--- a/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -770,7 +770,7 @@
*
* In practice, conforming CAs MUST use the key identifier method,
* and MUST include authority key identifier extension in all CRLs
- * issued. [section 5.2.1, RFC 2459]
+ * issued. [section 5.2.1, RFC 5280]
*/
AuthorityKeyIdentifierExtension crlAKID = crl.getAuthKeyIdExtension();
issuerSelector.setSkiAndSerialNumber(crlAKID);
--- a/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/provider/certpath/ForwardBuilder.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -668,7 +668,7 @@
* Verifies a matching certificate.
*
* This method executes the validation steps in the PKIX path
- * validation algorithm <draft-ietf-pkix-new-part1-08.txt> which were
+ * validation algorithm, RFC 5280, which were
* not satisfied by the selection criteria used by getCertificates()
* to find the certs and only the steps that can be executed in a
* forward direction (target to trust anchor). Those steps that can
--- a/src/java.base/share/classes/sun/security/x509/AVA.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/AVA.java Wed Dec 19 18:21:38 2018 +0000
@@ -1045,7 +1045,7 @@
if (valStr == null) {
- // rfc1779 specifies that attribute values associated
+ // RFC 1779 specifies that attribute values associated
// with non-standard keyword attributes may be represented
// using the hex format below. This will be used only
// when the value is not a string type
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java Wed Dec 19 18:21:38 2018 +0000
@@ -166,15 +166,15 @@
// Several AlgorithmId should omit the whole parameter part when
// it's NULL. They are ---
- // rfc3370 2.1: Implementations SHOULD generate SHA-1
+ // RFC 3370 2.1: Implementations SHOULD generate SHA-1
// AlgorithmIdentifiers with absent parameters.
- // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
+ // RFC 3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
// id-sha512 are used in an AlgorithmIdentifier the parameters
// (which are optional) SHOULD be omitted.
- // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
+ // RFC 3279 2.3.2: The id-dsa algorithm syntax includes optional
// domain parameters... When omitted, the parameters component
// MUST be omitted entirely
- // rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier
+ // RFC 3370 3.1: When the id-dsa-with-sha1 algorithm identifier
// is used, the AlgorithmIdentifier parameters field MUST be absent.
/*if (
algid.equals((Object)SHA_oid) ||
--- a/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/CertificatePoliciesExtension.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
* certificate.
* <p>
* Optional qualifiers are not supported in this implementation, as they are
- * not recommended by RFC2459.
+ * not recommended by RFC 5280.
*
* The ASN.1 syntax for this is (IMPLICIT tagging is defined in the
* module definition):
--- a/src/java.base/share/classes/sun/security/x509/DNSName.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/DNSName.java Wed Dec 19 18:21:38 2018 +0000
@@ -181,7 +181,7 @@
* For example, www.host.example.com would satisfy the constraint but
* host1.example.com would not.
* <p>
- * draft-ietf-pkix-new-part1-00.txt: DNSName restrictions are expressed as foo.bar.com.
+ * RFC 5280: DNSName restrictions are expressed as foo.bar.com.
* Any DNSName that
* can be constructed by simply adding to the left hand side of the name
* satisfies the name constraint. For example, www.foo.bar.com would
--- a/src/java.base/share/classes/sun/security/x509/IPAddressName.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/IPAddressName.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,27 +37,27 @@
/**
* This class implements the IPAddressName as required by the GeneralNames
* ASN.1 object. Both IPv4 and IPv6 addresses are supported using the
- * formats specified in IETF PKIX RFC2459.
+ * formats specified in IETF PKIX RFC 5280.
* <p>
- * [RFC2459 4.2.1.7 Subject Alternative Name]
- * When the subjectAltName extension contains a iPAddress, the address
- * MUST be stored in the octet string in "network byte order," as
- * specified in RFC 791. The least significant bit (LSB) of
- * each octet is the LSB of the corresponding byte in the network
- * address. For IP Version 4, as specified in RFC 791, the octet string
- * MUST contain exactly four octets. For IP Version 6, as specified in
- * RFC 1883, the octet string MUST contain exactly sixteen octets.
