Formatting (line wrap > 120 in comments

43 files changed, 207 insertions, 81 deletions

diff --git a/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java b/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java
index b0bda3c1c..1415478bb 100644
--- a/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java
+++ b/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java
@@ -35,7 +35,8 @@ import netscape.security.x509.Extension;
  * Represents Netscape Certificate Type Extension
  * 
  * <p>
- * This deprecated extension, if present, defines both the purpose (e.g., encipherment, signature, certificate signing) and the application (e.g., SSL, S/Mime or Object Signing of the key contained in the certificate.
+ * This deprecated extension, if present, defines both the purpose (e.g., encipherment, signature, certificate signing)
+ * and the application (e.g., SSL, S/Mime or Object Signing of the key contained in the certificate.
  * 
  * @author galperin
  * @version $Revision$, $Date$
diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java b/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java
index 9e0c7150a..520b3e969 100644
--- a/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java
+++ b/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java
@@ -39,10 +39,12 @@ import netscape.security.x509.OIDMap;
  * Represent a PKCS Attribute.
  * 
  * <p>
- * Attributes are addiitonal attributes which can be inserted in a PKCS certificate request. For example a "Driving License Certificate" could have the driving license number as a attribute.
+ * Attributes are addiitonal attributes which can be inserted in a PKCS certificate request. For example a
+ * "Driving License Certificate" could have the driving license number as a attribute.
  * 
  * <p>
- * Attributes are represented as a sequence of the attribute identifier (Object Identifier) and a set of DER encoded attribute values. The current implementation only supports one value per attribute.
+ * Attributes are represented as a sequence of the attribute identifier (Object Identifier) and a set of DER encoded
+ * attribute values. The current implementation only supports one value per attribute.
  * 
  * ASN.1 definition of Attribute:
  * 
diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java b/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java
index f3df3d94a..b3ec07906 100644
--- a/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java
+++ b/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java
@@ -77,7 +77,9 @@ public class PKCS8Key implements PrivateKey {
      * PKCS8Key object is returned.
      * 
      * <P>
-     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be accomodated.
+     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of
+     * losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be
+     * accomodated.
      * 
      * @param in the DER-encoded SubjectPublicKeyInfo value
      * @exception IOException on data format errors
@@ -118,7 +120,8 @@ public class PKCS8Key implements PrivateKey {
      * DSS/DSA keys encapsulate a single unsigned integer.
      * 
      * <P>
-     * This function is called when creating PKCS#8 SubjectPublicKeyInfo values using the PKCS8Key member functions, such as <code>parse</code> and <code>decode</code>.
+     * This function is called when creating PKCS#8 SubjectPublicKeyInfo values using the PKCS8Key member functions,
+     * such as <code>parse</code> and <code>decode</code>.
      * 
      * @exception IOException if a parsing error occurs.
      * @exception InvalidKeyException if the key encoding is invalid.
@@ -288,7 +291,8 @@ public class PKCS8Key implements PrivateKey {
      * often used to encapsulate another DER encoded sequence.)
      * 
      * <P>
-     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code> method to parse any fields inside the <code>key</code> member.
+     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code>
+     * method to parse any fields inside the <code>key</code> member.
      * 
      * @param in an input stream with a DER-encoded PKCS#8
      *            SubjectPublicKeyInfo value
diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java b/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java
index fa51a3ed9..ef0f6a481 100644
--- a/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java
+++ b/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java
@@ -484,7 +484,8 @@ public class PKCS9Attribute implements DerEncoder {
      * Arrays of length zero are accepted, though probably useless.
      * 
      * <P>
-     * The following table gives the class that <code>value</code> must have for a given attribute. Reasonable variants of these attributes are accepted; in particular, case does not matter.
+     * The following table gives the class that <code>value</code> must have for a given attribute. Reasonable variants
+     * of these attributes are accepted; in particular, case does not matter.
      * 
      * <P>
      * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER>
@@ -761,7 +762,8 @@ public class PKCS9Attribute implements DerEncoder {
      * Write the DER encoding of this attribute to an output stream.
      * 
      * <P>
-     * N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1 <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s.
+     * N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1
+     * <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s.
      */
     public void derEncode(OutputStream out) throws IOException {
         DerOutputStream temp = new DerOutputStream();
diff --git a/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java b/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java
index f9736467c..a56839ac1 100644
--- a/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java
+++ b/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java
@@ -190,7 +190,8 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
     }
 
     /**
-     * Initializes the DSA key pair generator. If <code>genParams</code> is false, a set of pre-computed parameters is used. In this case, <code>modelen</code> must be 512, 768, or 1024.
+     * Initializes the DSA key pair generator. If <code>genParams</code> is false, a set of pre-computed parameters is
+     * used. In this case, <code>modelen</code> must be 512, 768, or 1024.
      */
     public void initialize(int modlen, boolean genParams, SecureRandom random)
             throws InvalidParameterException {
diff --git a/pki/base/util/src/netscape/security/provider/SHA.java b/pki/base/util/src/netscape/security/provider/SHA.java
index 560770f8f..5aed99264 100644
--- a/pki/base/util/src/netscape/security/provider/SHA.java
+++ b/pki/base/util/src/netscape/security/provider/SHA.java
@@ -27,7 +27,8 @@ import java.security.MessageDigestSpi;
  * fip-180 as superseded by fip-180-1.
