diff --git a/jdk/src/java.base/share/classes/java/security/Key.java b/jdk/src/java.base/share/classes/java/security/Key.java index c0c63d7c7c1..09542e394a2 100644 --- a/jdk/src/java.base/share/classes/java/security/Key.java +++ b/jdk/src/java.base/share/classes/java/security/Key.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ package java.security; * * * For more information, see - * RFC 3280: + * RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile. * *
  • A Format diff --git a/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java b/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java index ac0b9e9c24f..79d4729d0b8 100644 --- a/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java +++ b/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,8 +27,8 @@ package java.security.cert; /** * The CRLReason enumeration specifies the reason that a certificate - * is revoked, as defined in - * RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL + * is revoked, as defined in + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL * Profile. * * @author Sean Mullan diff --git a/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java b/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java index d58ded97541..e9c48729934 100644 --- a/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java +++ b/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ package java.security.cert; /** * The {@code PKIXReason} enumerates the potential PKIX-specific reasons * that an X.509 certification path may be invalid according to the PKIX - * (RFC 3280) standard. These reasons are in addition to those of the + * (RFC 5280) standard. These reasons are in addition to those of the * {@code CertPathValidatorException.BasicReason} enumeration. * * @since 1.7 diff --git a/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java b/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java index f7fb2c89497..8b765a29ced 100644 --- a/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java +++ b/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,7 +78,7 @@ public class TrustAnchor { * The name constraints are specified as a byte array. This byte array * should contain the DER encoded form of the name constraints, as they * would appear in the NameConstraints structure defined in - * RFC 3280 + * RFC 5280 * and X.509. The ASN.1 definition of this structure appears below. * * 
    {@code
@@ -140,7 +140,7 @@ public class TrustAnchor {
      * 
    
      * The name constraints are specified as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #TrustAnchor(X509Certificate, byte[])
@@ -179,7 +179,7 @@ public class TrustAnchor {
      * 
    
      * The name constraints are specified as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #TrustAnchor(X509Certificate, byte[])
@@ -294,7 +294,7 @@ public class TrustAnchor {
      * 
    
      * The name constraints are returned as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #TrustAnchor(X509Certificate, byte[])
diff --git a/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java b/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java
index 5ce84847fa5..21332907357 100644
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,7 @@ import sun.security.x509.X509CRLImpl;
  *
    *

    * More information can be found in - * RFC 3280: Internet X.509 + * RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. *

    * The ASN.1 definition of {@code tbsCertList} is: diff --git a/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java b/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java index a0e6b5b600a..f761721007a 100644 --- a/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java +++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,7 +52,7 @@ import sun.security.x509.X500Name; * {@link CertStore#getCRLs CertStore.getCRLs} or some similar * method. *

    - * Please refer to RFC 3280: + * Please refer to RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile * for definitions of the X.509 CRL fields and extensions mentioned below. *

    diff --git a/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java b/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java index feb85d28b58..4f65941f332 100644 --- a/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java +++ b/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -65,7 +65,7 @@ import sun.security.x509.*; * number. Other unique combinations include the issuer, subject, * subjectKeyIdentifier and/or the subjectPublicKey criteria. *

    - * Please refer to RFC 3280: + * Please refer to RFC 5280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile for * definitions of the X.509 certificate extensions mentioned below. *

    @@ -728,7 +728,7 @@ public class X509CertSelector implements CertSelector { * The name is provided in string format. * RFC 822, DNS, and URI * names use the well-established string formats for those types (subject to - * the restrictions included in RFC 3280). IPv4 address names are + * the restrictions included in RFC 5280). IPv4 address names are * supplied using dotted quad notation. OID address names are represented * as a series of nonnegative integers separated by periods. And * directory names (distinguished names) are supplied in RFC 2253 format. @@ -746,7 +746,7 @@ public class X509CertSelector implements CertSelector { * String form of some distinguished names. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string form (not {@code null}) * @throws IOException if a parsing error occurs */ @@ -770,7 +770,7 @@ public class X509CertSelector implements CertSelector { *

