, it is a byte
      * array containing a single DER encoded distinguished name, as defined in
      * X.501. The ASN.1 notation for this structure is supplied in the
      * documentation for
@@ -1415,7 +1415,7 @@
      * subsequent modifications.
      *
      * @return a byte array containing the required subject distinguished name
-     *         in ASN.1 DER format (or null)
+     *         in ASN.1 DER format (or {@code null})
      * @throws IOException if an encoding error occurs
      */
     public byte[] getSubjectAsBytes() throws IOException {
@@ -1424,14 +1424,14 @@
 
     /**
      * Returns the subjectKeyIdentifier criterion. The
-     * X509Certificate must contain a SubjectKeyIdentifier
-     * extension with the specified value. If null, no
+     * {@code X509Certificate} must contain a SubjectKeyIdentifier
+     * extension with the specified value. If {@code null}, no
      * subjectKeyIdentifier check will be done.
      * 

      * Note that the byte array returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the key identifier (or null)
+     * @return the key identifier (or {@code null})
      * @see #setSubjectKeyIdentifier
      */
     public byte[] getSubjectKeyIdentifier() {
@@ -1443,14 +1443,14 @@
 
     /**
      * Returns the authorityKeyIdentifier criterion. The
-     * X509Certificate must contain a AuthorityKeyIdentifier
-     * extension with the specified value. If null, no
+     * {@code X509Certificate} must contain a AuthorityKeyIdentifier
+     * extension with the specified value. If {@code null}, no
      * authorityKeyIdentifier check will be done.
      * 

      * Note that the byte array returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the key identifier (or null)
+     * @return the key identifier (or {@code null})
      * @see #setAuthorityKeyIdentifier
      */
     public byte[] getAuthorityKeyIdentifier() {
@@ -1463,13 +1463,13 @@
     /**
      * Returns the certificateValid criterion. The specified date must fall
      * within the certificate validity period for the
-     * X509Certificate. If null, no certificateValid
+     * {@code X509Certificate}. If {@code null}, no certificateValid
      * check will be done.
      * 

-     * Note that the Date returned is cloned to protect against
+     * Note that the {@code Date} returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the Date to check (or null)
+     * @return the {@code Date} to check (or {@code null})
      * @see #setCertificateValid
      */
     public Date getCertificateValid() {
@@ -1482,13 +1482,13 @@
     /**
      * Returns the privateKeyValid criterion. The specified date must fall
      * within the private key validity period for the
-     * X509Certificate. If null, no privateKeyValid
+     * {@code X509Certificate}. If {@code null}, no privateKeyValid
      * check will be done.
      * 

-     * Note that the Date returned is cloned to protect against
+     * Note that the {@code Date} returned is cloned to protect against
      * subsequent modifications.
      *
-     * @return the Date to check (or null)
+     * @return the {@code Date} to check (or {@code null})
      * @see #setPrivateKeyValid
      */
     public Date getPrivateKeyValid() {
@@ -1500,12 +1500,12 @@
 
     /**
      * Returns the subjectPublicKeyAlgID criterion. The
-     * X509Certificate must contain a subject public key
-     * with the specified algorithm. If null, no
+     * {@code X509Certificate} must contain a subject public key
+     * with the specified algorithm. If {@code null}, no
      * subjectPublicKeyAlgID check will be done.
      *
      * @return the object identifier (OID) of the signature algorithm to check
-     *         for (or null). An OID is represented by a set of
+     *         for (or {@code null}). An OID is represented by a set of
      *         nonnegative integers separated by periods.
      * @see #setSubjectPublicKeyAlgID
      */
@@ -1518,10 +1518,10 @@
 
     /**
      * Returns the subjectPublicKey criterion. The
-     * X509Certificate must contain the specified subject
-     * public key. If null, no subjectPublicKey check will be done.
+     * {@code X509Certificate} must contain the specified subject
+     * public key. If {@code null}, no subjectPublicKey check will be done.
      *
-     * @return the subject public key to check for (or null)
+     * @return the subject public key to check for (or {@code null})
      * @see #setSubjectPublicKey
      */
     public PublicKey getSubjectPublicKey() {
@@ -1529,7 +1529,7 @@
     }
 
     /**
-     * Returns the keyUsage criterion. The X509Certificate
+     * Returns the keyUsage criterion. The {@code X509Certificate}
      * must allow the specified keyUsage values. If null, no keyUsage
      * check will be done.
      * 