  * 
  * <p>
- * It implement JavaSecurity MessageDigest, and can be used by in the Java Security framework, as a pluggable implementation, as a filter for the digest stream classes.
+ * It implement JavaSecurity MessageDigest, and can be used by in the Java Security framework, as a pluggable
+ * implementation, as a filter for the digest stream classes.
  * 
  * @version 1.30 97/12/10
  * @author Roger Riggs
diff --git a/pki/base/util/src/netscape/security/util/DerInputStream.java b/pki/base/util/src/netscape/security/util/DerInputStream.java
index f4aaf0813..e85d48ed6 100644
--- a/pki/base/util/src/netscape/security/util/DerInputStream.java
+++ b/pki/base/util/src/netscape/security/util/DerInputStream.java
@@ -33,10 +33,13 @@ import java.util.Vector;
  * it uses the "Definite" Encoding Rules (DER) not the "Basic" ones (BER).
  * 
  * <P>
- * Note that, like BER/1, DER streams are streams of explicitly tagged data values. Accordingly, this programming interface does not expose any variant of the java.io.InputStream interface, since that kind of input stream holds untagged data values and using that I/O model could prevent correct parsing of the DER data.
+ * Note that, like BER/1, DER streams are streams of explicitly tagged data values. Accordingly, this programming
+ * interface does not expose any variant of the java.io.InputStream interface, since that kind of input stream holds
+ * untagged data values and using that I/O model could prevent correct parsing of the DER data.
  * 
  * <P>
- * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for parsing most X.509 certificates.
+ * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is
+ * sufficient for parsing most X.509 certificates.
  * 
  * @version 1.35
  * 
diff --git a/pki/base/util/src/netscape/security/util/DerOutputStream.java b/pki/base/util/src/netscape/security/util/DerOutputStream.java
index 17c303289..44a4df8f0 100644
--- a/pki/base/util/src/netscape/security/util/DerOutputStream.java
+++ b/pki/base/util/src/netscape/security/util/DerOutputStream.java
@@ -38,7 +38,8 @@ import java.util.TimeZone;
  * that byte array.
  * 
  * <P>
- * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for generating most X.509 certificates.
+ * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is
+ * sufficient for generating most X.509 certificates.
  * 
  * @version 1.32
  * 
@@ -613,7 +614,8 @@ public class DerOutputStream
      * Marshals a DER UTC time/date value.
      * 
      * <P>
-     * YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX partI.
+     * YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX
+     * partI.
      */
     public void putUTCTime(Date d) throws IOException {
         /*
@@ -642,7 +644,8 @@ public class DerOutputStream
      * Marshals a DER Generalized Time/date value.
      * 
      * <P>
-     * YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX partI.
+     * YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per
+     * IETF-PKIX partI.
      */
     public void putGeneralizedTime(Date d) throws IOException {
         /*
diff --git a/pki/base/util/src/netscape/security/util/DerValue.java b/pki/base/util/src/netscape/security/util/DerValue.java
index 298a08cd6..71b6f7f2c 100644
--- a/pki/base/util/src/netscape/security/util/DerValue.java
+++ b/pki/base/util/src/netscape/security/util/DerValue.java
@@ -36,10 +36,13 @@ import netscape.security.x509.GenericValueConverter;
  * ("Definite" encoding) to encode any given value.
  * 
  * <P>
- * All DER-encoded data are triples <em>{type, length, data}</em>. This class represents such tagged values as they have been read (or constructed), and provides structured access to the encoded data.
+ * All DER-encoded data are triples <em>{type, length, data}</em>. This class represents such tagged values as they have
+ * been read (or constructed), and provides structured access to the encoded data.
  * 
  * <P>
- * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for parsing most X.509 certificates, and working with selected additional formats (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data).
+ * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is
+ * sufficient for parsing most X.509 certificates, and working with selected additional formats (such as PKCS #10
+ * certificate requests, and some kinds of PKCS #7 data).
  * 
  * @version 1.43
  * 
diff --git a/pki/base/util/src/netscape/security/util/ObjectIdentifier.java b/pki/base/util/src/netscape/security/util/ObjectIdentifier.java
index f2badf8bd..8dd547760 100644
--- a/pki/base/util/src/netscape/security/util/ObjectIdentifier.java
+++ b/pki/base/util/src/netscape/security/util/ObjectIdentifier.java
@@ -25,10 +25,14 @@ import java.util.StringTokenizer;
  * Represent an ISO Object Identifier.
  * 
  * <P>
- * Object Identifiers are arbitrary length hierarchical identifiers. The individual components are numbers, and they define paths from the root of an ISO-managed identifier space. You will sometimes see a string name used instead of (or in addition to) the numerical id. These are synonyms for the numerical IDs, but are not widely used since most sites do not know all the requisite strings, while all sites can parse the numeric forms.
+ * Object Identifiers are arbitrary length hierarchical identifiers. The individual components are numbers, and they
+ * define paths from the root of an ISO-managed identifier space. You will sometimes see a string name used instead of
+ * (or in addition to) the numerical id. These are synonyms for the numerical IDs, but are not widely used since most
+ * sites do not know all the requisite strings, while all sites can parse the numeric forms.
  * 
  * <P>
- * So for example, JavaSoft has the sole authority to assign the meaning to identifiers below the 1.3.6.1.4.42.2.17 node in the hierarchy, and other organizations can easily acquire the ability to assign such unique identifiers.
