Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 c2a5f680 编写于 作者: J juh
浏览文件
操作

8017325: Cleanup of the javadoc <code> tag in java.security.cert 

Summary: Convert javadoc <code>...</code> and <tt>...</tt> tags to {@code ...}
Reviewed-by: darcy
上级 2732b87f
隐藏空白更改
内联 并排
Showing with 1391 addition and 1391 deletion
src/share/classes/java/security/cert/CRLException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -57,13 +57,13 @@ public class CRLException extends GeneralSecurityException { ...@@ -57,13 +57,13 @@ public class CRLException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CRLException</code> with the specified * Creates a {@code CRLException} with the specified
* detail message and cause. * detail message and cause.
* *
* @param message the detail message (which is saved for later retrieval * @param message the detail message (which is saved for later retrieval
* by the {@link #getMessage()} method). * by the {@link #getMessage()} method).
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
...@@ -72,13 +72,13 @@ public class CRLException extends GeneralSecurityException { ...@@ -72,13 +72,13 @@ public class CRLException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CRLException</code> with the specified cause * Creates a {@code CRLException} with the specified cause
* and a detail message of <tt>(cause==null ? null : cause.toString())</tt> * and a detail message of {@code (cause==null ? null : cause.toString())}
* (which typically contains the class and detail message of * (which typically contains the class and detail message of
* <tt>cause</tt>). * {@code cause}).
* *
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
......
src/share/classes/java/security/cert/CRLSelector.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -26,9 +26,9 @@ ...@@ -26,9 +26,9 @@
package java.security.cert; package java.security.cert;
/** /**
* A selector that defines a set of criteria for selecting <code>CRL</code>s. * A selector that defines a set of criteria for selecting {@code CRL}s.
* Classes that implement this interface are often used to specify * Classes that implement this interface are often used to specify
* which <code>CRL</code>s should be retrieved from a <code>CertStore</code>. * which {@code CRL}s should be retrieved from a {@code CertStore}.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
...@@ -48,19 +48,19 @@ package java.security.cert; ...@@ -48,19 +48,19 @@ package java.security.cert;
public interface CRLSelector extends Cloneable { public interface CRLSelector extends Cloneable {
/** /**
* Decides whether a <code>CRL</code> should be selected. * Decides whether a {@code CRL} should be selected.
* *
* @param crl the <code>CRL</code> to be checked * @param crl the {@code CRL} to be checked
* @return <code>true</code> if the <code>CRL</code> should be selected, * @return {@code true} if the {@code CRL} should be selected,
* <code>false</code> otherwise * {@code false} otherwise
*/ */
boolean match(CRL crl); boolean match(CRL crl);
/** /**
* Makes a copy of this <code>CRLSelector</code>. Changes to the * Makes a copy of this {@code CRLSelector}. Changes to the
* copy will not affect the original and vice versa. * copy will not affect the original and vice versa.
* *
* @return a copy of this <code>CRLSelector</code> * @return a copy of this {@code CRLSelector}
*/ */
Object clone(); Object clone();
} }
src/share/classes/java/security/cert/CertPath.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -36,59 +36,59 @@ import java.util.List; ...@@ -36,59 +36,59 @@ import java.util.List;
* An immutable sequence of certificates (a certification path). * An immutable sequence of certificates (a certification path).
* <p> * <p>
* This is an abstract class that defines the methods common to all * This is an abstract class that defines the methods common to all
* <code>CertPath</code>s. Subclasses can handle different kinds of * {@code CertPath}s. Subclasses can handle different kinds of
* certificates (X.509, PGP, etc.). * certificates (X.509, PGP, etc.).
* <p> * <p>
* All <code>CertPath</code> objects have a type, a list of * All {@code CertPath} objects have a type, a list of
* <code>Certificate</code>s, and one or more supported encodings. Because the * {@code Certificate}s, and one or more supported encodings. Because the
* <code>CertPath</code> class is immutable, a <code>CertPath</code> cannot * {@code CertPath} class is immutable, a {@code CertPath} cannot
* change in any externally visible way after being constructed. This * change in any externally visible way after being constructed. This
* stipulation applies to all public fields and methods of this class and any * stipulation applies to all public fields and methods of this class and any
* added or overridden by subclasses. * added or overridden by subclasses.
* <p> * <p>
* The type is a <code>String</code> that identifies the type of * The type is a {@code String} that identifies the type of
* <code>Certificate</code>s in the certification path. For each * {@code Certificate}s in the certification path. For each
* certificate <code>cert</code> in a certification path <code>certPath</code>, * certificate {@code cert} in a certification path {@code certPath},
* <code>cert.getType().equals(certPath.getType())</code> must be * {@code cert.getType().equals(certPath.getType())} must be
* <code>true</code>. * {@code true}.
* <p> * <p>
* The list of <code>Certificate</code>s is an ordered <code>List</code> of * The list of {@code Certificate}s is an ordered {@code List} of
* zero or more <code>Certificate</code>s. This <code>List</code> and all * zero or more {@code Certificate}s. This {@code List} and all
* of the <code>Certificate</code>s contained in it must be immutable. * of the {@code Certificate}s contained in it must be immutable.
* <p> * <p>
* Each <code>CertPath</code> object must support one or more encodings * Each {@code CertPath} object must support one or more encodings
* so that the object can be translated into a byte array for storage or * so that the object can be translated into a byte array for storage or
* transmission to other parties. Preferably, these encodings should be * transmission to other parties. Preferably, these encodings should be
* well-documented standards (such as PKCS#7). One of the encodings supported * well-documented standards (such as PKCS#7). One of the encodings supported
* by a <code>CertPath</code> is considered the default encoding. This * by a {@code CertPath} is considered the default encoding. This
* encoding is used if no encoding is explicitly requested (for the * encoding is used if no encoding is explicitly requested (for the
* {@link #getEncoded() getEncoded()} method, for instance). * {@link #getEncoded() getEncoded()} method, for instance).
* <p> * <p>
* All <code>CertPath</code> objects are also <code>Serializable</code>. * All {@code CertPath} objects are also {@code Serializable}.
* <code>CertPath</code> objects are resolved into an alternate * {@code CertPath} objects are resolved into an alternate
* {@link CertPathRep CertPathRep} object during serialization. This allows * {@link CertPathRep CertPathRep} object during serialization. This allows
* a <code>CertPath</code> object to be serialized into an equivalent * a {@code CertPath} object to be serialized into an equivalent
* representation regardless of its underlying implementation. * representation regardless of its underlying implementation.
* <p> * <p>
* <code>CertPath</code> objects can be created with a * {@code CertPath} objects can be created with a
* <code>CertificateFactory</code> or they can be returned by other classes, * {@code CertificateFactory} or they can be returned by other classes,
* such as a <code>CertPathBuilder</code>. * such as a {@code CertPathBuilder}.
* <p> * <p>
* By convention, X.509 <code>CertPath</code>s (consisting of * By convention, X.509 {@code CertPath}s (consisting of
* <code>X509Certificate</code>s), are ordered starting with the target * {@code X509Certificate}s), are ordered starting with the target
* certificate and ending with a certificate issued by the trust anchor. That * certificate and ending with a certificate issued by the trust anchor. That
* is, the issuer of one certificate is the subject of the following one. The * is, the issuer of one certificate is the subject of the following one. The
* certificate representing the {@link TrustAnchor TrustAnchor} should not be * certificate representing the {@link TrustAnchor TrustAnchor} should not be
* included in the certification path. Unvalidated X.509 <code>CertPath</code>s * included in the certification path. Unvalidated X.509 {@code CertPath}s
* may not follow these conventions. PKIX <code>CertPathValidator</code>s will * may not follow these conventions. PKIX {@code CertPathValidator}s will
* detect any departure from these conventions that cause the certification * detect any departure from these conventions that cause the certification
* path to be invalid and throw a <code>CertPathValidatorException</code>. * path to be invalid and throw a {@code CertPathValidatorException}.
* *
* <p> Every implementation of the Java platform is required to support the * <p> Every implementation of the Java platform is required to support the
* following standard <code>CertPath</code> encodings: * following standard {@code CertPath} encodings:
* <ul> * <ul>
* <li><tt>PKCS7</tt></li> * <li>{@code PKCS7}</li>
* <li><tt>PkiPath</tt></li> * <li>{@code PkiPath}</li>
* </ul> * </ul>
* These encodings are described in the <a href= * These encodings are described in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
...@@ -99,17 +99,17 @@ import java.util.List; ...@@ -99,17 +99,17 @@ import java.util.List;
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
* All <code>CertPath</code> objects must be thread-safe. That is, multiple * All {@code CertPath} objects must be thread-safe. That is, multiple
* threads may concurrently invoke the methods defined in this class on a * threads may concurrently invoke the methods defined in this class on a
* single <code>CertPath</code> object (or more than one) with no * single {@code CertPath} object (or more than one) with no
* ill effects. This is also true for the <code>List</code> returned by * ill effects. This is also true for the {@code List} returned by
* <code>CertPath.getCertificates</code>. * {@code CertPath.getCertificates}.
* <p> * <p>
* Requiring <code>CertPath</code> objects to be immutable and thread-safe * Requiring {@code CertPath} objects to be immutable and thread-safe
* allows them to be passed around to various pieces of code without worrying * allows them to be passed around to various pieces of code without worrying
* about coordinating access. Providing this thread-safety is * about coordinating access. Providing this thread-safety is
* generally not difficult, since the <code>CertPath</code> and * generally not difficult, since the {@code CertPath} and
* <code>List</code> objects in question are immutable. * {@code List} objects in question are immutable.
* *
* @see CertificateFactory * @see CertificateFactory
* @see CertPathBuilder * @see CertPathBuilder
...@@ -124,25 +124,25 @@ public abstract class CertPath implements Serializable { ...@@ -124,25 +124,25 @@ public abstract class CertPath implements Serializable {
private String type; // the type of certificates in this chain private String type; // the type of certificates in this chain
/** /**
* Creates a <code>CertPath</code> of the specified type. * Creates a {@code CertPath} of the specified type.
* <p> * <p>
* This constructor is protected because most users should use a * This constructor is protected because most users should use a
* <code>CertificateFactory</code> to create <code>CertPath</code>s. * {@code CertificateFactory} to create {@code CertPath}s.
* *
* @param type the standard name of the type of * @param type the standard name of the type of
* <code>Certificate</code>s in this path * {@code Certificate}s in this path
*/ */
protected CertPath(String type) { protected CertPath(String type) {
this.type = type; this.type = type;
} }
/** /**
* Returns the type of <code>Certificate</code>s in this certification * Returns the type of {@code Certificate}s in this certification
* path. This is the same string that would be returned by * path. This is the same string that would be returned by
* {@link java.security.cert.Certificate#getType() cert.getType()} * {@link java.security.cert.Certificate#getType() cert.getType()}
* for all <code>Certificate</code>s in the certification path. * for all {@code Certificate}s in the certification path.
* *
* @return the type of <code>Certificate</code>s in this certification * @return the type of {@code Certificate}s in this certification
* path (never null) * path (never null)
*/ */
public String getType() { public String getType() {
...@@ -152,21 +152,21 @@ public abstract class CertPath implements Serializable { ...@@ -152,21 +152,21 @@ public abstract class CertPath implements Serializable {
/** /**
* Returns an iteration of the encodings supported by this certification * Returns an iteration of the encodings supported by this certification
* path, with the default encoding first. Attempts to modify the returned * path, with the default encoding first. Attempts to modify the returned
* <code>Iterator</code> via its <code>remove</code> method result in an * {@code Iterator} via its {@code remove} method result in an
* <code>UnsupportedOperationException</code>. * {@code UnsupportedOperationException}.
* *
* @return an <code>Iterator</code> over the names of the supported * @return an {@code Iterator} over the names of the supported
* encodings (as Strings) * encodings (as Strings)
*/ */
public abstract Iterator<String> getEncodings(); public abstract Iterator<String> getEncodings();
/** /**
* Compares this certification path for equality with the specified * Compares this certification path for equality with the specified
* object. Two <code>CertPath</code>s are equal if and only if their * object. Two {@code CertPath}s are equal if and only if their
* types are equal and their certificate <code>List</code>s (and by * types are equal and their certificate {@code List}s (and by
* implication the <code>Certificate</code>s in those <code>List</code>s) * implication the {@code Certificate}s in those {@code List}s)
* are equal. A <code>CertPath</code> is never equal to an object that is * are equal. A {@code CertPath} is never equal to an object that is
* not a <code>CertPath</code>. * not a {@code CertPath}.
* <p> * <p>
* This algorithm is implemented by this method. If it is overridden, * This algorithm is implemented by this method. If it is overridden,
* the behavior specified here must be maintained. * the behavior specified here must be maintained.
...@@ -195,14 +195,14 @@ public abstract class CertPath implements Serializable { ...@@ -195,14 +195,14 @@ public abstract class CertPath implements Serializable {
* Returns the hashcode for this certification path. The hash code of * Returns the hashcode for this certification path. The hash code of
* a certification path is defined to be the result of the following * a certification path is defined to be the result of the following
* calculation: * calculation:
* <pre><code> * <pre>{@code
* hashCode = path.getType().hashCode(); * hashCode = path.getType().hashCode();
* hashCode = 31*hashCode + path.getCertificates().hashCode(); * hashCode = 31*hashCode + path.getCertificates().hashCode();
* </code></pre> * }</pre>
* This ensures that <code>path1.equals(path2)</code> implies that * This ensures that {@code path1.equals(path2)} implies that
* <code>path1.hashCode()==path2.hashCode()</code> for any two certification * {@code path1.hashCode()==path2.hashCode()} for any two certification
* paths, <code>path1</code> and <code>path2</code>, as required by the * paths, {@code path1} and {@code path2}, as required by the
* general contract of <code>Object.hashCode</code>. * general contract of {@code Object.hashCode}.
* *
* @return the hashcode value for this certification path * @return the hashcode value for this certification path
*/ */
...@@ -214,8 +214,8 @@ public abstract class CertPath implements Serializable { ...@@ -214,8 +214,8 @@ public abstract class CertPath implements Serializable {
/** /**
* Returns a string representation of this certification path. * Returns a string representation of this certification path.
* This calls the <code>toString</code> method on each of the * This calls the {@code toString} method on each of the
* <code>Certificate</code>s in the path. * {@code Certificate}s in the path.
* *
* @return a string representation of this certification path * @return a string representation of this certification path
*/ */
...@@ -266,20 +266,20 @@ public abstract class CertPath implements Serializable { ...@@ -266,20 +266,20 @@ public abstract class CertPath implements Serializable {
/** /**
* Returns the list of certificates in this certification path. * Returns the list of certificates in this certification path.
* The <code>List</code> returned must be immutable and thread-safe. * The {@code List} returned must be immutable and thread-safe.
* *
* @return an immutable <code>List</code> of <code>Certificate</code>s * @return an immutable {@code List} of {@code Certificate}s
* (may be empty, but not null) * (may be empty, but not null)
*/ */
public abstract List<? extends Certificate> getCertificates(); public abstract List<? extends Certificate> getCertificates();
/** /**
* Replaces the <code>CertPath</code> to be serialized with a * Replaces the {@code CertPath} to be serialized with a
* <code>CertPathRep</code> object. * {@code CertPathRep} object.
* *
* @return the <code>CertPathRep</code> to be serialized * @return the {@code CertPathRep} to be serialized
* *
* @throws ObjectStreamException if a <code>CertPathRep</code> object * @throws ObjectStreamException if a {@code CertPathRep} object
* representing this certification path could not be created * representing this certification path could not be created
*/ */
protected Object writeReplace() throws ObjectStreamException { protected Object writeReplace() throws ObjectStreamException {
...@@ -295,7 +295,7 @@ public abstract class CertPath implements Serializable { ...@@ -295,7 +295,7 @@ public abstract class CertPath implements Serializable {
} }
/** /**
* Alternate <code>CertPath</code> class for serialization. * Alternate {@code CertPath} class for serialization.
* @since 1.4 * @since 1.4
*/ */
protected static class CertPathRep implements Serializable { protected static class CertPathRep implements Serializable {
...@@ -308,10 +308,10 @@ public abstract class CertPath implements Serializable { ...@@ -308,10 +308,10 @@ public abstract class CertPath implements Serializable {
private byte[] data; private byte[] data;
/** /**
* Creates a <code>CertPathRep</code> with the specified * Creates a {@code CertPathRep} with the specified
* type and encoded form of a certification path. * type and encoded form of a certification path.
* *
* @param type the standard name of a <code>CertPath</code> type * @param type the standard name of a {@code CertPath} type
* @param data the encoded form of the certification path * @param data the encoded form of the certification path
*/ */
protected CertPathRep(String type, byte[] data) { protected CertPathRep(String type, byte[] data) {
...@@ -320,11 +320,11 @@ public abstract class CertPath implements Serializable { ...@@ -320,11 +320,11 @@ public abstract class CertPath implements Serializable {
} }
/** /**
* Returns a <code>CertPath</code> constructed from the type and data. * Returns a {@code CertPath} constructed from the type and data.
* *
* @return the resolved <code>CertPath</code> object * @return the resolved {@code CertPath} object
* *
* @throws ObjectStreamException if a <code>CertPath</code> could not * @throws ObjectStreamException if a {@code CertPath} could not
* be constructed * be constructed
*/ */
protected Object readResolve() throws ObjectStreamException { protected Object readResolve() throws ObjectStreamException {
......
src/share/classes/java/security/cert/CertPathBuilder.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -41,16 +41,16 @@ import sun.security.jca.GetInstance.Instance; ...@@ -41,16 +41,16 @@ import sun.security.jca.GetInstance.Instance;
* A class for building certification paths (also known as certificate chains). * A class for building certification paths (also known as certificate chains).
* <p> * <p>
* This class uses a provider-based architecture. * This class uses a provider-based architecture.
* To create a <code>CertPathBuilder</code>, call * To create a {@code CertPathBuilder}, call
* one of the static <code>getInstance</code> methods, passing in the * one of the static {@code getInstance} methods, passing in the
* algorithm name of the <code>CertPathBuilder</code> desired and optionally * algorithm name of the {@code CertPathBuilder} desired and optionally
* the name of the provider desired. * the name of the provider desired.
* *
* <p>Once a <code>CertPathBuilder</code> object has been created, certification * <p>Once a {@code CertPathBuilder} object has been created, certification
* paths can be constructed by calling the {@link #build build} method and * paths can be constructed by calling the {@link #build build} method and
* passing it an algorithm-specific set of parameters. If successful, the * passing it an algorithm-specific set of parameters. If successful, the
* result (including the <code>CertPath</code> that was built) is returned * result (including the {@code CertPath} that was built) is returned
* in an object that implements the <code>CertPathBuilderResult</code> * in an object that implements the {@code CertPathBuilderResult}
* interface. * interface.
* *
* <p>The {@link #getRevocationChecker} method allows an application to specify * <p>The {@link #getRevocationChecker} method allows an application to specify
...@@ -67,9 +67,9 @@ import sun.security.jca.GetInstance.Instance; ...@@ -67,9 +67,9 @@ import sun.security.jca.GetInstance.Instance;
* </pre> * </pre>
* *
* <p>Every implementation of the Java platform is required to support the * <p>Every implementation of the Java platform is required to support the
* following standard <code>CertPathBuilder</code> algorithm: * following standard {@code CertPathBuilder} algorithm:
* <ul> * <ul>
* <li><tt>PKIX</tt></li> * <li>{@code PKIX}</li>
* </ul> * </ul>
* This algorithm is described in the <a href= * This algorithm is described in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
...@@ -87,9 +87,9 @@ import sun.security.jca.GetInstance.Instance; ...@@ -87,9 +87,9 @@ import sun.security.jca.GetInstance.Instance;
* <p> * <p>
* However, this is not true for the non-static methods defined by this class. * However, this is not true for the non-static methods defined by this class.
* Unless otherwise documented by a specific provider, threads that need to * Unless otherwise documented by a specific provider, threads that need to
* access a single <code>CertPathBuilder</code> instance concurrently should * access a single {@code CertPathBuilder} instance concurrently should
* synchronize amongst themselves and provide the necessary locking. Multiple * synchronize amongst themselves and provide the necessary locking. Multiple
* threads each manipulating a different <code>CertPathBuilder</code> instance * threads each manipulating a different {@code CertPathBuilder} instance
* need not synchronize. * need not synchronize.
* *
* @see CertPath * @see CertPath
...@@ -114,7 +114,7 @@ public class CertPathBuilder { ...@@ -114,7 +114,7 @@ public class CertPathBuilder {
private final String algorithm; private final String algorithm;
/** /**
* Creates a <code>CertPathBuilder</code> object of the given algorithm, * Creates a {@code CertPathBuilder} object of the given algorithm,
* and encapsulates the given provider implementation (SPI object) in it. * and encapsulates the given provider implementation (SPI object) in it.
* *
* @param builderSpi the provider implementation * @param builderSpi the provider implementation
...@@ -130,7 +130,7 @@ public class CertPathBuilder { ...@@ -130,7 +130,7 @@ public class CertPathBuilder {
} }
/** /**
* Returns a <code>CertPathBuilder</code> object that implements the * Returns a {@code CertPathBuilder} object that implements the
* specified algorithm. * specified algorithm.
* *
* <p> This method traverses the list of registered security Providers, * <p> This method traverses the list of registered security Providers,
...@@ -142,13 +142,13 @@ public class CertPathBuilder { ...@@ -142,13 +142,13 @@ public class CertPathBuilder {
* <p> Note that the list of registered providers may be retrieved via * <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method. * the {@link Security#getProviders() Security.getProviders()} method.
* *
* @param algorithm the name of the requested <code>CertPathBuilder</code> * @param algorithm the name of the requested {@code CertPathBuilder}
* algorithm. See the CertPathBuilder section in the <a href= * algorithm. See the CertPathBuilder section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard algorithm names. * for information about standard algorithm names.
* *
* @return a <code>CertPathBuilder</code> object that implements the * @return a {@code CertPathBuilder} object that implements the
* specified algorithm. * specified algorithm.
* *
* @throws NoSuchAlgorithmException if no Provider supports a * @throws NoSuchAlgorithmException if no Provider supports a
...@@ -166,7 +166,7 @@ public class CertPathBuilder { ...@@ -166,7 +166,7 @@ public class CertPathBuilder {
} }
/** /**
* Returns a <code>CertPathBuilder</code> object that implements the * Returns a {@code CertPathBuilder} object that implements the
* specified algorithm. * specified algorithm.
* *
* <p> A new CertPathBuilder object encapsulating the * <p> A new CertPathBuilder object encapsulating the
...@@ -177,7 +177,7 @@ public class CertPathBuilder { ...@@ -177,7 +177,7 @@ public class CertPathBuilder {
* <p> Note that the list of registered providers may be retrieved via * <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method. * the {@link Security#getProviders() Security.getProviders()} method.
* *
* @param algorithm the name of the requested <code>CertPathBuilder</code> * @param algorithm the name of the requested {@code CertPathBuilder}
* algorithm. See the CertPathBuilder section in the <a href= * algorithm. See the CertPathBuilder section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
...@@ -185,7 +185,7 @@ public class CertPathBuilder { ...@@ -185,7 +185,7 @@ public class CertPathBuilder {
* *
* @param provider the name of the provider. * @param provider the name of the provider.
* *
* @return a <code>CertPathBuilder</code> object that implements the * @return a {@code CertPathBuilder} object that implements the
* specified algorithm. * specified algorithm.
* *
* @throws NoSuchAlgorithmException if a CertPathBuilderSpi * @throws NoSuchAlgorithmException if a CertPathBuilderSpi
...@@ -195,7 +195,7 @@ public class CertPathBuilder { ...@@ -195,7 +195,7 @@ public class CertPathBuilder {
* @throws NoSuchProviderException if the specified provider is not * @throws NoSuchProviderException if the specified provider is not
* registered in the security provider list. * registered in the security provider list.
* *
* @exception IllegalArgumentException if the <code>provider</code> is * @exception IllegalArgumentException if the {@code provider} is
* null or empty. * null or empty.
* *
* @see java.security.Provider * @see java.security.Provider
...@@ -209,7 +209,7 @@ public class CertPathBuilder { ...@@ -209,7 +209,7 @@ public class CertPathBuilder {
} }
/** /**
* Returns a <code>CertPathBuilder</code> object that implements the * Returns a {@code CertPathBuilder} object that implements the
* specified algorithm. * specified algorithm.
* *
* <p> A new CertPathBuilder object encapsulating the * <p> A new CertPathBuilder object encapsulating the
...@@ -217,7 +217,7 @@ public class CertPathBuilder { ...@@ -217,7 +217,7 @@ public class CertPathBuilder {
* object is returned. Note that the specified Provider object * object is returned. Note that the specified Provider object
* does not have to be registered in the provider list. * does not have to be registered in the provider list.
* *
* @param algorithm the name of the requested <code>CertPathBuilder</code> * @param algorithm the name of the requested {@code CertPathBuilder}
* algorithm. See the CertPathBuilder section in the <a href= * algorithm. See the CertPathBuilder section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
...@@ -225,14 +225,14 @@ public class CertPathBuilder { ...@@ -225,14 +225,14 @@ public class CertPathBuilder {
* *
* @param provider the provider. * @param provider the provider.
* *
* @return a <code>CertPathBuilder</code> object that implements the * @return a {@code CertPathBuilder} object that implements the
* specified algorithm. * specified algorithm.
* *
* @exception NoSuchAlgorithmException if a CertPathBuilderSpi * @exception NoSuchAlgorithmException if a CertPathBuilderSpi
* implementation for the specified algorithm is not available * implementation for the specified algorithm is not available
* from the specified Provider object. * from the specified Provider object.
* *
* @exception IllegalArgumentException if the <code>provider</code> is * @exception IllegalArgumentException if the {@code provider} is
* null. * null.
* *
* @see java.security.Provider * @see java.security.Provider
...@@ -246,18 +246,18 @@ public class CertPathBuilder { ...@@ -246,18 +246,18 @@ public class CertPathBuilder {
} }
/** /**
* Returns the provider of this <code>CertPathBuilder</code>. * Returns the provider of this {@code CertPathBuilder}.
* *
* @return the provider of this <code>CertPathBuilder</code> * @return the provider of this {@code CertPathBuilder}
*/ */
public final Provider getProvider() { public final Provider getProvider() {
return this.provider; return this.provider;
} }
/** /**
* Returns the name of the algorithm of this <code>CertPathBuilder</code>. * Returns the name of the algorithm of this {@code CertPathBuilder}.
* *
* @return the name of the algorithm of this <code>CertPathBuilder</code> * @return the name of the algorithm of this {@code CertPathBuilder}
*/ */
public final String getAlgorithm() { public final String getAlgorithm() {
return this.algorithm; return this.algorithm;
...@@ -272,7 +272,7 @@ public class CertPathBuilder { ...@@ -272,7 +272,7 @@ public class CertPathBuilder {
* @throws CertPathBuilderException if the builder is unable to construct * @throws CertPathBuilderException if the builder is unable to construct
* a certification path that satisfies the specified parameters * a certification path that satisfies the specified parameters
* @throws InvalidAlgorithmParameterException if the specified parameters * @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for this <code>CertPathBuilder</code> * are inappropriate for this {@code CertPathBuilder}
*/ */
public final CertPathBuilderResult build(CertPathParameters params) public final CertPathBuilderResult build(CertPathParameters params)
throws CertPathBuilderException, InvalidAlgorithmParameterException throws CertPathBuilderException, InvalidAlgorithmParameterException
......
src/share/classes/java/security/cert/CertPathBuilderException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -29,9 +29,9 @@ import java.security.GeneralSecurityException; ...@@ -29,9 +29,9 @@ import java.security.GeneralSecurityException;
/** /**
* An exception indicating one of a variety of problems encountered when * An exception indicating one of a variety of problems encountered when
* building a certification path with a <code>CertPathBuilder</code>. * building a certification path with a {@code CertPathBuilder}.
* <p> * <p>
* A <code>CertPathBuilderException</code> provides support for wrapping * A {@code CertPathBuilderException} provides support for wrapping
* exceptions. The {@link #getCause getCause} method returns the throwable, * exceptions. The {@link #getCause getCause} method returns the throwable,
* if any, that caused this exception to be thrown. * if any, that caused this exception to be thrown.
* <p> * <p>
...@@ -53,7 +53,7 @@ public class CertPathBuilderException extends GeneralSecurityException { ...@@ -53,7 +53,7 @@ public class CertPathBuilderException extends GeneralSecurityException {
private static final long serialVersionUID = 5316471420178794402L; private static final long serialVersionUID = 5316471420178794402L;
/** /**
* Creates a <code>CertPathBuilderException</code> with <code>null</code> * Creates a {@code CertPathBuilderException} with {@code null}
* as its detail message. * as its detail message.
*/ */
public CertPathBuilderException() { public CertPathBuilderException() {
...@@ -61,8 +61,8 @@ public class CertPathBuilderException extends GeneralSecurityException { ...@@ -61,8 +61,8 @@ public class CertPathBuilderException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathBuilderException</code> with the given * Creates a {@code CertPathBuilderException} with the given
* detail message. The detail message is a <code>String</code> that * detail message. The detail message is a {@code String} that
* describes this particular exception in more detail. * describes this particular exception in more detail.
* *
* @param msg the detail message * @param msg the detail message
...@@ -72,16 +72,16 @@ public class CertPathBuilderException extends GeneralSecurityException { ...@@ -72,16 +72,16 @@ public class CertPathBuilderException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathBuilderException</code> that wraps the specified * Creates a {@code CertPathBuilderException} that wraps the specified
* throwable. This allows any exception to be converted into a * throwable. This allows any exception to be converted into a
* <code>CertPathBuilderException</code>, while retaining information * {@code CertPathBuilderException}, while retaining information
* about the wrapped exception, which may be useful for debugging. The * about the wrapped exception, which may be useful for debugging. The
* detail message is set to (<code>cause==null ? null : cause.toString() * detail message is set to ({@code cause==null ? null : cause.toString()})
* </code>) (which typically contains the class and detail message of * (which typically contains the class and detail message of
* cause). * cause).
* *
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause getCause()} method). (A <code>null</code> value is * {@link #getCause getCause()} method). (A {@code null} value is
* permitted, and indicates that the cause is nonexistent or unknown.) * permitted, and indicates that the cause is nonexistent or unknown.)
*/ */
public CertPathBuilderException(Throwable cause) { public CertPathBuilderException(Throwable cause) {
...@@ -89,12 +89,12 @@ public class CertPathBuilderException extends GeneralSecurityException { ...@@ -89,12 +89,12 @@ public class CertPathBuilderException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathBuilderException</code> with the specified * Creates a {@code CertPathBuilderException} with the specified
* detail message and cause. * detail message and cause.
* *
* @param msg the detail message * @param msg the detail message
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause getCause()} method). (A <code>null</code> value is * {@link #getCause getCause()} method). (A {@code null} value is
* permitted, and indicates that the cause is nonexistent or unknown.) * permitted, and indicates that the cause is nonexistent or unknown.)
*/ */
public CertPathBuilderException(String msg, Throwable cause) { public CertPathBuilderException(String msg, Throwable cause) {
......
src/share/classes/java/security/cert/CertPathBuilderResult.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -30,8 +30,8 @@ package java.security.cert; ...@@ -30,8 +30,8 @@ package java.security.cert;
* All results returned by the {@link CertPathBuilder#build * All results returned by the {@link CertPathBuilder#build
* CertPathBuilder.build} method must implement this interface. * CertPathBuilder.build} method must implement this interface.
* <p> * <p>
* At a minimum, a <code>CertPathBuilderResult</code> contains the * At a minimum, a {@code CertPathBuilderResult} contains the
* <code>CertPath</code> built by the <code>CertPathBuilder</code> instance. * {@code CertPath} built by the {@code CertPathBuilder} instance.
* Implementations of this interface may add methods to return implementation * Implementations of this interface may add methods to return implementation
* or algorithm specific information, such as debugging information or * or algorithm specific information, such as debugging information or
* certification path validation results. * certification path validation results.
...@@ -54,15 +54,15 @@ public interface CertPathBuilderResult extends Cloneable { ...@@ -54,15 +54,15 @@ public interface CertPathBuilderResult extends Cloneable {
/** /**
* Returns the built certification path. * Returns the built certification path.
* *
* @return the certification path (never <code>null</code>) * @return the certification path (never {@code null})
*/ */
CertPath getCertPath(); CertPath getCertPath();
/** /**
* Makes a copy of this <code>CertPathBuilderResult</code>. Changes to the * Makes a copy of this {@code CertPathBuilderResult}. Changes to the
* copy will not affect the original and vice versa. * copy will not affect the original and vice versa.
* *
* @return a copy of this <code>CertPathBuilderResult</code> * @return a copy of this {@code CertPathBuilderResult}
*/ */
Object clone(); Object clone();
} }
src/share/classes/java/security/cert/CertPathBuilderSpi.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -30,23 +30,23 @@ import java.security.InvalidAlgorithmParameterException; ...@@ -30,23 +30,23 @@ import java.security.InvalidAlgorithmParameterException;
/** /**
* The <i>Service Provider Interface</i> (<b>SPI</b>) * The <i>Service Provider Interface</i> (<b>SPI</b>)
* for the {@link CertPathBuilder CertPathBuilder} class. All * for the {@link CertPathBuilder CertPathBuilder} class. All
* <code>CertPathBuilder</code> implementations must include a class (the * {@code CertPathBuilder} implementations must include a class (the
* SPI class) that extends this class (<code>CertPathBuilderSpi</code>) and * SPI class) that extends this class ({@code CertPathBuilderSpi}) and
* implements all of its methods. In general, instances of this class should * implements all of its methods. In general, instances of this class should
* only be accessed through the <code>CertPathBuilder</code> class. For * only be accessed through the {@code CertPathBuilder} class. For
* details, see the Java Cryptography Architecture. * details, see the Java Cryptography Architecture.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
* Instances of this class need not be protected against concurrent * Instances of this class need not be protected against concurrent
* access from multiple threads. Threads that need to access a single * access from multiple threads. Threads that need to access a single
* <code>CertPathBuilderSpi</code> instance concurrently should synchronize * {@code CertPathBuilderSpi} instance concurrently should synchronize
* amongst themselves and provide the necessary locking before calling the * amongst themselves and provide the necessary locking before calling the
* wrapping <code>CertPathBuilder</code> object. * wrapping {@code CertPathBuilder} object.
* <p> * <p>
* However, implementations of <code>CertPathBuilderSpi</code> may still * However, implementations of {@code CertPathBuilderSpi} may still
* encounter concurrency issues, since multiple threads each * encounter concurrency issues, since multiple threads each
* manipulating a different <code>CertPathBuilderSpi</code> instance need not * manipulating a different {@code CertPathBuilderSpi} instance need not
* synchronize. * synchronize.
* *
* @since 1.4 * @since 1.4
...@@ -68,7 +68,7 @@ public abstract class CertPathBuilderSpi { ...@@ -68,7 +68,7 @@ public abstract class CertPathBuilderSpi {
* @throws CertPathBuilderException if the builder is unable to construct * @throws CertPathBuilderException if the builder is unable to construct
* a certification path that satisfies the specified parameters * a certification path that satisfies the specified parameters
* @throws InvalidAlgorithmParameterException if the specified parameters * @throws InvalidAlgorithmParameterException if the specified parameters
* are inappropriate for this <code>CertPathBuilder</code> * are inappropriate for this {@code CertPathBuilder}
*/ */
public abstract CertPathBuilderResult engineBuild(CertPathParameters params) public abstract CertPathBuilderResult engineBuild(CertPathParameters params)
throws CertPathBuilderException, InvalidAlgorithmParameterException; throws CertPathBuilderException, InvalidAlgorithmParameterException;
......
src/share/classes/java/security/cert/CertPathParameters.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -28,8 +28,8 @@ package java.security.cert; ...@@ -28,8 +28,8 @@ package java.security.cert;
/** /**
* A specification of certification path algorithm parameters. * A specification of certification path algorithm parameters.
* The purpose of this interface is to group (and provide type safety for) * The purpose of this interface is to group (and provide type safety for)
* all <code>CertPath</code> parameter specifications. All * all {@code CertPath} parameter specifications. All
* <code>CertPath</code> parameter specifications must implement this * {@code CertPath} parameter specifications must implement this
* interface. * interface.
* *
* @author Yassir Elley * @author Yassir Elley
...@@ -40,10 +40,10 @@ package java.security.cert; ...@@ -40,10 +40,10 @@ package java.security.cert;
public interface CertPathParameters extends Cloneable { public interface CertPathParameters extends Cloneable {
/** /**
* Makes a copy of this <code>CertPathParameters</code>. Changes to the * Makes a copy of this {@code CertPathParameters}. Changes to the
* copy will not affect the original and vice versa. * copy will not affect the original and vice versa.
* *
* @return a copy of this <code>CertPathParameters</code> * @return a copy of this {@code CertPathParameters}
*/ */
Object clone(); Object clone();
} }
src/share/classes/java/security/cert/CertPathValidator.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -42,17 +42,17 @@ import sun.security.jca.GetInstance.Instance; ...@@ -42,17 +42,17 @@ import sun.security.jca.GetInstance.Instance;
* chains). * chains).
* <p> * <p>
* This class uses a provider-based architecture. * This class uses a provider-based architecture.
* To create a <code>CertPathValidator</code>, * To create a {@code CertPathValidator},
* call one of the static <code>getInstance</code> methods, passing in the * call one of the static {@code getInstance} methods, passing in the
* algorithm name of the <code>CertPathValidator</code> desired and * algorithm name of the {@code CertPathValidator} desired and
* optionally the name of the provider desired. * optionally the name of the provider desired.
* *
* <p>Once a <code>CertPathValidator</code> object has been created, it can * <p>Once a {@code CertPathValidator} object has been created, it can
* be used to validate certification paths by calling the {@link #validate * be used to validate certification paths by calling the {@link #validate
* validate} method and passing it the <code>CertPath</code> to be validated * validate} method and passing it the {@code CertPath} to be validated
* and an algorithm-specific set of parameters. If successful, the result is * and an algorithm-specific set of parameters. If successful, the result is
* returned in an object that implements the * returned in an object that implements the
* <code>CertPathValidatorResult</code> interface. * {@code CertPathValidatorResult} interface.
* *
* <p>The {@link #getRevocationChecker} method allows an application to specify * <p>The {@link #getRevocationChecker} method allows an application to specify
* additional algorithm-specific parameters and options used by the * additional algorithm-specific parameters and options used by the
...@@ -69,9 +69,9 @@ import sun.security.jca.GetInstance.Instance; ...@@ -69,9 +69,9 @@ import sun.security.jca.GetInstance.Instance;
* </pre> * </pre>
* *
* <p>Every implementation of the Java platform is required to support the * <p>Every implementation of the Java platform is required to support the
* following standard <code>CertPathValidator</code> algorithm: * following standard {@code CertPathValidator} algorithm:
* <ul> * <ul>
* <li><tt>PKIX</tt></li> * <li>{@code PKIX}</li>
* </ul> * </ul>
* This algorithm is described in the <a href= * This algorithm is described in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
...@@ -89,9 +89,9 @@ import sun.security.jca.GetInstance.Instance; ...@@ -89,9 +89,9 @@ import sun.security.jca.GetInstance.Instance;
* <p> * <p>
* However, this is not true for the non-static methods defined by this class. * However, this is not true for the non-static methods defined by this class.
* Unless otherwise documented by a specific provider, threads that need to * Unless otherwise documented by a specific provider, threads that need to
* access a single <code>CertPathValidator</code> instance concurrently should * access a single {@code CertPathValidator} instance concurrently should
* synchronize amongst themselves and provide the necessary locking. Multiple * synchronize amongst themselves and provide the necessary locking. Multiple
* threads each manipulating a different <code>CertPathValidator</code> * threads each manipulating a different {@code CertPathValidator}
* instance need not synchronize. * instance need not synchronize.
* *
* @see CertPath * @see CertPath
...@@ -115,7 +115,7 @@ public class CertPathValidator { ...@@ -115,7 +115,7 @@ public class CertPathValidator {
private final String algorithm; private final String algorithm;
/** /**
* Creates a <code>CertPathValidator</code> object of the given algorithm, * Creates a {@code CertPathValidator} object of the given algorithm,
* and encapsulates the given provider implementation (SPI object) in it. * and encapsulates the given provider implementation (SPI object) in it.
* *
* @param validatorSpi the provider implementation * @param validatorSpi the provider implementation
...@@ -131,7 +131,7 @@ public class CertPathValidator { ...@@ -131,7 +131,7 @@ public class CertPathValidator {
} }
/** /**
* Returns a <code>CertPathValidator</code> object that implements the * Returns a {@code CertPathValidator} object that implements the
* specified algorithm. * specified algorithm.
* *
* <p> This method traverses the list of registered security Providers, * <p> This method traverses the list of registered security Providers,
...@@ -143,13 +143,13 @@ public class CertPathValidator { ...@@ -143,13 +143,13 @@ public class CertPathValidator {
* <p> Note that the list of registered providers may be retrieved via * <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method. * the {@link Security#getProviders() Security.getProviders()} method.
* *
* @param algorithm the name of the requested <code>CertPathValidator</code> * @param algorithm the name of the requested {@code CertPathValidator}
* algorithm. See the CertPathValidator section in the <a href= * algorithm. See the CertPathValidator section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard algorithm names. * for information about standard algorithm names.
* *
* @return a <code>CertPathValidator</code> object that implements the * @return a {@code CertPathValidator} object that implements the
* specified algorithm. * specified algorithm.
* *
* @exception NoSuchAlgorithmException if no Provider supports a * @exception NoSuchAlgorithmException if no Provider supports a
...@@ -167,7 +167,7 @@ public class CertPathValidator { ...@@ -167,7 +167,7 @@ public class CertPathValidator {
} }
/** /**
* Returns a <code>CertPathValidator</code> object that implements the * Returns a {@code CertPathValidator} object that implements the
* specified algorithm. * specified algorithm.
* *
* <p> A new CertPathValidator object encapsulating the * <p> A new CertPathValidator object encapsulating the
...@@ -178,7 +178,7 @@ public class CertPathValidator { ...@@ -178,7 +178,7 @@ public class CertPathValidator {
* <p> Note that the list of registered providers may be retrieved via * <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method. * the {@link Security#getProviders() Security.getProviders()} method.
* *
* @param algorithm the name of the requested <code>CertPathValidator</code> * @param algorithm the name of the requested {@code CertPathValidator}
* algorithm. See the CertPathValidator section in the <a href= * algorithm. See the CertPathValidator section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
...@@ -186,7 +186,7 @@ public class CertPathValidator { ...@@ -186,7 +186,7 @@ public class CertPathValidator {
* *
* @param provider the name of the provider. * @param provider the name of the provider.
* *
* @return a <code>CertPathValidator</code> object that implements the * @return a {@code CertPathValidator} object that implements the
* specified algorithm. * specified algorithm.
* *
* @exception NoSuchAlgorithmException if a CertPathValidatorSpi * @exception NoSuchAlgorithmException if a CertPathValidatorSpi
...@@ -196,7 +196,7 @@ public class CertPathValidator { ...@@ -196,7 +196,7 @@ public class CertPathValidator {
* @exception NoSuchProviderException if the specified provider is not * @exception NoSuchProviderException if the specified provider is not
* registered in the security provider list. * registered in the security provider list.
* *
* @exception IllegalArgumentException if the <code>provider</code> is * @exception IllegalArgumentException if the {@code provider} is
* null or empty. * null or empty.
* *
* @see java.security.Provider * @see java.security.Provider
...@@ -211,7 +211,7 @@ public class CertPathValidator { ...@@ -211,7 +211,7 @@ public class CertPathValidator {
} }
/** /**
* Returns a <code>CertPathValidator</code> object that implements the * Returns a {@code CertPathValidator} object that implements the
* specified algorithm. * specified algorithm.
* *
* <p> A new CertPathValidator object encapsulating the * <p> A new CertPathValidator object encapsulating the
...@@ -219,7 +219,7 @@ public class CertPathValidator { ...@@ -219,7 +219,7 @@ public class CertPathValidator {
* object is returned. Note that the specified Provider object * object is returned. Note that the specified Provider object
* does not have to be registered in the provider list. * does not have to be registered in the provider list.
* *
* @param algorithm the name of the requested <code>CertPathValidator</code> * @param algorithm the name of the requested {@code CertPathValidator}
* algorithm. See the CertPathValidator section in the <a href= * algorithm. See the CertPathValidator section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
...@@ -227,14 +227,14 @@ public class CertPathValidator { ...@@ -227,14 +227,14 @@ public class CertPathValidator {
* *
* @param provider the provider. * @param provider the provider.
* *
* @return a <code>CertPathValidator</code> object that implements the * @return a {@code CertPathValidator} object that implements the
* specified algorithm. * specified algorithm.
* *
* @exception NoSuchAlgorithmException if a CertPathValidatorSpi * @exception NoSuchAlgorithmException if a CertPathValidatorSpi
* implementation for the specified algorithm is not available * implementation for the specified algorithm is not available
* from the specified Provider object. * from the specified Provider object.
* *
* @exception IllegalArgumentException if the <code>provider</code> is * @exception IllegalArgumentException if the {@code provider} is
* null. * null.
* *
* @see java.security.Provider * @see java.security.Provider
...@@ -248,19 +248,19 @@ public class CertPathValidator { ...@@ -248,19 +248,19 @@ public class CertPathValidator {
} }
/** /**
* Returns the <code>Provider</code> of this * Returns the {@code Provider} of this
* <code>CertPathValidator</code>. * {@code CertPathValidator}.
