diff --git a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrap.java b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrap.java index 9cb338996406e..6eed0a31f92ed 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrap.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrap.java @@ -37,6 +37,9 @@ * * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping" * and represents AES cipher in KW mode. + * + * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf + * Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping */ class AESKeyWrap extends FeedbackCipher { diff --git a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java index 4ae96acbca853..69eaa0df2369a 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java @@ -39,6 +39,9 @@ * * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping" * and represents AES cipher in KWP mode. + * + * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf + * Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping */ class AESKeyWrapPadded extends FeedbackCipher { diff --git a/src/java.base/share/classes/com/sun/crypto/provider/KWUtil.java b/src/java.base/share/classes/com/sun/crypto/provider/KWUtil.java index 7892ca198a8e6..0ddae6dab37fa 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/KWUtil.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/KWUtil.java @@ -35,6 +35,9 @@ * This class acts as the base class for AES KeyWrap algorithms as defined * in * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping" + * + * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf + * Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping */ class KWUtil { diff --git a/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java b/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java index dfd2ec2b04bb5..b53a00ab7a6c8 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java @@ -36,6 +36,9 @@ * This class is the impl class for AES KeyWrap algorithms as defined in * * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping" + * + * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf + * Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping */ abstract class KeyWrapCipher extends CipherSpi { diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java index ecf8d50aab121..2ffee3fe6b8ad 100644 --- a/src/java.base/share/classes/java/security/DrbgParameters.java +++ b/src/java.base/share/classes/java/security/DrbgParameters.java @@ -227,6 +227,9 @@ * Calling {@link SecureRandom#generateSeed(int)} will directly read * from this system default entropy source. * + * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf + * Recommendation for Random Number Generation Using Deterministic Random Bit Generators + * * @since 9 */ public class DrbgParameters { diff --git a/src/java.base/share/classes/java/security/Key.java b/src/java.base/share/classes/java/security/Key.java index 4ba26bf1034b5..0395805e69dff 100644 --- a/src/java.base/share/classes/java/security/Key.java +++ b/src/java.base/share/classes/java/security/Key.java @@ -86,6 +86,10 @@ * Security Appendix * of the Java Object Serialization Specification for more information. * + * @spec serialization/index.html Java Object Serialization Specification + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @see PublicKey * @see PrivateKey * @see KeyPair diff --git a/src/java.base/share/classes/java/security/KeyRep.java b/src/java.base/share/classes/java/security/KeyRep.java index 0a82bf82ae013..fe454b634a8a9 100644 --- a/src/java.base/share/classes/java/security/KeyRep.java +++ b/src/java.base/share/classes/java/security/KeyRep.java @@ -44,6 +44,7 @@ * Security Appendix * of the Java Object Serialization Specification for more information. * + * @spec serialization/index.html Java Object Serialization Specification * @see Key * @see KeyFactory * @see javax.crypto.spec.SecretKeySpec diff --git a/src/java.base/share/classes/java/security/SecureRandom.java b/src/java.base/share/classes/java/security/SecureRandom.java index 6a1683e993c96..05895961c1f7d 100644 --- a/src/java.base/share/classes/java/security/SecureRandom.java +++ b/src/java.base/share/classes/java/security/SecureRandom.java @@ -141,6 +141,11 @@ *
  • {@link SecureRandomSpi#engineReseed(SecureRandomParameters)} * * + * @spec https://www.rfc-editor.org/info/rfc4086 + * RFC 4086: Randomness Requirements for Security + * @spec https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf + * Security Requirements for Cryptographic Modules + * * @see java.security.SecureRandomSpi * @see java.util.Random * diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java index 671529f71a1cb..79184ae38033f 100644 --- a/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java @@ -273,6 +273,7 @@ private static String getProviderProperty(String key, Provider provider) { * * @return the value of the specified property. * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @deprecated This method used to return the value of a proprietary * property in the master file of the "SUN" Cryptographic Service * Provider in order to determine how to parse algorithm-specific @@ -504,6 +505,7 @@ public static Provider getProvider(String name) { * if the filter is not in the required format * @throws NullPointerException if filter is {@code null} * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @see #getProviders(java.util.Map) * @since 1.3 */ @@ -581,6 +583,7 @@ public static Provider[] getProviders(String filter) { * if the filter is not in the required format * @throws NullPointerException if filter is {@code null} * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @see #getProviders(java.lang.String) * @since 1.3 */ diff --git a/src/java.base/share/classes/java/security/cert/CRL.java b/src/java.base/share/classes/java/security/cert/CRL.java index fec267de05180..4d89a9e44371b 100644 --- a/src/java.base/share/classes/java/security/cert/CRL.java +++ b/src/java.base/share/classes/java/security/cert/CRL.java @@ -56,6 +56,8 @@ public abstract class CRL { * "{@docRoot}/../specs/security/standard-names.html"> * Java Security Standard Algorithm Names document * for information about standard CRL types. + * + * @spec security/standard-names.html Java Security Standard Algorithm Names */ protected CRL(String type) { this.type = type; diff --git a/src/java.base/share/classes/java/security/cert/CRLReason.java b/src/java.base/share/classes/java/security/cert/CRLReason.java index 2bc83f3356b29..f0d833d1f6770 100644 --- a/src/java.base/share/classes/java/security/cert/CRLReason.java +++ b/src/java.base/share/classes/java/security/cert/CRLReason.java @@ -31,6 +31,9 @@ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL * Profile. * + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @author Sean Mullan * @since 1.7 * @see X509CRLEntry#getRevocationReason diff --git a/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java b/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java index d36fcafd3e062..bc82310969463 100644 --- a/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java +++ b/src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java @@ -81,14 +81,13 @@ * necessary locking. Multiple threads each manipulating separate objects * need not synchronize. * + * @spec https://www.rfc-editor.org/info/rfc2560 + * RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate + * Status Protocol - OCSP + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @since 1.8 - * - * @see RFC 2560: X.509 - * Internet Public Key Infrastructure Online Certificate Status Protocol - - * OCSP - * @see RFC 5280: - * Internet X.509 Public Key Infrastructure Certificate and Certificate - * Revocation List (CRL) Profile */ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker { private URI ocspResponder; diff --git a/src/java.base/share/classes/java/security/cert/TrustAnchor.java b/src/java.base/share/classes/java/security/cert/TrustAnchor.java index 2626bcf3c2ddd..1e13f115b7979 100644 --- a/src/java.base/share/classes/java/security/cert/TrustAnchor.java +++ b/src/java.base/share/classes/java/security/cert/TrustAnchor.java @@ -125,6 +125,10 @@ public class TrustAnchor { * decoded * @throws NullPointerException if the specified * {@code X509Certificate} is {@code null} + * + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile */ public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) { @@ -207,6 +211,10 @@ public TrustAnchor(X500Principal caPrincipal, PublicKey pubKey, * or incorrectly formatted or the name constraints cannot be decoded * @throws NullPointerException if the specified {@code caName} or * {@code pubKey} parameter is {@code null} + * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names */ public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints) { diff --git a/src/java.base/share/classes/java/security/cert/X509CRL.java b/src/java.base/share/classes/java/security/cert/X509CRL.java index f014c9b82c8c8..94fa9a4a5f988 100644 --- a/src/java.base/share/classes/java/security/cert/X509CRL.java +++ b/src/java.base/share/classes/java/security/cert/X509CRL.java @@ -95,6 +95,9 @@ * } * } * + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @author Hemma Prafullchandra * @since 1.2 * @@ -460,6 +463,11 @@ public X509CRLEntry getRevokedCertificate(X509Certificate certificate) { * relevant ASN.1 definitions. * * @return the signature algorithm OID string. + * + * @spec https://www.rfc-editor.org/info/rfc3279 + * RFC 3279: Algorithms and Identifiers for the Internet X.509 + * Public Key Infrastructure Certificate and Certificate + * Revocation List (CRL) Profile */ public abstract String getSigAlgOID(); diff --git a/src/java.base/share/classes/java/security/cert/X509CRLSelector.java b/src/java.base/share/classes/java/security/cert/X509CRLSelector.java index 337dcc6342ddb..f3ef9be9ede5d 100644 --- a/src/java.base/share/classes/java/security/cert/X509CRLSelector.java +++ b/src/java.base/share/classes/java/security/cert/X509CRLSelector.java @@ -65,6 +65,9 @@ * provide the necessary locking. Multiple threads each manipulating * separate objects need not synchronize. * + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @see CRLSelector * @see X509CRL * @@ -193,6 +196,10 @@ public void setIssuers(Collection issuers) { * * @param names a {@code Collection} of names (or {@code null}) * @throws IOException if a parsing error occurs + * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names * @see #getIssuerNames */ public void setIssuerNames(Collection names) throws IOException { @@ -238,6 +245,9 @@ public void addIssuer(X500Principal issuer) { * RFC 2253 form * @throws IOException if a parsing error occurs * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names * @deprecated Use {@link #addIssuer(X500Principal)} or * {@link #addIssuerName(byte[])} instead. This method should not be * relied on as it can fail to match some CRLs because of a loss of @@ -493,6 +503,10 @@ public Collection getIssuers() { * protect against subsequent modifications. * * @return a {@code Collection} of names (or {@code null}) + * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names * @see #setIssuerNames */ public Collection getIssuerNames() { diff --git a/src/java.base/share/classes/java/security/cert/X509CertSelector.java b/src/java.base/share/classes/java/security/cert/X509CertSelector.java index