+ * So for example, JavaSoft has the sole authority to assign the meaning to identifiers below the 1.3.6.1.4.42.2.17 node
+ * in the hierarchy, and other organizations can easily acquire the ability to assign such unique identifiers.
  * 
  * @version 1.23
  * 
@@ -92,7 +96,8 @@ final public class ObjectIdentifier implements Serializable {
      * In this case, that means a triple { typeId, length, data }.
      * 
      * <P>
-     * <STRONG>NOTE:</STRONG> When an exception is thrown, the input stream has not been returned to its "initial" state.
+     * <STRONG>NOTE:</STRONG> When an exception is thrown, the input stream has not been returned to its "initial"
+     * state.
      * 
      * @param in DER-encoded data holding an object ID
      * @exception IOException indicates a decoding error
diff --git a/pki/base/util/src/netscape/security/x509/AVA.java b/pki/base/util/src/netscape/security/x509/AVA.java
index 0b7d0f849..ad94c2c61 100644
--- a/pki/base/util/src/netscape/security/x509/AVA.java
+++ b/pki/base/util/src/netscape/security/x509/AVA.java
@@ -39,7 +39,8 @@ import netscape.security.util.ObjectIdentifier;
  * parsing (and generating) RFC 1779 syntax strings.
  * 
  * <P>
- * AVAs are components of X.500 relative names. Think of them as being individual fields of a database record. The attribute ID is how you identify the field, and the value is part of a particular record.
+ * AVAs are components of X.500 relative names. Think of them as being individual fields of a database record. The
+ * attribute ID is how you identify the field, and the value is part of a particular record.
  * 
  * @see X500Name
  * @see RDN
diff --git a/pki/base/util/src/netscape/security/x509/AVAValueConverter.java b/pki/base/util/src/netscape/security/x509/AVAValueConverter.java
index 8153099c5..cd3ce7616 100644
--- a/pki/base/util/src/netscape/security/x509/AVAValueConverter.java
+++ b/pki/base/util/src/netscape/security/x509/AVAValueConverter.java
@@ -28,7 +28,9 @@ import netscape.security.util.DerValue;
  * directory string, ia5string, etc.
  * 
  * <P>
- * For example, to convert a string, such as an organization name for the "O" attribute to a DerValue, the "O" attribute is mapped to the DirStrConverter which is used to convert the organization name to a DER encoded Directory String which is a DerValue of a ASN.1 PrintableString, T.61String or UniversalString for the organization name.
+ * For example, to convert a string, such as an organization name for the "O" attribute to a DerValue, the "O" attribute
+ * is mapped to the DirStrConverter which is used to convert the organization name to a DER encoded Directory String
+ * which is a DerValue of a ASN.1 PrintableString, T.61String or UniversalString for the organization name.
  * 
  * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc.
  */
diff --git a/pki/base/util/src/netscape/security/x509/AlgorithmId.java b/pki/base/util/src/netscape/security/x509/AlgorithmId.java
index 5bf3997c4..a30d45ca0 100644
--- a/pki/base/util/src/netscape/security/x509/AlgorithmId.java
+++ b/pki/base/util/src/netscape/security/x509/AlgorithmId.java
@@ -37,10 +37,14 @@ import netscape.security.util.ObjectIdentifier;
  * defined according to OID and (where relevant) parameters.
  * 
  * <P>
- * Subclasses may be used, for example when when the algorithm ID has associated parameters which some code (e.g. code using public keys) needs to have parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and the Digital Signature Standard Algorithm (DSS/DSA).
+ * Subclasses may be used, for example when when the algorithm ID has associated parameters which some code (e.g. code
+ * using public keys) needs to have parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and the
+ * Digital Signature Standard Algorithm (DSS/DSA).
  * 
  * <P>
- * The OID constants defined in this class correspond to some widely used algorithms, for which conventional string names have been defined. This class is not a general repository for OIDs, or for such string names. Note that the mappings between algorithm IDs and algorithm names is not one-to-one.
+ * The OID constants defined in this class correspond to some widely used algorithms, for which conventional string
+ * names have been defined. This class is not a general repository for OIDs, or for such string names. Note that the
+ * mappings between algorithm IDs and algorithm names is not one-to-one.
  * 
  * @version 1.70
  * 
@@ -425,7 +429,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
     /**
      * Returns the ISO OID for this algorithm. This is usually converted
      * to a string and used as part of an algorithm name, for example
-     * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> call when you do not need to ensure cross-system portability
+     * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> call when you do not need to ensure cross-system
+     * portability
      * of algorithm names, or need a user friendly name.
      */
     final public ObjectIdentifier getOID() {
diff --git a/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java b/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
index e6fa227ab..b7f84f9f7 100644
--- a/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
+++ b/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
@@ -31,7 +31,9 @@ import netscape.security.util.DerValue;
  * This class represents the Authority Key Identifier Extension.
  * 
  * <p>
- * The authority key identifier extension provides a means of identifying the particular public key used to sign a certificate. This extension would be used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover).
+ * The authority key identifier extension provides a means of identifying the particular public key used to sign a
+ * certificate. This extension would be used where an issuer has multiple signing keys (either due to multiple
+ * concurrent key pairs or due to changeover).
  * <p>
  * The ASN.1 syntax for this is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java
index 43f993ee3..5846296d1 100644
--- a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java
@@ -32,7 +32,8 @@ import netscape.security.util.DerValue;
  * This class represents the Basic Constraints Extension.