* *
* @return the <code>Provider</code> of this <code>CertPathValidator</code> * @return the {@code Provider} of this {@code CertPathValidator}
*/ */
public final Provider getProvider() { public final Provider getProvider() {
return this.provider; return this.provider;
} }
/** /**
* Returns the algorithm name of this <code>CertPathValidator</code>. * Returns the algorithm name of this {@code CertPathValidator}.
* *
* @return the algorithm name of this <code>CertPathValidator</code> * @return the algorithm name of this {@code CertPathValidator}
*/ */
public final String getAlgorithm() { public final String getAlgorithm() {
return this.algorithm; return this.algorithm;
...@@ -270,20 +270,20 @@ public class CertPathValidator { ...@@ -270,20 +270,20 @@ public class CertPathValidator {
* Validates the specified certification path using the specified * Validates the specified certification path using the specified
* algorithm parameter set. * algorithm parameter set.
* <p> * <p>
* The <code>CertPath</code> specified must be of a type that is * The {@code CertPath} specified must be of a type that is
* supported by the validation algorithm, otherwise an * supported by the validation algorithm, otherwise an
* <code>InvalidAlgorithmParameterException</code> will be thrown. For * {@code InvalidAlgorithmParameterException} will be thrown. For
* example, a <code>CertPathValidator</code> that implements the PKIX * example, a {@code CertPathValidator} that implements the PKIX
* algorithm validates <code>CertPath</code> objects of type X.509. * algorithm validates {@code CertPath} objects of type X.509.
* *
* @param certPath the <code>CertPath</code> to be validated * @param certPath the {@code CertPath} to be validated
* @param params the algorithm parameters * @param params the algorithm parameters
* @return the result of the validation algorithm * @return the result of the validation algorithm
* @exception CertPathValidatorException if the <code>CertPath</code> * @exception CertPathValidatorException if the {@code CertPath}
* does not validate * does not validate
* @exception InvalidAlgorithmParameterException if the specified * @exception InvalidAlgorithmParameterException if the specified
* parameters or the type of the specified <code>CertPath</code> are * parameters or the type of the specified {@code CertPath} are
* inappropriate for this <code>CertPathValidator</code> * inappropriate for this {@code CertPathValidator}
*/ */
public final CertPathValidatorResult validate(CertPath certPath, public final CertPathValidatorResult validate(CertPath certPath,
CertPathParameters params) CertPathParameters params)
......
src/share/classes/java/security/cert/CertPathValidatorException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -34,11 +34,11 @@ import java.security.GeneralSecurityException; ...@@ -34,11 +34,11 @@ import java.security.GeneralSecurityException;
* An exception indicating one of a variety of problems encountered when * An exception indicating one of a variety of problems encountered when
* validating a certification path. * validating a certification path.
* <p> * <p>
* A <code>CertPathValidatorException</code> provides support for wrapping * A {@code CertPathValidatorException} provides support for wrapping
* exceptions. The {@link #getCause getCause} method returns the throwable, * exceptions. The {@link #getCause getCause} method returns the throwable,
* if any, that caused this exception to be thrown. * if any, that caused this exception to be thrown.
* <p> * <p>
* A <code>CertPathValidatorException</code> may also include the * A {@code CertPathValidatorException} may also include the
* certification path that was being validated when the exception was thrown, * certification path that was being validated when the exception was thrown,
* the index of the certificate in the certification path that caused the * the index of the certificate in the certification path that caused the
* exception to be thrown, and the reason that caused the failure. Use the * exception to be thrown, and the reason that caused the failure. Use the
...@@ -70,7 +70,7 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -70,7 +70,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
private int index = -1; private int index = -1;
/** /**
* @serial the <code>CertPath</code> that was being validated when * @serial the {@code CertPath} that was being validated when
* the exception was thrown * the exception was thrown
*/ */
private CertPath certPath; private CertPath certPath;
...@@ -81,7 +81,7 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -81,7 +81,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
private Reason reason = BasicReason.UNSPECIFIED; private Reason reason = BasicReason.UNSPECIFIED;
/** /**
* Creates a <code>CertPathValidatorException</code> with * Creates a {@code CertPathValidatorException} with
* no detail message. * no detail message.
*/ */
public CertPathValidatorException() { public CertPathValidatorException() {
...@@ -89,8 +89,8 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -89,8 +89,8 @@ public class CertPathValidatorException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathValidatorException</code> with the given * Creates a {@code CertPathValidatorException} with the given
* detail message. A detail message is a <code>String</code> that * detail message. A detail message is a {@code String} that
* describes this particular exception. * describes this particular exception.
* *
* @param msg the detail message * @param msg the detail message
...@@ -100,16 +100,16 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -100,16 +100,16 @@ public class CertPathValidatorException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathValidatorException</code> that wraps the * Creates a {@code CertPathValidatorException} that wraps the
* specified throwable. This allows any exception to be converted into a * specified throwable. This allows any exception to be converted into a
* <code>CertPathValidatorException</code>, while retaining information * {@code CertPathValidatorException}, while retaining information
* about the wrapped exception, which may be useful for debugging. The * about the wrapped exception, which may be useful for debugging. The
* detail message is set to (<code>cause==null ? null : cause.toString() * detail message is set to ({@code cause==null ? null : cause.toString()})
* </code>) (which typically contains the class and detail message of * (which typically contains the class and detail message of
* cause). * cause).
* *
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause getCause()} method). (A <code>null</code> value is * {@link #getCause getCause()} method). (A {@code null} value is
* permitted, and indicates that the cause is nonexistent or unknown.) * permitted, and indicates that the cause is nonexistent or unknown.)
*/ */
public CertPathValidatorException(Throwable cause) { public CertPathValidatorException(Throwable cause) {
...@@ -117,12 +117,12 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -117,12 +117,12 @@ public class CertPathValidatorException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathValidatorException</code> with the specified * Creates a {@code CertPathValidatorException} with the specified
* detail message and cause. * detail message and cause.
* *
* @param msg the detail message * @param msg the detail message
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause getCause()} method). (A <code>null</code> value is * {@link #getCause getCause()} method). (A {@code null} value is
* permitted, and indicates that the cause is nonexistent or unknown.) * permitted, and indicates that the cause is nonexistent or unknown.)
*/ */
public CertPathValidatorException(String msg, Throwable cause) { public CertPathValidatorException(String msg, Throwable cause) {
...@@ -130,21 +130,21 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -130,21 +130,21 @@ public class CertPathValidatorException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathValidatorException</code> with the specified * Creates a {@code CertPathValidatorException} with the specified
* detail message, cause, certification path, and index. * detail message, cause, certification path, and index.
* *
* @param msg the detail message (or <code>null</code> if none) * @param msg the detail message (or {@code null} if none)
* @param cause the cause (or <code>null</code> if none) * @param cause the cause (or {@code null} if none)
* @param certPath the certification path that was in the process of * @param certPath the certification path that was in the process of
* being validated when the error was encountered * being validated when the error was encountered
* @param index the index of the certificate in the certification path * @param index the index of the certificate in the certification path
* that caused the error (or -1 if not applicable). Note that * that caused the error (or -1 if not applicable). Note that
* the list of certificates in a <code>CertPath</code> is zero based. * the list of certificates in a {@code CertPath} is zero based.
* @throws IndexOutOfBoundsException if the index is out of range * @throws IndexOutOfBoundsException if the index is out of range
* {@code (index < -1 || (certPath != null && index >= * {@code (index < -1 || (certPath != null && index >=
* certPath.getCertificates().size()) } * certPath.getCertificates().size()) }
* @throws IllegalArgumentException if <code>certPath</code> is * @throws IllegalArgumentException if {@code certPath} is
* <code>null</code> and <code>index</code> is not -1 * {@code null} and {@code index} is not -1
*/ */
public CertPathValidatorException(String msg, Throwable cause, public CertPathValidatorException(String msg, Throwable cause,
CertPath certPath, int index) { CertPath certPath, int index) {
...@@ -152,23 +152,23 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -152,23 +152,23 @@ public class CertPathValidatorException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertPathValidatorException</code> with the specified * Creates a {@code CertPathValidatorException} with the specified
* detail message, cause, certification path, index, and reason. * detail message, cause, certification path, index, and reason.
* *
* @param msg the detail message (or <code>null</code> if none) * @param msg the detail message (or {@code null} if none)
* @param cause the cause (or <code>null</code> if none) * @param cause the cause (or {@code null} if none)
* @param certPath the certification path that was in the process of * @param certPath the certification path that was in the process of
* being validated when the error was encountered * being validated when the error was encountered
* @param index the index of the certificate in the certification path * @param index the index of the certificate in the certification path
* that caused the error (or -1 if not applicable). Note that * that caused the error (or -1 if not applicable). Note that
* the list of certificates in a <code>CertPath</code> is zero based. * the list of certificates in a {@code CertPath} is zero based.
* @param reason the reason the validation failed * @param reason the reason the validation failed
* @throws IndexOutOfBoundsException if the index is out of range * @throws IndexOutOfBoundsException if the index is out of range
* {@code (index < -1 || (certPath != null && index >= * {@code (index < -1 || (certPath != null && index >=
* certPath.getCertificates().size()) } * certPath.getCertificates().size()) }
* @throws IllegalArgumentException if <code>certPath</code> is * @throws IllegalArgumentException if {@code certPath} is
* <code>null</code> and <code>index</code> is not -1 * {@code null} and {@code index} is not -1
* @throws NullPointerException if <code>reason</code> is <code>null</code> * @throws NullPointerException if {@code reason} is {@code null}
* *
* @since 1.7 * @since 1.7
*/ */
...@@ -194,8 +194,8 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -194,8 +194,8 @@ public class CertPathValidatorException extends GeneralSecurityException {
* Returns the certification path that was being validated when * Returns the certification path that was being validated when
* the exception was thrown. * the exception was thrown.
* *
* @return the <code>CertPath</code> that was being validated when * @return the {@code CertPath} that was being validated when
* the exception was thrown (or <code>null</code> if not specified) * the exception was thrown (or {@code null} if not specified)
*/ */
public CertPath getCertPath() { public CertPath getCertPath() {
return this.certPath; return this.certPath;
...@@ -204,7 +204,7 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -204,7 +204,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
/** /**
* Returns the index of the certificate in the certification path * Returns the index of the certificate in the certification path
* that caused the exception to be thrown. Note that the list of * that caused the exception to be thrown. Note that the list of
* certificates in a <code>CertPath</code> is zero based. If no * certificates in a {@code CertPath} is zero based. If no
* index has been set, -1 is returned. * index has been set, -1 is returned.
* *
* @return the index that has been set, or -1 if none has been set * @return the index that has been set, or -1 if none has been set
...@@ -219,7 +219,7 @@ public class CertPathValidatorException extends GeneralSecurityException { ...@@ -219,7 +219,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
* {@link #getIndex}. * {@link #getIndex}.
* *
* @return the reason that the validation failed, or * @return the reason that the validation failed, or
* <code>BasicReason.UNSPECIFIED</code> if a reason has not been * {@code BasicReason.UNSPECIFIED} if a reason has not been
* specified * specified
* *
* @since 1.7 * @since 1.7
......
src/share/classes/java/security/cert/CertPathValidatorResult.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -41,10 +41,10 @@ package java.security.cert; ...@@ -41,10 +41,10 @@ package java.security.cert;
public interface CertPathValidatorResult extends Cloneable { public interface CertPathValidatorResult extends Cloneable {
/** /**
* Makes a copy of this <code>CertPathValidatorResult</code>. Changes to the * Makes a copy of this {@code CertPathValidatorResult}. Changes to the
* copy will not affect the original and vice versa. * copy will not affect the original and vice versa.
* *
* @return a copy of this <code>CertPathValidatorResult</code> * @return a copy of this {@code CertPathValidatorResult}
*/ */
Object clone(); Object clone();
} }
src/share/classes/java/security/cert/CertPathValidatorSpi.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -31,23 +31,23 @@ import java.security.InvalidAlgorithmParameterException; ...@@ -31,23 +31,23 @@ import java.security.InvalidAlgorithmParameterException;
* *
* The <i>Service Provider Interface</i> (<b>SPI</b>) * The <i>Service Provider Interface</i> (<b>SPI</b>)
* for the {@link CertPathValidator CertPathValidator} class. All * for the {@link CertPathValidator CertPathValidator} class. All
* <code>CertPathValidator</code> implementations must include a class (the * {@code CertPathValidator} implementations must include a class (the
* SPI class) that extends this class (<code>CertPathValidatorSpi</code>) * SPI class) that extends this class ({@code CertPathValidatorSpi})
* and implements all of its methods. In general, instances of this class * and implements all of its methods. In general, instances of this class
* should only be accessed through the <code>CertPathValidator</code> class. * should only be accessed through the {@code CertPathValidator} class.
* For details, see the Java Cryptography Architecture. * For details, see the Java Cryptography Architecture.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
* Instances of this class need not be protected against concurrent * Instances of this class need not be protected against concurrent
* access from multiple threads. Threads that need to access a single * access from multiple threads. Threads that need to access a single
* <code>CertPathValidatorSpi</code> instance concurrently should synchronize * {@code CertPathValidatorSpi} instance concurrently should synchronize
* amongst themselves and provide the necessary locking before calling the * amongst themselves and provide the necessary locking before calling the
* wrapping <code>CertPathValidator</code> object. * wrapping {@code CertPathValidator} object.
* <p> * <p>
* However, implementations of <code>CertPathValidatorSpi</code> may still * However, implementations of {@code CertPathValidatorSpi} may still
* encounter concurrency issues, since multiple threads each * encounter concurrency issues, since multiple threads each
* manipulating a different <code>CertPathValidatorSpi</code> instance need not * manipulating a different {@code CertPathValidatorSpi} instance need not
* synchronize. * synchronize.
* *
* @since 1.4 * @since 1.4
...@@ -64,20 +64,20 @@ public abstract class CertPathValidatorSpi { ...@@ -64,20 +64,20 @@ public abstract class CertPathValidatorSpi {
* Validates the specified certification path using the specified * Validates the specified certification path using the specified
* algorithm parameter set. * algorithm parameter set.
* <p> * <p>
* The <code>CertPath</code> specified must be of a type that is * The {@code CertPath} specified must be of a type that is
* supported by the validation algorithm, otherwise an * supported by the validation algorithm, otherwise an
* <code>InvalidAlgorithmParameterException</code> will be thrown. For * {@code InvalidAlgorithmParameterException} will be thrown. For
* example, a <code>CertPathValidator</code> that implements the PKIX * example, a {@code CertPathValidator} that implements the PKIX
* algorithm validates <code>CertPath</code> objects of type X.509. * algorithm validates {@code CertPath} objects of type X.509.
* *
* @param certPath the <code>CertPath</code> to be validated * @param certPath the {@code CertPath} to be validated
* @param params the algorithm parameters * @param params the algorithm parameters
* @return the result of the validation algorithm * @return the result of the validation algorithm
* @exception CertPathValidatorException if the <code>CertPath</code> * @exception CertPathValidatorException if the {@code CertPath}
* does not validate * does not validate
* @exception InvalidAlgorithmParameterException if the specified * @exception InvalidAlgorithmParameterException if the specified
* parameters or the type of the specified <code>CertPath</code> are * parameters or the type of the specified {@code CertPath} are
* inappropriate for this <code>CertPathValidator</code> * inappropriate for this {@code CertPathValidator}
*/ */
public abstract CertPathValidatorResult public abstract CertPathValidatorResult
engineValidate(CertPath certPath, CertPathParameters params) engineValidate(CertPath certPath, CertPathParameters params)
......
src/share/classes/java/security/cert/CertSelector.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -27,9 +27,9 @@ package java.security.cert; ...@@ -27,9 +27,9 @@ package java.security.cert;
/** /**
* A selector that defines a set of criteria for selecting * A selector that defines a set of criteria for selecting
* <code>Certificate</code>s. Classes that implement this interface * {@code Certificate}s. Classes that implement this interface
* are often used to specify which <code>Certificate</code>s should * are often used to specify which {@code Certificate}s should
* be retrieved from a <code>CertStore</code>. * be retrieved from a {@code CertStore}.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
...@@ -49,19 +49,19 @@ package java.security.cert; ...@@ -49,19 +49,19 @@ package java.security.cert;
public interface CertSelector extends Cloneable { public interface CertSelector extends Cloneable {
/** /**
* Decides whether a <code>Certificate</code> should be selected. * Decides whether a {@code Certificate} should be selected.
* *
* @param cert the <code>Certificate</code> to be checked * @param cert the {@code Certificate} to be checked
* @return <code>true</code> if the <code>Certificate</code> * @return {@code true} if the {@code Certificate}
* should be selected, <code>false</code> otherwise * should be selected, {@code false} otherwise
*/ */
boolean match(Certificate cert); boolean match(Certificate cert);
/** /**
* Makes a copy of this <code>CertSelector</code>. Changes to the * Makes a copy of this {@code CertSelector}. Changes to the
* copy will not affect the original and vice versa. * copy will not affect the original and vice versa.
* *
* @return a copy of this <code>CertSelector</code> * @return a copy of this {@code CertSelector}
*/ */
Object clone(); Object clone();
} }
src/share/classes/java/security/cert/CertStore.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -38,32 +38,32 @@ import sun.security.jca.*; ...@@ -38,32 +38,32 @@ import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance; import sun.security.jca.GetInstance.Instance;
/** /**
* A class for retrieving <code>Certificate</code>s and <code>CRL</code>s * A class for retrieving {@code Certificate}s and {@code CRL}s
* from a repository. * from a repository.
* <p> * <p>
* This class uses a provider-based architecture. * This class uses a provider-based architecture.
* To create a <code>CertStore</code>, call one of the static * To create a {@code CertStore}, call one of the static
* <code>getInstance</code> methods, passing in the type of * {@code getInstance} methods, passing in the type of
* <code>CertStore</code> desired, any applicable initialization parameters * {@code CertStore} desired, any applicable initialization parameters
* and optionally the name of the provider desired. * and optionally the name of the provider desired.
* <p> * <p>
* Once the <code>CertStore</code> has been created, it can be used to * Once the {@code CertStore} has been created, it can be used to
* retrieve <code>Certificate</code>s and <code>CRL</code>s by calling its * retrieve {@code Certificate}s and {@code CRL}s by calling its
* {@link #getCertificates(CertSelector selector) getCertificates} and * {@link #getCertificates(CertSelector selector) getCertificates} and
* {@link #getCRLs(CRLSelector selector) getCRLs} methods. * {@link #getCRLs(CRLSelector selector) getCRLs} methods.
* <p> * <p>
* Unlike a {@link java.security.KeyStore KeyStore}, which provides access * Unlike a {@link java.security.KeyStore KeyStore}, which provides access
* to a cache of private keys and trusted certificates, a * to a cache of private keys and trusted certificates, a
* <code>CertStore</code> is designed to provide access to a potentially * {@code CertStore} is designed to provide access to a potentially
* vast repository of untrusted certificates and CRLs. For example, an LDAP * vast repository of untrusted certificates and CRLs. For example, an LDAP
* implementation of <code>CertStore</code> provides access to certificates * implementation of {@code CertStore} provides access to certificates
* and CRLs stored in one or more directories using the LDAP protocol and the * and CRLs stored in one or more directories using the LDAP protocol and the
* schema as defined in the RFC service attribute. * schema as defined in the RFC service attribute.
* *
* <p> Every implementation of the Java platform is required to support the * <p> Every implementation of the Java platform is required to support the
* following standard <code>CertStore</code> type: * following standard {@code CertStore} type:
* <ul> * <ul>
* <li><tt>Collection</tt></li> * <li>{@code Collection}</li>
* </ul> * </ul>
* This type is described in the <a href= * This type is described in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
...@@ -75,10 +75,10 @@ import sun.security.jca.GetInstance.Instance; ...@@ -75,10 +75,10 @@ import sun.security.jca.GetInstance.Instance;
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
* All public methods of <code>CertStore</code> objects must be thread-safe. * All public methods of {@code CertStore} objects must be thread-safe.
* That is, multiple threads may concurrently invoke these methods on a * That is, multiple threads may concurrently invoke these methods on a
* single <code>CertStore</code> object (or more than one) with no * single {@code CertStore} object (or more than one) with no
* ill effects. This allows a <code>CertPathBuilder</code> to search for a * ill effects. This allows a {@code CertPathBuilder} to search for a
* CRL while simultaneously searching for further certificates, for instance. * CRL while simultaneously searching for further certificates, for instance.
* <p> * <p>
* The static methods of this class are also guaranteed to be thread-safe. * The static methods of this class are also guaranteed to be thread-safe.
...@@ -104,13 +104,13 @@ public class CertStore { ...@@ -104,13 +104,13 @@ public class CertStore {
private CertStoreParameters params; private CertStoreParameters params;
/** /**
* Creates a <code>CertStore</code> object of the given type, and * Creates a {@code CertStore} object of the given type, and
* encapsulates the given provider implementation (SPI object) in it. * encapsulates the given provider implementation (SPI object) in it.
* *
* @param storeSpi the provider implementation * @param storeSpi the provider implementation
* @param provider the provider * @param provider the provider
* @param type the type * @param type the type
* @param params the initialization parameters (may be <code>null</code>) * @param params the initialization parameters (may be {@code null})
*/ */
protected CertStore(CertStoreSpi storeSpi, Provider provider, protected CertStore(CertStoreSpi storeSpi, Provider provider,
String type, CertStoreParameters params) { String type, CertStoreParameters params) {
...@@ -122,28 +122,28 @@ public class CertStore { ...@@ -122,28 +122,28 @@ public class CertStore {
} }
/** /**
* Returns a <code>Collection</code> of <code>Certificate</code>s that * Returns a {@code Collection} of {@code Certificate}s that
* match the specified selector. If no <code>Certificate</code>s * match the specified selector. If no {@code Certificate}s
* match the selector, an empty <code>Collection</code> will be returned. * match the selector, an empty {@code Collection} will be returned.
* <p> * <p>
* For some <code>CertStore</code> types, the resulting * For some {@code CertStore} types, the resulting
* <code>Collection</code> may not contain <b>all</b> of the * {@code Collection} may not contain <b>all</b> of the
* <code>Certificate</code>s that match the selector. For instance, * {@code Certificate}s that match the selector. For instance,
* an LDAP <code>CertStore</code> may not search all entries in the * an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to * directory. Instead, it may just search entries that are likely to
* contain the <code>Certificate</code>s it is looking for. * contain the {@code Certificate}s it is looking for.
* <p> * <p>
* Some <code>CertStore</code> implementations (especially LDAP * Some {@code CertStore} implementations (especially LDAP
* <code>CertStore</code>s) may throw a <code>CertStoreException</code> * {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null <code>CertSelector</code> is provided that * unless a non-null {@code CertSelector} is provided that
* includes specific criteria that can be used to find the certificates. * includes specific criteria that can be used to find the certificates.
* Issuer and/or subject names are especially useful criteria. * Issuer and/or subject names are especially useful criteria.
* *
* @param selector A <code>CertSelector</code> used to select which * @param selector A {@code CertSelector} used to select which
* <code>Certificate</code>s should be returned. Specify <code>null</code> * {@code Certificate}s should be returned. Specify {@code null}
* to return all <code>Certificate</code>s (if supported). * to return all {@code Certificate}s (if supported).
* @return A <code>Collection</code> of <code>Certificate</code>s that * @return A {@code Collection} of {@code Certificate}s that
* match the specified selector (never <code>null</code>) * match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs * @throws CertStoreException if an exception occurs
*/ */
public final Collection<? extends Certificate> getCertificates public final Collection<? extends Certificate> getCertificates
...@@ -152,28 +152,28 @@ public class CertStore { ...@@ -152,28 +152,28 @@ public class CertStore {
} }
/** /**
* Returns a <code>Collection</code> of <code>CRL</code>s that * Returns a {@code Collection} of {@code CRL}s that
* match the specified selector. If no <code>CRL</code>s * match the specified selector. If no {@code CRL}s
* match the selector, an empty <code>Collection</code> will be returned. * match the selector, an empty {@code Collection} will be returned.
* <p> * <p>
* For some <code>CertStore</code> types, the resulting * For some {@code CertStore} types, the resulting
* <code>Collection</code> may not contain <b>all</b> of the * {@code Collection} may not contain <b>all</b> of the
* <code>CRL</code>s that match the selector. For instance, * {@code CRL}s that match the selector. For instance,
* an LDAP <code>CertStore</code> may not search all entries in the * an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to * directory. Instead, it may just search entries that are likely to
* contain the <code>CRL</code>s it is looking for. * contain the {@code CRL}s it is looking for.
* <p> * <p>
* Some <code>CertStore</code> implementations (especially LDAP * Some {@code CertStore} implementations (especially LDAP
* <code>CertStore</code>s) may throw a <code>CertStoreException</code> * {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null <code>CRLSelector</code> is provided that * unless a non-null {@code CRLSelector} is provided that
* includes specific criteria that can be used to find the CRLs. * includes specific criteria that can be used to find the CRLs.
* Issuer names and/or the certificate to be checked are especially useful. * Issuer names and/or the certificate to be checked are especially useful.
* *
* @param selector A <code>CRLSelector</code> used to select which * @param selector A {@code CRLSelector} used to select which
* <code>CRL</code>s should be returned. Specify <code>null</code> * {@code CRL}s should be returned. Specify {@code null}
* to return all <code>CRL</code>s (if supported). * to return all {@code CRL}s (if supported).
* @return A <code>Collection</code> of <code>CRL</code>s that * @return A {@code Collection} of {@code CRL}s that
* match the specified selector (never <code>null</code>) * match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs * @throws CertStoreException if an exception occurs
*/ */
public final Collection<? extends CRL> getCRLs(CRLSelector selector) public final Collection<? extends CRL> getCRLs(CRLSelector selector)
...@@ -182,8 +182,8 @@ public class CertStore { ...@@ -182,8 +182,8 @@ public class CertStore {
} }
/** /**
* Returns a <code>CertStore</code> object that implements the specified * Returns a {@code CertStore} object that implements the specified
* <code>CertStore</code> type and is initialized with the specified * {@code CertStore} type and is initialized with the specified
* parameters. * parameters.
* *
* <p> This method traverses the list of registered security Providers, * <p> This method traverses the list of registered security Providers,
...@@ -195,29 +195,29 @@ public class CertStore { ...@@ -195,29 +195,29 @@ public class CertStore {
* <p> Note that the list of registered providers may be retrieved via * <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method. * the {@link Security#getProviders() Security.getProviders()} method.
* *
* <p>The <code>CertStore</code> that is returned is initialized with the * <p>The {@code CertStore} that is returned is initialized with the
* specified <code>CertStoreParameters</code>. The type of parameters * specified {@code CertStoreParameters}. The type of parameters
* needed may vary between different types of <code>CertStore</code>s. * needed may vary between different types of {@code CertStore}s.
* Note that the specified <code>CertStoreParameters</code> object is * Note that the specified {@code CertStoreParameters} object is
* cloned. * cloned.
* *
* @param type the name of the requested <code>CertStore</code> type. * @param type the name of the requested {@code CertStore} type.
* See the CertStore section in the <a href= * See the CertStore section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard types. * for information about standard types.
* *
* @param params the initialization parameters (may be <code>null</code>). * @param params the initialization parameters (may be {@code null}).
* *
* @return a <code>CertStore</code> object that implements the specified * @return a {@code CertStore} object that implements the specified
* <code>CertStore</code> type. * {@code CertStore} type.
* *
* @throws NoSuchAlgorithmException if no Provider supports a * @throws NoSuchAlgorithmException if no Provider supports a
* CertStoreSpi implementation for the specified type. * CertStoreSpi implementation for the specified type.
* *
* @throws InvalidAlgorithmParameterException if the specified * @throws InvalidAlgorithmParameterException if the specified
* initialization parameters are inappropriate for this * initialization parameters are inappropriate for this
* <code>CertStore</code>. * {@code CertStore}.
* *
* @see java.security.Provider * @see java.security.Provider
*/ */
...@@ -244,8 +244,8 @@ public class CertStore { ...@@ -244,8 +244,8 @@ public class CertStore {
} }
/** /**
* Returns a <code>CertStore</code> object that implements the specified * Returns a {@code CertStore} object that implements the specified
* <code>CertStore</code> type. * {@code CertStore} type.
* *
* <p> A new CertStore object encapsulating the * <p> A new CertStore object encapsulating the
* CertStoreSpi implementation from the specified provider * CertStoreSpi implementation from the specified provider
...@@ -255,23 +255,23 @@ public class CertStore { ...@@ -255,23 +255,23 @@ public class CertStore {
* <p> Note that the list of registered providers may be retrieved via * <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method. * the {@link Security#getProviders() Security.getProviders()} method.
* *
* <p>The <code>CertStore</code> that is returned is initialized with the * <p>The {@code CertStore} that is returned is initialized with the
* specified <code>CertStoreParameters</code>. The type of parameters * specified {@code CertStoreParameters}. The type of parameters
* needed may vary between different types of <code>CertStore</code>s. * needed may vary between different types of {@code CertStore}s.
* Note that the specified <code>CertStoreParameters</code> object is * Note that the specified {@code CertStoreParameters} object is
* cloned. * cloned.
* *
* @param type the requested <code>CertStore</code> type. * @param type the requested {@code CertStore} type.
* See the CertStore section in the <a href= * See the CertStore section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard types. * for information about standard types.
* *
* @param params the initialization parameters (may be <code>null</code>). * @param params the initialization parameters (may be {@code null}).
* *
* @param provider the name of the provider. * @param provider the name of the provider.
* *
* @return a <code>CertStore</code> object that implements the * @return a {@code CertStore} object that implements the
* specified type. * specified type.
* *
* @throws NoSuchAlgorithmException if a CertStoreSpi * @throws NoSuchAlgorithmException if a CertStoreSpi
...@@ -280,12 +280,12 @@ public class CertStore { ...@@ -280,12 +280,12 @@ public class CertStore {
* *
* @throws InvalidAlgorithmParameterException if the specified * @throws InvalidAlgorithmParameterException if the specified
* initialization parameters are inappropriate for this * initialization parameters are inappropriate for this
* <code>CertStore</code>. * {@code CertStore}.
* *
* @throws NoSuchProviderException if the specified provider is not * @throws NoSuchProviderException if the specified provider is not
* registered in the security provider list. * registered in the security provider list.
* *
* @exception IllegalArgumentException if the <code>provider</code> is * @exception IllegalArgumentException if the {@code provider} is
* null or empty. * null or empty.
* *
* @see java.security.Provider * @see java.security.Provider
...@@ -305,31 +305,31 @@ public class CertStore { ...@@ -305,31 +305,31 @@ public class CertStore {
} }
/** /**
* Returns a <code>CertStore</code> object that implements the specified * Returns a {@code CertStore} object that implements the specified
* <code>CertStore</code> type. * {@code CertStore} type.
* *
* <p> A new CertStore object encapsulating the * <p> A new CertStore object encapsulating the
* CertStoreSpi implementation from the specified Provider * CertStoreSpi implementation from the specified Provider
* object is returned. Note that the specified Provider object * object is returned. Note that the specified Provider object
* does not have to be registered in the provider list. * does not have to be registered in the provider list.
* *
* <p>The <code>CertStore</code> that is returned is initialized with the * <p>The {@code CertStore} that is returned is initialized with the
* specified <code>CertStoreParameters</code>. The type of parameters * specified {@code CertStoreParameters}. The type of parameters
* needed may vary between different types of <code>CertStore</code>s. * needed may vary between different types of {@code CertStore}s.
* Note that the specified <code>CertStoreParameters</code> object is * Note that the specified {@code CertStoreParameters} object is
* cloned. * cloned.
* *
* @param type the requested <code>CertStore</code> type. * @param type the requested {@code CertStore} type.
* See the CertStore section in the <a href= * See the CertStore section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard types. * for information about standard types.
* *
* @param params the initialization parameters (may be <code>null</code>). * @param params the initialization parameters (may be {@code null}).
* *
* @param provider the provider. * @param provider the provider.
* *
* @return a <code>CertStore</code> object that implements the * @return a {@code CertStore} object that implements the
* specified type. * specified type.
* *
* @exception NoSuchAlgorithmException if a CertStoreSpi * @exception NoSuchAlgorithmException if a CertStoreSpi
...@@ -338,9 +338,9 @@ public class CertStore { ...@@ -338,9 +338,9 @@ public class CertStore {
* *
* @throws InvalidAlgorithmParameterException if the specified * @throws InvalidAlgorithmParameterException if the specified
* initialization parameters are inappropriate for this * initialization parameters are inappropriate for this
* <code>CertStore</code> * {@code CertStore}
* *
* @exception IllegalArgumentException if the <code>provider</code> is * @exception IllegalArgumentException if the {@code provider} is
* null. * null.
* *
* @see java.security.Provider * @see java.security.Provider
...@@ -359,30 +359,30 @@ public class CertStore { ...@@ -359,30 +359,30 @@ public class CertStore {
} }
/** /**
* Returns the parameters used to initialize this <code>CertStore</code>. * Returns the parameters used to initialize this {@code CertStore}.
* Note that the <code>CertStoreParameters</code> object is cloned before * Note that the {@code CertStoreParameters} object is cloned before
* it is returned. * it is returned.
* *
* @return the parameters used to initialize this <code>CertStore</code> * @return the parameters used to initialize this {@code CertStore}
* (may be <code>null</code>) * (may be {@code null})
*/ */
public final CertStoreParameters getCertStoreParameters() { public final CertStoreParameters getCertStoreParameters() {
return (params == null ? null : (CertStoreParameters) params.clone()); return (params == null ? null : (CertStoreParameters) params.clone());
} }
/** /**
* Returns the type of this <code>CertStore</code>. * Returns the type of this {@code CertStore}.
* *
* @return the type of this <code>CertStore</code> * @return the type of this {@code CertStore}
*/ */
public final String getType() { public final String getType() {
return this.type; return this.type;
} }
/** /**
* Returns the provider of this <code>CertStore</code>. * Returns the provider of this {@code CertStore}.
* *
* @return the provider of this <code>CertStore</code> * @return the provider of this {@code CertStore}
*/ */
public final Provider getProvider() { public final Provider getProvider() {
return this.provider; return this.provider;
......
src/share/classes/java/security/cert/CertStoreException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -29,9 +29,9 @@ import java.security.GeneralSecurityException; ...@@ -29,9 +29,9 @@ import java.security.GeneralSecurityException;
/** /**
* An exception indicating one of a variety of problems retrieving * An exception indicating one of a variety of problems retrieving
* certificates and CRLs from a <code>CertStore</code>. * certificates and CRLs from a {@code CertStore}.
* <p> * <p>
* A <code>CertStoreException</code> provides support for wrapping * A {@code CertStoreException} provides support for wrapping
* exceptions. The {@link #getCause getCause} method returns the throwable, * exceptions. The {@link #getCause getCause} method returns the throwable,
* if any, that caused this exception to be thrown. * if any, that caused this exception to be thrown.
* <p> * <p>
...@@ -53,7 +53,7 @@ public class CertStoreException extends GeneralSecurityException { ...@@ -53,7 +53,7 @@ public class CertStoreException extends GeneralSecurityException {
private static final long serialVersionUID = 2395296107471573245L; private static final long serialVersionUID = 2395296107471573245L;
/** /**
* Creates a <code>CertStoreException</code> with <code>null</code> as * Creates a {@code CertStoreException} with {@code null} as
* its detail message. * its detail message.
*/ */
public CertStoreException() { public CertStoreException() {
...@@ -61,8 +61,8 @@ public class CertStoreException extends GeneralSecurityException { ...@@ -61,8 +61,8 @@ public class CertStoreException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertStoreException</code> with the given detail * Creates a {@code CertStoreException} with the given detail
* message. A detail message is a <code>String</code> that describes this * message. A detail message is a {@code String} that describes this
* particular exception. * particular exception.
* *
* @param msg the detail message * @param msg the detail message
...@@ -72,15 +72,15 @@ public class CertStoreException extends GeneralSecurityException { ...@@ -72,15 +72,15 @@ public class CertStoreException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertStoreException</code> that wraps the specified * Creates a {@code CertStoreException} that wraps the specified
* throwable. This allows any exception to be converted into a * throwable. This allows any exception to be converted into a
* <code>CertStoreException</code>, while retaining information about the * {@code CertStoreException}, while retaining information about the
* cause, which may be useful for debugging. The detail message is * cause, which may be useful for debugging. The detail message is
* set to (<code>cause==null ? null : cause.toString()</code>) (which * set to ({@code cause==null ? null : cause.toString()}) (which
* typically contains the class and detail message of cause). * typically contains the class and detail message of cause).
* *
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause getCause()} method). (A <code>null</code> value is * {@link #getCause getCause()} method). (A {@code null} value is
* permitted, and indicates that the cause is nonexistent or unknown.) * permitted, and indicates that the cause is nonexistent or unknown.)
*/ */
public CertStoreException(Throwable cause) { public CertStoreException(Throwable cause) {
...@@ -88,12 +88,12 @@ public class CertStoreException extends GeneralSecurityException { ...@@ -88,12 +88,12 @@ public class CertStoreException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertStoreException</code> with the specified detail * Creates a {@code CertStoreException} with the specified detail
* message and cause. * message and cause.
* *
* @param msg the detail message * @param msg the detail message
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause getCause()} method). (A <code>null</code> value is * {@link #getCause getCause()} method). (A {@code null} value is
* permitted, and indicates that the cause is nonexistent or unknown.) * permitted, and indicates that the cause is nonexistent or unknown.)
*/ */
public CertStoreException(String msg, Throwable cause) { public CertStoreException(String msg, Throwable cause) {
......
src/share/classes/java/security/cert/CertStoreParameters.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -26,20 +26,20 @@ ...@@ -26,20 +26,20 @@
package java.security.cert; package java.security.cert;
/** /**
* A specification of <code>CertStore</code> parameters. * A specification of {@code CertStore} parameters.
* <p> * <p>
* The purpose of this interface is to group (and provide type safety for) * The purpose of this interface is to group (and provide type safety for)
* all <code>CertStore</code> parameter specifications. All * all {@code CertStore} parameter specifications. All
* <code>CertStore</code> parameter specifications must implement this * {@code CertStore} parameter specifications must implement this
* interface. * interface.
* <p> * <p>
* Typically, a <code>CertStoreParameters</code> object is passed as a parameter * Typically, a {@code CertStoreParameters} object is passed as a parameter
* to one of the {@link CertStore#getInstance CertStore.getInstance} methods. * to one of the {@link CertStore#getInstance CertStore.getInstance} methods.
* The <code>getInstance</code> method returns a <code>CertStore</code> that * The {@code getInstance} method returns a {@code CertStore} that
* is used for retrieving <code>Certificate</code>s and <code>CRL</code>s. The * is used for retrieving {@code Certificate}s and {@code CRL}s. The
* <code>CertStore</code> that is returned is initialized with the specified * {@code CertStore} that is returned is initialized with the specified
* parameters. The type of parameters needed may vary between different types * parameters. The type of parameters needed may vary between different types
* of <code>CertStore</code>s. * of {@code CertStore}s.
* *
* @see CertStore#getInstance * @see CertStore#getInstance
* *
...@@ -49,32 +49,32 @@ package java.security.cert; ...@@ -49,32 +49,32 @@ package java.security.cert;
public interface CertStoreParameters extends Cloneable { public interface CertStoreParameters extends Cloneable {
/** /**
* Makes a copy of this <code>CertStoreParameters</code>. * Makes a copy of this {@code CertStoreParameters}.
* <p> * <p>
* The precise meaning of "copy" may depend on the class of * The precise meaning of "copy" may depend on the class of
* the <code>CertStoreParameters</code> object. A typical implementation * the {@code CertStoreParameters} object. A typical implementation
* performs a "deep copy" of this object, but this is not an absolute * performs a "deep copy" of this object, but this is not an absolute
* requirement. Some implementations may perform a "shallow copy" of some * requirement. Some implementations may perform a "shallow copy" of some
* or all of the fields of this object. * or all of the fields of this object.
* <p> * <p>
* Note that the <code>CertStore.getInstance</code> methods make a copy * Note that the {@code CertStore.getInstance} methods make a copy
* of the specified <code>CertStoreParameters</code>. A deep copy * of the specified {@code CertStoreParameters}. A deep copy
* implementation of <code>clone</code> is safer and more robust, as it * implementation of {@code clone} is safer and more robust, as it
* prevents the caller from corrupting a shared <code>CertStore</code> by * prevents the caller from corrupting a shared {@code CertStore} by
* subsequently modifying the contents of its initialization parameters. * subsequently modifying the contents of its initialization parameters.
* However, a shallow copy implementation of <code>clone</code> is more * However, a shallow copy implementation of {@code clone} is more
* appropriate for applications that need to hold a reference to a * appropriate for applications that need to hold a reference to a
* parameter contained in the <code>CertStoreParameters</code>. For example, * parameter contained in the {@code CertStoreParameters}. For example,
* a shallow copy clone allows an application to release the resources of * a shallow copy clone allows an application to release the resources of
* a particular <code>CertStore</code> initialization parameter immediately, * a particular {@code CertStore} initialization parameter immediately,
* rather than waiting for the garbage collection mechanism. This should * rather than waiting for the garbage collection mechanism. This should
* be done with the utmost care, since the <code>CertStore</code> may still * be done with the utmost care, since the {@code CertStore} may still
* be in use by other threads. * be in use by other threads.
* <p> * <p>
* Each subclass should state the precise behavior of this method so * Each subclass should state the precise behavior of this method so
* that users and developers know what to expect. * that users and developers know what to expect.
* *
* @return a copy of this <code>CertStoreParameters</code> * @return a copy of this {@code CertStoreParameters}
*/ */
Object clone(); Object clone();
} }
src/share/classes/java/security/cert/CertStoreSpi.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -30,26 +30,26 @@ import java.util.Collection; ...@@ -30,26 +30,26 @@ import java.util.Collection;
/** /**
* The <i>Service Provider Interface</i> (<b>SPI</b>) * The <i>Service Provider Interface</i> (<b>SPI</b>)
* for the {@link CertStore CertStore} class. All <code>CertStore</code> * for the {@link CertStore CertStore} class. All {@code CertStore}
* implementations must include a class (the SPI class) that extends * implementations must include a class (the SPI class) that extends
* this class (<code>CertStoreSpi</code>), provides a constructor with * this class ({@code CertStoreSpi}), provides a constructor with
* a single argument of type <code>CertStoreParameters</code>, and implements * a single argument of type {@code CertStoreParameters}, and implements
* all of its methods. In general, instances of this class should only be * all of its methods. In general, instances of this class should only be
* accessed through the <code>CertStore</code> class. * accessed through the {@code CertStore} class.
* For details, see the Java Cryptography Architecture. * For details, see the Java Cryptography Architecture.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
* The public methods of all <code>CertStoreSpi</code> objects must be * The public methods of all {@code CertStoreSpi} objects must be
* thread-safe. That is, multiple threads may concurrently invoke these * thread-safe. That is, multiple threads may concurrently invoke these
* methods on a single <code>CertStoreSpi</code> object (or more than one) * methods on a single {@code CertStoreSpi} object (or more than one)
* with no ill effects. This allows a <code>CertPathBuilder</code> to search * with no ill effects. This allows a {@code CertPathBuilder} to search
* for a CRL while simultaneously searching for further certificates, for * for a CRL while simultaneously searching for further certificates, for
* instance. * instance.
* <p> * <p>
* Simple <code>CertStoreSpi</code> implementations will probably ensure * Simple {@code CertStoreSpi} implementations will probably ensure
* thread safety by adding a <code>synchronized</code> keyword to their * thread safety by adding a {@code synchronized} keyword to their
* <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods. * {@code engineGetCertificates} and {@code engineGetCRLs} methods.
* More sophisticated ones may allow truly concurrent access. * More sophisticated ones may allow truly concurrent access.
* *
* @since 1.4 * @since 1.4
...@@ -60,64 +60,64 @@ public abstract class CertStoreSpi { ...@@ -60,64 +60,64 @@ public abstract class CertStoreSpi {
/** /**
* The sole constructor. * The sole constructor.
* *
* @param params the initialization parameters (may be <code>null</code>) * @param params the initialization parameters (may be {@code null})
* @throws InvalidAlgorithmParameterException if the initialization * @throws InvalidAlgorithmParameterException if the initialization
* parameters are inappropriate for this <code>CertStoreSpi</code> * parameters are inappropriate for this {@code CertStoreSpi}
*/ */
public CertStoreSpi(CertStoreParameters params) public CertStoreSpi(CertStoreParameters params)
throws InvalidAlgorithmParameterException { } throws InvalidAlgorithmParameterException { }
/** /**
* Returns a <code>Collection</code> of <code>Certificate</code>s that * Returns a {@code Collection} of {@code Certificate}s that
* match the specified selector. If no <code>Certificate</code>s * match the specified selector. If no {@code Certificate}s
* match the selector, an empty <code>Collection</code> will be returned. * match the selector, an empty {@code Collection} will be returned.
* <p> * <p>
* For some <code>CertStore</code> types, the resulting * For some {@code CertStore} types, the resulting
* <code>Collection</code> may not contain <b>all</b> of the * {@code Collection} may not contain <b>all</b> of the
* <code>Certificate</code>s that match the selector. For instance, * {@code Certificate}s that match the selector. For instance,
* an LDAP <code>CertStore</code> may not search all entries in the * an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to * directory. Instead, it may just search entries that are likely to
* contain the <code>Certificate</code>s it is looking for. * contain the {@code Certificate}s it is looking for.
