8214532: Update RFC 2459 references in javadoc to RFC 5280
Reviewed-by: mullan
This commit is contained in:
Sean Coffey
parent
c9d7dd0827
commit
36d0987f4d
src/java.base/share/classes/sun/security
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -770,7 +770,7 @@ public class DistributionPointFetcher {
|
||||
*
|
||||
* In practice, conforming CAs MUST use the key identifier method,
|
||||
* and MUST include authority key identifier extension in all CRLs
|
||||
* issued. [section 5.2.1, RFC 2459]
|
||||
* issued. [section 5.2.1, RFC 5280]
|
||||
*/
|
||||
AuthorityKeyIdentifierExtension crlAKID = crl.getAuthKeyIdExtension();
|
||||
issuerSelector.setSkiAndSerialNumber(crlAKID);
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -668,7 +668,7 @@ class ForwardBuilder extends Builder {
|
||||
* Verifies a matching certificate.
|
||||
*
|
||||
* This method executes the validation steps in the PKIX path
|
||||
* validation algorithm <draft-ietf-pkix-new-part1-08.txt> which were
|
||||
* validation algorithm, RFC 5280, which were
|
||||
* not satisfied by the selection criteria used by getCertificates()
|
||||
* to find the certs and only the steps that can be executed in a
|
||||
* forward direction (target to trust anchor). Those steps that can
|
||||
|
||||
@ -1045,7 +1045,7 @@ public class AVA implements DerEncoder {
|
||||
|
||||
if (valStr == null) {
|
||||
|
||||
// rfc1779 specifies that attribute values associated
|
||||
// RFC 1779 specifies that attribute values associated
|
||||
// with non-standard keyword attributes may be represented
|
||||
// using the hex format below. This will be used only
|
||||
// when the value is not a string type
|
||||
|
||||
@ -166,15 +166,15 @@ public class AlgorithmId implements Serializable, DerEncoder {
|
||||
|
||||
// Several AlgorithmId should omit the whole parameter part when
|
||||
// it's NULL. They are ---
|
||||
// rfc3370 2.1: Implementations SHOULD generate SHA-1
|
||||
// RFC 3370 2.1: Implementations SHOULD generate SHA-1
|
||||
// AlgorithmIdentifiers with absent parameters.
|
||||
// rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
|
||||
// RFC 3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
|
||||
// id-sha512 are used in an AlgorithmIdentifier the parameters
|
||||
// (which are optional) SHOULD be omitted.
|
||||
// rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
|
||||
// RFC 3279 2.3.2: The id-dsa algorithm syntax includes optional
|
||||
// domain parameters... When omitted, the parameters component
|
||||
// MUST be omitted entirely
|
||||
// rfc3370 3.1: When the id-dsa-with-sha1 algorithm identifier
|
||||
// RFC 3370 3.1: When the id-dsa-with-sha1 algorithm identifier
|
||||
// is used, the AlgorithmIdentifier parameters field MUST be absent.
|
||||
/*if (
|
||||
algid.equals((Object)SHA_oid) ||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -45,7 +45,7 @@ import sun.security.util.DerOutputStream;
|
||||
* certificate.
|
||||
* <p>
|
||||
* Optional qualifiers are not supported in this implementation, as they are
|
||||
* not recommended by RFC2459.
|
||||
* not recommended by RFC 5280.
|
||||
*
|
||||
* The ASN.1 syntax for this is (IMPLICIT tagging is defined in the
|
||||
* module definition):
|
||||
|
||||
@ -181,7 +181,7 @@ public class DNSName implements GeneralNameInterface {
|
||||
* For example, www.host.example.com would satisfy the constraint but
|
||||
* host1.example.com would not.
|
||||
* <p>
|
||||
* draft-ietf-pkix-new-part1-00.txt: DNSName restrictions are expressed as foo.bar.com.
|
||||
* RFC 5280: DNSName restrictions are expressed as foo.bar.com.