  * 
  * <p>
- * The basic constraints extension identifies whether the subject of the certificate is a CA and how deep a certification path may exist through that CA.
+ * The basic constraints extension identifies whether the subject of the certificate is a CA and how deep a
+ * certification path may exist through that CA.
  * 
  * <pre>
  * The ASN.1 syntax for this extension is:
diff --git a/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java b/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java
index 9475117be..e3965753c 100755
--- a/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java
+++ b/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java
@@ -33,7 +33,9 @@ import netscape.security.util.DerValue;
  * Represent the CRL Number Extension.
  * 
  * <p>
- * This extension, if present, conveys a monotonically increasing sequence number for each CRL issued by a given CA through a specific CA X.500 Directory entry or CRL distribution point. This extension allows users to easily determine when a particular CRL supersedes another CRL.
+ * This extension, if present, conveys a monotonically increasing sequence number for each CRL issued by a given CA
+ * through a specific CA X.500 Directory entry or CRL distribution point. This extension allows users to easily
+ * determine when a particular CRL supersedes another CRL.
  * 
  * @author Hemma Prafullchandra
  * @version 1.2
diff --git a/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java b/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java
index f13a4852e..1579d46bf 100644
--- a/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java
+++ b/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java
@@ -40,15 +40,19 @@ import netscape.security.pkcs.PKCS10;
  * provided primarily for ease of use.
  * 
  * <P>
- * This provides some simple certificate management functionality. Specifically, it allows you to create self-signed X.509 certificates as well as PKCS 10 based certificate signing requests.
+ * This provides some simple certificate management functionality. Specifically, it allows you to create self-signed
+ * X.509 certificates as well as PKCS 10 based certificate signing requests.
  * 
  * <P>
- * Keys for some public key signature algorithms have algorithm parameters, such as DSS/DSA. Some sites' Certificate Authorities adopt fixed algorithm parameters, which speeds up some operations including key generation and signing. <em>At this time, this interface
+ * Keys for some public key signature algorithms have algorithm parameters, such as DSS/DSA. Some sites' Certificate
+ * Authorities adopt fixed algorithm parameters, which speeds up some operations including key generation and signing.
+ * <em>At this time, this interface
  * does not provide a way to provide such algorithm parameters, e.g.
  * by providing the CA certificate which includes those parameters.</em>
  * 
  * <P>
- * Also, note that at this time only signature-capable keys may be acquired through this interface. Diffie-Hellman keys, used for secure key exchange, may be supported later.
+ * Also, note that at this time only signature-capable keys may be acquired through this interface. Diffie-Hellman keys,
+ * used for secure key exchange, may be supported later.
  * 
  * @author David Brownell
  * @author Hemma Prafullchandra
@@ -95,7 +99,9 @@ public final class CertAndKeyGen {
      * easier to perform such attacks. Small keys are to be avoided.
      * 
      * <P>
-     * Note that not all values of "keyBits" are valid for all algorithms, and not all public key algorithms are currently supported for use in X.509 certificates. If the algorithm you specified does not produce X.509 compatible keys, an invalid key exception is thrown.
+     * Note that not all values of "keyBits" are valid for all algorithms, and not all public key algorithms are
+     * currently supported for use in X.509 certificates. If the algorithm you specified does not produce X.509
+     * compatible keys, an invalid key exception is thrown.
      * 
      * @param keyBits the number of bits in the keys.
      * @exception InvalidKeyException if the environment does not
@@ -150,7 +156,9 @@ public final class CertAndKeyGen {
      * The certificate is immediately valid.
      * 
      * <P>
-     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes.
+     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always
+     * be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security
+     * infrastructure, or deploying system prototypes.
      * 
      * @deprecated Use the new <a href =
      *             "#getSelfCertificate(netscape.security.x509.X500Name, long)">
@@ -179,7 +187,9 @@ public final class CertAndKeyGen {
      * The certificate is immediately valid. No extensions.
      * 
      * <P>
-     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes.
+     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always
+     * be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security
+     * infrastructure, or deploying system prototypes.
      * 
      * @param myname X.500 name of the subject (who is also the issuer)
      * @param validity how long the certificate should be valid, in seconds
@@ -233,11 +243,13 @@ public final class CertAndKeyGen {
     }
 
     /**
-     * Returns a PKCS #10 certificate request. The caller uses either <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> operations on the result, to get the request in an appropriate
+     * Returns a PKCS #10 certificate request. The caller uses either <code>PKCS10.print</code> or
+     * <code>PKCS10.toByteArray</code> operations on the result, to get the request in an appropriate
      * transmission format.
      * 
      * <P>
-     * PKCS #10 certificate requests are sent, along with some proof of identity, to Certificate Authorities (CAs) which then issue X.509 public key certificates.
+     * PKCS #10 certificate requests are sent, along with some proof of identity, to Certificate Authorities (CAs) which
+     * then issue X.509 public key certificates.
      * 
      * @param myname X.500 name of the subject
      * @exception InvalidKeyException on key handling errors.
diff --git a/pki/base/util/src/netscape/security/x509/CertAttrSet.java b/pki/base/util/src/netscape/security/x509/CertAttrSet.java
index acfcb7cce..958432668 100755
--- a/pki/base/util/src/netscape/security/x509/CertAttrSet.java
+++ b/pki/base/util/src/netscape/security/x509/CertAttrSet.java
@@ -29,7 +29,8 @@ import java.util.Enumeration;
  * Subject Name. A CertAttrSet may compromise one attribute or many
  * attributes.