c472d58b473f6..25844690c939a 100644 --- a/src/java.base/share/classes/java/security/cert/X509CertSelector.java +++ b/src/java.base/share/classes/java/security/cert/X509CertSelector.java @@ -74,6 +74,9 @@ * provide the necessary locking. Multiple threads each manipulating * separate objects need not synchronize. * + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @see CertSelector * @see X509Certificate * @@ -198,6 +201,9 @@ public void setIssuer(X500Principal issuer) { * (or {@code null}) * @throws IOException if a parsing error occurs (incorrect form for DN) * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names * @deprecated Use {@link #setIssuer(X500Principal)} or * {@link #setIssuer(byte[])} instead. This method should not be relied on * as it can fail to match some certificates because of a loss of encoding @@ -290,6 +296,9 @@ public void setSubject(X500Principal subject) { * (or {@code null}) * @throws IOException if a parsing error occurs (incorrect form for DN) * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names * @deprecated Use {@link #setSubject(X500Principal)} or * {@link #setSubject(byte[])} instead. This method should not be relied * on as it can fail to match some certificates because of a loss of @@ -732,6 +741,12 @@ public void setSubjectAlternativeNames(Collection> names) * RFC 5280, section 4.2.1.6) * @param name the name in string form (not {@code null}) * @throws IOException if a parsing error occurs + * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names + * @spec https://www.rfc-editor.org/info/rfc822 + * RFC 822: STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES */ public void addSubjectAlternativeName(int type, String name) throws IOException { @@ -1281,6 +1296,9 @@ public X500Principal getIssuer() { * @return the required issuer distinguished name in RFC 2253 format * (or {@code null}) * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names * @deprecated Use {@link #getIssuer()} or {@link #getIssuerAsBytes()} * instead. This method should not be relied on as it can fail to match * some certificates because of a loss of encoding information in the @@ -1340,6 +1358,9 @@ public X500Principal getSubject() { * @return the required subject distinguished name in RFC 2253 format * (or {@code null}) * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names * @deprecated Use {@link #getSubject()} or {@link #getSubjectAsBytes()} * instead. This method should not be relied on as it can fail to match * some certificates because of a loss of encoding information in the diff --git a/src/java.base/share/classes/java/security/cert/X509Certificate.java b/src/java.base/share/classes/java/security/cert/X509Certificate.java index 22f2423145dbc..79f37a82d47bb 100644 --- a/src/java.base/share/classes/java/security/cert/X509Certificate.java +++ b/src/java.base/share/classes/java/security/cert/X509Certificate.java @@ -95,6 +95,9 @@ * } * * + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @author Hemma Prafullchandra * @since 1.2 * @@ -386,6 +389,11 @@ public abstract byte[] getTBSCertificate() * relevant ASN.1 definitions. * * @return the signature algorithm OID string. + * + * @spec https://www.rfc-editor.org/info/rfc3279 + * RFC 3279: Algorithms and Identifiers for the Internet X.509 + * Public Key Infrastructure Certificate and Certificate + * Revocation List (CRL) Profile */ public abstract String getSigAlgOID(); @@ -614,6 +622,12 @@ public List getExtendedKeyUsage() throws CertificateParsingException { * @return an immutable {@code Collection} of subject alternative * names (or {@code null}) * @throws CertificateParsingException if the extension cannot be decoded + * + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names + * @spec https://www.rfc-editor.org/info/rfc822 + * RFC 822: STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES * @since 1.4 */ public Collection> getSubjectAlternativeNames() diff --git a/src/java.base/share/classes/java/security/cert/package-info.java b/src/java.base/share/classes/java/security/cert/package-info.java index 0a5f0b7b532bc..b8d9b2b1c3d12 100644 --- a/src/java.base/share/classes/java/security/cert/package-info.java +++ b/src/java.base/share/classes/java/security/cert/package-info.java @@ -52,6 +52,10 @@ *
  • {@extLink security_guide_pki Java PKI Programmer's Guide} * * + * @spec security/standard-names.html Java Security Standard Algorithm Names + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @since 1.2 */ package java.security.cert; diff --git a/src/java.base/share/classes/java/security/interfaces/EdECKey.java b/src/java.base/share/classes/java/security/interfaces/EdECKey.java index bec29eeed8e93..45fcce518d9b1 100644 --- a/src/java.base/share/classes/java/security/interfaces/EdECKey.java +++ b/src/java.base/share/classes/java/security/interfaces/EdECKey.java @@ -35,6 +35,8 @@ * This interface allows access to the algorithm parameters associated with * the key. * + * @spec https://www.rfc-editor.org/info/rfc8032 + * RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) * @since 15 */ public interface EdECKey { diff --git a/src/java.base/share/classes/java/security/interfaces/EdECPrivateKey.java b/src/java.base/share/classes/java/security/interfaces/EdECPrivateKey.java index 826b52650eaf4..c4cea22274ef5 100644 --- a/src/java.base/share/classes/java/security/interfaces/EdECPrivateKey.java +++ b/src/java.base/share/classes/java/security/interfaces/EdECPrivateKey.java @@ -39,6 +39,8 @@ * string lengths that are a multiple of 8, and the key is represented using * a byte array. * + * @spec https://www.rfc-editor.org/info/rfc8032 + * RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) * @since 