* <p> * <p>
* Some <code>CertStore</code> implementations (especially LDAP * Some {@code CertStore} implementations (especially LDAP
* <code>CertStore</code>s) may throw a <code>CertStoreException</code> * {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null <code>CertSelector</code> is provided that includes * unless a non-null {@code CertSelector} is provided that includes
* specific criteria that can be used to find the certificates. Issuer * specific criteria that can be used to find the certificates. Issuer
* and/or subject names are especially useful criteria. * and/or subject names are especially useful criteria.
* *
* @param selector A <code>CertSelector</code> used to select which * @param selector A {@code CertSelector} used to select which
* <code>Certificate</code>s should be returned. Specify <code>null</code> * {@code Certificate}s should be returned. Specify {@code null}
* to return all <code>Certificate</code>s (if supported). * to return all {@code Certificate}s (if supported).
* @return A <code>Collection</code> of <code>Certificate</code>s that * @return A {@code Collection} of {@code Certificate}s that
* match the specified selector (never <code>null</code>) * match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs * @throws CertStoreException if an exception occurs
*/ */
public abstract Collection<? extends Certificate> engineGetCertificates public abstract Collection<? extends Certificate> engineGetCertificates
(CertSelector selector) throws CertStoreException; (CertSelector selector) throws CertStoreException;
/** /**
* Returns a <code>Collection</code> of <code>CRL</code>s that * Returns a {@code Collection} of {@code CRL}s that
* match the specified selector. If no <code>CRL</code>s * match the specified selector. If no {@code CRL}s
* match the selector, an empty <code>Collection</code> will be returned. * match the selector, an empty {@code Collection} will be returned.
* <p> * <p>
* For some <code>CertStore</code> types, the resulting * For some {@code CertStore} types, the resulting
* <code>Collection</code> may not contain <b>all</b> of the * {@code Collection} may not contain <b>all</b> of the
* <code>CRL</code>s that match the selector. For instance, * {@code CRL}s that match the selector. For instance,
* an LDAP <code>CertStore</code> may not search all entries in the * an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to * directory. Instead, it may just search entries that are likely to
* contain the <code>CRL</code>s it is looking for. * contain the {@code CRL}s it is looking for.
* <p> * <p>
* Some <code>CertStore</code> implementations (especially LDAP * Some {@code CertStore} implementations (especially LDAP
* <code>CertStore</code>s) may throw a <code>CertStoreException</code> * {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null <code>CRLSelector</code> is provided that includes * unless a non-null {@code CRLSelector} is provided that includes
* specific criteria that can be used to find the CRLs. Issuer names * specific criteria that can be used to find the CRLs. Issuer names
* and/or the certificate to be checked are especially useful. * and/or the certificate to be checked are especially useful.
* *
* @param selector A <code>CRLSelector</code> used to select which * @param selector A {@code CRLSelector} used to select which
* <code>CRL</code>s should be returned. Specify <code>null</code> * {@code CRL}s should be returned. Specify {@code null}
* to return all <code>CRL</code>s (if supported). * to return all {@code CRL}s (if supported).
* @return A <code>Collection</code> of <code>CRL</code>s that * @return A {@code Collection} of {@code CRL}s that
* match the specified selector (never <code>null</code>) * match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs * @throws CertStoreException if an exception occurs
*/ */
public abstract Collection<? extends CRL> engineGetCRLs public abstract Collection<? extends CRL> engineGetCRLs
......
src/share/classes/java/security/cert/Certificate.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -90,8 +90,8 @@ public abstract class Certificate implements java.io.Serializable { ...@@ -90,8 +90,8 @@ public abstract class Certificate implements java.io.Serializable {
/** /**
* Compares this certificate for equality with the specified * Compares this certificate for equality with the specified
* object. If the <code>other</code> object is an * object. If the {@code other} object is an
* <code>instanceof</code> <code>Certificate</code>, then * {@code instanceof} {@code Certificate}, then
* its encoded form is retrieved and compared with the * its encoded form is retrieved and compared with the
* encoded form of this certificate. * encoded form of this certificate.
* *
...@@ -196,8 +196,8 @@ public abstract class Certificate implements java.io.Serializable { ...@@ -196,8 +196,8 @@ public abstract class Certificate implements java.io.Serializable {
* *
* <p> This method was added to version 1.8 of the Java Platform * <p> This method was added to version 1.8 of the Java Platform
* Standard Edition. In order to maintain backwards compatibility with * Standard Edition. In order to maintain backwards compatibility with
* existing service providers, this method cannot be <code>abstract</code> * existing service providers, this method cannot be {@code abstract}
* and by default throws an <code>UnsupportedOperationException</code>. * and by default throws an {@code UnsupportedOperationException}.
* *
* @param key the PublicKey used to carry out the verification. * @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider. * @param sigProvider the signature provider.
......
src/share/classes/java/security/cert/CertificateEncodingException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -56,13 +56,13 @@ public class CertificateEncodingException extends CertificateException { ...@@ -56,13 +56,13 @@ public class CertificateEncodingException extends CertificateException {
} }
/** /**
* Creates a <code>CertificateEncodingException</code> with the specified * Creates a {@code CertificateEncodingException} with the specified
* detail message and cause. * detail message and cause.
* *
* @param message the detail message (which is saved for later retrieval * @param message the detail message (which is saved for later retrieval
* by the {@link #getMessage()} method). * by the {@link #getMessage()} method).
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
...@@ -71,14 +71,14 @@ public class CertificateEncodingException extends CertificateException { ...@@ -71,14 +71,14 @@ public class CertificateEncodingException extends CertificateException {
} }
/** /**
* Creates a <code>CertificateEncodingException</code> * Creates a {@code CertificateEncodingException}
* with the specified cause and a detail message of * with the specified cause and a detail message of
* <tt>(cause==null ? null : cause.toString())</tt> * {@code (cause==null ? null : cause.toString())}
* (which typically contains the class and detail message of * (which typically contains the class and detail message of
* <tt>cause</tt>). * {@code cause}).
* *
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
......
src/share/classes/java/security/cert/CertificateException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -57,13 +57,13 @@ public class CertificateException extends GeneralSecurityException { ...@@ -57,13 +57,13 @@ public class CertificateException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertificateException</code> with the specified * Creates a {@code CertificateException} with the specified
* detail message and cause. * detail message and cause.
* *
* @param message the detail message (which is saved for later retrieval * @param message the detail message (which is saved for later retrieval
* by the {@link #getMessage()} method). * by the {@link #getMessage()} method).
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
...@@ -72,13 +72,13 @@ public class CertificateException extends GeneralSecurityException { ...@@ -72,13 +72,13 @@ public class CertificateException extends GeneralSecurityException {
} }
/** /**
* Creates a <code>CertificateException</code> with the specified cause * Creates a {@code CertificateException} with the specified cause
* and a detail message of <tt>(cause==null ? null : cause.toString())</tt> * and a detail message of {@code (cause==null ? null : cause.toString())}
* (which typically contains the class and detail message of * (which typically contains the class and detail message of
* <tt>cause</tt>). * {@code cause}).
* *
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
......
src/share/classes/java/security/cert/CertificateExpiredException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -27,8 +27,8 @@ package java.security.cert; ...@@ -27,8 +27,8 @@ package java.security.cert;
/** /**
* Certificate Expired Exception. This is thrown whenever the current * Certificate Expired Exception. This is thrown whenever the current
* <code>Date</code> or the specified <code>Date</code> is after the * {@code Date} or the specified {@code Date} is after the
* <code>notAfter</code> date/time specified in the validity period * {@code notAfter} date/time specified in the validity period
* of the certificate. * of the certificate.
* *
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
......
src/share/classes/java/security/cert/CertificateFactory.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -41,27 +41,27 @@ import sun.security.jca.GetInstance.Instance; ...@@ -41,27 +41,27 @@ import sun.security.jca.GetInstance.Instance;
/** /**
* This class defines the functionality of a certificate factory, which is * This class defines the functionality of a certificate factory, which is
* used to generate certificate, certification path (<code>CertPath</code>) * used to generate certificate, certification path ({@code CertPath})
* and certificate revocation list (CRL) objects from their encodings. * and certificate revocation list (CRL) objects from their encodings.
* *
* <p>For encodings consisting of multiple certificates, use * <p>For encodings consisting of multiple certificates, use
* <code>generateCertificates</code> when you want to * {@code generateCertificates} when you want to
* parse a collection of possibly unrelated certificates. Otherwise, * parse a collection of possibly unrelated certificates. Otherwise,
* use <code>generateCertPath</code> when you want to generate * use {@code generateCertPath} when you want to generate
* a <code>CertPath</code> (a certificate chain) and subsequently * a {@code CertPath} (a certificate chain) and subsequently
* validate it with a <code>CertPathValidator</code>. * validate it with a {@code CertPathValidator}.
* *
* <p>A certificate factory for X.509 must return certificates that are an * <p>A certificate factory for X.509 must return certificates that are an
* instance of <code>java.security.cert.X509Certificate</code>, and CRLs * instance of {@code java.security.cert.X509Certificate}, and CRLs
* that are an instance of <code>java.security.cert.X509CRL</code>. * that are an instance of {@code java.security.cert.X509CRL}.
* *
* <p>The following example reads a file with Base64 encoded certificates, * <p>The following example reads a file with Base64 encoded certificates,
* which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and
* bounded at the end by -----END CERTIFICATE-----. We convert the * bounded at the end by -----END CERTIFICATE-----. We convert the
* <code>FileInputStream</code> (which does not support <code>mark</code> * {@code FileInputStream} (which does not support {@code mark}
* and <code>reset</code>) to a <code>BufferedInputStream</code> (which * and {@code reset}) to a {@code BufferedInputStream} (which
* supports those methods), so that each call to * supports those methods), so that each call to
* <code>generateCertificate</code> consumes only one certificate, and the * {@code generateCertificate} consumes only one certificate, and the
* read position of the input stream is positioned to the next certificate in * read position of the input stream is positioned to the next certificate in
* the file:<p> * the file:<p>
* *
...@@ -92,14 +92,14 @@ import sun.security.jca.GetInstance.Instance; ...@@ -92,14 +92,14 @@ import sun.security.jca.GetInstance.Instance;
* </pre> * </pre>
* *
* <p> Every implementation of the Java platform is required to support the * <p> Every implementation of the Java platform is required to support the
* following standard <code>CertificateFactory</code> type: * following standard {@code CertificateFactory} type:
* <ul> * <ul>
* <li><tt>X.509</tt></li> * <li>{@code X.509}</li>
* </ul> * </ul>
* and the following standard <code>CertPath</code> encodings: * and the following standard {@code CertPath} encodings:
* <ul> * <ul>
* <li><tt>PKCS7</tt></li> * <li>{@code PKCS7}</li>
* <li><tt>PkiPath</tt></li> * <li>{@code PkiPath}</li>
* </ul> * </ul>
* The type and encodings are described in the <a href= * The type and encodings are described in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
...@@ -258,7 +258,7 @@ public class CertificateFactory { ...@@ -258,7 +258,7 @@ public class CertificateFactory {
* implementation for the specified algorithm is not available * implementation for the specified algorithm is not available
* from the specified Provider object. * from the specified Provider object.
* *
* @exception IllegalArgumentException if the <code>provider</code> is * @exception IllegalArgumentException if the {@code provider} is
* null. * null.
* *
* @see java.security.Provider * @see java.security.Provider
...@@ -299,17 +299,17 @@ public class CertificateFactory { ...@@ -299,17 +299,17 @@ public class CertificateFactory {
/** /**
* Generates a certificate object and initializes it with * Generates a certificate object and initializes it with
* the data read from the input stream <code>inStream</code>. * the data read from the input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized certificate format * <p>In order to take advantage of the specialized certificate format
* supported by this certificate factory, * supported by this certificate factory,
* the returned certificate object can be typecast to the corresponding * the returned certificate object can be typecast to the corresponding
* certificate class. For example, if this certificate * certificate class. For example, if this certificate
* factory implements X.509 certificates, the returned certificate object * factory implements X.509 certificates, the returned certificate object
* can be typecast to the <code>X509Certificate</code> class. * can be typecast to the {@code X509Certificate} class.
* *
* <p>In the case of a certificate factory for X.509 certificates, the * <p>In the case of a certificate factory for X.509 certificates, the
* certificate provided in <code>inStream</code> must be DER-encoded and * certificate provided in {@code inStream} must be DER-encoded and
* may be supplied in binary or printable (Base64) encoding. If the * may be supplied in binary or printable (Base64) encoding. If the
* certificate is provided in Base64 encoding, it must be bounded at * certificate is provided in Base64 encoding, it must be bounded at
* the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at
...@@ -324,7 +324,7 @@ public class CertificateFactory { ...@@ -324,7 +324,7 @@ public class CertificateFactory {
* the inherent end-of-certificate marker. If the data in the input stream * the inherent end-of-certificate marker. If the data in the input stream
* does not contain an inherent end-of-certificate marker (other * does not contain an inherent end-of-certificate marker (other
* than EOF) and there is trailing data after the certificate is parsed, a * than EOF) and there is trailing data after the certificate is parsed, a
* <code>CertificateException</code> is thrown. * {@code CertificateException} is thrown.
* *
* @param inStream an input stream with the certificate data. * @param inStream an input stream with the certificate data.
* *
...@@ -340,19 +340,19 @@ public class CertificateFactory { ...@@ -340,19 +340,19 @@ public class CertificateFactory {
} }
/** /**
* Returns an iteration of the <code>CertPath</code> encodings supported * Returns an iteration of the {@code CertPath} encodings supported
* by this certificate factory, with the default encoding first. See * by this certificate factory, with the default encoding first. See
* the CertPath Encodings section in the <a href= * the CertPath Encodings section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard encoding names and their formats. * for information about standard encoding names and their formats.
* <p> * <p>
* Attempts to modify the returned <code>Iterator</code> via its * Attempts to modify the returned {@code Iterator} via its
* <code>remove</code> method result in an * {@code remove} method result in an
* <code>UnsupportedOperationException</code>. * {@code UnsupportedOperationException}.
* *
* @return an <code>Iterator</code> over the names of the supported * @return an {@code Iterator} over the names of the supported
* <code>CertPath</code> encodings (as <code>String</code>s) * {@code CertPath} encodings (as {@code String}s)
* @since 1.4 * @since 1.4
*/ */
public final Iterator<String> getCertPathEncodings() { public final Iterator<String> getCertPathEncodings() {
...@@ -360,15 +360,15 @@ public class CertificateFactory { ...@@ -360,15 +360,15 @@ public class CertificateFactory {
} }
/** /**
* Generates a <code>CertPath</code> object and initializes it with * Generates a {@code CertPath} object and initializes it with
* the data read from the <code>InputStream</code> inStream. The data * the data read from the {@code InputStream} inStream. The data
* is assumed to be in the default encoding. The name of the default * is assumed to be in the default encoding. The name of the default
* encoding is the first element of the <code>Iterator</code> returned by * encoding is the first element of the {@code Iterator} returned by
* the {@link #getCertPathEncodings getCertPathEncodings} method. * the {@link #getCertPathEncodings getCertPathEncodings} method.
* *
* @param inStream an <code>InputStream</code> containing the data * @param inStream an {@code InputStream} containing the data
* @return a <code>CertPath</code> initialized with the data from the * @return a {@code CertPath} initialized with the data from the
* <code>InputStream</code> * {@code InputStream}
* @exception CertificateException if an exception occurs while decoding * @exception CertificateException if an exception occurs while decoding
* @since 1.4 * @since 1.4
*/ */
...@@ -379,18 +379,18 @@ public class CertificateFactory { ...@@ -379,18 +379,18 @@ public class CertificateFactory {
} }
/** /**
* Generates a <code>CertPath</code> object and initializes it with * Generates a {@code CertPath} object and initializes it with
* the data read from the <code>InputStream</code> inStream. The data * the data read from the {@code InputStream} inStream. The data
* is assumed to be in the specified encoding. See * is assumed to be in the specified encoding. See
* the CertPath Encodings section in the <a href= * the CertPath Encodings section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard encoding names and their formats. * for information about standard encoding names and their formats.
* *
* @param inStream an <code>InputStream</code> containing the data * @param inStream an {@code InputStream} containing the data
* @param encoding the encoding used for the data * @param encoding the encoding used for the data
* @return a <code>CertPath</code> initialized with the data from the * @return a {@code CertPath} initialized with the data from the
* <code>InputStream</code> * {@code InputStream}
* @exception CertificateException if an exception occurs while decoding or * @exception CertificateException if an exception occurs while decoding or
* the encoding requested is not supported * the encoding requested is not supported
* @since 1.4 * @since 1.4
...@@ -402,15 +402,15 @@ public class CertificateFactory { ...@@ -402,15 +402,15 @@ public class CertificateFactory {
} }
/** /**
* Generates a <code>CertPath</code> object and initializes it with * Generates a {@code CertPath} object and initializes it with
* a <code>List</code> of <code>Certificate</code>s. * a {@code List} of {@code Certificate}s.
* <p> * <p>
* The certificates supplied must be of a type supported by the * The certificates supplied must be of a type supported by the
* <code>CertificateFactory</code>. They will be copied out of the supplied * {@code CertificateFactory}. They will be copied out of the supplied
* <code>List</code> object. * {@code List} object.
* *
* @param certificates a <code>List</code> of <code>Certificate</code>s * @param certificates a {@code List} of {@code Certificate}s
* @return a <code>CertPath</code> initialized with the supplied list of * @return a {@code CertPath} initialized with the supplied list of
* certificates * certificates
* @exception CertificateException if an exception occurs * @exception CertificateException if an exception occurs
* @since 1.4 * @since 1.4
...@@ -424,20 +424,20 @@ public class CertificateFactory { ...@@ -424,20 +424,20 @@ public class CertificateFactory {
/** /**
* Returns a (possibly empty) collection view of the certificates read * Returns a (possibly empty) collection view of the certificates read
* from the given input stream <code>inStream</code>. * from the given input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized certificate format * <p>In order to take advantage of the specialized certificate format
* supported by this certificate factory, each element in * supported by this certificate factory, each element in
* the returned collection view can be typecast to the corresponding * the returned collection view can be typecast to the corresponding
* certificate class. For example, if this certificate * certificate class. For example, if this certificate
* factory implements X.509 certificates, the elements in the returned * factory implements X.509 certificates, the elements in the returned
* collection can be typecast to the <code>X509Certificate</code> class. * collection can be typecast to the {@code X509Certificate} class.
* *
* <p>In the case of a certificate factory for X.509 certificates, * <p>In the case of a certificate factory for X.509 certificates,
* <code>inStream</code> may contain a sequence of DER-encoded certificates * {@code inStream} may contain a sequence of DER-encoded certificates
* in the formats described for * in the formats described for
* {@link #generateCertificate(java.io.InputStream) generateCertificate}. * {@link #generateCertificate(java.io.InputStream) generateCertificate}.
* In addition, <code>inStream</code> may contain a PKCS#7 certificate * In addition, {@code inStream} may contain a PKCS#7 certificate
* chain. This is a PKCS#7 <i>SignedData</i> object, with the only * chain. This is a PKCS#7 <i>SignedData</i> object, with the only
* significant field being <i>certificates</i>. In particular, the * significant field being <i>certificates</i>. In particular, the
* signature and the contents are ignored. This format allows multiple * signature and the contents are ignored. This format allows multiple
...@@ -464,14 +464,14 @@ public class CertificateFactory { ...@@ -464,14 +464,14 @@ public class CertificateFactory {
/** /**
* Generates a certificate revocation list (CRL) object and initializes it * Generates a certificate revocation list (CRL) object and initializes it
* with the data read from the input stream <code>inStream</code>. * with the data read from the input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized CRL format * <p>In order to take advantage of the specialized CRL format
* supported by this certificate factory, * supported by this certificate factory,
* the returned CRL object can be typecast to the corresponding * the returned CRL object can be typecast to the corresponding
* CRL class. For example, if this certificate * CRL class. For example, if this certificate
* factory implements X.509 CRLs, the returned CRL object * factory implements X.509 CRLs, the returned CRL object
* can be typecast to the <code>X509CRL</code> class. * can be typecast to the {@code X509CRL} class.
* *
* <p>Note that if the given input stream does not support * <p>Note that if the given input stream does not support
* {@link java.io.InputStream#mark(int) mark} and * {@link java.io.InputStream#mark(int) mark} and
...@@ -482,7 +482,7 @@ public class CertificateFactory { ...@@ -482,7 +482,7 @@ public class CertificateFactory {
* end-of-CRL marker. If the data in the * end-of-CRL marker. If the data in the
* input stream does not contain an inherent end-of-CRL marker (other * input stream does not contain an inherent end-of-CRL marker (other
* than EOF) and there is trailing data after the CRL is parsed, a * than EOF) and there is trailing data after the CRL is parsed, a
* <code>CRLException</code> is thrown. * {@code CRLException} is thrown.
* *
* @param inStream an input stream with the CRL data. * @param inStream an input stream with the CRL data.
* *
...@@ -499,18 +499,18 @@ public class CertificateFactory { ...@@ -499,18 +499,18 @@ public class CertificateFactory {
/** /**
* Returns a (possibly empty) collection view of the CRLs read * Returns a (possibly empty) collection view of the CRLs read
* from the given input stream <code>inStream</code>. * from the given input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized CRL format * <p>In order to take advantage of the specialized CRL format
* supported by this certificate factory, each element in * supported by this certificate factory, each element in
* the returned collection view can be typecast to the corresponding * the returned collection view can be typecast to the corresponding
* CRL class. For example, if this certificate * CRL class. For example, if this certificate
* factory implements X.509 CRLs, the elements in the returned * factory implements X.509 CRLs, the elements in the returned
* collection can be typecast to the <code>X509CRL</code> class. * collection can be typecast to the {@code X509CRL} class.
* *
* <p>In the case of a certificate factory for X.509 CRLs, * <p>In the case of a certificate factory for X.509 CRLs,
* <code>inStream</code> may contain a sequence of DER-encoded CRLs. * {@code inStream} may contain a sequence of DER-encoded CRLs.
* In addition, <code>inStream</code> may contain a PKCS#7 CRL * In addition, {@code inStream} may contain a PKCS#7 CRL
* set. This is a PKCS#7 <i>SignedData</i> object, with the only * set. This is a PKCS#7 <i>SignedData</i> object, with the only
* significant field being <i>crls</i>. In particular, the * significant field being <i>crls</i>. In particular, the
* signature and the contents are ignored. This format allows multiple * signature and the contents are ignored. This format allows multiple
......
src/share/classes/java/security/cert/CertificateFactorySpi.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -35,18 +35,18 @@ import java.security.NoSuchProviderException; ...@@ -35,18 +35,18 @@ import java.security.NoSuchProviderException;
/** /**
* This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
* for the <code>CertificateFactory</code> class. * for the {@code CertificateFactory} class.
* All the abstract methods in this class must be implemented by each * All the abstract methods in this class must be implemented by each
* cryptographic service provider who wishes to supply the implementation * cryptographic service provider who wishes to supply the implementation
* of a certificate factory for a particular certificate type, e.g., X.509. * of a certificate factory for a particular certificate type, e.g., X.509.
* *
* <p>Certificate factories are used to generate certificate, certification path * <p>Certificate factories are used to generate certificate, certification path
* (<code>CertPath</code>) and certificate revocation list (CRL) objects from * ({@code CertPath}) and certificate revocation list (CRL) objects from
* their encodings. * their encodings.
* *
* <p>A certificate factory for X.509 must return certificates that are an * <p>A certificate factory for X.509 must return certificates that are an
* instance of <code>java.security.cert.X509Certificate</code>, and CRLs * instance of {@code java.security.cert.X509Certificate}, and CRLs
* that are an instance of <code>java.security.cert.X509CRL</code>. * that are an instance of {@code java.security.cert.X509CRL}.
* *
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* @author Jan Luehe * @author Jan Luehe
...@@ -67,17 +67,17 @@ public abstract class CertificateFactorySpi { ...@@ -67,17 +67,17 @@ public abstract class CertificateFactorySpi {
/** /**
* Generates a certificate object and initializes it with * Generates a certificate object and initializes it with
* the data read from the input stream <code>inStream</code>. * the data read from the input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized certificate format * <p>In order to take advantage of the specialized certificate format
* supported by this certificate factory, * supported by this certificate factory,
* the returned certificate object can be typecast to the corresponding * the returned certificate object can be typecast to the corresponding
* certificate class. For example, if this certificate * certificate class. For example, if this certificate
* factory implements X.509 certificates, the returned certificate object * factory implements X.509 certificates, the returned certificate object
* can be typecast to the <code>X509Certificate</code> class. * can be typecast to the {@code X509Certificate} class.
* *
* <p>In the case of a certificate factory for X.509 certificates, the * <p>In the case of a certificate factory for X.509 certificates, the
* certificate provided in <code>inStream</code> must be DER-encoded and * certificate provided in {@code inStream} must be DER-encoded and
* may be supplied in binary or printable (Base64) encoding. If the * may be supplied in binary or printable (Base64) encoding. If the
* certificate is provided in Base64 encoding, it must be bounded at * certificate is provided in Base64 encoding, it must be bounded at
* the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at
...@@ -92,7 +92,7 @@ public abstract class CertificateFactorySpi { ...@@ -92,7 +92,7 @@ public abstract class CertificateFactorySpi {
* end-of-certificate marker. If the data in the * end-of-certificate marker. If the data in the
* input stream does not contain an inherent end-of-certificate marker (other * input stream does not contain an inherent end-of-certificate marker (other
* than EOF) and there is trailing data after the certificate is parsed, a * than EOF) and there is trailing data after the certificate is parsed, a
* <code>CertificateException</code> is thrown. * {@code CertificateException} is thrown.
* *
* @param inStream an input stream with the certificate data. * @param inStream an input stream with the certificate data.
* *
...@@ -105,18 +105,18 @@ public abstract class CertificateFactorySpi { ...@@ -105,18 +105,18 @@ public abstract class CertificateFactorySpi {
throws CertificateException; throws CertificateException;
/** /**
* Generates a <code>CertPath</code> object and initializes it with * Generates a {@code CertPath} object and initializes it with
* the data read from the <code>InputStream</code> inStream. The data * the data read from the {@code InputStream} inStream. The data
* is assumed to be in the default encoding. * is assumed to be in the default encoding.
* *
* <p> This method was added to version 1.4 of the Java 2 Platform * <p> This method was added to version 1.4 of the Java 2 Platform
* Standard Edition. In order to maintain backwards compatibility with * Standard Edition. In order to maintain backwards compatibility with
* existing service providers, this method cannot be <code>abstract</code> * existing service providers, this method cannot be {@code abstract}
* and by default throws an <code>UnsupportedOperationException</code>. * and by default throws an {@code UnsupportedOperationException}.
* *
* @param inStream an <code>InputStream</code> containing the data * @param inStream an {@code InputStream} containing the data
* @return a <code>CertPath</code> initialized with the data from the * @return a {@code CertPath} initialized with the data from the
* <code>InputStream</code> * {@code InputStream}
* @exception CertificateException if an exception occurs while decoding * @exception CertificateException if an exception occurs while decoding
* @exception UnsupportedOperationException if the method is not supported * @exception UnsupportedOperationException if the method is not supported
* @since 1.4 * @since 1.4
...@@ -128,19 +128,19 @@ public abstract class CertificateFactorySpi { ...@@ -128,19 +128,19 @@ public abstract class CertificateFactorySpi {
} }
/** /**
* Generates a <code>CertPath</code> object and initializes it with * Generates a {@code CertPath} object and initializes it with
* the data read from the <code>InputStream</code> inStream. The data * the data read from the {@code InputStream} inStream. The data
* is assumed to be in the specified encoding. * is assumed to be in the specified encoding.
* *
* <p> This method was added to version 1.4 of the Java 2 Platform * <p> This method was added to version 1.4 of the Java 2 Platform
* Standard Edition. In order to maintain backwards compatibility with * Standard Edition. In order to maintain backwards compatibility with
* existing service providers, this method cannot be <code>abstract</code> * existing service providers, this method cannot be {@code abstract}
* and by default throws an <code>UnsupportedOperationException</code>. * and by default throws an {@code UnsupportedOperationException}.
* *
* @param inStream an <code>InputStream</code> containing the data * @param inStream an {@code InputStream} containing the data
* @param encoding the encoding used for the data * @param encoding the encoding used for the data
* @return a <code>CertPath</code> initialized with the data from the * @return a {@code CertPath} initialized with the data from the
* <code>InputStream</code> * {@code InputStream}
* @exception CertificateException if an exception occurs while decoding or * @exception CertificateException if an exception occurs while decoding or
* the encoding requested is not supported * the encoding requested is not supported
* @exception UnsupportedOperationException if the method is not supported * @exception UnsupportedOperationException if the method is not supported
...@@ -153,20 +153,20 @@ public abstract class CertificateFactorySpi { ...@@ -153,20 +153,20 @@ public abstract class CertificateFactorySpi {
} }
/** /**
* Generates a <code>CertPath</code> object and initializes it with * Generates a {@code CertPath} object and initializes it with
* a <code>List</code> of <code>Certificate</code>s. * a {@code List} of {@code Certificate}s.
* <p> * <p>
* The certificates supplied must be of a type supported by the * The certificates supplied must be of a type supported by the
* <code>CertificateFactory</code>. They will be copied out of the supplied * {@code CertificateFactory}. They will be copied out of the supplied
* <code>List</code> object. * {@code List} object.
* *
* <p> This method was added to version 1.4 of the Java 2 Platform * <p> This method was added to version 1.4 of the Java 2 Platform
* Standard Edition. In order to maintain backwards compatibility with * Standard Edition. In order to maintain backwards compatibility with
* existing service providers, this method cannot be <code>abstract</code> * existing service providers, this method cannot be {@code abstract}
* and by default throws an <code>UnsupportedOperationException</code>. * and by default throws an {@code UnsupportedOperationException}.
* *
* @param certificates a <code>List</code> of <code>Certificate</code>s * @param certificates a {@code List} of {@code Certificate}s
* @return a <code>CertPath</code> initialized with the supplied list of * @return a {@code CertPath} initialized with the supplied list of
* certificates * certificates
* @exception CertificateException if an exception occurs * @exception CertificateException if an exception occurs
* @exception UnsupportedOperationException if the method is not supported * @exception UnsupportedOperationException if the method is not supported
...@@ -180,24 +180,24 @@ public abstract class CertificateFactorySpi { ...@@ -180,24 +180,24 @@ public abstract class CertificateFactorySpi {
} }
/** /**
* Returns an iteration of the <code>CertPath</code> encodings supported * Returns an iteration of the {@code CertPath} encodings supported
* by this certificate factory, with the default encoding first. See * by this certificate factory, with the default encoding first. See
* the CertPath Encodings section in the <a href= * the CertPath Encodings section in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings"> * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
* Java Cryptography Architecture Standard Algorithm Name Documentation</a> * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard encoding names. * for information about standard encoding names.
* <p> * <p>
* Attempts to modify the returned <code>Iterator</code> via its * Attempts to modify the returned {@code Iterator} via its
* <code>remove</code> method result in an * {@code remove} method result in an
* <code>UnsupportedOperationException</code>. * {@code UnsupportedOperationException}.
* *
* <p> This method was added to version 1.4 of the Java 2 Platform * <p> This method was added to version 1.4 of the Java 2 Platform
* Standard Edition. In order to maintain backwards compatibility with * Standard Edition. In order to maintain backwards compatibility with
* existing service providers, this method cannot be <code>abstract</code> * existing service providers, this method cannot be {@code abstract}
* and by default throws an <code>UnsupportedOperationException</code>. * and by default throws an {@code UnsupportedOperationException}.
* *
* @return an <code>Iterator</code> over the names of the supported * @return an {@code Iterator} over the names of the supported
* <code>CertPath</code> encodings (as <code>String</code>s) * {@code CertPath} encodings (as {@code String}s)
* @exception UnsupportedOperationException if the method is not supported * @exception UnsupportedOperationException if the method is not supported
* @since 1.4 * @since 1.4
*/ */
...@@ -207,21 +207,21 @@ public abstract class CertificateFactorySpi { ...@@ -207,21 +207,21 @@ public abstract class CertificateFactorySpi {
/** /**
* Returns a (possibly empty) collection view of the certificates read * Returns a (possibly empty) collection view of the certificates read
* from the given input stream <code>inStream</code>. * from the given input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized certificate format * <p>In order to take advantage of the specialized certificate format
* supported by this certificate factory, each element in * supported by this certificate factory, each element in
* the returned collection view can be typecast to the corresponding * the returned collection view can be typecast to the corresponding
* certificate class. For example, if this certificate * certificate class. For example, if this certificate
* factory implements X.509 certificates, the elements in the returned * factory implements X.509 certificates, the elements in the returned
* collection can be typecast to the <code>X509Certificate</code> class. * collection can be typecast to the {@code X509Certificate} class.
* *
* <p>In the case of a certificate factory for X.509 certificates, * <p>In the case of a certificate factory for X.509 certificates,
* <code>inStream</code> may contain a single DER-encoded certificate * {@code inStream} may contain a single DER-encoded certificate
* in the formats described for * in the formats described for
* {@link CertificateFactory#generateCertificate(java.io.InputStream) * {@link CertificateFactory#generateCertificate(java.io.InputStream)
* generateCertificate}. * generateCertificate}.
* In addition, <code>inStream</code> may contain a PKCS#7 certificate * In addition, {@code inStream} may contain a PKCS#7 certificate
* chain. This is a PKCS#7 <i>SignedData</i> object, with the only * chain. This is a PKCS#7 <i>SignedData</i> object, with the only
* significant field being <i>certificates</i>. In particular, the * significant field being <i>certificates</i>. In particular, the
* signature and the contents are ignored. This format allows multiple * signature and the contents are ignored. This format allows multiple
...@@ -247,14 +247,14 @@ public abstract class CertificateFactorySpi { ...@@ -247,14 +247,14 @@ public abstract class CertificateFactorySpi {
/** /**
* Generates a certificate revocation list (CRL) object and initializes it * Generates a certificate revocation list (CRL) object and initializes it
* with the data read from the input stream <code>inStream</code>. * with the data read from the input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized CRL format * <p>In order to take advantage of the specialized CRL format
* supported by this certificate factory, * supported by this certificate factory,
* the returned CRL object can be typecast to the corresponding * the returned CRL object can be typecast to the corresponding
* CRL class. For example, if this certificate * CRL class. For example, if this certificate
* factory implements X.509 CRLs, the returned CRL object * factory implements X.509 CRLs, the returned CRL object
* can be typecast to the <code>X509CRL</code> class. * can be typecast to the {@code X509CRL} class.
* *
* <p>Note that if the given input stream does not support * <p>Note that if the given input stream does not support
* {@link java.io.InputStream#mark(int) mark} and * {@link java.io.InputStream#mark(int) mark} and
...@@ -265,7 +265,7 @@ public abstract class CertificateFactorySpi { ...@@ -265,7 +265,7 @@ public abstract class CertificateFactorySpi {
* end-of-CRL marker. If the data in the * end-of-CRL marker. If the data in the
* input stream does not contain an inherent end-of-CRL marker (other * input stream does not contain an inherent end-of-CRL marker (other
* than EOF) and there is trailing data after the CRL is parsed, a * than EOF) and there is trailing data after the CRL is parsed, a
* <code>CRLException</code> is thrown. * {@code CRLException} is thrown.
* *
* @param inStream an input stream with the CRL data. * @param inStream an input stream with the CRL data.
* *
...@@ -279,18 +279,18 @@ public abstract class CertificateFactorySpi { ...@@ -279,18 +279,18 @@ public abstract class CertificateFactorySpi {
/** /**
* Returns a (possibly empty) collection view of the CRLs read * Returns a (possibly empty) collection view of the CRLs read
* from the given input stream <code>inStream</code>. * from the given input stream {@code inStream}.
* *
* <p>In order to take advantage of the specialized CRL format * <p>In order to take advantage of the specialized CRL format
* supported by this certificate factory, each element in * supported by this certificate factory, each element in
* the returned collection view can be typecast to the corresponding * the returned collection view can be typecast to the corresponding
* CRL class. For example, if this certificate * CRL class. For example, if this certificate
* factory implements X.509 CRLs, the elements in the returned * factory implements X.509 CRLs, the elements in the returned
* collection can be typecast to the <code>X509CRL</code> class. * collection can be typecast to the {@code X509CRL} class.
* *
* <p>In the case of a certificate factory for X.509 CRLs, * <p>In the case of a certificate factory for X.509 CRLs,
* <code>inStream</code> may contain a single DER-encoded CRL. * {@code inStream} may contain a single DER-encoded CRL.
* In addition, <code>inStream</code> may contain a PKCS#7 CRL * In addition, {@code inStream} may contain a PKCS#7 CRL
* set. This is a PKCS#7 <i>SignedData</i> object, with the only * set. This is a PKCS#7 <i>SignedData</i> object, with the only
* significant field being <i>crls</i>. In particular, the * significant field being <i>crls</i>. In particular, the
* signature and the contents are ignored. This format allows multiple * signature and the contents are ignored. This format allows multiple
......
src/share/classes/java/security/cert/CertificateNotYetValidException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -27,8 +27,8 @@ package java.security.cert; ...@@ -27,8 +27,8 @@ package java.security.cert;
/** /**
* Certificate is not yet valid exception. This is thrown whenever * Certificate is not yet valid exception. This is thrown whenever
* the current <code>Date</code> or the specified <code>Date</code> * the current {@code Date} or the specified {@code Date}
* is before the <code>notBefore</code> date/time in the Certificate * is before the {@code notBefore} date/time in the Certificate
* validity period. * validity period.
* *
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
......
src/share/classes/java/security/cert/CertificateParsingException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -57,13 +57,13 @@ public class CertificateParsingException extends CertificateException { ...@@ -57,13 +57,13 @@ public class CertificateParsingException extends CertificateException {
} }
/** /**
* Creates a <code>CertificateParsingException</code> with the specified * Creates a {@code CertificateParsingException} with the specified
* detail message and cause. * detail message and cause.
* *
* @param message the detail message (which is saved for later retrieval * @param message the detail message (which is saved for later retrieval
* by the {@link #getMessage()} method). * by the {@link #getMessage()} method).
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
...@@ -72,14 +72,14 @@ public class CertificateParsingException extends CertificateException { ...@@ -72,14 +72,14 @@ public class CertificateParsingException extends CertificateException {
} }
/** /**
* Creates a <code>CertificateParsingException</code> with the * Creates a {@code CertificateParsingException} with the
* specified cause and a detail message of * specified cause and a detail message of
* <tt>(cause==null ? null : cause.toString())</tt> * {@code (cause==null ? null : cause.toString())}
* (which typically contains the class and detail message of * (which typically contains the class and detail message of
* <tt>cause</tt>). * {@code cause}).
* *
* @param cause the cause (which is saved for later retrieval by the * @param cause the cause (which is saved for later retrieval by the
* {@link #getCause()} method). (A <tt>null</tt> value is permitted, * {@link #getCause()} method). (A {@code null} value is permitted,
* and indicates that the cause is nonexistent or unknown.) * and indicates that the cause is nonexistent or unknown.)
* @since 1.5 * @since 1.5
*/ */
......
src/share/classes/java/security/cert/CertificateRevokedException.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -39,7 +39,7 @@ import sun.security.x509.InvalidityDateExtension; ...@@ -39,7 +39,7 @@ import sun.security.x509.InvalidityDateExtension;
/** /**
* An exception that indicates an X.509 certificate is revoked. A * An exception that indicates an X.509 certificate is revoked. A
* <code>CertificateRevokedException</code> contains additional information * {@code CertificateRevokedException} contains additional information
* about the revoked certificate, such as the date on which the * about the revoked certificate, such as the date on which the
* certificate was revoked and the reason it was revoked. * certificate was revoked and the reason it was revoked.
* *
...@@ -60,7 +60,7 @@ public class CertificateRevokedException extends CertificateException { ...@@ -60,7 +60,7 @@ public class CertificateRevokedException extends CertificateException {
*/ */
private final CRLReason reason; private final CRLReason reason;
/** /**
* @serial the <code>X500Principal</code> that represents the name of the * @serial the {@code X500Principal} that represents the name of the
* authority that signed the certificate's revocation status information * authority that signed the certificate's revocation status information
*/ */
private final X500Principal authority; private final X500Principal authority;
...@@ -68,7 +68,7 @@ public class CertificateRevokedException extends CertificateException { ...@@ -68,7 +68,7 @@ public class CertificateRevokedException extends CertificateException {
private transient Map<String, Extension> extensions; private transient Map<String, Extension> extensions;
/** /**
* Constructs a <code>CertificateRevokedException</code> with * Constructs a {@code CertificateRevokedException} with
* the specified revocation date, reason code, authority name, and map * the specified revocation date, reason code, authority name, and map
* of extensions. * of extensions.
* *
...@@ -78,12 +78,12 @@ public class CertificateRevokedException extends CertificateException { ...@@ -78,12 +78,12 @@ public class CertificateRevokedException extends CertificateException {
* @param extensions a map of X.509 Extensions. Each key is an OID String * @param extensions a map of X.509 Extensions. Each key is an OID String
* that maps to the corresponding Extension. The map is copied to * that maps to the corresponding Extension. The map is copied to
* prevent subsequent modification. * prevent subsequent modification.
* @param authority the <code>X500Principal</code> that represents the name * @param authority the {@code X500Principal} that represents the name
* of the authority that signed the certificate's revocation status * of the authority that signed the certificate's revocation status
* information * information
* @throws NullPointerException if <code>revocationDate</code>, * @throws NullPointerException if {@code revocationDate},
* <code>reason</code>, <code>authority</code>, or * {@code reason}, {@code authority}, or
* <code>extensions</code> is <code>null</code> * {@code extensions} is {@code null}
*/ */
public CertificateRevokedException(Date revocationDate, CRLReason reason, public CertificateRevokedException(Date revocationDate, CRLReason reason,
X500Principal authority, Map<String, Extension> extensions) { X500Principal authority, Map<String, Extension> extensions) {
...@@ -121,7 +121,7 @@ public class CertificateRevokedException extends CertificateException { ...@@ -121,7 +121,7 @@ public class CertificateRevokedException extends CertificateException {
* Returns the name of the authority that signed the certificate's * Returns the name of the authority that signed the certificate's
* revocation status information. * revocation status information.
* *
* @return the <code>X500Principal</code> that represents the name of the * @return the {@code X500Principal} that represents the name of the
* authority that signed the certificate's revocation status information * authority that signed the certificate's revocation status information
*/ */
public X500Principal getAuthorityName() { public X500Principal getAuthorityName() {
...@@ -130,16 +130,16 @@ public class CertificateRevokedException extends CertificateException { ...@@ -130,16 +130,16 @@ public class CertificateRevokedException extends CertificateException {
/** /**
* Returns the invalidity date, as specifed in the Invalidity Date * Returns the invalidity date, as specifed in the Invalidity Date
* extension of this <code>CertificateRevokedException</code>. The * extension of this {@code CertificateRevokedException}. The
* invalidity date is the date on which it is known or suspected that the * invalidity date is the date on which it is known or suspected that the
* private key was compromised or that the certificate otherwise became * private key was compromised or that the certificate otherwise became
* invalid. This implementation calls <code>getExtensions()</code> and * invalid. This implementation calls {@code getExtensions()} and
* checks the returned map for an entry for the Invalidity Date extension * checks the returned map for an entry for the Invalidity Date extension
* OID ("2.5.29.24"). If found, it returns the invalidity date in the * OID ("2.5.29.24"). If found, it returns the invalidity date in the
* extension; otherwise null. A new Date object is returned each time the * extension; otherwise null. A new Date object is returned each time the
* method is invoked to protect against subsequent modification. * method is invoked to protect against subsequent modification.
* *
* @return the invalidity date, or <code>null</code> if not specified * @return the invalidity date, or {@code null} if not specified
*/ */
public Date getInvalidityDate() { public Date getInvalidityDate() {
Extension ext = getExtensions().get("2.5.29.24"); Extension ext = getExtensions().get("2.5.29.24");
...@@ -176,7 +176,7 @@ public class CertificateRevokedException extends CertificateException { ...@@ -176,7 +176,7 @@ public class CertificateRevokedException extends CertificateException {
} }
/** /**
* Serialize this <code>CertificateRevokedException</code> instance. * Serialize this {@code CertificateRevokedException} instance.
* *
* @serialData the size of the extensions map (int), followed by all of * @serialData the size of the extensions map (int), followed by all of
* the extensions in the map, in no particular order. For each extension, * the extensions in the map, in no particular order. For each extension,
...@@ -208,7 +208,7 @@ public class CertificateRevokedException extends CertificateException { ...@@ -208,7 +208,7 @@ public class CertificateRevokedException extends CertificateException {
} }
/** /**
* Deserialize the <code>CertificateRevokedException</code> instance. * Deserialize the {@code CertificateRevokedException} instance.
*/ */
private void readObject(ObjectInputStream ois) private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException { throws IOException, ClassNotFoundException {
......
src/share/classes/java/security/cert/CollectionCertStoreParameters.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -30,13 +30,13 @@ import java.util.Collection; ...@@ -30,13 +30,13 @@ import java.util.Collection;
import java.util.Collections; import java.util.Collections;
/** /**
* Parameters used as input for the Collection <code>CertStore</code> * Parameters used as input for the Collection {@code CertStore}
* algorithm. * algorithm.
