8305406: Add @spec tags in java.base/java.* (part 2)

src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrap.java

@@ -37,6 +37,9 @@
  * <a href=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf>
  * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping"</a>
  * and represents AES cipher in KW mode.
+ *
+ * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
+ *      Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
  */
 class AESKeyWrap extends FeedbackCipher {
 

src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java

@@ -39,6 +39,9 @@
  * <a href=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf>
  * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping"</a>
  * and represents AES cipher in KWP mode.
+ *
+ * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
+ *      Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
  */
 class AESKeyWrapPadded extends FeedbackCipher {
 

src/java.base/share/classes/com/sun/crypto/provider/KWUtil.java

@@ -31,6 +31,9 @@
  * This class acts as the base class for AES KeyWrap algorithms as defined
  * in <a href=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf>
  * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping"
+ *
+ * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
+ *      Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
  */
 class KWUtil {
 

src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java

@@ -36,6 +36,9 @@
  * This class is the impl class for AES KeyWrap algorithms as defined in
  * <a href=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf>
  * "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping"
+ *
+ * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
+ *      Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
  */
 abstract class KeyWrapCipher extends CipherSpi {
 

src/java.base/share/classes/java/security/DrbgParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -227,6 +227,9 @@
  * Calling {@link SecureRandom#generateSeed(int)} will directly read
  * from this system default entropy source.
  *
+ * @spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
+ *      Recommendation for Random Number Generation Using Deterministic Random Bit Generators
+ *
  * @since 9
  */
 public class DrbgParameters {

src/java.base/share/classes/java/security/Key.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -86,6 +86,10 @@
  * Security Appendix</a>
  * of the <cite>Java Object Serialization Specification</cite> for more information.
  *
+ * @spec serialization/index.html Java Object Serialization Specification
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ *      RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ *              and Certificate Revocation List (CRL) Profile
  * @see PublicKey
  * @see PrivateKey
  * @see KeyPair
@@ -124,6 +128,7 @@ public interface Key extends java.io.Serializable {
      * Java Security Standard Algorithm Names Specification</a>
      * for information about standard key algorithm names.
      *
+     * @spec security/standard-names.html Java Security Standard Algorithm Names
      * @return the name of the algorithm associated with this key.
      */
     String getAlgorithm();

src/java.base/share/classes/java/security/KeyRep.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,7 @@
  * Security Appendix</a>
  * of the <cite>Java Object Serialization Specification</cite> for more information.
  *
+ * @spec serialization/index.html Java Object Serialization Specification
  * @see Key
  * @see KeyFactory
  * @see javax.crypto.spec.SecretKeySpec

src/java.base/share/classes/java/security/SecureRandom.java

@@ -140,6 +140,11 @@
  * <li>{@link SecureRandomSpi#engineReseed(SecureRandomParameters)}
  * </ul>
  *
+ * @spec https://www.rfc-editor.org/info/rfc4086
+ *      RFC 4086: Randomness Requirements for Security
+ * @spec https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf
+ *      Security Requirements for Cryptographic Modules
+ *
  * @see java.security.SecureRandomSpi
  * @see java.util.Random
  *

src/java.base/share/classes/java/security/Security.java

@@ -423,6 +423,7 @@ private static String getProviderProperty(String key, Provider provider) {
      *
      * @return the value of the specified property.
      *
+     * @spec security/standard-names.html Java Security Standard Algorithm Names
      * @deprecated This method used to return the value of a proprietary
      * property in the master file of the "SUN" Cryptographic Service
      * Provider in order to determine how to parse algorithm-specific
@@ -657,6 +658,7 @@ public static Provider getProvider(String name) {
      *         if the filter is not in the required format
      * @throws NullPointerException if filter is {@code null}
      *
+     * @spec security/standard-names.html Java Security Standard Algorithm Names
      * @see #getProviders(java.util.Map)
      * @since 1.3
      */
@@ -734,6 +736,7 @@ public static Provider[] getProviders(String filter) {
      *         if the filter is not in the required format
      * @throws NullPointerException if filter is {@code null}
      *
+     * @spec security/standard-names.html Java Security Standard Algorithm Names
      * @see #getProviders(java.lang.String)
      * @since 1.3
      */

src/java.base/share/classes/java/security/cert/CRL.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,6 +56,8 @@ public abstract class CRL {
      * "{@docRoot}/../specs/security/standard-names.html">
      * Java Security Standard Algorithm Names</a> document
      * for information about standard CRL types.
+     *
+     * @spec security/standard-names.html Java Security Standard Algorithm Names
      */
     protected CRL(String type) {
         this.type = type;

src/java.base/share/classes/java/security/cert/CRLReason.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,9 @@
  * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL
  * Profile</a>.
  *
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ *      RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ *              and Certificate Revocation List (CRL) Profile
  * @author Sean Mullan
  * @since 1.7
  * @see X509CRLEntry#getRevocationReason

src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -81,14 +81,13 @@
  * necessary locking. Multiple threads each manipulating separate objects
  * need not synchronize.
  *
+ * @spec https://www.rfc-editor.org/info/rfc2560
+ *      RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate
+ *              Status Protocol - OCSP
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ *      RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ *              and Certificate Revocation List (CRL) Profile
  * @since 1.8
- *
- * @see <a href="http://www.ietf.org/rfc/rfc2560.txt"><i>RFC&nbsp;2560: X.509
- * Internet Public Key Infrastructure Online Certificate Status Protocol -
- * OCSP</i></a>
- * @see <a href="http://www.ietf.org/rfc/rfc5280.txt"><i>RFC&nbsp;5280:
- * Internet X.509 Public Key Infrastructure Certificate and Certificate
- * Revocation List (CRL) Profile</i></a>
  */
 public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
     private URI ocspResponder;

