--- a/jdk/src/java.base/share/classes/java/security/Key.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/Key.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@
* </pre>
*
* For more information, see
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280:
* Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>.
*
* <LI>A Format
--- a/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,8 +27,8 @@
/**
* The CRLReason enumeration specifies the reason that a certificate
- * is revoked, as defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
- * RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL
+ * is revoked, as defined in <a href="http://tools.ietf.org/html/rfc5280">
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL
* Profile</a>.
*
* @author Sean Mullan
--- a/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
/**
* The {@code PKIXReason} enumerates the potential PKIX-specific reasons
* that an X.509 certification path may be invalid according to the PKIX
- * (RFC 3280) standard. These reasons are in addition to those of the
+ * (RFC 5280) standard. These reasons are in addition to those of the
* {@code CertPathValidatorException.BasicReason} enumeration.
*
* @since 1.7
--- a/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,7 @@
* The name constraints are specified as a byte array. This byte array
* should contain the DER encoded form of the name constraints, as they
* would appear in the NameConstraints structure defined in
- * <a href="http://www.ietf.org/rfc/rfc3280">RFC 3280</a>
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>
* and X.509. The ASN.1 definition of this structure appears below.
*
* <pre>{@code
@@ -140,7 +140,7 @@
* <p>
* The name constraints are specified as a byte array. This byte array
* contains the DER encoded form of the name constraints, as they
- * would appear in the NameConstraints structure defined in RFC 3280
+ * would appear in the NameConstraints structure defined in RFC 5280
* and X.509. The ASN.1 notation for this structure is supplied in the
* documentation for
* {@link #TrustAnchor(X509Certificate, byte[])
@@ -179,7 +179,7 @@
* <p>
* The name constraints are specified as a byte array. This byte array
* contains the DER encoded form of the name constraints, as they
- * would appear in the NameConstraints structure defined in RFC 3280
+ * would appear in the NameConstraints structure defined in RFC 5280
* and X.509. The ASN.1 notation for this structure is supplied in the
* documentation for
* {@link #TrustAnchor(X509Certificate, byte[])
@@ -294,7 +294,7 @@
* <p>
* The name constraints are returned as a byte array. This byte array
* contains the DER encoded form of the name constraints, as they
- * would appear in the NameConstraints structure defined in RFC 3280
+ * would appear in the NameConstraints structure defined in RFC 5280
* and X.509. The ASN.1 notation for this structure is supplied in the
* documentation for
* {@link #TrustAnchor(X509Certificate, byte[])
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,7 @@
* </pre>
* <p>
* More information can be found in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
* Public Key Infrastructure Certificate and CRL Profile</a>.
* <p>
* The ASN.1 definition of {@code tbsCertList} is:
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,7 @@
* {@link CertStore#getCRLs CertStore.getCRLs} or some similar
* method.
* <p>
- * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
+ * Please refer to <a href="http://tools.ietf.org/html/rfc5280">RFC 5280:
* Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>
* for definitions of the X.509 CRL fields and extensions mentioned below.
* <p>
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -65,7 +65,7 @@
* number. Other unique combinations include the issuer, subject,
* subjectKeyIdentifier and/or the subjectPublicKey criteria.
* <p>
- * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
+ * Please refer to <a href="http://tools.ietf.org/html/rfc5280">RFC 5280:
* Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a> for
* definitions of the X.509 certificate extensions mentioned below.
* <p>
@@ -728,7 +728,7 @@
* The name is provided in string format.
* <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI
* names use the well-established string formats for those types (subject to
- * the restrictions included in RFC 3280). IPv4 address names are
+ * the restrictions included in RFC 5280). IPv4 address names are
* supplied using dotted quad notation. OID address names are represented
* as a series of nonnegative integers separated by periods. And
* directory names (distinguished names) are supplied in RFC 2253 format.
@@ -746,7 +746,7 @@
* String form of some distinguished names.
*
* @param type the name type (0-8, as specified in
- * RFC 3280, section 4.2.1.7)
+ * RFC 5280, section 4.2.1.6)
* @param name the name in string form (not {@code null})
* @throws IOException if a parsing error occurs
*/
@@ -770,7 +770,7 @@
* <p>
* The name is provided as a byte array. This byte array should contain
* the DER encoded name, as it would appear in the GeneralName structure
- * defined in RFC 3280 and X.509. The encoded byte array should only contain
+ * defined in RFC 5280 and X.509. The encoded byte array should only contain
* the encoded value of the name, and should not include the tag associated
* with the name in the GeneralName structure. The ASN.1 definition of this
* structure appears below.