@@ -1539,7 +1539,7 @@
      * @return a boolean array in the same format as the boolean
      *                 array returned by
      * {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}.
-     *                 Or null.
+     *                 Or {@code null}.
      * @see #setKeyUsage
      */
     public boolean[] getKeyUsage() {
@@ -1550,15 +1550,15 @@
     }
 
     /**
-     * Returns the extendedKeyUsage criterion. The X509Certificate
+     * Returns the extendedKeyUsage criterion. The {@code X509Certificate}
      * must allow the specified key purposes in its extended key usage
-     * extension. If the keyPurposeSet returned is empty or
-     * null, no extendedKeyUsage check will be done. Note that an
-     * X509Certificate that has no extendedKeyUsage extension
+     * extension. If the {@code keyPurposeSet} returned is empty or
+     * {@code null}, no extendedKeyUsage check will be done. Note that an
+     * {@code X509Certificate} that has no extendedKeyUsage extension
      * implicitly allows all key purposes.
      *
-     * @return an immutable Set of key purpose OIDs in string
-     * format (or null)
+     * @return an immutable {@code Set} of key purpose OIDs in string
+     * format (or {@code null})
      * @see #setExtendedKeyUsage
      */
     public Set getExtendedKeyUsage() {
@@ -1566,19 +1566,19 @@
     }
 
     /**
-     * Indicates if the X509Certificate must contain all
+     * Indicates if the {@code X509Certificate} must contain all
      * or at least one of the subjectAlternativeNames
      * specified in the {@link #setSubjectAlternativeNames
      * setSubjectAlternativeNames} or {@link #addSubjectAlternativeName
-     * addSubjectAlternativeName} methods. If true,
-     * the X509Certificate must contain all of the
-     * specified subject alternative names. If false, the
-     * X509Certificate must contain at least one of the
+     * addSubjectAlternativeName} methods. If {@code true},
+     * the {@code X509Certificate} must contain all of the
+     * specified subject alternative names. If {@code false}, the
+     * {@code X509Certificate} must contain at least one of the
      * specified subject alternative names.
      *
-     * @return true if the flag is enabled;
-     * false if the flag is disabled. The flag is
-     * true by default.
+     * @return {@code true} if the flag is enabled;
+     * {@code false} if the flag is disabled. The flag is
+     * {@code true} by default.
      * @see #setMatchAllSubjectAltNames
      */
     public boolean getMatchAllSubjectAltNames() {
@@ -1587,35 +1587,35 @@
 
     /**
      * Returns a copy of the subjectAlternativeNames criterion.
-     * The X509Certificate must contain all or at least one
+     * The {@code X509Certificate} must contain all or at least one
      * of the specified subjectAlternativeNames, depending on the value
      * of the matchAllNames flag (see {@link #getMatchAllSubjectAltNames
      * getMatchAllSubjectAltNames}). If the value returned is
-     * null, no subjectAlternativeNames check will be performed.
+     * {@code null}, no subjectAlternativeNames check will be performed.
      * 

-     * If the value returned is not null, it is a
-     * Collection with
+     * If the value returned is not {@code null}, it is a
+     * {@code Collection} with
      * one entry for each name to be included in the subject alternative name
-     * criterion. Each entry is a List whose first entry is an
-     * Integer (the name type, 0-8) and whose second
-     * entry is a String or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
      * There can be multiple names of the same type.  Note that the
-     * Collection returned may contain duplicate names (same name
+     * {@code Collection} returned may contain duplicate names (same name
      * and name type).
      * 

-     * Each subject alternative name in the Collection
-     * may be specified either as a String or as an ASN.1 encoded
+     * Each subject alternative name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addSubjectAlternativeName(int type, String name)
      * addSubjectAlternativeName(int type, String name)} and
      * {@link #addSubjectAlternativeName(int type, byte [] name)
      * addSubjectAlternativeName(int type, byte [] name)}.
      * 

-     * Note that a deep copy is performed on the Collection to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @return a Collection of names (or null)
+     * @return a {@code Collection} of names (or {@code null})
      * @see #setSubjectAlternativeNames
      */
     public Collection> getSubjectAlternativeNames() {
@@ -1628,21 +1628,21 @@
     /**
      * Clone an object of the form passed to
      * setSubjectAlternativeNames and setPathToNames.
-     * Throw a RuntimeException if the argument is malformed.
+     * Throw a {@code RuntimeException} if the argument is malformed.
      * 