* <p> * <p>
* This class is used to provide necessary configuration parameters * This class is used to provide necessary configuration parameters
* to implementations of the Collection <code>CertStore</code> * to implementations of the Collection {@code CertStore}
* algorithm. The only parameter included in this class is the * algorithm. The only parameter included in this class is the
* <code>Collection</code> from which the <code>CertStore</code> will * {@code Collection} from which the {@code CertStore} will
* retrieve certificates and CRLs. * retrieve certificates and CRLs.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
...@@ -58,30 +58,30 @@ public class CollectionCertStoreParameters ...@@ -58,30 +58,30 @@ public class CollectionCertStoreParameters
private Collection<?> coll; private Collection<?> coll;
/** /**
* Creates an instance of <code>CollectionCertStoreParameters</code> * Creates an instance of {@code CollectionCertStoreParameters}
* which will allow certificates and CRLs to be retrieved from the * which will allow certificates and CRLs to be retrieved from the
* specified <code>Collection</code>. If the specified * specified {@code Collection}. If the specified
* <code>Collection</code> contains an object that is not a * {@code Collection} contains an object that is not a
* <code>Certificate</code> or <code>CRL</code>, that object will be * {@code Certificate} or {@code CRL}, that object will be
* ignored by the Collection <code>CertStore</code>. * ignored by the Collection {@code CertStore}.
* <p> * <p>
* The <code>Collection</code> is <b>not</b> copied. Instead, a * The {@code Collection} is <b>not</b> copied. Instead, a
* reference is used. This allows the caller to subsequently add or * reference is used. This allows the caller to subsequently add or
* remove <code>Certificates</code> or <code>CRL</code>s from the * remove {@code Certificates} or {@code CRL}s from the
* <code>Collection</code>, thus changing the set of * {@code Collection}, thus changing the set of
* <code>Certificates</code> or <code>CRL</code>s available to the * {@code Certificates} or {@code CRL}s available to the
* Collection <code>CertStore</code>. The Collection <code>CertStore</code> * Collection {@code CertStore}. The Collection {@code CertStore}
* will not modify the contents of the <code>Collection</code>. * will not modify the contents of the {@code Collection}.
* <p> * <p>
* If the <code>Collection</code> will be modified by one thread while * If the {@code Collection} will be modified by one thread while
* another thread is calling a method of a Collection <code>CertStore</code> * another thread is calling a method of a Collection {@code CertStore}
* that has been initialized with this <code>Collection</code>, the * that has been initialized with this {@code Collection}, the
* <code>Collection</code> must have fail-fast iterators. * {@code Collection} must have fail-fast iterators.
* *
* @param collection a <code>Collection</code> of * @param collection a {@code Collection} of
* <code>Certificate</code>s and <code>CRL</code>s * {@code Certificate}s and {@code CRL}s
* @exception NullPointerException if <code>collection</code> is * @exception NullPointerException if {@code collection} is
* <code>null</code> * {@code null}
*/ */
public CollectionCertStoreParameters(Collection<?> collection) { public CollectionCertStoreParameters(Collection<?> collection) {
if (collection == null) if (collection == null)
...@@ -90,22 +90,22 @@ public class CollectionCertStoreParameters ...@@ -90,22 +90,22 @@ public class CollectionCertStoreParameters
} }
/** /**
* Creates an instance of <code>CollectionCertStoreParameters</code> with * Creates an instance of {@code CollectionCertStoreParameters} with
* the default parameter values (an empty and immutable * the default parameter values (an empty and immutable
* <code>Collection</code>). * {@code Collection}).
*/ */
public CollectionCertStoreParameters() { public CollectionCertStoreParameters() {
coll = Collections.EMPTY_SET; coll = Collections.EMPTY_SET;
} }
/** /**
* Returns the <code>Collection</code> from which <code>Certificate</code>s * Returns the {@code Collection} from which {@code Certificate}s
* and <code>CRL</code>s are retrieved. This is <b>not</b> a copy of the * and {@code CRL}s are retrieved. This is <b>not</b> a copy of the
* <code>Collection</code>, it is a reference. This allows the caller to * {@code Collection}, it is a reference. This allows the caller to
* subsequently add or remove <code>Certificates</code> or * subsequently add or remove {@code Certificates} or
* <code>CRL</code>s from the <code>Collection</code>. * {@code CRL}s from the {@code Collection}.
* *
* @return the <code>Collection</code> (never null) * @return the {@code Collection} (never null)
*/ */
public Collection<?> getCollection() { public Collection<?> getCollection() {
return coll; return coll;
...@@ -113,7 +113,7 @@ public class CollectionCertStoreParameters ...@@ -113,7 +113,7 @@ public class CollectionCertStoreParameters
/** /**
* Returns a copy of this object. Note that only a reference to the * Returns a copy of this object. Note that only a reference to the
* <code>Collection</code> is copied, and not the contents. * {@code Collection} is copied, and not the contents.
* *
* @return the copy * @return the copy
*/ */
......
src/share/classes/java/security/cert/Extension.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -84,7 +84,7 @@ public interface Extension { ...@@ -84,7 +84,7 @@ public interface Extension {
* that are encoded as an OCTET STRING. It does not include the OCTET * that are encoded as an OCTET STRING. It does not include the OCTET
* STRING tag and length. * STRING tag and length.
* *
* @return a copy of the extension's value, or <code>null</code> if no * @return a copy of the extension's value, or {@code null} if no
* extension value is present. * extension value is present.
*/ */
byte[] getValue(); byte[] getValue();
...@@ -95,7 +95,7 @@ public interface Extension { ...@@ -95,7 +95,7 @@ public interface Extension {
* *
* @param out the output stream * @param out the output stream
* @exception IOException on encoding or output error. * @exception IOException on encoding or output error.
* @exception NullPointerException if <code>out</code> is <code>null</code>. * @exception NullPointerException if {@code out} is {@code null}.
*/ */
void encode(OutputStream out) throws IOException; void encode(OutputStream out) throws IOException;
} }
src/share/classes/java/security/cert/LDAPCertStoreParameters.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -26,10 +26,10 @@ ...@@ -26,10 +26,10 @@
package java.security.cert; package java.security.cert;
/** /**
* Parameters used as input for the LDAP <code>CertStore</code> algorithm. * Parameters used as input for the LDAP {@code CertStore} algorithm.
* <p> * <p>
* This class is used to provide necessary configuration parameters (server * This class is used to provide necessary configuration parameters (server
* name and port number) to implementations of the LDAP <code>CertStore</code> * name and port number) to implementations of the LDAP {@code CertStore}
* algorithm. * algorithm.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
...@@ -59,13 +59,13 @@ public class LDAPCertStoreParameters implements CertStoreParameters { ...@@ -59,13 +59,13 @@ public class LDAPCertStoreParameters implements CertStoreParameters {
private String serverName; private String serverName;
/** /**
* Creates an instance of <code>LDAPCertStoreParameters</code> with the * Creates an instance of {@code LDAPCertStoreParameters} with the
* specified parameter values. * specified parameter values.
* *
* @param serverName the DNS name of the LDAP server * @param serverName the DNS name of the LDAP server
* @param port the port number of the LDAP server * @param port the port number of the LDAP server
* @exception NullPointerException if <code>serverName</code> is * @exception NullPointerException if {@code serverName} is
* <code>null</code> * {@code null}
*/ */
public LDAPCertStoreParameters(String serverName, int port) { public LDAPCertStoreParameters(String serverName, int port) {
if (serverName == null) if (serverName == null)
...@@ -75,19 +75,19 @@ public class LDAPCertStoreParameters implements CertStoreParameters { ...@@ -75,19 +75,19 @@ public class LDAPCertStoreParameters implements CertStoreParameters {
} }
/** /**
* Creates an instance of <code>LDAPCertStoreParameters</code> with the * Creates an instance of {@code LDAPCertStoreParameters} with the
* specified server name and a default port of 389. * specified server name and a default port of 389.
* *
* @param serverName the DNS name of the LDAP server * @param serverName the DNS name of the LDAP server
* @exception NullPointerException if <code>serverName</code> is * @exception NullPointerException if {@code serverName} is
* <code>null</code> * {@code null}
*/ */
public LDAPCertStoreParameters(String serverName) { public LDAPCertStoreParameters(String serverName) {
this(serverName, LDAP_DEFAULT_PORT); this(serverName, LDAP_DEFAULT_PORT);
} }
/** /**
* Creates an instance of <code>LDAPCertStoreParameters</code> with the * Creates an instance of {@code LDAPCertStoreParameters} with the
* default parameter values (server name "localhost", port 389). * default parameter values (server name "localhost", port 389).
*/ */
public LDAPCertStoreParameters() { public LDAPCertStoreParameters() {
...@@ -97,7 +97,7 @@ public class LDAPCertStoreParameters implements CertStoreParameters { ...@@ -97,7 +97,7 @@ public class LDAPCertStoreParameters implements CertStoreParameters {
/** /**
* Returns the DNS name of the LDAP server. * Returns the DNS name of the LDAP server.
* *
* @return the name (not <code>null</code>) * @return the name (not {@code null})
*/ */
public String getServerName() { public String getServerName() {
return serverName; return serverName;
...@@ -117,7 +117,7 @@ public class LDAPCertStoreParameters implements CertStoreParameters { ...@@ -117,7 +117,7 @@ public class LDAPCertStoreParameters implements CertStoreParameters {
* the original and vice versa. * the original and vice versa.
* <p> * <p>
* Note: this method currently performs a shallow copy of the object * Note: this method currently performs a shallow copy of the object
* (simply calls <code>Object.clone()</code>). This may be changed in a * (simply calls {@code Object.clone()}). This may be changed in a
* future revision to perform a deep copy if new parameters are added * future revision to perform a deep copy if new parameters are added
* that should not be shared. * that should not be shared.
* *
......
src/share/classes/java/security/cert/PKIXBuilderParameters.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -32,35 +32,35 @@ import java.security.InvalidParameterException; ...@@ -32,35 +32,35 @@ import java.security.InvalidParameterException;
import java.util.Set; import java.util.Set;
/** /**
* Parameters used as input for the PKIX <code>CertPathBuilder</code> * Parameters used as input for the PKIX {@code CertPathBuilder}
* algorithm. * algorithm.
* <p> * <p>
* A PKIX <code>CertPathBuilder</code> uses these parameters to {@link * A PKIX {@code CertPathBuilder} uses these parameters to {@link
* CertPathBuilder#build build} a <code>CertPath</code> which has been * CertPathBuilder#build build} a {@code CertPath} which has been
* validated according to the PKIX certification path validation algorithm. * validated according to the PKIX certification path validation algorithm.
* *
* <p>To instantiate a <code>PKIXBuilderParameters</code> object, an * <p>To instantiate a {@code PKIXBuilderParameters} object, an
* application must specify one or more <i>most-trusted CAs</i> as defined by * application must specify one or more <i>most-trusted CAs</i> as defined by
* the PKIX certification path validation algorithm. The most-trusted CA * the PKIX certification path validation algorithm. The most-trusted CA
* can be specified using one of two constructors. An application * can be specified using one of two constructors. An application
* can call {@link #PKIXBuilderParameters(Set, CertSelector) * can call {@link #PKIXBuilderParameters(Set, CertSelector)
* PKIXBuilderParameters(Set, CertSelector)}, specifying a * PKIXBuilderParameters(Set, CertSelector)}, specifying a
* <code>Set</code> of <code>TrustAnchor</code> objects, each of which * {@code Set} of {@code TrustAnchor} objects, each of which
* identifies a most-trusted CA. Alternatively, an application can call * identifies a most-trusted CA. Alternatively, an application can call
* {@link #PKIXBuilderParameters(KeyStore, CertSelector) * {@link #PKIXBuilderParameters(KeyStore, CertSelector)
* PKIXBuilderParameters(KeyStore, CertSelector)}, specifying a * PKIXBuilderParameters(KeyStore, CertSelector)}, specifying a
* <code>KeyStore</code> instance containing trusted certificate entries, each * {@code KeyStore} instance containing trusted certificate entries, each
* of which will be considered as a most-trusted CA. * of which will be considered as a most-trusted CA.
* *
* <p>In addition, an application must specify constraints on the target * <p>In addition, an application must specify constraints on the target
* certificate that the <code>CertPathBuilder</code> will attempt * certificate that the {@code CertPathBuilder} will attempt
* to build a path to. The constraints are specified as a * to build a path to. The constraints are specified as a
* <code>CertSelector</code> object. These constraints should provide the * {@code CertSelector} object. These constraints should provide the
* <code>CertPathBuilder</code> with enough search criteria to find the target * {@code CertPathBuilder} with enough search criteria to find the target
* certificate. Minimal criteria for an <code>X509Certificate</code> usually * certificate. Minimal criteria for an {@code X509Certificate} usually
* include the subject name and/or one or more subject alternative names. * include the subject name and/or one or more subject alternative names.
* If enough criteria is not specified, the <code>CertPathBuilder</code> * If enough criteria is not specified, the {@code CertPathBuilder}
* may throw a <code>CertPathBuilderException</code>. * may throw a {@code CertPathBuilderException}.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
...@@ -80,23 +80,23 @@ public class PKIXBuilderParameters extends PKIXParameters { ...@@ -80,23 +80,23 @@ public class PKIXBuilderParameters extends PKIXParameters {
private int maxPathLength = 5; private int maxPathLength = 5;
/** /**
* Creates an instance of <code>PKIXBuilderParameters</code> with * Creates an instance of {@code PKIXBuilderParameters} with
* the specified <code>Set</code> of most-trusted CAs. * the specified {@code Set} of most-trusted CAs.
* Each element of the set is a {@link TrustAnchor TrustAnchor}. * Each element of the set is a {@link TrustAnchor TrustAnchor}.
* *
* <p>Note that the <code>Set</code> is copied to protect against * <p>Note that the {@code Set} is copied to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s * @param trustAnchors a {@code Set} of {@code TrustAnchor}s
* @param targetConstraints a <code>CertSelector</code> specifying the * @param targetConstraints a {@code CertSelector} specifying the
* constraints on the target certificate * constraints on the target certificate
* @throws InvalidAlgorithmParameterException if <code>trustAnchors</code> * @throws InvalidAlgorithmParameterException if {@code trustAnchors}
* is empty <code>(trustAnchors.isEmpty() == true)</code> * is empty {@code (trustAnchors.isEmpty() == true)}
* @throws NullPointerException if <code>trustAnchors</code> is * @throws NullPointerException if {@code trustAnchors} is
* <code>null</code> * {@code null}
* @throws ClassCastException if any of the elements of * @throws ClassCastException if any of the elements of
* <code>trustAnchors</code> are not of type * {@code trustAnchors} are not of type
* <code>java.security.cert.TrustAnchor</code> * {@code java.security.cert.TrustAnchor}
*/ */
public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector
targetConstraints) throws InvalidAlgorithmParameterException targetConstraints) throws InvalidAlgorithmParameterException
...@@ -106,22 +106,22 @@ public class PKIXBuilderParameters extends PKIXParameters { ...@@ -106,22 +106,22 @@ public class PKIXBuilderParameters extends PKIXParameters {
} }
/** /**
* Creates an instance of <code>PKIXBuilderParameters</code> that * Creates an instance of {@code PKIXBuilderParameters} that
* populates the set of most-trusted CAs from the trusted * populates the set of most-trusted CAs from the trusted
* certificate entries contained in the specified <code>KeyStore</code>. * certificate entries contained in the specified {@code KeyStore}.
* Only keystore entries that contain trusted <code>X509Certificate</code>s * Only keystore entries that contain trusted {@code X509Certificate}s
* are considered; all other certificate types are ignored. * are considered; all other certificate types are ignored.
* *
* @param keystore a <code>KeyStore</code> from which the set of * @param keystore a {@code KeyStore} from which the set of
* most-trusted CAs will be populated * most-trusted CAs will be populated
* @param targetConstraints a <code>CertSelector</code> specifying the * @param targetConstraints a {@code CertSelector} specifying the
* constraints on the target certificate * constraints on the target certificate
* @throws KeyStoreException if <code>keystore</code> has not been * @throws KeyStoreException if {@code keystore} has not been
* initialized * initialized
* @throws InvalidAlgorithmParameterException if <code>keystore</code> does * @throws InvalidAlgorithmParameterException if {@code keystore} does
* not contain at least one trusted certificate entry * not contain at least one trusted certificate entry
* @throws NullPointerException if <code>keystore</code> is * @throws NullPointerException if {@code keystore} is
* <code>null</code> * {@code null}
*/ */
public PKIXBuilderParameters(KeyStore keystore, public PKIXBuilderParameters(KeyStore keystore,
CertSelector targetConstraints) CertSelector targetConstraints)
...@@ -139,7 +139,7 @@ public class PKIXBuilderParameters extends PKIXParameters { ...@@ -139,7 +139,7 @@ public class PKIXBuilderParameters extends PKIXParameters {
* in a certification path is not an intermediate certificate, and is not * in a certification path is not an intermediate certificate, and is not
* included in this limit. Usually the last certificate is an end entity * included in this limit. Usually the last certificate is an end entity
* certificate, but it can be a CA certificate. A PKIX * certificate, but it can be a CA certificate. A PKIX
* <code>CertPathBuilder</code> instance must not build * {@code CertPathBuilder} instance must not build
* paths longer than the length specified. * paths longer than the length specified.
* *
* <p> A value of 0 implies that the path can only contain * <p> A value of 0 implies that the path can only contain
...@@ -149,14 +149,14 @@ public class PKIXBuilderParameters extends PKIXParameters { ...@@ -149,14 +149,14 @@ public class PKIXBuilderParameters extends PKIXParameters {
* Setting a value less than -1 will cause an exception to be thrown. * Setting a value less than -1 will cause an exception to be thrown.
* *
* <p> If any of the CA certificates contain the * <p> If any of the CA certificates contain the
* <code>BasicConstraintsExtension</code>, the value of the * {@code BasicConstraintsExtension}, the value of the
* <code>pathLenConstraint</code> field of the extension overrides * {@code pathLenConstraint} field of the extension overrides
* the maximum path length parameter whenever the result is a * the maximum path length parameter whenever the result is a
* certification path of smaller length. * certification path of smaller length.
* *
* @param maxPathLength the maximum number of non-self-issued intermediate * @param maxPathLength the maximum number of non-self-issued intermediate
* certificates that may exist in a certification path * certificates that may exist in a certification path
* @throws InvalidParameterException if <code>maxPathLength</code> is set * @throws InvalidParameterException if {@code maxPathLength} is set
* to a value less than -1 * to a value less than -1
* *
* @see #getMaxPathLength * @see #getMaxPathLength
......
src/share/classes/java/security/cert/PKIXCertPathBuilderResult.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -33,14 +33,14 @@ import java.security.PublicKey; ...@@ -33,14 +33,14 @@ import java.security.PublicKey;
* returned using this algorithm are also validated according to the PKIX * returned using this algorithm are also validated according to the PKIX
* certification path validation algorithm. * certification path validation algorithm.
* *
* <p>Instances of <code>PKIXCertPathBuilderResult</code> are returned by * <p>Instances of {@code PKIXCertPathBuilderResult} are returned by
* the <code>build</code> method of <code>CertPathBuilder</code> * the {@code build} method of {@code CertPathBuilder}
* objects implementing the PKIX algorithm. * objects implementing the PKIX algorithm.
* *
* <p>All <code>PKIXCertPathBuilderResult</code> objects contain the * <p>All {@code PKIXCertPathBuilderResult} objects contain the
* certification path constructed by the build algorithm, the * certification path constructed by the build algorithm, the
* valid policy tree and subject public key resulting from the build * valid policy tree and subject public key resulting from the build
* algorithm, and a <code>TrustAnchor</code> describing the certification * algorithm, and a {@code TrustAnchor} describing the certification
* authority (CA) that served as a trust anchor for the certification path. * authority (CA) that served as a trust anchor for the certification path.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
...@@ -62,18 +62,18 @@ public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult ...@@ -62,18 +62,18 @@ public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
private CertPath certPath; private CertPath certPath;
/** /**
* Creates an instance of <code>PKIXCertPathBuilderResult</code> * Creates an instance of {@code PKIXCertPathBuilderResult}
* containing the specified parameters. * containing the specified parameters.
* *
* @param certPath the validated <code>CertPath</code> * @param certPath the validated {@code CertPath}
* @param trustAnchor a <code>TrustAnchor</code> describing the CA that * @param trustAnchor a {@code TrustAnchor} describing the CA that
* served as a trust anchor for the certification path * served as a trust anchor for the certification path
* @param policyTree the immutable valid policy tree, or <code>null</code> * @param policyTree the immutable valid policy tree, or {@code null}
* if there are no valid policies * if there are no valid policies
* @param subjectPublicKey the public key of the subject * @param subjectPublicKey the public key of the subject
* @throws NullPointerException if the <code>certPath</code>, * @throws NullPointerException if the {@code certPath},
* <code>trustAnchor</code> or <code>subjectPublicKey</code> parameters * {@code trustAnchor} or {@code subjectPublicKey} parameters
* are <code>null</code> * are {@code null}
*/ */
public PKIXCertPathBuilderResult(CertPath certPath, public PKIXCertPathBuilderResult(CertPath certPath,
TrustAnchor trustAnchor, PolicyNode policyTree, TrustAnchor trustAnchor, PolicyNode policyTree,
...@@ -87,13 +87,13 @@ public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult ...@@ -87,13 +87,13 @@ public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
/** /**
* Returns the built and validated certification path. The * Returns the built and validated certification path. The
* <code>CertPath</code> object does not include the trust anchor. * {@code CertPath} object does not include the trust anchor.
* Instead, use the {@link #getTrustAnchor() getTrustAnchor()} method to * Instead, use the {@link #getTrustAnchor() getTrustAnchor()} method to
* obtain the <code>TrustAnchor</code> that served as the trust anchor * obtain the {@code TrustAnchor} that served as the trust anchor
* for the certification path. * for the certification path.
* *
* @return the built and validated <code>CertPath</code> (never * @return the built and validated {@code CertPath} (never
* <code>null</code>) * {@code null})
*/ */
public CertPath getCertPath() { public CertPath getCertPath() {
return certPath; return certPath;
...@@ -101,10 +101,10 @@ public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult ...@@ -101,10 +101,10 @@ public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
/** /**
* Return a printable representation of this * Return a printable representation of this
* <code>PKIXCertPathBuilderResult</code>. * {@code PKIXCertPathBuilderResult}.
* *
* @return a <code>String</code> describing the contents of this * @return a {@code String} describing the contents of this
* <code>PKIXCertPathBuilderResult</code> * {@code PKIXCertPathBuilderResult}
*/ */
public String toString() { public String toString() {
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
......
src/share/classes/java/security/cert/PKIXCertPathChecker.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -30,38 +30,38 @@ import java.util.Set; ...@@ -30,38 +30,38 @@ import java.util.Set;
/** /**
* An abstract class that performs one or more checks on an * An abstract class that performs one or more checks on an
* <code>X509Certificate</code>. * {@code X509Certificate}.
* *
* <p>A concrete implementation of the <code>PKIXCertPathChecker</code> class * <p>A concrete implementation of the {@code PKIXCertPathChecker} class
* can be created to extend the PKIX certification path validation algorithm. * can be created to extend the PKIX certification path validation algorithm.
* For example, an implementation may check for and process a critical private * For example, an implementation may check for and process a critical private
* extension of each certificate in a certification path. * extension of each certificate in a certification path.
* *
* <p>Instances of <code>PKIXCertPathChecker</code> are passed as parameters * <p>Instances of {@code PKIXCertPathChecker} are passed as parameters
* using the {@link PKIXParameters#setCertPathCheckers setCertPathCheckers} * using the {@link PKIXParameters#setCertPathCheckers setCertPathCheckers}
* or {@link PKIXParameters#addCertPathChecker addCertPathChecker} methods * or {@link PKIXParameters#addCertPathChecker addCertPathChecker} methods
* of the <code>PKIXParameters</code> and <code>PKIXBuilderParameters</code> * of the {@code PKIXParameters} and {@code PKIXBuilderParameters}
* class. Each of the <code>PKIXCertPathChecker</code>s {@link #check check} * class. Each of the {@code PKIXCertPathChecker}s {@link #check check}
* methods will be called, in turn, for each certificate processed by a PKIX * methods will be called, in turn, for each certificate processed by a PKIX
* <code>CertPathValidator</code> or <code>CertPathBuilder</code> * {@code CertPathValidator} or {@code CertPathBuilder}
* implementation. * implementation.
* *
* <p>A <code>PKIXCertPathChecker</code> may be called multiple times on * <p>A {@code PKIXCertPathChecker} may be called multiple times on
* successive certificates in a certification path. Concrete subclasses * successive certificates in a certification path. Concrete subclasses
* are expected to maintain any internal state that may be necessary to * are expected to maintain any internal state that may be necessary to
* check successive certificates. The {@link #init init} method is used * check successive certificates. The {@link #init init} method is used
* to initialize the internal state of the checker so that the certificates * to initialize the internal state of the checker so that the certificates
* of a new certification path may be checked. A stateful implementation * of a new certification path may be checked. A stateful implementation
* <b>must</b> override the {@link #clone clone} method if necessary in * <b>must</b> override the {@link #clone clone} method if necessary in
* order to allow a PKIX <code>CertPathBuilder</code> to efficiently * order to allow a PKIX {@code CertPathBuilder} to efficiently
* backtrack and try other paths. In these situations, the * backtrack and try other paths. In these situations, the
* <code>CertPathBuilder</code> is able to restore prior path validation * {@code CertPathBuilder} is able to restore prior path validation
* states by restoring the cloned <code>PKIXCertPathChecker</code>s. * states by restoring the cloned {@code PKIXCertPathChecker}s.
* *
* <p>The order in which the certificates are presented to the * <p>The order in which the certificates are presented to the
* <code>PKIXCertPathChecker</code> may be either in the forward direction * {@code PKIXCertPathChecker} may be either in the forward direction
* (from target to most-trusted CA) or in the reverse direction (from * (from target to most-trusted CA) or in the reverse direction (from
* most-trusted CA to target). A <code>PKIXCertPathChecker</code> implementation * most-trusted CA to target). A {@code PKIXCertPathChecker} implementation
* <b>must</b> support reverse checking (the ability to perform its checks when * <b>must</b> support reverse checking (the ability to perform its checks when
* it is presented with certificates in the reverse direction) and <b>may</b> * it is presented with certificates in the reverse direction) and <b>may</b>
* support forward checking (the ability to perform its checks when it is * support forward checking (the ability to perform its checks when it is
...@@ -96,19 +96,19 @@ public abstract class PKIXCertPathChecker ...@@ -96,19 +96,19 @@ public abstract class PKIXCertPathChecker
protected PKIXCertPathChecker() {} protected PKIXCertPathChecker() {}
/** /**
* Initializes the internal state of this <code>PKIXCertPathChecker</code>. * Initializes the internal state of this {@code PKIXCertPathChecker}.
* <p> * <p>
* The <code>forward</code> flag specifies the order that * The {@code forward} flag specifies the order that
* certificates will be passed to the {@link #check check} method * certificates will be passed to the {@link #check check} method
* (forward or reverse). A <code>PKIXCertPathChecker</code> <b>must</b> * (forward or reverse). A {@code PKIXCertPathChecker} <b>must</b>
* support reverse checking and <b>may</b> support forward checking. * support reverse checking and <b>may</b> support forward checking.
* *
* @param forward the order that certificates are presented to * @param forward the order that certificates are presented to
* the <code>check</code> method. If <code>true</code>, certificates * the {@code check} method. If {@code true}, certificates
* are presented from target to most-trusted CA (forward); if * are presented from target to most-trusted CA (forward); if
* <code>false</code>, from most-trusted CA to target (reverse). * {@code false}, from most-trusted CA to target (reverse).
* @throws CertPathValidatorException if this * @throws CertPathValidatorException if this
* <code>PKIXCertPathChecker</code> is unable to check certificates in * {@code PKIXCertPathChecker} is unable to check certificates in
* the specified order; it should never be thrown if the forward flag * the specified order; it should never be thrown if the forward flag
* is false since reverse checking must be supported * is false since reverse checking must be supported
*/ */
...@@ -118,32 +118,32 @@ public abstract class PKIXCertPathChecker ...@@ -118,32 +118,32 @@ public abstract class PKIXCertPathChecker
/** /**
* Indicates if forward checking is supported. Forward checking refers * Indicates if forward checking is supported. Forward checking refers
* to the ability of the <code>PKIXCertPathChecker</code> to perform * to the ability of the {@code PKIXCertPathChecker} to perform
* its checks when certificates are presented to the <code>check</code> * its checks when certificates are presented to the {@code check}
* method in the forward direction (from target to most-trusted CA). * method in the forward direction (from target to most-trusted CA).
* *
* @return <code>true</code> if forward checking is supported, * @return {@code true} if forward checking is supported,
* <code>false</code> otherwise * {@code false} otherwise
*/ */
@Override @Override
public abstract boolean isForwardCheckingSupported(); public abstract boolean isForwardCheckingSupported();
/** /**
* Returns an immutable <code>Set</code> of X.509 certificate extensions * Returns an immutable {@code Set} of X.509 certificate extensions
* that this <code>PKIXCertPathChecker</code> supports (i.e. recognizes, is * that this {@code PKIXCertPathChecker} supports (i.e. recognizes, is
* able to process), or <code>null</code> if no extensions are supported. * able to process), or {@code null} if no extensions are supported.
* <p> * <p>
* Each element of the set is a <code>String</code> representing the * Each element of the set is a {@code String} representing the
* Object Identifier (OID) of the X.509 extension that is supported. * Object Identifier (OID) of the X.509 extension that is supported.
* The OID is represented by a set of nonnegative integers separated by * The OID is represented by a set of nonnegative integers separated by
* periods. * periods.
* <p> * <p>
* All X.509 certificate extensions that a <code>PKIXCertPathChecker</code> * All X.509 certificate extensions that a {@code PKIXCertPathChecker}
* might possibly be able to process should be included in the set. * might possibly be able to process should be included in the set.
* *
* @return an immutable <code>Set</code> of X.509 extension OIDs (in * @return an immutable {@code Set} of X.509 extension OIDs (in
* <code>String</code> format) supported by this * {@code String} format) supported by this
* <code>PKIXCertPathChecker</code>, or <code>null</code> if no * {@code PKIXCertPathChecker}, or {@code null} if no
* extensions are supported * extensions are supported
*/ */
public abstract Set<String> getSupportedExtensions(); public abstract Set<String> getSupportedExtensions();
...@@ -153,10 +153,10 @@ public abstract class PKIXCertPathChecker ...@@ -153,10 +153,10 @@ public abstract class PKIXCertPathChecker
* state and removes any critical extensions that it processes from the * state and removes any critical extensions that it processes from the
* specified collection of OID strings that represent the unresolved * specified collection of OID strings that represent the unresolved
* critical extensions. The certificates are presented in the order * critical extensions. The certificates are presented in the order
* specified by the <code>init</code> method. * specified by the {@code init} method.
* *
* @param cert the <code>Certificate</code> to be checked * @param cert the {@code Certificate} to be checked
* @param unresolvedCritExts a <code>Collection</code> of OID strings * @param unresolvedCritExts a {@code Collection} of OID strings
* representing the current set of unresolved critical extensions * representing the current set of unresolved critical extensions
* @exception CertPathValidatorException if the specified certificate does * @exception CertPathValidatorException if the specified certificate does
* not pass the check * not pass the check
...@@ -177,12 +177,12 @@ public abstract class PKIXCertPathChecker ...@@ -177,12 +177,12 @@ public abstract class PKIXCertPathChecker
} }
/** /**
* Returns a clone of this object. Calls the <code>Object.clone()</code> * Returns a clone of this object. Calls the {@code Object.clone()}
* method. * method.
* All subclasses which maintain state must support and * All subclasses which maintain state must support and
* override this method, if necessary. * override this method, if necessary.
* *
* @return a copy of this <code>PKIXCertPathChecker</code> * @return a copy of this {@code PKIXCertPathChecker}
*/ */
@Override @Override
public Object clone() { public Object clone() {
......
src/share/classes/java/security/cert/PKIXCertPathValidatorResult.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -31,13 +31,13 @@ import java.security.PublicKey; ...@@ -31,13 +31,13 @@ import java.security.PublicKey;
* This class represents the successful result of the PKIX certification * This class represents the successful result of the PKIX certification
* path validation algorithm. * path validation algorithm.
* *
* <p>Instances of <code>PKIXCertPathValidatorResult</code> are returned by the * <p>Instances of {@code PKIXCertPathValidatorResult} are returned by the
* {@link CertPathValidator#validate validate} method of * {@link CertPathValidator#validate validate} method of
* <code>CertPathValidator</code> objects implementing the PKIX algorithm. * {@code CertPathValidator} objects implementing the PKIX algorithm.
* *
* <p> All <code>PKIXCertPathValidatorResult</code> objects contain the * <p> All {@code PKIXCertPathValidatorResult} objects contain the
* valid policy tree and subject public key resulting from the * valid policy tree and subject public key resulting from the
* validation algorithm, as well as a <code>TrustAnchor</code> describing * validation algorithm, as well as a {@code TrustAnchor} describing
* the certification authority (CA) that served as a trust anchor for the * the certification authority (CA) that served as a trust anchor for the
* certification path. * certification path.
* <p> * <p>
...@@ -62,16 +62,16 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult { ...@@ -62,16 +62,16 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
private PublicKey subjectPublicKey; private PublicKey subjectPublicKey;
/** /**
* Creates an instance of <code>PKIXCertPathValidatorResult</code> * Creates an instance of {@code PKIXCertPathValidatorResult}
* containing the specified parameters. * containing the specified parameters.
* *
* @param trustAnchor a <code>TrustAnchor</code> describing the CA that * @param trustAnchor a {@code TrustAnchor} describing the CA that
* served as a trust anchor for the certification path * served as a trust anchor for the certification path
* @param policyTree the immutable valid policy tree, or <code>null</code> * @param policyTree the immutable valid policy tree, or {@code null}
* if there are no valid policies * if there are no valid policies
* @param subjectPublicKey the public key of the subject * @param subjectPublicKey the public key of the subject
* @throws NullPointerException if the <code>subjectPublicKey</code> or * @throws NullPointerException if the {@code subjectPublicKey} or
* <code>trustAnchor</code> parameters are <code>null</code> * {@code trustAnchor} parameters are {@code null}
*/ */
public PKIXCertPathValidatorResult(TrustAnchor trustAnchor, public PKIXCertPathValidatorResult(TrustAnchor trustAnchor,
PolicyNode policyTree, PublicKey subjectPublicKey) PolicyNode policyTree, PublicKey subjectPublicKey)
...@@ -86,10 +86,10 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult { ...@@ -86,10 +86,10 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
} }
/** /**
* Returns the <code>TrustAnchor</code> describing the CA that served * Returns the {@code TrustAnchor} describing the CA that served
* as a trust anchor for the certification path. * as a trust anchor for the certification path.
* *
* @return the <code>TrustAnchor</code> (never <code>null</code>) * @return the {@code TrustAnchor} (never {@code null})
*/ */
public TrustAnchor getTrustAnchor() { public TrustAnchor getTrustAnchor() {
return trustAnchor; return trustAnchor;
...@@ -98,18 +98,18 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult { ...@@ -98,18 +98,18 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
/** /**
* Returns the root node of the valid policy tree resulting from the * Returns the root node of the valid policy tree resulting from the
* PKIX certification path validation algorithm. The * PKIX certification path validation algorithm. The
* <code>PolicyNode</code> object that is returned and any objects that * {@code PolicyNode} object that is returned and any objects that
* it returns through public methods are immutable. * it returns through public methods are immutable.
* *
* <p>Most applications will not need to examine the valid policy tree. * <p>Most applications will not need to examine the valid policy tree.
* They can achieve their policy processing goals by setting the * They can achieve their policy processing goals by setting the
* policy-related parameters in <code>PKIXParameters</code>. However, more * policy-related parameters in {@code PKIXParameters}. However, more
* sophisticated applications, especially those that process policy * sophisticated applications, especially those that process policy
* qualifiers, may need to traverse the valid policy tree using the * qualifiers, may need to traverse the valid policy tree using the
* {@link PolicyNode#getParent PolicyNode.getParent} and * {@link PolicyNode#getParent PolicyNode.getParent} and
* {@link PolicyNode#getChildren PolicyNode.getChildren} methods. * {@link PolicyNode#getChildren PolicyNode.getChildren} methods.
* *
* @return the root node of the valid policy tree, or <code>null</code> * @return the root node of the valid policy tree, or {@code null}
* if there are no valid policies * if there are no valid policies
*/ */
public PolicyNode getPolicyTree() { public PolicyNode getPolicyTree() {
...@@ -120,7 +120,7 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult { ...@@ -120,7 +120,7 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
* Returns the public key of the subject (target) of the certification * Returns the public key of the subject (target) of the certification
* path, including any inherited public key parameters if applicable. * path, including any inherited public key parameters if applicable.
* *
* @return the public key of the subject (never <code>null</code>) * @return the public key of the subject (never {@code null})
*/ */
public PublicKey getPublicKey() { public PublicKey getPublicKey() {
return subjectPublicKey; return subjectPublicKey;
...@@ -142,10 +142,10 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult { ...@@ -142,10 +142,10 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
/** /**
* Return a printable representation of this * Return a printable representation of this
* <code>PKIXCertPathValidatorResult</code>. * {@code PKIXCertPathValidatorResult}.
* *
* @return a <code>String</code> describing the contents of this * @return a {@code String} describing the contents of this
* <code>PKIXCertPathValidatorResult</code> * {@code PKIXCertPathValidatorResult}
*/ */
public String toString() { public String toString() {
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
......
src/share/classes/java/security/cert/PKIXParameters.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -38,34 +38,34 @@ import java.util.List; ...@@ -38,34 +38,34 @@ import java.util.List;
import java.util.Set; import java.util.Set;
/** /**
* Parameters used as input for the PKIX <code>CertPathValidator</code> * Parameters used as input for the PKIX {@code CertPathValidator}
* algorithm. * algorithm.
* <p> * <p>
* A PKIX <code>CertPathValidator</code> uses these parameters to * A PKIX {@code CertPathValidator} uses these parameters to
* validate a <code>CertPath</code> according to the PKIX certification path * validate a {@code CertPath} according to the PKIX certification path
* validation algorithm. * validation algorithm.
* *
* <p>To instantiate a <code>PKIXParameters</code> object, an * <p>To instantiate a {@code PKIXParameters} object, an
* application must specify one or more <i>most-trusted CAs</i> as defined by * application must specify one or more <i>most-trusted CAs</i> as defined by
* the PKIX certification path validation algorithm. The most-trusted CAs * the PKIX certification path validation algorithm. The most-trusted CAs
* can be specified using one of two constructors. An application * can be specified using one of two constructors. An application
* can call {@link #PKIXParameters(Set) PKIXParameters(Set)}, * can call {@link #PKIXParameters(Set) PKIXParameters(Set)},
* specifying a <code>Set</code> of <code>TrustAnchor</code> objects, each * specifying a {@code Set} of {@code TrustAnchor} objects, each
* of which identify a most-trusted CA. Alternatively, an application can call * of which identify a most-trusted CA. Alternatively, an application can call
* {@link #PKIXParameters(KeyStore) PKIXParameters(KeyStore)}, specifying a * {@link #PKIXParameters(KeyStore) PKIXParameters(KeyStore)}, specifying a
* <code>KeyStore</code> instance containing trusted certificate entries, each * {@code KeyStore} instance containing trusted certificate entries, each
* of which will be considered as a most-trusted CA. * of which will be considered as a most-trusted CA.
* <p> * <p>
* Once a <code>PKIXParameters</code> object has been created, other parameters * Once a {@code PKIXParameters} object has been created, other parameters
* can be specified (by calling {@link #setInitialPolicies setInitialPolicies} * can be specified (by calling {@link #setInitialPolicies setInitialPolicies}
* or {@link #setDate setDate}, for instance) and then the * or {@link #setDate setDate}, for instance) and then the
* <code>PKIXParameters</code> is passed along with the <code>CertPath</code> * {@code PKIXParameters} is passed along with the {@code CertPath}
* to be validated to {@link CertPathValidator#validate * to be validated to {@link CertPathValidator#validate
* CertPathValidator.validate}. * CertPathValidator.validate}.
* <p> * <p>
* Any parameter that is not set (or is set to <code>null</code>) will * Any parameter that is not set (or is set to {@code null}) will
* be set to the default value for that parameter. The default value for the * be set to the default value for that parameter. The default value for the
* <code>date</code> parameter is <code>null</code>, which indicates * {@code date} parameter is {@code null}, which indicates
* the current time when the path is validated. The default for the * the current time when the path is validated. The default for the
* remaining parameters is the least constrained. * remaining parameters is the least constrained.
* <p> * <p>
...@@ -99,20 +99,20 @@ public class PKIXParameters implements CertPathParameters { ...@@ -99,20 +99,20 @@ public class PKIXParameters implements CertPathParameters {
private CertSelector certSelector; private CertSelector certSelector;
/** /**
* Creates an instance of <code>PKIXParameters</code> with the specified * Creates an instance of {@code PKIXParameters} with the specified
* <code>Set</code> of most-trusted CAs. Each element of the * {@code Set} of most-trusted CAs. Each element of the
* set is a {@link TrustAnchor TrustAnchor}. * set is a {@link TrustAnchor TrustAnchor}.
* <p> * <p>
* Note that the <code>Set</code> is copied to protect against * Note that the {@code Set} is copied to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s * @param trustAnchors a {@code Set} of {@code TrustAnchor}s
* @throws InvalidAlgorithmParameterException if the specified * @throws InvalidAlgorithmParameterException if the specified
* <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code> * {@code Set} is empty {@code (trustAnchors.isEmpty() == true)}
* @throws NullPointerException if the specified <code>Set</code> is * @throws NullPointerException if the specified {@code Set} is
* <code>null</code> * {@code null}
* @throws ClassCastException if any of the elements in the <code>Set</code> * @throws ClassCastException if any of the elements in the {@code Set}
* are not of type <code>java.security.cert.TrustAnchor</code> * are not of type {@code java.security.cert.TrustAnchor}
*/ */
public PKIXParameters(Set<TrustAnchor> trustAnchors) public PKIXParameters(Set<TrustAnchor> trustAnchors)
throws InvalidAlgorithmParameterException throws InvalidAlgorithmParameterException
...@@ -125,18 +125,18 @@ public class PKIXParameters implements CertPathParameters { ...@@ -125,18 +125,18 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Creates an instance of <code>PKIXParameters</code> that * Creates an instance of {@code PKIXParameters} that
* populates the set of most-trusted CAs from the trusted * populates the set of most-trusted CAs from the trusted
* certificate entries contained in the specified <code>KeyStore</code>. * certificate entries contained in the specified {@code KeyStore}.
* Only keystore entries that contain trusted <code>X509Certificates</code> * Only keystore entries that contain trusted {@code X509Certificates}
* are considered; all other certificate types are ignored. * are considered; all other certificate types are ignored.
* *
* @param keystore a <code>KeyStore</code> from which the set of * @param keystore a {@code KeyStore} from which the set of
* most-trusted CAs will be populated * most-trusted CAs will be populated
* @throws KeyStoreException if the keystore has not been initialized * @throws KeyStoreException if the keystore has not been initialized
* @throws InvalidAlgorithmParameterException if the keystore does * @throws InvalidAlgorithmParameterException if the keystore does
* not contain at least one trusted certificate entry * not contain at least one trusted certificate entry
* @throws NullPointerException if the keystore is <code>null</code> * @throws NullPointerException if the keystore is {@code null}
*/ */
public PKIXParameters(KeyStore keystore) public PKIXParameters(KeyStore keystore)
throws KeyStoreException, InvalidAlgorithmParameterException throws KeyStoreException, InvalidAlgorithmParameterException
...@@ -161,11 +161,11 @@ public class PKIXParameters implements CertPathParameters { ...@@ -161,11 +161,11 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Returns an immutable <code>Set</code> of the most-trusted * Returns an immutable {@code Set} of the most-trusted
* CAs. * CAs.
* *
* @return an immutable <code>Set</code> of <code>TrustAnchor</code>s * @return an immutable {@code Set} of {@code TrustAnchor}s
* (never <code>null</code>) * (never {@code null})
* *
* @see #setTrustAnchors * @see #setTrustAnchors
*/ */
...@@ -174,18 +174,18 @@ public class PKIXParameters implements CertPathParameters { ...@@ -174,18 +174,18 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Sets the <code>Set</code> of most-trusted CAs. * Sets the {@code Set} of most-trusted CAs.
* <p> * <p>
* Note that the <code>Set</code> is copied to protect against * Note that the {@code Set} is copied to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s * @param trustAnchors a {@code Set} of {@code TrustAnchor}s
* @throws InvalidAlgorithmParameterException if the specified * @throws InvalidAlgorithmParameterException if the specified
* <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code> * {@code Set} is empty {@code (trustAnchors.isEmpty() == true)}
* @throws NullPointerException if the specified <code>Set</code> is * @throws NullPointerException if the specified {@code Set} is
* <code>null</code> * {@code null}
* @throws ClassCastException if any of the elements in the set * @throws ClassCastException if any of the elements in the set
* are not of type <code>java.security.cert.TrustAnchor</code> * are not of type {@code java.security.cert.TrustAnchor}
* *
* @see #getTrustAnchors * @see #getTrustAnchors
*/ */
...@@ -211,16 +211,16 @@ public class PKIXParameters implements CertPathParameters { ...@@ -211,16 +211,16 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Returns an immutable <code>Set</code> of initial * Returns an immutable {@code Set} of initial
* policy identifiers (OID strings), indicating that any one of these * policy identifiers (OID strings), indicating that any one of these
* policies would be acceptable to the certificate user for the purposes of * policies would be acceptable to the certificate user for the purposes of
* certification path processing. The default return value is an empty * certification path processing. The default return value is an empty
* <code>Set</code>, which is interpreted as meaning that any policy would * {@code Set}, which is interpreted as meaning that any policy would
* be acceptable. * be acceptable.