@@ -806,7 +806,7 @@
* must contain the specified subjectAlternativeName.
*
* @param type the name type (0-8, as specified in
- * RFC 3280, section 4.2.1.7)
+ * RFC 5280, section 4.2.1.6)
* @param name the name in string or byte array form
* @throws IOException if a parsing error occurs
*/
@@ -995,7 +995,7 @@
* <p>
* The name constraints are specified as a byte array. This byte array
* should contain the DER encoded form of the name constraints, as they
- * would appear in the NameConstraints structure defined in RFC 3280
+ * would appear in the NameConstraints structure defined in RFC 5280
* and X.509. The ASN.1 definition of this structure appears below.
*
* <pre>{@code
@@ -1197,7 +1197,7 @@
* <p>
* The name is provided in string format. RFC 822, DNS, and URI names
* use the well-established string formats for those types (subject to
- * the restrictions included in RFC 3280). IPv4 address names are
+ * the restrictions included in RFC 5280). IPv4 address names are
* supplied using dotted quad notation. OID address names are represented
* as a series of nonnegative integers separated by periods. And
* directory names (distinguished names) are supplied in RFC 2253 format.
@@ -1214,7 +1214,7 @@
* String form of some distinguished names.
*
* @param type the name type (0-8, as specified in
- * RFC 3280, section 4.2.1.7)
+ * RFC 5280, section 4.2.1.6)
* @param name the name in string form
* @throws IOException if a parsing error occurs
*/
@@ -1234,7 +1234,7 @@
* <p>
* The name is provided as a byte array. This byte array should contain
* the DER encoded name, as it would appear in the GeneralName structure
- * defined in RFC 3280 and X.509. The ASN.1 definition of this structure
+ * defined in RFC 5280 and X.509. The ASN.1 definition of this structure
* appears in the documentation for
* {@link #addSubjectAlternativeName(int type, byte [] name)
* addSubjectAlternativeName(int type, byte [] name)}.
@@ -1243,7 +1243,7 @@
* subsequent modifications.
*
* @param type the name type (0-8, as specified in
- * RFC 3280, section 4.2.1.7)
+ * RFC 5280, section 4.2.1.6)
* @param name a byte array containing the name in ASN.1 DER encoded form
* @throws IOException if a parsing error occurs
*/
@@ -1258,7 +1258,7 @@
* the specified pathToName.
*
* @param type the name type (0-8, as specified in
- * RFC 3280, section 4.2.1.7)
+ * RFC 5280, section 4.2.1.6)
* @param name the name in string or byte array form
* @throws IOException if an encoding error occurs (incorrect form for DN)
*/
@@ -1715,7 +1715,7 @@
* <p>
* The name constraints are returned as a byte array. This byte array
* contains the DER encoded form of the name constraints, as they
- * would appear in the NameConstraints structure defined in RFC 3280
+ * would appear in the NameConstraints structure defined in RFC 5280
* and X.509. The ASN.1 notation for this structure is supplied in the
* documentation for
* {@link #setNameConstraints(byte [] bytes) setNameConstraints(byte [] bytes)}.
--- a/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@
* CA such as a "root" CA.
* <p>
* More information can be found in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
* Public Key Infrastructure Certificate and CRL Profile</a>.
* <p>
* The ASN.1 definition of {@code tbsCertificate} is:
@@ -408,7 +408,7 @@
* Gets the {@code issuerUniqueID} value from the certificate.
* The issuer unique identifier is present in the certificate
* to handle the possibility of reuse of issuer names over time.
- * RFC 3280 recommends that names not be reused and that
+ * RFC 5280 recommends that names not be reused and that
* conforming certificates not make use of unique identifiers.
* Applications conforming to that profile should be capable of
* parsing unique identifiers and making comparisons.
@@ -459,7 +459,7 @@
* encipherOnly (7),
* decipherOnly (8) }
* </pre>
- * RFC 3280 recommends that when used, this be marked
+ * RFC 5280 recommends that when used, this be marked
* as a critical extension.