      * This method wraps cloneAndCheckNames, changing any
-     * IOException into a RuntimeException. This
+     * {@code IOException} into a {@code RuntimeException}. This
      * method should be used when the object being
      * cloned has already been checked, so there should never be any exceptions.
      *
-     * @param names a Collection with one entry per name.
-     *              Each entry is a List whose first entry
+     * @param names a {@code Collection} with one entry per name.
+     *              Each entry is a {@code List} whose first entry
      *              is an Integer (the name type, 0-8) and whose second
      *              entry is a String or a byte array (the name, in
      *              string or ASN.1 DER encoded form, respectively).
      *              There can be multiple names of the same type. Null
      *              is not an acceptable value.
-     * @return a deep copy of the specified Collection
+     * @return a deep copy of the specified {@code Collection}
      * @throws RuntimeException if a parsing error occurs
      */
     private static Set> cloneNames(Collection> names) {
@@ -1657,16 +1657,16 @@
     /**
      * Clone and check an argument of the form passed to
      * setSubjectAlternativeNames and setPathToNames.
-     * Throw an IOException if the argument is malformed.
+     * Throw an {@code IOException} if the argument is malformed.
      *
-     * @param names a Collection with one entry per name.
-     *              Each entry is a List whose first entry
+     * @param names a {@code Collection} with one entry per name.
+     *              Each entry is a {@code List} whose first entry
      *              is an Integer (the name type, 0-8) and whose second
      *              entry is a String or a byte array (the name, in
      *              string or ASN.1 DER encoded form, respectively).
      *              There can be multiple names of the same type.
-     *              null is not an acceptable value.
-     * @return a deep copy of the specified Collection
+     *              {@code null} is not an acceptable value.
+     * @return a deep copy of the specified {@code Collection}
      * @throws IOException if a parsing error occurs
      */
     private static Set> cloneAndCheckNames(Collection> names) throws IOException {
@@ -1709,7 +1709,7 @@
     }
 
     /**
-     * Returns the name constraints criterion. The X509Certificate
+     * Returns the name constraints criterion. The {@code X509Certificate}
      * must have subject and subject alternative names that
      * meet the specified name constraints.
      * 

@@ -1725,7 +1725,7 @@
      *
      * @return a byte array containing the ASN.1 DER encoding of
      *         a NameConstraints extension used for checking name constraints.
-     *         null if no name constraints check will be performed.
+     *         {@code null} if no name constraints check will be performed.
      * @see #setNameConstraints
      */
     public byte[] getNameConstraints() {
@@ -1738,7 +1738,7 @@
 
     /**
      * Returns the basic constraints constraint. If the value is greater than
-     * or equal to zero, the X509Certificates must include a
+     * or equal to zero, the {@code X509Certificates} must include a
      * basicConstraints extension with a pathLen of at least this value.
      * If the value is -2, only end-entity certificates are accepted. If
      * the value is -1, no basicConstraints check is done.
@@ -1751,15 +1751,15 @@
     }
 
     /**
-     * Returns the policy criterion. The X509Certificate must
+     * Returns the policy criterion. The {@code X509Certificate} must
      * include at least one of the specified policies in its certificate policies
-     * extension. If the Set returned is empty, then the
-     * X509Certificate must include at least some specified policy
-     * in its certificate policies extension. If the Set returned is
-     * null, no policy check will be performed.
+     * extension. If the {@code Set} returned is empty, then the
+     * {@code X509Certificate} must include at least some specified policy
+     * in its certificate policies extension. If the {@code Set} returned is
+     * {@code null}, no policy check will be performed.
      *
-     * @return an immutable Set of certificate policy OIDs in
-     *         string format (or null)
+     * @return an immutable {@code Set} of certificate policy OIDs in
+     *         string format (or {@code null})
      * @see #setPolicy
      */
     public Set getPolicy() {
@@ -1768,33 +1768,33 @@
 
     /**
      * Returns a copy of the pathToNames criterion. The
-     * X509Certificate must not include name constraints that would
+     * {@code X509Certificate} must not include name constraints that would
      * prohibit building a path to the specified names. If the value
-     * returned is null, no pathToNames check will be performed.
+     * returned is {@code null}, no pathToNames check will be performed.
      * 