15 */ public interface EdECPrivateKey extends EdECKey, PrivateKey { diff --git a/src/java.base/share/classes/java/security/interfaces/EdECPublicKey.java b/src/java.base/share/classes/java/security/interfaces/EdECPublicKey.java index d2e2641165122..3e8787de4ccca 100644 --- a/src/java.base/share/classes/java/security/interfaces/EdECPublicKey.java +++ b/src/java.base/share/classes/java/security/interfaces/EdECPublicKey.java @@ -37,6 +37,8 @@ * An Edwards-Curve public key is a point on the curve, which is represented using an * EdECPoint. * + * @spec https://www.rfc-editor.org/info/rfc8032 + * RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) * @since 15 */ public interface EdECPublicKey extends EdECKey, PublicKey { diff --git a/src/java.base/share/classes/java/security/interfaces/RSAKey.java b/src/java.base/share/classes/java/security/interfaces/RSAKey.java index f28a76869db99..94c956dc4a9fb 100644 --- a/src/java.base/share/classes/java/security/interfaces/RSAKey.java +++ b/src/java.base/share/classes/java/security/interfaces/RSAKey.java @@ -33,6 +33,8 @@ * PKCS#1 v2.2 standard, * such as those for RSA, or RSASSA-PSS algorithms. * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @author Jan Luehe * * @see RSAPublicKey diff --git a/src/java.base/share/classes/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java b/src/java.base/share/classes/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java index 079130e5fb5f9..725721490e99e 100644 --- a/src/java.base/share/classes/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java +++ b/src/java.base/share/classes/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java @@ -33,6 +33,8 @@ * PKCS#1 v2.2 standard, * using the Chinese Remainder Theorem (CRT) information values. * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @author Valerie Peng * * diff --git a/src/java.base/share/classes/java/security/interfaces/RSAPrivateCrtKey.java b/src/java.base/share/classes/java/security/interfaces/RSAPrivateCrtKey.java index 1b2bed7f9c1bc..2c0238c86484f 100644 --- a/src/java.base/share/classes/java/security/interfaces/RSAPrivateCrtKey.java +++ b/src/java.base/share/classes/java/security/interfaces/RSAPrivateCrtKey.java @@ -32,6 +32,8 @@ * PKCS#1 v2.2 standard, * using the Chinese Remainder Theorem (CRT) information values. * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @author Jan Luehe * @since 1.2 * diff --git a/src/java.base/share/classes/java/security/package-info.java b/src/java.base/share/classes/java/security/package-info.java index ecbf629cbd912..1f60945a3c5f3 100644 --- a/src/java.base/share/classes/java/security/package-info.java +++ b/src/java.base/share/classes/java/security/package-info.java @@ -79,6 +79,7 @@ * * * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @since 1.1 */ package java.security; diff --git a/src/java.base/share/classes/java/security/spec/DSAGenParameterSpec.java b/src/java.base/share/classes/java/security/spec/DSAGenParameterSpec.java index b51f1f54904a6..7ee9248358366 100644 --- a/src/java.base/share/classes/java/security/spec/DSAGenParameterSpec.java +++ b/src/java.base/share/classes/java/security/spec/DSAGenParameterSpec.java @@ -29,6 +29,9 @@ * generating DSA parameters as specified in * FIPS 186-3 Digital Signature Standard (DSS). * + * @spec https://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf + * FIPS 186-3 Digital Signature Standard (DSS) + * * @see AlgorithmParameterSpec * * @since 1.8 diff --git a/src/java.base/share/classes/java/security/spec/EdDSAParameterSpec.java b/src/java.base/share/classes/java/security/spec/EdDSAParameterSpec.java index 673e9377b1408..e02f020f38469 100644 --- a/src/java.base/share/classes/java/security/spec/EdDSAParameterSpec.java +++ b/src/java.base/share/classes/java/security/spec/EdDSAParameterSpec.java @@ -41,6 +41,8 @@ *
  • Otherwise, the mode is Ed25519 or Ed448
    • * * + * @spec https://www.rfc-editor.org/info/rfc8032 + * RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) * @since 15 */ diff --git a/src/java.base/share/classes/java/security/spec/EdECPoint.java b/src/java.base/share/classes/java/security/spec/EdECPoint.java index cb080f8557d3d..fe5cf2f151cf9 100644 --- a/src/java.base/share/classes/java/security/spec/EdECPoint.java +++ b/src/java.base/share/classes/java/security/spec/EdECPoint.java @@ -42,6 +42,8 @@ * {@code BigInteger}, and implementations that consume objects of this class * may reject integer values which are not in the range [0, p). * + * @spec https://www.rfc-editor.org/info/rfc8032 + * RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) * @since 15 */ diff --git a/src/java.base/share/classes/java/security/spec/EdECPrivateKeySpec.java b/src/java.base/share/classes/java/security/spec/EdECPrivateKeySpec.java index 370dfc92e5903..2722c7465a577 100644 --- a/src/java.base/share/classes/java/security/spec/EdECPrivateKeySpec.java +++ b/src/java.base/share/classes/java/security/spec/EdECPrivateKeySpec.java @@ -34,6 +34,8 @@ * a byte array. This class only supports bit string lengths that are a * multiple of 8. * + * @spec https://www.rfc-editor.org/info/rfc8032 + * RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) * @since 15 */ public final class EdECPrivateKeySpec implements KeySpec { diff --git a/src/java.base/share/classes/java/security/spec/EdECPublicKeySpec.java b/src/java.base/share/classes/java/security/spec/EdECPublicKeySpec.java index fc52b3b7968e3..c2a501a9f4026 100644 --- a/src/java.base/share/classes/java/security/spec/EdECPublicKeySpec.java +++ b/src/java.base/share/classes/java/security/spec/EdECPublicKeySpec.java @@ -33,6 +33,8 @@ * algorithm parameters. The