*
* @return the KeyUsage extension of this certificate, represented as
@@ -572,7 +572,7 @@
* <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI
* names are returned as {@code String}s,
* using the well-established string formats for those types (subject to
- * the restrictions included in RFC 3280). IPv4 address names are
+ * the restrictions included in RFC 5280). IPv4 address names are
* returned using dotted quad notation. IPv6 address names are returned
* in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
* representing the eight 16-bit pieces of the address. OID names are
--- a/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,13 +41,13 @@
* of the distinguished name, or by using the ASN.1 DER encoded byte
* representation of the distinguished name. The current specification
* for the string representation of a distinguished name is defined in
- * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253: Lightweight
+ * <a href="http://tools.ietf.org/html/rfc2253">RFC 2253: Lightweight
* Directory Access Protocol (v3): UTF-8 String Representation of
* Distinguished Names</a>. This class, however, accepts string formats from
- * both RFC 2253 and <a href="http://www.ietf.org/rfc/rfc1779.txt">RFC 1779:
+ * both RFC 2253 and <a href="http://tools.ietf.org/html/rfc1779">RFC 1779:
* A String Representation of Distinguished Names</a>, and also recognizes
* attribute type keywords whose OIDs (Object Identifiers) are defined in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
* Public Key Infrastructure Certificate and CRL Profile</a>.
*
* <p> The string representation for this {@code X500Principal}
@@ -108,7 +108,7 @@
* (and listed in {@link #getName(String format) getName(String format)}),
* as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS,
* GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object
- * Identifiers (OIDs) are defined in RFC 3280 and its successor.
+ * Identifiers (OIDs) are defined in RFC 5280.
* Any other attribute type must be specified as an OID.
*
* <p>This implementation enforces a more restrictive OID syntax than
@@ -456,7 +456,7 @@
* (obtained via the {@code getName(X500Principal.CANONICAL)} method)
* of this object and <i>o</i> are equal.
*
- * <p> This implementation is compliant with the requirements of RFC 3280.
+ * <p> This implementation is compliant with the requirements of RFC 5280.
*
* @param o Object to be compared for equality with this
* {@code X500Principal}
--- a/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,15 +31,15 @@
* <h2>Package Specification</h2>
*
* <ul>
- * <li><a href="http://www.ietf.org/rfc/rfc1779.txt">
+ * <li><a href="http://tools.ietf.org/html/rfc1779">
* RFC 1779: A String Representation of Distinguished Names</a></li>
- * <li><a href="http://www.ietf.org/rfc/rfc2253.txt">
+ * <li><a href="http://tools.ietf.org/html/rfc2253">
* RFC 2253: Lightweight Directory Access Protocol (v3):
* UTF-8 String Representation of Distinguished Names</a></li>
- * <li><a href="http://www.ietf.org/rfc/rfc3280.txt">
- * RFC 3280: Internet X.509 Public Key Infrastructure
+ * <li><a href="http://tools.ietf.org/html/rfc5280">
+ * RFC 5280: Internet X.509 Public Key Infrastructure
* Certificate and Certificate Revocation List (CRL) Profile</a></li>
- * <li><a href="http://www.ietf.org/rfc/rfc4512.txt">
+ * <li><a href="http://tools.ietf.org/html/rfc4512">
* RFC 4512: Lightweight Directory Access Protocol (LDAP):
* Directory Information Models</a></li>
* </ul>
--- a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -64,7 +64,7 @@
* and CRLs. Aliases for X.509 are X509.
*
* - PKIX is the certification path validation algorithm described
- * in RFC 3280. The ValidationAlgorithm attribute notes the
+ * in RFC 5280. The ValidationAlgorithm attribute notes the
* specification that this provider implements.