-     * If the value returned is not null, it is a
-     * Collection with one
+     * If the value returned is not {@code null}, it is a
+     * {@code Collection} with one
      * entry for each name to be included in the pathToNames
-     * criterion. Each entry is a List whose first entry is an
-     * Integer (the name type, 0-8) and whose second
-     * entry is a String or a byte array (the name, in
+     * criterion. Each entry is a {@code List} whose first entry is an
+     * {@code Integer} (the name type, 0-8) and whose second
+     * entry is a {@code String} or a byte array (the name, in
      * string or ASN.1 DER encoded form, respectively).
      * There can be multiple names of the same type. Note that the
-     * Collection returned may contain duplicate names (same
+     * {@code Collection} returned may contain duplicate names (same
      * name and name type).
      * 

-     * Each name in the Collection
-     * may be specified either as a String or as an ASN.1 encoded
+     * Each name in the {@code Collection}
+     * may be specified either as a {@code String} or as an ASN.1 encoded
      * byte array. For more details about the formats used, see
      * {@link #addPathToName(int type, String name)
      * addPathToName(int type, String name)} and
      * {@link #addPathToName(int type, byte [] name)
      * addPathToName(int type, byte [] name)}.
      * 

-     * Note that a deep copy is performed on the Collection to
+     * Note that a deep copy is performed on the {@code Collection} to
      * protect against subsequent modifications.
      *
-     * @return a Collection of names (or null)
+     * @return a {@code Collection} of names (or {@code null})
      * @see #setPathToNames
      */
     public Collection> getPathToNames() {
@@ -1805,10 +1805,10 @@
     }
 
     /**
-     * Return a printable representation of the CertSelector.
+     * Return a printable representation of the {@code CertSelector}.
      *
-     * @return a String describing the contents of the
-     *         CertSelector
+     * @return a {@code String} describing the contents of the
+     *         {@code CertSelector}
      */
     public String toString() {
         StringBuffer sb = new StringBuffer();
@@ -1927,22 +1927,22 @@
 
     /**
      * Returns an Extension object given any X509Certificate and extension oid.
-     * Throw an IOException if the extension byte value is
+     * Throw an {@code IOException} if the extension byte value is
      * malformed.
      *
-     * @param cert a X509Certificate
-     * @param extId an integer which specifies the extension index.
+     * @param cert a {@code X509Certificate}
+     * @param extId an {@code integer} which specifies the extension index.
      * Currently, the supported extensions are as follows:
      * index 0 - PrivateKeyUsageExtension
      * index 1 - SubjectAlternativeNameExtension
      * index 2 - NameConstraintsExtension
      * index 3 - CertificatePoliciesExtension
      * index 4 - ExtendedKeyUsageExtension
-     * @return an Extension object whose real type is as specified
+     * @return an {@code Extension} object whose real type is as specified
      * by the extension oid.
-     * @throws IOException if cannot construct the Extension
+     * @throws IOException if cannot construct the {@code Extension}
      * object with the extension encoding retrieved from the passed in
-     * X509Certificate.
+     * {@code X509Certificate}.
      */
     private static Extension getExtensionObject(X509Certificate cert, int extId)
             throws IOException {
@@ -1990,11 +1990,11 @@
     }
 
     /**
-     * Decides whether a Certificate should be selected.
+     * Decides whether a {@code Certificate} should be selected.
      *
-     * @param cert the Certificate to be checked
-     * @return true if the Certificate should be
-     *         selected, false otherwise
+     * @param cert the {@code Certificate} to be checked
+     * @return {@code true} if the {@code Certificate} should be
+     *         selected, {@code false} otherwise
      */
     public boolean match(Certificate cert) {
         if (!(cert instanceof X509Certificate)) {
diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/X509Certificate.java
--- a/jdk/src/share/classes/java/security/cert/X509Certificate.java	Tue Jun 25 20:06:09 2013 +0100
+++ b/jdk/src/share/classes/java/security/cert/X509Certificate.java	Tue Jun 25 14:31:29 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -66,7 +66,7 @@
  * RFC 3280: Internet X.509
  * Public Key Infrastructure Certificate and CRL Profile.
  * 