|
||||
* Any DNSName that
|
||||
* can be constructed by simply adding to the left hand side of the name
|
||||
* satisfies the name constraint. For example, www.foo.bar.com would
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2002, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,27 +37,27 @@ import sun.security.util.DerValue;
|
||||
/**
|
||||
* This class implements the IPAddressName as required by the GeneralNames
|
||||
* ASN.1 object. Both IPv4 and IPv6 addresses are supported using the
|
||||
* formats specified in IETF PKIX RFC2459.
|
||||
* formats specified in IETF PKIX RFC 5280.
|
||||
* <p>
|
||||
* [RFC2459 4.2.1.7 Subject Alternative Name]
|
||||
* When the subjectAltName extension contains a iPAddress, the address
|
||||
* MUST be stored in the octet string in "network byte order," as
|
||||
* specified in RFC 791. The least significant bit (LSB) of
|
||||
* each octet is the LSB of the corresponding byte in the network
|
||||
* address. For IP Version 4, as specified in RFC 791, the octet string
|
||||
* MUST contain exactly four octets. For IP Version 6, as specified in
|
||||
* RFC 1883, the octet string MUST contain exactly sixteen octets.
|
||||
* [RFC 5280 4.2.1.6 Subject Alternative Name]
|
||||
* When the subjectAltName extension contains an iPAddress, the address
|
||||
* MUST be stored in the octet string in "network byte order", as
|
||||
* specified in [RFC791]. The least significant bit (LSB) of each octet
|
||||
* is the LSB of the corresponding byte in the network address. For IP
|
||||
* version 4, as specified in [RFC791], the octet string MUST contain
|
||||
* exactly four octets. For IP version 6, as specified in
|
||||
* [RFC 2460], the octet string MUST contain exactly sixteen octets.
|
||||
* <p>
|
||||
* [RFC2459 4.2.1.11 Name Constraints]
|
||||
* The syntax of iPAddress MUST be as described in section 4.2.1.7 with
|
||||
* the following additions specifically for Name Constraints. For IPv4
|
||||
* addresses, the ipAddress field of generalName MUST contain eight (8)
|
||||
* octets, encoded in the style of RFC 1519 (CIDR) to represent an
|
||||
* address range.[RFC 1519] For IPv6 addresses, the ipAddress field
|
||||
* [RFC 5280 4.2.1.10 Name Constraints]
|
||||
* The syntax of iPAddress MUST be as described in Section 4.2.1.6 with
|
||||
* the following additions specifically for name constraints. For IPv4
|
||||
* addresses, the iPAddress field of GeneralName MUST contain eight (8)
|
||||
* octets, encoded in the style of RFC 4632 (CIDR) to represent an
|
||||
* address range [RFC 4632]. For IPv6 addresses, the iPAddress field
|
||||
* MUST contain 32 octets similarly encoded. For example, a name
|
||||
* constraint for "class C" subnet 10.9.8.0 shall be represented as the
|
||||
* octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation
|
||||
* 10.9.8.0/255.255.255.0.
|
||||
* constraint for "class C" subnet 192.0.2.0 is represented as the
|
||||
* octets C0 00 02 00 FF FF FF 00, representing the CIDR notation
|
||||
* 192.0.2.0/24 (mask 255.255.255.0).
|
||||
* <p>
|
||||
* @see GeneralName
|
||||
* @see GeneralNameInterface
|
||||
@ -376,15 +376,16 @@ public class IPAddressName implements GeneralNameInterface {
|
||||
* </ul>. These results are used in checking NameConstraints during
|
||||
* certification path verification.
|
||||
* <p>
|
||||
* [RFC2459] The syntax of iPAddress MUST be as described in section
|
||||
* 4.2.1.7 with the following additions specifically for Name Constraints.