* *
* @return an immutable <code>Set</code> of initial policy OIDs in * @return an immutable {@code Set} of initial policy OIDs in
* <code>String</code> format, or an empty <code>Set</code> (implying any * {@code String} format, or an empty {@code Set} (implying any
* policy is acceptable). Never returns <code>null</code>. * policy is acceptable). Never returns {@code null}.
* *
* @see #setInitialPolicies * @see #setInitialPolicies
*/ */
...@@ -229,21 +229,21 @@ public class PKIXParameters implements CertPathParameters { ...@@ -229,21 +229,21 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Sets the <code>Set</code> of initial policy identifiers * Sets the {@code Set} of initial policy identifiers
* (OID strings), indicating that any one of these * (OID strings), indicating that any one of these
* policies would be acceptable to the certificate user for the purposes of * policies would be acceptable to the certificate user for the purposes of
* certification path processing. By default, any policy is acceptable * certification path processing. By default, any policy is acceptable
* (i.e. all policies), so a user that wants to allow any policy as * (i.e. all policies), so a user that wants to allow any policy as
* acceptable does not need to call this method, or can call it * acceptable does not need to call this method, or can call it
* with an empty <code>Set</code> (or <code>null</code>). * with an empty {@code Set} (or {@code null}).
* <p> * <p>
* Note that the <code>Set</code> is copied to protect against * Note that the {@code Set} is copied to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param initialPolicies a <code>Set</code> of initial policy * @param initialPolicies a {@code Set} of initial policy
* OIDs in <code>String</code> format (or <code>null</code>) * OIDs in {@code String} format (or {@code null})
* @throws ClassCastException if any of the elements in the set are * @throws ClassCastException if any of the elements in the set are
* not of type <code>String</code> * not of type {@code String}
* *
* @see #getInitialPolicies * @see #getInitialPolicies
*/ */
...@@ -262,19 +262,19 @@ public class PKIXParameters implements CertPathParameters { ...@@ -262,19 +262,19 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Sets the list of <code>CertStore</code>s to be used in finding * Sets the list of {@code CertStore}s to be used in finding
* certificates and CRLs. May be <code>null</code>, in which case * certificates and CRLs. May be {@code null}, in which case
* no <code>CertStore</code>s will be used. The first * no {@code CertStore}s will be used. The first
* <code>CertStore</code>s in the list may be preferred to those that * {@code CertStore}s in the list may be preferred to those that
* appear later. * appear later.
* <p> * <p>
* Note that the <code>List</code> is copied to protect against * Note that the {@code List} is copied to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param stores a <code>List</code> of <code>CertStore</code>s (or * @param stores a {@code List} of {@code CertStore}s (or
* <code>null</code>) * {@code null})
* @throws ClassCastException if any of the elements in the list are * @throws ClassCastException if any of the elements in the list are
* not of type <code>java.security.cert.CertStore</code> * not of type {@code java.security.cert.CertStore}
* *
* @see #getCertStores * @see #getCertStores
*/ */
...@@ -293,10 +293,10 @@ public class PKIXParameters implements CertPathParameters { ...@@ -293,10 +293,10 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Adds a <code>CertStore</code> to the end of the list of * Adds a {@code CertStore} to the end of the list of
* <code>CertStore</code>s used in finding certificates and CRLs. * {@code CertStore}s used in finding certificates and CRLs.
* *
* @param store the <code>CertStore</code> to add. If <code>null</code>, * @param store the {@code CertStore} to add. If {@code null},
* the store is ignored (not added to list). * the store is ignored (not added to list).
*/ */
public void addCertStore(CertStore store) { public void addCertStore(CertStore store) {
...@@ -306,11 +306,11 @@ public class PKIXParameters implements CertPathParameters { ...@@ -306,11 +306,11 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Returns an immutable <code>List</code> of <code>CertStore</code>s that * Returns an immutable {@code List} of {@code CertStore}s that
* are used to find certificates and CRLs. * are used to find certificates and CRLs.
* *
* @return an immutable <code>List</code> of <code>CertStore</code>s * @return an immutable {@code List} of {@code CertStore}s
* (may be empty, but never <code>null</code>) * (may be empty, but never {@code null})
* *
* @see #setCertStores * @see #setCertStores
*/ */
...@@ -325,7 +325,7 @@ public class PKIXParameters implements CertPathParameters { ...@@ -325,7 +325,7 @@ public class PKIXParameters implements CertPathParameters {
* will be used. If this flag is false, the default revocation checking * will be used. If this flag is false, the default revocation checking
* mechanism will be disabled (not used). * mechanism will be disabled (not used).
* <p> * <p>
* When a <code>PKIXParameters</code> object is created, this flag is set * When a {@code PKIXParameters} object is created, this flag is set
* to true. This setting reflects the most common strategy for checking * to true. This setting reflects the most common strategy for checking
* revocation, since each service provider must support revocation * revocation, since each service provider must support revocation
* checking to be PKIX compliant. Sophisticated applications should set * checking to be PKIX compliant. Sophisticated applications should set
...@@ -360,8 +360,8 @@ public class PKIXParameters implements CertPathParameters { ...@@ -360,8 +360,8 @@ public class PKIXParameters implements CertPathParameters {
* acceptable policy needs to be explicitly identified in every certificate. * acceptable policy needs to be explicitly identified in every certificate.
* By default, the ExplicitPolicyRequired flag is false. * By default, the ExplicitPolicyRequired flag is false.
* *
* @param val <code>true</code> if explicit policy is to be required, * @param val {@code true} if explicit policy is to be required,
* <code>false</code> otherwise * {@code false} otherwise
*/ */
public void setExplicitPolicyRequired(boolean val) { public void setExplicitPolicyRequired(boolean val) {
explicitPolicyRequired = val; explicitPolicyRequired = val;
...@@ -372,8 +372,8 @@ public class PKIXParameters implements CertPathParameters { ...@@ -372,8 +372,8 @@ public class PKIXParameters implements CertPathParameters {
* acceptable policy needs to be explicitly identified in every certificate. * acceptable policy needs to be explicitly identified in every certificate.
* By default, the ExplicitPolicyRequired flag is false. * By default, the ExplicitPolicyRequired flag is false.
* *
* @return <code>true</code> if explicit policy is required, * @return {@code true} if explicit policy is required,
* <code>false</code> otherwise * {@code false} otherwise
*/ */
public boolean isExplicitPolicyRequired() { public boolean isExplicitPolicyRequired() {
return explicitPolicyRequired; return explicitPolicyRequired;
...@@ -384,8 +384,8 @@ public class PKIXParameters implements CertPathParameters { ...@@ -384,8 +384,8 @@ public class PKIXParameters implements CertPathParameters {
* mapping is inhibited. By default, policy mapping is not inhibited (the * mapping is inhibited. By default, policy mapping is not inhibited (the
* flag is false). * flag is false).
* *
* @param val <code>true</code> if policy mapping is to be inhibited, * @param val {@code true} if policy mapping is to be inhibited,
* <code>false</code> otherwise * {@code false} otherwise
*/ */
public void setPolicyMappingInhibited(boolean val) { public void setPolicyMappingInhibited(boolean val) {
policyMappingInhibited = val; policyMappingInhibited = val;
...@@ -406,10 +406,10 @@ public class PKIXParameters implements CertPathParameters { ...@@ -406,10 +406,10 @@ public class PKIXParameters implements CertPathParameters {
* Sets state to determine if the any policy OID should be processed * Sets state to determine if the any policy OID should be processed
* if it is included in a certificate. By default, the any policy OID * if it is included in a certificate. By default, the any policy OID
* is not inhibited ({@link #isAnyPolicyInhibited isAnyPolicyInhibited()} * is not inhibited ({@link #isAnyPolicyInhibited isAnyPolicyInhibited()}
* returns <code>false</code>). * returns {@code false}).
* *
* @param val <code>true</code> if the any policy OID is to be * @param val {@code true} if the any policy OID is to be
* inhibited, <code>false</code> otherwise * inhibited, {@code false} otherwise
*/ */
public void setAnyPolicyInhibited(boolean val) { public void setAnyPolicyInhibited(boolean val) {
anyPolicyInhibited = val; anyPolicyInhibited = val;
...@@ -419,8 +419,8 @@ public class PKIXParameters implements CertPathParameters { ...@@ -419,8 +419,8 @@ public class PKIXParameters implements CertPathParameters {
* Checks whether the any policy OID should be processed if it * Checks whether the any policy OID should be processed if it
* is included in a certificate. * is included in a certificate.
* *
* @return <code>true</code> if the any policy OID is inhibited, * @return {@code true} if the any policy OID is inhibited,
* <code>false</code> otherwise * {@code false} otherwise
*/ */
public boolean isAnyPolicyInhibited() { public boolean isAnyPolicyInhibited() {
return anyPolicyInhibited; return anyPolicyInhibited;
...@@ -432,7 +432,7 @@ public class PKIXParameters implements CertPathParameters { ...@@ -432,7 +432,7 @@ public class PKIXParameters implements CertPathParameters {
* policies extension that is marked critical are rejected. * policies extension that is marked critical are rejected.
* If the flag is false, certificates are not rejected on this basis. * If the flag is false, certificates are not rejected on this basis.
* *
* <p> When a <code>PKIXParameters</code> object is created, this flag is * <p> When a {@code PKIXParameters} object is created, this flag is
* set to true. This setting reflects the most common (and simplest) * set to true. This setting reflects the most common (and simplest)
* strategy for processing policy qualifiers. Applications that want to use * strategy for processing policy qualifiers. Applications that want to use
* a more sophisticated policy must set this flag to false. * a more sophisticated policy must set this flag to false.
...@@ -459,7 +459,7 @@ public class PKIXParameters implements CertPathParameters { ...@@ -459,7 +459,7 @@ public class PKIXParameters implements CertPathParameters {
* extension that is marked critical are rejected. * extension that is marked critical are rejected.
* If the flag is false, certificates are not rejected on this basis. * If the flag is false, certificates are not rejected on this basis.
* *
* <p> When a <code>PKIXParameters</code> object is created, this flag is * <p> When a {@code PKIXParameters} object is created, this flag is
* set to true. This setting reflects the most common (and simplest) * set to true. This setting reflects the most common (and simplest)
* strategy for processing policy qualifiers. Applications that want to use * strategy for processing policy qualifiers. Applications that want to use
* a more sophisticated policy must set this flag to false. * a more sophisticated policy must set this flag to false.
...@@ -473,12 +473,12 @@ public class PKIXParameters implements CertPathParameters { ...@@ -473,12 +473,12 @@ public class PKIXParameters implements CertPathParameters {
/** /**
* Returns the time for which the validity of the certification path * Returns the time for which the validity of the certification path
* should be determined. If <code>null</code>, the current time is used. * should be determined. If {@code null}, the current time is used.
* <p> * <p>
* Note that the <code>Date</code> returned is copied to protect against * Note that the {@code Date} returned is copied to protect against
* subsequent modifications. * subsequent modifications.
* *
* @return the <code>Date</code>, or <code>null</code> if not set * @return the {@code Date}, or {@code null} if not set
* @see #setDate * @see #setDate
*/ */
public Date getDate() { public Date getDate() {
...@@ -490,12 +490,12 @@ public class PKIXParameters implements CertPathParameters { ...@@ -490,12 +490,12 @@ public class PKIXParameters implements CertPathParameters {
/** /**
* Sets the time for which the validity of the certification path * Sets the time for which the validity of the certification path
* should be determined. If <code>null</code>, the current time is used. * should be determined. If {@code null}, the current time is used.
* <p> * <p>
* Note that the <code>Date</code> supplied here is copied to protect * Note that the {@code Date} supplied here is copied to protect
* against subsequent modifications. * against subsequent modifications.
* *
* @param date the <code>Date</code>, or <code>null</code> for the * @param date the {@code Date}, or {@code null} for the
* current time * current time
* @see #getDate * @see #getDate
*/ */
...@@ -507,39 +507,39 @@ public class PKIXParameters implements CertPathParameters { ...@@ -507,39 +507,39 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Sets a <code>List</code> of additional certification path checkers. If * Sets a {@code List} of additional certification path checkers. If
* the specified <code>List</code> contains an object that is not a * the specified {@code List} contains an object that is not a
* <code>PKIXCertPathChecker</code>, it is ignored. * {@code PKIXCertPathChecker}, it is ignored.
* <p> * <p>
* Each <code>PKIXCertPathChecker</code> specified implements * Each {@code PKIXCertPathChecker} specified implements
* additional checks on a certificate. Typically, these are checks to * additional checks on a certificate. Typically, these are checks to
* process and verify private extensions contained in certificates. * process and verify private extensions contained in certificates.
* Each <code>PKIXCertPathChecker</code> should be instantiated with any * Each {@code PKIXCertPathChecker} should be instantiated with any
* initialization parameters needed to execute the check. * initialization parameters needed to execute the check.
* <p> * <p>
* This method allows sophisticated applications to extend a PKIX * This method allows sophisticated applications to extend a PKIX
* <code>CertPathValidator</code> or <code>CertPathBuilder</code>. * {@code CertPathValidator} or {@code CertPathBuilder}.
* Each of the specified <code>PKIXCertPathChecker</code>s will be called, * Each of the specified {@code PKIXCertPathChecker}s will be called,
* in turn, by a PKIX <code>CertPathValidator</code> or * in turn, by a PKIX {@code CertPathValidator} or
* <code>CertPathBuilder</code> for each certificate processed or * {@code CertPathBuilder} for each certificate processed or
* validated. * validated.
* <p> * <p>
* Regardless of whether these additional <code>PKIXCertPathChecker</code>s * Regardless of whether these additional {@code PKIXCertPathChecker}s
* are set, a PKIX <code>CertPathValidator</code> or * are set, a PKIX {@code CertPathValidator} or
* <code>CertPathBuilder</code> must perform all of the required PKIX * {@code CertPathBuilder} must perform all of the required PKIX
* checks on each certificate. The one exception to this rule is if the * checks on each certificate. The one exception to this rule is if the
* RevocationEnabled flag is set to false (see the {@link * RevocationEnabled flag is set to false (see the {@link
* #setRevocationEnabled setRevocationEnabled} method). * #setRevocationEnabled setRevocationEnabled} method).
* <p> * <p>
* Note that the <code>List</code> supplied here is copied and each * Note that the {@code List} supplied here is copied and each
* <code>PKIXCertPathChecker</code> in the list is cloned to protect * {@code PKIXCertPathChecker} in the list is cloned to protect
* against subsequent modifications. * against subsequent modifications.
* *
* @param checkers a <code>List</code> of <code>PKIXCertPathChecker</code>s. * @param checkers a {@code List} of {@code PKIXCertPathChecker}s.
* May be <code>null</code>, in which case no additional checkers will be * May be {@code null}, in which case no additional checkers will be
* used. * used.
* @throws ClassCastException if any of the elements in the list * @throws ClassCastException if any of the elements in the list
* are not of type <code>java.security.cert.PKIXCertPathChecker</code> * are not of type {@code java.security.cert.PKIXCertPathChecker}
* @see #getCertPathCheckers * @see #getCertPathCheckers
*/ */
public void setCertPathCheckers(List<PKIXCertPathChecker> checkers) { public void setCertPathCheckers(List<PKIXCertPathChecker> checkers) {
...@@ -556,14 +556,14 @@ public class PKIXParameters implements CertPathParameters { ...@@ -556,14 +556,14 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Returns the <code>List</code> of certification path checkers. * Returns the {@code List} of certification path checkers.
* The returned <code>List</code> is immutable, and each * The returned {@code List} is immutable, and each
* <code>PKIXCertPathChecker</code> in the <code>List</code> is cloned * {@code PKIXCertPathChecker} in the {@code List} is cloned
* to protect against subsequent modifications. * to protect against subsequent modifications.
* *
* @return an immutable <code>List</code> of * @return an immutable {@code List} of
* <code>PKIXCertPathChecker</code>s (may be empty, but not * {@code PKIXCertPathChecker}s (may be empty, but not
* <code>null</code>) * {@code null})
* @see #setCertPathCheckers * @see #setCertPathCheckers
*/ */
public List<PKIXCertPathChecker> getCertPathCheckers() { public List<PKIXCertPathChecker> getCertPathCheckers() {
...@@ -575,15 +575,15 @@ public class PKIXParameters implements CertPathParameters { ...@@ -575,15 +575,15 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Adds a <code>PKIXCertPathChecker</code> to the list of certification * Adds a {@code PKIXCertPathChecker} to the list of certification
* path checkers. See the {@link #setCertPathCheckers setCertPathCheckers} * path checkers. See the {@link #setCertPathCheckers setCertPathCheckers}
* method for more details. * method for more details.
* <p> * <p>
* Note that the <code>PKIXCertPathChecker</code> is cloned to protect * Note that the {@code PKIXCertPathChecker} is cloned to protect
* against subsequent modifications. * against subsequent modifications.
* *
* @param checker a <code>PKIXCertPathChecker</code> to add to the list of * @param checker a {@code PKIXCertPathChecker} to add to the list of
* checks. If <code>null</code>, the checker is ignored (not added to list). * checks. If {@code null}, the checker is ignored (not added to list).
*/ */
public void addCertPathChecker(PKIXCertPathChecker checker) { public void addCertPathChecker(PKIXCertPathChecker checker) {
if (checker != null) { if (checker != null) {
...@@ -592,10 +592,10 @@ public class PKIXParameters implements CertPathParameters { ...@@ -592,10 +592,10 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Returns the signature provider's name, or <code>null</code> * Returns the signature provider's name, or {@code null}
* if not set. * if not set.
* *
* @return the signature provider's name (or <code>null</code>) * @return the signature provider's name (or {@code null})
* @see #setSigProvider * @see #setSigProvider
*/ */
public String getSigProvider() { public String getSigProvider() {
...@@ -605,10 +605,10 @@ public class PKIXParameters implements CertPathParameters { ...@@ -605,10 +605,10 @@ public class PKIXParameters implements CertPathParameters {
/** /**
* Sets the signature provider's name. The specified provider will be * Sets the signature provider's name. The specified provider will be
* preferred when creating {@link java.security.Signature Signature} * preferred when creating {@link java.security.Signature Signature}
* objects. If <code>null</code> or not set, the first provider found * objects. If {@code null} or not set, the first provider found
* supporting the algorithm will be used. * supporting the algorithm will be used.
* *
* @param sigProvider the signature provider's name (or <code>null</code>) * @param sigProvider the signature provider's name (or {@code null})
* @see #getSigProvider * @see #getSigProvider
*/ */
public void setSigProvider(String sigProvider) { public void setSigProvider(String sigProvider) {
...@@ -617,14 +617,14 @@ public class PKIXParameters implements CertPathParameters { ...@@ -617,14 +617,14 @@ public class PKIXParameters implements CertPathParameters {
/** /**
* Returns the required constraints on the target certificate. * Returns the required constraints on the target certificate.
* The constraints are returned as an instance of <code>CertSelector</code>. * The constraints are returned as an instance of {@code CertSelector}.
* If <code>null</code>, no constraints are defined. * If {@code null}, no constraints are defined.
* *
* <p>Note that the <code>CertSelector</code> returned is cloned * <p>Note that the {@code CertSelector} returned is cloned
* to protect against subsequent modifications. * to protect against subsequent modifications.
* *
* @return a <code>CertSelector</code> specifying the constraints * @return a {@code CertSelector} specifying the constraints
* on the target certificate (or <code>null</code>) * on the target certificate (or {@code null})
* @see #setTargetCertConstraints * @see #setTargetCertConstraints
*/ */
public CertSelector getTargetCertConstraints() { public CertSelector getTargetCertConstraints() {
...@@ -638,14 +638,14 @@ public class PKIXParameters implements CertPathParameters { ...@@ -638,14 +638,14 @@ public class PKIXParameters implements CertPathParameters {
/** /**
* Sets the required constraints on the target certificate. * Sets the required constraints on the target certificate.
* The constraints are specified as an instance of * The constraints are specified as an instance of
* <code>CertSelector</code>. If <code>null</code>, no constraints are * {@code CertSelector}. If {@code null}, no constraints are
* defined. * defined.
* *
* <p>Note that the <code>CertSelector</code> specified is cloned * <p>Note that the {@code CertSelector} specified is cloned
* to protect against subsequent modifications. * to protect against subsequent modifications.
* *
* @param selector a <code>CertSelector</code> specifying the constraints * @param selector a {@code CertSelector} specifying the constraints
* on the target certificate (or <code>null</code>) * on the target certificate (or {@code null})
* @see #getTargetCertConstraints * @see #getTargetCertConstraints
*/ */
public void setTargetCertConstraints(CertSelector selector) { public void setTargetCertConstraints(CertSelector selector) {
...@@ -656,10 +656,10 @@ public class PKIXParameters implements CertPathParameters { ...@@ -656,10 +656,10 @@ public class PKIXParameters implements CertPathParameters {
} }
/** /**
* Makes a copy of this <code>PKIXParameters</code> object. Changes * Makes a copy of this {@code PKIXParameters} object. Changes
* to the copy will not affect the original and vice versa. * to the copy will not affect the original and vice versa.
* *
* @return a copy of this <code>PKIXParameters</code> object * @return a copy of this {@code PKIXParameters} object
*/ */
public Object clone() { public Object clone() {
try { try {
......
src/share/classes/java/security/cert/PKIXReason.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -26,10 +26,10 @@ ...@@ -26,10 +26,10 @@
package java.security.cert; package java.security.cert;
/** /**
* The <code>PKIXReason</code> enumerates the potential PKIX-specific reasons * The {@code PKIXReason} enumerates the potential PKIX-specific reasons
* that an X.509 certification path may be invalid according to the PKIX * that an X.509 certification path may be invalid according to the PKIX
* (RFC 3280) standard. These reasons are in addition to those of the * (RFC 3280) standard. These reasons are in addition to those of the
* <code>CertPathValidatorException.BasicReason</code> enumeration. * {@code CertPathValidatorException.BasicReason} enumeration.
* *
* @since 1.7 * @since 1.7
*/ */
......
src/share/classes/java/security/cert/PolicyNode.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -41,7 +41,7 @@ import java.util.Set; ...@@ -41,7 +41,7 @@ import java.util.Set;
* *
* <p>Most applications will not need to examine the valid policy tree. * <p>Most applications will not need to examine the valid policy tree.
* They can achieve their policy processing goals by setting the * They can achieve their policy processing goals by setting the
* policy-related parameters in <code>PKIXParameters</code>. However, * policy-related parameters in {@code PKIXParameters}. However,
* the valid policy tree is available for more sophisticated applications, * the valid policy tree is available for more sophisticated applications,
* especially those that process policy qualifiers. * especially those that process policy qualifiers.
* *
...@@ -50,12 +50,12 @@ import java.util.Set; ...@@ -50,12 +50,12 @@ import java.util.Set;
* valid policy tree. The tree can be traversed using the * valid policy tree. The tree can be traversed using the
* {@link #getChildren getChildren} and {@link #getParent getParent} methods. * {@link #getChildren getChildren} and {@link #getParent getParent} methods.
* Data about a particular node can be retrieved using other methods of * Data about a particular node can be retrieved using other methods of
* <code>PolicyNode</code>. * {@code PolicyNode}.
* *
* <p><b>Concurrent Access</b> * <p><b>Concurrent Access</b>
* <p>All <code>PolicyNode</code> objects must be immutable and * <p>All {@code PolicyNode} objects must be immutable and
* thread-safe. Multiple threads may concurrently invoke the methods defined * thread-safe. Multiple threads may concurrently invoke the methods defined
* in this class on a single <code>PolicyNode</code> object (or more than one) * in this class on a single {@code PolicyNode} object (or more than one)
* with no ill effects. This stipulation applies to all public fields and * with no ill effects. This stipulation applies to all public fields and
* methods of this class and any added or overridden by subclasses. * methods of this class and any added or overridden by subclasses.
* *
...@@ -65,10 +65,10 @@ import java.util.Set; ...@@ -65,10 +65,10 @@ import java.util.Set;
public interface PolicyNode { public interface PolicyNode {
/** /**
* Returns the parent of this node, or <code>null</code> if this is the * Returns the parent of this node, or {@code null} if this is the
* root node. * root node.
* *
* @return the parent of this node, or <code>null</code> if this is the * @return the parent of this node, or {@code null} if this is the
* root node * root node
*/ */
PolicyNode getParent(); PolicyNode getParent();
...@@ -76,8 +76,8 @@ public interface PolicyNode { ...@@ -76,8 +76,8 @@ public interface PolicyNode {
/** /**
* Returns an iterator over the children of this node. Any attempts to * Returns an iterator over the children of this node. Any attempts to
* modify the children of this node through the * modify the children of this node through the
* <code>Iterator</code>'s remove method must throw an * {@code Iterator}'s remove method must throw an
* <code>UnsupportedOperationException</code>. * {@code UnsupportedOperationException}.
* *
* @return an iterator over the children of this node * @return an iterator over the children of this node
*/ */
...@@ -94,7 +94,7 @@ public interface PolicyNode { ...@@ -94,7 +94,7 @@ public interface PolicyNode {
/** /**
* Returns the valid policy represented by this node. * Returns the valid policy represented by this node.
* *
* @return the <code>String</code> OID of the valid policy * @return the {@code String} OID of the valid policy
* represented by this node. For the root node, this method always returns * represented by this node. For the root node, this method always returns
* the special anyPolicy OID: "2.5.29.32.0". * the special anyPolicy OID: "2.5.29.32.0".
*/ */
...@@ -104,9 +104,9 @@ public interface PolicyNode { ...@@ -104,9 +104,9 @@ public interface PolicyNode {
* Returns the set of policy qualifiers associated with the * Returns the set of policy qualifiers associated with the
* valid policy represented by this node. * valid policy represented by this node.
* *
* @return an immutable <code>Set</code> of * @return an immutable {@code Set} of
* <code>PolicyQualifierInfo</code>s. For the root node, this * {@code PolicyQualifierInfo}s. For the root node, this
* is always an empty <code>Set</code>. * is always an empty {@code Set}.
*/ */
Set<? extends PolicyQualifierInfo> getPolicyQualifiers(); Set<? extends PolicyQualifierInfo> getPolicyQualifiers();
...@@ -114,9 +114,9 @@ public interface PolicyNode { ...@@ -114,9 +114,9 @@ public interface PolicyNode {
* Returns the set of expected policies that would satisfy this * Returns the set of expected policies that would satisfy this
* node's valid policy in the next certificate to be processed. * node's valid policy in the next certificate to be processed.
* *
* @return an immutable <code>Set</code> of expected policy * @return an immutable {@code Set} of expected policy
* <code>String</code> OIDs. For the root node, this method * {@code String} OIDs. For the root node, this method
* always returns a <code>Set</code> with one element, the * always returns a {@code Set} with one element, the
* special anyPolicy OID: "2.5.29.32.0". * special anyPolicy OID: "2.5.29.32.0".
*/ */
Set<String> getExpectedPolicies(); Set<String> getExpectedPolicies();
...@@ -125,8 +125,8 @@ public interface PolicyNode { ...@@ -125,8 +125,8 @@ public interface PolicyNode {
* Returns the criticality indicator of the certificate policy extension * Returns the criticality indicator of the certificate policy extension
* in the most recently processed certificate. * in the most recently processed certificate.
* *
* @return <code>true</code> if extension marked critical, * @return {@code true} if extension marked critical,
* <code>false</code> otherwise. For the root node, <code>false</code> * {@code false} otherwise. For the root node, {@code false}
* is always returned. * is always returned.
*/ */
boolean isCritical(); boolean isCritical();
......
src/share/classes/java/security/cert/PolicyQualifierInfo.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -50,12 +50,12 @@ import sun.security.util.DerValue; ...@@ -50,12 +50,12 @@ import sun.security.util.DerValue;
* policy information terms limit the set of policies for certification paths * policy information terms limit the set of policies for certification paths
* which include this certificate. * which include this certificate.
* <p> * <p>
* A <code>Set</code> of <code>PolicyQualifierInfo</code> objects are returned * A {@code Set} of {@code PolicyQualifierInfo} objects are returned
* by the {@link PolicyNode#getPolicyQualifiers PolicyNode.getPolicyQualifiers} * by the {@link PolicyNode#getPolicyQualifiers PolicyNode.getPolicyQualifiers}
* method. This allows applications with specific policy requirements to * method. This allows applications with specific policy requirements to
* process and validate each policy qualifier. Applications that need to * process and validate each policy qualifier. Applications that need to
* process policy qualifiers should explicitly set the * process policy qualifiers should explicitly set the
* <code>policyQualifiersRejected</code> flag to false (by calling the * {@code policyQualifiersRejected} flag to false (by calling the
* {@link PKIXParameters#setPolicyQualifiersRejected * {@link PKIXParameters#setPolicyQualifiersRejected
* PKIXParameters.setPolicyQualifiersRejected} method) before validating * PKIXParameters.setPolicyQualifiersRejected} method) before validating
* a certification path. * a certification path.
...@@ -64,17 +64,17 @@ import sun.security.util.DerValue; ...@@ -64,17 +64,17 @@ import sun.security.util.DerValue;
* that any policy qualifier in a certificate policies extension that is * that any policy qualifier in a certificate policies extension that is
* marked critical must be processed and validated. Otherwise the * marked critical must be processed and validated. Otherwise the
* certification path must be rejected. If the * certification path must be rejected. If the
* <code>policyQualifiersRejected</code> flag is set to false, it is up to * {@code policyQualifiersRejected} flag is set to false, it is up to
* the application to validate all policy qualifiers in this manner in order * the application to validate all policy qualifiers in this manner in order
* to be PKIX compliant. * to be PKIX compliant.
* *
* <p><b>Concurrent Access</b> * <p><b>Concurrent Access</b>
* *
* <p>All <code>PolicyQualifierInfo</code> objects must be immutable and * <p>All {@code PolicyQualifierInfo} objects must be immutable and
* thread-safe. That is, multiple threads may concurrently invoke the * thread-safe. That is, multiple threads may concurrently invoke the
* methods defined in this class on a single <code>PolicyQualifierInfo</code> * methods defined in this class on a single {@code PolicyQualifierInfo}
* object (or more than one) with no ill effects. Requiring * object (or more than one) with no ill effects. Requiring
* <code>PolicyQualifierInfo</code> objects to be immutable and thread-safe * {@code PolicyQualifierInfo} objects to be immutable and thread-safe
* allows them to be passed around to various pieces of code without * allows them to be passed around to various pieces of code without
* worrying about coordinating access. * worrying about coordinating access.
* *
...@@ -90,7 +90,7 @@ public class PolicyQualifierInfo { ...@@ -90,7 +90,7 @@ public class PolicyQualifierInfo {
private String pqiString; private String pqiString;
/** /**
* Creates an instance of <code>PolicyQualifierInfo</code> from the * Creates an instance of {@code PolicyQualifierInfo} from the
* encoded bytes. The encoded byte array is copied on construction. * encoded bytes. The encoded byte array is copied on construction.
* *
* @param encoded a byte array containing the qualifier in DER encoding * @param encoded a byte array containing the qualifier in DER encoding
...@@ -115,12 +115,12 @@ public class PolicyQualifierInfo { ...@@ -115,12 +115,12 @@ public class PolicyQualifierInfo {
} }
/** /**
* Returns the <code>policyQualifierId</code> field of this * Returns the {@code policyQualifierId} field of this
* <code>PolicyQualifierInfo</code>. The <code>policyQualifierId</code> * {@code PolicyQualifierInfo}. The {@code policyQualifierId}
* is an Object Identifier (OID) represented by a set of nonnegative * is an Object Identifier (OID) represented by a set of nonnegative
* integers separated by periods. * integers separated by periods.
* *
* @return the OID (never <code>null</code>) * @return the OID (never {@code null})
*/ */
public final String getPolicyQualifierId() { public final String getPolicyQualifierId() {
return mId; return mId;
...@@ -128,9 +128,9 @@ public class PolicyQualifierInfo { ...@@ -128,9 +128,9 @@ public class PolicyQualifierInfo {
/** /**
* Returns the ASN.1 DER encoded form of this * Returns the ASN.1 DER encoded form of this
* <code>PolicyQualifierInfo</code>. * {@code PolicyQualifierInfo}.
* *
* @return the ASN.1 DER encoded bytes (never <code>null</code>). * @return the ASN.1 DER encoded bytes (never {@code null}).
* Note that a copy is returned, so the data is cloned each time * Note that a copy is returned, so the data is cloned each time
* this method is called. * this method is called.
*/ */
...@@ -139,10 +139,10 @@ public class PolicyQualifierInfo { ...@@ -139,10 +139,10 @@ public class PolicyQualifierInfo {
} }
/** /**
* Returns the ASN.1 DER encoded form of the <code>qualifier</code> * Returns the ASN.1 DER encoded form of the {@code qualifier}
* field of this <code>PolicyQualifierInfo</code>. * field of this {@code PolicyQualifierInfo}.
* *
* @return the ASN.1 DER encoded bytes of the <code>qualifier</code> * @return the ASN.1 DER encoded bytes of the {@code qualifier}
* field. Note that a copy is returned, so the data is cloned each * field. Note that a copy is returned, so the data is cloned each
* time this method is called. * time this method is called.
*/ */
...@@ -152,10 +152,10 @@ public class PolicyQualifierInfo { ...@@ -152,10 +152,10 @@ public class PolicyQualifierInfo {
/** /**
* Return a printable representation of this * Return a printable representation of this
* <code>PolicyQualifierInfo</code>. * {@code PolicyQualifierInfo}.
* *
* @return a <code>String</code> describing the contents of this * @return a {@code String} describing the contents of this
* <code>PolicyQualifierInfo</code> * {@code PolicyQualifierInfo}
*/ */
public String toString() { public String toString() {
if (pqiString != null) if (pqiString != null)
......
src/share/classes/java/security/cert/TrustAnchor.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -40,16 +40,16 @@ import sun.security.x509.X500Name; ...@@ -40,16 +40,16 @@ import sun.security.x509.X500Name;
* for validating X.509 certification paths. A most-trusted CA includes the * for validating X.509 certification paths. A most-trusted CA includes the
* public key of the CA, the CA's name, and any constraints upon the set of * public key of the CA, the CA's name, and any constraints upon the set of
* paths which may be validated using this key. These parameters can be * paths which may be validated using this key. These parameters can be
* specified in the form of a trusted <code>X509Certificate</code> or as * specified in the form of a trusted {@code X509Certificate} or as
* individual parameters. * individual parameters.
* <p> * <p>
* <b>Concurrent Access</b> * <b>Concurrent Access</b>
* <p> * <p>
* <p>All <code>TrustAnchor</code> objects must be immutable and * <p>All {@code TrustAnchor} objects must be immutable and
* thread-safe. That is, multiple threads may concurrently invoke the * thread-safe. That is, multiple threads may concurrently invoke the
* methods defined in this class on a single <code>TrustAnchor</code> * methods defined in this class on a single {@code TrustAnchor}
* object (or more than one) with no ill effects. Requiring * object (or more than one) with no ill effects. Requiring
* <code>TrustAnchor</code> objects to be immutable and thread-safe * {@code TrustAnchor} objects to be immutable and thread-safe
* allows them to be passed around to various pieces of code without * allows them to be passed around to various pieces of code without
* worrying about coordinating access. This stipulation applies to all * worrying about coordinating access. This stipulation applies to all
* public fields and methods of this class and any added or overridden * public fields and methods of this class and any added or overridden
...@@ -71,8 +71,8 @@ public class TrustAnchor { ...@@ -71,8 +71,8 @@ public class TrustAnchor {
private NameConstraintsExtension nc; private NameConstraintsExtension nc;
/** /**
* Creates an instance of <code>TrustAnchor</code> with the specified * Creates an instance of {@code TrustAnchor} with the specified
* <code>X509Certificate</code> and optional name constraints, which * {@code X509Certificate} and optional name constraints, which
* are intended to be used as additional constraints when validating * are intended to be used as additional constraints when validating
* an X.509 certification path. * an X.509 certification path.
* <p> * <p>
...@@ -82,7 +82,7 @@ public class TrustAnchor { ...@@ -82,7 +82,7 @@ public class TrustAnchor {
* <a href="http://www.ietf.org/rfc/rfc3280">RFC 3280</a> * <a href="http://www.ietf.org/rfc/rfc3280">RFC 3280</a>
* and X.509. The ASN.1 definition of this structure appears below. * and X.509. The ASN.1 definition of this structure appears below.
* *
* <pre><code> * <pre>{@code
* NameConstraints ::= SEQUENCE { * NameConstraints ::= SEQUENCE {
* permittedSubtrees [0] GeneralSubtrees OPTIONAL, * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
* excludedSubtrees [1] GeneralSubtrees OPTIONAL } * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
...@@ -106,20 +106,20 @@ public class TrustAnchor { ...@@ -106,20 +106,20 @@ public class TrustAnchor {
* uniformResourceIdentifier [6] IA5String, * uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING, * iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER} * registeredID [8] OBJECT IDENTIFIER}
* </code></pre> * }</pre>
* <p> * <p>
* Note that the name constraints byte array supplied is cloned to protect * Note that the name constraints byte array supplied is cloned to protect
* against subsequent modifications. * against subsequent modifications.
* *
* @param trustedCert a trusted <code>X509Certificate</code> * @param trustedCert a trusted {@code X509Certificate}
* @param nameConstraints a byte array containing the ASN.1 DER encoding of * @param nameConstraints a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension to be used for checking name constraints. * a NameConstraints extension to be used for checking name constraints.
* Only the value of the extension is included, not the OID or criticality * Only the value of the extension is included, not the OID or criticality
* flag. Specify <code>null</code> to omit the parameter. * flag. Specify {@code null} to omit the parameter.
* @throws IllegalArgumentException if the name constraints cannot be * @throws IllegalArgumentException if the name constraints cannot be
* decoded * decoded
* @throws NullPointerException if the specified * @throws NullPointerException if the specified
* <code>X509Certificate</code> is <code>null</code> * {@code X509Certificate} is {@code null}
*/ */
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
{ {
...@@ -134,7 +134,7 @@ public class TrustAnchor { ...@@ -134,7 +134,7 @@ public class TrustAnchor {
} }
/** /**
* Creates an instance of <code>TrustAnchor</code> where the * Creates an instance of {@code TrustAnchor} where the
* most-trusted CA is specified as an X500Principal and public key. * most-trusted CA is specified as an X500Principal and public key.
* Name constraints are an optional parameter, and are intended to be used * Name constraints are an optional parameter, and are intended to be used
* as additional constraints when validating an X.509 certification path. * as additional constraints when validating an X.509 certification path.
...@@ -155,9 +155,9 @@ public class TrustAnchor { ...@@ -155,9 +155,9 @@ public class TrustAnchor {
* @param nameConstraints a byte array containing the ASN.1 DER encoding of * @param nameConstraints a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension to be used for checking name constraints. * a NameConstraints extension to be used for checking name constraints.
* Only the value of the extension is included, not the OID or criticality * Only the value of the extension is included, not the OID or criticality
* flag. Specify <code>null</code> to omit the parameter. * flag. Specify {@code null} to omit the parameter.
* @throws NullPointerException if the specified <code>caPrincipal</code> or * @throws NullPointerException if the specified {@code caPrincipal} or
* <code>pubKey</code> parameter is <code>null</code> * {@code pubKey} parameter is {@code null}
* @since 1.5 * @since 1.5
*/ */
public TrustAnchor(X500Principal caPrincipal, PublicKey pubKey, public TrustAnchor(X500Principal caPrincipal, PublicKey pubKey,
...@@ -173,7 +173,7 @@ public class TrustAnchor { ...@@ -173,7 +173,7 @@ public class TrustAnchor {
} }
/** /**
* Creates an instance of <code>TrustAnchor</code> where the * Creates an instance of {@code TrustAnchor} where the
* most-trusted CA is specified as a distinguished name and public key. * most-trusted CA is specified as a distinguished name and public key.
* Name constraints are an optional parameter, and are intended to be used * Name constraints are an optional parameter, and are intended to be used
* as additional constraints when validating an X.509 certification path. * as additional constraints when validating an X.509 certification path.
...@@ -191,17 +191,17 @@ public class TrustAnchor { ...@@ -191,17 +191,17 @@ public class TrustAnchor {
* *
* @param caName the X.500 distinguished name of the most-trusted CA in * @param caName the X.500 distinguished name of the most-trusted CA in
* <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
* <code>String</code> format * {@code String} format
* @param pubKey the public key of the most-trusted CA * @param pubKey the public key of the most-trusted CA
* @param nameConstraints a byte array containing the ASN.1 DER encoding of * @param nameConstraints a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension to be used for checking name constraints. * a NameConstraints extension to be used for checking name constraints.
* Only the value of the extension is included, not the OID or criticality * Only the value of the extension is included, not the OID or criticality
* flag. Specify <code>null</code> to omit the parameter. * flag. Specify {@code null} to omit the parameter.
* @throws IllegalArgumentException if the specified <code> * @throws IllegalArgumentException if the specified
* caName</code> parameter is empty <code>(caName.length() == 0)</code> * {@code caName} parameter is empty {@code (caName.length() == 0)}
* or incorrectly formatted or the name constraints cannot be decoded * or incorrectly formatted or the name constraints cannot be decoded
* @throws NullPointerException if the specified <code>caName</code> or * @throws NullPointerException if the specified {@code caName} or
* <code>pubKey</code> parameter is <code>null</code> * {@code pubKey} parameter is {@code null}
*/ */
public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints) public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
{ {
...@@ -225,7 +225,7 @@ public class TrustAnchor { ...@@ -225,7 +225,7 @@ public class TrustAnchor {
/** /**
* Returns the most-trusted CA certificate. * Returns the most-trusted CA certificate.
* *
* @return a trusted <code>X509Certificate</code> or <code>null</code> * @return a trusted {@code X509Certificate} or {@code null}
* if the trust anchor was not specified as a trusted certificate * if the trust anchor was not specified as a trusted certificate
*/ */
public final X509Certificate getTrustedCert() { public final X509Certificate getTrustedCert() {
...@@ -236,7 +236,7 @@ public class TrustAnchor { ...@@ -236,7 +236,7 @@ public class TrustAnchor {
* Returns the name of the most-trusted CA as an X500Principal. * Returns the name of the most-trusted CA as an X500Principal.
* *
* @return the X.500 distinguished name of the most-trusted CA, or * @return the X.500 distinguished name of the most-trusted CA, or
* <code>null</code> if the trust anchor was not specified as a trusted * {@code null} if the trust anchor was not specified as a trusted
* public key and name or X500Principal pair * public key and name or X500Principal pair
* @since 1.5 * @since 1.5
*/ */
...@@ -245,11 +245,11 @@ public class TrustAnchor { ...@@ -245,11 +245,11 @@ public class TrustAnchor {
} }
/** /**
* Returns the name of the most-trusted CA in RFC 2253 <code>String</code> * Returns the name of the most-trusted CA in RFC 2253 {@code String}
* format. * format.
* *
* @return the X.500 distinguished name of the most-trusted CA, or * @return the X.500 distinguished name of the most-trusted CA, or
* <code>null</code> if the trust anchor was not specified as a trusted * {@code null} if the trust anchor was not specified as a trusted
* public key and name or X500Principal pair * public key and name or X500Principal pair
*/ */
public final String getCAName() { public final String getCAName() {
...@@ -259,7 +259,7 @@ public class TrustAnchor { ...@@ -259,7 +259,7 @@ public class TrustAnchor {
/** /**
* Returns the public key of the most-trusted CA. * Returns the public key of the most-trusted CA.
* *
* @return the public key of the most-trusted CA, or <code>null</code> * @return the public key of the most-trusted CA, or {@code null}
* if the trust anchor was not specified as a trusted public key and name * if the trust anchor was not specified as a trusted public key and name
* or X500Principal pair * or X500Principal pair
*/ */
...@@ -306,16 +306,16 @@ public class TrustAnchor { ...@@ -306,16 +306,16 @@ public class TrustAnchor {
* *
* @return a byte array containing the ASN.1 DER encoding of * @return a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension used for checking name constraints, * a NameConstraints extension used for checking name constraints,
* or <code>null</code> if not set. * or {@code null} if not set.
*/ */
public final byte [] getNameConstraints() { public final byte [] getNameConstraints() {
return ncBytes == null ? null : ncBytes.clone(); return ncBytes == null ? null : ncBytes.clone();
} }
/** /**
* Returns a formatted string describing the <code>TrustAnchor</code>. * Returns a formatted string describing the {@code TrustAnchor}.
* *
* @return a formatted string describing the <code>TrustAnchor</code> * @return a formatted string describing the {@code TrustAnchor}
*/ */
public String toString() { public String toString() {
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
......
src/share/classes/java/security/cert/X509CRL.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -72,7 +72,7 @@ import sun.security.x509.X509CRLImpl; ...@@ -72,7 +72,7 @@ import sun.security.x509.X509CRLImpl;
* <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
* Public Key Infrastructure Certificate and CRL Profile</a>. * Public Key Infrastructure Certificate and CRL Profile</a>.