- * The ASN.1 definition of tbsCertificate is:
+ * The ASN.1 definition of {@code tbsCertificate} is:
  * 
  * TBSCertificate  ::=  SEQUENCE  {
  *     version         [0]  EXPLICIT Version DEFAULT v1,
@@ -151,9 +151,9 @@
      *        is valid at that date/time.
      *
      * @exception CertificateExpiredException if the certificate has expired
-     * with respect to the date supplied.
+     * with respect to the {@code date} supplied.
      * @exception CertificateNotYetValidException if the certificate is not
-     * yet valid with respect to the date supplied.
+     * yet valid with respect to the {@code date} supplied.
      *
      * @see #checkValidity()
      */
@@ -161,7 +161,7 @@
         throws CertificateExpiredException, CertificateNotYetValidException;
 
     /**
-     * Gets the version (version number) value from the
+     * Gets the {@code version} (version number) value from the
      * certificate.
      * The ASN.1 definition for this is:
      * 
@@ -173,7 +173,7 @@
     public abstract int getVersion();
 
     /**
-     * Gets the serialNumber value from the certificate.
+     * Gets the {@code serialNumber} value from the certificate.
      * The serial number is an integer assigned by the certification
      * authority to each certificate. It must be unique for each
      * certificate issued by a given CA (i.e., the issuer name and
@@ -191,12 +191,12 @@
 
     /**
      * Denigrated, replaced by {@linkplain
-     * #getIssuerX500Principal()}. This method returns the issuer
+     * #getIssuerX500Principal()}. This method returns the {@code issuer}
      * as an implementation specific Principal object, which should not be
      * relied upon by portable code.
      *
      * 

-     * Gets the issuer (issuer distinguished name) value from
+     * Gets the {@code issuer} (issuer distinguished name) value from
      * the certificate. The issuer name identifies the entity that signed (and
      * issued) the certificate.
      *
@@ -217,14 +217,14 @@
      * AttributeType ::= OBJECT IDENTIFIER
      * AttributeValue ::= ANY
      * 

-     * The Name describes a hierarchical name composed of
+     * The {@code Name} describes a hierarchical name composed of
      * attributes,
      * such as country name, and corresponding values, such as US.
-     * The type of the AttributeValue component is determined by
-     * the AttributeType; in general it will be a
-     * directoryString. A directoryString is usually
-     * one of PrintableString,
-     * TeletexString or UniversalString.
+     * The type of the {@code AttributeValue} component is determined by
+     * the {@code AttributeType}; in general it will be a
+     * {@code directoryString}. A {@code directoryString} is usually
+     * one of {@code PrintableString},
+     * {@code TeletexString} or {@code UniversalString}.
      *
      * @return a Principal whose name is the issuer distinguished name.
      */
@@ -232,11 +232,11 @@
 
     /**
      * Returns the issuer (issuer distinguished name) value from the
-     * certificate as an X500Principal.
+     * certificate as an {@code X500Principal}.
      * 

      * It is recommended that subclasses override this method.
      *
-     * @return an X500Principal representing the issuer
+     * @return an {@code X500Principal} representing the issuer
      *          distinguished name
      * @since 1.4
      */
@@ -249,22 +249,22 @@
 
     /**
      * Denigrated, replaced by {@linkplain
-     * #getSubjectX500Principal()}. This method returns the subject
+     * #getSubjectX500Principal()}. This method returns the {@code subject}
      * as an implementation specific Principal object, which should not be
      * relied upon by portable code.
      *
      * 

-     * Gets the subject (subject distinguished name) value
-     * from the certificate.  If the subject value is empty,
-     * then the getName() method of the returned
-     * Principal object returns an empty string ("").
+     * Gets the {@code subject} (subject distinguished name) value
+     * from the certificate.  If the {@code subject} value is empty,
+     * then the {@code getName()} method of the returned
+     * {@code Principal} object returns an empty string ("").
      *
      * 
 The ASN.1 definition for this is:
      * 
      * subject    Name
      * 

      *
-     * 
See {@link #getIssuerDN() getIssuerDN} for Name
+     * 
See {@link #getIssuerDN() getIssuerDN} for {@code Name}
      * and other relevant definitions.
      *
      * @return a Principal whose name is the subject name.
@@ -273,13 +273,13 @@
 
     /**
      * Returns the subject (subject distinguished name) value from the
-     * certificate as an X500Principal.  If the subject value
-     * is empty, then the getName() method of the returned
-     * X500Principal object returns an empty string ("").
+     * certificate as an {@code X500Principal}.  If the subject value
+     * is empty, then the {@code getName()} method of the returned
+     * {@code X500Principal} object returns an empty string ("").
      * 