  * <p>
- * A CertAttrSet itself can also be comprised of other sub-sets. In the case of X.509 V3 certificates, for example, the "extensions" attribute has subattributes, such as those for KeyUsage and AuthorityKeyIdentifier.
+ * A CertAttrSet itself can also be comprised of other sub-sets. In the case of X.509 V3 certificates, for example, the
+ * "extensions" attribute has subattributes, such as those for KeyUsage and AuthorityKeyIdentifier.
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java b/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
index 3809b3973..490c087bb 100644
--- a/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
+++ b/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
@@ -32,7 +32,8 @@ import netscape.security.util.DerValue;
  * Represent the CRL Certificate Issuer Extension.
  * 
  * <p>
- * This CRL entry extension identifies the certificate issuer associated with an entry in an indirect CRL, i.e. a CRL that has the indirectCRL indicator set in its issuing distribution point extension.
+ * This CRL entry extension identifies the certificate issuer associated with an entry in an indirect CRL, i.e. a CRL
+ * that has the indirectCRL indicator set in its issuing distribution point extension.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java b/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java
index 83c031ead..d4e1cf86a 100644
--- a/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java
+++ b/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java
@@ -32,8 +32,12 @@ import netscape.security.util.ObjectIdentifier;
  * This class defines the Certificate Policies Extension.
  * 
  * <p>
- * The certificate policies extension conatins a sequence of policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the certificate has been issued and the purposes for which the certificate may be used. Aplications with specific policy requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in the certificate to that list. If
- * this extension is critical, the path validation software must be able to interpret this extension, or must reject the certificate.
+ * The certificate policies extension conatins a sequence of policy information terms, each of which consists of an
+ * object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the
+ * certificate has been issued and the purposes for which the certificate may be used. Aplications with specific policy
+ * requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in
+ * the certificate to that list. If this extension is critical, the path validation software must be able to interpret
+ * this extension, or must reject the certificate.
  * 
  * <pre>
  * CertificatePolicies ::= SEQUENECE OF PolicyInformation
diff --git a/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java b/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java
index fd7090a94..6e8f9fa02 100755
--- a/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java
+++ b/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * Represent the Delta CRL Indicator Extension.
  * 
  * <p>
- * The delta CRL indicator is a critical CRL extension that identifies a delta-CRL. The value of BaseCRLNumber identifies the CRL number of the base CRL that was used as the starting point in the generation of this delta- CRL. The delta-CRL contains the changes between the base CRL and the current CRL issued along with the delta-CRL.
+ * The delta CRL indicator is a critical CRL extension that identifies a delta-CRL. The value of BaseCRLNumber
+ * identifies the CRL number of the base CRL that was used as the starting point in the generation of this delta- CRL.
+ * The delta-CRL contains the changes between the base CRL and the current CRL issued along with the delta-CRL.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/DirStrConverter.java b/pki/base/util/src/netscape/security/x509/DirStrConverter.java
index 7c52707f8..776344c0a 100644
--- a/pki/base/util/src/netscape/security/x509/DirStrConverter.java
+++ b/pki/base/util/src/netscape/security/x509/DirStrConverter.java
@@ -32,8 +32,11 @@ import netscape.security.util.DerValue;
  * Universal String (UCS-4), and vice versa.
  * 
  * <p>
- * The string to DerValue conversion is done as follows. If the string has only PrintableString characters it is converted to a ASN.1 Printable String using the PrintableString encoder from the global default ASN1CharStrConvMap. If it has only characters covered in the PrintableString or T.61 character set it is converted to a ASN.1 T.61 string using the T.61 encoder from the ASN1CharStrCovnMap. Otherwise it is converted to a ASN.1 UniversalString (UCS-4 character set) which covers all
- * characters.
+ * The string to DerValue conversion is done as follows. If the string has only PrintableString characters it is
+ * converted to a ASN.1 Printable String using the PrintableString encoder from the global default ASN1CharStrConvMap.
+ * If it has only characters covered in the PrintableString or T.61 character set it is converted to a ASN.1 T.61 string
+ * using the T.61 encoder from the ASN1CharStrCovnMap. Otherwise it is converted to a ASN.1 UniversalString (UCS-4
+ * character set) which covers all characters.
  * 
  * @see AVAValueConverter
  * @see ASN1CharStrConvMap
diff --git a/pki/base/util/src/netscape/security/x509/Extension.java b/pki/base/util/src/netscape/security/x509/Extension.java
index 036d15d22..5d0029875 100644
--- a/pki/base/util/src/netscape/security/x509/Extension.java
+++ b/pki/base/util/src/netscape/security/x509/Extension.java
@@ -29,10 +29,13 @@ import netscape.security.util.ObjectIdentifier;
  * Represent a X509 Extension Attribute.
  * 
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * <pre>
  * ASN.1 definition of Extension:
diff --git a/pki/base/util/src/netscape/security/x509/GenericValueConverter.java b/pki/base/util/src/netscape/security/x509/GenericValueConverter.java
index dbea7d86a..73bc1979c 100644
--- a/pki/base/util/src/netscape/security/x509/GenericValueConverter.java
+++ b/pki/base/util/src/netscape/security/x509/GenericValueConverter.java
@@ -33,7 +33,11 @@ import netscape.security.util.DerValue;
  * Universal String.