* <p> * <p>
* The ASN.1 definition of <code>tbsCertList</code> is: * The ASN.1 definition of {@code tbsCertList} is:
* <pre> * <pre>
* TBSCertList ::= SEQUENCE { * TBSCertList ::= SEQUENCE {
* version Version OPTIONAL, * version Version OPTIONAL,
...@@ -94,12 +94,12 @@ import sun.security.x509.X509CRLImpl; ...@@ -94,12 +94,12 @@ import sun.security.x509.X509CRLImpl;
* <p> * <p>
* CRLs are instantiated using a certificate factory. The following is an * CRLs are instantiated using a certificate factory. The following is an
* example of how to instantiate an X.509 CRL: * example of how to instantiate an X.509 CRL:
* <pre><code> * <pre>{@code
* try (InputStream inStream = new FileInputStream("fileName-of-crl")) { * try (InputStream inStream = new FileInputStream("fileName-of-crl")) {
* CertificateFactory cf = CertificateFactory.getInstance("X.509"); * CertificateFactory cf = CertificateFactory.getInstance("X.509");
* X509CRL crl = (X509CRL)cf.generateCRL(inStream); * X509CRL crl = (X509CRL)cf.generateCRL(inStream);
* } * }
* </code></pre> * }</pre>
* *
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
* *
...@@ -122,8 +122,8 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -122,8 +122,8 @@ public abstract class X509CRL extends CRL implements X509Extension {
/** /**
* Compares this CRL for equality with the given * Compares this CRL for equality with the given
* object. If the <code>other</code> object is an * object. If the {@code other} object is an
* <code>instanceof</code> <code>X509CRL</code>, then * {@code instanceof} {@code X509CRL}, then
* its encoded form is retrieved and compared with the * its encoded form is retrieved and compared with the
* encoded form of this CRL. * encoded form of this CRL.
* *
...@@ -225,7 +225,7 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -225,7 +225,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
* *
* This method was added to version 1.8 of the Java Platform Standard * This method was added to version 1.8 of the Java Platform Standard
* Edition. In order to maintain backwards compatibility with existing * Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not <code>abstract</code> * service providers, this method is not {@code abstract}
* and it provides a default implementation. * and it provides a default implementation.
* *
* @param key the PublicKey used to carry out the verification. * @param key the PublicKey used to carry out the verification.
...@@ -245,7 +245,7 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -245,7 +245,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
} }
/** /**
* Gets the <code>version</code> (version number) value from the CRL. * Gets the {@code version} (version number) value from the CRL.
* The ASN.1 definition for this is: * The ASN.1 definition for this is:
* <pre> * <pre>
* version Version OPTIONAL, * version Version OPTIONAL,
...@@ -261,12 +261,12 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -261,12 +261,12 @@ public abstract class X509CRL extends CRL implements X509Extension {
/** /**
* <strong>Denigrated</strong>, replaced by {@linkplain * <strong>Denigrated</strong>, replaced by {@linkplain
* #getIssuerX500Principal()}. This method returns the <code>issuer</code> * #getIssuerX500Principal()}. This method returns the {@code issuer}
* as an implementation specific Principal object, which should not be * as an implementation specific Principal object, which should not be
* relied upon by portable code. * relied upon by portable code.
* *
* <p> * <p>
* Gets the <code>issuer</code> (issuer distinguished name) value from * Gets the {@code issuer} (issuer distinguished name) value from
* the CRL. The issuer name identifies the entity that signed (and * the CRL. The issuer name identifies the entity that signed (and
* issued) the CRL. * issued) the CRL.
* *
...@@ -287,14 +287,14 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -287,14 +287,14 @@ public abstract class X509CRL extends CRL implements X509Extension {
* AttributeType ::= OBJECT IDENTIFIER * AttributeType ::= OBJECT IDENTIFIER
* AttributeValue ::= ANY * AttributeValue ::= ANY
* </pre> * </pre>
* The <code>Name</code> describes a hierarchical name composed of * The {@code Name} describes a hierarchical name composed of
* attributes, * attributes,
* such as country name, and corresponding values, such as US. * such as country name, and corresponding values, such as US.
* The type of the <code>AttributeValue</code> component is determined by * The type of the {@code AttributeValue} component is determined by
* the <code>AttributeType</code>; in general it will be a * the {@code AttributeType}; in general it will be a
* <code>directoryString</code>. A <code>directoryString</code> is usually * {@code directoryString}. A {@code directoryString} is usually
* one of <code>PrintableString</code>, * one of {@code PrintableString},
* <code>TeletexString</code> or <code>UniversalString</code>. * {@code TeletexString} or {@code UniversalString}.
* *
* @return a Principal whose name is the issuer distinguished name. * @return a Principal whose name is the issuer distinguished name.
*/ */
...@@ -302,11 +302,11 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -302,11 +302,11 @@ public abstract class X509CRL extends CRL implements X509Extension {
/** /**
* Returns the issuer (issuer distinguished name) value from the * Returns the issuer (issuer distinguished name) value from the
* CRL as an <code>X500Principal</code>. * CRL as an {@code X500Principal}.
* <p> * <p>
* It is recommended that subclasses override this method. * It is recommended that subclasses override this method.
* *
* @return an <code>X500Principal</code> representing the issuer * @return an {@code X500Principal} representing the issuer
* distinguished name * distinguished name
* @since 1.4 * @since 1.4
*/ */
...@@ -318,7 +318,7 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -318,7 +318,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
} }
/** /**
* Gets the <code>thisUpdate</code> date from the CRL. * Gets the {@code thisUpdate} date from the CRL.
* The ASN.1 definition for this is: * The ASN.1 definition for this is:
* <pre> * <pre>
* thisUpdate ChoiceOfTime * thisUpdate ChoiceOfTime
...@@ -327,14 +327,14 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -327,14 +327,14 @@ public abstract class X509CRL extends CRL implements X509Extension {
* generalTime GeneralizedTime } * generalTime GeneralizedTime }
* </pre> * </pre>
* *
* @return the <code>thisUpdate</code> date from the CRL. * @return the {@code thisUpdate} date from the CRL.
*/ */
public abstract Date getThisUpdate(); public abstract Date getThisUpdate();
/** /**
* Gets the <code>nextUpdate</code> date from the CRL. * Gets the {@code nextUpdate} date from the CRL.
* *
* @return the <code>nextUpdate</code> date from the CRL, or null if * @return the {@code nextUpdate} date from the CRL, or null if
* not present. * not present.
*/ */
public abstract Date getNextUpdate(); public abstract Date getNextUpdate();
...@@ -388,7 +388,7 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -388,7 +388,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
/** /**
* Gets the DER-encoded CRL information, the * Gets the DER-encoded CRL information, the
* <code>tbsCertList</code> from this CRL. * {@code tbsCertList} from this CRL.
* This can be used to verify the signature independently. * This can be used to verify the signature independently.
* *
* @return the DER-encoded CRL information. * @return the DER-encoded CRL information.
...@@ -397,7 +397,7 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -397,7 +397,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
public abstract byte[] getTBSCertList() throws CRLException; public abstract byte[] getTBSCertList() throws CRLException;
/** /**
* Gets the <code>signature</code> value (the raw signature bits) from * Gets the {@code signature} value (the raw signature bits) from
* the CRL. * the CRL.
* The ASN.1 definition for this is: * The ASN.1 definition for this is:
* <pre> * <pre>
...@@ -422,7 +422,7 @@ public abstract class X509CRL extends CRL implements X509Extension { ...@@ -422,7 +422,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
* -- algorithm object identifier value * -- algorithm object identifier value
* </pre> * </pre>
* *
* <p>The algorithm name is determined from the <code>algorithm</code> * <p>The algorithm name is determined from the {@code algorithm}
* OID string. * OID string.
* *
* @return the signature algorithm name. * @return the signature algorithm name.
......
src/share/classes/java/security/cert/X509CRLEntry.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -68,8 +68,8 @@ public abstract class X509CRLEntry implements X509Extension { ...@@ -68,8 +68,8 @@ public abstract class X509CRLEntry implements X509Extension {
/** /**
* Compares this CRL entry for equality with the given * Compares this CRL entry for equality with the given
* object. If the <code>other</code> object is an * object. If the {@code other} object is an
* <code>instanceof</code> <code>X509CRLEntry</code>, then * {@code instanceof} {@code X509CRLEntry}, then
* its encoded form (the inner SEQUENCE) is retrieved and compared * its encoded form (the inner SEQUENCE) is retrieved and compared
* with the encoded form of this CRL entry. * with the encoded form of this CRL entry.
* *
...@@ -178,7 +178,7 @@ public abstract class X509CRLEntry implements X509Extension { ...@@ -178,7 +178,7 @@ public abstract class X509CRLEntry implements X509Extension {
* in the Reason Code extension of this CRL entry. * in the Reason Code extension of this CRL entry.
* *
* @return the reason the certificate has been revoked, or * @return the reason the certificate has been revoked, or
* <code>null</code> if this CRL entry does not have * {@code null} if this CRL entry does not have
* a Reason Code extension * a Reason Code extension
* @since 1.7 * @since 1.7
*/ */
......
src/share/classes/java/security/cert/X509CRLSelector.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -37,18 +37,18 @@ import sun.security.x509.CRLNumberExtension; ...@@ -37,18 +37,18 @@ import sun.security.x509.CRLNumberExtension;
import sun.security.x509.X500Name; import sun.security.x509.X500Name;
/** /**
* A <code>CRLSelector</code> that selects <code>X509CRLs</code> that * A {@code CRLSelector} that selects {@code X509CRLs} that
* match all specified criteria. This class is particularly useful when * match all specified criteria. This class is particularly useful when
* selecting CRLs from a <code>CertStore</code> to check revocation status * selecting CRLs from a {@code CertStore} to check revocation status
* of a particular certificate. * of a particular certificate.
* <p> * <p>
* When first constructed, an <code>X509CRLSelector</code> has no criteria * When first constructed, an {@code X509CRLSelector} has no criteria
* enabled and each of the <code>get</code> methods return a default * enabled and each of the {@code get} methods return a default
* value (<code>null</code>). Therefore, the {@link #match match} method * value ({@code null}). Therefore, the {@link #match match} method
* would return <code>true</code> for any <code>X509CRL</code>. Typically, * would return {@code true} for any {@code X509CRL}. Typically,
* several criteria are enabled (by calling {@link #setIssuers setIssuers} * several criteria are enabled (by calling {@link #setIssuers setIssuers}
* or {@link #setDateAndTime setDateAndTime}, for instance) and then the * or {@link #setDateAndTime setDateAndTime}, for instance) and then the
* <code>X509CRLSelector</code> is passed to * {@code X509CRLSelector} is passed to
* {@link CertStore#getCRLs CertStore.getCRLs} or some similar * {@link CertStore#getCRLs CertStore.getCRLs} or some similar
* method. * method.
* <p> * <p>
...@@ -86,35 +86,35 @@ public class X509CRLSelector implements CRLSelector { ...@@ -86,35 +86,35 @@ public class X509CRLSelector implements CRLSelector {
private long skew = 0; private long skew = 0;
/** /**
* Creates an <code>X509CRLSelector</code>. Initially, no criteria are set * Creates an {@code X509CRLSelector}. Initially, no criteria are set
* so any <code>X509CRL</code> will match. * so any {@code X509CRL} will match.
*/ */
public X509CRLSelector() {} public X509CRLSelector() {}
/** /**
* Sets the issuerNames criterion. The issuer distinguished name in the * Sets the issuerNames criterion. The issuer distinguished name in the
* <code>X509CRL</code> must match at least one of the specified * {@code X509CRL} must match at least one of the specified
* distinguished names. If <code>null</code>, any issuer distinguished name * distinguished names. If {@code null}, any issuer distinguished name
* will do. * will do.
* <p> * <p>
* This method allows the caller to specify, with a single method call, * This method allows the caller to specify, with a single method call,
* the complete set of issuer names which <code>X509CRLs</code> may contain. * the complete set of issuer names which {@code X509CRLs} may contain.
* The specified value replaces the previous value for the issuerNames * The specified value replaces the previous value for the issuerNames
* criterion. * criterion.
* <p> * <p>
* The <code>names</code> parameter (if not <code>null</code>) is a * The {@code names} parameter (if not {@code null}) is a
* <code>Collection</code> of <code>X500Principal</code>s. * {@code Collection} of {@code X500Principal}s.
* <p> * <p>
* Note that the <code>names</code> parameter can contain duplicate * Note that the {@code names} parameter can contain duplicate
* distinguished names, but they may be removed from the * distinguished names, but they may be removed from the
* <code>Collection</code> of names returned by the * {@code Collection} of names returned by the
* {@link #getIssuers getIssuers} method. * {@link #getIssuers getIssuers} method.
* <p> * <p>
* Note that a copy is performed on the <code>Collection</code> to * Note that a copy is performed on the {@code Collection} to
* protect against subsequent modifications. * protect against subsequent modifications.
* *
* @param issuers a <code>Collection</code> of X500Principals * @param issuers a {@code Collection} of X500Principals
* (or <code>null</code>) * (or {@code null})
* @see #getIssuers * @see #getIssuers
* @since 1.5 * @since 1.5
*/ */
...@@ -138,31 +138,31 @@ public class X509CRLSelector implements CRLSelector { ...@@ -138,31 +138,31 @@ public class X509CRLSelector implements CRLSelector {
* this method. See {@link #addIssuerName(String)} for more information. * this method. See {@link #addIssuerName(String)} for more information.
* <p> * <p>
* Sets the issuerNames criterion. The issuer distinguished name in the * Sets the issuerNames criterion. The issuer distinguished name in the
* <code>X509CRL</code> must match at least one of the specified * {@code X509CRL} must match at least one of the specified
* distinguished names. If <code>null</code>, any issuer distinguished name * distinguished names. If {@code null}, any issuer distinguished name
* will do. * will do.
* <p> * <p>
* This method allows the caller to specify, with a single method call, * This method allows the caller to specify, with a single method call,
* the complete set of issuer names which <code>X509CRLs</code> may contain. * the complete set of issuer names which {@code X509CRLs} may contain.
* The specified value replaces the previous value for the issuerNames * The specified value replaces the previous value for the issuerNames
* criterion. * criterion.
* <p> * <p>
* The <code>names</code> parameter (if not <code>null</code>) is a * The {@code names} parameter (if not {@code null}) is a
* <code>Collection</code> of names. Each name is a <code>String</code> * {@code Collection} of names. Each name is a {@code String}
* or a byte array representing a distinguished name (in * or a byte array representing a distinguished name (in
* <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or
* ASN.1 DER encoded form, respectively). If <code>null</code> is supplied * ASN.1 DER encoded form, respectively). If {@code null} is supplied
* as the value for this argument, no issuerNames check will be performed. * as the value for this argument, no issuerNames check will be performed.
* <p> * <p>
* Note that the <code>names</code> parameter can contain duplicate * Note that the {@code names} parameter can contain duplicate
* distinguished names, but they may be removed from the * distinguished names, but they may be removed from the
* <code>Collection</code> of names returned by the * {@code Collection} of names returned by the
* {@link #getIssuerNames getIssuerNames} method. * {@link #getIssuerNames getIssuerNames} method.
* <p> * <p>
* If a name is specified as a byte array, it should contain a single DER * If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for * encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is as follows. * this structure is as follows.
* <pre><code> * <pre>{@code
* Name ::= CHOICE { * Name ::= CHOICE {
* RDNSequence } * RDNSequence }
* *
...@@ -185,12 +185,12 @@ public class X509CRLSelector implements CRLSelector { ...@@ -185,12 +185,12 @@ public class X509CRLSelector implements CRLSelector {
* universalString UniversalString (SIZE (1..MAX)), * universalString UniversalString (SIZE (1..MAX)),
* utf8String UTF8String (SIZE (1.. MAX)), * utf8String UTF8String (SIZE (1.. MAX)),
* bmpString BMPString (SIZE (1..MAX)) } * bmpString BMPString (SIZE (1..MAX)) }
* </code></pre> * }</pre>
* <p> * <p>
* Note that a deep copy is performed on the <code>Collection</code> to * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications. * protect against subsequent modifications.
* *
* @param names a <code>Collection</code> of names (or <code>null</code>) * @param names a {@code Collection} of names (or {@code null})
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
* @see #getIssuerNames * @see #getIssuerNames
*/ */
...@@ -208,11 +208,11 @@ public class X509CRLSelector implements CRLSelector { ...@@ -208,11 +208,11 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Adds a name to the issuerNames criterion. The issuer distinguished * Adds a name to the issuerNames criterion. The issuer distinguished
* name in the <code>X509CRL</code> must match at least one of the specified * name in the {@code X509CRL} must match at least one of the specified
* distinguished names. * distinguished names.
* <p> * <p>
* This method allows the caller to add a name to the set of issuer names * This method allows the caller to add a name to the set of issuer names
* which <code>X509CRLs</code> may contain. The specified name is added to * which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion. * any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored. * If the specified name is a duplicate, it may be ignored.
* *
...@@ -232,11 +232,11 @@ public class X509CRLSelector implements CRLSelector { ...@@ -232,11 +232,11 @@ public class X509CRLSelector implements CRLSelector {
* names. * names.
* <p> * <p>
* Adds a name to the issuerNames criterion. The issuer distinguished * Adds a name to the issuerNames criterion. The issuer distinguished
* name in the <code>X509CRL</code> must match at least one of the specified * name in the {@code X509CRL} must match at least one of the specified
* distinguished names. * distinguished names.
* <p> * <p>
* This method allows the caller to add a name to the set of issuer names * This method allows the caller to add a name to the set of issuer names
* which <code>X509CRLs</code> may contain. The specified name is added to * which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion. * any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored. * If the specified name is a duplicate, it may be ignored.
* *
...@@ -249,11 +249,11 @@ public class X509CRLSelector implements CRLSelector { ...@@ -249,11 +249,11 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Adds a name to the issuerNames criterion. The issuer distinguished * Adds a name to the issuerNames criterion. The issuer distinguished
* name in the <code>X509CRL</code> must match at least one of the specified * name in the {@code X509CRL} must match at least one of the specified
* distinguished names. * distinguished names.
* <p> * <p>
* This method allows the caller to add a name to the set of issuer names * This method allows the caller to add a name to the set of issuer names
* which <code>X509CRLs</code> may contain. The specified name is added to * which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion. If the specified name * any previous value for the issuerNames criterion. If the specified name
* is a duplicate, it may be ignored. * is a duplicate, it may be ignored.
* If a name is specified as a byte array, it should contain a single DER * If a name is specified as a byte array, it should contain a single DER
...@@ -279,7 +279,7 @@ public class X509CRLSelector implements CRLSelector { ...@@ -279,7 +279,7 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* A private method that adds a name (String or byte array) to the * A private method that adds a name (String or byte array) to the
* issuerNames criterion. The issuer distinguished * issuerNames criterion. The issuer distinguished
* name in the <code>X509CRL</code> must match at least one of the specified * name in the {@code X509CRL} must match at least one of the specified
* distinguished names. * distinguished names.
* *
* @param name the name in string or byte array form * @param name the name in string or byte array form
...@@ -301,11 +301,11 @@ public class X509CRLSelector implements CRLSelector { ...@@ -301,11 +301,11 @@ public class X509CRLSelector implements CRLSelector {
* Clone and check an argument of the form passed to * Clone and check an argument of the form passed to
* setIssuerNames. Throw an IOException if the argument is malformed. * setIssuerNames. Throw an IOException if the argument is malformed.
* *
* @param names a <code>Collection</code> of names. Each entry is a * @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1 * String or a byte array (the name, in string or ASN.1
* DER encoded form, respectively). <code>null</code> is * DER encoded form, respectively). {@code null} is
* not an acceptable value. * not an acceptable value.
* @return a deep copy of the specified <code>Collection</code> * @return a deep copy of the specified {@code Collection}
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
*/ */
private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names) private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names)
...@@ -334,11 +334,11 @@ public class X509CRLSelector implements CRLSelector { ...@@ -334,11 +334,11 @@ public class X509CRLSelector implements CRLSelector {
* into a RuntimeException. This method should be used when the object being * into a RuntimeException. This method should be used when the object being
* cloned has already been checked, so there should never be any exceptions. * cloned has already been checked, so there should never be any exceptions.
* *
* @param names a <code>Collection</code> of names. Each entry is a * @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1 * String or a byte array (the name, in string or ASN.1
* DER encoded form, respectively). <code>null</code> is * DER encoded form, respectively). {@code null} is
* not an acceptable value. * not an acceptable value.
* @return a deep copy of the specified <code>Collection</code> * @return a deep copy of the specified {@code Collection}
* @throws RuntimeException if a parsing error occurs * @throws RuntimeException if a parsing error occurs
*/ */
private static HashSet<Object> cloneIssuerNames(Collection<Object> names) { private static HashSet<Object> cloneIssuerNames(Collection<Object> names) {
...@@ -354,7 +354,7 @@ public class X509CRLSelector implements CRLSelector { ...@@ -354,7 +354,7 @@ public class X509CRLSelector implements CRLSelector {
* returning a Collection of issuerX500Principals. * returning a Collection of issuerX500Principals.
* Throw an IOException if the argument is malformed. * Throw an IOException if the argument is malformed.
* *
* @param names a <code>Collection</code> of names. Each entry is a * @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1 * String or a byte array (the name, in string or ASN.1
* DER encoded form, respectively). <Code>Null</Code> is * DER encoded form, respectively). <Code>Null</Code> is
* not an acceptable value. * not an acceptable value.
...@@ -380,24 +380,24 @@ public class X509CRLSelector implements CRLSelector { ...@@ -380,24 +380,24 @@ public class X509CRLSelector implements CRLSelector {
} }
/** /**
* Sets the minCRLNumber criterion. The <code>X509CRL</code> must have a * Sets the minCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is greater than or equal to the * CRL number extension whose value is greater than or equal to the
* specified value. If <code>null</code>, no minCRLNumber check will be * specified value. If {@code null}, no minCRLNumber check will be
* done. * done.
* *
* @param minCRL the minimum CRL number accepted (or <code>null</code>) * @param minCRL the minimum CRL number accepted (or {@code null})
*/ */
public void setMinCRLNumber(BigInteger minCRL) { public void setMinCRLNumber(BigInteger minCRL) {
this.minCRL = minCRL; this.minCRL = minCRL;
} }
/** /**
* Sets the maxCRLNumber criterion. The <code>X509CRL</code> must have a * Sets the maxCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is less than or equal to the * CRL number extension whose value is less than or equal to the
* specified value. If <code>null</code>, no maxCRLNumber check will be * specified value. If {@code null}, no maxCRLNumber check will be
* done. * done.
* *
* @param maxCRL the maximum CRL number accepted (or <code>null</code>) * @param maxCRL the maximum CRL number accepted (or {@code null})
*/ */
public void setMaxCRLNumber(BigInteger maxCRL) { public void setMaxCRLNumber(BigInteger maxCRL) {
this.maxCRL = maxCRL; this.maxCRL = maxCRL;
...@@ -406,16 +406,16 @@ public class X509CRLSelector implements CRLSelector { ...@@ -406,16 +406,16 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Sets the dateAndTime criterion. The specified date must be * Sets the dateAndTime criterion. The specified date must be
* equal to or later than the value of the thisUpdate component * equal to or later than the value of the thisUpdate component
* of the <code>X509CRL</code> and earlier than the value of the * of the {@code X509CRL} and earlier than the value of the
* nextUpdate component. There is no match if the <code>X509CRL</code> * nextUpdate component. There is no match if the {@code X509CRL}
* does not contain a nextUpdate component. * does not contain a nextUpdate component.
* If <code>null</code>, no dateAndTime check will be done. * If {@code null}, no dateAndTime check will be done.
* <p> * <p>
* Note that the <code>Date</code> supplied here is cloned to protect * Note that the {@code Date} supplied here is cloned to protect
* against subsequent modifications. * against subsequent modifications.
* *
* @param dateAndTime the <code>Date</code> to match against * @param dateAndTime the {@code Date} to match against
* (or <code>null</code>) * (or {@code null})
* @see #getDateAndTime * @see #getDateAndTime
*/ */
public void setDateAndTime(Date dateAndTime) { public void setDateAndTime(Date dateAndTime) {
...@@ -438,13 +438,13 @@ public class X509CRLSelector implements CRLSelector { ...@@ -438,13 +438,13 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Sets the certificate being checked. This is not a criterion. Rather, * Sets the certificate being checked. This is not a criterion. Rather,
* it is optional information that may help a <code>CertStore</code> * it is optional information that may help a {@code CertStore}
* find CRLs that would be relevant when checking revocation for the * find CRLs that would be relevant when checking revocation for the
* specified certificate. If <code>null</code> is specified, then no * specified certificate. If {@code null} is specified, then no
* such optional information is provided. * such optional information is provided.
* *
* @param cert the <code>X509Certificate</code> being checked * @param cert the {@code X509Certificate} being checked
* (or <code>null</code>) * (or {@code null})
* @see #getCertificateChecking * @see #getCertificateChecking
*/ */
public void setCertificateChecking(X509Certificate cert) { public void setCertificateChecking(X509Certificate cert) {
...@@ -453,15 +453,15 @@ public class X509CRLSelector implements CRLSelector { ...@@ -453,15 +453,15 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Returns the issuerNames criterion. The issuer distinguished * Returns the issuerNames criterion. The issuer distinguished
* name in the <code>X509CRL</code> must match at least one of the specified * name in the {@code X509CRL} must match at least one of the specified
* distinguished names. If the value returned is <code>null</code>, any * distinguished names. If the value returned is {@code null}, any
* issuer distinguished name will do. * issuer distinguished name will do.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a * If the value returned is not {@code null}, it is a
* unmodifiable <code>Collection</code> of <code>X500Principal</code>s. * unmodifiable {@code Collection} of {@code X500Principal}s.
* *
* @return an unmodifiable <code>Collection</code> of names * @return an unmodifiable {@code Collection} of names
* (or <code>null</code>) * (or {@code null})
* @see #setIssuers * @see #setIssuers
* @since 1.5 * @since 1.5
*/ */
...@@ -474,25 +474,25 @@ public class X509CRLSelector implements CRLSelector { ...@@ -474,25 +474,25 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Returns a copy of the issuerNames criterion. The issuer distinguished * Returns a copy of the issuerNames criterion. The issuer distinguished
* name in the <code>X509CRL</code> must match at least one of the specified * name in the {@code X509CRL} must match at least one of the specified
* distinguished names. If the value returned is <code>null</code>, any * distinguished names. If the value returned is {@code null}, any
* issuer distinguished name will do. * issuer distinguished name will do.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a * If the value returned is not {@code null}, it is a
* <code>Collection</code> of names. Each name is a <code>String</code> * {@code Collection} of names. Each name is a {@code String}
* or a byte array representing a distinguished name (in RFC 2253 or * or a byte array representing a distinguished name (in RFC 2253 or
* ASN.1 DER encoded form, respectively). Note that the * ASN.1 DER encoded form, respectively). Note that the
* <code>Collection</code> returned may contain duplicate names. * {@code Collection} returned may contain duplicate names.
* <p> * <p>
* If a name is specified as a byte array, it should contain a single DER * If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for * encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is given in the documentation for * this structure is given in the documentation for
* {@link #setIssuerNames setIssuerNames(Collection names)}. * {@link #setIssuerNames setIssuerNames(Collection names)}.
* <p> * <p>
* Note that a deep copy is performed on the <code>Collection</code> to * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications. * protect against subsequent modifications.
* *
* @return a <code>Collection</code> of names (or <code>null</code>) * @return a {@code Collection} of names (or {@code null})
* @see #setIssuerNames * @see #setIssuerNames
*/ */
public Collection<Object> getIssuerNames() { public Collection<Object> getIssuerNames() {
...@@ -503,23 +503,23 @@ public class X509CRLSelector implements CRLSelector { ...@@ -503,23 +503,23 @@ public class X509CRLSelector implements CRLSelector {
} }
/** /**
* Returns the minCRLNumber criterion. The <code>X509CRL</code> must have a * Returns the minCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is greater than or equal to the * CRL number extension whose value is greater than or equal to the
* specified value. If <code>null</code>, no minCRLNumber check will be done. * specified value. If {@code null}, no minCRLNumber check will be done.
* *
* @return the minimum CRL number accepted (or <code>null</code>) * @return the minimum CRL number accepted (or {@code null})
*/ */
public BigInteger getMinCRL() { public BigInteger getMinCRL() {
return minCRL; return minCRL;
} }
/** /**
* Returns the maxCRLNumber criterion. The <code>X509CRL</code> must have a * Returns the maxCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is less than or equal to the * CRL number extension whose value is less than or equal to the
* specified value. If <code>null</code>, no maxCRLNumber check will be * specified value. If {@code null}, no maxCRLNumber check will be
* done. * done.
* *
* @return the maximum CRL number accepted (or <code>null</code>) * @return the maximum CRL number accepted (or {@code null})
*/ */
public BigInteger getMaxCRL() { public BigInteger getMaxCRL() {
return maxCRL; return maxCRL;
...@@ -528,15 +528,15 @@ public class X509CRLSelector implements CRLSelector { ...@@ -528,15 +528,15 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Returns the dateAndTime criterion. The specified date must be * Returns the dateAndTime criterion. The specified date must be
* equal to or later than the value of the thisUpdate component * equal to or later than the value of the thisUpdate component
* of the <code>X509CRL</code> and earlier than the value of the * of the {@code X509CRL} and earlier than the value of the
* nextUpdate component. There is no match if the * nextUpdate component. There is no match if the
* <code>X509CRL</code> does not contain a nextUpdate component. * {@code X509CRL} does not contain a nextUpdate component.
* If <code>null</code>, no dateAndTime check will be done. * If {@code null}, no dateAndTime check will be done.
* <p> * <p>
* Note that the <code>Date</code> returned is cloned to protect against * Note that the {@code Date} returned is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @return the <code>Date</code> to match against (or <code>null</code>) * @return the {@code Date} to match against (or {@code null})
* @see #setDateAndTime * @see #setDateAndTime
*/ */
public Date getDateAndTime() { public Date getDateAndTime() {
...@@ -547,12 +547,12 @@ public class X509CRLSelector implements CRLSelector { ...@@ -547,12 +547,12 @@ public class X509CRLSelector implements CRLSelector {
/** /**
* Returns the certificate being checked. This is not a criterion. Rather, * Returns the certificate being checked. This is not a criterion. Rather,
* it is optional information that may help a <code>CertStore</code> * it is optional information that may help a {@code CertStore}
* find CRLs that would be relevant when checking revocation for the * find CRLs that would be relevant when checking revocation for the
* specified certificate. If the value returned is <code>null</code>, then * specified certificate. If the value returned is {@code null}, then
* no such optional information is provided. * no such optional information is provided.
* *
* @return the certificate being checked (or <code>null</code>) * @return the certificate being checked (or {@code null})
* @see #setCertificateChecking * @see #setCertificateChecking
*/ */
public X509Certificate getCertificateChecking() { public X509Certificate getCertificateChecking() {
...@@ -560,10 +560,10 @@ public class X509CRLSelector implements CRLSelector { ...@@ -560,10 +560,10 @@ public class X509CRLSelector implements CRLSelector {
} }
/** /**
* Returns a printable representation of the <code>X509CRLSelector</code>. * Returns a printable representation of the {@code X509CRLSelector}.
* *
* @return a <code>String</code> describing the contents of the * @return a {@code String} describing the contents of the
* <code>X509CRLSelector</code>. * {@code X509CRLSelector}.
*/ */
public String toString() { public String toString() {
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
...@@ -587,11 +587,11 @@ public class X509CRLSelector implements CRLSelector { ...@@ -587,11 +587,11 @@ public class X509CRLSelector implements CRLSelector {
} }
/** /**
* Decides whether a <code>CRL</code> should be selected. * Decides whether a {@code CRL} should be selected.
* *
* @param crl the <code>CRL</code> to be checked * @param crl the {@code CRL} to be checked
* @return <code>true</code> if the <code>CRL</code> should be selected, * @return {@code true} if the {@code CRL} should be selected,
* <code>false</code> otherwise * {@code false} otherwise
*/ */
public boolean match(CRL crl) { public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) { if (!(crl instanceof X509CRL)) {
......
src/share/classes/java/security/cert/X509CertSelector.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -39,27 +39,27 @@ import sun.security.util.ObjectIdentifier; ...@@ -39,27 +39,27 @@ import sun.security.util.ObjectIdentifier;
import sun.security.x509.*; import sun.security.x509.*;
/** /**
* A <code>CertSelector</code> that selects <code>X509Certificates</code> that * A {@code CertSelector} that selects {@code X509Certificates} that
* match all specified criteria. This class is particularly useful when * match all specified criteria. This class is particularly useful when
* selecting certificates from a <code>CertStore</code> to build a * selecting certificates from a {@code CertStore} to build a
* PKIX-compliant certification path. * PKIX-compliant certification path.
* <p> * <p>
* When first constructed, an <code>X509CertSelector</code> has no criteria * When first constructed, an {@code X509CertSelector} has no criteria
* enabled and each of the <code>get</code> methods return a default value * enabled and each of the {@code get} methods return a default value
* (<code>null</code>, or <code>-1</code> for the {@link #getBasicConstraints * ({@code null}, or {@code -1} for the {@link #getBasicConstraints
* getBasicConstraints} method). Therefore, the {@link #match match} * getBasicConstraints} method). Therefore, the {@link #match match}
* method would return <code>true</code> for any <code>X509Certificate</code>. * method would return {@code true} for any {@code X509Certificate}.
* Typically, several criteria are enabled (by calling * Typically, several criteria are enabled (by calling
* {@link #setIssuer setIssuer} or * {@link #setIssuer setIssuer} or
* {@link #setKeyUsage setKeyUsage}, for instance) and then the * {@link #setKeyUsage setKeyUsage}, for instance) and then the
* <code>X509CertSelector</code> is passed to * {@code X509CertSelector} is passed to
* {@link CertStore#getCertificates CertStore.getCertificates} or some similar * {@link CertStore#getCertificates CertStore.getCertificates} or some similar
* method. * method.
* <p> * <p>
* Several criteria can be enabled (by calling {@link #setIssuer setIssuer} * Several criteria can be enabled (by calling {@link #setIssuer setIssuer}
* and {@link #setSerialNumber setSerialNumber}, * and {@link #setSerialNumber setSerialNumber},
* for example) such that the <code>match</code> method * for example) such that the {@code match} method
* usually uniquely matches a single <code>X509Certificate</code>. We say * usually uniquely matches a single {@code X509Certificate}. We say
* usually, since it is possible for two issuing CAs to have the same * usually, since it is possible for two issuing CAs to have the same
* distinguished name and each issue a certificate with the same serial * distinguished name and each issue a certificate with the same serial
* number. Other unique combinations include the issuer, subject, * number. Other unique combinations include the issuer, subject,
...@@ -149,8 +149,8 @@ public class X509CertSelector implements CertSelector { ...@@ -149,8 +149,8 @@ public class X509CertSelector implements CertSelector {
static final int NAME_OID = 8; static final int NAME_OID = 8;
/** /**
* Creates an <code>X509CertSelector</code>. Initially, no criteria are set * Creates an {@code X509CertSelector}. Initially, no criteria are set
* so any <code>X509Certificate</code> will match. * so any {@code X509Certificate} will match.
*/ */
public X509CertSelector() { public X509CertSelector() {
// empty // empty
...@@ -158,17 +158,17 @@ public class X509CertSelector implements CertSelector { ...@@ -158,17 +158,17 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the certificateEquals criterion. The specified * Sets the certificateEquals criterion. The specified
* <code>X509Certificate</code> must be equal to the * {@code X509Certificate} must be equal to the
* <code>X509Certificate</code> passed to the <code>match</code> method. * {@code X509Certificate} passed to the {@code match} method.
* If <code>null</code>, then this check is not applied. * If {@code null}, then this check is not applied.
* *
* <p>This method is particularly useful when it is necessary to * <p>This method is particularly useful when it is necessary to
* match a single certificate. Although other criteria can be specified * match a single certificate. Although other criteria can be specified
* in conjunction with the certificateEquals criterion, it is usually not * in conjunction with the certificateEquals criterion, it is usually not
* practical or necessary. * practical or necessary.
* *
* @param cert the <code>X509Certificate</code> to match (or * @param cert the {@code X509Certificate} to match (or
* <code>null</code>) * {@code null})
* @see #getCertificate * @see #getCertificate
*/ */
public void setCertificate(X509Certificate cert) { public void setCertificate(X509Certificate cert) {
...@@ -178,11 +178,11 @@ public class X509CertSelector implements CertSelector { ...@@ -178,11 +178,11 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the serialNumber criterion. The specified serial number * Sets the serialNumber criterion. The specified serial number
* must match the certificate serial number in the * must match the certificate serial number in the
* <code>X509Certificate</code>. If <code>null</code>, any certificate * {@code X509Certificate}. If {@code null}, any certificate
* serial number will do. * serial number will do.
* *
* @param serial the certificate serial number to match * @param serial the certificate serial number to match
* (or <code>null</code>) * (or {@code null})
* @see #getSerialNumber * @see #getSerialNumber
*/ */
public void setSerialNumber(BigInteger serial) { public void setSerialNumber(BigInteger serial) {
...@@ -192,11 +192,11 @@ public class X509CertSelector implements CertSelector { ...@@ -192,11 +192,11 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the issuer criterion. The specified distinguished name * Sets the issuer criterion. The specified distinguished name
* must match the issuer distinguished name in the * must match the issuer distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, any issuer * {@code X509Certificate}. If {@code null}, any issuer
* distinguished name will do. * distinguished name will do.
* *
* @param issuer a distinguished name as X500Principal * @param issuer a distinguished name as X500Principal
* (or <code>null</code>) * (or {@code null})
* @since 1.5 * @since 1.5
*/ */
public void setIssuer(X500Principal issuer) { public void setIssuer(X500Principal issuer) {
...@@ -213,14 +213,14 @@ public class X509CertSelector implements CertSelector { ...@@ -213,14 +213,14 @@ public class X509CertSelector implements CertSelector {
* <p> * <p>
* Sets the issuer criterion. The specified distinguished name * Sets the issuer criterion. The specified distinguished name
* must match the issuer distinguished name in the * must match the issuer distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, any issuer * {@code X509Certificate}. If {@code null}, any issuer
* distinguished name will do. * distinguished name will do.
* <p> * <p>
* If <code>issuerDN</code> is not <code>null</code>, it should contain a * If {@code issuerDN} is not {@code null}, it should contain a
* distinguished name, in RFC 2253 format. * distinguished name, in RFC 2253 format.
* *
* @param issuerDN a distinguished name in RFC 2253 format * @param issuerDN a distinguished name in RFC 2253 format
* (or <code>null</code>) * (or {@code null})
* @throws IOException if a parsing error occurs (incorrect form for DN) * @throws IOException if a parsing error occurs (incorrect form for DN)
*/ */
public void setIssuer(String issuerDN) throws IOException { public void setIssuer(String issuerDN) throws IOException {
...@@ -234,14 +234,14 @@ public class X509CertSelector implements CertSelector { ...@@ -234,14 +234,14 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the issuer criterion. The specified distinguished name * Sets the issuer criterion. The specified distinguished name
* must match the issuer distinguished name in the * must match the issuer distinguished name in the
* <code>X509Certificate</code>. If <code>null</code> is specified, * {@code X509Certificate}. If {@code null} is specified,
* the issuer criterion is disabled and any issuer distinguished name will * the issuer criterion is disabled and any issuer distinguished name will
* do. * do.
* <p> * <p>
* If <code>issuerDN</code> is not <code>null</code>, it should contain a * If {@code issuerDN} is not {@code null}, it should contain a
* single DER encoded distinguished name, as defined in X.501. The ASN.1 * single DER encoded distinguished name, as defined in X.501. The ASN.1
* notation for this structure is as follows. * notation for this structure is as follows.
* <pre><code> * <pre>{@code
* Name ::= CHOICE { * Name ::= CHOICE {
* RDNSequence } * RDNSequence }
* *
...@@ -264,13 +264,13 @@ public class X509CertSelector implements CertSelector { ...@@ -264,13 +264,13 @@ public class X509CertSelector implements CertSelector {
* universalString UniversalString (SIZE (1..MAX)), * universalString UniversalString (SIZE (1..MAX)),
* utf8String UTF8String (SIZE (1.. MAX)), * utf8String UTF8String (SIZE (1.. MAX)),
* bmpString BMPString (SIZE (1..MAX)) } * bmpString BMPString (SIZE (1..MAX)) }
* </code></pre> * }</pre>
* <p> * <p>
* Note that the byte array specified here is cloned to protect against * Note that the byte array specified here is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param issuerDN a byte array containing the distinguished name * @param issuerDN a byte array containing the distinguished name
* in ASN.1 DER encoded form (or <code>null</code>) * in ASN.1 DER encoded form (or {@code null})
* @throws IOException if an encoding error occurs (incorrect form for DN) * @throws IOException if an encoding error occurs (incorrect form for DN)
*/ */
public void setIssuer(byte[] issuerDN) throws IOException { public void setIssuer(byte[] issuerDN) throws IOException {
...@@ -284,11 +284,11 @@ public class X509CertSelector implements CertSelector { ...@@ -284,11 +284,11 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the subject criterion. The specified distinguished name * Sets the subject criterion. The specified distinguished name
* must match the subject distinguished name in the * must match the subject distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, any subject * {@code X509Certificate}. If {@code null}, any subject
* distinguished name will do. * distinguished name will do.
* *
* @param subject a distinguished name as X500Principal * @param subject a distinguished name as X500Principal
* (or <code>null</code>) * (or {@code null})
* @since 1.5 * @since 1.5
*/ */
public void setSubject(X500Principal subject) { public void setSubject(X500Principal subject) {
...@@ -304,14 +304,14 @@ public class X509CertSelector implements CertSelector { ...@@ -304,14 +304,14 @@ public class X509CertSelector implements CertSelector {
* <p> * <p>
* Sets the subject criterion. The specified distinguished name * Sets the subject criterion. The specified distinguished name
* must match the subject distinguished name in the * must match the subject distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, any subject * {@code X509Certificate}. If {@code null}, any subject
* distinguished name will do. * distinguished name will do.
* <p> * <p>
* If <code>subjectDN</code> is not <code>null</code>, it should contain a * If {@code subjectDN} is not {@code null}, it should contain a
* distinguished name, in RFC 2253 format. * distinguished name, in RFC 2253 format.
* *
* @param subjectDN a distinguished name in RFC 2253 format * @param subjectDN a distinguished name in RFC 2253 format
* (or <code>null</code>) * (or {@code null})
* @throws IOException if a parsing error occurs (incorrect form for DN) * @throws IOException if a parsing error occurs (incorrect form for DN)
*/ */
public void setSubject(String subjectDN) throws IOException { public void setSubject(String subjectDN) throws IOException {
...@@ -325,16 +325,16 @@ public class X509CertSelector implements CertSelector { ...@@ -325,16 +325,16 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the subject criterion. The specified distinguished name * Sets the subject criterion. The specified distinguished name
* must match the subject distinguished name in the * must match the subject distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, any subject * {@code X509Certificate}. If {@code null}, any subject
* distinguished name will do. * distinguished name will do.
* <p> * <p>
* If <code>subjectDN</code> is not <code>null</code>, it should contain a * If {@code subjectDN} is not {@code null}, it should contain a
* single DER encoded distinguished name, as defined in X.501. For the ASN.1 * single DER encoded distinguished name, as defined in X.501. For the ASN.1
* notation for this structure, see * notation for this structure, see
* {@link #setIssuer(byte [] issuerDN) setIssuer(byte [] issuerDN)}. * {@link #setIssuer(byte [] issuerDN) setIssuer(byte [] issuerDN)}.
* *
* @param subjectDN a byte array containing the distinguished name in * @param subjectDN a byte array containing the distinguished name in
* ASN.1 DER format (or <code>null</code>) * ASN.1 DER format (or {@code null})
* @throws IOException if an encoding error occurs (incorrect form for DN) * @throws IOException if an encoding error occurs (incorrect form for DN)
*/ */
public void setSubject(byte[] subjectDN) throws IOException { public void setSubject(byte[] subjectDN) throws IOException {
...@@ -347,34 +347,34 @@ public class X509CertSelector implements CertSelector { ...@@ -347,34 +347,34 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the subjectKeyIdentifier criterion. The * Sets the subjectKeyIdentifier criterion. The
* <code>X509Certificate</code> must contain a SubjectKeyIdentifier * {@code X509Certificate} must contain a SubjectKeyIdentifier
* extension for which the contents of the extension * extension for which the contents of the extension
* matches the specified criterion value. * matches the specified criterion value.
* If the criterion value is <code>null</code>, no * If the criterion value is {@code null}, no
* subjectKeyIdentifier check will be done. * subjectKeyIdentifier check will be done.
* <p> * <p>
* If <code>subjectKeyID</code> is not <code>null</code>, it * If {@code subjectKeyID} is not {@code null}, it
* should contain a single DER encoded value corresponding to the contents * should contain a single DER encoded value corresponding to the contents
* of the extension value (not including the object identifier, * of the extension value (not including the object identifier,
* criticality setting, and encapsulating OCTET STRING) * criticality setting, and encapsulating OCTET STRING)
* for a SubjectKeyIdentifier extension. * for a SubjectKeyIdentifier extension.
* The ASN.1 notation for this structure follows. * The ASN.1 notation for this structure follows.
* <p> * <p>
* <pre><code> * <pre>{@code
* SubjectKeyIdentifier ::= KeyIdentifier * SubjectKeyIdentifier ::= KeyIdentifier
* *
* KeyIdentifier ::= OCTET STRING * KeyIdentifier ::= OCTET STRING
* </code></pre> * }</pre>
* <p> * <p>
* Since the format of subject key identifiers is not mandated by * Since the format of subject key identifiers is not mandated by
* any standard, subject key identifiers are not parsed by the * any standard, subject key identifiers are not parsed by the
* <code>X509CertSelector</code>. Instead, the values are compared using * {@code X509CertSelector}. Instead, the values are compared using
* a byte-by-byte comparison. * a byte-by-byte comparison.