      * It is recommended that subclasses override this method.
      *
-     * @return an X500Principal representing the subject
+     * @return an {@code X500Principal} representing the subject
      *          distinguished name
      * @since 1.4
      */
@@ -291,7 +291,7 @@
     }
 
     /**
-     * Gets the notBefore date from the validity period of
+     * Gets the {@code notBefore} date from the validity period of
      * the certificate.
      * The relevant ASN.1 definitions are:
      * 
@@ -311,7 +311,7 @@
     public abstract Date getNotBefore();
 
     /**
-     * Gets the notAfter date from the validity period of
+     * Gets the {@code notAfter} date from the validity period of
      * the certificate. See {@link #getNotBefore() getNotBefore}
      * for relevant ASN.1 definitions.
      *
@@ -322,7 +322,7 @@
 
     /**
      * Gets the DER-encoded certificate information, the
-     * tbsCertificate from this certificate.
+     * {@code tbsCertificate} from this certificate.
      * This can be used to verify the signature independently.
      *
      * @return the DER-encoded certificate information.
@@ -332,7 +332,7 @@
         throws CertificateEncodingException;
 
     /**
-     * Gets the signature value (the raw signature bits) from
+     * Gets the {@code signature} value (the raw signature bits) from
      * the certificate.
      * The ASN.1 definition for this is:
      * 
@@ -357,7 +357,7 @@
      *                             -- algorithm object identifier value
      * 

      *
-     * 
The algorithm name is determined from the algorithm
+     * 
The algorithm name is determined from the {@code algorithm}
      * OID string.
      *
      * @return the signature algorithm name.
@@ -400,7 +400,7 @@
     public abstract byte[] getSigAlgParams();
 
     /**
-     * Gets the issuerUniqueID value from the certificate.
+     * Gets the {@code issuerUniqueID} value from the certificate.
      * The issuer unique identifier is present in the certificate
      * to handle the possibility of reuse of issuer names over time.
      * RFC 3280 recommends that names not be reused and that
@@ -420,7 +420,7 @@
     public abstract boolean[] getIssuerUniqueID();
 
     /**
-     * Gets the subjectUniqueID value from the certificate.
+     * Gets the {@code subjectUniqueID} value from the certificate.
      *
      * 
The ASN.1 definition for this is:
      * 
@@ -435,7 +435,7 @@
 
     /**
      * Gets a boolean array representing bits of
-     * the KeyUsage extension, (OID = 2.5.29.15).
+     * the {@code KeyUsage} extension, (OID = 2.5.29.15).
      * The key usage extension defines the purpose (e.g., encipherment,
      * signature, certificate signing) of the key contained in the
      * certificate.
@@ -467,7 +467,7 @@
 
     /**
      * Gets an unmodifiable list of Strings representing the OBJECT
-     * IDENTIFIERs of the ExtKeyUsageSyntax field of the
+     * IDENTIFIERs of the {@code ExtKeyUsageSyntax} field of the
      * extended key usage extension, (OID = 2.5.29.37).  It indicates
      * one or more purposes for which the certified public key may be
      * used, in addition to or in place of the basic purposes
@@ -486,7 +486,7 @@
      * 

      * This method was added to version 1.4 of the Java 2 Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not abstract
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation. Subclasses
      * should override this method with a correct implementation.
      *
@@ -503,13 +503,13 @@
 
     /**
      * Gets the certificate constraints path length from the
-     * critical BasicConstraints extension, (OID = 2.5.29.19).
+     * critical {@code BasicConstraints} extension, (OID = 2.5.29.19).
      * 

      * The basic constraints extension identifies whether the subject
      * of the certificate is a Certificate Authority (CA) and
      * how deep a certification path may exist through that CA. The
-     * pathLenConstraint field (see below) is meaningful
-     * only if cA is set to TRUE. In this case, it gives the
+     * {@code pathLenConstraint} field (see below) is meaningful
+     * only if {@code cA} is set to TRUE. In this case, it gives the
      * maximum number of CA certificates that may follow this certificate in a
      * certification path. A value of zero indicates that only an end-entity
      * certificate may follow in the path.
@@ -521,21 +521,21 @@
      *     pathLenConstraint   INTEGER (0..MAX) OPTIONAL }
      * 