|
||||
* For IPv4 addresses, the ipAddress field of generalName MUST contain
|
||||
* eight (8) octets, encoded in the style of RFC 1519 (CIDR) to represent an
|
||||
* address range.[RFC 1519] For IPv6 addresses, the ipAddress field
|
||||
* [RFC 5280 4.2.1.10 Name Constraints]
|
||||
* The syntax of iPAddress MUST be as described in Section 4.2.1.6 with
|
||||
* the following additions specifically for name constraints. For IPv4
|
||||
* addresses, the iPAddress field of GeneralName MUST contain eight (8)
|
||||
* octets, encoded in the style of RFC 4632 (CIDR) to represent an
|
||||
* address range [RFC 4632]. For IPv6 addresses, the iPAddress field
|
||||
* MUST contain 32 octets similarly encoded. For example, a name
|
||||
* constraint for "class C" subnet 10.9.8.0 shall be represented as the
|
||||
* octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation
|
||||
* 10.9.8.0/255.255.255.0.
|
||||
* constraint for "class C" subnet 192.0.2.0 is represented as the
|
||||
* octets C0 00 02 00 FF FF FF 00, representing the CIDR notation
|
||||
* 192.0.2.0/24 (mask 255.255.255.0).
|
||||
*
|
||||
* @param inputName to be checked for being constrained
|
||||
* @return constraint type above
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 1999, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -63,7 +63,7 @@ public class KeyIdentifier {
|
||||
/**
|
||||
* Creates a KeyIdentifier from a public-key value.
|
||||
*
|
||||
* <p>From RFC2459: Two common methods for generating key identifiers from
|
||||
* <p>From RFC 5280: Two common methods for generating key identifiers from
|
||||
* the public key are:
|
||||
* <ol>
|
||||
* <li>The keyIdentifier is composed of the 160-bit SHA-1 hash of the
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -326,7 +326,7 @@ implements CertAttrSet<String>, Cloneable {
|
||||
* expanded by a merge, just remain constant or become more
|
||||
* limiting.
|
||||
* <p>
|
||||
* IETF RFC2459 specifies the processing of Name Constraints as
|
||||
* IETF RFC 5280 specifies the processing of Name Constraints as
|
||||
* follows:
|
||||
* <p>
|
||||
* (j) If permittedSubtrees is present in the certificate, set the
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -156,7 +156,7 @@ public class OIDName implements GeneralNameInterface {
|
||||
else if (this.equals((OIDName)inputName))
|
||||
constraintType = NAME_MATCH;
|
||||
else
|
||||
//widens and narrows not defined in RFC2459 for OIDName (aka registeredID)
|
||||
//widens and narrows not defined in RFC 5280 for OIDName (aka registeredID)
|
||||
throw new UnsupportedOperationException("Narrowing and widening are not supported for OIDNames");
|
||||
return constraintType;
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -68,7 +68,7 @@ public class RFC822Name implements GeneralNameInterface
|
||||
|
||||
/**
|
||||
* Parse an RFC822Name string to see if it is a valid
|
||||
* addr-spec according to IETF RFC822 and RFC2459:
|
||||
* addr-spec according to IETF RFC 822 and RFC 5280:
|
||||
* [local-part@]domain
|
||||
* <p>
|
||||
* local-part@ could be empty for an RFC822Name NameConstraint,
|
||||
@ -131,7 +131,7 @@ public class RFC822Name implements GeneralNameInterface
|
||||
* Compares this name with another, for equality.
|
||||
*
|
||||
* @return true iff the names are equivalent
|
||||
* according to RFC2459.
|
||||
* according to RFC 5280.
|
||||
*/
|
||||
public boolean equals(Object obj) {
|
||||
if (this == obj)
|
||||
@ -142,7 +142,7 @@ public class RFC822Name implements GeneralNameInterface
|
||||
|
||||
RFC822Name other = (RFC822Name)obj;
|
||||
|
||||
// RFC2459 mandates that these names are
|
||||
// RFC 5280 mandates that these names are
|
||||
// not case-sensitive
|
||||
return name.equalsIgnoreCase(other.name);
|
||||
}
|
||||
@ -166,14 +166,15 @@ public class RFC822Name implements GeneralNameInterface
|
||||
* </ul>. These results are used in checking NameConstraints during
|
||||
* certification path verification.