    * The name is provided as a byte array. This byte array should contain * the DER encoded name, as it would appear in the GeneralName structure - * defined in RFC 3280 and X.509. The encoded byte array should only contain + * defined in RFC 5280 and X.509. The encoded byte array should only contain * the encoded value of the name, and should not include the tag associated * with the name in the GeneralName structure. The ASN.1 definition of this * structure appears below. @@ -806,7 +806,7 @@ public class X509CertSelector implements CertSelector { * must contain the specified subjectAlternativeName. * * @param type the name type (0-8, as specified in - * RFC 3280, section 4.2.1.7) + * RFC 5280, section 4.2.1.6) * @param name the name in string or byte array form * @throws IOException if a parsing error occurs */ @@ -995,7 +995,7 @@ public class X509CertSelector implements CertSelector { *

    * The name constraints are specified as a byte array. This byte array * should contain the DER encoded form of the name constraints, as they - * would appear in the NameConstraints structure defined in RFC 3280 + * would appear in the NameConstraints structure defined in RFC 5280 * and X.509. The ASN.1 definition of this structure appears below. * * 

    {@code
@@ -1197,7 +1197,7 @@ public class X509CertSelector implements CertSelector {
      * 
    
      * The name is provided in string format. RFC 822, DNS, and URI names
      * use the well-established string formats for those types (subject to
-     * the restrictions included in RFC 3280). IPv4 address names are
+     * the restrictions included in RFC 5280). IPv4 address names are
      * supplied using dotted quad notation. OID address names are represented
      * as a series of nonnegative integers separated by periods. And
      * directory names (distinguished names) are supplied in RFC 2253 format.
@@ -1214,7 +1214,7 @@ public class X509CertSelector implements CertSelector {
      * String form of some distinguished names.
      *
      * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
      * @param name the name in string form
      * @throws IOException if a parsing error occurs
      */
@@ -1234,7 +1234,7 @@ public class X509CertSelector implements CertSelector {
      * 
    
      * The name is provided as a byte array. This byte array should contain
      * the DER encoded name, as it would appear in the GeneralName structure
-     * defined in RFC 3280 and X.509. The ASN.1 definition of this structure
+     * defined in RFC 5280 and X.509. The ASN.1 definition of this structure
      * appears in the documentation for
      * {@link #addSubjectAlternativeName(int type, byte [] name)
      * addSubjectAlternativeName(int type, byte [] name)}.
@@ -1243,7 +1243,7 @@ public class X509CertSelector implements CertSelector {
      * subsequent modifications.
      *
      * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
      * @param name a byte array containing the name in ASN.1 DER encoded form
      * @throws IOException if a parsing error occurs
      */
@@ -1258,7 +1258,7 @@ public class X509CertSelector implements CertSelector {
      * the specified pathToName.
      *
      * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
      * @param name the name in string or byte array form
      * @throws IOException if an encoding error occurs (incorrect form for DN)
      */
@@ -1715,7 +1715,7 @@ public class X509CertSelector implements CertSelector {
      * 
    
      * The name constraints are returned as a byte array. This byte array
      * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
      * and X.509. The ASN.1 notation for this structure is supplied in the
      * documentation for
      * {@link #setNameConstraints(byte [] bytes) setNameConstraints(byte [] bytes)}.
diff --git a/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java b/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java
index 0aba5da60c0..174d6a73838 100644
--- a/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@ import sun.security.x509.X509CertImpl;
  * CA such as a "root" CA.
  * 
    
  * More information can be found in
- * RFC 3280: Internet X.509
+ * RFC 5280: Internet X.509
  * Public Key Infrastructure Certificate and CRL Profile.
  * 
    
  * The ASN.1 definition of {@code tbsCertificate} is:
@@ -408,7 +408,7 @@ implements X509Extension {
      * Gets the {@code issuerUniqueID} value from the certificate.
      * The issuer unique identifier is present in the certificate
      * to handle the possibility of reuse of issuer names over time.
-     * RFC 3280 recommends that names not be reused and that
+     * RFC 5280 recommends that names not be reused and that
      * conforming certificates not make use of unique identifiers.
      * Applications conforming to that profile should be capable of
      * parsing unique identifiers and making comparisons.
@@ -459,7 +459,7 @@ implements X509Extension {
      *     encipherOnly            (7),
      *     decipherOnly            (8) }
      *
    - * RFC 3280 recommends that when used, this be marked + * RFC 5280 recommends that when used, this be marked * as a critical extension. * * @return the KeyUsage extension of this certificate, represented as @@ -572,7 +572,7 @@ implements X509Extension { * RFC 822, DNS, and URI * names are returned as {@code String}s, * using the well-established string formats for those types (subject to - * the restrictions included in RFC 3280). IPv4 address names are + * the restrictions included in RFC 5280). IPv4 address names are * returned using dotted quad notation. IPv6 address names are returned * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values * representing the eight 16-bit pieces of the address. OID names are diff --git a/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java b/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java index 77292b0be22..22366610981 100644 --- a/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java +++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,13 +41,13 @@ import sun.security.util.*; * of the distinguished name, or by using the ASN.1 DER encoded byte * representation of the distinguished name. The current specification * for the string representation of a distinguished name is defined in - * RFC 2253: Lightweight + * RFC 2253: Lightweight * Directory Access Protocol (v3): UTF-8 String Representation of * Distinguished Names. This class, however, accepts string formats from - * both RFC 2253 and RFC 1779: + * both RFC 2253 and RFC 1779: * A String Representation of Distinguished Names, and also recognizes * attribute type keywords whose OIDs (Object Identifiers) are defined in - * RFC 3280: Internet X.509 + * RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. * *