      *
-     * @return the value of pathLenConstraint if the
+     * @return the value of {@code pathLenConstraint} if the
      * BasicConstraints extension is present in the certificate and the
      * subject of the certificate is a CA, otherwise -1.
      * If the subject of the certificate is a CA and
-     * pathLenConstraint does not appear,
-     * Integer.MAX_VALUE is returned to indicate that there is no
+     * {@code pathLenConstraint} does not appear,
+     * {@code Integer.MAX_VALUE} is returned to indicate that there is no
      * limit to the allowed length of the certification path.
      */
     public abstract int getBasicConstraints();
 
     /**
      * Gets an immutable collection of subject alternative names from the
-     * SubjectAltName extension, (OID = 2.5.29.17).
+     * {@code SubjectAltName} extension, (OID = 2.5.29.17).
      * 

-     * The ASN.1 definition of the SubjectAltName extension is:
+     * The ASN.1 definition of the {@code SubjectAltName} extension is:
      * 
      * SubjectAltName ::= GeneralNames
      *
@@ -553,23 +553,23 @@
      *      registeredID                    [8]     OBJECT IDENTIFIER}
      * 

      * 

-     * If this certificate does not contain a SubjectAltName
-     * extension, null is returned. Otherwise, a
-     * Collection is returned with an entry representing each
-     * GeneralName included in the extension. Each entry is a
-     * List whose first entry is an Integer
-     * (the name type, 0-8) and whose second entry is a String
+     * If this certificate does not contain a {@code SubjectAltName}
+     * extension, {@code null} is returned. Otherwise, a
+     * {@code Collection} is returned with an entry representing each
+     * {@code GeneralName} included in the extension. Each entry is a
+     * {@code List} whose first entry is an {@code Integer}
+     * (the name type, 0-8) and whose second entry is a {@code String}
      * or a byte array (the name, in string or ASN.1 DER encoded form,
      * respectively).
      * 

      * RFC 822, DNS, and URI
-     * names are returned as Strings,
+     * names are returned as {@code String}s,
      * using the well-established string formats for those types (subject to
      * the restrictions included in RFC 3280). IPv4 address names are
      * returned using dotted quad notation. IPv6 address names are returned
      * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
      * representing the eight 16-bit pieces of the address. OID names are
-     * returned as Strings represented as a series of nonnegative
+     * returned as {@code String}s represented as a series of nonnegative
      * integers separated by periods. And directory names (distinguished names)
      * are returned in 
      * RFC 2253 string format. No standard string format is
@@ -577,19 +577,19 @@
      * other type of names. They are returned as byte arrays
      * containing the ASN.1 DER encoded form of the name.
      * 

-     * Note that the Collection returned may contain more
+     * Note that the {@code Collection} returned may contain more
      * than one name of the same type. Also, note that the returned
-     * Collection is immutable and any entries containing byte
+     * {@code Collection} is immutable and any entries containing byte
      * arrays are cloned to protect against subsequent modifications.
      * 

      * This method was added to version 1.4 of the Java 2 Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not abstract
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation. Subclasses
      * should override this method with a correct implementation.
      *
-     * @return an immutable Collection of subject alternative
-     * names (or null)
+     * @return an immutable {@code Collection} of subject alternative
+     * names (or {@code null})
      * @throws CertificateParsingException if the extension cannot be decoded
      * @since 1.4
      */
@@ -600,38 +600,38 @@
 
     /**
      * Gets an immutable collection of issuer alternative names from the
-     * IssuerAltName extension, (OID = 2.5.29.18).
+     * {@code IssuerAltName} extension, (OID = 2.5.29.18).
      * 

-     * The ASN.1 definition of the IssuerAltName extension is:
+     * The ASN.1 definition of the {@code IssuerAltName} extension is:
      * 
      * IssuerAltName ::= GeneralNames
      * 

-     * The ASN.1 definition of GeneralNames is defined
+     * The ASN.1 definition of {@code GeneralNames} is defined
      * in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}.
      * 

-     * If this certificate does not contain an IssuerAltName
-     * extension, null is returned. Otherwise, a
-     * Collection is returned with an entry representing each
-     * GeneralName included in the extension. Each entry is a
-     * List whose first entry is an Integer
-     * (the name type, 0-8) and whose second entry is a String
+     * If this certificate does not contain an {@code IssuerAltName}
+     * extension, {@code null} is returned. Otherwise, a
+     * {@code Collection} is returned with an entry representing each
+     * {@code GeneralName} included in the extension. Each entry is a
+     * {@code List} whose first entry is an {@code Integer}
+     * (the name type, 0-8) and whose second entry is a {@code String}
      * or a byte array (the name, in string or ASN.1 DER encoded form,
      * respectively). For more details about the formats used for each
-     * name type, see the getSubjectAlternativeNames method.
+     * name type, see the {@code getSubjectAlternativeNames} method.
      * 

