{@link SecureRandomSpi#engineReseed(SecureRandomParameters)}
*
*
+ * @spec https://www.rfc-editor.org/info/rfc4086
+ * RFC 4086: Randomness Requirements for Security
+ * @spec https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf
+ * Security Requirements for Cryptographic Modules
+ *
* @see java.security.SecureRandomSpi
* @see java.util.Random
*
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
index 6628b717eb0..322605ef5ed 100644
--- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java
@@ -423,6 +423,7 @@ public final class Security {
*
* @return the value of the specified property.
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @deprecated This method used to return the value of a proprietary
* property in the master file of the "SUN" Cryptographic Service
* Provider in order to determine how to parse algorithm-specific
@@ -657,6 +658,7 @@ public final class Security {
* if the filter is not in the required format
* @throws NullPointerException if filter is {@code null}
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @see #getProviders(java.util.Map)
* @since 1.3
*/
@@ -734,6 +736,7 @@ public final class Security {
* if the filter is not in the required format
* @throws NullPointerException if filter is {@code null}
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @see #getProviders(java.lang.String)
* @since 1.3
*/
diff --git a/src/java.base/share/classes/java/security/cert/CRL.java b/src/java.base/share/classes/java/security/cert/CRL.java
index fec267de051..fee08c3c2ed 100644
--- a/src/java.base/share/classes/java/security/cert/CRL.java
+++ b/src/java.base/share/classes/java/security/cert/CRL.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,6 +56,8 @@ public abstract class CRL {
* "{@docRoot}/../specs/security/standard-names.html">
* Java Security Standard Algorithm Names document
* for information about standard CRL types.
+ *
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
*/
protected CRL(String type) {
this.type = type;
diff --git a/src/java.base/share/classes/java/security/cert/CRLReason.java b/src/java.base/share/classes/java/security/cert/CRLReason.java
index 2bc83f3356b..c2b19136c43 100644
--- a/src/java.base/share/classes/java/security/cert/CRLReason.java
+++ b/src/java.base/share/classes/java/security/cert/CRLReason.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,9 @@ package java.security.cert;
* RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL
* Profile.
*
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ * and Certificate Revocation List (CRL) Profile
* @author Sean Mullan
* @since 1.7
* @see X509CRLEntry#getRevocationReason
diff --git a/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java b/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java
index d36fcafd3e0..387b5ed8185 100644
--- a/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java
+++ b/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -81,14 +81,13 @@ import java.util.*;
* necessary locking. Multiple threads each manipulating separate objects
* need not synchronize.
*
+ * @spec https://www.rfc-editor.org/info/rfc2560
+ * RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate
+ * Status Protocol - OCSP
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ * and Certificate Revocation List (CRL) Profile
* @since 1.8
- *
- * @see RFC 2560: X.509
- * Internet Public Key Infrastructure Online Certificate Status Protocol -
- * OCSP
- * @see RFC 5280:
- * Internet X.509 Public Key Infrastructure Certificate and Certificate
- * Revocation List (CRL) Profile
*/
public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
private URI ocspResponder;
diff --git a/src/java.base/share/classes/java/security/cert/TrustAnchor.java b/src/java.base/share/classes/java/security/cert/TrustAnchor.java
index 2626bcf3c2d..33d1e5fb433 100644
--- a/src/java.base/share/classes/java/security/cert/TrustAnchor.java
+++ b/src/java.base/share/classes/java/security/cert/TrustAnchor.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -125,6 +125,10 @@ public class TrustAnchor {
* decoded
* @throws NullPointerException if the specified
* {@code X509Certificate} is {@code null}
+ *
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ * and Certificate Revocation List (CRL) Profile
*/
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
{
@@ -207,6 +211,10 @@ public class TrustAnchor {
* or incorrectly formatted or the name constraints cannot be decoded
* @throws NullPointerException if the specified {@code caName} or
* {@code pubKey} parameter is {@code null}
+ *
+ * @spec https://www.rfc-editor.org/info/rfc2253
+ * RFC 2253: Lightweight Directory Access Protocol (v3):
+ * UTF-8 String Representation of Distinguished Names
*/
public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
{
diff --git a/src/java.base/share/classes/java/security/cert/X509CRL.java b/src/java.base/share/classes/java/security/cert/X509CRL.java
index ddb622af1fe..111de1daf0e 100644
--- a/src/java.base/share/classes/java/security/cert/X509CRL.java
+++ b/src/java.base/share/classes/java/security/cert/X509CRL.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -95,6 +95,9 @@ import java.util.Set;
* }
* }
*
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ * and Certificate Revocation List (CRL) Profile
* @author Hemma Prafullchandra
* @since 1.2
*
@@ -457,6 +460,11 @@ public abstract class X509CRL extends CRL implements X509Extension {
* relevant ASN.1 definitions.