    The string representation for this {@code X500Principal} @@ -108,7 +108,7 @@ public final class X500Principal implements Principal, java.io.Serializable { * (and listed in {@link #getName(String format) getName(String format)}), * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object - * Identifiers (OIDs) are defined in RFC 3280 and its successor. + * Identifiers (OIDs) are defined in RFC 5280. * Any other attribute type must be specified as an OID. * *

    This implementation enforces a more restrictive OID syntax than @@ -456,7 +456,7 @@ public final class X500Principal implements Principal, java.io.Serializable { * (obtained via the {@code getName(X500Principal.CANONICAL)} method) * of this object and o are equal. * - *

    This implementation is compliant with the requirements of RFC 3280. + *

    This implementation is compliant with the requirements of RFC 5280. * * @param o Object to be compared for equality with this * {@code X500Principal} diff --git a/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java b/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java index e0febd2098c..38c6439092e 100644 --- a/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java +++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,15 +31,15 @@ *

    Package Specification

    * * diff --git a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java index 5a14e7bd702..d9f43cf2588 100644 --- a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -64,7 +64,7 @@ import java.security.*; * and CRLs. Aliases for X.509 are X509. * * - PKIX is the certification path validation algorithm described - * in RFC 3280. The ValidationAlgorithm attribute notes the + * in RFC 5280. The ValidationAlgorithm attribute notes the * specification that this provider implements. * * - LDAP is the CertStore type for LDAP repositories. The @@ -250,7 +250,7 @@ final class SunEntries { map.put("CertPathBuilder.PKIX", "sun.security.provider.certpath.SunCertPathBuilder"); map.put("CertPathBuilder.PKIX ValidationAlgorithm", - "RFC3280"); + "RFC5280"); /* * CertPathValidator @@ -258,7 +258,7 @@ final class SunEntries { map.put("CertPathValidator.PKIX", "sun.security.provider.certpath.PKIXCertPathValidator"); map.put("CertPathValidator.PKIX ValidationAlgorithm", - "RFC3280"); + "RFC5280"); /* * CertStores diff --git a/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java b/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java index 7f275fb80e2..33b3348fc27 100644 --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java @@ -434,7 +434,7 @@ public class DistributionPointFetcher { } if (indirectCRL) { if (pointCrlIssuers.size() != 1) { - // RFC 3280: there must be only 1 CRL issuer + // RFC 5280: there must be only 1 CRL issuer // name when relativeName is present if (debug != null) { debug.println("must only be one CRL " + diff --git a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java index ab8282037aa..dd030d3d9db 100644 --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -578,7 +578,7 @@ class PolicyChecker extends PKIXCertPathChecker { } /** - * Rewrite leaf nodes at the end of validation as described in RFC 3280 + * Rewrite leaf nodes at the end of validation as described in RFC 5280 * section 6.1.5: Step (g)(iii). Leaf nodes with anyPolicy are replaced * by nodes explicitly representing initial policies not already * represented by leaf nodes. diff --git a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java index 02109d49d35..a42a1e8e273 100644 --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -56,7 +56,7 @@ final class PolicyNodeImpl implements PolicyNode { private PolicyNodeImpl mParent; private HashSet mChildren; - // the 4 fields specified by RFC 3280 + // the 4 fields specified by RFC 5280 private String mValidPolicy; private HashSet mQualifierSet; private boolean mCriticalityIndicator; diff --git a/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java b/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java index f38e7dc5005..fddfaeaf2c0 100644 --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java @@ -472,9 +472,9 @@ class RevocationChecker extends PKIXRevocationChecker { " ---checking revocation status ..."); } - // reject circular dependencies - RFC 3280 is not explicit on how - // to handle this, so we feel it is safest to reject them until - // the issue is resolved in the PKIX WG. + // Reject circular dependencies - RFC 5280 is not explicit on how + // to handle this, but does suggest that they can be a security + // risk and can create unresolvable dependencies if (stackedCerts != null && stackedCerts.contains(cert)) { if (debug != null) { debug.println("RevocationChecker.checkCRLs()" + @@ -628,7 +628,7 @@ class RevocationChecker extends PKIXRevocationChecker { /* * Abort CRL validation and throw exception if there are any * unrecognized critical CRL entry extensions (see section - * 5.3 of RFC 3280). + * 5.3 of RFC 5280). */ Set unresCritExts = entry.getCriticalExtensionOIDs(); if (unresCritExts != null && !unresCritExts.isEmpty()) { @@ -880,9 +880,9 @@ class RevocationChecker extends PKIXRevocationChecker { " ---checking " + msg + "..."); } - // reject circular dependencies - RFC 3280 is not explicit on how - // to handle this, so we feel it is safest to reject them until - // the issue is resolved in the PKIX WG. + // Reject circular dependencies - RFC 5280 is not explicit on how + // to handle this, but does suggest that they can be a security + // risk and can create unresolvable dependencies if ((stackedCerts != null) && stackedCerts.contains(cert)) { if (debug != null) { debug.println( diff --git a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java b/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java index 39507605c0f..6697364cbce 100644 --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,7 +53,7 @@ import sun.security.util.Debug; *