public key is a point on the curve, which is * represented using an {@code EdECPoint}. * + * @spec https://www.rfc-editor.org/info/rfc8032 + * RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) * @since 15 */ public final class EdECPublicKeySpec implements KeySpec { diff --git a/src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java b/src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java index 64e8801501588..7a68b05040893 100644 --- a/src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java +++ b/src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java @@ -55,6 +55,8 @@ * ... -- Allows for future expansion -- * } * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @see PSSParameterSpec * @see javax.crypto.spec.OAEPParameterSpec * diff --git a/src/java.base/share/classes/java/security/spec/PSSParameterSpec.java b/src/java.base/share/classes/java/security/spec/PSSParameterSpec.java index d6f051995998f..ff9fdb4c14b60 100644 --- a/src/java.base/share/classes/java/security/spec/PSSParameterSpec.java +++ b/src/java.base/share/classes/java/security/spec/PSSParameterSpec.java @@ -65,6 +65,8 @@ * } * * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @see MGF1ParameterSpec * @see AlgorithmParameterSpec * @see java.security.Signature @@ -96,6 +98,8 @@ public class PSSParameterSpec implements AlgorithmParameterSpec { /** * The PSS parameter set with all default values. + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @deprecated This field uses the default values defined in the PKCS #1 * standard. Some of these defaults are no longer recommended due * to advances in cryptanalysis -- see the @@ -159,6 +163,8 @@ public PSSParameterSpec(String mdName, String mgfName, * @param saltLen the length of salt in bytes * @throws IllegalArgumentException if {@code saltLen} is * less than 0 + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @deprecated This constructor uses the default values defined in * the PKCS #1 standard except for the salt length. Some of these * defaults are no longer recommended due to advances in diff --git a/src/java.base/share/classes/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java b/src/java.base/share/classes/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java index cdb55b97418e9..f1562aa031f90 100644 --- a/src/java.base/share/classes/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java +++ b/src/java.base/share/classes/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java @@ -34,6 +34,8 @@ * using the Chinese Remainder Theorem (CRT) information values * for efficiency. * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @author Valerie Peng * * diff --git a/src/java.base/share/classes/java/security/spec/RSAOtherPrimeInfo.java b/src/java.base/share/classes/java/security/spec/RSAOtherPrimeInfo.java index b434075c6834e..3030ada299987 100644 --- a/src/java.base/share/classes/java/security/spec/RSAOtherPrimeInfo.java +++ b/src/java.base/share/classes/java/security/spec/RSAOtherPrimeInfo.java @@ -42,6 +42,8 @@ * * * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @author Valerie Peng * * diff --git a/src/java.base/share/classes/java/security/spec/RSAPrivateCrtKeySpec.java b/src/java.base/share/classes/java/security/spec/RSAPrivateCrtKeySpec.java index c8bed964b0eb9..fcfcec0249a56 100644 --- a/src/java.base/share/classes/java/security/spec/RSAPrivateCrtKeySpec.java +++ b/src/java.base/share/classes/java/security/spec/RSAPrivateCrtKeySpec.java @@ -32,6 +32,8 @@ * PKCS#1 v2.2 standard, * using the Chinese Remainder Theorem (CRT) information values for efficiency. * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @author Jan Luehe * @since 1.2 * diff --git a/src/java.base/share/classes/javax/crypto/Cipher.java b/src/java.base/share/classes/javax/crypto/Cipher.java index 3e692b37b79e4..dca5d6bb40062 100644 --- a/src/java.base/share/classes/javax/crypto/Cipher.java +++ b/src/java.base/share/classes/javax/crypto/Cipher.java @@ -164,6 +164,10 @@ * Consult the release documentation for your implementation to see if any * other transformations are supported. * + * @spec https://www.rfc-editor.org/info/rfc5116 + * RFC 5116: An Interface and Algorithms for Authenticated Encryption + * @spec https://www.rfc-editor.org/info/rfc7539 + * RFC 7539: ChaCha20 and Poly1305 for IETF Protocols * @author Jan Luehe * @see KeyGenerator * @see SecretKey diff --git a/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java b/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java index e08f994545022..698548d373f80 100644 --- a/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java +++ b/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java @@ -137,6 +137,8 @@ public EncryptedPrivateKeyInfo(byte[] encoded) throws IOException { * is empty, i.e. 0-length. * @exception NoSuchAlgorithmException if the specified algName is * not supported. + * + * @spec security/standard-names.html Java Security Standard Algorithm Names */ public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData) throws NoSuchAlgorithmException { @@ -226,6 +228,8 @@ public EncryptedPrivateKeyInfo(AlgorithmParameters algParams, * for information about standard Cipher algorithm names. * * @return the encryption algorithm name. + * + * @spec security/standard-names.html Java Security Standard Algorithm Names */ public String getAlgName() { return algid == null ? params.getAlgorithm() : algid.getName(); diff --git a/src/java.base/share/classes/javax/crypto/package-info.java b/src/java.base/share/classes/javax/crypto/package-info.java index 159823f0fa701..e4c9d4fca0724 100644 --- a/src/java.base/share/classes/javax/crypto/package-info.java +++ b/src/java.base/share/classes/javax/crypto/package-info.java @@ -59,6 +59,7 @@ * How to Implement a Provider in the Java Cryptography Architecture} * * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @since 1.4 */ package javax.crypto; diff --git a/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java index 75c0526946042..6c235a63f4027 100644 --- a/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/ChaCha20ParameterSpec.java @@ -39,6 +39,8 @@ *