src/java.base/share/classes/java/security/cert/TrustAnchor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -125,6 +125,10 @@ public class TrustAnchor {
      * decoded
      * @throws NullPointerException if the specified
      * {@code X509Certificate} is {@code null}
+     *
+     * @spec https://www.rfc-editor.org/info/rfc5280
+     *      RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+     *              and Certificate Revocation List (CRL) Profile
      */
     public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
     {
@@ -207,6 +211,10 @@ public TrustAnchor(X500Principal caPrincipal, PublicKey pubKey,
      * or incorrectly formatted or the name constraints cannot be decoded
      * @throws NullPointerException if the specified {@code caName} or
      * {@code pubKey} parameter is {@code null}
+     *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      */
     public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
     {

src/java.base/share/classes/java/security/cert/X509CRL.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -95,6 +95,9 @@
  * }
  * }</pre>
  *
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ *      RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ *              and Certificate Revocation List (CRL) Profile
  * @author Hemma Prafullchandra
  * @since 1.2
  *
@@ -457,6 +460,11 @@ public X509CRLEntry getRevokedCertificate(X509Certificate certificate) {
      * relevant ASN.1 definitions.
      *
      * @return the signature algorithm OID string.
+     *
+     * @spec https://www.rfc-editor.org/info/rfc3279
+     *      RFC 3279: Algorithms and Identifiers for the Internet X.509
+     *              Public Key Infrastructure Certificate and Certificate
+     *              Revocation List (CRL) Profile
      */
     public abstract String getSigAlgOID();
 

src/java.base/share/classes/java/security/cert/X509CRLSelector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,6 +65,9 @@
  * provide the necessary locking. Multiple threads each manipulating
  * separate objects need not synchronize.
  *
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ *      RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ *              and Certificate Revocation List (CRL) Profile
  * @see CRLSelector
  * @see X509CRL
  *
@@ -193,6 +196,10 @@ public void setIssuers(Collection<X500Principal> issuers) {
      *
      * @param names a {@code Collection} of names (or {@code null})
      * @throws IOException if a parsing error occurs
+     *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      * @see #getIssuerNames
      */
     public void setIssuerNames(Collection<?> names) throws IOException {
@@ -238,6 +245,9 @@ public void addIssuer(X500Principal issuer) {
      *     <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> form
      * @throws IOException if a parsing error occurs
      *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      * @deprecated Use {@link #addIssuer(X500Principal)} or
      * {@link #addIssuerName(byte[])} instead. This method should not be
      * relied on as it can fail to match some CRLs because of a loss of
@@ -493,6 +503,10 @@ public Collection<X500Principal> getIssuers() {
      * protect against subsequent modifications.
      *
      * @return a {@code Collection} of names (or {@code null})
+     *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      * @see #setIssuerNames
      */
     public Collection<Object> getIssuerNames() {

src/java.base/share/classes/java/security/cert/X509CertSelector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,6 +74,9 @@
  * provide the necessary locking. Multiple threads each manipulating
  * separate objects need not synchronize.
  *
+ * @spec https://www.rfc-editor.org/info/rfc5280
+ *      RFC 5280: Internet X.509 Public Key Infrastructure Certificate
+ *              and Certificate Revocation List (CRL) Profile
  * @see CertSelector
  * @see X509Certificate
  *
@@ -194,6 +197,9 @@ public void setIssuer(X500Principal issuer) {
      *                 (or {@code null})
      * @throws IOException if a parsing error occurs (incorrect form for DN)
      *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      * @deprecated Use {@link #setIssuer(X500Principal)} or
      * {@link #setIssuer(byte[])} instead. This method should not be relied on
      * as it can fail to match some certificates because of a loss of encoding
@@ -286,6 +292,9 @@ public void setSubject(X500Principal subject) {
      *                  (or {@code null})
      * @throws IOException if a parsing error occurs (incorrect form for DN)
      *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      * @deprecated Use {@link #setSubject(X500Principal)} or
      * {@link #setSubject(byte[])} instead. This method should not be relied
      * on as it can fail to match some certificates because of a loss of
@@ -728,6 +737,12 @@ public void setSubjectAlternativeNames(Collection<List<?>> names)
      *             RFC 5280, section 4.2.1.6)
      * @param name the name in string form (not {@code null})
      * @throws IOException if a parsing error occurs
+     *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
+     * @spec https://www.rfc-editor.org/info/rfc822
+     *      RFC 822: STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES
      */
     public void addSubjectAlternativeName(int type, String name)
             throws IOException {
@@ -1269,6 +1284,9 @@ public X500Principal getIssuer() {
      * @return the required issuer distinguished name in RFC 2253 format
      *         (or {@code null})
      *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      * @deprecated Use {@link #getIssuer()} or {@link #getIssuerAsBytes()}
      * instead. This method should not be relied on as it can fail to match
      * some certificates because of a loss of encoding information in the
@@ -1328,6 +1346,9 @@ public X500Principal getSubject() {
      * @return the required subject distinguished name in RFC 2253 format
      *         (or {@code null})
      *
+     * @spec https://www.rfc-editor.org/info/rfc2253
+     *      RFC 2253: Lightweight Directory Access Protocol (v3):
+     *              UTF-8 String Representation of Distinguished Names
      * @deprecated Use {@link #getSubject()} or {@link #getSubjectAsBytes()}
      * instead. This method should not be relied on as it can fail to match
      * some certificates because of a loss of encoding information in the