    If successful, it returns a certification path which has successfully * satisfied all the constraints and requirements specified in the * PKIXBuilderParameters object and has been validated according to the PKIX - * path validation algorithm defined in RFC 3280. + * path validation algorithm defined in RFC 5280. * *

    This implementation uses a depth-first search approach to finding * certification paths. If it comes to a point in which it cannot find diff --git a/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java b/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java index 786e7914bbf..26bd198741a 100644 --- a/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java +++ b/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -285,7 +285,7 @@ class DerInputBuffer extends ByteArrayInputStream implements Cloneable { * YYMMDDhhmmss-hhmm * UTC Time is broken in storing only two digits of year. * If YY < 50, we assume 20YY; - * if YY >= 50, we assume 19YY, as per RFC 3280. + * if YY >= 50, we assume 19YY, as per RFC 5280. * * Generalized time has a four-digit year and allows any * precision specified in ISO 8601. However, for our purposes, diff --git a/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java b/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java index c517df8a43e..05a7b6346a3 100644 --- a/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java +++ b/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java @@ -461,7 +461,7 @@ extends ByteArrayOutputStream implements DerEncoder { * Marshals a DER UTC time/date value. * *

    YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per RFC 3280. + * and with seconds (even if seconds=0) as per RFC 5280. */ public void putUTCTime(Date d) throws IOException { putTime(d, DerValue.tag_UtcTime); @@ -471,7 +471,7 @@ extends ByteArrayOutputStream implements DerEncoder { * Marshals a DER Generalized Time/date value. * *

    YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per RFC 3280. + * and with seconds (even if seconds=0) as per RFC 5280. */ public void putGeneralizedTime(Date d) throws IOException { putTime(d, DerValue.tag_GeneralizedTime); diff --git a/jdk/src/java.base/share/classes/sun/security/util/DerValue.java b/jdk/src/java.base/share/classes/sun/security/util/DerValue.java index 0a539738d67..4b142bd4bfd 100644 --- a/jdk/src/java.base/share/classes/sun/security/util/DerValue.java +++ b/jdk/src/java.base/share/classes/sun/security/util/DerValue.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,8 +45,8 @@ import sun.misc.IOUtils; * (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data). * * A note with respect to T61/Teletex strings: From RFC 1617, section 4.1.3 - * and RFC 3280, section 4.1.2.4., we assume that this kind of string will - * contain ISO-8859-1 characters only. + * and RFC 5280, section 8, we assume that this kind of string will contain + * ISO-8859-1 characters only. * * * @author David Brownell diff --git a/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java index 725c753e650..afc642df2f7 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,7 +43,7 @@ import sun.security.util.DerValue; * certificate that identifies the specific OCSP Responder to use when * performing on-line validation of that certificate. *