    This class can be used to initialize a {@code Cipher} object that * implements the ChaCha20 algorithm. * + * @spec https://www.rfc-editor.org/info/rfc7539 + * RFC 7539: ChaCha20 and Poly1305 for IETF Protocols * @since 11 */ public final class ChaCha20ParameterSpec implements AlgorithmParameterSpec { diff --git a/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java index 879d729c2ca0f..2e48383153b18 100644 --- a/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/GCMParameterSpec.java @@ -56,6 +56,12 @@ * applications. Other values can be specified for this class, but not * all CSP implementations will support them. * + * @spec https://www.rfc-editor.org/info/rfc5116 + * RFC 5116: An Interface and Algorithms for Authenticated Encryption + * @spec https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf + * Recommendation for Block Cipher Modes of Operation: Galois/Counter + * Mode (GCM) and GMAC + * * @see javax.crypto.Cipher * * @since 1.7 diff --git a/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java index efc8f3708770f..b4ed49a3393a6 100644 --- a/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java @@ -72,6 +72,8 @@ * EncodingParameters ::= OCTET STRING(SIZE(0..MAX)) * * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @see java.security.spec.MGF1ParameterSpec * @see PSource * diff --git a/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java index b21b610e78040..edd8b994501c1 100644 --- a/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java @@ -54,6 +54,8 @@ * this class requests the password as a char array, so it can be overwritten * when done. * + * @spec https://www.rfc-editor.org/info/rfc2898 + * RFC 2898: PKCS #5: Password-Based Cryptography Specification Version 2.0 * @author Jan Luehe * @author Valerie Peng * diff --git a/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java index 84d175dfd9f7d..6ed31e7e008b5 100644 --- a/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/PBEParameterSpec.java @@ -33,6 +33,8 @@ * PKCS #5 * standard. * + * @spec https://www.rfc-editor.org/info/rfc2898 + * RFC 2898: PKCS #5: Password-Based Cryptography Specification Version 2.0 * @author Jan Luehe * * @since 1.4 diff --git a/src/java.base/share/classes/javax/crypto/spec/PSource.java b/src/java.base/share/classes/javax/crypto/spec/PSource.java index 1cd57c6f03b2c..4f21ddfbe21d7 100644 --- a/src/java.base/share/classes/javax/crypto/spec/PSource.java +++ b/src/java.base/share/classes/javax/crypto/spec/PSource.java @@ -42,6 +42,9 @@ * } * EncodingParameters ::= OCTET STRING(SIZE(0..MAX)) * + * + * @spec https://www.rfc-editor.org/info/rfc8017 + * RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 * @author Valerie Peng * * @since 1.5 diff --git a/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java index 16812dcc3892f..a2893a6c847b7 100644 --- a/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java @@ -38,6 +38,8 @@ *

    This class can be used to initialize a {@code Cipher} object that * implements the RC2 algorithm. * + * @spec https://www.rfc-editor.org/info/rfc2268 + * RFC 2268: A Description of the RC2(r) Encryption Algorithm * @author Jan Luehe * * @since 1.4 diff --git a/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java index 4bee63d993235..f7ae07b9eb019 100644 --- a/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java @@ -40,6 +40,8 @@ * RSA Security LLC, * or any parties authorized by RSA Security. * + * @spec https://www.rfc-editor.org/info/rfc2040 + * RFC 2040: The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms * @author Jan Luehe * * @since 1.4 diff --git a/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java index 5517d88157d94..83b71479af932 100644 --- a/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java @@ -95,6 +95,8 @@ public class SecretKeySpec implements KeySpec, SecretKey { * for information about standard algorithm names. * @exception IllegalArgumentException if algorithm * is null or key is null or empty. + * + * @spec security/standard-names.html Java Security Standard Algorithm Names */ public SecretKeySpec(byte[] key, String algorithm) { if (key == null || algorithm == null) { @@ -143,6 +145,8 @@ public SecretKeySpec(byte[] key, String algorithm) { * @exception ArrayIndexOutOfBoundsException is thrown if * offset or len index bytes outside the * key. + * + * @spec security/standard-names.html Java Security Standard Algorithm Names */ public SecretKeySpec(byte[] key, int offset, int len, String algorithm) { if (key == null || algorithm == null) { diff --git a/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java b/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java index c1ddf221ab503..6b67d81a881c7 100644 --- a/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java +++ b/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java @@ -63,6 +63,7 @@ public ExtendedSSLSession() {} * order of preference. The return value is an empty array if * no signature algorithm is supported. * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @see SSLParameters#getAlgorithmConstraints */ public abstract String[] getLocalSupportedSignatureAlgorithms(); @@ -86,6 +87,7 @@ public ExtendedSSLSession() {} * order of preference. The return value is an empty array if * the peer has not sent the supported signature algorithms. * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @see X509KeyManager * @see X509ExtendedKeyManager */ diff --git a/src/java.base/share/classes/javax/net/ssl/SNIHostName.java b/src/java.base/share/classes/javax/net/ssl/SNIHostName.java index 5abb9df1200f3..8cba361eee0b2 100644 --- a/src/java.base/share/classes/javax/net/ssl/SNIHostName.java +++ b/src/java.base/share/classes/javax/net/ssl/SNIHostName.java @@ -53,6 +53,11 @@ *