+ * [RFC 5280 4.2.1.6 Subject Alternative Name]
+ * When the subjectAltName extension contains an iPAddress, the address
+ * MUST be stored in the octet string in "network byte order", as
+ * specified in [RFC791]. The least significant bit (LSB) of each octet
+ * is the LSB of the corresponding byte in the network address. For IP
+ * version 4, as specified in [RFC791], the octet string MUST contain
+ * exactly four octets. For IP version 6, as specified in
+ * [RFC 2460], the octet string MUST contain exactly sixteen octets.
* <p>
- * [RFC2459 4.2.1.11 Name Constraints]
- * The syntax of iPAddress MUST be as described in section 4.2.1.7 with
- * the following additions specifically for Name Constraints. For IPv4
- * addresses, the ipAddress field of generalName MUST contain eight (8)
- * octets, encoded in the style of RFC 1519 (CIDR) to represent an
- * address range.[RFC 1519] For IPv6 addresses, the ipAddress field
+ * [RFC 5280 4.2.1.10 Name Constraints]
+ * The syntax of iPAddress MUST be as described in Section 4.2.1.6 with
+ * the following additions specifically for name constraints. For IPv4
+ * addresses, the iPAddress field of GeneralName MUST contain eight (8)
+ * octets, encoded in the style of RFC 4632 (CIDR) to represent an
+ * address range [RFC 4632]. For IPv6 addresses, the iPAddress field
* MUST contain 32 octets similarly encoded. For example, a name
- * constraint for "class C" subnet 10.9.8.0 shall be represented as the
- * octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation
- * 10.9.8.0/255.255.255.0.
+ * constraint for "class C" subnet 192.0.2.0 is represented as the
+ * octets C0 00 02 00 FF FF FF 00, representing the CIDR notation
+ * 192.0.2.0/24 (mask 255.255.255.0).
* <p>
* @see GeneralName
* @see GeneralNameInterface
@@ -376,15 +376,16 @@
* </ul>. These results are used in checking NameConstraints during
* certification path verification.
* <p>
- * [RFC2459] The syntax of iPAddress MUST be as described in section
- * 4.2.1.7 with the following additions specifically for Name Constraints.
- * For IPv4 addresses, the ipAddress field of generalName MUST contain
- * eight (8) octets, encoded in the style of RFC 1519 (CIDR) to represent an
- * address range.[RFC 1519] For IPv6 addresses, the ipAddress field
+ * [RFC 5280 4.2.1.10 Name Constraints]
+ * The syntax of iPAddress MUST be as described in Section 4.2.1.6 with
+ * the following additions specifically for name constraints. For IPv4
+ * addresses, the iPAddress field of GeneralName MUST contain eight (8)
+ * octets, encoded in the style of RFC 4632 (CIDR) to represent an
+ * address range [RFC 4632]. For IPv6 addresses, the iPAddress field
* MUST contain 32 octets similarly encoded. For example, a name
- * constraint for "class C" subnet 10.9.8.0 shall be represented as the
- * octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation
- * 10.9.8.0/255.255.255.0.
+ * constraint for "class C" subnet 192.0.2.0 is represented as the
+ * octets C0 00 02 00 FF FF FF 00, representing the CIDR notation
+ * 192.0.2.0/24 (mask 255.255.255.0).
*
* @param inputName to be checked for being constrained
* @return constraint type above
--- a/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/KeyIdentifier.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1999, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@
/**
* Creates a KeyIdentifier from a public-key value.
*
- * <p>From RFC2459: Two common methods for generating key identifiers from
+ * <p>From RFC 5280: Two common methods for generating key identifiers from
* the public key are:
* <ol>
* <li>The keyIdentifier is composed of the 160-bit SHA-1 hash of the
--- a/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -326,7 +326,7 @@
* expanded by a merge, just remain constant or become more
* limiting.