-     * Note that the Collection returned may contain more
+     * Note that the {@code Collection} returned may contain more
      * than one name of the same type. Also, note that the returned
-     * Collection is immutable and any entries containing byte
+     * {@code Collection} is immutable and any entries containing byte
      * arrays are cloned to protect against subsequent modifications.
      * 

      * This method was added to version 1.4 of the Java 2 Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not abstract
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation. Subclasses
      * should override this method with a correct implementation.
      *
-     * @return an immutable Collection of issuer alternative
-     * names (or null)
+     * @return an immutable {@code Collection} of issuer alternative
+     * names (or {@code null})
      * @throws CertificateParsingException if the extension cannot be decoded
      * @since 1.4
      */
@@ -649,7 +649,7 @@
      *
      * This method was added to version 1.8 of the Java Platform Standard
      * Edition. In order to maintain backwards compatibility with existing
-     * service providers, this method is not abstract
+     * service providers, this method is not {@code abstract}
      * and it provides a default implementation.
      *
      * @param key the PublicKey used to carry out the verification.
diff -r 6d0f51c99930 -r 882a3948c6e6 jdk/src/share/classes/java/security/cert/X509Extension.java
--- a/jdk/src/share/classes/java/security/cert/X509Extension.java	Tue Jun 25 20:06:09 2013 +0100
+++ b/jdk/src/share/classes/java/security/cert/X509Extension.java	Tue Jun 25 14:31:29 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,9 +59,9 @@
  *                   -- the extnId object identifier value
  * }
  * 

- * Since not all extensions are known, the getExtensionValue
+ * Since not all extensions are known, the {@code getExtensionValue}
  * method returns the DER-encoded OCTET STRING of the
- * extension value (i.e., the extnValue). This can then
+ * extension value (i.e., the {@code extnValue}). This can then
  * be handled by a Class that understands the extension.
  *
  * @author Hemma Prafullchandra
@@ -72,8 +72,8 @@
     /**
      * Check if there is a critical extension that is not supported.
      *
-     * @return true if a critical extension is found that is
-     * not supported, otherwise false.
+     * @return {@code true} if a critical extension is found that is
+     * not supported, otherwise {@code false}.
      */
     public boolean hasUnsupportedCriticalExtension();
 
@@ -113,28 +113,28 @@
      *
      * Here is sample code to get a Set of non-critical extensions from an
      * X509CRL revoked certificate entry and print the OIDs:
-     * 

+     * 
{@code
      * CertificateFactory cf = null;
      * X509CRL crl = null;
      * try (InputStream inStrm = new FileInputStream("DER-encoded-CRL")) {
      *     cf = CertificateFactory.getInstance("X.509");
      *     crl = (X509CRL)cf.generateCRL(inStrm);
-     * }

+     * }
      *
-     * byte[] certData = <DER-encoded certificate data>
+     * byte[] certData = 
      * ByteArrayInputStream bais = new ByteArrayInputStream(certData);
      * X509Certificate cert = (X509Certificate)cf.generateCertificate(bais);
      * X509CRLEntry badCert =
-     *              crl.getRevokedCertificate(cert.getSerialNumber());

+     *              crl.getRevokedCertificate(cert.getSerialNumber());
      *
      * if (badCert != null) {
-     *     Set nonCritSet = badCert.getNonCriticalExtensionOIDs();

+     *     Set nonCritSet = badCert.getNonCriticalExtensionOIDs();
      *     if (nonCritSet != null)
      *         for (String oid : nonCritSet) {
      *             System.out.println(oid);
      *         }
      * }
-     * 

+     * }

      *
      * @return a Set (or an empty Set if none are marked non-critical) of
      * the extension OID strings for extensions that are marked non-critical.
@@ -145,9 +145,9 @@
 
     /**
      * Gets the DER-encoded OCTET string for the extension value
-     * (extnValue) identified by the passed-in oid
+     * (extnValue) identified by the passed-in {@code oid}
      * String.
-     * The oid string is
+     * The {@code oid} string is
      * represented by a set of nonnegative whole numbers separated
      * by periods.
      *