    * Note that {@code SNIHostName} objects are immutable. * + * @spec https://www.rfc-editor.org/info/rfc5890 + * RFC 5890: Internationalized Domain Names for Applications (IDNA): + * Definitions and Document Framework + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions * @see SNIServerName * @see StandardConstants#SNI_HOST_NAME * @@ -92,6 +97,15 @@ public final class SNIHostName extends SNIServerName { * * @throws NullPointerException if {@code hostname} is {@code null} * @throws IllegalArgumentException if {@code hostname} is illegal + * + * @spec https://www.rfc-editor.org/info/rfc1122 + * RFC 1122: Requirements for Internet Hosts - Communication Layers + * @spec https://www.rfc-editor.org/info/rfc1123 + * RFC 1123: Requirements for Internet Hosts - Application and Support + * @spec https://www.rfc-editor.org/info/rfc3490 + * RFC 3490: Internationalizing Domain Names in Applications (IDNA) + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions */ public SNIHostName(String hostname) { // IllegalArgumentException will be thrown if {@code hostname} is @@ -159,6 +173,17 @@ public SNIHostName(String hostname) { * * @throws NullPointerException if {@code encoded} is {@code null} * @throws IllegalArgumentException if {@code encoded} is illegal + * + * @spec https://www.rfc-editor.org/info/rfc1122 + * RFC 1122: Requirements for Internet Hosts - Communication Layers + * @spec https://www.rfc-editor.org/info/rfc1123 + * RFC 1123: Requirements for Internet Hosts - Application and Support + * @spec https://www.rfc-editor.org/info/rfc3490 + * RFC 3490: Internationalizing Domain Names in Applications (IDNA) + * @spec https://www.rfc-editor.org/info/rfc4366 + * RFC 4366: Transport Layer Security (TLS) Extensions + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions */ public SNIHostName(byte[] encoded) { // NullPointerException will be thrown if {@code encoded} is null @@ -198,6 +223,11 @@ public SNIHostName(byte[] encoded) { * * @return the {@link StandardCharsets#US_ASCII}-compliant hostname * of this {@code SNIHostName} object + * + * @spec https://www.rfc-editor.org/info/rfc5890 + * RFC 5890: Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions */ public String getAsciiName() { return hostname; @@ -215,6 +245,9 @@ public String getAsciiName() { * the other server name object to compare with. * @return true if, and only if, the {@code other} is considered * equal to this instance + * + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions */ @Override public boolean equals(Object other) { diff --git a/src/java.base/share/classes/javax/net/ssl/SNIServerName.java b/src/java.base/share/classes/javax/net/ssl/SNIServerName.java index 142bb33de8ed2..9a76dff038035 100644 --- a/src/java.base/share/classes/javax/net/ssl/SNIServerName.java +++ b/src/java.base/share/classes/javax/net/ssl/SNIServerName.java @@ -41,6 +41,8 @@ * {@code SNIServerName} objects are immutable. Subclasses should not provide * methods that can change the state of an instance once it has been created. * + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions * @see SSLParameters#getServerNames() * @see SSLParameters#setServerNames(List) * diff --git a/src/java.base/share/classes/javax/net/ssl/SSLEngine.java b/src/java.base/share/classes/javax/net/ssl/SSLEngine.java index 9a74c69f9f5ca..07afa921292c9 100644 --- a/src/java.base/share/classes/javax/net/ssl/SSLEngine.java +++ b/src/java.base/share/classes/javax/net/ssl/SSLEngine.java @@ -413,6 +413,8 @@ * because there is no way to guarantee the eventual packet ordering. * * + * @spec https://www.rfc-editor.org/info/rfc2246 + * RFC 2246: The TLS Protocol Version 1.0 * @see SSLContext * @see SSLSocket * @see SSLServerSocket @@ -859,6 +861,8 @@ public abstract SSLEngineResult unwrap(ByteBuffer src, * if this engine has not received the proper SSL/TLS/DTLS close * notification message from the peer. * + * @spec https://www.rfc-editor.org/info/rfc2246 + * RFC 2246: The TLS Protocol Version 1.0 * @see #isInboundDone() * @see #isOutboundDone() */ @@ -1351,6 +1355,8 @@ public void setSSLParameters(SSLParameters params) { * Application-Layer Protocol Negotiation (ALPN), can negotiate * application-level values between peers. * + * @spec https://www.rfc-editor.org/info/rfc7301 + * RFC 7301: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension * @implSpec * The implementation in this class throws * {@code UnsupportedOperationException} and performs no other action. diff --git a/src/java.base/share/classes/javax/net/ssl/SSLParameters.java b/src/java.base/share/classes/javax/net/ssl/SSLParameters.java index 0d4872f90510f..99000d8fb053c 100644 --- a/src/java.base/share/classes/javax/net/ssl/SSLParameters.java +++ b/src/java.base/share/classes/javax/net/ssl/SSLParameters.java @@ -298,6 +298,7 @@ public String getEndpointIdentificationAlgorithm() { * Java Security Standard Algorithm Names document * for information about standard algorithm names. * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @see X509ExtendedTrustManager * * @since 1.7 @@ -672,6 +673,9 @@ public String[] getApplicationProtocols() { * @throws