    - * This extension is defined in + * This extension is defined in * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile. The profile permits * the extension to be included in end-entity or CA certificates, diff --git a/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java index b7739707ddf..0dd8f39642a 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,7 +44,7 @@ import sun.security.util.DerOutputStream; *

    * If used by conforming CRL issuers, this extension is always * critical. If an implementation ignored this extension it could not - * correctly attribute CRL entries to certificates. PKIX (RFC 3280) + * correctly attribute CRL entries to certificates. PKIX (RFC 5280) * RECOMMENDS that implementations recognize this extension. *

    * The ASN.1 definition for this is: diff --git a/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java index 69be1457c00..4b032239398 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ import sun.security.util.*; * *

    * The extension is defined in Section 5.2.4 of - * Internet X.509 PKI Certific + * Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile. * *

    diff --git a/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java index 680846029bd..dc820770ef8 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,7 +94,7 @@ implements CertAttrSet { public static final String NAME = "ExtendedKeyUsage"; public static final String USAGES = "usages"; - // OID defined in RFC 3280 Sections 4.2.1.13 + // OID defined in RFC 5280 Sections 4.2.1.12 // more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html private static final Map map = new HashMap (); diff --git a/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java index 775e2ac0329..3d0723da5bf 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ import sun.security.util.*; * *

    * The extension is defined in Section 5.2.6 of - * Internet X.509 PKI Certific + * Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile. * *

    diff --git a/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java index eda0216489e..7fac65f3ee5 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,7 @@ import java.util.Enumeration; import sun.security.util.*; /** - * From RFC 3280: + * From RFC 5280: *

    * The invalidity date is a non-critical CRL entry extension that * provides the date on which it is known or suspected that the private diff --git a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java index 6a932587c5f..4be49475ded 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -46,7 +46,7 @@ import sun.security.util.DerValue; * *

    * The extension is defined in Section 5.2.5 of - * Internet X.509 PKI Certific + * Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile. * *

    diff --git a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java index 05822590de8..940c977cc1d 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -341,7 +341,7 @@ public class RDN { /* * Returns a printable form of this RDN, using RFC 1779 style catenation * of attribute/value assertions, and emitting attribute type keywords - * from RFCs 1779, 2253, and 3280. + * from RFCs 1779, 2253, and 5280. */ public String toString() { if (assertion.length == 1) { diff --git a/jdk/src/java.base/share/classes/sun/security/x509/README b/jdk/src/java.base/share/classes/sun/security/x509/README index 31a12918659..f18a3735239 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/README +++ b/jdk/src/java.base/share/classes/sun/security/x509/README @@ -34,7 +34,7 @@ found in: Protocol (LDAP) that many organizations are expecting will help address online certificate distribution over the Internet. - RFC 3280, which describes the Internet X.509 Public Key + RFC 5280, which describes the Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which diff --git a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java index 2f851f7dbec..20e6489398b 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,7 +47,7 @@ import sun.security.util.DerValue; * included in end entity or CA certificates. Conforming CAs MUST mark * this extension as non-critical. *

    - * This extension is defined in + * This extension is defined in * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile. The profile permits * the extension to be included in end-entity or CA certificates, diff --git a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java index 034117e2a05..a1eef610b67 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,15 +35,15 @@ import sun.security.util.*; * This class implements the URIName as required by the GeneralNames * ASN.1 object. *

    - * [RFC3280] When the subjectAltName extension contains a URI, the name MUST be + * [RFC5280] When the subjectAltName extension contains a URI, the name MUST be * stored in the uniformResourceIdentifier (an IA5String). The name MUST * be a non-relative URL, and MUST follow the URL syntax and encoding - * rules specified in [RFC 1738]. The name must include both a scheme + * rules specified in [RFC 3986]. The name must include both a scheme * (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- * specific-part must include a fully qualified domain name or IP * address as the host. *