*
* @return the signature algorithm OID string.
+ *
+ * @spec https://www.rfc-editor.org/info/rfc3279
+ * RFC 3279: Algorithms and Identifiers for the Internet X.509
+ * Public Key Infrastructure Certificate and Certificate
+ * Revocation List (CRL) Profile
*/
public abstract String getSigAlgOID();
diff --git a/src/java.base/share/classes/java/security/cert/X509CRLSelector.java b/src/java.base/share/classes/java/security/cert/X509CRLSelector.java
index 337dcc6342d..5660749884a 100644
--- a/src/java.base/share/classes/java/security/cert/X509CRLSelector.java
+++ b/src/java.base/share/classes/java/security/cert/X509CRLSelector.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -65,6 +65,9 @@ import sun.security.x509.X500Name;
* provide the necessary locking. Multiple threads each manipulating
* separate objects need not synchronize.
*
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ * and Certificate Revocation List (CRL) Profile
* @see CRLSelector
* @see X509CRL
*
@@ -193,6 +196,10 @@ public class X509CRLSelector implements CRLSelector {
*
* @param names a {@code Collection} of names (or {@code null})
* @throws IOException if a parsing error occurs
+ *
+ * @spec https://www.rfc-editor.org/info/rfc2253
+ * RFC 2253: Lightweight Directory Access Protocol (v3):
+ * UTF-8 String Representation of Distinguished Names
* @see #getIssuerNames
*/
public void setIssuerNames(Collection names) throws IOException {
@@ -238,6 +245,9 @@ public class X509CRLSelector implements CRLSelector {
* RFC 2253 form
* @throws IOException if a parsing error occurs
*
+ * @spec https://www.rfc-editor.org/info/rfc2253
+ * RFC 2253: Lightweight Directory Access Protocol (v3):
+ * UTF-8 String Representation of Distinguished Names
* @deprecated Use {@link #addIssuer(X500Principal)} or
* {@link #addIssuerName(byte[])} instead. This method should not be
* relied on as it can fail to match some CRLs because of a loss of
@@ -493,6 +503,10 @@ public class X509CRLSelector implements CRLSelector {
* protect against subsequent modifications.
*
* @return a {@code Collection} of names (or {@code null})
+ *
+ * @spec https://www.rfc-editor.org/info/rfc2253
+ * RFC 2253: Lightweight Directory Access Protocol (v3):
+ * UTF-8 String Representation of Distinguished Names
* @see #setIssuerNames
*/
public Collection
*
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @since 1.4
*/
package javax.crypto;
diff --git a/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java
index 75c05269460..b1752ef940d 100644
--- a/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@ import java.util.Objects;
*
This class can be used to initialize a {@code Cipher} object that
* implements the ChaCha20 algorithm.
*
+ * @spec https://www.rfc-editor.org/info/rfc7539
+ * RFC 7539: ChaCha20 and Poly1305 for IETF Protocols
* @since 11
*/
public final class ChaCha20ParameterSpec implements AlgorithmParameterSpec {
diff --git a/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java
index 879d729c2ca..bb5fe5cdd5c 100644
--- a/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,6 +56,12 @@ import java.security.spec.AlgorithmParameterSpec;
* applications. Other values can be specified for this class, but not
* all CSP implementations will support them.
*
+ * @spec https://www.rfc-editor.org/info/rfc5116
+ * RFC 5116: An Interface and Algorithms for Authenticated Encryption
+ * @spec https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
+ * Recommendation for Block Cipher Modes of Operation: Galois/Counter
+ * Mode (GCM) and GMAC
+ *
* @see javax.crypto.Cipher
*
* @since 1.7
diff --git a/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java
index efc8f370877..ba46399f044 100644
--- a/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -72,6 +72,8 @@ import java.security.spec.MGF1ParameterSpec;
* EncodingParameters ::= OCTET STRING(SIZE(0..MAX))
*
*
+ * @spec https://www.rfc-editor.org/info/rfc8017
+ * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2
* @see java.security.spec.MGF1ParameterSpec
* @see PSource
*
diff --git a/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java
index b21b610e780..e47deab6fbe 100644
--- a/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,6 +54,8 @@ import java.util.Arrays;
* this class requests the password as a char array, so it can be overwritten
* when done.
*
+ * @spec https://www.rfc-editor.org/info/rfc2898
+ * RFC 2898: PKCS #5: Password-Based Cryptography Specification Version 2.0
* @author Jan Luehe
* @author Valerie Peng
*
diff --git a/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java
index 84d175dfd9f..a44822bafec 100644
--- a/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,8 @@ import java.security.spec.AlgorithmParameterSpec;
* PKCS #5
* standard.
*
+ * @spec https://www.rfc-editor.org/info/rfc2898
+ * RFC 2898: PKCS #5: Password-Based Cryptography Specification Version 2.0
* @author Jan Luehe
*
* @since 1.4
diff --git a/src/java.base/share/classes/javax/crypto/spec/PSource.java b/src/java.base/share/classes/javax/crypto/spec/PSource.java
index 1cd57c6f03b..19546a630de 100644
--- a/src/java.base/share/classes/javax/crypto/spec/PSource.java
+++ b/src/java.base/share/classes/javax/crypto/spec/PSource.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,9 @@ package javax.crypto.spec;
* }
* EncodingParameters ::= OCTET STRING(SIZE(0..MAX))
*
+ *
+ * @spec https://www.rfc-editor.org/info/rfc8017
+ * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2
* @author Valerie Peng
*
* @since 1.5
diff --git a/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java
index 6c32ee119c5..3c2e5a57da6 100644
--- a/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@ import java.util.Arrays;
*
This class can be used to initialize a {@code Cipher} object that
* implements the RC2 algorithm.
*
+ * @spec https://www.rfc-editor.org/info/rfc2268
+ * RFC 2268: A Description of the RC2(r) Encryption Algorithm
* @author Jan Luehe
*
* @since 1.4
diff --git a/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java
index 67daf8bb19a..86d128afbf8 100644
--- a/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java
@@ -39,6 +39,8 @@ import java.util.Arrays;
*
This class can be used to initialize a {@code Cipher} object that
* implements the RC5 algorithm.
*
+ * @spec https://www.rfc-editor.org/info/rfc2040
+ * RFC 2040: The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
* @author Jan Luehe
*
* @since 1.4
diff --git a/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java
index 2ad9a7748f2..d36510a21a8 100644
--- a/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java
@@ -98,6 +98,8 @@ public class SecretKeySpec implements KeySpec, SecretKey {
* for information about standard algorithm names.
* @exception IllegalArgumentException if algorithm
* is null or key is null or empty.
+ *
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
*/
public SecretKeySpec(byte[] key, String algorithm) {
String errMsg = doSanityCheck(key, algorithm);
@@ -144,6 +146,8 @@ public class SecretKeySpec implements KeySpec, SecretKey {
* @exception ArrayIndexOutOfBoundsException is thrown if
* offset or len index bytes outside the
* key.
+ *
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
*/
public SecretKeySpec(byte[] key, int offset, int len, String algorithm) {
if (key == null || algorithm == null) {
diff --git a/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java b/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java
index c1ddf221ab5..2b98f4845cf 100644
--- a/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java
+++ b/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,6 +63,7 @@ public abstract class ExtendedSSLSession implements SSLSession {
* order of preference. The return value is an empty array if
* no signature algorithm is supported.
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @see SSLParameters#getAlgorithmConstraints
*/
public abstract String[] getLocalSupportedSignatureAlgorithms();
@@ -86,6 +87,7 @@ public abstract class ExtendedSSLSession implements SSLSession {
* order of preference. The return value is an empty array if
* the peer has not sent the supported signature algorithms.
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @see X509KeyManager
* @see X509ExtendedKeyManager
*/
diff --git a/src/java.base/share/classes/javax/net/ssl/SNIHostName.java b/src/java.base/share/classes/javax/net/ssl/SNIHostName.java
index 5abb9df1200..039ee41aab0 100644
--- a/src/java.base/share/classes/javax/net/ssl/SNIHostName.java
+++ b/src/java.base/share/classes/javax/net/ssl/SNIHostName.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -53,6 +53,11 @@ import java.util.regex.PatternSyntaxException;
*
* Note that {@code SNIHostName} objects are immutable.
*
+ * @spec https://www.rfc-editor.org/info/rfc5890
+ * RFC 5890: Internationalized Domain Names for Applications (IDNA):
+ * Definitions and Document Framework
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
* @see SNIServerName
* @see StandardConstants#SNI_HOST_NAME
*
@@ -92,6 +97,15 @@ public final class SNIHostName extends SNIServerName {
*
* @throws NullPointerException if {@code hostname} is {@code null}
* @throws IllegalArgumentException if {@code hostname} is illegal
+ *
+ * @spec https://www.rfc-editor.org/info/rfc1122
+ * RFC 1122: Requirements for Internet Hosts - Communication Layers
+ * @spec https://www.rfc-editor.org/info/rfc1123
+ * RFC 1123: Requirements for Internet Hosts - Application and Support
+ * @spec https://www.rfc-editor.org/info/rfc3490
+ * RFC 3490: Internationalizing Domain Names in Applications (IDNA)
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
*/
public SNIHostName(String hostname) {
// IllegalArgumentException will be thrown if {@code hostname} is
@@ -159,6 +173,17 @@ public final class SNIHostName extends SNIServerName {
*
* @throws NullPointerException if {@code encoded} is {@code null}
* @throws IllegalArgumentException if {@code encoded} is illegal
+ *
+ * @spec https://www.rfc-editor.org/info/rfc1122
+ * RFC 1122: Requirements for Internet Hosts - Communication Layers
+ * @spec https://www.rfc-editor.org/info/rfc1123
+ * RFC 1123: Requirements for Internet Hosts - Application and Support
+ * @spec https://www.rfc-editor.org/info/rfc3490
+ * RFC 3490: Internationalizing Domain Names in Applications (IDNA)
+ * @spec https://www.rfc-editor.org/info/rfc4366
+ * RFC 4366: Transport Layer Security (TLS) Extensions
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
*/
public SNIHostName(byte[] encoded) {
// NullPointerException will be thrown if {@code encoded} is null
@@ -198,6 +223,11 @@ public final class SNIHostName extends SNIServerName {
*
* @return the {@link StandardCharsets#US_ASCII}-compliant hostname
* of this {@code SNIHostName} object
+ *
+ * @spec https://www.rfc-editor.org/info/rfc5890
+ * RFC 5890: Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
*/
public String getAsciiName() {
return hostname;
@@ -215,6 +245,9 @@ public final class SNIHostName extends SNIServerName {
* the other server name object to compare with.
* @return true if, and only if, the {@code other} is considered
* equal to this instance
+ *
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
*/
@Override
public boolean equals(Object other) {
diff --git a/src/java.base/share/classes/javax/net/ssl/SNIServerName.java b/src/java.base/share/classes/javax/net/ssl/SNIServerName.java
index 142bb33de8e..85eab316664 100644
--- a/src/java.base/share/classes/javax/net/ssl/SNIServerName.java
+++ b/src/java.base/share/classes/javax/net/ssl/SNIServerName.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,8 @@ import java.util.List;
* {@code SNIServerName} objects are immutable. Subclasses should not provide
* methods that can change the state of an instance once it has been created.
*
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
* @see SSLParameters#getServerNames()
* @see SSLParameters#setServerNames(List)
*
diff --git a/src/java.base/share/classes/javax/net/ssl/SSLEngine.java b/src/java.base/share/classes/javax/net/ssl/SSLEngine.java
index 9a74c69f9f5..27f3c31e0e9 100644
--- a/src/java.base/share/classes/javax/net/ssl/SSLEngine.java
+++ b/src/java.base/share/classes/javax/net/ssl/SSLEngine.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -413,6 +413,8 @@ import java.util.function.BiFunction;
* because there is no way to guarantee the eventual packet ordering.
*
*
+ * @spec https://www.rfc-editor.org/info/rfc2246
+ * RFC 2246: The TLS Protocol Version 1.0
* @see SSLContext
* @see SSLSocket
* @see SSLServerSocket
@@ -859,6 +861,8 @@ public abstract class SSLEngine {
* if this engine has not received the proper SSL/TLS/DTLS close
* notification message from the peer.
*
+ * @spec https://www.rfc-editor.org/info/rfc2246
+ * RFC 2246: The TLS Protocol Version 1.0
* @see #isInboundDone()
* @see #isOutboundDone()
*/
@@ -1351,6 +1355,8 @@ public abstract class SSLEngine {
* Application-Layer Protocol Negotiation (ALPN), can negotiate
* application-level values between peers.
*
+ * @spec https://www.rfc-editor.org/info/rfc7301
+ * RFC 7301: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension
* @implSpec
* The implementation in this class throws
* {@code UnsupportedOperationException} and performs no other action.
diff --git a/src/java.base/share/classes/javax/net/ssl/SSLParameters.java b/src/java.base/share/classes/javax/net/ssl/SSLParameters.java
index eabf0a13f67..e1f43994064 100644
--- a/src/java.base/share/classes/javax/net/ssl/SSLParameters.java
+++ b/src/java.base/share/classes/javax/net/ssl/SSLParameters.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -300,6 +300,7 @@ public class SSLParameters {
* Java Security Standard Algorithm Names document
* for information about standard algorithm names.
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @see X509ExtendedTrustManager
*
* @since 1.7
@@ -674,6 +675,9 @@ public class SSLParameters {
* @throws IllegalArgumentException if protocols is null, or if
* any element in a non-empty array is null or an
* empty (zero-length) string
+ *
+ * @spec https://www.rfc-editor.org/info/rfc7301
+ * RFC 7301: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension
* @see #getApplicationProtocols
* @since 9
*/
diff --git a/src/java.base/share/classes/javax/net/ssl/SSLSocket.java b/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
index d0c3c9ac2dd..25d572a5616 100644
--- a/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
+++ b/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -770,6 +770,9 @@ public abstract class SSLSocket extends Socket
* if a value was successfully negotiated.
* @throws UnsupportedOperationException if the underlying provider
* does not implement the operation.
+ *
+ * @spec https://www.rfc-editor.org/info/rfc7301
+ * RFC 7301: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension
* @since 9
*/
public String getApplicationProtocol() {
diff --git a/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java b/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java
index bd7c3d0157a..cb5e3318052 100644
--- a/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java
+++ b/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -198,6 +198,8 @@ public abstract class SSLSocketFactory extends SocketFactory {
* does not implement the operation
* @throws NullPointerException if {@code s} is {@code null}
*
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
* @since 1.8
*/
public Socket createSocket(Socket s, InputStream consumed,
diff --git a/src/java.base/share/classes/javax/net/ssl/StandardConstants.java b/src/java.base/share/classes/javax/net/ssl/StandardConstants.java
index 8e1df977b97..ca560390cb1 100644
--- a/src/java.base/share/classes/javax/net/ssl/StandardConstants.java
+++ b/src/java.base/share/classes/javax/net/ssl/StandardConstants.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,8 @@ public final class StandardConstants {
*
* The value of this constant is {@value}.