* <p> * <p>
* Note that the byte array supplied here is cloned to protect against * Note that the byte array supplied here is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param subjectKeyID the subject key identifier (or <code>null</code>) * @param subjectKeyID the subject key identifier (or {@code null})
* @see #getSubjectKeyIdentifier * @see #getSubjectKeyIdentifier
*/ */
public void setSubjectKeyIdentifier(byte[] subjectKeyID) { public void setSubjectKeyIdentifier(byte[] subjectKeyID) {
...@@ -387,46 +387,46 @@ public class X509CertSelector implements CertSelector { ...@@ -387,46 +387,46 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the authorityKeyIdentifier criterion. The * Sets the authorityKeyIdentifier criterion. The
* <code>X509Certificate</code> must contain an * {@code X509Certificate} must contain an
* AuthorityKeyIdentifier extension for which the contents of the * AuthorityKeyIdentifier extension for which the contents of the
* extension value matches the specified criterion value. * extension value matches the specified criterion value.
* If the criterion value is <code>null</code>, no * If the criterion value is {@code null}, no
* authorityKeyIdentifier check will be done. * authorityKeyIdentifier check will be done.
* <p> * <p>
* If <code>authorityKeyID</code> is not <code>null</code>, it * If {@code authorityKeyID} is not {@code null}, it
* should contain a single DER encoded value corresponding to the contents * should contain a single DER encoded value corresponding to the contents
* of the extension value (not including the object identifier, * of the extension value (not including the object identifier,
* criticality setting, and encapsulating OCTET STRING) * criticality setting, and encapsulating OCTET STRING)
* for an AuthorityKeyIdentifier extension. * for an AuthorityKeyIdentifier extension.
* The ASN.1 notation for this structure follows. * The ASN.1 notation for this structure follows.
* <p> * <p>
* <pre><code> * <pre>{@code
* AuthorityKeyIdentifier ::= SEQUENCE { * AuthorityKeyIdentifier ::= SEQUENCE {
* keyIdentifier [0] KeyIdentifier OPTIONAL, * keyIdentifier [0] KeyIdentifier OPTIONAL,
* authorityCertIssuer [1] GeneralNames OPTIONAL, * authorityCertIssuer [1] GeneralNames OPTIONAL,
* authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
* *
* KeyIdentifier ::= OCTET STRING * KeyIdentifier ::= OCTET STRING
* </code></pre> * }</pre>
* <p> * <p>
* Authority key identifiers are not parsed by the * Authority key identifiers are not parsed by the
* <code>X509CertSelector</code>. Instead, the values are * {@code X509CertSelector}. Instead, the values are
* compared using a byte-by-byte comparison. * compared using a byte-by-byte comparison.
* <p> * <p>
* When the <code>keyIdentifier</code> field of * When the {@code keyIdentifier} field of
* <code>AuthorityKeyIdentifier</code> is populated, the value is * {@code AuthorityKeyIdentifier} is populated, the value is
* usually taken from the <code>SubjectKeyIdentifier</code> extension * usually taken from the {@code SubjectKeyIdentifier} extension
* in the issuer's certificate. Note, however, that the result of * in the issuer's certificate. Note, however, that the result of
* <code>X509Certificate.getExtensionValue(&lt;SubjectKeyIdentifier Object * {@code X509Certificate.getExtensionValue(<SubjectKeyIdentifier Object
* Identifier&gt;)</code> on the issuer's certificate may NOT be used * Identifier>)} on the issuer's certificate may NOT be used
* directly as the input to <code>setAuthorityKeyIdentifier</code>. * directly as the input to {@code setAuthorityKeyIdentifier}.
* This is because the SubjectKeyIdentifier contains * This is because the SubjectKeyIdentifier contains
* only a KeyIdentifier OCTET STRING, and not a SEQUENCE of * only a KeyIdentifier OCTET STRING, and not a SEQUENCE of
* KeyIdentifier, GeneralNames, and CertificateSerialNumber. * KeyIdentifier, GeneralNames, and CertificateSerialNumber.
* In order to use the extension value of the issuer certificate's * In order to use the extension value of the issuer certificate's
* <code>SubjectKeyIdentifier</code> * {@code SubjectKeyIdentifier}
* extension, it will be necessary to extract the value of the embedded * extension, it will be necessary to extract the value of the embedded
* <code>KeyIdentifier</code> OCTET STRING, then DER encode this OCTET * {@code KeyIdentifier} OCTET STRING, then DER encode this OCTET
* STRING inside a SEQUENCE. * STRING inside a SEQUENCE.
* For more details on SubjectKeyIdentifier, see * For more details on SubjectKeyIdentifier, see
* {@link #setSubjectKeyIdentifier(byte[] subjectKeyID)}. * {@link #setSubjectKeyIdentifier(byte[] subjectKeyID)}.
...@@ -435,7 +435,7 @@ public class X509CertSelector implements CertSelector { ...@@ -435,7 +435,7 @@ public class X509CertSelector implements CertSelector {
* subsequent modifications. * subsequent modifications.
* *
* @param authorityKeyID the authority key identifier * @param authorityKeyID the authority key identifier
* (or <code>null</code>) * (or {@code null})
* @see #getAuthorityKeyIdentifier * @see #getAuthorityKeyIdentifier
*/ */
public void setAuthorityKeyIdentifier(byte[] authorityKeyID) { public void setAuthorityKeyIdentifier(byte[] authorityKeyID) {
...@@ -449,13 +449,13 @@ public class X509CertSelector implements CertSelector { ...@@ -449,13 +449,13 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the certificateValid criterion. The specified date must fall * Sets the certificateValid criterion. The specified date must fall
* within the certificate validity period for the * within the certificate validity period for the
* <code>X509Certificate</code>. If <code>null</code>, no certificateValid * {@code X509Certificate}. If {@code null}, no certificateValid
* check will be done. * check will be done.
* <p> * <p>
* Note that the <code>Date</code> supplied here is cloned to protect * Note that the {@code Date} supplied here is cloned to protect
* against subsequent modifications. * against subsequent modifications.
* *
* @param certValid the <code>Date</code> to check (or <code>null</code>) * @param certValid the {@code Date} to check (or {@code null})
* @see #getCertificateValid * @see #getCertificateValid
*/ */
public void setCertificateValid(Date certValid) { public void setCertificateValid(Date certValid) {
...@@ -469,14 +469,14 @@ public class X509CertSelector implements CertSelector { ...@@ -469,14 +469,14 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the privateKeyValid criterion. The specified date must fall * Sets the privateKeyValid criterion. The specified date must fall
* within the private key validity period for the * within the private key validity period for the
* <code>X509Certificate</code>. If <code>null</code>, no privateKeyValid * {@code X509Certificate}. If {@code null}, no privateKeyValid
* check will be done. * check will be done.
* <p> * <p>
* Note that the <code>Date</code> supplied here is cloned to protect * Note that the {@code Date} supplied here is cloned to protect
* against subsequent modifications. * against subsequent modifications.
* *
* @param privateKeyValid the <code>Date</code> to check (or * @param privateKeyValid the {@code Date} to check (or
* <code>null</code>) * {@code null})
* @see #getPrivateKeyValid * @see #getPrivateKeyValid
*/ */
public void setPrivateKeyValid(Date privateKeyValid) { public void setPrivateKeyValid(Date privateKeyValid) {
...@@ -489,12 +489,12 @@ public class X509CertSelector implements CertSelector { ...@@ -489,12 +489,12 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the subjectPublicKeyAlgID criterion. The * Sets the subjectPublicKeyAlgID criterion. The
* <code>X509Certificate</code> must contain a subject public key * {@code X509Certificate} must contain a subject public key
* with the specified algorithm. If <code>null</code>, no * with the specified algorithm. If {@code null}, no
* subjectPublicKeyAlgID check will be done. * subjectPublicKeyAlgID check will be done.
* *
* @param oid The object identifier (OID) of the algorithm to check * @param oid The object identifier (OID) of the algorithm to check
* for (or <code>null</code>). An OID is represented by a * for (or {@code null}). An OID is represented by a
* set of nonnegative integers separated by periods. * set of nonnegative integers separated by periods.
* @throws IOException if the OID is invalid, such as * @throws IOException if the OID is invalid, such as
* the first component being not 0, 1 or 2 or the second component * the first component being not 0, 1 or 2 or the second component
...@@ -512,10 +512,10 @@ public class X509CertSelector implements CertSelector { ...@@ -512,10 +512,10 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the subjectPublicKey criterion. The * Sets the subjectPublicKey criterion. The
* <code>X509Certificate</code> must contain the specified subject public * {@code X509Certificate} must contain the specified subject public
* key. If <code>null</code>, no subjectPublicKey check will be done. * key. If {@code null}, no subjectPublicKey check will be done.
* *
* @param key the subject public key to check for (or <code>null</code>) * @param key the subject public key to check for (or {@code null})
* @see #getSubjectPublicKey * @see #getSubjectPublicKey
*/ */
public void setSubjectPublicKey(PublicKey key) { public void setSubjectPublicKey(PublicKey key) {
...@@ -529,17 +529,17 @@ public class X509CertSelector implements CertSelector { ...@@ -529,17 +529,17 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Sets the subjectPublicKey criterion. The <code>X509Certificate</code> * Sets the subjectPublicKey criterion. The {@code X509Certificate}
* must contain the specified subject public key. If <code>null</code>, * must contain the specified subject public key. If {@code null},
* no subjectPublicKey check will be done. * no subjectPublicKey check will be done.
* <p> * <p>
* Because this method allows the public key to be specified as a byte * Because this method allows the public key to be specified as a byte
* array, it may be used for unknown key types. * array, it may be used for unknown key types.
* <p> * <p>
* If <code>key</code> is not <code>null</code>, it should contain a * If {@code key} is not {@code null}, it should contain a
* single DER encoded SubjectPublicKeyInfo structure, as defined in X.509. * single DER encoded SubjectPublicKeyInfo structure, as defined in X.509.
* The ASN.1 notation for this structure is as follows. * The ASN.1 notation for this structure is as follows.
* <pre><code> * <pre>{@code
* SubjectPublicKeyInfo ::= SEQUENCE { * SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier, * algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING } * subjectPublicKey BIT STRING }
...@@ -550,13 +550,13 @@ public class X509CertSelector implements CertSelector { ...@@ -550,13 +550,13 @@ public class X509CertSelector implements CertSelector {
* -- contains a value of the type * -- contains a value of the type
* -- registered for use with the * -- registered for use with the
* -- algorithm object identifier value * -- algorithm object identifier value
* </code></pre> * }</pre>
* <p> * <p>
* Note that the byte array supplied here is cloned to protect against * Note that the byte array supplied here is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param key a byte array containing the subject public key in ASN.1 DER * @param key a byte array containing the subject public key in ASN.1 DER
* form (or <code>null</code>) * form (or {@code null})
* @throws IOException if an encoding error occurs (incorrect form for * @throws IOException if an encoding error occurs (incorrect form for
* subject public key) * subject public key)
* @see #getSubjectPublicKey * @see #getSubjectPublicKey
...@@ -572,9 +572,9 @@ public class X509CertSelector implements CertSelector { ...@@ -572,9 +572,9 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Sets the keyUsage criterion. The <code>X509Certificate</code> * Sets the keyUsage criterion. The {@code X509Certificate}
* must allow the specified keyUsage values. If <code>null</code>, no * must allow the specified keyUsage values. If {@code null}, no
* keyUsage check will be done. Note that an <code>X509Certificate</code> * keyUsage check will be done. Note that an {@code X509Certificate}
* that has no keyUsage extension implicitly allows all keyUsage values. * that has no keyUsage extension implicitly allows all keyUsage values.
* <p> * <p>
* Note that the boolean array supplied here is cloned to protect against * Note that the boolean array supplied here is cloned to protect against
...@@ -583,7 +583,7 @@ public class X509CertSelector implements CertSelector { ...@@ -583,7 +583,7 @@ public class X509CertSelector implements CertSelector {
* @param keyUsage a boolean array in the same format as the boolean * @param keyUsage a boolean array in the same format as the boolean
* array returned by * array returned by
* {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}. * {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}.
* Or <code>null</code>. * Or {@code null}.
* @see #getKeyUsage * @see #getKeyUsage
*/ */
public void setKeyUsage(boolean[] keyUsage) { public void setKeyUsage(boolean[] keyUsage) {
...@@ -595,18 +595,18 @@ public class X509CertSelector implements CertSelector { ...@@ -595,18 +595,18 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Sets the extendedKeyUsage criterion. The <code>X509Certificate</code> * Sets the extendedKeyUsage criterion. The {@code X509Certificate}
* must allow the specified key purposes in its extended key usage * must allow the specified key purposes in its extended key usage
* extension. If <code>keyPurposeSet</code> is empty or <code>null</code>, * extension. If {@code keyPurposeSet} is empty or {@code null},
* no extendedKeyUsage check will be done. Note that an * no extendedKeyUsage check will be done. Note that an
* <code>X509Certificate</code> that has no extendedKeyUsage extension * {@code X509Certificate} that has no extendedKeyUsage extension
* implicitly allows all key purposes. * implicitly allows all key purposes.
* <p> * <p>
* Note that the <code>Set</code> is cloned to protect against * Note that the {@code Set} is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param keyPurposeSet a <code>Set</code> of key purpose OIDs in string * @param keyPurposeSet a {@code Set} of key purpose OIDs in string
* format (or <code>null</code>). Each OID is represented by a set of * format (or {@code null}). Each OID is represented by a set of
* nonnegative integers separated by periods. * nonnegative integers separated by periods.
* @throws IOException if the OID is invalid, such as * @throws IOException if the OID is invalid, such as
* the first component being not 0, 1 or 2 or the second component * the first component being not 0, 1 or 2 or the second component
...@@ -632,15 +632,15 @@ public class X509CertSelector implements CertSelector { ...@@ -632,15 +632,15 @@ public class X509CertSelector implements CertSelector {
* specified in the {@link #setSubjectAlternativeNames * specified in the {@link #setSubjectAlternativeNames
* setSubjectAlternativeNames} or {@link #addSubjectAlternativeName * setSubjectAlternativeNames} or {@link #addSubjectAlternativeName
* addSubjectAlternativeName} methods. If enabled, * addSubjectAlternativeName} methods. If enabled,
* the <code>X509Certificate</code> must contain all of the * the {@code X509Certificate} must contain all of the
* specified subject alternative names. If disabled, the * specified subject alternative names. If disabled, the
* <code>X509Certificate</code> must contain at least one of the * {@code X509Certificate} must contain at least one of the
* specified subject alternative names. * specified subject alternative names.
* *
* <p>The matchAllNames flag is <code>true</code> by default. * <p>The matchAllNames flag is {@code true} by default.
* *
* @param matchAllNames if <code>true</code>, the flag is enabled; * @param matchAllNames if {@code true}, the flag is enabled;
* if <code>false</code>, the flag is disabled. * if {@code false}, the flag is disabled.
* @see #getMatchAllSubjectAltNames * @see #getMatchAllSubjectAltNames
*/ */
public void setMatchAllSubjectAltNames(boolean matchAllNames) { public void setMatchAllSubjectAltNames(boolean matchAllNames) {
...@@ -649,7 +649,7 @@ public class X509CertSelector implements CertSelector { ...@@ -649,7 +649,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the subjectAlternativeNames criterion. The * Sets the subjectAlternativeNames criterion. The
* <code>X509Certificate</code> must contain all or at least one of the * {@code X509Certificate} must contain all or at least one of the
* specified subjectAlternativeNames, depending on the value of * specified subjectAlternativeNames, depending on the value of
* the matchAllNames flag (see {@link #setMatchAllSubjectAltNames * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
* setMatchAllSubjectAltNames}). * setMatchAllSubjectAltNames}).
...@@ -659,19 +659,19 @@ public class X509CertSelector implements CertSelector { ...@@ -659,19 +659,19 @@ public class X509CertSelector implements CertSelector {
* subjectAlternativeNames criterion. The specified value replaces * subjectAlternativeNames criterion. The specified value replaces
* the previous value for the subjectAlternativeNames criterion. * the previous value for the subjectAlternativeNames criterion.
* <p> * <p>
* The <code>names</code> parameter (if not <code>null</code>) is a * The {@code names} parameter (if not {@code null}) is a
* <code>Collection</code> with one * {@code Collection} with one
* entry for each name to be included in the subject alternative name * entry for each name to be included in the subject alternative name
* criterion. Each entry is a <code>List</code> whose first entry is an * criterion. Each entry is a {@code List} whose first entry is an
* <code>Integer</code> (the name type, 0-8) and whose second * {@code Integer} (the name type, 0-8) and whose second
* entry is a <code>String</code> or a byte array (the name, in * entry is a {@code String} or a byte array (the name, in
* string or ASN.1 DER encoded form, respectively). * string or ASN.1 DER encoded form, respectively).
* There can be multiple names of the same type. If <code>null</code> * There can be multiple names of the same type. If {@code null}
* is supplied as the value for this argument, no * is supplied as the value for this argument, no
* subjectAlternativeNames check will be performed. * subjectAlternativeNames check will be performed.
* <p> * <p>
* Each subject alternative name in the <code>Collection</code> * Each subject alternative name in the {@code Collection}
* may be specified either as a <code>String</code> or as an ASN.1 encoded * may be specified either as a {@code String} or as an ASN.1 encoded
* byte array. For more details about the formats used, see * byte array. For more details about the formats used, see
* {@link #addSubjectAlternativeName(int type, String name) * {@link #addSubjectAlternativeName(int type, String name)
* addSubjectAlternativeName(int type, String name)} and * addSubjectAlternativeName(int type, String name)} and
...@@ -682,15 +682,15 @@ public class X509CertSelector implements CertSelector { ...@@ -682,15 +682,15 @@ public class X509CertSelector implements CertSelector {
* array form instead of the String form. See the note in * array form instead of the String form. See the note in
* {@link #addSubjectAlternativeName(int, String)} for more information. * {@link #addSubjectAlternativeName(int, String)} for more information.
* <p> * <p>
* Note that the <code>names</code> parameter can contain duplicate * Note that the {@code names} parameter can contain duplicate
* names (same name and name type), but they may be removed from the * names (same name and name type), but they may be removed from the
* <code>Collection</code> of names returned by the * {@code Collection} of names returned by the
* {@link #getSubjectAlternativeNames getSubjectAlternativeNames} method. * {@link #getSubjectAlternativeNames getSubjectAlternativeNames} method.
* <p> * <p>
* Note that a deep copy is performed on the <code>Collection</code> to * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications. * protect against subsequent modifications.
* *
* @param names a <code>Collection</code> of names (or <code>null</code>) * @param names a {@code Collection} of names (or {@code null})
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
* @see #getSubjectAlternativeNames * @see #getSubjectAlternativeNames
*/ */
...@@ -714,7 +714,7 @@ public class X509CertSelector implements CertSelector { ...@@ -714,7 +714,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* Adds a name to the subjectAlternativeNames criterion. The * Adds a name to the subjectAlternativeNames criterion. The
* <code>X509Certificate</code> must contain all or at least one * {@code X509Certificate} must contain all or at least one
* of the specified subjectAlternativeNames, depending on the value of * of the specified subjectAlternativeNames, depending on the value of
* the matchAllNames flag (see {@link #setMatchAllSubjectAltNames * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
* setMatchAllSubjectAltNames}). * setMatchAllSubjectAltNames}).
...@@ -747,7 +747,7 @@ public class X509CertSelector implements CertSelector { ...@@ -747,7 +747,7 @@ public class X509CertSelector implements CertSelector {
* *
* @param type the name type (0-8, as specified in * @param type the name type (0-8, as specified in
* RFC 3280, section 4.2.1.7) * RFC 3280, section 4.2.1.7)
* @param name the name in string form (not <code>null</code>) * @param name the name in string form (not {@code null})
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
*/ */
public void addSubjectAlternativeName(int type, String name) public void addSubjectAlternativeName(int type, String name)
...@@ -757,7 +757,7 @@ public class X509CertSelector implements CertSelector { ...@@ -757,7 +757,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* Adds a name to the subjectAlternativeNames criterion. The * Adds a name to the subjectAlternativeNames criterion. The
* <code>X509Certificate</code> must contain all or at least one * {@code X509Certificate} must contain all or at least one
* of the specified subjectAlternativeNames, depending on the value of * of the specified subjectAlternativeNames, depending on the value of
* the matchAllNames flag (see {@link #setMatchAllSubjectAltNames * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
* setMatchAllSubjectAltNames}). * setMatchAllSubjectAltNames}).
...@@ -774,7 +774,7 @@ public class X509CertSelector implements CertSelector { ...@@ -774,7 +774,7 @@ public class X509CertSelector implements CertSelector {
* the encoded value of the name, and should not include the tag associated * the encoded value of the name, and should not include the tag associated
* with the name in the GeneralName structure. The ASN.1 definition of this * with the name in the GeneralName structure. The ASN.1 definition of this
* structure appears below. * structure appears below.
* <pre><code> * <pre>{@code
* GeneralName ::= CHOICE { * GeneralName ::= CHOICE {
* otherName [0] OtherName, * otherName [0] OtherName,
* rfc822Name [1] IA5String, * rfc822Name [1] IA5String,
...@@ -785,7 +785,7 @@ public class X509CertSelector implements CertSelector { ...@@ -785,7 +785,7 @@ public class X509CertSelector implements CertSelector {
* uniformResourceIdentifier [6] IA5String, * uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING, * iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER} * registeredID [8] OBJECT IDENTIFIER}
* </code></pre> * }</pre>
* <p> * <p>
* Note that the byte array supplied here is cloned to protect against * Note that the byte array supplied here is cloned to protect against
* subsequent modifications. * subsequent modifications.
...@@ -802,7 +802,7 @@ public class X509CertSelector implements CertSelector { ...@@ -802,7 +802,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* A private method that adds a name (String or byte array) to the * A private method that adds a name (String or byte array) to the
* subjectAlternativeNames criterion. The <code>X509Certificate</code> * subjectAlternativeNames criterion. The {@code X509Certificate}
* must contain the specified subjectAlternativeName. * must contain the specified subjectAlternativeName.
* *
* @param type the name type (0-8, as specified in * @param type the name type (0-8, as specified in
...@@ -829,19 +829,19 @@ public class X509CertSelector implements CertSelector { ...@@ -829,19 +829,19 @@ public class X509CertSelector implements CertSelector {
/** /**
* Parse an argument of the form passed to setSubjectAlternativeNames, * Parse an argument of the form passed to setSubjectAlternativeNames,
* returning a <code>Collection</code> of * returning a {@code Collection} of
* <code>GeneralNameInterface</code>s. * {@code GeneralNameInterface}s.
* Throw an IllegalArgumentException or a ClassCastException * Throw an IllegalArgumentException or a ClassCastException
* if the argument is malformed. * if the argument is malformed.
* *
* @param names a Collection with one entry per name. * @param names a Collection with one entry per name.
* Each entry is a <code>List</code> whose first entry * Each entry is a {@code List} whose first entry
* is an Integer (the name type, 0-8) and whose second * is an Integer (the name type, 0-8) and whose second
* entry is a String or a byte array (the name, in * entry is a String or a byte array (the name, in
* string or ASN.1 DER encoded form, respectively). * string or ASN.1 DER encoded form, respectively).
* There can be multiple names of the same type. Null is * There can be multiple names of the same type. Null is
* not an acceptable value. * not an acceptable value.
* @return a Set of <code>GeneralNameInterface</code>s * @return a Set of {@code GeneralNameInterface}s
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
*/ */
private static Set<GeneralNameInterface> parseNames(Collection<List<?>> names) throws IOException { private static Set<GeneralNameInterface> parseNames(Collection<List<?>> names) throws IOException {
...@@ -865,8 +865,8 @@ public class X509CertSelector implements CertSelector { ...@@ -865,8 +865,8 @@ public class X509CertSelector implements CertSelector {
/** /**
* Compare for equality two objects of the form passed to * Compare for equality two objects of the form passed to
* setSubjectAlternativeNames (or X509CRLSelector.setIssuerNames). * setSubjectAlternativeNames (or X509CRLSelector.setIssuerNames).
* Throw an <code>IllegalArgumentException</code> or a * Throw an {@code IllegalArgumentException} or a
* <code>ClassCastException</code> if one of the objects is malformed. * {@code ClassCastException} if one of the objects is malformed.
* *
* @param object1 a Collection containing the first object to compare * @param object1 a Collection containing the first object to compare
* @param object2 a Collection containing the second object to compare * @param object2 a Collection containing the second object to compare
...@@ -880,7 +880,7 @@ public class X509CertSelector implements CertSelector { ...@@ -880,7 +880,7 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Make a <code>GeneralNameInterface</code> out of a name type (0-8) and an * Make a {@code GeneralNameInterface} out of a name type (0-8) and an
* Object that may be a byte array holding the ASN.1 DER encoded * Object that may be a byte array holding the ASN.1 DER encoded
* name or a String form of the name. Except for X.509 * name or a String form of the name. Except for X.509
* Distinguished Names, the String form of the name must not be the * Distinguished Names, the String form of the name must not be the
...@@ -989,7 +989,7 @@ public class X509CertSelector implements CertSelector { ...@@ -989,7 +989,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the name constraints criterion. The <code>X509Certificate</code> * Sets the name constraints criterion. The {@code X509Certificate}
* must have subject and subject alternative names that * must have subject and subject alternative names that
* meet the specified name constraints. * meet the specified name constraints.
* <p> * <p>
...@@ -998,7 +998,7 @@ public class X509CertSelector implements CertSelector { ...@@ -998,7 +998,7 @@ public class X509CertSelector implements CertSelector {
* would appear in the NameConstraints structure defined in RFC 3280 * would appear in the NameConstraints structure defined in RFC 3280
* and X.509. The ASN.1 definition of this structure appears below. * and X.509. The ASN.1 definition of this structure appears below.
* *
* <pre><code> * <pre>{@code
* NameConstraints ::= SEQUENCE { * NameConstraints ::= SEQUENCE {
* permittedSubtrees [0] GeneralSubtrees OPTIONAL, * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
* excludedSubtrees [1] GeneralSubtrees OPTIONAL } * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
...@@ -1022,7 +1022,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1022,7 +1022,7 @@ public class X509CertSelector implements CertSelector {
* uniformResourceIdentifier [6] IA5String, * uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING, * iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER} * registeredID [8] OBJECT IDENTIFIER}
* </code></pre> * }</pre>
* <p> * <p>
* Note that the byte array supplied here is cloned to protect against * Note that the byte array supplied here is cloned to protect against
* subsequent modifications. * subsequent modifications.
...@@ -1031,7 +1031,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1031,7 +1031,7 @@ public class X509CertSelector implements CertSelector {
* a NameConstraints extension to be used for checking * a NameConstraints extension to be used for checking
* name constraints. Only the value of the extension is * name constraints. Only the value of the extension is
* included, not the OID or criticality flag. Can be * included, not the OID or criticality flag. Can be
* <code>null</code>, * {@code null},
* in which case no name constraints check will be performed. * in which case no name constraints check will be performed.
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
* @see #getNameConstraints * @see #getNameConstraints
...@@ -1048,7 +1048,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1048,7 +1048,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* Sets the basic constraints constraint. If the value is greater than or * Sets the basic constraints constraint. If the value is greater than or
* equal to zero, <code>X509Certificates</code> must include a * equal to zero, {@code X509Certificates} must include a
* basicConstraints extension with * basicConstraints extension with
* a pathLen of at least this value. If the value is -2, only end-entity * a pathLen of at least this value. If the value is -2, only end-entity
* certificates are accepted. If the value is -1, no check is done. * certificates are accepted. If the value is -1, no check is done.
...@@ -1070,18 +1070,18 @@ public class X509CertSelector implements CertSelector { ...@@ -1070,18 +1070,18 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Sets the policy constraint. The <code>X509Certificate</code> must * Sets the policy constraint. The {@code X509Certificate} must
* include at least one of the specified policies in its certificate * include at least one of the specified policies in its certificate
* policies extension. If <code>certPolicySet</code> is empty, then the * policies extension. If {@code certPolicySet} is empty, then the
* <code>X509Certificate</code> must include at least some specified policy * {@code X509Certificate} must include at least some specified policy
* in its certificate policies extension. If <code>certPolicySet</code> is * in its certificate policies extension. If {@code certPolicySet} is
* <code>null</code>, no policy check will be performed. * {@code null}, no policy check will be performed.
* <p> * <p>
* Note that the <code>Set</code> is cloned to protect against * Note that the {@code Set} is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @param certPolicySet a <code>Set</code> of certificate policy OIDs in * @param certPolicySet a {@code Set} of certificate policy OIDs in
* string format (or <code>null</code>). Each OID is * string format (or {@code null}). Each OID is
* represented by a set of nonnegative integers * represented by a set of nonnegative integers
* separated by periods. * separated by periods.
* @throws IOException if a parsing error occurs on the OID such as * @throws IOException if a parsing error occurs on the OID such as
...@@ -1115,12 +1115,12 @@ public class X509CertSelector implements CertSelector { ...@@ -1115,12 +1115,12 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Sets the pathToNames criterion. The <code>X509Certificate</code> must * Sets the pathToNames criterion. The {@code X509Certificate} must
* not include name constraints that would prohibit building a * not include name constraints that would prohibit building a
* path to the specified names. * path to the specified names.
* <p> * <p>
* This method allows the caller to specify, with a single method call, * This method allows the caller to specify, with a single method call,
* the complete set of names which the <code>X509Certificates</code>'s * the complete set of names which the {@code X509Certificates}'s
* name constraints must permit. The specified value replaces * name constraints must permit. The specified value replaces
* the previous value for the pathToNames criterion. * the previous value for the pathToNames criterion.
* <p> * <p>
...@@ -1129,19 +1129,19 @@ public class X509CertSelector implements CertSelector { ...@@ -1129,19 +1129,19 @@ public class X509CertSelector implements CertSelector {
* built, any candidate certificate must not include name constraints that * built, any candidate certificate must not include name constraints that
* would prohibit building a path to any of the names in the partial path. * would prohibit building a path to any of the names in the partial path.
* <p> * <p>
* The <code>names</code> parameter (if not <code>null</code>) is a * The {@code names} parameter (if not {@code null}) is a
* <code>Collection</code> with one * {@code Collection} with one
* entry for each name to be included in the pathToNames * entry for each name to be included in the pathToNames
* criterion. Each entry is a <code>List</code> whose first entry is an * criterion. Each entry is a {@code List} whose first entry is an
* <code>Integer</code> (the name type, 0-8) and whose second * {@code Integer} (the name type, 0-8) and whose second
* entry is a <code>String</code> or a byte array (the name, in * entry is a {@code String} or a byte array (the name, in
* string or ASN.1 DER encoded form, respectively). * string or ASN.1 DER encoded form, respectively).
* There can be multiple names of the same type. If <code>null</code> * There can be multiple names of the same type. If {@code null}
* is supplied as the value for this argument, no * is supplied as the value for this argument, no
* pathToNames check will be performed. * pathToNames check will be performed.
* <p> * <p>
* Each name in the <code>Collection</code> * Each name in the {@code Collection}
* may be specified either as a <code>String</code> or as an ASN.1 encoded * may be specified either as a {@code String} or as an ASN.1 encoded
* byte array. For more details about the formats used, see * byte array. For more details about the formats used, see
* {@link #addPathToName(int type, String name) * {@link #addPathToName(int type, String name)
* addPathToName(int type, String name)} and * addPathToName(int type, String name)} and
...@@ -1152,16 +1152,16 @@ public class X509CertSelector implements CertSelector { ...@@ -1152,16 +1152,16 @@ public class X509CertSelector implements CertSelector {
* array form instead of the String form. See the note in * array form instead of the String form. See the note in
* {@link #addPathToName(int, String)} for more information. * {@link #addPathToName(int, String)} for more information.
* <p> * <p>
* Note that the <code>names</code> parameter can contain duplicate * Note that the {@code names} parameter can contain duplicate
* names (same name and name type), but they may be removed from the * names (same name and name type), but they may be removed from the
* <code>Collection</code> of names returned by the * {@code Collection} of names returned by the
* {@link #getPathToNames getPathToNames} method. * {@link #getPathToNames getPathToNames} method.
* <p> * <p>
* Note that a deep copy is performed on the <code>Collection</code> to * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications. * protect against subsequent modifications.
* *
* @param names a <code>Collection</code> with one entry per name * @param names a {@code Collection} with one entry per name
* (or <code>null</code>) * (or {@code null})
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
* @see #getPathToNames * @see #getPathToNames
*/ */
...@@ -1186,12 +1186,12 @@ public class X509CertSelector implements CertSelector { ...@@ -1186,12 +1186,12 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Adds a name to the pathToNames criterion. The <code>X509Certificate</code> * Adds a name to the pathToNames criterion. The {@code X509Certificate}
* must not include name constraints that would prohibit building a * must not include name constraints that would prohibit building a
* path to the specified name. * path to the specified name.
* <p> * <p>
* This method allows the caller to add a name to the set of names which * This method allows the caller to add a name to the set of names which
* the <code>X509Certificates</code>'s name constraints must permit. * the {@code X509Certificates}'s name constraints must permit.
* The specified name is added to any previous value for the * The specified name is added to any previous value for the
* pathToNames criterion. If the name is a duplicate, it may be ignored. * pathToNames criterion. If the name is a duplicate, it may be ignored.
* <p> * <p>
...@@ -1223,12 +1223,12 @@ public class X509CertSelector implements CertSelector { ...@@ -1223,12 +1223,12 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Adds a name to the pathToNames criterion. The <code>X509Certificate</code> * Adds a name to the pathToNames criterion. The {@code X509Certificate}
* must not include name constraints that would prohibit building a * must not include name constraints that would prohibit building a
* path to the specified name. * path to the specified name.
* <p> * <p>
* This method allows the caller to add a name to the set of names which * This method allows the caller to add a name to the set of names which
* the <code>X509Certificates</code>'s name constraints must permit. * the {@code X509Certificates}'s name constraints must permit.
* The specified name is added to any previous value for the * The specified name is added to any previous value for the
* pathToNames criterion. If the name is a duplicate, it may be ignored. * pathToNames criterion. If the name is a duplicate, it may be ignored.
* <p> * <p>
...@@ -1254,7 +1254,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1254,7 +1254,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* A private method that adds a name (String or byte array) to the * A private method that adds a name (String or byte array) to the
* pathToNames criterion. The <code>X509Certificate</code> must contain * pathToNames criterion. The {@code X509Certificate} must contain
* the specified pathToName. * the specified pathToName.
* *
* @param type the name type (0-8, as specified in * @param type the name type (0-8, as specified in
...@@ -1279,11 +1279,11 @@ public class X509CertSelector implements CertSelector { ...@@ -1279,11 +1279,11 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the certificateEquals criterion. The specified * Returns the certificateEquals criterion. The specified
* <code>X509Certificate</code> must be equal to the * {@code X509Certificate} must be equal to the
* <code>X509Certificate</code> passed to the <code>match</code> method. * {@code X509Certificate} passed to the {@code match} method.
* If <code>null</code>, this check is not applied. * If {@code null}, this check is not applied.
* *
* @return the <code>X509Certificate</code> to match (or <code>null</code>) * @return the {@code X509Certificate} to match (or {@code null})
* @see #setCertificate * @see #setCertificate
*/ */
public X509Certificate getCertificate() { public X509Certificate getCertificate() {
...@@ -1293,11 +1293,11 @@ public class X509CertSelector implements CertSelector { ...@@ -1293,11 +1293,11 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the serialNumber criterion. The specified serial number * Returns the serialNumber criterion. The specified serial number
* must match the certificate serial number in the * must match the certificate serial number in the
* <code>X509Certificate</code>. If <code>null</code>, any certificate * {@code X509Certificate}. If {@code null}, any certificate
* serial number will do. * serial number will do.
* *
* @return the certificate serial number to match * @return the certificate serial number to match
* (or <code>null</code>) * (or {@code null})
* @see #setSerialNumber * @see #setSerialNumber
*/ */
public BigInteger getSerialNumber() { public BigInteger getSerialNumber() {
...@@ -1305,13 +1305,13 @@ public class X509CertSelector implements CertSelector { ...@@ -1305,13 +1305,13 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Returns the issuer criterion as an <code>X500Principal</code>. This * Returns the issuer criterion as an {@code X500Principal}. This
* distinguished name must match the issuer distinguished name in the * distinguished name must match the issuer distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, the issuer criterion * {@code X509Certificate}. If {@code null}, the issuer criterion
* is disabled and any issuer distinguished name will do. * is disabled and any issuer distinguished name will do.
* *
* @return the required issuer distinguished name as X500Principal * @return the required issuer distinguished name as X500Principal
* (or <code>null</code>) * (or {@code null})
* @since 1.5 * @since 1.5
*/ */
public X500Principal getIssuer() { public X500Principal getIssuer() {
...@@ -1325,16 +1325,16 @@ public class X509CertSelector implements CertSelector { ...@@ -1325,16 +1325,16 @@ public class X509CertSelector implements CertSelector {
* encoding information in the RFC 2253 String form of some distinguished * encoding information in the RFC 2253 String form of some distinguished
* names. * names.
* <p> * <p>
* Returns the issuer criterion as a <code>String</code>. This * Returns the issuer criterion as a {@code String}. This
* distinguished name must match the issuer distinguished name in the * distinguished name must match the issuer distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, the issuer criterion * {@code X509Certificate}. If {@code null}, the issuer criterion
* is disabled and any issuer distinguished name will do. * is disabled and any issuer distinguished name will do.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a * If the value returned is not {@code null}, it is a
* distinguished name, in RFC 2253 format. * distinguished name, in RFC 2253 format.
* *
* @return the required issuer distinguished name in RFC 2253 format * @return the required issuer distinguished name in RFC 2253 format
* (or <code>null</code>) * (or {@code null})
*/ */
public String getIssuerAsString() { public String getIssuerAsString() {
return (issuer == null ? null : issuer.getName()); return (issuer == null ? null : issuer.getName());
...@@ -1343,10 +1343,10 @@ public class X509CertSelector implements CertSelector { ...@@ -1343,10 +1343,10 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the issuer criterion as a byte array. This distinguished name * Returns the issuer criterion as a byte array. This distinguished name
* must match the issuer distinguished name in the * must match the issuer distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, the issuer criterion * {@code X509Certificate}. If {@code null}, the issuer criterion
* is disabled and any issuer distinguished name will do. * is disabled and any issuer distinguished name will do.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a byte * If the value returned is not {@code null}, it is a byte
* array containing a single DER encoded distinguished name, as defined in * array containing a single DER encoded distinguished name, as defined in
* X.501. The ASN.1 notation for this structure is supplied in the * X.501. The ASN.1 notation for this structure is supplied in the
* documentation for * documentation for
...@@ -1356,7 +1356,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1356,7 +1356,7 @@ public class X509CertSelector implements CertSelector {
* subsequent modifications. * subsequent modifications.
* *
* @return a byte array containing the required issuer distinguished name * @return a byte array containing the required issuer distinguished name
* in ASN.1 DER format (or <code>null</code>) * in ASN.1 DER format (or {@code null})
* @throws IOException if an encoding error occurs * @throws IOException if an encoding error occurs
*/ */
public byte[] getIssuerAsBytes() throws IOException { public byte[] getIssuerAsBytes() throws IOException {
...@@ -1364,13 +1364,13 @@ public class X509CertSelector implements CertSelector { ...@@ -1364,13 +1364,13 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Returns the subject criterion as an <code>X500Principal</code>. This * Returns the subject criterion as an {@code X500Principal}. This
* distinguished name must match the subject distinguished name in the * distinguished name must match the subject distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, the subject criterion * {@code X509Certificate}. If {@code null}, the subject criterion
* is disabled and any subject distinguished name will do. * is disabled and any subject distinguished name will do.
* *
* @return the required subject distinguished name as X500Principal * @return the required subject distinguished name as X500Principal
* (or <code>null</code>) * (or {@code null})
* @since 1.5 * @since 1.5
*/ */
public X500Principal getSubject() { public X500Principal getSubject() {
...@@ -1384,16 +1384,16 @@ public class X509CertSelector implements CertSelector { ...@@ -1384,16 +1384,16 @@ public class X509CertSelector implements CertSelector {
* encoding information in the RFC 2253 String form of some distinguished * encoding information in the RFC 2253 String form of some distinguished
* names. * names.
* <p> * <p>
* Returns the subject criterion as a <code>String</code>. This * Returns the subject criterion as a {@code String}. This
* distinguished name must match the subject distinguished name in the * distinguished name must match the subject distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, the subject criterion * {@code X509Certificate}. If {@code null}, the subject criterion
* is disabled and any subject distinguished name will do. * is disabled and any subject distinguished name will do.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a * If the value returned is not {@code null}, it is a
* distinguished name, in RFC 2253 format. * distinguished name, in RFC 2253 format.
* *
* @return the required subject distinguished name in RFC 2253 format * @return the required subject distinguished name in RFC 2253 format
* (or <code>null</code>) * (or {@code null})
*/ */
public String getSubjectAsString() { public String getSubjectAsString() {
return (subject == null ? null : subject.getName()); return (subject == null ? null : subject.getName());
...@@ -1402,10 +1402,10 @@ public class X509CertSelector implements CertSelector { ...@@ -1402,10 +1402,10 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the subject criterion as a byte array. This distinguished name * Returns the subject criterion as a byte array. This distinguished name
* must match the subject distinguished name in the * must match the subject distinguished name in the
* <code>X509Certificate</code>. If <code>null</code>, the subject criterion * {@code X509Certificate}. If {@code null}, the subject criterion
* is disabled and any subject distinguished name will do. * is disabled and any subject distinguished name will do.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a byte * If the value returned is not {@code null}, it is a byte
* array containing a single DER encoded distinguished name, as defined in * array containing a single DER encoded distinguished name, as defined in
* X.501. The ASN.1 notation for this structure is supplied in the * X.501. The ASN.1 notation for this structure is supplied in the
* documentation for * documentation for
...@@ -1415,7 +1415,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1415,7 +1415,7 @@ public class X509CertSelector implements CertSelector {
* subsequent modifications. * subsequent modifications.
* *
* @return a byte array containing the required subject distinguished name * @return a byte array containing the required subject distinguished name
* in ASN.1 DER format (or <code>null</code>) * in ASN.1 DER format (or {@code null})
* @throws IOException if an encoding error occurs * @throws IOException if an encoding error occurs
*/ */
public byte[] getSubjectAsBytes() throws IOException { public byte[] getSubjectAsBytes() throws IOException {
...@@ -1424,14 +1424,14 @@ public class X509CertSelector implements CertSelector { ...@@ -1424,14 +1424,14 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the subjectKeyIdentifier criterion. The * Returns the subjectKeyIdentifier criterion. The
* <code>X509Certificate</code> must contain a SubjectKeyIdentifier * {@code X509Certificate} must contain a SubjectKeyIdentifier
* extension with the specified value. If <code>null</code>, no * extension with the specified value. If {@code null}, no
* subjectKeyIdentifier check will be done. * subjectKeyIdentifier check will be done.
* <p> * <p>
* Note that the byte array returned is cloned to protect against * Note that the byte array returned is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @return the key identifier (or <code>null</code>) * @return the key identifier (or {@code null})
* @see #setSubjectKeyIdentifier * @see #setSubjectKeyIdentifier
*/ */
public byte[] getSubjectKeyIdentifier() { public byte[] getSubjectKeyIdentifier() {
...@@ -1443,14 +1443,14 @@ public class X509CertSelector implements CertSelector { ...@@ -1443,14 +1443,14 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the authorityKeyIdentifier criterion. The * Returns the authorityKeyIdentifier criterion. The
* <code>X509Certificate</code> must contain a AuthorityKeyIdentifier * {@code X509Certificate} must contain a AuthorityKeyIdentifier
* extension with the specified value. If <code>null</code>, no * extension with the specified value. If {@code null}, no
* authorityKeyIdentifier check will be done. * authorityKeyIdentifier check will be done.
* <p> * <p>
* Note that the byte array returned is cloned to protect against * Note that the byte array returned is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @return the key identifier (or <code>null</code>) * @return the key identifier (or {@code null})
* @see #setAuthorityKeyIdentifier * @see #setAuthorityKeyIdentifier
*/ */
public byte[] getAuthorityKeyIdentifier() { public byte[] getAuthorityKeyIdentifier() {
...@@ -1463,13 +1463,13 @@ public class X509CertSelector implements CertSelector { ...@@ -1463,13 +1463,13 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the certificateValid criterion. The specified date must fall * Returns the certificateValid criterion. The specified date must fall
* within the certificate validity period for the * within the certificate validity period for the
* <code>X509Certificate</code>. If <code>null</code>, no certificateValid * {@code X509Certificate}. If {@code null}, no certificateValid
* check will be done. * check will be done.
* <p> * <p>
* Note that the <code>Date</code> returned is cloned to protect against * Note that the {@code Date} returned is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @return the <code>Date</code> to check (or <code>null</code>) * @return the {@code Date} to check (or {@code null})
* @see #setCertificateValid * @see #setCertificateValid
*/ */
public Date getCertificateValid() { public Date getCertificateValid() {
...@@ -1482,13 +1482,13 @@ public class X509CertSelector implements CertSelector { ...@@ -1482,13 +1482,13 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the privateKeyValid criterion. The specified date must fall * Returns the privateKeyValid criterion. The specified date must fall
* within the private key validity period for the * within the private key validity period for the
* <code>X509Certificate</code>. If <code>null</code>, no privateKeyValid * {@code X509Certificate}. If {@code null}, no privateKeyValid
* check will be done. * check will be done.
* <p> * <p>
* Note that the <code>Date</code> returned is cloned to protect against * Note that the {@code Date} returned is cloned to protect against
* subsequent modifications. * subsequent modifications.
* *
* @return the <code>Date</code> to check (or <code>null</code>) * @return the {@code Date} to check (or {@code null})
* @see #setPrivateKeyValid * @see #setPrivateKeyValid
*/ */
public Date getPrivateKeyValid() { public Date getPrivateKeyValid() {
...@@ -1500,12 +1500,12 @@ public class X509CertSelector implements CertSelector { ...@@ -1500,12 +1500,12 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the subjectPublicKeyAlgID criterion. The * Returns the subjectPublicKeyAlgID criterion. The
* <code>X509Certificate</code> must contain a subject public key * {@code X509Certificate} must contain a subject public key
* with the specified algorithm. If <code>null</code>, no * with the specified algorithm. If {@code null}, no
* subjectPublicKeyAlgID check will be done. * subjectPublicKeyAlgID check will be done.
* *
* @return the object identifier (OID) of the signature algorithm to check * @return the object identifier (OID) of the signature algorithm to check
* for (or <code>null</code>). An OID is represented by a set of * for (or {@code null}). An OID is represented by a set of
* nonnegative integers separated by periods. * nonnegative integers separated by periods.
* @see #setSubjectPublicKeyAlgID * @see #setSubjectPublicKeyAlgID
*/ */
...@@ -1518,10 +1518,10 @@ public class X509CertSelector implements CertSelector { ...@@ -1518,10 +1518,10 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the subjectPublicKey criterion. The * Returns the subjectPublicKey criterion. The
* <code>X509Certificate</code> must contain the specified subject * {@code X509Certificate} must contain the specified subject
* public key. If <code>null</code>, no subjectPublicKey check will be done. * public key. If {@code null}, no subjectPublicKey check will be done.
* *
* @return the subject public key to check for (or <code>null</code>) * @return the subject public key to check for (or {@code null})
* @see #setSubjectPublicKey * @see #setSubjectPublicKey
*/ */
public PublicKey getSubjectPublicKey() { public PublicKey getSubjectPublicKey() {
...@@ -1529,7 +1529,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1529,7 +1529,7 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Returns the keyUsage criterion. The <code>X509Certificate</code> * Returns the keyUsage criterion. The {@code X509Certificate}
* must allow the specified keyUsage values. If null, no keyUsage * must allow the specified keyUsage values. If null, no keyUsage
* check will be done. * check will be done.
* <p> * <p>
...@@ -1539,7 +1539,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1539,7 +1539,7 @@ public class X509CertSelector implements CertSelector {
* @return a boolean array in the same format as the boolean * @return a boolean array in the same format as the boolean
* array returned by * array returned by
* {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}. * {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}.
* Or <code>null</code>. * Or {@code null}.
* @see #setKeyUsage * @see #setKeyUsage
*/ */
public boolean[] getKeyUsage() { public boolean[] getKeyUsage() {
...@@ -1550,15 +1550,15 @@ public class X509CertSelector implements CertSelector { ...@@ -1550,15 +1550,15 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Returns the extendedKeyUsage criterion. The <code>X509Certificate</code> * Returns the extendedKeyUsage criterion. The {@code X509Certificate}
* must allow the specified key purposes in its extended key usage * must allow the specified key purposes in its extended key usage
* extension. If the <code>keyPurposeSet</code> returned is empty or * extension. If the {@code keyPurposeSet} returned is empty or
* <code>null</code>, no extendedKeyUsage check will be done. Note that an * {@code null}, no extendedKeyUsage check will be done. Note that an
* <code>X509Certificate</code> that has no extendedKeyUsage extension * {@code X509Certificate} that has no extendedKeyUsage extension
* implicitly allows all key purposes. * implicitly allows all key purposes.
* *
* @return an immutable <code>Set</code> of key purpose OIDs in string * @return an immutable {@code Set} of key purpose OIDs in string
* format (or <code>null</code>) * format (or {@code null})
* @see #setExtendedKeyUsage * @see #setExtendedKeyUsage
*/ */
public Set<String> getExtendedKeyUsage() { public Set<String> getExtendedKeyUsage() {
...@@ -1566,19 +1566,19 @@ public class X509CertSelector implements CertSelector { ...@@ -1566,19 +1566,19 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Indicates if the <code>X509Certificate</code> must contain all * Indicates if the {@code X509Certificate} must contain all
* or at least one of the subjectAlternativeNames * or at least one of the subjectAlternativeNames
* specified in the {@link #setSubjectAlternativeNames * specified in the {@link #setSubjectAlternativeNames
* setSubjectAlternativeNames} or {@link #addSubjectAlternativeName * setSubjectAlternativeNames} or {@link #addSubjectAlternativeName
* addSubjectAlternativeName} methods. If <code>true</code>, * addSubjectAlternativeName} methods. If {@code true},
* the <code>X509Certificate</code> must contain all of the * the {@code X509Certificate} must contain all of the
* specified subject alternative names. If <code>false</code>, the * specified subject alternative names. If {@code false}, the
* <code>X509Certificate</code> must contain at least one of the * {@code X509Certificate} must contain at least one of the
* specified subject alternative names. * specified subject alternative names.
* *
* @return <code>true</code> if the flag is enabled; * @return {@code true} if the flag is enabled;
* <code>false</code> if the flag is disabled. The flag is * {@code false} if the flag is disabled. The flag is
* <code>true</code> by default. * {@code true} by default.
* @see #setMatchAllSubjectAltNames * @see #setMatchAllSubjectAltNames
*/ */
public boolean getMatchAllSubjectAltNames() { public boolean getMatchAllSubjectAltNames() {
...@@ -1587,35 +1587,35 @@ public class X509CertSelector implements CertSelector { ...@@ -1587,35 +1587,35 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns a copy of the subjectAlternativeNames criterion. * Returns a copy of the subjectAlternativeNames criterion.
* The <code>X509Certificate</code> must contain all or at least one * The {@code X509Certificate} must contain all or at least one
* of the specified subjectAlternativeNames, depending on the value * of the specified subjectAlternativeNames, depending on the value
* of the matchAllNames flag (see {@link #getMatchAllSubjectAltNames * of the matchAllNames flag (see {@link #getMatchAllSubjectAltNames
* getMatchAllSubjectAltNames}). If the value returned is * getMatchAllSubjectAltNames}). If the value returned is
* <code>null</code>, no subjectAlternativeNames check will be performed. * {@code null}, no subjectAlternativeNames check will be performed.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a * If the value returned is not {@code null}, it is a
* <code>Collection</code> with * {@code Collection} with
* one entry for each name to be included in the subject alternative name * one entry for each name to be included in the subject alternative name
* criterion. Each entry is a <code>List</code> whose first entry is an * criterion. Each entry is a {@code List} whose first entry is an
* <code>Integer</code> (the name type, 0-8) and whose second * {@code Integer} (the name type, 0-8) and whose second
* entry is a <code>String</code> or a byte array (the name, in * entry is a {@code String} or a byte array (the name, in
* string or ASN.1 DER encoded form, respectively). * string or ASN.1 DER encoded form, respectively).
* There can be multiple names of the same type. Note that the * There can be multiple names of the same type. Note that the
* <code>Collection</code> returned may contain duplicate names (same name * {@code Collection} returned may contain duplicate names (same name
* and name type). * and name type).
* <p> * <p>
* Each subject alternative name in the <code>Collection</code> * Each subject alternative name in the {@code Collection}
* may be specified either as a <code>String</code> or as an ASN.1 encoded * may be specified either as a {@code String} or as an ASN.1 encoded
* byte array. For more details about the formats used, see * byte array. For more details about the formats used, see
* {@link #addSubjectAlternativeName(int type, String name) * {@link #addSubjectAlternativeName(int type, String name)
* addSubjectAlternativeName(int type, String name)} and * addSubjectAlternativeName(int type, String name)} and
* {@link #addSubjectAlternativeName(int type, byte [] name) * {@link #addSubjectAlternativeName(int type, byte [] name)
* addSubjectAlternativeName(int type, byte [] name)}. * addSubjectAlternativeName(int type, byte [] name)}.
* <p> * <p>
* Note that a deep copy is performed on the <code>Collection</code> to * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications. * protect against subsequent modifications.
* *
* @return a <code>Collection</code> of names (or <code>null</code>) * @return a {@code Collection} of names (or {@code null})
* @see #setSubjectAlternativeNames * @see #setSubjectAlternativeNames
*/ */
public Collection<List<?>> getSubjectAlternativeNames() { public Collection<List<?>> getSubjectAlternativeNames() {
...@@ -1628,21 +1628,21 @@ public class X509CertSelector implements CertSelector { ...@@ -1628,21 +1628,21 @@ public class X509CertSelector implements CertSelector {
/** /**
* Clone an object of the form passed to * Clone an object of the form passed to
* setSubjectAlternativeNames and setPathToNames. * setSubjectAlternativeNames and setPathToNames.
* Throw a <code>RuntimeException</code> if the argument is malformed. * Throw a {@code RuntimeException} if the argument is malformed.
* <p> * <p>
* This method wraps cloneAndCheckNames, changing any * This method wraps cloneAndCheckNames, changing any
* <code>IOException</code> into a <code>RuntimeException</code>. This * {@code IOException} into a {@code RuntimeException}. This
* method should be used when the object being * method should be used when the object being
* cloned has already been checked, so there should never be any exceptions. * cloned has already been checked, so there should never be any exceptions.
* *
* @param names a <code>Collection</code> with one entry per name. * @param names a {@code Collection} with one entry per name.
* Each entry is a <code>List</code> whose first entry * Each entry is a {@code List} whose first entry
* is an Integer (the name type, 0-8) and whose second * is an Integer (the name type, 0-8) and whose second
* entry is a String or a byte array (the name, in * entry is a String or a byte array (the name, in
* string or ASN.1 DER encoded form, respectively). * string or ASN.1 DER encoded form, respectively).
* There can be multiple names of the same type. Null * There can be multiple names of the same type. Null
* is not an acceptable value. * is not an acceptable value.
* @return a deep copy of the specified <code>Collection</code> * @return a deep copy of the specified {@code Collection}
* @throws RuntimeException if a parsing error occurs * @throws RuntimeException if a parsing error occurs
*/ */
private static Set<List<?>> cloneNames(Collection<List<?>> names) { private static Set<List<?>> cloneNames(Collection<List<?>> names) {
...@@ -1657,16 +1657,16 @@ public class X509CertSelector implements CertSelector { ...@@ -1657,16 +1657,16 @@ public class X509CertSelector implements CertSelector {
/** /**
* Clone and check an argument of the form passed to * Clone and check an argument of the form passed to
* setSubjectAlternativeNames and setPathToNames. * setSubjectAlternativeNames and setPathToNames.
* Throw an <code>IOException</code> if the argument is malformed. * Throw an {@code IOException} if the argument is malformed.
* *
* @param names a <code>Collection</code> with one entry per name. * @param names a {@code Collection} with one entry per name.
* Each entry is a <code>List</code> whose first entry * Each entry is a {@code List} whose first entry
* is an Integer (the name type, 0-8) and whose second * is an Integer (the name type, 0-8) and whose second
* entry is a String or a byte array (the name, in * entry is a String or a byte array (the name, in
* string or ASN.1 DER encoded form, respectively). * string or ASN.1 DER encoded form, respectively).
* There can be multiple names of the same type. * There can be multiple names of the same type.
* <code>null</code> is not an acceptable value. * {@code null} is not an acceptable value.
* @return a deep copy of the specified <code>Collection</code> * @return a deep copy of the specified {@code Collection}
* @throws IOException if a parsing error occurs * @throws IOException if a parsing error occurs
*/ */
private static Set<List<?>> cloneAndCheckNames(Collection<List<?>> names) throws IOException { private static Set<List<?>> cloneAndCheckNames(Collection<List<?>> names) throws IOException {
...@@ -1709,7 +1709,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1709,7 +1709,7 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Returns the name constraints criterion. The <code>X509Certificate</code> * Returns the name constraints criterion. The {@code X509Certificate}
* must have subject and subject alternative names that * must have subject and subject alternative names that
* meet the specified name constraints. * meet the specified name constraints.
* <p> * <p>
...@@ -1725,7 +1725,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1725,7 +1725,7 @@ public class X509CertSelector implements CertSelector {
* *
* @return a byte array containing the ASN.1 DER encoding of * @return a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension used for checking name constraints. * a NameConstraints extension used for checking name constraints.
* <code>null</code> if no name constraints check will be performed. * {@code null} if no name constraints check will be performed.
* @see #setNameConstraints * @see #setNameConstraints
*/ */
public byte[] getNameConstraints() { public byte[] getNameConstraints() {
...@@ -1738,7 +1738,7 @@ public class X509CertSelector implements CertSelector { ...@@ -1738,7 +1738,7 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns the basic constraints constraint. If the value is greater than * Returns the basic constraints constraint. If the value is greater than
* or equal to zero, the <code>X509Certificates</code> must include a * or equal to zero, the {@code X509Certificates} must include a
* basicConstraints extension with a pathLen of at least this value. * basicConstraints extension with a pathLen of at least this value.
* If the value is -2, only end-entity certificates are accepted. If * If the value is -2, only end-entity certificates are accepted. If
* the value is -1, no basicConstraints check is done. * the value is -1, no basicConstraints check is done.
...@@ -1751,15 +1751,15 @@ public class X509CertSelector implements CertSelector { ...@@ -1751,15 +1751,15 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Returns the policy criterion. The <code>X509Certificate</code> must * Returns the policy criterion. The {@code X509Certificate} must
* include at least one of the specified policies in its certificate policies * include at least one of the specified policies in its certificate policies
* extension. If the <code>Set</code> returned is empty, then the * extension. If the {@code Set} returned is empty, then the
* <code>X509Certificate</code> must include at least some specified policy * {@code X509Certificate} must include at least some specified policy
* in its certificate policies extension. If the <code>Set</code> returned is * in its certificate policies extension. If the {@code Set} returned is
* <code>null</code>, no policy check will be performed. * {@code null}, no policy check will be performed.
* *
* @return an immutable <code>Set</code> of certificate policy OIDs in * @return an immutable {@code Set} of certificate policy OIDs in
* string format (or <code>null</code>) * string format (or {@code null})
* @see #setPolicy * @see #setPolicy
*/ */
public Set<String> getPolicy() { public Set<String> getPolicy() {
...@@ -1768,33 +1768,33 @@ public class X509CertSelector implements CertSelector { ...@@ -1768,33 +1768,33 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns a copy of the pathToNames criterion. The * Returns a copy of the pathToNames criterion. The
* <code>X509Certificate</code> must not include name constraints that would * {@code X509Certificate} must not include name constraints that would
* prohibit building a path to the specified names. If the value * prohibit building a path to the specified names. If the value
* returned is <code>null</code>, no pathToNames check will be performed. * returned is {@code null}, no pathToNames check will be performed.
* <p> * <p>
* If the value returned is not <code>null</code>, it is a * If the value returned is not {@code null}, it is a
* <code>Collection</code> with one * {@code Collection} with one
* entry for each name to be included in the pathToNames * entry for each name to be included in the pathToNames
* criterion. Each entry is a <code>List</code> whose first entry is an * criterion. Each entry is a {@code List} whose first entry is an
* <code>Integer</code> (the name type, 0-8) and whose second * {@code Integer} (the name type, 0-8) and whose second
* entry is a <code>String</code> or a byte array (the name, in * entry is a {@code String} or a byte array (the name, in
* string or ASN.1 DER encoded form, respectively). * string or ASN.1 DER encoded form, respectively).
* There can be multiple names of the same type. Note that the * There can be multiple names of the same type. Note that the
* <code>Collection</code> returned may contain duplicate names (same * {@code Collection} returned may contain duplicate names (same
* name and name type). * name and name type).
* <p> * <p>
* Each name in the <code>Collection</code> * Each name in the {@code Collection}
* may be specified either as a <code>String</code> or as an ASN.1 encoded * may be specified either as a {@code String} or as an ASN.1 encoded
* byte array. For more details about the formats used, see * byte array. For more details about the formats used, see
* {@link #addPathToName(int type, String name) * {@link #addPathToName(int type, String name)
* addPathToName(int type, String name)} and * addPathToName(int type, String name)} and
* {@link #addPathToName(int type, byte [] name) * {@link #addPathToName(int type, byte [] name)
* addPathToName(int type, byte [] name)}. * addPathToName(int type, byte [] name)}.
* <p> * <p>
* Note that a deep copy is performed on the <code>Collection</code> to * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications. * protect against subsequent modifications.
* *
* @return a <code>Collection</code> of names (or <code>null</code>) * @return a {@code Collection} of names (or {@code null})
* @see #setPathToNames * @see #setPathToNames
*/ */
public Collection<List<?>> getPathToNames() { public Collection<List<?>> getPathToNames() {
...@@ -1805,10 +1805,10 @@ public class X509CertSelector implements CertSelector { ...@@ -1805,10 +1805,10 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Return a printable representation of the <code>CertSelector</code>. * Return a printable representation of the {@code CertSelector}.
* *
* @return a <code>String</code> describing the contents of the * @return a {@code String} describing the contents of the
* <code>CertSelector</code> * {@code CertSelector}
*/ */
public String toString() { public String toString() {
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
...@@ -1927,22 +1927,22 @@ public class X509CertSelector implements CertSelector { ...@@ -1927,22 +1927,22 @@ public class X509CertSelector implements CertSelector {
/** /**
* Returns an Extension object given any X509Certificate and extension oid. * Returns an Extension object given any X509Certificate and extension oid.
* Throw an <code>IOException</code> if the extension byte value is * Throw an {@code IOException} if the extension byte value is
* malformed. * malformed.
* *
* @param cert a <code>X509Certificate</code> * @param cert a {@code X509Certificate}
* @param extId an <code>integer</code> which specifies the extension index. * @param extId an {@code integer} which specifies the extension index.
* Currently, the supported extensions are as follows: * Currently, the supported extensions are as follows:
* index 0 - PrivateKeyUsageExtension * index 0 - PrivateKeyUsageExtension
* index 1 - SubjectAlternativeNameExtension * index 1 - SubjectAlternativeNameExtension
* index 2 - NameConstraintsExtension * index 2 - NameConstraintsExtension
* index 3 - CertificatePoliciesExtension * index 3 - CertificatePoliciesExtension
* index 4 - ExtendedKeyUsageExtension * index 4 - ExtendedKeyUsageExtension
* @return an <code>Extension</code> object whose real type is as specified * @return an {@code Extension} object whose real type is as specified
* by the extension oid. * by the extension oid.
* @throws IOException if cannot construct the <code>Extension</code> * @throws IOException if cannot construct the {@code Extension}
* object with the extension encoding retrieved from the passed in * object with the extension encoding retrieved from the passed in
* <code>X509Certificate</code>. * {@code X509Certificate}.
*/ */
private static Extension getExtensionObject(X509Certificate cert, int extId) private static Extension getExtensionObject(X509Certificate cert, int extId)
throws IOException { throws IOException {
...@@ -1990,11 +1990,11 @@ public class X509CertSelector implements CertSelector { ...@@ -1990,11 +1990,11 @@ public class X509CertSelector implements CertSelector {
} }
/** /**
* Decides whether a <code>Certificate</code> should be selected. * Decides whether a {@code Certificate} should be selected.
* *
* @param cert the <code>Certificate</code> to be checked * @param cert the {@code Certificate} to be checked
* @return <code>true</code> if the <code>Certificate</code> should be * @return {@code true} if the {@code Certificate} should be
* selected, <code>false</code> otherwise * selected, {@code false} otherwise
*/ */
public boolean match(Certificate cert) { public boolean match(Certificate cert) {
if (!(cert instanceof X509Certificate)) { if (!(cert instanceof X509Certificate)) {
......
src/share/classes/java/security/cert/X509Certificate.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -66,7 +66,7 @@ import sun.security.x509.X509CertImpl; ...@@ -66,7 +66,7 @@ import sun.security.x509.X509CertImpl;
* <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
* Public Key Infrastructure Certificate and CRL Profile</a>. * Public Key Infrastructure Certificate and CRL Profile</a>.
* <p> * <p>
* The ASN.1 definition of <code>tbsCertificate</code> is: * The ASN.1 definition of {@code tbsCertificate} is:
* <pre> * <pre>
* TBSCertificate ::= SEQUENCE { * TBSCertificate ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1, * version [0] EXPLICIT Version DEFAULT v1,
...@@ -151,9 +151,9 @@ implements X509Extension { ...@@ -151,9 +151,9 @@ implements X509Extension {
* is valid at that date/time. * is valid at that date/time.
* *
* @exception CertificateExpiredException if the certificate has expired * @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>date</code> supplied. * with respect to the {@code date} supplied.
* @exception CertificateNotYetValidException if the certificate is not * @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>date</code> supplied. * yet valid with respect to the {@code date} supplied.
* *
* @see #checkValidity() * @see #checkValidity()
*/ */
...@@ -161,7 +161,7 @@ implements X509Extension { ...@@ -161,7 +161,7 @@ implements X509Extension {
throws CertificateExpiredException, CertificateNotYetValidException; throws CertificateExpiredException, CertificateNotYetValidException;
/** /**
* Gets the <code>version</code> (version number) value from the * Gets the {@code version} (version number) value from the
* certificate. * certificate.
* The ASN.1 definition for this is: * The ASN.1 definition for this is:
* <pre> * <pre>
...@@ -173,7 +173,7 @@ implements X509Extension { ...@@ -173,7 +173,7 @@ implements X509Extension {
public abstract int getVersion(); public abstract int getVersion();
/** /**
* Gets the <code>serialNumber</code> value from the certificate. * Gets the {@code serialNumber} value from the certificate.
* The serial number is an integer assigned by the certification * The serial number is an integer assigned by the certification
* authority to each certificate. It must be unique for each * authority to each certificate. It must be unique for each
* certificate issued by a given CA (i.e., the issuer name and * certificate issued by a given CA (i.e., the issuer name and
...@@ -191,12 +191,12 @@ implements X509Extension { ...@@ -191,12 +191,12 @@ implements X509Extension {
/** /**
* <strong>Denigrated</strong>, replaced by {@linkplain * <strong>Denigrated</strong>, replaced by {@linkplain
* #getIssuerX500Principal()}. This method returns the <code>issuer</code> * #getIssuerX500Principal()}. This method returns the {@code issuer}
* as an implementation specific Principal object, which should not be * as an implementation specific Principal object, which should not be
* relied upon by portable code. * relied upon by portable code.
* *
* <p> * <p>
* Gets the <code>issuer</code> (issuer distinguished name) value from * Gets the {@code issuer} (issuer distinguished name) value from
* the certificate. The issuer name identifies the entity that signed (and * the certificate. The issuer name identifies the entity that signed (and
* issued) the certificate. * issued) the certificate.
* *
...@@ -217,14 +217,14 @@ implements X509Extension { ...@@ -217,14 +217,14 @@ implements X509Extension {
* AttributeType ::= OBJECT IDENTIFIER * AttributeType ::= OBJECT IDENTIFIER
* AttributeValue ::= ANY * AttributeValue ::= ANY
* </pre> * </pre>
* The <code>Name</code> describes a hierarchical name composed of * The {@code Name} describes a hierarchical name composed of
* attributes, * attributes,
* such as country name, and corresponding values, such as US. * such as country name, and corresponding values, such as US.
* The type of the <code>AttributeValue</code> component is determined by * The type of the {@code AttributeValue} component is determined by
* the <code>AttributeType</code>; in general it will be a * the {@code AttributeType}; in general it will be a
* <code>directoryString</code>. A <code>directoryString</code> is usually * {@code directoryString}. A {@code directoryString} is usually
* one of <code>PrintableString</code>, * one of {@code PrintableString},
* <code>TeletexString</code> or <code>UniversalString</code>. * {@code TeletexString} or {@code UniversalString}.
* *
* @return a Principal whose name is the issuer distinguished name. * @return a Principal whose name is the issuer distinguished name.
*/ */
...@@ -232,11 +232,11 @@ implements X509Extension { ...@@ -232,11 +232,11 @@ implements X509Extension {
/** /**
* Returns the issuer (issuer distinguished name) value from the * Returns the issuer (issuer distinguished name) value from the
* certificate as an <code>X500Principal</code>. * certificate as an {@code X500Principal}.
* <p> * <p>
* It is recommended that subclasses override this method. * It is recommended that subclasses override this method.
* *
* @return an <code>X500Principal</code> representing the issuer * @return an {@code X500Principal} representing the issuer
* distinguished name * distinguished name
* @since 1.4 * @since 1.4
*/ */
...@@ -249,22 +249,22 @@ implements X509Extension { ...@@ -249,22 +249,22 @@ implements X509Extension {
/** /**
* <strong>Denigrated</strong>, replaced by {@linkplain * <strong>Denigrated</strong>, replaced by {@linkplain
* #getSubjectX500Principal()}. This method returns the <code>subject</code> * #getSubjectX500Principal()}. This method returns the {@code subject}
* as an implementation specific Principal object, which should not be * as an implementation specific Principal object, which should not be
* relied upon by portable code. * relied upon by portable code.
* *
* <p> * <p>
* Gets the <code>subject</code> (subject distinguished name) value * Gets the {@code subject} (subject distinguished name) value
* from the certificate. If the <code>subject</code> value is empty, * from the certificate. If the {@code subject} value is empty,
* then the <code>getName()</code> method of the returned * then the {@code getName()} method of the returned
* <code>Principal</code> object returns an empty string (""). * {@code Principal} object returns an empty string ("").
* *
* <p> The ASN.1 definition for this is: * <p> The ASN.1 definition for this is:
* <pre> * <pre>
* subject Name * subject Name
* </pre> * </pre>
* *
* <p>See {@link #getIssuerDN() getIssuerDN} for <code>Name</code> * <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name}
* and other relevant definitions. * and other relevant definitions.
* *
* @return a Principal whose name is the subject name. * @return a Principal whose name is the subject name.
...@@ -273,13 +273,13 @@ implements X509Extension { ...@@ -273,13 +273,13 @@ implements X509Extension {
/** /**
* Returns the subject (subject distinguished name) value from the * Returns the subject (subject distinguished name) value from the
* certificate as an <code>X500Principal</code>. If the subject value * certificate as an {@code X500Principal}. If the subject value
* is empty, then the <code>getName()</code> method of the returned * is empty, then the {@code getName()} method of the returned
* <code>X500Principal</code> object returns an empty string (""). * {@code X500Principal} object returns an empty string ("").
* <p> * <p>
* It is recommended that subclasses override this method. * It is recommended that subclasses override this method.
* *
* @return an <code>X500Principal</code> representing the subject * @return an {@code X500Principal} representing the subject
* distinguished name * distinguished name
* @since 1.4 * @since 1.4
*/ */
...@@ -291,7 +291,7 @@ implements X509Extension { ...@@ -291,7 +291,7 @@ implements X509Extension {
} }
/** /**
* Gets the <code>notBefore</code> date from the validity period of * Gets the {@code notBefore} date from the validity period of
* the certificate. * the certificate.
* The relevant ASN.1 definitions are: * The relevant ASN.1 definitions are:
* <pre> * <pre>
...@@ -311,7 +311,7 @@ implements X509Extension { ...@@ -311,7 +311,7 @@ implements X509Extension {
public abstract Date getNotBefore(); public abstract Date getNotBefore();
/** /**
* Gets the <code>notAfter</code> date from the validity period of * Gets the {@code notAfter} date from the validity period of
* the certificate. See {@link #getNotBefore() getNotBefore} * the certificate. See {@link #getNotBefore() getNotBefore}
* for relevant ASN.1 definitions. * for relevant ASN.1 definitions.
* *
...@@ -322,7 +322,7 @@ implements X509Extension { ...@@ -322,7 +322,7 @@ implements X509Extension {
/** /**
* Gets the DER-encoded certificate information, the * Gets the DER-encoded certificate information, the
* <code>tbsCertificate</code> from this certificate. * {@code tbsCertificate} from this certificate.
* This can be used to verify the signature independently. * This can be used to verify the signature independently.
* *
* @return the DER-encoded certificate information. * @return the DER-encoded certificate information.
...@@ -332,7 +332,7 @@ implements X509Extension { ...@@ -332,7 +332,7 @@ implements X509Extension {
throws CertificateEncodingException; throws CertificateEncodingException;
/** /**
* Gets the <code>signature</code> value (the raw signature bits) from * Gets the {@code signature} value (the raw signature bits) from
* the certificate. * the certificate.
* The ASN.1 definition for this is: * The ASN.1 definition for this is:
* <pre> * <pre>
...@@ -357,7 +357,7 @@ implements X509Extension { ...@@ -357,7 +357,7 @@ implements X509Extension {
* -- algorithm object identifier value * -- algorithm object identifier value
* </pre> * </pre>
* *
* <p>The algorithm name is determined from the <code>algorithm</code> * <p>The algorithm name is determined from the {@code algorithm}
* OID string. * OID string.
* *
* @return the signature algorithm name. * @return the signature algorithm name.
...@@ -400,7 +400,7 @@ implements X509Extension { ...@@ -400,7 +400,7 @@ implements X509Extension {
public abstract byte[] getSigAlgParams(); public abstract byte[] getSigAlgParams();
/** /**
* Gets the <code>issuerUniqueID</code> value from the certificate. * Gets the {@code issuerUniqueID} value from the certificate.
* The issuer unique identifier is present in the certificate * The issuer unique identifier is present in the certificate
* to handle the possibility of reuse of issuer names over time. * to handle the possibility of reuse of issuer names over time.
* RFC 3280 recommends that names not be reused and that * RFC 3280 recommends that names not be reused and that
...@@ -420,7 +420,7 @@ implements X509Extension { ...@@ -420,7 +420,7 @@ implements X509Extension {
public abstract boolean[] getIssuerUniqueID(); public abstract boolean[] getIssuerUniqueID();
/** /**
* Gets the <code>subjectUniqueID</code> value from the certificate. * Gets the {@code subjectUniqueID} value from the certificate.
* *
* <p>The ASN.1 definition for this is: * <p>The ASN.1 definition for this is:
* <pre> * <pre>
...@@ -435,7 +435,7 @@ implements X509Extension { ...@@ -435,7 +435,7 @@ implements X509Extension {
/** /**
* Gets a boolean array representing bits of * Gets a boolean array representing bits of
* the <code>KeyUsage</code> extension, (OID = 2.5.29.15). * the {@code KeyUsage} extension, (OID = 2.5.29.15).
* The key usage extension defines the purpose (e.g., encipherment, * The key usage extension defines the purpose (e.g., encipherment,
* signature, certificate signing) of the key contained in the * signature, certificate signing) of the key contained in the
* certificate. * certificate.
...@@ -467,7 +467,7 @@ implements X509Extension { ...@@ -467,7 +467,7 @@ implements X509Extension {
/** /**
* Gets an unmodifiable list of Strings representing the OBJECT * Gets an unmodifiable list of Strings representing the OBJECT
* IDENTIFIERs of the <code>ExtKeyUsageSyntax</code> field of the * IDENTIFIERs of the {@code ExtKeyUsageSyntax} field of the
* extended key usage extension, (OID = 2.5.29.37). It indicates * extended key usage extension, (OID = 2.5.29.37). It indicates
* one or more purposes for which the certified public key may be * one or more purposes for which the certified public key may be
* used, in addition to or in place of the basic purposes * used, in addition to or in place of the basic purposes
...@@ -486,7 +486,7 @@ implements X509Extension { ...@@ -486,7 +486,7 @@ implements X509Extension {
* <p> * <p>
* This method was added to version 1.4 of the Java 2 Platform Standard * This method was added to version 1.4 of the Java 2 Platform Standard
* Edition. In order to maintain backwards compatibility with existing * Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not <code>abstract</code> * service providers, this method is not {@code abstract}
* and it provides a default implementation. Subclasses * and it provides a default implementation. Subclasses
* should override this method with a correct implementation. * should override this method with a correct implementation.
* *
...@@ -503,13 +503,13 @@ implements X509Extension { ...@@ -503,13 +503,13 @@ implements X509Extension {
/** /**
* Gets the certificate constraints path length from the * Gets the certificate constraints path length from the
* critical <code>BasicConstraints</code> extension, (OID = 2.5.29.19). * critical {@code BasicConstraints} extension, (OID = 2.5.29.19).
* <p> * <p>
* The basic constraints extension identifies whether the subject * The basic constraints extension identifies whether the subject
* of the certificate is a Certificate Authority (CA) and * of the certificate is a Certificate Authority (CA) and
* how deep a certification path may exist through that CA. The * how deep a certification path may exist through that CA. The
* <code>pathLenConstraint</code> field (see below) is meaningful * {@code pathLenConstraint} field (see below) is meaningful
* only if <code>cA</code> is set to TRUE. In this case, it gives the * only if {@code cA} is set to TRUE. In this case, it gives the
* maximum number of CA certificates that may follow this certificate in a * maximum number of CA certificates that may follow this certificate in a
* certification path. A value of zero indicates that only an end-entity * certification path. A value of zero indicates that only an end-entity
* certificate may follow in the path. * certificate may follow in the path.
...@@ -521,21 +521,21 @@ implements X509Extension { ...@@ -521,21 +521,21 @@ implements X509Extension {
* pathLenConstraint INTEGER (0..MAX) OPTIONAL } * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
* </pre> * </pre>
* *
* @return the value of <code>pathLenConstraint</code> if the * @return the value of {@code pathLenConstraint} if the
* BasicConstraints extension is present in the certificate and the * BasicConstraints extension is present in the certificate and the
* subject of the certificate is a CA, otherwise -1. * subject of the certificate is a CA, otherwise -1.
* If the subject of the certificate is a CA and * If the subject of the certificate is a CA and
* <code>pathLenConstraint</code> does not appear, * {@code pathLenConstraint} does not appear,
* <code>Integer.MAX_VALUE</code> is returned to indicate that there is no * {@code Integer.MAX_VALUE} is returned to indicate that there is no
* limit to the allowed length of the certification path. * limit to the allowed length of the certification path.
*/ */
public abstract int getBasicConstraints(); public abstract int getBasicConstraints();
/** /**
* Gets an immutable collection of subject alternative names from the * Gets an immutable collection of subject alternative names from the
* <code>SubjectAltName</code> extension, (OID = 2.5.29.17). * {@code SubjectAltName} extension, (OID = 2.5.29.17).
* <p> * <p>
* The ASN.1 definition of the <code>SubjectAltName</code> extension is: * The ASN.1 definition of the {@code SubjectAltName} extension is:
* <pre> * <pre>
* SubjectAltName ::= GeneralNames * SubjectAltName ::= GeneralNames
* *
...@@ -553,23 +553,23 @@ implements X509Extension { ...@@ -553,23 +553,23 @@ implements X509Extension {
* registeredID [8] OBJECT IDENTIFIER} * registeredID [8] OBJECT IDENTIFIER}
* </pre> * </pre>
* <p> * <p>
* If this certificate does not contain a <code>SubjectAltName</code> * If this certificate does not contain a {@code SubjectAltName}
* extension, <code>null</code> is returned. Otherwise, a * extension, {@code null} is returned. Otherwise, a
* <code>Collection</code> is returned with an entry representing each * {@code Collection} is returned with an entry representing each
* <code>GeneralName</code> included in the extension. Each entry is a * {@code GeneralName} included in the extension. Each entry is a
* <code>List</code> whose first entry is an <code>Integer</code> * {@code List} whose first entry is an {@code Integer}
* (the name type, 0-8) and whose second entry is a <code>String</code> * (the name type, 0-8) and whose second entry is a {@code String}
* or a byte array (the name, in string or ASN.1 DER encoded form, * or a byte array (the name, in string or ASN.1 DER encoded form,
* respectively). * respectively).
* <p> * <p>
* <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI * <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI
* names are returned as <code>String</code>s, * names are returned as {@code String}s,
* using the well-established string formats for those types (subject to * using the well-established string formats for those types (subject to
* the restrictions included in RFC 3280). IPv4 address names are * the restrictions included in RFC 3280). IPv4 address names are
* returned using dotted quad notation. IPv6 address names are returned * returned using dotted quad notation. IPv6 address names are returned
* in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
* representing the eight 16-bit pieces of the address. OID names are * representing the eight 16-bit pieces of the address. OID names are
* returned as <code>String</code>s represented as a series of nonnegative * returned as {@code String}s represented as a series of nonnegative
* integers separated by periods. And directory names (distinguished names) * integers separated by periods. And directory names (distinguished names)
* are returned in <a href="http://www.ietf.org/rfc/rfc2253.txt"> * are returned in <a href="http://www.ietf.org/rfc/rfc2253.txt">
* RFC 2253</a> string format. No standard string format is * RFC 2253</a> string format. No standard string format is
...@@ -577,19 +577,19 @@ implements X509Extension { ...@@ -577,19 +577,19 @@ implements X509Extension {
* other type of names. They are returned as byte arrays * other type of names. They are returned as byte arrays
* containing the ASN.1 DER encoded form of the name. * containing the ASN.1 DER encoded form of the name.
* <p> * <p>
* Note that the <code>Collection</code> returned may contain more * Note that the {@code Collection} returned may contain more
* than one name of the same type. Also, note that the returned * than one name of the same type. Also, note that the returned
* <code>Collection</code> is immutable and any entries containing byte * {@code Collection} is immutable and any entries containing byte
* arrays are cloned to protect against subsequent modifications. * arrays are cloned to protect against subsequent modifications.
* <p> * <p>
* This method was added to version 1.4 of the Java 2 Platform Standard * This method was added to version 1.4 of the Java 2 Platform Standard
* Edition. In order to maintain backwards compatibility with existing * Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not <code>abstract</code> * service providers, this method is not {@code abstract}
* and it provides a default implementation. Subclasses * and it provides a default implementation. Subclasses
* should override this method with a correct implementation. * should override this method with a correct implementation.
* *
* @return an immutable <code>Collection</code> of subject alternative * @return an immutable {@code Collection} of subject alternative
* names (or <code>null</code>) * names (or {@code null})
* @throws CertificateParsingException if the extension cannot be decoded * @throws CertificateParsingException if the extension cannot be decoded
* @since 1.4 * @since 1.4
*/ */
...@@ -600,38 +600,38 @@ implements X509Extension { ...@@ -600,38 +600,38 @@ implements X509Extension {
/** /**
* Gets an immutable collection of issuer alternative names from the * Gets an immutable collection of issuer alternative names from the
* <code>IssuerAltName</code> extension, (OID = 2.5.29.18). * {@code IssuerAltName} extension, (OID = 2.5.29.18).
* <p> * <p>
* The ASN.1 definition of the <code>IssuerAltName</code> extension is: * The ASN.1 definition of the {@code IssuerAltName} extension is:
* <pre> * <pre>
* IssuerAltName ::= GeneralNames * IssuerAltName ::= GeneralNames
* </pre> * </pre>
* The ASN.1 definition of <code>GeneralNames</code> is defined * The ASN.1 definition of {@code GeneralNames} is defined
* in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}. * in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}.
* <p> * <p>
* If this certificate does not contain an <code>IssuerAltName</code> * If this certificate does not contain an {@code IssuerAltName}
* extension, <code>null</code> is returned. Otherwise, a * extension, {@code null} is returned. Otherwise, a
* <code>Collection</code> is returned with an entry representing each * {@code Collection} is returned with an entry representing each
* <code>GeneralName</code> included in the extension. Each entry is a * {@code GeneralName} included in the extension. Each entry is a
* <code>List</code> whose first entry is an <code>Integer</code> * {@code List} whose first entry is an {@code Integer}
* (the name type, 0-8) and whose second entry is a <code>String</code> * (the name type, 0-8) and whose second entry is a {@code String}
* or a byte array (the name, in string or ASN.1 DER encoded form, * or a byte array (the name, in string or ASN.1 DER encoded form,
* respectively). For more details about the formats used for each * respectively). For more details about the formats used for each
* name type, see the <code>getSubjectAlternativeNames</code> method. * name type, see the {@code getSubjectAlternativeNames} method.
* <p> * <p>
* Note that the <code>Collection</code> returned may contain more * Note that the {@code Collection} returned may contain more
* than one name of the same type. Also, note that the returned * than one name of the same type. Also, note that the returned
* <code>Collection</code> is immutable and any entries containing byte * {@code Collection} is immutable and any entries containing byte
* arrays are cloned to protect against subsequent modifications. * arrays are cloned to protect against subsequent modifications.
* <p> * <p>
* This method was added to version 1.4 of the Java 2 Platform Standard * This method was added to version 1.4 of the Java 2 Platform Standard
* Edition. In order to maintain backwards compatibility with existing * Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not <code>abstract</code> * service providers, this method is not {@code abstract}
* and it provides a default implementation. Subclasses * and it provides a default implementation. Subclasses
* should override this method with a correct implementation. * should override this method with a correct implementation.
* *
* @return an immutable <code>Collection</code> of issuer alternative * @return an immutable {@code Collection} of issuer alternative
* names (or <code>null</code>) * names (or {@code null})
* @throws CertificateParsingException if the extension cannot be decoded * @throws CertificateParsingException if the extension cannot be decoded
* @since 1.4 * @since 1.4
*/ */
...@@ -649,7 +649,7 @@ implements X509Extension { ...@@ -649,7 +649,7 @@ implements X509Extension {
* *
* This method was added to version 1.8 of the Java Platform Standard * This method was added to version 1.8 of the Java Platform Standard
* Edition. In order to maintain backwards compatibility with existing * Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not <code>abstract</code> * service providers, this method is not {@code abstract}
* and it provides a default implementation. * and it provides a default implementation.
* *
* @param key the PublicKey used to carry out the verification. * @param key the PublicKey used to carry out the verification.
......
src/share/classes/java/security/cert/X509Extension.java
浏览文件 @ c2a5f680
/* /*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -59,9 +59,9 @@ import java.util.Set; ...@@ -59,9 +59,9 @@ import java.util.Set;
* -- the extnId object identifier value * -- the extnId object identifier value
* } * }
* </pre> * </pre>
* Since not all extensions are known, the <code>getExtensionValue</code> * Since not all extensions are known, the {@code getExtensionValue}
* method returns the DER-encoded OCTET STRING of the * method returns the DER-encoded OCTET STRING of the
* extension value (i.e., the <code>extnValue</code>). This can then * extension value (i.e., the {@code extnValue}). This can then
* be handled by a <em>Class</em> that understands the extension. * be handled by a <em>Class</em> that understands the extension.
* *
* @author Hemma Prafullchandra * @author Hemma Prafullchandra
...@@ -72,8 +72,8 @@ public interface X509Extension { ...@@ -72,8 +72,8 @@ public interface X509Extension {
/** /**
* Check if there is a critical extension that is not supported. * Check if there is a critical extension that is not supported.
* *
* @return <tt>true</tt> if a critical extension is found that is * @return {@code true} if a critical extension is found that is
* not supported, otherwise <tt>false</tt>. * not supported, otherwise {@code false}.
*/ */
public boolean hasUnsupportedCriticalExtension(); public boolean hasUnsupportedCriticalExtension();
...@@ -113,28 +113,28 @@ public interface X509Extension { ...@@ -113,28 +113,28 @@ public interface X509Extension {
* *
* Here is sample code to get a Set of non-critical extensions from an * Here is sample code to get a Set of non-critical extensions from an
* X509CRL revoked certificate entry and print the OIDs: * X509CRL revoked certificate entry and print the OIDs:
* <pre><code> * <pre>{@code
* CertificateFactory cf = null; * CertificateFactory cf = null;
* X509CRL crl = null; * X509CRL crl = null;
* try (InputStream inStrm = new FileInputStream("DER-encoded-CRL")) { * try (InputStream inStrm = new FileInputStream("DER-encoded-CRL")) {
* cf = CertificateFactory.getInstance("X.509"); * cf = CertificateFactory.getInstance("X.509");
* crl = (X509CRL)cf.generateCRL(inStrm); * crl = (X509CRL)cf.generateCRL(inStrm);
* }<p> * }
* *
* byte[] certData = &lt;DER-encoded certificate data&gt; * byte[] certData = <DER-encoded certificate data>
* ByteArrayInputStream bais = new ByteArrayInputStream(certData); * ByteArrayInputStream bais = new ByteArrayInputStream(certData);
* X509Certificate cert = (X509Certificate)cf.generateCertificate(bais); * X509Certificate cert = (X509Certificate)cf.generateCertificate(bais);
* X509CRLEntry badCert = * X509CRLEntry badCert =
* crl.getRevokedCertificate(cert.getSerialNumber());<p> * crl.getRevokedCertificate(cert.getSerialNumber());
* *
* if (badCert != null) { * if (badCert != null) {
* Set<String> nonCritSet = badCert.getNonCriticalExtensionOIDs();<p> * Set<String> nonCritSet = badCert.getNonCriticalExtensionOIDs();
* if (nonCritSet != null) * if (nonCritSet != null)
* for (String oid : nonCritSet) { * for (String oid : nonCritSet) {
* System.out.println(oid); * System.out.println(oid);
* } * }
* } * }
* </code></pre> * }</pre>
* *
* @return a Set (or an empty Set if none are marked non-critical) of * @return a Set (or an empty Set if none are marked non-critical) of
* the extension OID strings for extensions that are marked non-critical. * the extension OID strings for extensions that are marked non-critical.
...@@ -145,9 +145,9 @@ public interface X509Extension { ...@@ -145,9 +145,9 @@ public interface X509Extension {
/** /**
* Gets the DER-encoded OCTET string for the extension value * Gets the DER-encoded OCTET string for the extension value
* (<em>extnValue</em>) identified by the passed-in <code>oid</code> * (<em>extnValue</em>) identified by the passed-in {@code oid}
* String. * String.
* The <code>oid</code> string is * The {@code oid} string is
* represented by a set of nonnegative whole numbers separated * represented by a set of nonnegative whole numbers separated
* by periods. * by periods.
* *
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册