* <p>
- * IETF RFC2459 specifies the processing of Name Constraints as
+ * IETF RFC 5280 specifies the processing of Name Constraints as
* follows:
* <p>
* (j) If permittedSubtrees is present in the certificate, set the
--- a/src/java.base/share/classes/sun/security/x509/OIDName.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/OIDName.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -156,7 +156,7 @@
else if (this.equals((OIDName)inputName))
constraintType = NAME_MATCH;
else
- //widens and narrows not defined in RFC2459 for OIDName (aka registeredID)
+ //widens and narrows not defined in RFC 5280 for OIDName (aka registeredID)
throw new UnsupportedOperationException("Narrowing and widening are not supported for OIDNames");
return constraintType;
}
--- a/src/java.base/share/classes/sun/security/x509/RFC822Name.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/RFC822Name.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -68,7 +68,7 @@
/**
* Parse an RFC822Name string to see if it is a valid
- * addr-spec according to IETF RFC822 and RFC2459:
+ * addr-spec according to IETF RFC 822 and RFC 5280:
* [local-part@]domain
* <p>
* local-part@ could be empty for an RFC822Name NameConstraint,
@@ -131,7 +131,7 @@
* Compares this name with another, for equality.
*
* @return true iff the names are equivalent
- * according to RFC2459.
+ * according to RFC 5280.
*/
public boolean equals(Object obj) {
if (this == obj)
@@ -142,7 +142,7 @@
RFC822Name other = (RFC822Name)obj;
- // RFC2459 mandates that these names are
+ // RFC 5280 mandates that these names are
// not case-sensitive
return name.equalsIgnoreCase(other.name);
}
@@ -166,14 +166,15 @@
* </ul>. These results are used in checking NameConstraints during
* certification path verification.
* <p>
- * [RFC2459] When the subjectAltName extension contains an Internet mail address,
- * the address MUST be included as an rfc822Name. The format of an
- * rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. An
- * addr-spec has the form "local-part@domain". Note that an addr-spec
- * has no phrase (such as a common name) before it, has no comment (text
+ *
+ * [RFC 5280]:
+ * When the subjectAltName extension contains an Internet mail address,
+ * the address MUST be stored in the rfc822Name. The format of an
+ * rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821].
+ * A Mailbox has the form "Local-part@Domain". Note that a Mailbox has
+ * no phrase (such as a common name) before it, has no comment (text
* surrounded in parentheses) after it, and is not surrounded by "<" and
- * ">". Note that while upper and lower case letters are allowed in an
- * RFC 822 addr-spec, no significance is attached to the case.
+ * ">".
*
* @param inputName to be checked for being constrained
* @return constraint type above
@@ -187,7 +188,7 @@
else if (inputName.getType() != (GeneralNameInterface.NAME_RFC822)) {
constraintType = NAME_DIFF_TYPE;
} else {
- //RFC2459 specifies that case is not significant in RFC822Names
+ //RFC 5280 specifies that case is not significant in RFC822Names
String inName =
(((RFC822Name)inputName).getName()).toLowerCase(Locale.ENGLISH);
String thisName = name.toLowerCase(Locale.ENGLISH);
--- a/src/java.base/share/classes/sun/security/x509/URIName.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/URIName.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -213,7 +213,7 @@
/**
* Compares this name with another, for equality.
*
- * @return true iff the names are equivalent according to RFC2459.
+ * @return true iff the names are equivalent according to RFC 5280.
*/
public boolean equals(Object obj) {
if (this == obj) {
--- a/src/java.base/share/classes/sun/security/x509/X400Address.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/X400Address.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -403,7 +403,7 @@
else if (inputName.getType() != NAME_X400)
constraintType = NAME_DIFF_TYPE;
else
- //Narrowing, widening, and match constraints not defined in rfc2459 for X400Address
+ //Narrowing, widening, and match constraints not defined in RFC 5280 for X400Address
throw new UnsupportedOperationException("Narrowing, widening, and match are not supported for X400Address.");
return constraintType;
}
--- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java Wed Dec 19 08:32:48 2018 +0100
+++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java Wed Dec 19 18:21:38 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,14 +63,8 @@
* direct knowledge of each other. CA certificates are either signed by
* themselves, or by some other CA such as a "root" CA.
*
- * <P>RFC 1422 is very informative, though it does not describe much
- * of the recent work being done with X.509 certificates. That includes
- * a 1996 version (X.509v3) and a variety of enhancements being made to
- * facilitate an explosion of personal certificates used as "Internet
- * Drivers' Licences", or with SET for credit card transactions.
- *
- * <P>More recent work includes the IETF PKIX Working Group efforts,
- * especially RFC2459.
+ * <P> Standards relating to X.509 Public Key Infrastructure for the Internet
+ * can be referenced in RFC 5280.
*
* @author Dave Brownell
* @author Amit Kapoor