|
||||
* <p>
|
||||
* [RFC2459] When the subjectAltName extension contains an Internet mail address,
|
||||
* the address MUST be included as an rfc822Name. The format of an
|
||||
* rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. An
|
||||
* addr-spec has the form "local-part@domain". Note that an addr-spec
|
||||
* has no phrase (such as a common name) before it, has no comment (text
|
||||
*
|
||||
* [RFC 5280]:
|
||||
* When the subjectAltName extension contains an Internet mail address,
|
||||
* the address MUST be stored in the rfc822Name. The format of an
|
||||
* rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821].
|
||||
* A Mailbox has the form "Local-part@Domain". Note that a Mailbox has
|
||||
* no phrase (such as a common name) before it, has no comment (text
|
||||
* surrounded in parentheses) after it, and is not surrounded by "<" and
|
||||
* ">". Note that while upper and lower case letters are allowed in an
|
||||
* RFC 822 addr-spec, no significance is attached to the case.
|
||||
* ">".
|
||||
*
|
||||
* @param inputName to be checked for being constrained
|
||||
* @return constraint type above
|
||||
@ -187,7 +188,7 @@ public class RFC822Name implements GeneralNameInterface
|
||||
else if (inputName.getType() != (GeneralNameInterface.NAME_RFC822)) {
|
||||
constraintType = NAME_DIFF_TYPE;
|
||||
} else {
|
||||
//RFC2459 specifies that case is not significant in RFC822Names
|
||||
//RFC 5280 specifies that case is not significant in RFC822Names
|
||||
String inName =
|
||||
(((RFC822Name)inputName).getName()).toLowerCase(Locale.ENGLISH);
|
||||
String thisName = name.toLowerCase(Locale.ENGLISH);
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -213,7 +213,7 @@ public class URIName implements GeneralNameInterface {
|
||||
/**
|
||||
* Compares this name with another, for equality.
|
||||
*
|
||||
* @return true iff the names are equivalent according to RFC2459.
|
||||
* @return true iff the names are equivalent according to RFC 5280.
|
||||
*/
|
||||
public boolean equals(Object obj) {
|
||||
if (this == obj) {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -403,7 +403,7 @@ public class X400Address implements GeneralNameInterface {
|
||||
else if (inputName.getType() != NAME_X400)
|
||||
constraintType = NAME_DIFF_TYPE;
|
||||
else
|
||||
//Narrowing, widening, and match constraints not defined in rfc2459 for X400Address
|
||||
//Narrowing, widening, and match constraints not defined in RFC 5280 for X400Address
|
||||
throw new UnsupportedOperationException("Narrowing, widening, and match are not supported for X400Address.");
|
||||
return constraintType;
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -63,14 +63,8 @@ import sun.security.provider.X509Factory;
|
||||
* direct knowledge of each other. CA certificates are either signed by
|
||||
* themselves, or by some other CA such as a "root" CA.
|
||||
*
|
||||
* <P>RFC 1422 is very informative, though it does not describe much
|
||||
* of the recent work being done with X.509 certificates. That includes
|
||||
* a 1996 version (X.509v3) and a variety of enhancements being made to
|
||||
* facilitate an explosion of personal certificates used as "Internet
|
||||
* Drivers' Licences", or with SET for credit card transactions.
|
||||
*
|
||||
* <P>More recent work includes the IETF PKIX Working Group efforts,
|
||||
* especially RFC2459.
|
||||
* <P> Standards relating to X.509 Public Key Infrastructure for the Internet
|
||||
* can be referenced in RFC 5280.
|
||||
*
|
||||
* @author Dave Brownell
|
||||
* @author Amit Kapoor
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user