IllegalArgumentException if protocols is null, or if * any element in a non-empty array is null or an * empty (zero-length) string + * + * @spec https://www.rfc-editor.org/info/rfc7301 + * RFC 7301: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension * @see #getApplicationProtocols * @since 9 */ diff --git a/src/java.base/share/classes/javax/net/ssl/SSLSocket.java b/src/java.base/share/classes/javax/net/ssl/SSLSocket.java index d0c3c9ac2ddae..a464a86a455bb 100644 --- a/src/java.base/share/classes/javax/net/ssl/SSLSocket.java +++ b/src/java.base/share/classes/javax/net/ssl/SSLSocket.java @@ -770,6 +770,9 @@ public void setSSLParameters(SSLParameters params) { * if a value was successfully negotiated. * @throws UnsupportedOperationException if the underlying provider * does not implement the operation. + * + * @spec https://www.rfc-editor.org/info/rfc7301 + * RFC 7301: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension * @since 9 */ public String getApplicationProtocol() { diff --git a/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java b/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java index bd7c3d0157aac..0723ce1764c84 100644 --- a/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java +++ b/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java @@ -198,6 +198,8 @@ public abstract Socket createSocket(Socket s, String host, * does not implement the operation * @throws NullPointerException if {@code s} is {@code null} * + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions * @since 1.8 */ public Socket createSocket(Socket s, InputStream consumed, diff --git a/src/java.base/share/classes/javax/net/ssl/StandardConstants.java b/src/java.base/share/classes/javax/net/ssl/StandardConstants.java index 8e1df977b977f..34472be702a1b 100644 --- a/src/java.base/share/classes/javax/net/ssl/StandardConstants.java +++ b/src/java.base/share/classes/javax/net/ssl/StandardConstants.java @@ -49,6 +49,8 @@ private StandardConstants() { *

    * The value of this constant is {@value}. * + * @spec https://www.rfc-editor.org/info/rfc6066 + * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions * @see SNIServerName * @see SNIHostName */ diff --git a/src/java.base/share/classes/javax/net/ssl/package-info.java b/src/java.base/share/classes/javax/net/ssl/package-info.java index f41b3b7f19a8b..39ff1a73b9f0c 100644 --- a/src/java.base/share/classes/javax/net/ssl/package-info.java +++ b/src/java.base/share/classes/javax/net/ssl/package-info.java @@ -36,6 +36,7 @@ * * * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @since 1.4 */ package javax.net.ssl; diff --git a/src/java.base/share/classes/javax/security/auth/login/package-info.java b/src/java.base/share/classes/javax/security/auth/login/package-info.java index 70d25f1acaa8b..939868bcf2521 100644 --- a/src/java.base/share/classes/javax/security/auth/login/package-info.java +++ b/src/java.base/share/classes/javax/security/auth/login/package-info.java @@ -33,6 +33,7 @@ * * * + * @spec security/standard-names.html Java Security Standard Algorithm Names * @since 1.4 */ package javax.security.auth.login; diff --git a/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java b/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java index e2c8795a2e21a..ebb59a8809570 100644 --- a/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java +++ b/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java @@ -58,6 +58,14 @@ * {@code X509Certificate} return X500Principals representing the * issuer and subject fields of the certificate. * + * @spec https://www.rfc-editor.org/info/rfc1779 + * RFC 1779: A String Representation of Distinguished Names + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @see java.security.cert.X509Certificate * @since 1.4 */ @@ -124,6 +132,10 @@ public final class X500Principal implements Principal, java.io.Serializable { * is {@code null} * @exception IllegalArgumentException if the {@code name} * is improperly specified + * + * @spec https://www.rfc-editor.org/info/rfc4512 + * RFC 4512: Lightweight Directory Access Protocol (LDAP): + * Directory Information Models */ public X500Principal(String name) { this(name, Collections.emptyMap()); @@ -164,6 +176,10 @@ public X500Principal(String name) { * @exception IllegalArgumentException if the {@code name} is * improperly specified or a keyword in the {@code name} maps to an * OID that is not in the correct form + * + * @spec https://www.rfc-editor.org/info/rfc4512 + * RFC 4512: Lightweight Directory Access Protocol (LDAP): + * Directory Information Models * @since 1.6 */ public X500Principal(String name, Map keywordMap) { diff --git a/src/java.base/share/classes/javax/security/auth/x500/package-info.java b/src/java.base/share/classes/javax/security/auth/x500/package-info.java index 45859a79bedf0..de107087ceaee 100644 --- a/src/java.base/share/classes/javax/security/auth/x500/package-info.java +++ b/src/java.base/share/classes/javax/security/auth/x500/package-info.java @@ -44,6 +44,17 @@ * Directory Information Models * * + * @spec https://www.rfc-editor.org/info/rfc1779 + * RFC 1779: A String Representation of Distinguished Names + * @spec https://www.rfc-editor.org/info/rfc2253 + * RFC 2253: Lightweight Directory Access Protocol (v3): + * UTF-8 String Representation of Distinguished Names + * @spec https://www.rfc-editor.org/info/rfc4512 + * RFC 4512: Lightweight Directory Access Protocol (LDAP): + * Directory Information Models + * @spec https://www.rfc-editor.org/info/rfc5280 + * RFC 5280: Internet X.509 Public Key Infrastructure Certificate + * and Certificate Revocation List (CRL) Profile * @since 1.4 */ package javax.security.auth.x500;