*
* - LDAP is the CertStore type for LDAP repositories. The
@@ -250,7 +250,7 @@
map.put("CertPathBuilder.PKIX",
"sun.security.provider.certpath.SunCertPathBuilder");
map.put("CertPathBuilder.PKIX ValidationAlgorithm",
- "RFC3280");
+ "RFC5280");
/*
* CertPathValidator
@@ -258,7 +258,7 @@
map.put("CertPathValidator.PKIX",
"sun.security.provider.certpath.PKIXCertPathValidator");
map.put("CertPathValidator.PKIX ValidationAlgorithm",
- "RFC3280");
+ "RFC5280");
/*
* CertStores
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java Tue Oct 07 22:23:19 2014 -0700
@@ -434,7 +434,7 @@
}
if (indirectCRL) {
if (pointCrlIssuers.size() != 1) {
- // RFC 3280: there must be only 1 CRL issuer
+ // RFC 5280: there must be only 1 CRL issuer
// name when relativeName is present
if (debug != null) {
debug.println("must only be one CRL " +
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -578,7 +578,7 @@
}
/**
- * Rewrite leaf nodes at the end of validation as described in RFC 3280
+ * Rewrite leaf nodes at the end of validation as described in RFC 5280
* section 6.1.5: Step (g)(iii). Leaf nodes with anyPolicy are replaced
* by nodes explicitly representing initial policies not already
* represented by leaf nodes.
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,7 +56,7 @@
private PolicyNodeImpl mParent;
private HashSet<PolicyNodeImpl> mChildren;
- // the 4 fields specified by RFC 3280
+ // the 4 fields specified by RFC 5280
private String mValidPolicy;
private HashSet<PolicyQualifierInfo> mQualifierSet;
private boolean mCriticalityIndicator;
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java Tue Oct 07 22:23:19 2014 -0700
@@ -472,9 +472,9 @@
" ---checking revocation status ...");
}
- // reject circular dependencies - RFC 3280 is not explicit on how
- // to handle this, so we feel it is safest to reject them until
- // the issue is resolved in the PKIX WG.
+ // Reject circular dependencies - RFC 5280 is not explicit on how
+ // to handle this, but does suggest that they can be a security
+ // risk and can create unresolvable dependencies
if (stackedCerts != null && stackedCerts.contains(cert)) {
if (debug != null) {
debug.println("RevocationChecker.checkCRLs()" +
@@ -628,7 +628,7 @@
/*
* Abort CRL validation and throw exception if there are any
* unrecognized critical CRL entry extensions (see section
- * 5.3 of RFC 3280).
+ * 5.3 of RFC 5280).
*/
Set<String> unresCritExts = entry.getCriticalExtensionOIDs();
if (unresCritExts != null && !unresCritExts.isEmpty()) {
@@ -880,9 +880,9 @@
" ---checking " + msg + "...");
}
- // reject circular dependencies - RFC 3280 is not explicit on how
- // to handle this, so we feel it is safest to reject them until
- // the issue is resolved in the PKIX WG.
+ // Reject circular dependencies - RFC 5280 is not explicit on how
+ // to handle this, but does suggest that they can be a security
+ // risk and can create unresolvable dependencies
if ((stackedCerts != null) && stackedCerts.contains(cert)) {
if (debug != null) {
debug.println(
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@
* <p> If successful, it returns a certification path which has successfully
* satisfied all the constraints and requirements specified in the
* PKIXBuilderParameters object and has been validated according to the PKIX
- * path validation algorithm defined in RFC 3280.
+ * path validation algorithm defined in RFC 5280.
*
* <p> This implementation uses a depth-first search approach to finding
* certification paths. If it comes to a point in which it cannot find
--- a/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -285,7 +285,7 @@
* YYMMDDhhmmss-hhmm
* UTC Time is broken in storing only two digits of year.
* If YY < 50, we assume 20YY;
- * if YY >= 50, we assume 19YY, as per RFC 3280.
+ * if YY >= 50, we assume 19YY, as per RFC 5280.
*
* Generalized time has a four-digit year and allows any
* precision specified in ISO 8601. However, for our purposes,
--- a/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java Tue Oct 07 22:23:19 2014 -0700
@@ -461,7 +461,7 @@
* Marshals a DER UTC time/date value.
*
* <P>YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time
- * and with seconds (even if seconds=0) as per RFC 3280.
+ * and with seconds (even if seconds=0) as per RFC 5280.
*/
public void putUTCTime(Date d) throws IOException {
putTime(d, DerValue.tag_UtcTime);
@@ -471,7 +471,7 @@
* Marshals a DER Generalized Time/date value.
*
* <P>YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time
- * and with seconds (even if seconds=0) as per RFC 3280.
