diff options
Diffstat (limited to 'src/share/classes/sun/security/x509')
15 files changed, 111 insertions, 133 deletions
diff --git a/src/share/classes/sun/security/x509/AVA.java b/src/share/classes/sun/security/x509/AVA.java index b07e565cfb..8665745c35 100644 --- a/src/share/classes/sun/security/x509/AVA.java +++ b/src/share/classes/sun/security/x509/AVA.java @@ -599,7 +599,7 @@ public class AVA implements DerEncoder { if (derval.tag != DerValue.tag_Sequence) { throw new IOException("AVA not a sequence"); } - oid = X500Name.intern(derval.data.getOID()); + oid = derval.data.getOID(); value = derval.data.getDerValue(); if (derval.data.available() != 0) { diff --git a/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java b/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java index 725c753e65..afc642df2f 100644 --- a/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java +++ b/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,7 +43,7 @@ import sun.security.util.DerValue; * certificate that identifies the specific OCSP Responder to use when * performing on-line validation of that certificate. * <p> - * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt"> + * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280"> * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile</a>. The profile permits * the extension to be included in end-entity or CA certificates, diff --git a/src/share/classes/sun/security/x509/CertificateIssuerExtension.java b/src/share/classes/sun/security/x509/CertificateIssuerExtension.java index b7739707dd..0dd8f39642 100644 --- a/src/share/classes/sun/security/x509/CertificateIssuerExtension.java +++ b/src/share/classes/sun/security/x509/CertificateIssuerExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,7 +44,7 @@ import sun.security.util.DerOutputStream; * <p> * If used by conforming CRL issuers, this extension is always * critical. If an implementation ignored this extension it could not - * correctly attribute CRL entries to certificates. PKIX (RFC 3280) + * correctly attribute CRL entries to certificates. PKIX (RFC 5280) * RECOMMENDS that implementations recognize this extension. * <p> * The ASN.1 definition for this is: diff --git a/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java b/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java index 69be1457c0..4b03223939 100644 --- a/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java +++ b/src/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ import sun.security.util.*; * * <p> * The extension is defined in Section 5.2.4 of - * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific + * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile</a>. * * <p> diff --git a/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java b/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java index 680846029b..dc820770ef 100644 --- a/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java +++ b/src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,7 +94,7 @@ implements CertAttrSet<String> { public static final String NAME = "ExtendedKeyUsage"; public static final String USAGES = "usages"; - // OID defined in RFC 3280 Sections 4.2.1.13 + // OID defined in RFC 5280 Sections 4.2.1.12 // more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html private static final Map <ObjectIdentifier, String> map = new HashMap <ObjectIdentifier, String> (); diff --git a/src/share/classes/sun/security/x509/FreshestCRLExtension.java b/src/share/classes/sun/security/x509/FreshestCRLExtension.java index 775e2ac032..3d0723da5b 100644 --- a/src/share/classes/sun/security/x509/FreshestCRLExtension.java +++ b/src/share/classes/sun/security/x509/FreshestCRLExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ import sun.security.util.*; * * <p> * The extension is defined in Section 5.2.6 of - * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific + * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile</a>. * * <p> diff --git a/src/share/classes/sun/security/x509/InvalidityDateExtension.java b/src/share/classes/sun/security/x509/InvalidityDateExtension.java index eda0216489..7fac65f3ee 100644 --- a/src/share/classes/sun/security/x509/InvalidityDateExtension.java +++ b/src/share/classes/sun/security/x509/InvalidityDateExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,7 @@ import java.util.Enumeration; import sun.security.util.*; /** - * From RFC 3280: + * From RFC 5280: * <p> * The invalidity date is a non-critical CRL entry extension that * provides the date on which it is known or suspected that the private diff --git a/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java b/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java index 6fe8eb3b13..6866af0830 100644 --- a/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java +++ b/src/share/classes/sun/security/x509/IssuingDistributionPointExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -46,7 +46,7 @@ import sun.security.util.DerValue; * * <p> * The extension is defined in Section 5.2.5 of - * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific + * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific ate and Certificate Revocation List (CRL) Profile</a>. * * <p> diff --git a/src/share/classes/sun/security/x509/RDN.java b/src/share/classes/sun/security/x509/RDN.java index e60e2e8435..9eb60681fa 100644 --- a/src/share/classes/sun/security/x509/RDN.java +++ b/src/share/classes/sun/security/x509/RDN.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -343,7 +343,7 @@ public class RDN { /* * Returns a printable form of this RDN, using RFC 1779 style catenation * of attribute/value assertions, and emitting attribute type keywords - * from RFCs 1779, 2253, and 3280. + * from RFCs 1779, 2253, and 5280. */ public String toString() { if (assertion.length == 1) { diff --git a/src/share/classes/sun/security/x509/README b/src/share/classes/sun/security/x509/README index 31a1291865..f18a373523 100644 --- a/src/share/classes/sun/security/x509/README +++ b/src/share/classes/sun/security/x509/README @@ -34,7 +34,7 @@ found in: Protocol (LDAP) that many organizations are expecting will help address online certificate distribution over the Internet. - RFC 3280, which describes the Internet X.509 Public Key + RFC 5280, which describes the Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which diff --git a/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java b/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java index e1a0bc2611..29d60eff84 100644 --- a/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java +++ b/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,7 +48,7 @@ import sun.security.util.DerValue; * included in end entity or CA certificates. Conforming CAs MUST mark * this extension as non-critical. * <p> - * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt"> + * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280"> * Internet X.509 PKI Certificate and Certificate Revocation List * (CRL) Profile</a>. The profile permits * the extension to be included in end-entity or CA certificates, diff --git a/src/share/classes/sun/security/x509/URIName.java b/src/share/classes/sun/security/x509/URIName.java index 3c5b523b5f..2d2cafd21e 100644 --- a/src/share/classes/sun/security/x509/URIName.java +++ b/src/share/classes/sun/security/x509/URIName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,15 +35,15 @@ import sun.security.util.*; * This class implements the URIName as required by the GeneralNames * ASN.1 object. * <p> - * [RFC3280] When the subjectAltName extension contains a URI, the name MUST be + * [RFC5280] When the subjectAltName extension contains a URI, the name MUST be * stored in the uniformResourceIdentifier (an IA5String). The name MUST * be a non-relative URL, and MUST follow the URL syntax and encoding - * rules specified in [RFC 1738]. The name must include both a scheme + * rules specified in [RFC 3986]. The name must include both a scheme * (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- * specific-part must include a fully qualified domain name or IP * address as the host. * <p> - * As specified in [RFC 1738], the scheme name is not case-sensitive + * As specified in [RFC 3986], the scheme name is not case-sensitive * (e.g., "http" is equivalent to "HTTP"). The host part is also not * case-sensitive, but other components of the scheme-specific-part may * be case-sensitive. When comparing URIs, conforming implementations @@ -113,7 +113,7 @@ public class URIName implements GeneralNameInterface { } host = uri.getHost(); - // RFC 3280 says that the host should be non-null, but we allow it to + // RFC 5280 says that the host should be non-null, but we allow it to // be null because some widely deployed certificates contain CDP // extensions with URIs that have no hostname (see bugs 4802236 and // 5107944). @@ -148,7 +148,7 @@ public class URIName implements GeneralNameInterface { /** * Create the URIName object with the specified name constraint. URI * name constraints syntax is different than SubjectAltNames, etc. See - * 4.2.1.11 of RFC 3280. + * 4.2.1.10 of RFC 5280. * * @param value the URI name constraint * @throws IOException if name is not a proper URI name constraint @@ -300,7 +300,7 @@ public class URIName implements GeneralNameInterface { * These results are used in checking NameConstraints during * certification path verification. * <p> - * RFC3280: For URIs, the constraint applies to the host part of the name. + * RFC5280: For URIs, the constraint applies to the host part of the name. * The constraint may specify a host or a domain. Examples would be * "foo.bar.com"; and ".xyz.com". When the the constraint begins with * a period, it may be expanded with one or more subdomains. That is, diff --git a/src/share/classes/sun/security/x509/X500Name.java b/src/share/classes/sun/security/x509/X500Name.java index 447395c503..f70c00fe26 100644 --- a/src/share/classes/sun/security/x509/X500Name.java +++ b/src/share/classes/sun/security/x509/X500Name.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -604,7 +604,7 @@ public class X500Name implements GeneralNameInterface, Principal { * Returns a string form of the X.500 distinguished name. * The format of the string is from RFC 1779. The returned string * may contain non-standardised keywords for more readability - * (keywords from RFCs 1779, 2253, and 3280). + * (keywords from RFCs 1779, 2253, and 5280). */ public String toString() { if (dn == null) { @@ -865,7 +865,7 @@ public class X500Name implements GeneralNameInterface, Principal { * O="Sue, Grabbit and Runn" or * O=Sue\, Grabbit and Runn * - * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 3280 + * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 5280 * keywords. Additional keywords can be specified in the keyword/OID map. */ private void parseDN(String input, Map<String, String> keywordMap) @@ -1104,20 +1104,8 @@ public class X500Name implements GeneralNameInterface, Principal { /****************************************************************/ /* - * Maybe return a preallocated OID, to reduce storage costs - * and speed recognition of common X.500 attributes. - */ - static ObjectIdentifier intern(ObjectIdentifier oid) { - ObjectIdentifier interned = internedOIDs.putIfAbsent(oid, oid); - return (interned == null) ? oid : interned; - } - - private static final Map<ObjectIdentifier,ObjectIdentifier> internedOIDs - = new HashMap<ObjectIdentifier,ObjectIdentifier>(); - - /* * Selected OIDs from X.520 - * Includes all those specified in RFC 3280 as MUST or SHOULD + * Includes all those specified in RFC 5280 as MUST or SHOULD * be recognized */ private static final int commonName_data[] = { 2, 5, 4, 3 }; @@ -1142,92 +1130,82 @@ public class X500Name implements GeneralNameInterface, Principal { { 0, 9, 2342, 19200300, 100, 1, 1 }; - public static final ObjectIdentifier commonName_oid; - public static final ObjectIdentifier countryName_oid; - public static final ObjectIdentifier localityName_oid; - public static final ObjectIdentifier orgName_oid; - public static final ObjectIdentifier orgUnitName_oid; - public static final ObjectIdentifier stateName_oid; - public static final ObjectIdentifier streetAddress_oid; - public static final ObjectIdentifier title_oid; - public static final ObjectIdentifier DNQUALIFIER_OID; - public static final ObjectIdentifier SURNAME_OID; - public static final ObjectIdentifier GIVENNAME_OID; - public static final ObjectIdentifier INITIALS_OID; - public static final ObjectIdentifier GENERATIONQUALIFIER_OID; - public static final ObjectIdentifier ipAddress_oid; - public static final ObjectIdentifier DOMAIN_COMPONENT_OID; - public static final ObjectIdentifier userid_oid; - public static final ObjectIdentifier SERIALNUMBER_OID; - - static { - /** OID for the "CN=" attribute, denoting a person's common name. */ - commonName_oid = intern(ObjectIdentifier.newInternal(commonName_data)); - - /** OID for the "SERIALNUMBER=" attribute, denoting a serial number for. - a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the - certificate serial number. */ - SERIALNUMBER_OID = intern(ObjectIdentifier.newInternal(SERIALNUMBER_DATA)); - - /** OID for the "C=" attribute, denoting a country. */ - countryName_oid = intern(ObjectIdentifier.newInternal(countryName_data)); - - /** OID for the "L=" attribute, denoting a locality (such as a city) */ - localityName_oid = intern(ObjectIdentifier.newInternal(localityName_data)); - - /** OID for the "O=" attribute, denoting an organization name */ - orgName_oid = intern(ObjectIdentifier.newInternal(orgName_data)); - - /** OID for the "OU=" attribute, denoting an organizational unit name */ - orgUnitName_oid = intern(ObjectIdentifier.newInternal(orgUnitName_data)); - - /** OID for the "S=" attribute, denoting a state (such as Delaware) */ - stateName_oid = intern(ObjectIdentifier.newInternal(stateName_data)); - - /** OID for the "STREET=" attribute, denoting a street address. */ - streetAddress_oid = intern(ObjectIdentifier.newInternal(streetAddress_data)); - - /** OID for the "T=" attribute, denoting a person's title. */ - title_oid = intern(ObjectIdentifier.newInternal(title_data)); - - /** OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN - disambiguating information.*/ - DNQUALIFIER_OID = intern(ObjectIdentifier.newInternal(DNQUALIFIER_DATA)); - - /** OID for the "SURNAME=" attribute, denoting a person's surname.*/ - SURNAME_OID = intern(ObjectIdentifier.newInternal(SURNAME_DATA)); - - /** OID for the "GIVENNAME=" attribute, denoting a person's given name.*/ - GIVENNAME_OID = intern(ObjectIdentifier.newInternal(GIVENNAME_DATA)); - - /** OID for the "INITIALS=" attribute, denoting a person's initials.*/ - INITIALS_OID = intern(ObjectIdentifier.newInternal(INITIALS_DATA)); - - /** OID for the "GENERATION=" attribute, denoting Jr., II, etc.