*
+ * @spec https://www.rfc-editor.org/info/rfc6066
+ * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions
* @see SNIServerName
* @see SNIHostName
*/
diff --git a/src/java.base/share/classes/javax/net/ssl/package-info.java b/src/java.base/share/classes/javax/net/ssl/package-info.java
index f41b3b7f19a..cdf3b2246f6 100644
--- a/src/java.base/share/classes/javax/net/ssl/package-info.java
+++ b/src/java.base/share/classes/javax/net/ssl/package-info.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
*
*
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @since 1.4
*/
package javax.net.ssl;
diff --git a/src/java.base/share/classes/javax/security/auth/login/package-info.java b/src/java.base/share/classes/javax/security/auth/login/package-info.java
index 70d25f1acaa..658f219f20b 100644
--- a/src/java.base/share/classes/javax/security/auth/login/package-info.java
+++ b/src/java.base/share/classes/javax/security/auth/login/package-info.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
*
*
*
+ * @spec security/standard-names.html Java Security Standard Algorithm Names
* @since 1.4
*/
package javax.security.auth.login;
diff --git a/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java b/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java
index efc5b7891b8..93e34ad65ef 100644
--- a/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java
+++ b/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java
@@ -60,6 +60,14 @@ import sun.security.util.*;
* {@code X509Certificate} return X500Principals representing the
* issuer and subject fields of the certificate.
*
+ * @spec https://www.rfc-editor.org/info/rfc1779
+ * RFC 1779: A String Representation of Distinguished Names
+ * @spec https://www.rfc-editor.org/info/rfc2253
+ * RFC 2253: Lightweight Directory Access Protocol (v3):
+ * UTF-8 String Representation of Distinguished Names
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ * and Certificate Revocation List (CRL) Profile
* @see java.security.cert.X509Certificate
* @since 1.4
*/
@@ -141,6 +149,10 @@ public final class X500Principal implements Principal, java.io.Serializable {
* is {@code null}
* @exception IllegalArgumentException if the {@code name}
* is improperly specified
+ *
+ * @spec https://www.rfc-editor.org/info/rfc4512
+ * RFC 4512: Lightweight Directory Access Protocol (LDAP):
+ * Directory Information Models
*/
public X500Principal(String name) {
this(name, Collections.emptyMap());
@@ -181,6 +193,10 @@ public final class X500Principal implements Principal, java.io.Serializable {
* @exception IllegalArgumentException if the {@code name} is
* improperly specified or a keyword in the {@code name} maps to an
* OID that is not in the correct form
+ *
+ * @spec https://www.rfc-editor.org/info/rfc4512
+ * RFC 4512: Lightweight Directory Access Protocol (LDAP):
+ * Directory Information Models
* @since 1.6
*/
public X500Principal(String name, Map keywordMap) {
diff --git a/src/java.base/share/classes/javax/security/auth/x500/package-info.java b/src/java.base/share/classes/javax/security/auth/x500/package-info.java
index 45859a79bed..b2afa89d251 100644
--- a/src/java.base/share/classes/javax/security/auth/x500/package-info.java
+++ b/src/java.base/share/classes/javax/security/auth/x500/package-info.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,17 @@
* Directory Information Models
*
*
+ * @spec https://www.rfc-editor.org/info/rfc1779
+ * RFC 1779: A String Representation of Distinguished Names
+ * @spec https://www.rfc-editor.org/info/rfc2253
+ * RFC 2253: Lightweight Directory Access Protocol (v3):
+ * UTF-8 String Representation of Distinguished Names
+ * @spec https://www.rfc-editor.org/info/rfc4512
+ * RFC 4512: Lightweight Directory Access Protocol (LDAP):
+ * Directory Information Models
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ * and Certificate Revocation List (CRL) Profile
* @since 1.4
*/
package javax.security.auth.x500;