    - * As specified in [RFC 1738], the scheme name is not case-sensitive + * As specified in [RFC 3986], the scheme name is not case-sensitive * (e.g., "http" is equivalent to "HTTP"). The host part is also not * case-sensitive, but other components of the scheme-specific-part may * be case-sensitive. When comparing URIs, conforming implementations @@ -113,7 +113,7 @@ public class URIName implements GeneralNameInterface { } host = uri.getHost(); - // RFC 3280 says that the host should be non-null, but we allow it to + // RFC 5280 says that the host should be non-null, but we allow it to // be null because some widely deployed certificates contain CDP // extensions with URIs that have no hostname (see bugs 4802236 and // 5107944). @@ -148,7 +148,7 @@ public class URIName implements GeneralNameInterface { /** * Create the URIName object with the specified name constraint. URI * name constraints syntax is different than SubjectAltNames, etc. See - * 4.2.1.11 of RFC 3280. + * 4.2.1.10 of RFC 5280. * * @param value the URI name constraint * @throws IOException if name is not a proper URI name constraint @@ -300,7 +300,7 @@ public class URIName implements GeneralNameInterface { * These results are used in checking NameConstraints during * certification path verification. *

    - * RFC3280: For URIs, the constraint applies to the host part of the name. + * RFC5280: For URIs, the constraint applies to the host part of the name. * The constraint may specify a host or a domain. Examples would be * "foo.bar.com"; and ".xyz.com". When the the constraint begins with * a period, it may be expanded with one or more subdomains. That is, diff --git a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java index 3cc7b93cf33..8caef8c0820 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -605,7 +605,7 @@ public class X500Name implements GeneralNameInterface, Principal { * Returns a string form of the X.500 distinguished name. * The format of the string is from RFC 1779. The returned string * may contain non-standardised keywords for more readability - * (keywords from RFCs 1779, 2253, and 3280). + * (keywords from RFCs 1779, 2253, and 5280). */ public String toString() { if (dn == null) { @@ -866,7 +866,7 @@ public class X500Name implements GeneralNameInterface, Principal { * O="Sue, Grabbit and Runn" or * O=Sue\, Grabbit and Runn * - * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 3280 + * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 5280 * keywords. Additional keywords can be specified in the keyword/OID map. */ private void parseDN(String input, Map keywordMap) @@ -1122,7 +1122,7 @@ public class X500Name implements GeneralNameInterface, Principal { /* * Selected OIDs from X.520 - * Includes all those specified in RFC 3280 as MUST or SHOULD + * Includes all those specified in RFC 5280 as MUST or SHOULD * be recognized */ private static final int commonName_data[] = { 2, 5, 4, 3 }; @@ -1220,7 +1220,7 @@ public class X500Name implements GeneralNameInterface, Principal { ipAddress_oid = intern(ObjectIdentifier.newInternal(ipAddress_data)); /* - * Domain component OID from RFC 1274, RFC 2247, RFC 3280 + * Domain component OID from RFC 1274, RFC 2247, RFC 5280 */ /* diff --git a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java index 950e7f9db14..ade169e53a8 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ import sun.misc.HexDumpEncoder; * signature BIT STRING } * * More information can be found in - * RFC 3280: Internet X.509 + * RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. *

    * The ASN.1 definition of tbsCertList is: diff --git a/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java b/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java index b7f2dd85bcd..fa64e9d0fc2 100644 --- a/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java +++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -708,7 +708,7 @@ public class X509CertInfo implements CertAttrSet { } /* - * Verify if X.509 V3 Certificate is compliant with RFC 3280. + * Verify if X.509 V3 Certificate is compliant with RFC 5280. */ private void verifyCert(X500Name subject, CertificateExtensions extensions) diff --git a/jdk/src/java.base/share/conf/security/java.security b/jdk/src/java.base/share/conf/security/java.security index 7f7bc9c383d..8e44c319f23 100644 --- a/jdk/src/java.base/share/conf/security/java.security +++ b/jdk/src/java.base/share/conf/security/java.security @@ -345,7 +345,7 @@ networkaddress.cache.negative.ttl=10 # By default, the location of the OCSP responder is determined implicitly # from the certificate being validated. This property explicitly specifies # the location of the OCSP responder. The property is used when the -# Authority Information Access extension (defined in RFC 3280) is absent +# Authority Information Access extension (defined in RFC 5280) is absent # from the certificate or when it requires overriding. # # Example, diff --git a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java b/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java index df9159f78fb..905cc9310cc 100644 --- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java +++ b/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -140,7 +140,7 @@ public final class TimestampedSigner extends ContentSigner { /** * Examine the certificate for a Subject Information Access extension - * (RFC 3280). + * (RFC 5280). * The extension's accessMethod field should contain the object * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its * accessLocation field should contain an HTTP or HTTPS URL.