*/ - GENERATIONQUALIFIER_OID = - intern(ObjectIdentifier.newInternal(GENERATIONQUALIFIER_DATA)); - - /* - * OIDs from other sources which show up in X.500 names we - * expect to deal with often - */ - /** OID for "IP=" IP address attributes, used with SKIP. */ - ipAddress_oid = intern(ObjectIdentifier.newInternal(ipAddress_data)); - - /* - * Domain component OID from RFC 1274, RFC 2247, RFC 3280 - */ - - /* - * OID for "DC=" domain component attributes, used with DNSNames in DN - * format - */ - DOMAIN_COMPONENT_OID = - intern(ObjectIdentifier.newInternal(DOMAIN_COMPONENT_DATA)); - - /** OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798. */ - userid_oid = intern(ObjectIdentifier.newInternal(userid_data)); - } + // OID for the "CN=" attribute, denoting a person's common name. + public static final ObjectIdentifier commonName_oid = + ObjectIdentifier.newInternal(commonName_data); + + // OID for the "SERIALNUMBER=" attribute, denoting a serial number for. + // a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the + // certificate serial number. + public static final ObjectIdentifier SERIALNUMBER_OID = + ObjectIdentifier.newInternal(SERIALNUMBER_DATA); + + // OID for the "C=" attribute, denoting a country. + public static final ObjectIdentifier countryName_oid = + ObjectIdentifier.newInternal(countryName_data); + + // OID for the "L=" attribute, denoting a locality (such as a city). + public static final ObjectIdentifier localityName_oid = + ObjectIdentifier.newInternal(localityName_data); + + // OID for the "O=" attribute, denoting an organization name. + public static final ObjectIdentifier orgName_oid = + ObjectIdentifier.newInternal(orgName_data); + + // OID for the "OU=" attribute, denoting an organizational unit name. + public static final ObjectIdentifier orgUnitName_oid = + ObjectIdentifier.newInternal(orgUnitName_data); + + // OID for the "S=" attribute, denoting a state (such as Delaware). + public static final ObjectIdentifier stateName_oid = + ObjectIdentifier.newInternal(stateName_data); + + // OID for the "STREET=" attribute, denoting a street address. + public static final ObjectIdentifier streetAddress_oid = + ObjectIdentifier.newInternal(streetAddress_data); + + // OID for the "T=" attribute, denoting a person's title. + public static final ObjectIdentifier title_oid = + ObjectIdentifier.newInternal(title_data); + + // OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN + // disambiguating information. + public static final ObjectIdentifier DNQUALIFIER_OID = + ObjectIdentifier.newInternal(DNQUALIFIER_DATA); + + // OID for the "SURNAME=" attribute, denoting a person's surname. + public static final ObjectIdentifier SURNAME_OID = + ObjectIdentifier.newInternal(SURNAME_DATA); + + // OID for the "GIVENNAME=" attribute, denoting a person's given name. + public static final ObjectIdentifier GIVENNAME_OID = + ObjectIdentifier.newInternal(GIVENNAME_DATA); + + // OID for the "INITIALS=" attribute, denoting a person's initials. + public static final ObjectIdentifier INITIALS_OID = + ObjectIdentifier.newInternal(INITIALS_DATA); + + // OID for the "GENERATION=" attribute, denoting Jr., II, etc. + public static final ObjectIdentifier GENERATIONQUALIFIER_OID = + ObjectIdentifier.newInternal(GENERATIONQUALIFIER_DATA); + + // OIDs from other sources which show up in X.500 names we + // expect to deal with often. + // + // OID for "IP=" IP address attributes, used with SKIP. + public static final ObjectIdentifier ipAddress_oid = + ObjectIdentifier.newInternal(ipAddress_data); + + // Domain component OID from RFC 1274, RFC 2247, RFC 5280. + // + // OID for "DC=" domain component attributes, used with DNSNames in DN + // format. + public static final ObjectIdentifier DOMAIN_COMPONENT_OID = + ObjectIdentifier.newInternal(DOMAIN_COMPONENT_DATA); + + // OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798. + public static final ObjectIdentifier userid_oid = + ObjectIdentifier.newInternal(userid_data); /** * Return constraint type:<ul> diff --git a/src/share/classes/sun/security/x509/X509CRLImpl.java b/src/share/classes/sun/security/x509/X509CRLImpl.java index 84403b352a..8cb54ff984 100644 --- a/src/share/classes/sun/security/x509/X509CRLImpl.java +++ b/src/share/classes/sun/security/x509/X509CRLImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,7 @@ import sun.misc.HexDumpEncoder; * signature BIT STRING } * </pre> * More information can be found in - * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 + * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile</a>. * <p> * The ASN.1 definition of <code>tbsCertList</code> is: diff --git a/src/share/classes/sun/security/x509/X509CertInfo.java b/src/share/classes/sun/security/x509/X509CertInfo.java index b7f2dd85bc..fa64e9d0fc 100644 --- a/src/share/classes/sun/security/x509/X509CertInfo.java +++ b/src/share/classes/sun/security/x509/X509CertInfo.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -708,7 +708,7 @@ public class X509CertInfo implements CertAttrSet<String> { } /* - * Verify if X.509 V3 Certificate is compliant with RFC 3280. + * Verify if X.509 V3 Certificate is compliant with RFC 5280. */ private void verifyCert(X500Name subject, CertificateExtensions extensions) |