+ * and with seconds (even if seconds=0) as per RFC 5280.
*/
public void putGeneralizedTime(Date d) throws IOException {
putTime(d, DerValue.tag_GeneralizedTime);
--- a/jdk/src/java.base/share/classes/sun/security/util/DerValue.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerValue.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,8 +45,8 @@
* (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data).
*
* A note with respect to T61/Teletex strings: From RFC 1617, section 4.1.3
- * and RFC 3280, section 4.1.2.4., we assume that this kind of string will
- * contain ISO-8859-1 characters only.
+ * and RFC 5280, section 8, we assume that this kind of string will contain
+ * ISO-8859-1 characters only.
*
*
* @author David Brownell
--- a/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,7 +43,7 @@
* certificate that identifies the specific OCSP Responder to use when
* performing on-line validation of that certificate.
* <p>
- * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
+ * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280">
* Internet X.509 PKI Certificate and Certificate Revocation List
* (CRL) Profile</a>. The profile permits
* the extension to be included in end-entity or CA certificates,
--- a/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -44,7 +44,7 @@
* <p>
* If used by conforming CRL issuers, this extension is always
* critical. If an implementation ignored this extension it could not
- * correctly attribute CRL entries to certificates. PKIX (RFC 3280)
+ * correctly attribute CRL entries to certificates. PKIX (RFC 5280)
* RECOMMENDS that implementations recognize this extension.
* <p>
* The ASN.1 definition for this is:
--- a/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
*
* <p>
* The extension is defined in Section 5.2.4 of
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific
+ * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
ate and Certificate Revocation List (CRL) Profile</a>.
*
* <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -94,7 +94,7 @@
public static final String NAME = "ExtendedKeyUsage";
public static final String USAGES = "usages";
- // OID defined in RFC 3280 Sections 4.2.1.13
+ // OID defined in RFC 5280 Sections 4.2.1.12
// more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
private static final Map <ObjectIdentifier, String> map =
new HashMap <ObjectIdentifier, String> ();
--- a/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@
*
* <p>
* The extension is defined in Section 5.2.6 of
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific
+ * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
ate and Certificate Revocation List (CRL) Profile</a>.
*
* <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,7 @@
import sun.security.util.*;
/**
- * From RFC 3280:
+ * From RFC 5280:
* <p>
* The invalidity date is a non-critical CRL entry extension that
* provides the date on which it is known or suspected that the private
--- a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@
*
* <p>
* The extension is defined in Section 5.2.5 of
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific
+ * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
ate and Certificate Revocation List (CRL) Profile</a>.
*
* <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -341,7 +341,7 @@
/*
* Returns a printable form of this RDN, using RFC 1779 style catenation
* of attribute/value assertions, and emitting attribute type keywords
- * from RFCs 1779, 2253, and 3280.
+ * from RFCs 1779, 2253, and 5280.
*/
public String toString() {
if (assertion.length == 1) {
--- a/jdk/src/java.base/share/classes/sun/security/x509/README Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/README Tue Oct 07 22:23:19 2014 -0700
@@ -34,7 +34,7 @@
Protocol (LDAP) that many organizations are expecting will help
address online certificate distribution over the Internet.
- RFC 3280, which describes the Internet X.509 Public Key
+ RFC 5280, which describes the Internet X.509 Public Key
Infrastructure Certificate and CRL Profile.
RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which
--- a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -47,7 +47,7 @@
* included in end entity or CA certificates. Conforming CAs MUST mark
* this extension as non-critical.
* <p>
- * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
+ * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280">
* Internet X.509 PKI Certificate and Certificate Revocation List
* (CRL) Profile</a>. The profile permits
* the extension to be included in end-entity or CA certificates,
--- a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,15 +35,15 @@
* This class implements the URIName as required by the GeneralNames
* ASN.1 object.
* <p>
- * [RFC3280] When the subjectAltName extension contains a URI, the name MUST be
+ * [RFC5280] When the subjectAltName extension contains a URI, the name MUST be
* stored in the uniformResourceIdentifier (an IA5String). The name MUST
* be a non-relative URL, and MUST follow the URL syntax and encoding
- * rules specified in [RFC 1738]. The name must include both a scheme
+ * rules specified in [RFC 3986]. The name must include both a scheme
* (e.g., "http" or "ftp") and a scheme-specific-part. The scheme-
* specific-part must include a fully qualified domain name or IP
* address as the host.