  * 
  * <p>
- * The conversion is done as follows. An encoder is obtained for the all the character sets from the global default ASN1CharStrConvMap. The encoders are then used to convert the string to the smallest character set first -- printableString. If the string contains characters outside of that character set, it is converted to the next character set -- IA5String character set. If that is not enough it is converted to a BMPString, then Universal String which contains all characters.
+ * The conversion is done as follows. An encoder is obtained for the all the character sets from the global default
+ * ASN1CharStrConvMap. The encoders are then used to convert the string to the smallest character set first --
+ * printableString. If the string contains characters outside of that character set, it is converted to the next
+ * character set -- IA5String character set. If that is not enough it is converted to a BMPString, then Universal String
+ * which contains all characters.
  * 
  * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc.
  * 
@@ -49,7 +53,9 @@ public class GenericValueConverter implements AVAValueConverter {
      * UniversalString. The string is not expected to be encoded in any form.
      * 
      * <p>
-     * If an encoder is not available for a character set that is needed to convert the string, the string cannot be converted and an IOException is thrown. For example, if the string contains characters outside the PrintableString character and only a PrintableString encoder is available then an IOException is thrown.
+     * If an encoder is not available for a character set that is needed to convert the string, the string cannot be
+     * converted and an IOException is thrown. For example, if the string contains characters outside the
+     * PrintableString character and only a PrintableString encoder is available then an IOException is thrown.
      * 
      * @param s A string representing a generic attribute string value.
      * 
diff --git a/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java b/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java
index e6fb81b88..80324f8d8 100644
--- a/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java
+++ b/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java
@@ -34,7 +34,8 @@ import netscape.security.util.ObjectIdentifier;
  * Represent the CRL Hold Instruction Code Extension.
  * 
  * <p>
- * The hold instruction code is a non-critical CRL entry extension that provides a registered instruction identifier which indicates the action to be taken after encountering a certificate that has been placed on hold.
+ * The hold instruction code is a non-critical CRL entry extension that provides a registered instruction identifier
+ * which indicates the action to be taken after encountering a certificate that has been placed on hold.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java b/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java
index 30c33b213..73e76087f 100755
--- a/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java
+++ b/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * Represent the CRL Invalidity Date Extension.
  * 
  * <p>
- * This CRL entry extension, if present, provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid. Invalidity date may be earlier than the revocation date.
+ * This CRL entry extension, if present, provides the date on which it is known or suspected that the private key was
+ * compromised or that the certificate otherwise became invalid. Invalidity date may be earlier than the revocation
+ * date.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java b/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
index 64b0eb59e..a21d3ac32 100644
--- a/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
+++ b/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * alternative names.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java
index 7906746e9..043208806 100644
--- a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java
+++ b/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java
@@ -32,7 +32,9 @@ import netscape.security.util.DerValue;
  * Represent the Key Usage Extension.
  * 
  * <p>
- * This extension, if present, defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a multipurpose key is to be restricted (e.g., when an RSA key should be used only for signing or only for key encipherment).
+ * This extension, if present, defines the purpose (e.g., encipherment, signature, certificate signing) of the key
+ * contained in the certificate. The usage restriction might be employed when a multipurpose key is to be restricted
+ * (e.g., when an RSA key should be used only for signing or only for key encipherment).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java
index 3a0718d30..d3ca8c116 100644
--- a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java
@@ -31,7 +31,10 @@ import netscape.security.util.PrettyPrintFormat;
 /**
  * This class defines the Name Constraints Extension.
  * <p>
- * The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.
+ * The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be
+ * included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or
+ * subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of
+ * information appearing in the permitted subtrees.
  * <p>
  * The ASN.1 syntax for this is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java
index d694deda4..9946a5c57 100644
--- a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java
+++ b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java
@@ -23,10 +23,13 @@ import netscape.security.util.ObjectIdentifier;
  * Lists all the object identifiers of the X509 extensions of the PKIX profile.
  * 
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @see Extension
  * 
diff --git a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java
index ae782dfcd..194903dd5 100644
--- a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java
@@ -33,7 +33,9 @@ import netscape.security.util.DerValue;
  * This class defines the certificate extension which specifies the
  * Policy constraints.
  * <p>
- * The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier.
+ * The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension
+ * constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in
+ * a path contain an acceptable policy identifier.
  * <p>
  * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the module definition):
  * 
diff --git a/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java b/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java
index 3d69782cd..6f2e583bc 100644
--- a/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java
@@ -33,10 +33,13 @@ import netscape.security.util.DerValue;
  * This extension, if present, identifies the certificate policies considered
  * identical between the issuing and the subject CA.
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java
index 4a155aeb3..a38443644 100644
--- a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java
+++ b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java
@@ -37,7 +37,10 @@ import netscape.security.util.DerValue;
  * This class defines the Private Key Usage Extension.
  * 
  * <p>
- * The Private Key Usage Period extension allows the certificate issuer to specify a different validity period for the private key than the certificate. This extension is intended for use with digital signature keys. This extension consists of two optional components notBefore and notAfter. The private key associated with the certificate should not be used to sign objects before or after the times specified by the two components, respectively.
+ * The Private Key Usage Period extension allows the certificate issuer to specify a different validity period for the
+ * private key than the certificate. This extension is intended for use with digital signature keys. This extension
+ * consists of two optional components notBefore and notAfter. The private key associated with the certificate should
+ * not be used to sign objects before or after the times specified by the two components, respectively.
  * 
  * <pre>
  * PrivateKeyUsagePeriod ::= SEQUENCE {
diff --git a/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java b/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java
index 05e0b9182..3271768f7 100755
--- a/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java
+++ b/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java
@@ -37,7 +37,8 @@ import netscape.security.util.ObjectIdentifier;
 
 /**
  * <p>
- * Abstract class for a revoked certificate in a CRL. This class is for each entry in the <code>revokedCertificates</code>, so it deals with the inner <em>SEQUENCE</em>. The ASN.1 definition for this is:
+ * Abstract class for a revoked certificate in a CRL. This class is for each entry in the
+ * <code>revokedCertificates</code>, so it deals with the inner <em>SEQUENCE</em>. The ASN.1 definition for this is:
  * 
  * <pre>
  * revokedCertificates    SEQUENCE OF SEQUENCE  {
diff --git a/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java b/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
index 572f2be17..779503e60 100644
--- a/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
+++ b/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * alternative names.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * <p>
  * The ASN.1 syntax for this is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java b/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java
index 236981768..40e7a3f0d 100644
--- a/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java
+++ b/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java
@@ -31,7 +31,8 @@ import netscape.security.util.DerValue;
  * This class represents the Subject Directory Attributes Extension.
  * 
  * <p>
- * The subject directory attributes extension is not recommended as an essential part of this profile, but it may be used in local environments. This extension MUST be non-critical.
+ * The subject directory attributes extension is not recommended as an essential part of this profile, but it may be
+ * used in local environments. This extension MUST be non-critical.
  * 
  * <pre>
  * The ASN.1 syntax for this extension is:
diff --git a/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java b/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java
index 3e6b63daf..fd22b20f0 100644
--- a/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java
+++ b/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java
@@ -35,10 +35,13 @@ import netscape.security.util.DerValue;
  * non-critical.
  * 
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/X500Signer.java b/pki/base/util/src/netscape/security/x509/X500Signer.java
index 75d8144b2..0b8cf87a4 100644
--- a/pki/base/util/src/netscape/security/x509/X500Signer.java
+++ b/pki/base/util/src/netscape/security/x509/X500Signer.java
@@ -28,7 +28,8 @@ import java.security.Signer;
  * is needed in many public key signing applications.
  * 
  * <P>
- * The name of the signer is important, both because knowing it is the whole point of the signature, and because the associated X.509 certificate is always used to verify the signature.
+ * The name of the signer is important, both because knowing it is the whole point of the signature, and because the
+ * associated X.509 certificate is always used to verify the signature.
  * 
  * <P>
  * <em>The X.509 certificate chain is temporarily not associated with
diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
index 551e28046..8c69b6aa0 100755
--- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
+++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
@@ -55,9 +55,11 @@ import netscape.security.util.ObjectIdentifier;
  * <pre>
  * </pre>
  * <p>
- * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }
+ * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING
+ * }
  * <p>
- * A good description and profiling is provided in the IETF PKIX WG draft, Part I: X.509 Certificate and CRL Profile, &lt;draft-ietf-pkix-ipki-part1-06.txt&gt;.
+ * A good description and profiling is provided in the IETF PKIX WG draft, Part I: X.509 Certificate and CRL Profile,
+ * &lt;draft-ietf-pkix-ipki-part1-06.txt&gt;.
  * <p>
  * The ASN.1 definition of <code>tbsCertList</code> is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/X509Cert.java b/pki/base/util/src/netscape/security/x509/X509Cert.java
index 4675741a9..b524f779b 100644
--- a/pki/base/util/src/netscape/security/x509/X509Cert.java
+++ b/pki/base/util/src/netscape/security/x509/X509Cert.java
@@ -133,10 +133,14 @@ public class X509Cert implements Certificate, Serializable {
      * and are sometimes used as certificate requests.
      * 
      * <P>
-     * Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed certificate. The fields passed to this constructor are available, and must be non-null.
+     * Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be
+     * available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed
+     * certificate. The fields passed to this constructor are available, and must be non-null.
      * 
      * <P>
-     * Note that the public key being signed is generally independent of the signature algorithm being used. So for example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used.
+     * Note that the public key being signed is generally independent of the signature algorithm being used. So for
+     * example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other
+     * signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used.
      * 
      * @see CertAndKeyGen
      * 
@@ -511,7 +515,9 @@ public class X509Cert implements Certificate, Serializable {
      * chose not to place in the certificate.
      * 
      * <P>
-     * Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a Diffie-Hellman certificate and a signature capable certificate.
+     * Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate
+     * in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a
+     * Diffie-Hellman certificate and a signature capable certificate.
      */
     public PublicKey getPublicKey() {
         return pubkey;
diff --git a/pki/base/util/src/netscape/security/x509/X509CertImpl.java b/pki/base/util/src/netscape/security/x509/X509CertImpl.java
index 4d78db067..360028734 100755
--- a/pki/base/util/src/netscape/security/x509/X509CertImpl.java
+++ b/pki/base/util/src/netscape/security/x509/X509CertImpl.java
@@ -62,10 +62,15 @@ import netscape.security.util.ObjectIdentifier;
  * 
  * <P>
  * These certificates are managed and vouched for by <em>Certificate
- * Authorities</em> (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
+ * Authorities</em> (CAs). CAs are services which create certificates by placing data in the X.509 standard format and
+ * then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties,
+ * making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by
+ * themselves, or by some other CA such as a "root" CA.
  * 
  * <P>
- * RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.
+ * RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates.
+ * That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of
+ * personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.
  * 
  * <P>
  * More recent work includes the IETF PKIX Working Group efforts, especially part 1.
diff --git a/pki/base/util/src/netscape/security/x509/X509CertInfo.java b/pki/base/util/src/netscape/security/x509/X509CertInfo.java
index 166462613..9dd43de3f 100644
--- a/pki/base/util/src/netscape/security/x509/X509CertInfo.java
+++ b/pki/base/util/src/netscape/security/x509/X509CertInfo.java
@@ -41,13 +41,17 @@ import netscape.security.util.DerValue;
  * X.509 certificates have several base data elements, including:
  * <UL>
  * 
- * <LI>The <em>Subject Name</em>, an X.500 Distinguished Name for the entity (subject) for which the certificate was issued.
+ * <LI>The <em>Subject Name</em>, an X.500 Distinguished Name for the entity (subject) for which the certificate was
+ * issued.
  * 
- * <LI>The <em>Subject Public Key</em>, the public key of the subject. This is one of the most important parts of the certificate.
+ * <LI>The <em>Subject Public Key</em>, the public key of the subject. This is one of the most important parts of the
+ * certificate.
  * 
- * <LI>The <em>Validity Period</em>, a time period (e.g. six months) within which the certificate is valid (unless revoked).
+ * <LI>The <em>Validity Period</em>, a time period (e.g. six months) within which the certificate is valid (unless
+ * revoked).
  * 
- * <LI>The <em>Issuer Name</em>, an X.500 Distinguished Name for the Certificate Authority (CA) which issued the certificate.
+ * <LI>The <em>Issuer Name</em>, an X.500 Distinguished Name for the Certificate Authority (CA) which issued the
+ * certificate.
  * 
  * <LI>A <em>Serial Number</em> assigned by the CA, for use in certificate revocation and other applications.
  * 
diff --git a/pki/base/util/src/netscape/security/x509/X509Key.java b/pki/base/util/src/netscape/security/x509/X509Key.java
index 54e00cad1..546ce363e 100644
--- a/pki/base/util/src/netscape/security/x509/X509Key.java
+++ b/pki/base/util/src/netscape/security/x509/X509Key.java
@@ -42,7 +42,10 @@ import netscape.security.util.DerValue;
  * "SubjectPublicKeyInfo".
  * 
  * <P>
- * While this class can represent any kind of X.509 key, it may be desirable to provide subclasses which understand how to parse keying data. For example, RSA public keys have two members, one for the public modulus and one for the prime exponent. If such a class is provided, it is used when parsing X.509 keys. If one is not provided, the key still parses correctly.
+ * While this class can represent any kind of X.509 key, it may be desirable to provide subclasses which understand how
+ * to parse keying data. For example, RSA public keys have two members, one for the public modulus and one for the prime
+ * exponent. If such a class is provided, it is used when parsing X.509 keys. If one is not provided, the key still
+ * parses correctly.
  * 
  * @version 1.74, 97/12/10
  * @author David Brownell
@@ -88,7 +91,9 @@ public class X509Key implements PublicKey {
      * X509Key object is returned.
      * 
      * <P>
-     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be accomodated.
+     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of
+     * losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be
+     * accomodated.
      * 
      * @param in the DER-encoded SubjectPublicKeyInfo value
      * @exception IOException on data format errors
@@ -121,7 +126,8 @@ public class X509Key implements PublicKey {
      * DSS/DSA keys encapsulate a single unsigned integer.
      * 
      * <P>
-     * This function is called when creating X.509 SubjectPublicKeyInfo values using the X509Key member functions, such as <code>parse</code> and <code>decode</code>.
+     * This function is called when creating X.509 SubjectPublicKeyInfo values using the X509Key member functions, such
+     * as <code>parse</code> and <code>decode</code>.
      * 
      * @exception IOException on parsing errors.
      * @exception InvalidKeyException on invalid key encodings.
@@ -302,16 +308,20 @@ public class X509Key implements PublicKey {
 
     /**
      * Initialize an X509Key object from an input stream. The data on that
-     * input stream must be encoded using DER, obeying the X.509 <code>SubjectPublicKeyInfo</code> format. That is, the data is a
+     * input stream must be encoded using DER, obeying the X.509 <code>SubjectPublicKeyInfo</code> format. That is, the
+     * data is a
      * sequence consisting of an algorithm ID and a bit string which holds
      * the key. (That bit string is often used to encapsulate another DER
      * encoded sequence.)
      * 
      * <P>
-     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code> method to parse any fields inside the <code>key</code> member.
+     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code>
+     * method to parse any fields inside the <code>key</code> member.
      * 
      * <P>
-     * The exception to this rule is that since private keys need not be encoded using the X.509 <code>SubjectPublicKeyInfo</code> format, private keys may override this method, <code>encode</code>, and of course <code>getFormat</code>.
+     * The exception to this rule is that since private keys need not be encoded using the X.509
+     * <code>SubjectPublicKeyInfo</code> format, private keys may override this method, <code>encode</code>, and of
+     * course <code>getFormat</code>.
      * 
      * @param in an input stream with a DER-encoded X.509
      *            SubjectPublicKeyInfo value