* <p>
- * As specified in [RFC 1738], the scheme name is not case-sensitive
+ * As specified in [RFC 3986], the scheme name is not case-sensitive
* (e.g., "http" is equivalent to "HTTP"). The host part is also not
* case-sensitive, but other components of the scheme-specific-part may
* be case-sensitive. When comparing URIs, conforming implementations
@@ -113,7 +113,7 @@
}
host = uri.getHost();
- // RFC 3280 says that the host should be non-null, but we allow it to
+ // RFC 5280 says that the host should be non-null, but we allow it to
// be null because some widely deployed certificates contain CDP
// extensions with URIs that have no hostname (see bugs 4802236 and
// 5107944).
@@ -148,7 +148,7 @@
/**
* Create the URIName object with the specified name constraint. URI
* name constraints syntax is different than SubjectAltNames, etc. See
- * 4.2.1.11 of RFC 3280.
+ * 4.2.1.10 of RFC 5280.
*
* @param value the URI name constraint
* @throws IOException if name is not a proper URI name constraint
@@ -300,7 +300,7 @@
* These results are used in checking NameConstraints during
* certification path verification.
* <p>
- * RFC3280: For URIs, the constraint applies to the host part of the name.
+ * RFC5280: For URIs, the constraint applies to the host part of the name.
* The constraint may specify a host or a domain. Examples would be
* "foo.bar.com"; and ".xyz.com". When the the constraint begins with
* a period, it may be expanded with one or more subdomains. That is,
--- a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -605,7 +605,7 @@
* Returns a string form of the X.500 distinguished name.
* The format of the string is from RFC 1779. The returned string
* may contain non-standardised keywords for more readability
- * (keywords from RFCs 1779, 2253, and 3280).
+ * (keywords from RFCs 1779, 2253, and 5280).
*/
public String toString() {
if (dn == null) {
@@ -866,7 +866,7 @@
* O="Sue, Grabbit and Runn" or
* O=Sue\, Grabbit and Runn
*
- * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 3280
+ * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 5280
* keywords. Additional keywords can be specified in the keyword/OID map.
*/
private void parseDN(String input, Map<String, String> keywordMap)
@@ -1122,7 +1122,7 @@
/*
* Selected OIDs from X.520
- * Includes all those specified in RFC 3280 as MUST or SHOULD
+ * Includes all those specified in RFC 5280 as MUST or SHOULD
* be recognized
*/
private static final int commonName_data[] = { 2, 5, 4, 3 };
@@ -1220,7 +1220,7 @@
ipAddress_oid = intern(ObjectIdentifier.newInternal(ipAddress_data));
/*
- * Domain component OID from RFC 1274, RFC 2247, RFC 3280
+ * Domain component OID from RFC 1274, RFC 2247, RFC 5280
*/
/*
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@
* signature BIT STRING }
* </pre>
* More information can be found in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
* Public Key Infrastructure Certificate and CRL Profile</a>.
* <p>
* The ASN.1 definition of <code>tbsCertList</code> is:
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -708,7 +708,7 @@
}
/*
- * Verify if X.509 V3 Certificate is compliant with RFC 3280.
+ * Verify if X.509 V3 Certificate is compliant with RFC 5280.
*/
private void verifyCert(X500Name subject,
CertificateExtensions extensions)
--- a/jdk/src/java.base/share/conf/security/java.security Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/java.base/share/conf/security/java.security Tue Oct 07 22:23:19 2014 -0700
@@ -345,7 +345,7 @@
# By default, the location of the OCSP responder is determined implicitly
# from the certificate being validated. This property explicitly specifies
# the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
+# Authority Information Access extension (defined in RFC 5280) is absent
# from the certificate or when it requires overriding.
#
# Example,
--- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java Tue Oct 07 19:22:24 2014 -0700
+++ b/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java Tue Oct 07 22:23:19 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -140,7 +140,7 @@
/**
* Examine the certificate for a Subject Information Access extension
- * (<a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280</a>).
+ * (<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>).
* The extension's <tt>accessMethod</tt> field should contain the object
* identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its
* <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL.