Formatting (line wrap > 120 in comments

162 files changed, 1026 insertions, 430 deletions

diff --git a/pki/.settings/org.eclipse.jdt.core.prefs b/pki/.settings/org.eclipse.jdt.core.prefs
index e2efdb9b5..b5e44d72d 100644
--- a/pki/.settings/org.eclipse.jdt.core.prefs
+++ b/pki/.settings/org.eclipse.jdt.core.prefs
@@ -1,4 +1,4 @@
-#Wed Jan 11 12:59:05 EST 2012
+#Wed Jan 11 13:00:44 EST 2012
 eclipse.preferences.version=1
 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
@@ -57,7 +57,7 @@ org.eclipse.jdt.core.formatter.comment.indent_parameter_description=true
 org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
 org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
 org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=do not insert
-org.eclipse.jdt.core.formatter.comment.line_length=500
+org.eclipse.jdt.core.formatter.comment.line_length=120
 org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
 org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
 org.eclipse.jdt.core.formatter.compact_else_if=true
diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java
index 23b00a103..d6f02a059 100644
--- a/pki/base/ca/src/com/netscape/ca/CAService.java
+++ b/pki/base/ca/src/com/netscape/ca/CAService.java
@@ -351,7 +351,9 @@ public class CAService implements ICAService, IService {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used whenever a user private key archive request is made. This is an option in a cert enrollment request detected by an RA or a CA, so, if selected, it should be logged immediately following the certificate request.
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used whenever a user private key archive
+     * request is made. This is an option in a cert enrollment request detected by an RA or a CA, so, if selected, it
+     * should be logged immediately following the certificate request.
      * </ul>
      * 
      * @param request a certificate enrollment request from an RA or CA
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
index c98135eaa..508793ddf 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
@@ -26,7 +26,8 @@ import java.util.Vector;
  * enforcer can verify the ACLs with the current
  * context to see if the corresponding resource is accessible.
  * <P>
- * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code>, a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted
+ * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code>
+ * , a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted
  * <P>
  * 
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
index 70e4b7c02..8b52b3928 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
@@ -64,7 +64,8 @@ public interface IAuthzManager {
      * own authorization information before full operation. It is supposed
      * to be called from the authzMgrAccessInit() method of the AuthzSubsystem.
      * <p>
-     * The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:
+     * The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo
+     * is the resACLs, whose format should conform to the following:
      * 
      * <pre>
      *    <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
index e0fb0ba4b..f161b5e8d 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
@@ -20,9 +20,13 @@ package com.netscape.certsrv.jobs;
 /**
  * class representing one Job cron information
  * <p>
- * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges. A cron string in the configuration takes the following format: <i>minute (0-59), hour (0-23), day of the month (1-31), month of the year (1-12), day of the week (0-6 with 0=Sunday)</i>
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in
+ * an "item"...which includes both numbers and '-' separated ranges. A cron string in the configuration takes the
+ * following format: <i>minute (0-59), hour (0-23), day of the month (1-31), month of the year (1-12), day of the week
+ * (0-6 with 0=Sunday)</i>
  * <p>
- * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job "rnJob1" will be executed from Monday through Friday, at 11:30am and 11:30pm.
+ * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job "rnJob1" will be executed from Monday
+ * through Friday, at 11:30am and 11:30pm.
  * <p>
  * 
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
index e4daffbe7..f4184853d 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
@@ -30,8 +30,12 @@ import com.netscape.certsrv.base.ISubsystem;
  * if there is any job to be done, if so, a thread is created to execute
  * the job(s).
  * <p>
- * The interval <b>jobsScheduler.interval</b> in the configuration is specified as number of minutes. If not set, the default is 1 minute. Note that the cron specification for each job CAN NOT be finer than the granularity of the Scheduler daemon interval. For example, if the daemon interval is set to 5 minute, a job cron for every minute at 7am on each Tuesday (e.g. * 7 * * 2) will result in the execution of the job thread only once every 5 minutes during that hour. <b>The inteval value is
- * recommended at 1 minute, setting it otherwise has the potential of forever missing the beat</b>. Use with caution.
+ * The interval <b>jobsScheduler.interval</b> in the configuration is specified as number of minutes. If not set, the
+ * default is 1 minute. Note that the cron specification for each job CAN NOT be finer than the granularity of the
+ * Scheduler daemon interval. For example, if the daemon interval is set to 5 minute, a job cron for every minute at 7am
+ * on each Tuesday (e.g. * 7 * * 2) will result in the execution of the job thread only once every 5 minutes during that
+ * hour. <b>The inteval value is recommended at 1 minute, setting it otherwise has the potential of forever missing the
+ * beat</b>. Use with caution.
  * 
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
index b89737927..13748f2d1 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
@@ -103,8 +103,10 @@ public interface IKeyService {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is made (this is when the DRM receives the request)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery request is processed (this is when the DRM processes the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is
+     * made (this is when the DRM receives the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery
+     * request is processed (this is when the DRM processes the request)
      * </ul>
      * 
      * @param reqID request id
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
index 7d3d7ff71..189530f7a 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
@@ -22,9 +22,11 @@ import com.netscape.certsrv.request.IRequest;
 /**
  * This interface represents an enrollment profile.
  * <p>
- * An enrollment profile contains a list of enrollment specific input plugins, default policies, constriant policies and output plugins.
+ * An enrollment profile contains a list of enrollment specific input plugins, default policies, constriant policies and
+ * output plugins.
  * <p>
- * This interface also defines a set of enrollment specific attribute names that can be used to retrieve values from an enrollment request.
+ * This interface also defines a set of enrollment specific attribute names that can be used to retrieve values from an
+ * enrollment request.
  * <p>
  * 
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
index bf1aefcff..469d6dded 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
@@ -31,13 +31,18 @@ import com.netscape.certsrv.request.IRequest;
  * the request with additional values.
  * <p>
  * 
- * During request submission process, a default policy is invoked to populate the default values in the request. The default values will later on be used for execution. The default values are like the parameters for the request.
+ * During request submission process, a default policy is invoked to populate the default values in the request. The
+ * default values will later on be used for execution. The default values are like the parameters for the request.
  * <p>
  * 
- * This policy is called in 2 places. For automated enrollment request, this policy is invoked to populate the HTTP parameters into the request. For request that cannot be executed immediately, this policy will be invoked again right after the agent's approval.
+ * This policy is called in 2 places. For automated enrollment request, this policy is invoked to populate the HTTP
+ * parameters into the request. For request that cannot be executed immediately, this policy will be invoked again right
+ * after the agent's approval.
  * <p>
  * 
- * Each default policy may contain zero or more properties that describe the default value. For example, a X509 Key can be described by its key type, key length, and key data. The properties help to describe the default value into human readable values.
+ * Each default policy may contain zero or more properties that describe the default value. For example, a X509 Key can
+ * be described by its key type, key length, and key data. The properties help to describe the default value into human
+ * readable values.
  * <p>
  * 
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
index 779bf6a88..0cd39c091 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
@@ -46,7 +46,8 @@ import com.netscape.cms.profile.common.ProfilePolicy;
  * The output policy is for building the result page.
  * <p>
  * 
- * Each profile can have multiple policy set. Each set is composed of zero or more default policies and zero or more constraint policies.
+ * Each profile can have multiple policy set. Each set is composed of zero or more default policies and zero or more
+ * constraint policies.
  * <p>
  * 
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
index ddb1dae2a..48738d810 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
@@ -39,7 +39,8 @@ public class AgentApprovals
     /**
      * Adds an approval to approval's list.
      * <p>
-     * If an approval is already present for this user, it is updated with a new date. Otherwise a new value is inserted.
+     * If an approval is already present for this user, it is updated with a new date. Otherwise a new value is
+     * inserted.
      * 
      * @param userName user name of the approving agent
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
index 4d23c9032..9998abee7 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
@@ -38,7 +38,8 @@ public interface IPolicy {
      * determine whether the request can be processed immediately,
      * or should be held pending manual approval.
      * <p>
-     * The policy can update fields in the request, to add additional values or to restrict the values to pre-determined ranges.
+     * The policy can update fields in the request, to add additional values or to restrict the values to pre-determined
+     * ranges.
      * <p>
      * 
      * @param request
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
index 507d527ff..8d0b0924c 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
@@ -188,7 +188,8 @@ public interface IRequest {
      * assigned by the originator of the request (for example,
      * the EE servlet or the RA servlet.
      * <p>
-     * The sourceId should be unique so that it can be used to retrieve request later without knowing the locally assigned primary id (RequestID)
+     * The sourceId should be unique so that it can be used to retrieve request later without knowing the locally
+     * assigned primary id (RequestID)
      * <p>
      * 
      * @return
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
index 5c5d13a67..a8f5f7332 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
@@ -59,7 +59,8 @@ public interface IRequestQueue {
      * except for the sourceID of the original request
      * (remote authority's request Id).
      * <p>
-     * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling releaseRequest().
+     * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling
+     * releaseRequest().
      * 
      * @param r request to be cloned
      * @return cloned request
@@ -112,7 +113,8 @@ public interface IRequestQueue {
      * only valid for requests with status BEGIN. An error is
      * generated for other cases.
      * <p>
-     * This call might be used by agent servlets that want to copy a previous request, and resubmit it. By putting it into PENDING state, the normal agent screens can be used for further processing.
+     * This call might be used by agent servlets that want to copy a previous request, and resubmit it. By putting it
+     * into PENDING state, the normal agent screens can be used for further processing.
      * 
      * @param req
      *            the request to mark PENDING
@@ -127,7 +129,8 @@ public interface IRequestQueue {
      * except for the sourceID of the original request
      * (remote authority's request Id).
      * <p>
-     * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling releaseRequest().
+     * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling
+     * releaseRequest().
      * 
      * @param r request to be cloned
      * @return cloned request mark PENDING
@@ -141,9 +144,11 @@ public interface IRequestQueue {
      * <p>
      * This call will fail if: the request is not in PENDING state the policy modules do not accept the request
      * <p>
-     * If the policy modules reject the request, then the request will remain in the PENDING state. Messages from the policy module can be display to the agent to indicate the source of the problem.
+     * If the policy modules reject the request, then the request will remain in the PENDING state. Messages from the
+     * policy module can be display to the agent to indicate the source of the problem.
      * <p>
-     * The request processing code adds an AgentApproval to this request that contains the authentication id of the agent. This data is retrieved from the Session object (qv).
+     * The request processing code adds an AgentApproval to this request that contains the authentication id of the
+     * agent. This data is retrieved from the Session object (qv).
      * 
      * @param request
      *            the request that is being approved
@@ -157,7 +162,8 @@ public interface IRequestQueue {
      * <p>
      * This call will fail if: the request is not in PENDING state
      * <p>
-     * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the action
+     * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the
+     * action
      * 
      * @param request
      *            the request that is being rejected
@@ -171,7 +177,8 @@ public interface IRequestQueue {
      * <p>
      * This call will fail if: the request is not in PENDING state
      * <p>
-     * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the action
+     * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the
+     * action
      * 
      * @param request
      *            the request that is being canceled
@@ -199,7 +206,8 @@ public interface IRequestQueue {
      * queue. The caller should use the RequestIds to locate
      * each request by calling findRequest().
      * <p>
-     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search
+     * object.
      * 
      * @return request list
      */
@@ -211,7 +219,8 @@ public interface IRequestQueue {
      * requests could be listed by specifying RequestStatus.PENDING
      * as the <i>status</i> argument
      * <p>
-     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search
+     * object.
      * 
      * @param status request status
      * @return request list
@@ -222,7 +231,8 @@ public interface IRequestQueue {
      * Returns an enumerator that lists all RequestIds for requests
      * that match the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search
+     * object.
      * 
      * @param filter search filter
      * @return request list
@@ -233,7 +243,8 @@ public interface IRequestQueue {
      * Returns an enumerator that lists all RequestIds for requests
      * that match the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search
+     * object.
      * 
      * @param filter search filter
      * @param maxSize max size to return
@@ -245,7 +256,8 @@ public interface IRequestQueue {
      * Returns an enumerator that lists all RequestIds for requests
      * that match the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search
+     * object.
      * 
      * @param filter search filter
      * @param maxSize max size to return
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
index eaaea5efe..6a8bbcbf2 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
@@ -40,7 +40,8 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
  * subject name from ldap attributes and dn.
  * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+ * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If
+ * empty or not set, the ldap entry DN will be used as the certificate subject name.
  * <p>
  * 
  * The syntax is
diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
index 0e747dbe2..8fb84842f 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
@@ -220,7 +220,8 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert requests or revocation requests are submitted and signature is verified
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert
+     * requests or revocation requests are submitted and signature is verified
      * </ul>
      * 
      * @param authCred Authentication credentials, CRED_UID and CRED_CMC.
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
index 21280f0f9..653a950aa 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
@@ -32,7 +32,8 @@ import com.netscape.certsrv.base.EBaseException;
  * subject name from ldap attributes and dn.
  * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+ * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If
+ * empty or not set, the ldap entry DN will be used as the certificate subject name.
  * <p>
  * 
  * The syntax is
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
index 59c5d376b..3120b9e23 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
@@ -173,7 +173,8 @@ public abstract class DirBasedAuthentication
      * 	dnpattern               - dn pattern.
      * </pre>
      * <p>
-     * <i><b>dnpattern</b></i> is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+     * <i><b>dnpattern</b></i> is a string representing a subject name pattern to formulate from the directory
+     * attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
      * <p>
      * The syntax is
      * 
diff --git a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
index 3542570a9..02a8f1438 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
@@ -33,7 +33,8 @@ import com.netscape.certsrv.base.EBaseException;
  * subject name from ldap attributes and dn.
  * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+ * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If
+ * empty or not set, the ldap entry DN will be used as the certificate subject name.
  * <p>
  * 
  * The syntax is
diff --git a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
index a4eac0900..dcce8277e 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
@@ -40,7 +40,8 @@ import com.netscape.cmsutil.util.Utils;
  * An abstract class represents an authorization manager that governs the
  * access of internal resources such as servlets.
  * It parses in the ACLs associated with each protected
- * resources, and provides protected method <CODE>checkPermission</CODE> for code that needs to verify access before performing
+ * resources, and provides protected method <CODE>checkPermission</CODE> for code that needs to verify access before
+ * performing
  * actions.
  * <P>
  * Here is a sample resourceACLS for a resource
@@ -52,7 +53,8 @@ import com.netscape.cmsutil.util.Utils;
  *           allow (execute) group="Administrators";
  * </PRE>
  * 
- * To perform permission checking, code call authz mgr authorize() method to verify access. See AuthzMgr for calling example.
+ * To perform permission checking, code call authz mgr authorize() method to verify access. See AuthzMgr for calling
+ * example.
  * <P>
  * default "evaluators" are used to evaluate the "group=.." or "user=.." rules. See evaluator for more info
  * 
@@ -234,12 +236,19 @@ public abstract class AAclAuthz {
      * marked as privileged, this methods will simply
      * return.
      * <P>
-     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's considered passed.
+     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be
+     * evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any
+     * acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's
+     * considered passed.
      * <p>
-     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and there is no need to continue the check. If passed permission check for "certServer", then it's considered passed, and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at the leaf level, no such resource exist, or
-     * no acis, it's considered passed.
+     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and
+     * there is no need to continue the check. If passed permission check for "certServer", then it's considered passed,
+     * and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for
+     * permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at
+     * the leaf level, no such resource exist, or no acis, it's considered passed.
      * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks, will the eventual access be granted.
+     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks,
+     * will the eventual access be granted.
      * 
      * @param name resource name
      * @param perm permission requested
@@ -293,9 +302,13 @@ public abstract class AAclAuthz {
      * Checks if the permission is granted or denied in
      * the current execution context.
      * <P>
-     * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code>, a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted
+     * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple
+     * <code>ACLEntry</code>, a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be
+     * granted
      * <P>
-     * negative ("deny") aclEntries are treated differently than positive ("allow") statements. If a negative aclEntries fails the acl check, the permission check will return "false" right away; while in the case of a positive aclEntry, if the the aclEntry fails the acl check, the next aclEntry will be evaluated.
+     * negative ("deny") aclEntries are treated differently than positive ("allow") statements. If a negative aclEntries
+     * fails the acl check, the permission check will return "false" right away; while in the case of a positive
+     * aclEntry, if the the aclEntry fails the acl check, the next aclEntry will be evaluated.
      * 
      * @param name resource name
      * @param perm permission requested
@@ -447,12 +460,19 @@ public abstract class AAclAuthz {
      * marked as privileged, this methods will simply
      * return.
      * <P>
-     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's considered passed.
+     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be
+     * evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any
+     * acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's
+     * considered passed.
      * <p>
-     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and there is no need to continue the check. If passed permission check for "certServer", then it's considered passed, and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at the leaf level, no such resource exist, or
-     * no acis, it's considered passed.
+     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and
+     * there is no need to continue the check. If passed permission check for "certServer", then it's considered passed,
+     * and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for
+     * permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at
+     * the leaf level, no such resource exist, or no acis, it's considered passed.
      * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks, will the eventual access be granted.
+     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks,
+     * will the eventual access be granted.
      * 
      * @param authToken authentication token gotten from authentication
      * @param name resource name
diff --git a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
index b2318e7ea..df24f275e 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
@@ -254,7 +254,9 @@ public class DirAclAuthz extends AAclAuthz
     /**
      * update acls. when memory update is done, flush to ldap.
      * <p>
-     * Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted.
+     * Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates
+     * lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts
+     * down, another flush will be attempted.
      * 
      * @param id is the resource id
      * @param rights The allowable rights for this resource
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
index 143e59d8d..30920d4cd 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
@@ -697,7 +697,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the audit log is generated (same as "flush" time)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the audit log is generated (same as
+     * "flush" time)
      * </ul>
      * 
      * @exception IOException for input/output problems
diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
index 783534485..e085937e5 100644
--- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
@@ -285,7 +285,8 @@ public class RollingLogFile extends LogFile {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log expires (authorization should not allow, but in case authorization gets compromised make sure it is written AFTER the log expiration happens)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log expires (authorization should not allow,
+     * but in case authorization gets compromised make sure it is written AFTER the log expiration happens)
      * </ul>
      * 
      * @param expirationSeconds The number of seconds since the expired files
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
index c9e9401a5..b7a24bd65 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
@@ -58,7 +58,9 @@ public class AgentPolicy extends APolicyRule
      * 
      * The entries may be of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=AgentPolicy ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com ra.Policy.rule.<ruleName>.class=xxxx ra.Policy.rule.<ruleName>.params.*
+     * ra.Policy.rule.<ruleName>.implName=AgentPolicy ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com ra.Policy.rule.<ruleName>.class=xxxx
+     * ra.Policy.rule.<ruleName>.params.*
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
index 5ad1f6c49..9ad322085 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
@@ -95,7 +95,10 @@ public class DSAKeyConstraints extends APolicyRule
      * Initializes this policy rule.
      * <P>
      * 
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=1024 ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
+     * ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512
+     * ra.Policy.rule.<ruleName>.maxSize=1024 ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+     * netscape.com
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
index fd1436469..f341dd224 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
@@ -56,7 +56,8 @@ public class DefaultRevocation extends APolicyRule
      * 
      * The entries may be of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=DefaultRevocation ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
+     * ra.Policy.rule.<ruleName>.implName=DefaultRevocation ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
index c523ae9f2..14cd9ece4 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
@@ -87,7 +87,9 @@ public class KeyAlgorithmConstraints extends APolicyRule
      * Initializes this policy rule.
      * <P>
      * 
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
+     * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
index 1abc5bda0..b93487609 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
@@ -56,7 +56,8 @@ public class ManualAuthentication extends APolicyRule
      * 
      * The entries may be of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=ManualAuthentication ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
+     * ra.Policy.rule.<ruleName>.implName=ManualAuthentication ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
index 57176950a..d6dde414a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
@@ -100,7 +100,9 @@ public class RSAKeyConstraints extends APolicyRule
      * 
      * The entries probably are of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=2048 ra.Policy.rule.<ruleName>.predicate=ou==Marketing
+     * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=2048
+     * ra.Policy.rule.<ruleName>.predicate=ou==Marketing
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
index 8b7f90202..2b220cb8f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
@@ -96,7 +96,8 @@ public class RenewalConstraints extends APolicyRule
      * 
      * The entries probably are of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
index b65e97773..862f8ac5a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
@@ -112,7 +112,9 @@ public class RenewalValidityConstraints extends APolicyRule
      * 
      * The entries probably are of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.renewalInterval=15 ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180
+     * ra.Policy.rule.<ruleName>.renewalInterval=15 ra.Policy.rule.<ruleName>.predicate=ou==Sales
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
index b18e4b7f9..d4859195d 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
@@ -91,7 +91,8 @@ public class RevocationConstraints extends APolicyRule
      * 
      * The entries probably are of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
index 94a4ebda9..1dd99702f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
@@ -94,7 +94,9 @@ public class SigningAlgorithmConstraints extends APolicyRule
      * Initializes this policy rule.
      * <P>
      * 
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints
+     * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
index ae3d66a1f..dea3d9a9c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
@@ -78,7 +78,9 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
      * Initializes this policy rule.
      * <P>
      * 
-     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
+     * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
index f4b3367b8..a3eeae98c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
@@ -106,7 +106,9 @@ public class UniqueSubjectNameConstraints extends APolicyRule
      * 
      * The entries probably are of the form:
      * 
-     * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
+     * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true
+     * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
index ef35f5e64..1ebf9a0b8 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
@@ -118,7 +118,9 @@ public class ValidityConstraints extends APolicyRule
      * 
      * The entries probably are of the form:
      * 
-     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
index 059782570..cf94d73ee 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
@@ -136,7 +136,8 @@ public class AuthInfoAccessExt extends APolicyRule implements
      * 
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate=
+     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
index 12f2a74ff..10aa8630f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
@@ -96,7 +96,8 @@ public class BasicConstraintsExt extends APolicyRule
      * <p>
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for
+     * undefined. ca.Policy.rule.<ruleName>.enable=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
index 76f4f04c7..e2c31cf5a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
@@ -93,7 +93,8 @@ public class CertificatePoliciesExt extends APolicyRule
      * 
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
+     * ca.Policy.rule.<ruleName>.enable=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
index 35e5be1ad..88ffb4dff 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
@@ -103,7 +103,8 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
      * 
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate=
+     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
index d8c176130..f58ce5539 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
@@ -333,7 +333,8 @@ public class GenericASN1Ext extends APolicyRule implements
      * 
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.implName=genericASNExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate=
+     * ca.Policy.rule.<ruleName>.implName=genericASNExt ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
index 4b2da43dd..7540191f3 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
@@ -91,7 +91,8 @@ public class NSCCommentExt extends APolicyRule
      * <p>
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl ca.Policy.rule.<ruleName>.displayText=<n> ca.Policy.rule.<ruleName>.commentFile=<n> ca.Policy.rule.<ruleName>.enable=false
+     * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl ca.Policy.rule.<ruleName>.displayText=<n>
+     * ca.Policy.rule.<ruleName>.commentFile=<n> ca.Policy.rule.<ruleName>.enable=false
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
index c39be6982..3492ea5ed 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
@@ -92,7 +92,8 @@ public class NameConstraintsExt extends APolicyRule
      * 
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
+     * ca.Policy.rule.<ruleName>.enable=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
index ec0de7355..ec6762701 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
@@ -93,7 +93,8 @@ public class PolicyConstraintsExt extends APolicyRule
      * 
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
+     * ca.Policy.rule.<ruleName>.enable=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
index 22c2e85bc..f3ef6c710 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
@@ -87,7 +87,8 @@ public class PolicyMappingsExt extends APolicyRule
      * 
      * The entries may be of the form:
      * 
-     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName=
+     * ca.Policy.rule.<ruleName>.enable=true
      * 
      * @param config The config store reference
      */
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
index 86263e484..8152db07b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
@@ -51,7 +51,9 @@ import com.netscape.cms.policy.APolicyRule;
  * 
  * Adds the subject alternative name extension depending on the certificate type requested.
  * 
- * Two forms are supported. 1) For S/MIME certificates, email addresses are copied from data stored in the request by the authentication component. Both 'e' and 'altEmail' are supported so that both the primary address and alternative forms may be certified. Only the primary goes in the subjectName position (which should be phased out).
+ * Two forms are supported. 1) For S/MIME certificates, email addresses are copied from data stored in the request by
+ * the authentication component. Both 'e' and 'altEmail' are supported so that both the primary address and alternative
+ * forms may be certified. Only the primary goes in the subjectName position (which should be phased out).
  * 
  * e mailAlternateAddress
  * <P>
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
index 64abe57a5..efbeb42be 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -1234,11 +1234,13 @@ public abstract class EnrollProfile extends BasicProfile
      * Populate input
      * <P>
      * 
-     * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)
+     * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT
+     * made through a connector)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before
+     * approval process)
      * </ul>
      * 
      * @param ctx profile context
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
index 076ba6b30..98fb41496 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
@@ -45,7 +45,8 @@ import com.netscape.certsrv.request.IRequest;
  * request attributes and cert subject name.
  * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
+ * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and
+ * request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
  * <p>
  * 
  * The syntax is
@@ -96,7 +97,8 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * </pre>
  * 
- * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into.
+ * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk
+ * that a wrong dn will be mapped into.
  * 
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
index b33698863..4eb6baeca 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
@@ -35,7 +35,8 @@ import com.netscape.certsrv.request.IRequest;
  * request attributes and cert subject name.
  * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
+ * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and
+ * request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
  * <p>
  * 
  * The syntax is
@@ -73,7 +74,8 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * </pre>
  * 
- * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into.
+ * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk
+ * that a wrong dn will be mapped into.
  * 
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
index ad788b12b..c494627f1 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
@@ -34,7 +34,8 @@ import com.netscape.certsrv.request.IRequest;
  * request attributes and cert subject name.
  * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
+ * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and
+ * request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
  * <p>
  * 
  * The syntax is
@@ -72,7 +73,8 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * </pre>
  * 
- * If an request attribute or subject DN component does not exist, the attribute is skipped.There is potential risk that a wrong dn will be mapped into.
+ * If an request attribute or subject DN component does not exist, the attribute is skipped.There is potential risk that
+ * a wrong dn will be mapped into.
  * 
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
index 1d68d3bc4..72838eb55 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -278,7 +278,8 @@ public class AdminServlet extends HttpServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CMS authMgr can pick up cert mis-match, so this event is used)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only
+     * webserver env can pick up the SSL violation; CMS authMgr can pick up cert mis-match, so this event is used)
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
      * </ul>
      * 
@@ -615,7 +616,8 @@ public class AdminServlet extends HttpServlet {
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CMS that's when one accesses a role port)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CMS that's when one
+     * accesses a role port)
      * </ul>
      * 
      * @param req HTTP servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
index 4a0591060..fa3933ed6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
@@ -518,7 +518,8 @@ public class CAAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
+     * frequency, CRL format)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -673,7 +674,8 @@ public class CAAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
+     * frequency, CRL format)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -833,7 +835,8 @@ public class CAAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
+     * frequency, CRL format)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -974,7 +977,8 @@ public class CAAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
+     * frequency, CRL format)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1191,7 +1195,8 @@ public class CAAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions,
+     * frequency, CRL format)
      * </ul>
      * 
      * @param req HTTP servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index 7f5a96e9d..92cbb8885 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -518,7 +518,8 @@ public final class CMSAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when configuring encryption (cert settings and SSL cipher preferences)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when configuring encryption (cert settings and SSL
+     * cipher preferences)
      * </ul>
      * 
      * @exception ServletException a servlet error has occurred
@@ -1468,7 +1469,8 @@ public final class CMSAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to
+     * import CA certs into the certificate database
      * </ul>
      * 
      * @exception ServletException a servlet error has occurred
@@ -1894,7 +1896,8 @@ public final class CMSAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to
+     * import CA certs into the certificate database
      * </ul>
      * 
      * @exception ServletException a servlet error has occurred
@@ -2312,7 +2315,8 @@ public final class CMSAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import a CA cross-signed certificate into the database
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to
+     * import a CA cross-signed certificate into the database
      * </ul>
      * 
      * @exception ServletException a servlet error has occurred
@@ -3055,7 +3059,8 @@ public final class CMSAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Manage Certificate" is used to edit the trustness of certs and deletion of certs
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Manage Certificate" is used to edit
+     * the trustness of certs and deletion of certs
      * </ul>
      * 
      * @exception ServletException a servlet error has occurred
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
index 256792245..dadbf4088 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
@@ -1422,8 +1422,11 @@ public class LogAdminServlet extends AdminServlet {
      * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file name (including any path changes) for any of audit, system, transaction, or other customized log file change is attempted (authorization should not allow, but make sure it's written after the attempt)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log expiration time change is attempted (authorization should not allow, but make sure it's written after the attempt)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file name (including any path changes) for
+     * any of audit, system, transaction, or other customized log file change is attempted (authorization should not
+     * allow, but make sure it's written after the attempt)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log expiration time change is attempted
+     * (authorization should not allow, but make sure it's written after the attempt)
      * </ul>
      * 
      * @param req HTTP servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
index a968b5b35..338a58239 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
@@ -229,7 +229,8 @@ public class OCSPAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under
+     * Online Certificate Status Manager)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -318,7 +319,8 @@ public class OCSPAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under
+     * Online Certificate Status Manager)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -466,7 +468,8 @@ public class OCSPAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under
+     * Online Certificate Status Manager)
      * </ul>
      * 
      * @param req HTTP servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
index e2193cd63..f34a82770 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
@@ -483,7 +483,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
+     * extensions
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -604,7 +605,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
+     * extensions
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -710,7 +712,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
+     * extensions
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -849,7 +852,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
+     * extensions
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1005,7 +1009,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
+     * extensions
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1095,7 +1100,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and
+     * extensions
      * </ul>
      * 
      * @param req HTTP servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
index 47771a190..57fadab47 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
@@ -400,7 +400,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -544,7 +545,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -670,7 +672,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -797,7 +800,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -917,7 +921,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1034,7 +1039,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1151,7 +1157,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1288,7 +1295,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1427,7 +1435,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1559,7 +1568,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1678,7 +1688,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1798,7 +1809,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -2279,7 +2291,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -2416,7 +2429,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -2579,7 +2593,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings
+     * and cert profile; obsoletes extensions and constraints policies)
      * </ul>
      * 
      * @param req HTTP servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
index 65c005835..8481fffe1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
@@ -650,11 +650,13 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * Adds a new user to LDAP server
      * <P>
      * 
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -975,11 +977,13 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * Adds a certificate to a user
      * <P>
      * 
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1327,14 +1331,16 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * Removes a certificate for a user
      * <P>
      * 
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
      * 
      * In this method, "certDN" is actually a combination of version, serialNumber, issuerDN, and SubjectDN.
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1471,11 +1477,13 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * itself.
      * <P>
      * 
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1639,11 +1647,13 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * Adds a new group in local scope.
      * <P>
      * 
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#group
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1777,11 +1787,13 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * removes a group
      * <P>
      * 
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#group
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -1885,7 +1897,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
@@ -2117,11 +2130,13 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * Modifies an existing user in local scope.
      * <P>
      * 
-     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under
+     * users/groups)
      * </ul>
      * 
      * @param req HTTP servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 0c262fdf8..2920d0f46 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -1680,7 +1680,8 @@ public abstract class CMSServlet extends HttpServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only
+     * webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
      * </ul>
      * 
@@ -1881,7 +1882,8 @@ public abstract class CMSServlet extends HttpServlet {
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one
+     * accesses a role port)
      * </ul>
      * 
      * @param authzMgrName string representing the name of the authorization
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
index f7f31b192..2308318ee 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
@@ -42,7 +42,8 @@ import com.netscape.certsrv.base.IConfigStore;
  * Return some javascript to the request which contains the list of
  * dynamic data in the CMS system.
  * <p>
- * This allows the requestor (browser) to make decisions about what to present in the UI, depending on how CMS is configured
+ * This allows the requestor (browser) to make decisions about what to present in the UI, depending on how CMS is
+ * configured
  * 
  * @version $Revision$, $Date$
  */
@@ -119,19 +120,23 @@ public class DynamicVariablesServlet extends CMSServlet {
      * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request
      * <li><strong>GetClientCert</strong> - whether to request client auth for this request
      * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client
-     * <li><strong>dynamicVariables</strong> - a string of the form: serverdate=serverdate(),subsystemname=subsystemname(), http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
+     * <li><strong>dynamicVariables</strong> - a string of the form:
+     * serverdate=serverdate(),subsystemname=subsystemname(), http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
      * </ul>
      * The dynamicVariables string is parsed by splitting on commas.
      * When services, the HTTP request provides a piece of javascript
      * code as follows.
      * <p>
-     * Each sub expression "lhs=rhs()" forms a javascript statement of the form <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. The possible values for the rhs() function are:
+     * Each sub expression "lhs=rhs()" forms a javascript statement of the form <i>lhs=xxx;</i> Where lhs is xxx is the
+     * result of 'evaluating' the rhs. The possible values for the rhs() function are:
      * <ul>
-     * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client clock is set correctly)
+     * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client clock is set
+     * correctly)
      * <li><strong>subsystemname()</strong>
      * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https)
      * <li>authmgrs() - a comma separated list of authentication managers
-     * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl'
+     * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is defined in the CMS
+     * configuration parameter 'cloning.cloneMasterCrlUrl'
      * </ul>
      * 
      * @see javax.servlet.Servlet#init(ServletConfig)
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
index f8625ce30..58ad4eabc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
@@ -57,7 +57,8 @@ public class SystemInfoServlet extends HttpServlet {
      * value of the 'op' HTTP parameter.
      * <UL>
      * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet
-     * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers (@see java.lang.Runtime.getRuntime#gc() )
+     * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers (@see
+     * java.lang.Runtime.getRuntime#gc() )
      * <li>op = general - display information about memory, and other JVM informatino
      * <li>op = thread - display details about each thread.
      * </UL>
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
index 629c0e2c9..0d7da7fa8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
@@ -323,8 +323,10 @@ public class CMCRevReqServlet extends CMSServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
+     * "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
+     * changed (revoked, expired, on-hold, off-hold)
      * </ul>
      * 
      * @param argSet CMS template parameters
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
index 18b9ddd60..1c9838f83 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
@@ -125,7 +125,8 @@ public class DisplayBySerial extends CMSServlet {
     /**
      * Serves HTTP request. The format of this request is as follows:
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to display (or hex if serialNumber preceded by 0x)
+     * <li>http.param serialNumber Decimal serial number of certificate to display (or hex if serialNumber preceded by
+     * 0x)
      * </ul>
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index 44b339c5a..3f7a24d64 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -378,12 +378,15 @@ public class DoRevoke extends CMSServlet {
      * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
      * <P>
      * 
-     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request)
+     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change
+     * request)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
+     * "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
+     * changed (revoked, expired, on-hold, off-hold)
      * </ul>
      * 
      * @param argSet CMS template parameters
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
index 259625d14..f17e576d6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
@@ -284,12 +284,15 @@ public class DoRevokeTPS extends CMSServlet {
      * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
      * <P>
      * 
-     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request)
+     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change
+     * request)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
+     * "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
+     * changed (revoked, expired, on-hold, off-hold)
      * </ul>
      * 
      * @param argSet CMS template parameters
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
index bafafb8fd..656d36f85 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
@@ -111,7 +111,9 @@ public class DoUnrevoke extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string
+     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked
+     * with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex
+     * number by prefixing '0x' to the serialNumber string
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
@@ -220,8 +222,10 @@ public class DoUnrevoke extends CMSServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
+     * "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
+     * changed (taken off-hold)
      * </ul>
      * 
      * @param argSet CMS template parameters
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
index 1e18c3c4e..3af743a95 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
@@ -111,7 +111,9 @@ public class DoUnrevokeTPS extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string
+     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked
+     * with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex
+     * number by prefixing '0x' to the serialNumber string
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
@@ -229,8 +231,10 @@ public class DoUnrevokeTPS extends CMSServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. -
+     * "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is
+     * changed (taken off-hold)
      * </ul>
      * 
      * @param serialNumbers the serial number of the certificate
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
index ed66f8441..0c7b73780 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
@@ -315,9 +315,12 @@ public class EnrollServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <UL>
-     * <LI>If the request is coming through the admin port, it is only allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
-     * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is renamed with more information about the current request ID
-     * <LI>The request is preprocessed, then processed further in one of the cert request processor classes: KeyGenProcessor, PKCS10Processor, CMCProcessor, CRMFProcessor
+     * <LI>If the request is coming through the admin port, it is only allowed to continue if 'admin enrollment' is
+     * enabled in the CMS.cfg file
+     * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is renamed with more information about
+     * the current request ID
+     * <LI>The request is preprocessed, then processed further in one of the cert request processor classes:
+     * KeyGenProcessor, PKCS10Processor, CMCProcessor, CRMFProcessor
      * </UL>
      * 
      * @param cmsReq the object holding the request and response information
@@ -690,15 +693,20 @@ public class EnrollServlet extends CMSServlet {
      * Process X509 certificate enrollment request
      * <P>
      * 
-     * (Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for "bulk enrollment", or an "EE" standard cert request)
+     * (Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for
+     * "bulk enrollment", or an "EE" standard cert request)
      * <P>
      * 
-     * (Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance, or an automated "EE" non-profile based cert rejection)
+     * (Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an
+     * automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance,
+     * or an automated "EE" non-profile based cert rejection)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made
+     * (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
      * </ul>
      * 
      * @param cmsReq a certificate enrollment request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
index 2e6bc228d..c12c8193d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
@@ -194,8 +194,10 @@ public class ListCerts extends CMSServlet {
      * <ul>
      * <li>http.param maxCount Number of certificates to show
      * <li>http.param queryFilter and ldap style filter specifying the certificates to show
-     * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down
-     * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up
+     * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if
+     * prefixed with 0x) when paging down
+     * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if
+     * prefixed with 0x) when paging up
      * <li>http.param direction "up", "down", "begin", or "end"
      * </ul>
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
index 25589abce..ca7759d5a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
@@ -406,9 +406,12 @@ public class ConnectorServlet extends CMSServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when inter-CIMC_Boundary data transfer is successful (this is used when data does not need to be captured)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before
+     * approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when inter-CIMC_Boundary data transfer is
+     * successful (this is used when data does not need to be captured)
      * </ul>
      * 
      * @param source string containing source
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
index dad214875..a40edee80 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
@@ -187,7 +187,8 @@ public class GrantAsyncRecovery extends CMSServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents
+     * to approve key recovery requests
      * </ul>
      * 
      * @param argSet CMS template parameters
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
index a70696445..a7b256e83 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
@@ -193,7 +193,8 @@ public class GrantRecovery extends CMSServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents
+     * to approve key recovery requests
      * </ul>
      * 
      * @param argSet CMS template parameters
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
index 93936ca1d..52efb1451 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
@@ -98,9 +98,12 @@ public class AddCAServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param cert ca certificate. The format is base-64, DER encoded, wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA is attempted to be added to the OCSP responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used when an add CA request to the OCSP Responder is processed
+     * <li>http.param cert ca certificate. The format is base-64, DER encoded, wrapped with -----BEGIN CERTIFICATE-----,
+     * -----END CERTIFICATE----- strings
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA is attempted to be added to the OCSP
+     * responder
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used when an add CA request to the OCSP
+     * Responder is processed
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
index 8a3ea60b9..2dec0e1f5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
@@ -105,10 +105,13 @@ public class AddCRLServlet extends CMSServlet {
      * <P>
      * 
      * <ul>
-     * <li>http.param crl certificate revocation list, base-64, DER encoded wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END CERTIFICATE REVOCATION LIST----- strings
+     * <li>http.param crl certificate revocation list, base-64, DER encoded wrapped in -----BEGIN CERTIFICATE REVOCATION
+     * LIST-----, -----END CERTIFICATE REVOCATION LIST----- strings
      * <li>http.param noui if true, use minimal hardcoded text response
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are retrieved by the OCSP Responder ("agent" or "EE")
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is retrieved and validation process occurs ("agent" or "EE")
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are retrieved by the OCSP Responder ("agent"
+     * or "EE")
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is retrieved and validation process occurs
+     * ("agent" or "EE")
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
index fbb5ce49f..5ccb87125 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
@@ -100,7 +100,8 @@ public class CheckCertServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
+     * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in -----BEGIN CERTIFICATE-----, -----END
+     * CERTIFICATE----- strings
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
index d747bd4b0..ab92a7c67 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
@@ -89,8 +89,11 @@ public class RemoveCAServlet extends CMSServlet {
      * Process the HTTP request.
      * <ul>
      * <li>http.param ca id. The format is string.
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a CA is attempted to be removed from the OCSP responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when a remove CA request to the OCSP Responder is processed successfully or not.
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a CA is attempted to be removed from the
+     * OCSP responder
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and
+     * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when a remove CA request to the OCSP
+     * Responder is processed successfully or not.
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
index ea0358dbb..094ea263c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
@@ -90,7 +90,8 @@ public class CRMFProcessor extends PKIProcessor {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof of possession is checked during certificate enrollment
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof of possession is checked during
+     * certificate enrollment
      * </ul>
      * 
      * @param certReqMsg the certificate request message
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index dafdb33da..ebd0b6c0c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -85,7 +85,8 @@ public class ProfileApproveServlet extends ProfileServlet {
      * 
      * <ul>
      * <li>http.param profileId the id of the profile to change
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an agent approves/disapproves a cert profile set by the administrator for automatic approval
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an agent approves/disapproves a cert
+     * profile set by the administrator for automatic approval
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
index ede2416e6..8a8d65d90 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
@@ -551,7 +551,8 @@ public class ProfileProcessServlet extends ProfileServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
      * </ul>
      * 
      * @param request the servlet request
@@ -607,7 +608,8 @@ public class ProfileProcessServlet extends ProfileServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
      * </ul>
      * 
      * @param request the servlet request
@@ -663,7 +665,8 @@ public class ProfileProcessServlet extends ProfileServlet {
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
      * </ul>
      * 
      * @param request the servlet request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index d1ee896a7..04a2c55d5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -213,12 +213,14 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
      * Process the HTTP request
      * <P>
      * 
-     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection)
+     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE"
+     * profile based cert rejection)
      * <P>
      * 
      * <ul>
      * <li>http.param profileId ID of profile to use to process request
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 144823a26..9c36b0aea 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -440,12 +440,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
      * Process the HTTP request
      * <P>
      * 
-     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection)
+     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE"
+     * profile based cert rejection)
      * <P>
      * 
      * <ul>
      * <li>http.param profileId ID of profile to use to process request
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
      * </ul>
      * 
      * @param cmsReq the object holding the request and response information
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
index 6522bdf45..b53413dcf 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -138,7 +138,8 @@ public class CheckRequest extends CMSServlet {
      * Process the HTTP request.
      * <ul>
      * <li>http.param requestId ID of the request to check
-     * <li>http.param format if 'id', then check the request based on the request ID parameter. If set to CMC, then use the 'queryPending' parameter.
+     * <li>http.param format if 'id', then check the request based on the request ID parameter. If set to CMC, then use
+     * the 'queryPending' parameter.
      * <li>http.param queryPending query formatted as a CMC request
      * </ul>
      * 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
index 7a63e1a11..6e782f5ab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
@@ -368,12 +368,15 @@ public class ProcessCertReq extends CMSServlet {
      * (Certificate Request - an "agent" cert request for "cloning")
      * <P>
      * 
-     * (Certificate Request Processed - either a manual "agent" non-profile based cert acceptance, a manual "agent" non-profile based cert cancellation, or a manual "agent" non-profile based cert rejection)
+     * (Certificate Request Processed - either a manual "agent" non-profile based cert acceptance, a manual "agent"
+     * non-profile based cert cancellation, or a manual "agent" non-profile based cert rejection)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made
+     * (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been
+     * through the approval process
      * </ul>
      * 
      * @param cmsReq a certificate enrollment request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
index 3a12819f3..3cb270466 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
@@ -210,10 +210,13 @@ public class QueryReq extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param reqState request state (one of showAll, showWaiting, showInService, showCancelled, showRejected, showCompleted)
+     * <li>http.param reqState request state (one of showAll, showWaiting, showInService, showCancelled, showRejected,
+     * showCompleted)
      * <li>http.param reqType
-     * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if when paging down seqNumFromDown starts with 0x)
-     * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if when paging up seqNumFromUp starts with 0x)
+     * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if when paging down seqNumFromDown starts
+     * with 0x)
+     * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if when paging up seqNumFromUp starts with
+     * 0x)
      * <li>http.param maxCount maximum number of records to show
      * <li>http.param totalCount total number of records in set of pages
      * <li>http.param direction "up", "down", "begin", or "end"
diff --git a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
index 66bc508d5..1a1aaa634 100644
--- a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
@@ -186,7 +186,8 @@ public class AuthzSubsystem implements IAuthzSubsystem {
      * to be called during the init() method of a servlet.
      * 
      * @param authzMgrName The authorization manager name
-     * @param accessInfo the access information to be initialized. currently it's acl string in the format specified in the authorization manager
+     * @param accessInfo the access information to be initialized. currently it's acl string in the format specified in
+     *            the authorization manager
      */
     public void authzMgrAccessInit(String authzMgrInstName, String accessInfo)
             throws EAuthzMgrNotFound, EBaseException {
diff --git a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
index 1278ed4f3..8aac76e70 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
@@ -148,7 +148,8 @@ public class FileConfigStore extends PropConfigStore implements
     /**
      * Saves in-memory properties to a specified file.
      * <P>
-     * Note that the superclass's save is synchronized. It means no properties can be altered (inserted) at the saving time.
+     * Note that the superclass's save is synchronized. It means no properties can be altered (inserted) at the saving
+     * time.
      * <P>
      * 
      * @param fileName filename
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java b/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
index 9bc2a0f00..7b1c6bae4 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
@@ -36,10 +36,14 @@ import java.util.Hashtable;
  * or loaded from a stream. Each key and its corresponding value in
  * the property list is a string.
  * <p>
- * A property list can contain another property list as its "defaults"; this second property list is searched if the property key is not found in the original property list.
+ * A property list can contain another property list as its "defaults"; this second property list is searched if the
+ * property key is not found in the original property list.
  * 
- * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code> methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised" <code>Properties</code> object that contains a non-
- * <code>String</code> key or value, the call will fail.
+ * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code>
+ * methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the
+ * caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method
+ * should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised"
+ * <code>Properties</code> object that contains a non- <code>String</code> key or value, the call will fail.
  * 
  */
 public class SimpleProperties extends Hashtable<String, String> {
@@ -95,15 +99,29 @@ public class SimpleProperties extends Hashtable<String, String> {
     /**
      * Reads a property list (key and element pairs) from the input stream.
      * <p>
-     * Every property occupies one line of the input stream. Each line is terminated by a line terminator (<code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of file is reached on the input stream.
+     * Every property occupies one line of the input stream. Each line is terminated by a line terminator (
+     * <code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of
+     * file is reached on the input stream.
      * <p>
-     * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines).
+     * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or
+     * <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines).
      * <p>
-     * Every line other than a blank line or a comment line describes one property to be added to the table (except that if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described below). The key consists of all the characters in the line starting with the first non-whitespace character and up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key termination characters may be included in
-     * the key by preceding them with a \. Any whitespace after the key is skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>, <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>,
-     * <code>\ &#32;</code> &#32;(a backslash and a space), and <code>\\u</code><i>xxxx</i> are recognized and converted to single characters. Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace characters on the continuation line are also discarded and are not part of the element string.
+     * Every line other than a blank line or a comment line describes one property to be added to the table (except that
+     * if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described
+     * below). The key consists of all the characters in the line starting with the first non-whitespace character and
+     * up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key
+     * termination characters may be included in the key by preceding them with a \. Any whitespace after the key is
+     * skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is
+     * ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part
+     * of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>,
+     * <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>, <code>\ &#32;</code> &#32;(a
+     * backslash and a space), and <code>\\u</code><i>xxxx</i> are recognized and converted to single characters.
+     * Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of
+     * the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace
+     * characters on the continuation line are also discarded and are not part of the element string.
      * <p>
-     * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element value <code>"Beauty"</code>:
+     * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element
+     * value <code>"Beauty"</code>:
      * <p>
      * 
      * <pre>
@@ -128,7 +146,9 @@ public class SimpleProperties extends Hashtable<String, String> {
      * &quot;apple, banana, pear, cantaloupe, watermelon,kiwi, mango&quot;
      * </pre>
      * 
-     * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded and are <i>not</i> replaced by one or more other characters.
+     * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final
+     * result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded
+     * and are <i>not</i> replaced by one or more other characters.
      * <p>
      * As a third example, the line:
      * <p>
@@ -261,19 +281,33 @@ public class SimpleProperties extends Hashtable<String, String> {
     }
 
     /**
-     * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a format suitable
+     * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a
+     * format suitable
      * for loading into a <code>Properties</code> table using the <code>load</code> method.
      * <p>
-     * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by this method.
+     * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by
+     * this method.
      * <p>
-     * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying comment.
+     * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line
+     * separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying
+     * comment.
      * <p>
-     * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line separator as generated by the Writer.
+     * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and
+     * time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line
+     * separator as generated by the Writer.
      * <p>
-     * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>, <code>\n</code>, and <code>\r</code>, respectively. Characters less
-     * than <code>\u0020</code> and characters greater than <code>\u007E</code> are written as <code>\\u</code><i>xxxx</i> for the appropriate hexadecimal value <i>xxxx</i>. Space characters, but not embedded or trailing space characters, are written with a preceding <code>\</code>. The key and value characters <code>#</code>, <code>!</code>, <code>=</code>, and <code>:</code> are written with a preceding slash to ensure that they are properly loaded.
+     * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key
+     * string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the
+     * element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters
+     * <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>,
+     * <code>\n</code>, and <code>\r</code>, respectively. Characters less than <code>\u0020</code> and characters
+     * greater than <code>\u007E</code> are written as <code>\\u</code><i>xxxx</i> for the appropriate hexadecimal value
+     * <i>xxxx</i>. Space characters, but not embedded or trailing space characters, are written with a preceding
+     * <code>\</code>. The key and value characters <code>#</code>, <code>!</code>, <code>=</code>, and <code>:</code>
+     * are written with a preceding slash to ensure that they are properly loaded.
      * <p>
-     * After the entries have been written, the output stream is flushed. The output stream remains open after this method returns.
+     * After the entries have been written, the output stream is flushed. The output stream remains open after this
+     * method returns.
      * 
      * @param out an output stream.
      * @param header a description of the property list.
@@ -307,7 +341,8 @@ public class SimpleProperties extends Hashtable<String, String> {
     /**
      * Searches for the property with the specified key in this property list.
      * If the key is not found in this property list, the default property list,
-     * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not found.
+     * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not
+     * found.
      * 
      * @param key the property key.
      * @return the value in this property list with the specified key value.
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
index b7c3f6329..81d0da20e 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
@@ -119,7 +119,8 @@ public class OidLoaderSubsystem implements ISubsystem {
      * subsystem specified in the configuration
      * store.
      * <P>
-     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the initialization of other subsystems.
+     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the
+     * initialization of other subsystems.
      * <P>
      * 
      * @param owner owner of this subsystem
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
index f85d9016c..4f6d6c632 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
@@ -106,7 +106,8 @@ public class X500NameSubsystem implements ISubsystem {
      * X500Name.attr.attribute-name.class=value converter class
      * </pre>
      * 
-     * The value converter class converts a string to a ASN.1 value. It must implement netscape.security.x509.AVAValueConverter interface. Converter classes provided in CMS are:
+     * The value converter class converts a string to a ASN.1 value. It must implement
+     * netscape.security.x509.AVAValueConverter interface. Converter classes provided in CMS are:
      * 
      * <pre>
      *     netscape.security.x509.PrintableConverter - 
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
index a4ed727da..91574c6cc 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
@@ -27,7 +27,8 @@ import com.netscape.certsrv.logging.ILogger;
 /**
  * class representing one Job cron item
  * <p>
- * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges.
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in
+ * an "item"...which includes both numbers and '-' separated ranges.
  * <p>
  * for each of the 5 cron fields, it's represented as a CronItem
  * 
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java b/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
index 99696b827..af5ae2a51 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
@@ -20,9 +20,11 @@ package com.netscape.cmscore.jobs;
 /**
  * class representing one Job cron element
  * <p>
- * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges.
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in
+ * an "item"...which includes both numbers and '-' separated ranges.
  * <p>
- * an Element can contain either an integer number or a range specified as CronRange. In case of integer numbers, begin and end are of the same value
+ * an Element can contain either an integer number or a range specified as CronRange. In case of integer numbers, begin
+ * and end are of the same value
  * 
  * @author cfu
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
index eeca68f63..0fca2ba9c 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
@@ -30,9 +30,13 @@ import com.netscape.certsrv.logging.ILogger;
 /**
  * class representing one Job cron information
  * <p>
- * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges. A cron string in the configuration takes the following format: <i>minute (0-59), hour (0-23), day of the month (1-31), month of the year (1-12), day of the week (0-6 with 0=Sunday)</i>
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in
+ * an "item"...which includes both numbers and '-' separated ranges. A cron string in the configuration takes the
+ * following format: <i>minute (0-59), hour (0-23), day of the month (1-31), month of the year (1-12), day of the week
+ * (0-6 with 0=Sunday)</i>
  * <p>
- * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job "rnJob1" will be executed from Monday through Friday, at 11:30am and 11:30pm.
+ * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job "rnJob1" will be executed from Monday
+ * through Friday, at 11:30am and 11:30pm.
  * <p>
  * 
  * @author cfu
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java b/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
index 38ec4a79c..654f3e494 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
@@ -41,8 +41,12 @@ import com.netscape.cmscore.util.Debug;
  * if there is any job to be done, if so, a thread is created to execute
  * the job(s).
  * <p>
- * The interval <b>jobsScheduler.interval</b> in the configuration is specified as number of minutes. If not set, the default is 1 minute. Note that the cron specification for each job CAN NOT be finer than the granularity of the Scheduler daemon interval. For example, if the daemon interval is set to 5 minute, a job cron for every minute at 7am on each Tuesday (e.g. * 7 * * 2) will result in the execution of the job thread only once every 5 minutes during that hour. <b>The inteval value is
- * recommended at 1 minute, setting it otherwise has the potential of forever missing the beat</b>. Use with caution.
+ * The interval <b>jobsScheduler.interval</b> in the configuration is specified as number of minutes. If not set, the
+ * default is 1 minute. Note that the cron specification for each job CAN NOT be finer than the granularity of the
+ * Scheduler daemon interval. For example, if the daemon interval is set to 5 minute, a job cron for every minute at 7am
+ * on each Tuesday (e.g. * 7 * * 2) will result in the execution of the job thread only once every 5 minutes during that
+ * hour. <b>The inteval value is recommended at 1 minute, setting it otherwise has the potential of forever missing the
+ * beat</b>. Use with caution.
  * 
  * @author cfu
  * @see JobCron
@@ -86,7 +90,9 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
      * read from the config file all implementations of Jobs,
      * register and initialize them
      * <p>
-     * the config params have the following formats: jobScheduler.impl.[implementation name].class=[package name] jobScheduler.job.[job name].pluginName=[implementation name] jobScheduler.job.[job name].cron=[crontab format] jobScheduler.job.[job name].[any job specific params]=[values]
+     * the config params have the following formats: jobScheduler.impl.[implementation name].class=[package name]
+     * jobScheduler.job.[job name].pluginName=[implementation name] jobScheduler.job.[job name].cron=[crontab format]
+     * jobScheduler.job.[job name].[any job specific params]=[values]
      * 
      * @param config jobsScheduler configStore
      */
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
index 57f5a76cb..580658eaa 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
@@ -213,7 +213,8 @@ public class LdapPredicateParser {
          * catch (Exception e){e.printStackTrace();}
          * String[] array = { "ou == people AND certtype == client",
          * "ou == servergroup AND certtype == server",
-         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
+         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com"
+         * ,
          * };
          * for (int i = 0; i < array.length; i++)
          * {
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
index 2423773a8..c9cc25997 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
@@ -1308,7 +1308,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
      * 
      * <subsystemId>.Policy.undeletablePolicies=<comma separated rule names>
      * Example:
-     * ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
+     * ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule,
+     * DefaultRenewalValidityRule
      * 
      * The predicates if any associated with them may be configured as
      * follows:
@@ -1336,7 +1337,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
      * We do n't need to burn in DirAuthRule. We need to configure all
      * other rules except the DirAuthRule as follows:
      * 
-     * ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
+     * ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule,
+     * DefaultRenewalValidityRule
      * 
      * The following predicates are necessary:
      * 
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
index af69e6a89..ebdeba4ce 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
@@ -213,7 +213,8 @@ public class PolicyPredicateParser {
          * catch (Exception e){e.printStackTrace();}
          * String[] array = { "ou == people AND certtype == client",
          * "ou == servergroup AND certtype == server",
-         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
+         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com"
+         * ,
          * };
          * for (int i = 0; i < array.length; i++)
          * {
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
index 016e368c6..bd47f3ce6 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
@@ -68,9 +68,11 @@ import com.netscape.certsrv.request.RequestStatus;
  * <p>
  * !Put state machine description here!
  * <p>
- * This class defines several abstract protected functions that need to be defined by the concrete implementation. In particular, this class does not implement the operations for storing requests persistantly.
+ * This class defines several abstract protected functions that need to be defined by the concrete implementation. In
+ * particular, this class does not implement the operations for storing requests persistantly.
  * <p>
- * This class also provides several accessor functions for setting fields in the IRequest object. These functions are provided as an aid to saving and restoring the state in the database.
+ * This class also provides several accessor functions for setting fields in the IRequest object. These functions are
+ * provided as an aid to saving and restoring the state in the database.
  * <p>
  * This class also implements the locking operations specified by the IRequestQueue interface.
  * <p>
@@ -89,7 +91,8 @@ public abstract class ARequestQueue
     /**
      * Create a new (unique) RequestId. (abstract)
      * <p>
-     * This method must be implemented by the specialized class to generate a new id from data in the persistant store. This id is used to create a new request object.
+     * This method must be implemented by the specialized class to generate a new id from data in the persistant store.
+     * This id is used to create a new request object.
      * <p>
      * 
      * @return
@@ -106,7 +109,8 @@ public abstract class ARequestQueue
      * <p>
      * This function is called to create the in-memory version of a request object.
      * <p>
-     * The implementation of this object can use the createRequest member function to create a new instance of an IRequest, and use the setRequestStatus, setCreationTime and setModificationTime functions to set those values.
+     * The implementation of this object can use the createRequest member function to create a new instance of an
+     * IRequest, and use the setRequestStatus, setCreationTime and setModificationTime functions to set those values.
      * <p>
      * 
      * @param id
@@ -154,7 +158,9 @@ public abstract class ARequestQueue
      * Get complete list of RequestId values found i this
      * queue.
      * <p>
-     * This method can form the basis for creating other types of search/list operations (although there are probably more efficient ways of doing this. ARequestQueue implements default versions of some of the searching by using this method as a basis.
+     * This method can form the basis for creating other types of search/list operations (although there are probably
+     * more efficient ways of doing this. ARequestQueue implements default versions of some of the searching by using
+     * this method as a basis.
      * <p>
      * TODO: return IRequestList -or- just use listRequests as the basic engine.
      * <p>
@@ -500,7 +506,8 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.listRequests
      * <p>
-     * Should be overridden by the specialized class if a more efficient method is available for implementing this operation.
+     * Should be overridden by the specialized class if a more efficient method is available for implementing this
+     * operation.
      * <P>
      * 
      * @see IRequestQueue#listRequests
@@ -512,7 +519,8 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.listRequestsByStatus
      * <p>
-     * Should be overridden by the specialized class if a more efficient method is available for implementing this operation.
+     * Should be overridden by the specialized class if a more efficient method is available for implementing this
+     * operation.
      * <P>
      * 
      * @see IRequestQueue#listRequestsByStatus
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java b/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
index ee625594f..862ddaa68 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
@@ -36,7 +36,8 @@ import com.netscape.cmscore.dbs.DBSubsystem;
  * <p>
  * This class is reponsible for managing storage of request objects in the local database.
  * <p>
- * TODO: review this It provides: + registration of LDAP/JAVA mapping classes with the DBSubsystem + creation of RequestQueue storage in the database + retrieval of existing RequestQueue objects from the database
+ * TODO: review this It provides: + registration of LDAP/JAVA mapping classes with the DBSubsystem + creation of
+ * RequestQueue storage in the database + retrieval of existing RequestQueue objects from the database
  * <p>
  * 
  * @author thayes
diff --git a/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
index 614cc5249..3ee2d3ab4 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
@@ -87,7 +87,8 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
      * subsystem specified in the configuration
      * store.
      * <P>
-     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the initialization of other subsystems.
+     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the
+     * initialization of other subsystems.
      * <P>
      * 
      * @param owner owner of this subsystem
diff --git a/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
index aabd8172b..57eb53f2e 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
@@ -69,7 +69,8 @@ public class StatsSubsystem implements IStatsSubsystem {
      * subsystem specified in the configuration
      * store.
      * <P>
-     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the initialization of other subsystems.
+     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the
+     * initialization of other subsystems.
      * <P>
      * 
      * @param owner owner of this subsystem
diff --git a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
index 57803c9e5..e8f4d8478 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
@@ -60,7 +60,8 @@ public class UtilResources extends ListResourceBundle {
             { NO_SUCH_FILE_1, "can''t find file {0}" },
             { FILE_TRUNCATED, "Log file has been truncated." },
             { DIGEST_MATCH_1, "Hash digest matches log file. {0} OK" },
-            { DIGEST_DONT_MATCH_1,
+            {
+                    DIGEST_DONT_MATCH_1,
                     "Hash digest does NOT match log file. {0} and/or hash file is corrupt or the password is incorrect." },
             { EXCEPTION_1, "Caught unexpected exception {0}" },
             { LOG_PASSWORD, "Please enter the log file hash digest password: " },
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
index a41238f3a..326de76d3 100644
--- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
+++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
@@ -51,9 +51,12 @@ import com.netscape.cmsutil.util.HMACDigest;
  * PKCS#10 certificate request with the public key, and outputs the request
  * to a file.
  * <p>
- * PKCS #10 is a certification request syntax standard defined by RSA. A CA may support multiple types of certificate requests. The Certificate System CA supports KEYGEN, PKCS#10, CRMF, and CMC.
+ * PKCS #10 is a certification request syntax standard defined by RSA. A CA may support multiple types of certificate
+ * requests. The Certificate System CA supports KEYGEN, PKCS#10, CRMF, and CMC.
  * <p>
- * To get a certificate from the CA, the certificate request needs to be submitted to and approved by a CA agent. Once approved, a certificate is created for the request, and certificate attributes, such as extensions, are populated according to certificate profiles.
+ * To get a certificate from the CA, the certificate request needs to be submitted to and approved by a CA agent. Once
+ * approved, a certificate is created for the request, and certificate attributes, such as extensions, are populated
+ * according to certificate profiles.
  * <p>
  * 
  * @version $Revision$, $Date$
diff --git a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java
index a485545ee..39a5d14b6 100644
--- a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java
+++ b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java
@@ -82,7 +82,8 @@ import com.netscape.cmscore.dbs.KeyRecord;
  * <P>
  * If policy returns ACCEPTED, the request will be processed immediately.
  * <P>
- * Upon processing, the incoming user key is unwrapped with the transport key of KRA, and then wrapped with the storage key. The encrypted key is stored in the internal database for long term storage.
+ * Upon processing, the incoming user key is unwrapped with the transport key of KRA, and then wrapped with the storage
+ * key. The encrypted key is stored in the internal database for long term storage.
  * <P>
  * 
  * @author thomask (original)
diff --git a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
index 8b64f8abd..7f523f339 100644
--- a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
+++ b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
@@ -725,8 +725,10 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used whenever a user private key archive request is made (this is when the DRM receives the request)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED used whenever a user private key archive request is processed (this is when the DRM processes the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used whenever a user private key archive
+     * request is made (this is when the DRM receives the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED used whenever a user private key
+     * archive request is processed (this is when the DRM processes the request)
      * </ul>
      * 
      * @param rec key record to be archived
@@ -971,8 +973,10 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is made (this is when the DRM receives the request)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery request is processed (this is when the DRM processes the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is
+     * made (this is when the DRM receives the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery
+     * request is processed (this is when the DRM processes the request)
      * </ul>
      * 
      * @param kid key identifier
@@ -1108,8 +1112,10 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is made (this is when the DRM receives the request)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery request is processed (this is when the DRM processes the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is
+     * made (this is when the DRM receives the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery
+     * request is processed (this is when the DRM processes the request)
      * </ul>
      * 
      * @param requestID request id
diff --git a/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java b/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java
index f0712e381..d6f02d9c6 100755
--- a/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java
@@ -58,7 +58,9 @@ import java.util.Vector;
  * <h3><a name="example">Basic Example</a></h3>
  * 
  * <p>
- * Here is a simple example in which an application has three command line options: <code>-theta</code> (followed by a floating point value), <code>-file</code> (followed by a string value), and <code>-debug</code>, which causes a boolean value to be set.
+ * Here is a simple example in which an application has three command line options: <code>-theta</code> (followed by a
+ * floating point value), <code>-file</code> (followed by a string value), and <code>-debug</code>, which causes a
+ * boolean value to be set.
  * 
  * <pre>
  * 
@@ -95,20 +97,37 @@ import java.util.Vector;
  * </pre>
  * 
  * <p>
- * The application creates an instance of ArgParser and then adds descriptions of the allowed options using {@link #addOption addOption}. The method {@link #matchAllArgs(String[]) matchAllArgs} is then used to match these options against the command line arguments. Values associated with each option are returned in the <code>value</code> field of special ``holder'' classes (e.g., {@link argparser.DoubleHolder DoubleHolder}, {@link argparser.StringHolder StringHolder}, etc.).
+ * The application creates an instance of ArgParser and then adds descriptions of the allowed options using
+ * {@link #addOption addOption}. The method {@link #matchAllArgs(String[]) matchAllArgs} is then used to match these
+ * options against the command line arguments. Values associated with each option are returned in the <code>value</code>
+ * field of special ``holder'' classes (e.g., {@link argparser.DoubleHolder DoubleHolder},
+ * {@link argparser.StringHolder StringHolder}, etc.).
  * 
  * <p>
- * The first argument to {@link #addOption addOption} is a string that specifies (1) the option's name, (2) a conversion code for its associated value (e.g., <code>%f</code> for floating point, <code>%s</code> for a string, <code>%v</code> for a boolean flag), and (3) an optional description (following the <code>#</code> character) which is used for generating help messages. The second argument is the holder object through which the value is returned. This may be either a type-specific object
- * (such as {@link argparser.DoubleHolder DoubleHolder} or {@link argparser.StringHolder
- * StringHolder}), an array of the appropriate type, or <a href=#multipleOptionInvocation> an instance of <code>java.util.Vector</code></a>.
+ * The first argument to {@link #addOption addOption} is a string that specifies (1) the option's name, (2) a conversion
+ * code for its associated value (e.g., <code>%f</code> for floating point, <code>%s</code> for a string,
+ * <code>%v</code> for a boolean flag), and (3) an optional description (following the <code>#</code> character) which
+ * is used for generating help messages. The second argument is the holder object through which the value is returned.
+ * This may be either a type-specific object (such as {@link argparser.DoubleHolder DoubleHolder} or
+ * {@link argparser.StringHolder
+ * StringHolder}), an array of the appropriate type, or <a href=#multipleOptionInvocation> an instance of
+ * <code>java.util.Vector</code></a>.
  * 
  * <p>
- * By default, arguments that don't match the specified options, are <a href=#rangespec>out of range</a>, or are otherwise formatted incorrectly, will cause <code>matchAllArgs</code> to print a message and exit the program. Alternatively, an application can use {@link #matchAllArgs(String[],int,int) matchAllArgs(args,idx,exitFlags)} to obtain an array of unmatched arguments which can then be <a href=#customArgParsing>processed separately</a>
+ * By default, arguments that don't match the specified options, are <a href=#rangespec>out of range</a>, or are
+ * otherwise formatted incorrectly, will cause <code>matchAllArgs</code> to print a message and exit the program.
+ * Alternatively, an application can use {@link #matchAllArgs(String[],int,int) matchAllArgs(args,idx,exitFlags)} to
+ * obtain an array of unmatched arguments which can then be <a href=#customArgParsing>processed separately</a>
  * 
  * <h3><a name="rangespec">Range Specification</a></h3>
  * 
- * The values associated with options can also be given range specifications. A range specification appears in curly braces immediately following the conversion code. In the code fragment below, we show how to specify an option <code>-name</code> that expects to be provided with one of three string values (<code>john</code>, <code>mary</code>, or <code>jane</code>), an option <code>-index</code> that expects to be supplied with a integer value in the range 1 to 256, an option <code>-size</code>
- * that expects to be supplied with integer values of either 1, 2, 4, 8, or 16, and an option <code>-foo</code> that expects to be supplied with floating point values in the ranges -99 < foo <= -50, or 50 <= foo < 99.
+ * The values associated with options can also be given range specifications. A range specification appears in curly
+ * braces immediately following the conversion code. In the code fragment below, we show how to specify an option
+ * <code>-name</code> that expects to be provided with one of three string values (<code>john</code>, <code>mary</code>,
+ * or <code>jane</code>), an option <code>-index</code> that expects to be supplied with a integer value in the range 1
+ * to 256, an option <code>-size</code> that expects to be supplied with integer values of either 1, 2, 4, 8, or 16, and
+ * an option <code>-foo</code> that expects to be supplied with floating point values in the ranges -99 < foo <= -50, or
+ * 50 <= foo < 99.
  * 
  * <pre>
  * StringHolder name = new StringHolder();
@@ -135,7 +154,8 @@ import java.util.Vector;
  * 
  * <h3><a name="singleWordOptions">Single Word Options</a></h3>
  * 
- * Normally, options are assumed to be "multi-word", meaning that any associated value must follow the option as a separate argument string. For example,
+ * Normally, options are assumed to be "multi-word", meaning that any associated value must follow the option as a
+ * separate argument string. For example,
  * 
  * <pre>
  * parser.addOption(&quot;-file %s #file name&quot;);
@@ -147,7 +167,8 @@ import java.util.Vector;
  *    -file someFileName
  * </pre>
  * 
- * However, if there is no white space separting the option's name from it's conversion code, then values associated with that option will be assumed to be part of the same argument string as the option itself. For example,
+ * However, if there is no white space separting the option's name from it's conversion code, then values associated
+ * with that option will be assumed to be part of the same argument string as the option itself. For example,
  * 
  * <pre>
  * parser.addOption(&quot;-file=%s #file name&quot;);
@@ -162,7 +183,9 @@ import java.util.Vector;
  * Such an option is called a "single word" option.
  * 
  * <p>
- * In cases where an option has multiple names, then this single word behavior is invoked if there is no white space between the last indicated name and the conversion code. However, previous names in the list will still be given multi-word behavior if there is white space between the name and the following comma. For example,
+ * In cases where an option has multiple names, then this single word behavior is invoked if there is no white space
+ * between the last indicated name and the conversion code. However, previous names in the list will still be given
+ * multi-word behavior if there is white space between the name and the following comma. For example,
  * 
  * <pre>
  * parser.addOption(&quot;-nb=,-number ,-n%d #number of blocks&quot;);
@@ -178,7 +201,10 @@ import java.util.Vector;
  * 
  * <h3><a name="multipleOptionValues">Multiple Option Values</a></h3>
  * 
- * If may be useful for an option to be followed by several values. For instance, we might have an option <code>-velocity</code> which should be followed by three numbers denoting the x, y, and z components of a velocity vector. We can require multiple values for an option by placing a <i>multiplier</i> specification, of the form <code>X</code>N, where N is an integer, after the conversion code (or range specification, if present). For example,
+ * If may be useful for an option to be followed by several values. For instance, we might have an option
+ * <code>-velocity</code> which should be followed by three numbers denoting the x, y, and z components of a velocity
+ * vector. We can require multiple values for an option by placing a <i>multiplier</i> specification, of the form
+ * <code>X</code>N, where N is an integer, after the conversion code (or range specification, if present). For example,
  * 
  * <pre>
  * double[] pos = new double[3];
@@ -192,15 +218,20 @@ import java.util.Vector;
  *    -position xx yy zz
  * </pre>
  * 
- * in the argument list, where <code>xx</code>, <code>yy</code>, and <code>zz</code> are numbers. The values are stored in the array <code>pos</code>.
+ * in the argument list, where <code>xx</code>, <code>yy</code>, and <code>zz</code> are numbers. The values are stored
+ * in the array <code>pos</code>.
  * 
  * Options requiring multiple values must use arrays to return their values, and cannot be used in single word format.
  * 
  * <h3><a name="multipleOptionInvocation">Multiple Option Invocation</a></h3>
  * 
- * Normally, if an option appears twice in the command list, the value associated with the second instance simply overwrites the value associated with the first instance.
+ * Normally, if an option appears twice in the command list, the value associated with the second instance simply
+ * overwrites the value associated with the first instance.
  * 
- * However, the application can instead arrange for the storage of <i>all</i> values associated with multiple option invocation, by supplying a instance of <code>java.util.Vector</code> to serve as the value holder. Then every time the option appears in the argument list, the parser will create a value holder of appropriate type, set it to the current value, and store the holder in the vector. For example, the construction
+ * However, the application can instead arrange for the storage of <i>all</i> values associated with multiple option
+ * invocation, by supplying a instance of <code>java.util.Vector</code> to serve as the value holder. Then every time
+ * the option appears in the argument list, the parser will create a value holder of appropriate type, set it to the
+ * current value, and store the holder in the vector. For example, the construction
  * 
  * <pre>
  * Vector vec = new Vector(10);
@@ -215,12 +246,18 @@ import java.util.Vector;
  *    -foo 1.2 -foo 1000 -foo -78
  * </pre>
  * 
- * will create three instances of {@link argparser.DoubleHolder DoubleHolder}, initialized to <code>1.2</code>, <code>1000</code>, and <code>-78</code>, and store them in <code>vec</code>.
+ * will create three instances of {@link argparser.DoubleHolder DoubleHolder}, initialized to <code>1.2</code>,
+ * <code>1000</code>, and <code>-78</code>, and store them in <code>vec</code>.
  * 
  * <h3><a name="helpInfo">Generating help information</a></h3>
  * 
- * ArgParser automatically generates help information for the options, and this information may be printed in response to a <i>help</i> option, or may be queried by the application using {@link #getHelpMessage getHelpMessage}. The information for each option consists of the option's name(s), it's required value(s), and an application-supplied description. Value information is generated automaticlly from the conversion code, range, and multiplier specifications (although this can be overriden, as
- * <a href=#valueInfo>described below</a>). The application-supplied description is whatever appears in the specification string after the optional <code>#</code> character. The string returned by {@link #getHelpMessage getHelpMessage} for the <a href=#example>first example above</a> would be
+ * ArgParser automatically generates help information for the options, and this information may be printed in response
+ * to a <i>help</i> option, or may be queried by the application using {@link #getHelpMessage getHelpMessage}. The
+ * information for each option consists of the option's name(s), it's required value(s), and an application-supplied
+ * description. Value information is generated automaticlly from the conversion code, range, and multiplier
+ * specifications (although this can be overriden, as <a href=#valueInfo>described below</a>). The application-supplied
+ * description is whatever appears in the specification string after the optional <code>#</code> character. The string
+ * returned by {@link #getHelpMessage getHelpMessage} for the <a href=#example>first example above</a> would be
  * 
  * <pre>
  * Usage: java argparser.SimpleExample
@@ -232,12 +269,18 @@ import java.util.Vector;
  * -debug                  enables display of debugging info
  * </pre>
  * 
- * The options <code>-help</code> and <code>-?</code> are including in the parser by default as help options, and they automatically cause the help message to be printed. To exclude these options, one should use the constructor {@link #ArgParser(String,boolean)
- * ArgParser(synopsis,false)}. Help options can also be specified by the application using {@link #addOption addOption} and the conversion code <code>%h</code>. Help options can be disabled using {@link #setHelpOptionsEnabled
+ * The options <code>-help</code> and <code>-?</code> are including in the parser by default as help options, and they
+ * automatically cause the help message to be printed. To exclude these options, one should use the constructor
+ * {@link #ArgParser(String,boolean)
+ * ArgParser(synopsis,false)}. Help options can also be specified by the application using {@link #addOption addOption}
+ * and the conversion code <code>%h</code>. Help options can be disabled using {@link #setHelpOptionsEnabled
  * setHelpOptionsEnabled(false)}.
  * 
  * <p>
- * <a name=valueInfo> A description of the required values for an option can be specified explicitly by placing a second <code>#</code> character in the specification string. Everything between the first and second <code>#</code> characters then becomes the value description, and everything after the second <code>#</code> character becomes the option description. For example, if the <code>-theta</code> option above was specified with
+ * <a name=valueInfo> A description of the required values for an option can be specified explicitly by placing a second
+ * <code>#</code> character in the specification string. Everything between the first and second <code>#</code>
+ * characters then becomes the value description, and everything after the second <code>#</code> character becomes the
+ * option description. For example, if the <code>-theta</code> option above was specified with
  * 
  * <pre>
  * parser.addOption(&quot;-theta %f #NUMBER#theta value (in degrees)&quot;, theta);
@@ -257,7 +300,8 @@ import java.util.Vector;
  * 
  * <h3><a name="customArgParsing">Custom Argument Parsing</a></h3>
  * 
- * An application may find it necessary to handle arguments that don't fit into the framework of this class. There are a couple of ways to do this.
+ * An application may find it necessary to handle arguments that don't fit into the framework of this class. There are a
+ * couple of ways to do this.
  * 
  * <p>
  * First, the method {@link #matchAllArgs(String[],int,int)
@@ -271,7 +315,8 @@ import java.util.Vector;
  *     }
  * </pre>
  * 
- * For instance, this would be useful for an applicatoon that accepts an arbitrary number of input file names. The options can be parsed using <code>matchAllArgs</code>, and the remaining unmatched arguments give the file names.
+ * For instance, this would be useful for an applicatoon that accepts an arbitrary number of input file names. The
+ * options can be parsed using <code>matchAllArgs</code>, and the remaining unmatched arguments give the file names.
  * 
  * <p>
  * If we need more control over the parsing, we can parse arguments one at a time using {@link #matchArg matchArg}:
@@ -293,11 +338,16 @@ import java.util.Vector;
  *     }
  * </pre>
  * 
- * {@link #matchArg matchArg(args,idx)} matches one option at location <code>idx</code> in the argument list, and then returns the location value that should be used for the next match. If an argument does not match any option, {@link #getUnmatchedArgument getUnmatchedArgument} will return a copy of the unmatched argument.
+ * {@link #matchArg matchArg(args,idx)} matches one option at location <code>idx</code> in the argument list, and then
+ * returns the location value that should be used for the next match. If an argument does not match any option,
+ * {@link #getUnmatchedArgument getUnmatchedArgument} will return a copy of the unmatched argument.
  * 
  * <h3><a name="argsFromAFile">Reading Arguments From a File</a></h3>
  * 
- * The method {@link #prependArgs prependArgs} can be used to automatically read in a set of arguments from a file and prepend them onto an existing argument list. Argument words correspond to white-space-delimited strings, and the file may contain the comment character <code>#</code> (which comments out everything to the end of the current line). A typical usage looks like this:
+ * The method {@link #prependArgs prependArgs} can be used to automatically read in a set of arguments from a file and
+ * prepend them onto an existing argument list. Argument words correspond to white-space-delimited strings, and the file
+ * may contain the comment character <code>#</code> (which comments out everything to the end of the current line). A
+ * typical usage looks like this:
  * 
  * <pre>
  *    ... create parser and add options ...
@@ -915,7 +965,8 @@ public class ArgParser {
      * Enables or disables help options. Help options are those
      * associated with a conversion code of <code>%h</code>. If
      * help options are enabled, and a help option is matched,
-     * then the string produced by {@link #getHelpMessage getHelpMessage} is printed to the default print stream and the program
+     * then the string produced by {@link #getHelpMessage getHelpMessage} is printed to the default print stream and the
+     * program
      * exits with code 0. Otherwise, arguments which match help
      * options are ignored.
      * 
@@ -1075,7 +1126,9 @@ public class ArgParser {
      * The specification string has the general form
      * 
      * <p>
-     * <var>optionNames</var> <code>%</code><var>conversionCode</var> [<code>{</code><var>rangeSpec</var><code>}</code>] [<code>X</code><var>multiplier</var>] [<code>#</code><var>valueDescription</var>] [<code>#</code><var>optionDescription</var>] </code>
+     * <var>optionNames</var> <code>%</code><var>conversionCode</var> [<code>{</code><var>rangeSpec</var><code>}</code>]
+     * [<code>X</code><var>multiplier</var>] [<code>#</code><var>valueDescription</var>] [<code>#</code>
+     * <var>optionDescription</var>] </code>
      * 
      * <p>
      * where
@@ -1084,7 +1137,8 @@ public class ArgParser {
      * <li><var>optionNames</var> is a comma-separated list of names for the option (such as <code>-f, --file</code>).
      * 
      * <p>
-     * <li><var>conversionCode</var> is a single letter, following a <code>%</code> character, specifying information about what value the option requires:
+     * <li><var>conversionCode</var> is a single letter, following a <code>%</code> character, specifying information
+     * about what value the option requires:
      * 
      * <table>
      * <tr>
@@ -1092,7 +1146,8 @@ public class ArgParser {
      * <td>a floating point number</td>
      * <tr>
      * <td><code>%i</code></td>
-     * <td>an integer, in either decimal, hex (if preceeded by <code>0x</code>), or octal (if preceeded by <code>0</code>)</td>
+     * <td>an integer, in either decimal, hex (if preceeded by <code>0x</code>), or octal (if preceeded by
+     * <code>0</code>)</td>
      * <tr valign=top>
      * <td><code>%d</code></td>
      * <td>a decimal integer</td>
@@ -1104,7 +1159,8 @@ public class ArgParser {
      * <td>a hex integer (without the preceeding <code>0x</code>)</td>
      * <tr valign=top>
      * <td><code>%c</code></td>
-     * <td>a single character, including escape sequences (such as <code>\n</code> or <code>\007</code>), and optionally enclosed in single quotes
+     * <td>a single character, including escape sequences (such as <code>\n</code> or <code>\007</code>), and optionally
+     * enclosed in single quotes
      * <tr valign=top>
      * <td><code>%b</code></td>
      * <td>a boolean value (<code>true</code> or <code>false</code>)</td>
@@ -1113,12 +1169,19 @@ public class ArgParser {
      * <td>a string. This will be the argument string itself (or its remainder, in the case of a single word option)</td>
      * <tr valign=top>
      * <td><code>%v</code></td>
-     * <td>no explicit value is expected, but a boolean value of <code>true</code> (by default) will be stored into the associated result holder if this option is matched. If one wishes to have a value of <code>false</code> stored instead, then the <code>%v</code> should be followed by a "range spec" containing <code>false</code>, as in <code>%v{false}</code>.
+     * <td>no explicit value is expected, but a boolean value of <code>true</code> (by default) will be stored into the
+     * associated result holder if this option is matched. If one wishes to have a value of <code>false</code> stored
+     * instead, then the <code>%v</code> should be followed by a "range spec" containing <code>false</code>, as in
+     * <code>%v{false}</code>.
      * </table>
      * 
      * <p>
-     * <li><var>rangeSpec</var> is an optional range specification, placed inside curly braces, consisting of a comma-separated list of range items each specifying permissible values for the option. A range item may be an individual value, or it may itself be a subrange, consisting of two individual values, separated by a comma, and enclosed in square or round brackets. Square and round brackets denote closed and open endpoints of a subrange, indicating that the associated endpoint value is
-     * included or excluded from the subrange. The values specified in the range spec need to be consistent with the type of value expected by the option.
+     * <li><var>rangeSpec</var> is an optional range specification, placed inside curly braces, consisting of a
+     * comma-separated list of range items each specifying permissible values for the option. A range item may be an
+     * individual value, or it may itself be a subrange, consisting of two individual values, separated by a comma, and
+     * enclosed in square or round brackets. Square and round brackets denote closed and open endpoints of a subrange,
+     * indicating that the associated endpoint value is included or excluded from the subrange. The values specified in
+     * the range spec need to be consistent with the type of value expected by the option.
      * 
      * <p>
      * <b>Examples:</b>
@@ -1127,27 +1190,44 @@ public class ArgParser {
      * A range spec of <code>{2,4,8,16}</code> for an integer value will allow the integers 2, 4, 8, or 16.
      * 
      * <p>
-     * A range spec of <code>{[-1.0,1.0]}</code> for a floating point value will allow any floating point number in the range -1.0 to 1.0.
+     * A range spec of <code>{[-1.0,1.0]}</code> for a floating point value will allow any floating point number in the
+     * range -1.0 to 1.0.
      * 
      * <p>
-     * A range spec of <code>{(-88,100],1000}</code> for an integer value will allow values > -88 and <= 100, as well as 1000.
+     * A range spec of <code>{(-88,100],1000}</code> for an integer value will allow values > -88 and <= 100, as well as
+     * 1000.
      * 
      * <p>
-     * A range spec of <code>{"foo", "bar", ["aaa","zzz")} </code> for a string value will allow strings equal to <code>"foo"</code> or <code>"bar"</code>, plus any string lexically greater than or equal to <code>"aaa"</code> but less then <code>"zzz"</code>.
+     * A range spec of <code>{"foo", "bar", ["aaa","zzz")} </code> for a string value will allow strings equal to
+     * <code>"foo"</code> or <code>"bar"</code>, plus any string lexically greater than or equal to <code>"aaa"</code>
+     * but less then <code>"zzz"</code>.
      * 
      * <p>
-     * <li><var>multiplier</var> is an optional integer, following a <code>X</code> character, indicating the number of values which the option expects. If the multiplier is not specified, it is assumed to be 1. If the multiplier value is greater than 1, then the result holder should be either an array (of appropriate type) with a length greater than or equal to the multiplier value, or a <code>java.util.Vector</code> <a href=#vectorHolder>as discussed below</a>.
+     * <li><var>multiplier</var> is an optional integer, following a <code>X</code> character, indicating the number of
+     * values which the option expects. If the multiplier is not specified, it is assumed to be 1. If the multiplier
+     * value is greater than 1, then the result holder should be either an array (of appropriate type) with a length
+     * greater than or equal to the multiplier value, or a <code>java.util.Vector</code> <a href=#vectorHolder>as
+     * discussed below</a>.
      * 
      * <p>
-     * <li><var>valueDescription</var> is an optional description of the option's value requirements, and consists of all characters between two <code>#</code> characters. The final <code>#</code> character initiates the <i>option description</i>, which may be empty. The value description is used in <a href=#helpInfo>generating help messages</a>.
+     * <li><var>valueDescription</var> is an optional description of the option's value requirements, and consists of
+     * all characters between two <code>#</code> characters. The final <code>#</code> character initiates the <i>option
+     * description</i>, which may be empty. The value description is used in <a href=#helpInfo>generating help
+     * messages</a>.
      * 
      * <p>
-     * <li><var>optionDescription</var> is an optional description of the option itself, consisting of all characters between a <code>#</code> character and the end of the specification string. The option description is used in <a href=#helpInfo>generating help messages</a>.
+     * <li><var>optionDescription</var> is an optional description of the option itself, consisting of all characters
+     * between a <code>#</code> character and the end of the specification string. The option description is used in <a
+     * href=#helpInfo>generating help messages</a>.
      * </ul>
      * 
      * <p>
-     * The result holder must be an object capable of holding a value compatible with the conversion code, or it must be a <code>java.util.Vector</code>. When the option is matched, its associated value is placed in the result holder. If the same option is matched repeatedly, the result holder value will be overwritten, unless the result holder is a <code>java.util.Vector</code>, in which case new holder objects for each match will be allocated and added to the vector. Thus if multiple instances
-     * of an option are desired by the program, the result holder should be a <code>java.util.Vector</code>.
+     * The result holder must be an object capable of holding a value compatible with the conversion code, or it must be
+     * a <code>java.util.Vector</code>. When the option is matched, its associated value is placed in the result holder.
+     * If the same option is matched repeatedly, the result holder value will be overwritten, unless the result holder
+     * is a <code>java.util.Vector</code>, in which case new holder objects for each match will be allocated and added
+     * to the vector. Thus if multiple instances of an option are desired by the program, the result holder should be a
+     * <code>java.util.Vector</code>.
      * 
      * <p>
      * If the result holder is not a <code>Vector</code>, then it must correspond as follows to the conversion code:
@@ -1155,12 +1235,14 @@ public class ArgParser {
      * <table>
      * <tr valign=top>
      * <td><code>%i</code>, <code>%d</code>, <code>%x</code>, <code>%o</code></td>
-     * <td>{@link argparser.IntHolder IntHolder}, {@link argparser.LongHolder LongHolder}, <code>int[]</code>, or <code>long[]</code></td>
+     * <td>{@link argparser.IntHolder IntHolder}, {@link argparser.LongHolder LongHolder}, <code>int[]</code>, or
+     * <code>long[]</code></td>
      * </tr>
      * 
      * <tr valign=top>
      * <td><code>%f</code></td>
-     * <td>{@link argparser.FloatHolder FloatHolder}, {@link argparser.DoubleHolder DoubleHolder}, <code>float[]</code>, or <code>double[]</code></td>
+     * <td>{@link argparser.FloatHolder FloatHolder}, {@link argparser.DoubleHolder DoubleHolder}, <code>float[]</code>,
+     * or <code>double[]</code></td>
      * </tr>
      * 
      * <tr valign=top>
@@ -1180,10 +1262,13 @@ public class ArgParser {
      * </table>
      * 
      * <p>
-     * In addition, if the multiplier is greater than 1, then only the array type indicated above may be used, and the array must be at least as long as the multiplier.
+     * In addition, if the multiplier is greater than 1, then only the array type indicated above may be used, and the
+     * array must be at least as long as the multiplier.
      * 
      * <p>
-     * <a name=vectorHolder>If the result holder is a <code>Vector</code>, then the system will create an appropriate result holder object and add it to the vector. Multiple occurances of the option will cause multiple results to be added to the vector.
+     * <a name=vectorHolder>If the result holder is a <code>Vector</code>, then the system will create an appropriate
+     * result holder object and add it to the vector. Multiple occurances of the option will cause multiple results to
+     * be added to the vector.
      * 
      * <p>
      * The object allocated by the system to store the result will correspond to the conversion code as follows:
@@ -1682,11 +1767,14 @@ public class ArgParser {
      * Matches arguments within an argument list.
      * 
      * <p>
-     * In the event of an erroneous or unmatched argument, the method prints a message and exits the program with code 1.
+     * In the event of an erroneous or unmatched argument, the method prints a message and exits the program with code
+     * 1.
      * 
      * <p>
-     * If help options are enabled and one of the arguments matches a help option, then the result of {@link #getHelpMessage
-     * getHelpMessage} is printed to the default print stream and the program exits with code 0. If help options are not enabled, they are ignored.
+     * If help options are enabled and one of the arguments matches a help option, then the result of
+     * {@link #getHelpMessage
+     * getHelpMessage} is printed to the default print stream and the program exits with code 0. If help options are not
+     * enabled, they are ignored.
      * 
      * @param args argument list
      * @see ArgParser#getDefaultPrintStream
@@ -1702,14 +1790,20 @@ public class ArgParser {
      * unmatched arguments are returned in a String array.
      * 
      * <p>
-     * In the event of an erroneous argument, the method either prints a message and exits the program (if {@link #EXIT_ON_ERROR} is set in <code>exitFlags</code>) or terminates the matching and creates a error message that can be retrieved by {@link #getErrorMessage}.
+     * In the event of an erroneous argument, the method either prints a message and exits the program (if
+     * {@link #EXIT_ON_ERROR} is set in <code>exitFlags</code>) or terminates the matching and creates a error message
+     * that can be retrieved by {@link #getErrorMessage}.
      * 
      * <p>
-     * In the event of an umatched argument, the method will print a message and exit if {@link #EXIT_ON_UNMATCHED} is set in <code>errorFlags</code>. Otherwise, the unmatched argument will be appended to the returned array of unmatched values, and the matching will continue at the next location.
+     * In the event of an umatched argument, the method will print a message and exit if {@link #EXIT_ON_UNMATCHED} is
+     * set in <code>errorFlags</code>. Otherwise, the unmatched argument will be appended to the returned array of
+     * unmatched values, and the matching will continue at the next location.
      * 
      * <p>
-     * If help options are enabled and one of the arguments matches a help option, then the result of {@link #getHelpMessage
-     * getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are not enabled, then they will not be matched.
+     * If help options are enabled and one of the arguments matches a help option, then the result of
+     * {@link #getHelpMessage
+     * getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are
+     * not enabled, then they will not be matched.
      * 
      * @param args argument list
      * @param idx starting location in list
@@ -1752,13 +1846,19 @@ public class ArgParser {
      * match should begin.
      * 
      * <p>
-     * In the event of an erroneous argument, the method throws an {@link argparser.ArgParseException ArgParseException} with an appropriate error message. This error message can also be retrieved using {@link #getErrorMessage getErrorMessage}.
+     * In the event of an erroneous argument, the method throws an {@link argparser.ArgParseException ArgParseException}
+     * with an appropriate error message. This error message can also be retrieved using {@link #getErrorMessage
+     * getErrorMessage}.
      * 
      * <p>
-     * In the event of an umatched argument, the method will return idx + 1, and {@link #getUnmatchedArgument getUnmatchedArgument} will return a copy of the unmatched argument. If an argument is matched, {@link #getUnmatchedArgument getUnmatchedArgument} will return <code>null</code>.
+     * In the event of an umatched argument, the method will return idx + 1, and {@link #getUnmatchedArgument
+     * getUnmatchedArgument} will return a copy of the unmatched argument. If an argument is matched,
+     * {@link #getUnmatchedArgument getUnmatchedArgument} will return <code>null</code>.
      * 
      * <p>
-     * If help options are enabled and the argument matches a help option, then the result of {@link #getHelpMessage getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are not enabled, then they are ignored.
+     * If help options are enabled and the argument matches a help option, then the result of {@link #getHelpMessage
+     * getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are
+     * not enabled, then they are ignored.
      * 
      * @param args argument list
      * @param idx location in list where match should start
@@ -1965,7 +2065,8 @@ public class ArgParser {
 
     /**
      * Returns the parser's error message. This is automatically
-     * set whenever an error is encountered in <code>matchArg</code> or <code>matchAllArgs</code>, and is automatically set to <code>null</code> at the beginning of these methods.
+     * set whenever an error is encountered in <code>matchArg</code> or <code>matchAllArgs</code>, and is automatically
+     * set to <code>null</code> at the beginning of these methods.
      * 
      * @return error message
      */
@@ -1974,7 +2075,8 @@ public class ArgParser {
     }
 
     /**
-     * Returns the value of an unmatched argument discovered {@link #matchArg matchArg} or {@link #matchAllArgs(String[],int,int)
+     * Returns the value of an unmatched argument discovered {@link #matchArg matchArg} or
+     * {@link #matchAllArgs(String[],int,int)
      * matchAllArgs}. If there was no unmatched argument, <code>null</code> is returned.
      * 
      * @return unmatched argument
diff --git a/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java b/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java
index 4a7b20e48..9ddb80778 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java
@@ -37,7 +37,8 @@ import java.lang.reflect.Array;
 import java.util.Vector;
 
 /**
- * Testing class for the class ArgParser. Executing the <code>main</code> method of this class will perform a suite of tests to help verify correct
+ * Testing class for the class ArgParser. Executing the <code>main</code> method of this class will perform a suite of
+ * tests to help verify correct
  * operation of the parser class.
  * 
  * @author John E. Lloyd, Fall 2004
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java b/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java
index cdc9a7fb1..879278a50 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java
@@ -85,7 +85,8 @@ public class AutoInstaller {
 
     // Set InternalDBVInfo
     /**
-     * Set Internal Database Information . Takes parameters internaldatabase hostname, internaldatabase port, internaldatabase name, internaldatabase binddn, internaldatabase password
+     * Set Internal Database Information . Takes parameters internaldatabase hostname, internaldatabase port,
+     * internaldatabase name, internaldatabase binddn, internaldatabase password
      */
 
     public void setInternalDBInfo(String dbh, String dbp, String dbname, String dbdn, String dbpswd) {
@@ -230,7 +231,9 @@ public class AutoInstaller {
     // Set Subsystem Information for Configuring 
 
     /**
-     * Takes parameters - sID- ServerID e.x cert1, sRoot- ServerRootK kT- keyType "RSA/DSA" , kL - keylength (1024.2048) , cVD- certificate validity dates e.g 365 for 1 year, sdn - subsystems dn, sAdp - subsystem's Admin port, sAgp - subsystems's Agentport,seSP- subsystem's ee SSL port , sep- Subsystems ee port.
+     * Takes parameters - sID- ServerID e.x cert1, sRoot- ServerRootK kT- keyType "RSA/DSA" , kL - keylength (1024.2048)
+     * , cVD- certificate validity dates e.g 365 for 1 year, sdn - subsystems dn, sAdp - subsystem's Admin port, sAgp -
+     * subsystems's Agentport,seSP- subsystem's ee SSL port , sep- Subsystems ee port.
      */
 
     public void setSubSystemInfo(String sID, String sRoot, String kT, String kL, String hT, String cVD, String sdn,
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/BaseState.java b/pki/base/silent/src/com/netscape/pkisilent/common/BaseState.java
index 99487a8f4..0d5e9cfc6 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/BaseState.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/BaseState.java
@@ -48,7 +48,8 @@ public class BaseState {
     }
 
     /**
-     * Set the publishing directory information . Takes the paramters ldaphost,ldapport,ldapDN, ldapDN password, BaseDN , Secure coonection (true/false)
+     * Set the publishing directory information . Takes the paramters ldaphost,ldapport,ldapDN, ldapDN password, BaseDN
+     * , Secure coonection (true/false)
      */
     public void setLDAPInfo(String h, String p, String dn, String pw, String base, boolean sc) {
         ldaphost = h;
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java b/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
index 601e5998c..f5737167e 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
@@ -85,7 +85,8 @@ public class CMSConfig extends ServerInfo {
 
     // Enable DirectoryBased Authentication
     /**
-     * Takes parameters : secureConnection( true/false), basedn, ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port)
+     * Takes parameters : secureConnection( true/false), basedn, ldaphostname, lapdaportnumber ( in case of secured
+     * connection give ldap secured port)
      */
 
     public void EnableDirEnrollment(boolean secureConn, String ldapbase, String lhost, String lport) {
@@ -146,7 +147,8 @@ public class CMSConfig extends ServerInfo {
     }
 
     /**
-     * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com)
+     * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber (
+     * in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com)
      */
 
     void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport,
@@ -207,7 +209,8 @@ public class CMSConfig extends ServerInfo {
 
     // Publishing 
     /**
-     * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port)
+     * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber (
+     * in case of secured connection give ldap secured port)
      */
 
     public void EnablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport) {
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java b/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java
index ec7ce3545..1868f17c4 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java
@@ -38,7 +38,9 @@ public class CMSInstance {
      */
 
     /**
-     * Constructor. Takes parameters hostname, adminserverport, adminDN, adminDNpassword, Dominanname, ServerRoot( full path) , instanceID, mnameand sieURL. mname is the fully qualified name of the server ( jupiter2.nscp.aoltw.net) sieURL is ("ldap://jupiter2.nscp.aoltw.net:(ConfigLADPPort)/o=NetscapeRoot"
+     * Constructor. Takes parameters hostname, adminserverport, adminDN, adminDNpassword, Dominanname, ServerRoot( full
+     * path) , instanceID, mnameand sieURL. mname is the fully qualified name of the server ( jupiter2.nscp.aoltw.net)
+     * sieURL is ("ldap://jupiter2.nscp.aoltw.net:(ConfigLADPPort)/o=NetscapeRoot"
      */
 
     private String cs_server_root, cs_tps_root, tps_hostname, tps_fqdn, tps_instanceid, tps_ee_port, tps_agent_port,
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java b/pki/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java
index c79174f60..a4ba55d29 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java
@@ -47,12 +47,20 @@ import java.util.Hashtable;
  * or loaded from a stream. Each key and its corresponding value in
  * the property list is a string.
  * <p>
- * A property list can contain another property list as its "defaults"; this second property list is searched if the property key is not found in the original property list.
+ * A property list can contain another property list as its "defaults"; this second property list is searched if the
+ * property key is not found in the original property list.
  * <p>
- * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code> methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised" <code>Properties</code> object that contains a non-
- * <code>String</code> key or value, the call will fail.
+ * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code>
+ * methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the
+ * caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method
+ * should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised"
+ * <code>Properties</code> object that contains a non- <code>String</code> key or value, the call will fail.
  * <p>
- * <a name="encoding"></a> When saving properties to a stream or loading them from a stream, the ISO 8859-1 character encoding is used. For characters that cannot be directly represented in this encoding, <a href="http://java.sun.com/docs/books/jls/html/3.doc.html#100850">Unicode escapes</a> are used; however, only a single 'u' character is allowed in an escape sequence. The native2ascii tool can be used to convert property files to and from other character encodings.
+ * <a name="encoding"></a> When saving properties to a stream or loading them from a stream, the ISO 8859-1 character
+ * encoding is used. For characters that cannot be directly represented in this encoding, <a
+ * href="http://java.sun.com/docs/books/jls/html/3.doc.html#100850">Unicode escapes</a> are used; however, only a single
+ * 'u' character is allowed in an escape sequence. The native2ascii tool can be used to convert property files to and
+ * from other character encodings.
  * 
  * @see <a href="../../../tooldocs/solaris/native2ascii.html">native2ascii tool for Solaris</a>
  * @see <a href="../../../tooldocs/win32/native2ascii.html">native2ascii tool for Windows</a>
@@ -120,15 +128,29 @@ class CMSProperties extends Hashtable<String, String> {
      * Reads a property list (key and element pairs) from the input stream.
      * The stream is assumed to be using the ISO 8859-1 character encoding.
      * <p>
-     * Every property occupies one line of the input stream. Each line is terminated by a line terminator (<code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of file is reached on the input stream.
+     * Every property occupies one line of the input stream. Each line is terminated by a line terminator (
+     * <code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of
+     * file is reached on the input stream.
      * <p>
-     * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines).
+     * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or
+     * <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines).
      * <p>
-     * Every line other than a blank line or a comment line describes one property to be added to the table (except that if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described below). The key consists of all the characters in the line starting with the first non-whitespace character and up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key termination characters may be included in
-     * the key by preceding them with a \. Any whitespace after the key is skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>, <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>,
-     * <code>\ &#32;</code> &#32;(a backslash and a space), and <code>&#92;u</code><i>xxxx</i> are recognized and converted to single characters. Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace characters on the continuation line are also discarded and are not part of the element string.
+     * Every line other than a blank line or a comment line describes one property to be added to the table (except that
+     * if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described
+     * below). The key consists of all the characters in the line starting with the first non-whitespace character and
+     * up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key
+     * termination characters may be included in the key by preceding them with a \. Any whitespace after the key is
+     * skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is
+     * ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part
+     * of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>,
+     * <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>, <code>\ &#32;</code> &#32;(a
+     * backslash and a space), and <code>&#92;u</code><i>xxxx</i> are recognized and converted to single characters.
+     * Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of
+     * the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace
+     * characters on the continuation line are also discarded and are not part of the element string.
      * <p>
-     * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element value <code>"Beauty"</code>:
+     * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element
+     * value <code>"Beauty"</code>:
      * <p>
      * 
      * <pre>
@@ -153,7 +175,9 @@ class CMSProperties extends Hashtable<String, String> {
      * &quot;apple, banana, pear, cantaloupe, watermelon,kiwi, mango&quot;
      * </pre>
      * 
-     * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded and are <i>not</i> replaced by one or more other characters.
+     * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final
+     * result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded
+     * and are <i>not</i> replaced by one or more other characters.
      * <p>
      * As a third example, the line:
      * <p>
@@ -451,20 +475,34 @@ class CMSProperties extends Hashtable<String, String> {
     }
 
     /**
-     * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a format suitable
+     * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a
+     * format suitable
      * for loading into a <code>Properties</code> table using the <code>load</code> method.
      * The stream is written using the ISO 8859-1 character encoding.
      * <p>
-     * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by this method.
+     * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by
+     * this method.
      * <p>
-     * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying comment.
+     * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line
+     * separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying
+     * comment.
      * <p>
-     * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line separator as generated by the Writer.
+     * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and
+     * time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line
+     * separator as generated by the Writer.
      * <p>
-     * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>, <code>\n</code>, and <code>\r</code>, respectively. Characters less
-     * than <code>&#92;u0020</code> and characters greater than <code>&#92;u007E</code> are written as <code>&#92;u</code><i>xxxx</i> for the appropriate hexadecimal value <i>xxxx</i>. Leading space characters, but not embedded or trailing space characters, are written with a preceding <code>\</code>. The key and value characters <code>#</code>, <code>!</code>, <code>=</code>, and <code>:</code> are written with a preceding slash to ensure that they are properly loaded.
+     * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key
+     * string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the
+     * element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters
+     * <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>,
+     * <code>\n</code>, and <code>\r</code>, respectively. Characters less than <code>&#92;u0020</code> and characters
+     * greater than <code>&#92;u007E</code> are written as <code>&#92;u</code><i>xxxx</i> for the appropriate
+     * hexadecimal value <i>xxxx</i>. Leading space characters, but not embedded or trailing space characters, are
+     * written with a preceding <code>\</code>. The key and value characters <code>#</code>, <code>!</code>,
+     * <code>=</code>, and <code>:</code> are written with a preceding slash to ensure that they are properly loaded.
      * <p>
-     * After the entries have been written, the output stream is flushed. The output stream remains open after this method returns.
+     * After the entries have been written, the output stream is flushed. The output stream remains open after this
+     * method returns.
      * 
      * @param out an output stream.
      * @param header a description of the property list.
@@ -505,7 +543,8 @@ class CMSProperties extends Hashtable<String, String> {
     /**
      * Searches for the property with the specified key in this property list.
      * If the key is not found in this property list, the default property list,
-     * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not found.
+     * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not
+     * found.
      * 
      * @param key the property key.
      * @return the value in this property list with the specified key value.
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java b/pki/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java
index 9881aa2ca..1c308e2c2 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java
@@ -101,7 +101,8 @@ public class ComCrypto {
     };
 
     /**
-     * Constructor . Takes the parameter certificatedbdirectory , passwordfor cert database, certificatenickname,keysize, keytype(RSA/DSA)
+     * Constructor . Takes the parameter certificatedbdirectory , passwordfor cert database,
+     * certificatenickname,keysize, keytype(RSA/DSA)
      * 
      * @param certdbdirectory.
      * @param certdbpassword
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java b/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
index 0087da254..0e47084e7 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
@@ -72,7 +72,8 @@ public class DirEnroll extends TestClient {
     }
 
     /**
-     * Constructor. Takes hostname,EESSLportnumber,uid,password,certdbdirectorypath,certdbpassword,certificatenickname,keysize,teytype
+     * Constructor. Takes
+     * hostname,EESSLportnumber,uid,password,certdbdirectorypath,certdbpassword,certificatenickname,keysize,teytype
      * <p>
      * 
      * @param hostname
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/PostQuery.java b/pki/base/silent/src/com/netscape/pkisilent/common/PostQuery.java
index 64e49d90a..bf5db5043 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/PostQuery.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/PostQuery.java
@@ -31,7 +31,8 @@ import com.netscape.osutil.OSUtil;
 
 /**
  * CMS Test framework .
- * This class submits request to admin server after authenticating with UID and Password. You can get back the response by calling the method. getPage().
+ * This class submits request to admin server after authenticating with UID and Password. You can get back the response
+ * by calling the method. getPage().
  */
 
 public class PostQuery {
@@ -44,7 +45,8 @@ public class PostQuery {
     private StringBuffer stdout = new StringBuffer();
 
     /**
-     * Constructor . Takes the parameters urlstring("http://hostname:<portnumber> , Id for authenticating to the server, password for authentication to the server and query which needs to be submitted to the server
+     * Constructor . Takes the parameters urlstring("http://hostname:<portnumber> , Id for authenticating to the server,
+     * password for authentication to the server and query which needs to be submitted to the server
      */
 
     public PostQuery(String urlstr, String authid, String authpwd, String querystring) {
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java b/pki/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java
index 617fb583a..f63a0f54b 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java
@@ -26,7 +26,8 @@ import java.util.StringTokenizer;
 
 /**
  * CMS Test framework .
- * This class fetches all the necssary ServerInformation to run the test . For example AdminServer information linke port , hsotname, Config LDAP server port, CMS servers Agentport,AdminPort, EESSL port, EE port etc..
+ * This class fetches all the necssary ServerInformation to run the test . For example AdminServer information linke
+ * port , hsotname, Config LDAP server port, CMS servers Agentport,AdminPort, EESSL port, EE port etc..
  */
 
 public class ServerInfo {
@@ -48,7 +49,8 @@ public class ServerInfo {
     }
 
     /**
-     * Constructor. Takes Server root as parameter for example ( /export/qa). Reads and collects information about adminserver and Config LDAP server.
+     * Constructor. Takes Server root as parameter for example ( /export/qa). Reads and collects information about
+     * adminserver and Config LDAP server.
      */
     public ServerInfo(String sroot) {
         serverRoot = sroot;
@@ -58,7 +60,8 @@ public class ServerInfo {
     }
 
     /**
-     * Constructor. Takes Serverroot ( /export/qa) and instanceRoot (/export/qa/cert-jupiter2) as parameters . Reads and collects information about Admin Server , Config LDAP server and CMS server .
+     * Constructor. Takes Serverroot ( /export/qa) and instanceRoot (/export/qa/cert-jupiter2) as parameters . Reads and
+     * collects information about Admin Server , Config LDAP server and CMS server .
      */
 
     public ServerInfo(String sroot, String instRoot) {
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/TestClient.java b/pki/base/silent/src/com/netscape/pkisilent/common/TestClient.java
index eeb23c34b..c5744fe6e 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/TestClient.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/TestClient.java
@@ -99,7 +99,8 @@ public class TestClient implements SSLCertificateApprovalCallback {
 
     /**
      * Constructor . Takes the parameter for keysize and keytype .
-     * Before creating a new instance of this class make sure you have set TEST_CONFIG_FILE variable in your environnemt.
+     * Before creating a new instance of this class make sure you have set TEST_CONFIG_FILE variable in your
+     * environnemt.
      * Reads the TEST_CONFIG_FILE . Initializes the certificate database. See engage.cfg file for example.
      * 
      * @param keysize
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java b/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
index 1fbf834b0..e5c2f0b4a 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
@@ -68,7 +68,8 @@ public class UserEnroll extends TestClient {
     }
 
     /**
-     * Constructor . Takes the parameter for hostname, EESSLportnumber, subjectdn, E, CN,UID,OU,O, CertdbDirecrory(fullpath) , certdbPassword, keysize, keytype, requestorName,requestorEmail and Certtype.
+     * Constructor . Takes the parameter for hostname, EESSLportnumber, subjectdn, E, CN,UID,OU,O,
+     * CertdbDirecrory(fullpath) , certdbPassword, keysize, keytype, requestorName,requestorEmail and Certtype.
      * valid values for Certtype - "ca","ra","ocsp"
      * <p>
      * 
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java b/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
index d0b0373d7..99a6e0849 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
@@ -31,7 +31,8 @@ import org.mozilla.jss.ssl.SSLSocket;
 
 /**
  * CMS Test framework .
- * Submits a checkRequestStatus request to the server. parses the response from server and can import cert to the specified client database.
+ * Submits a checkRequestStatus request to the server. parses the response from server and can import cert to the
+ * specified client database.
  * <P>
  */
 
@@ -90,7 +91,8 @@ public class checkRequest extends TestClient {
     }
 
     /**
-     * Constructor . Takes the parameter for hostname , EESSLportnumber , certdbdir, certdbpassword, Requestnumber ,certnickname and ImportCert ( true/false)
+     * Constructor . Takes the parameter for hostname , EESSLportnumber , certdbdir, certdbpassword, Requestnumber
+     * ,certnickname and ImportCert ( true/false)
      * <p>
      */
 
diff --git a/pki/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java b/pki/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java
index 67e95cf5d..e8de29081 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java
@@ -498,7 +498,8 @@ public class HTMLDocument {
     /**
      * Retrieves the contents of the HTML document with all tags removed.
      * 
-     * @return The contents of the HTML document with all tags removed, or <CODE>null</CODE> if a problem occurs while trying to parse the
+     * @return The contents of the HTML document with all tags removed, or <CODE>null</CODE> if a problem occurs while
+     *         trying to parse the
      *         HTML.
      */
     public String getTextData() {
@@ -538,7 +539,8 @@ public class HTMLDocument {
      * that are in the form of links to other content.
      * 
      * @return An array containing a set of URLs parsed from the HTML document
-     *         that are in the form of links to other content, or <CODE>null</CODE> if a problem occurs while trying to parse the
+     *         that are in the form of links to other content, or <CODE>null</CODE> if a problem occurs while trying to
+     *         parse the
      *         HTML.
      */
     public String[] getDocumentLinks() {
diff --git a/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java b/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java
index b0bda3c1c..1415478bb 100644
--- a/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java
+++ b/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java
@@ -35,7 +35,8 @@ import netscape.security.x509.Extension;
  * Represents Netscape Certificate Type Extension
  * 
  * <p>
- * This deprecated extension, if present, defines both the purpose (e.g., encipherment, signature, certificate signing) and the application (e.g., SSL, S/Mime or Object Signing of the key contained in the certificate.
+ * This deprecated extension, if present, defines both the purpose (e.g., encipherment, signature, certificate signing)
+ * and the application (e.g., SSL, S/Mime or Object Signing of the key contained in the certificate.
  * 
  * @author galperin
  * @version $Revision$, $Date$
diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java b/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java
index 9e0c7150a..520b3e969 100644
--- a/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java
+++ b/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java
@@ -39,10 +39,12 @@ import netscape.security.x509.OIDMap;
  * Represent a PKCS Attribute.
  * 
  * <p>
- * Attributes are addiitonal attributes which can be inserted in a PKCS certificate request. For example a "Driving License Certificate" could have the driving license number as a attribute.
+ * Attributes are addiitonal attributes which can be inserted in a PKCS certificate request. For example a
+ * "Driving License Certificate" could have the driving license number as a attribute.
  * 
  * <p>
- * Attributes are represented as a sequence of the attribute identifier (Object Identifier) and a set of DER encoded attribute values. The current implementation only supports one value per attribute.
+ * Attributes are represented as a sequence of the attribute identifier (Object Identifier) and a set of DER encoded
+ * attribute values. The current implementation only supports one value per attribute.
  * 
  * ASN.1 definition of Attribute:
  * 
diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java b/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java
index f3df3d94a..b3ec07906 100644
--- a/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java
+++ b/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java
@@ -77,7 +77,9 @@ public class PKCS8Key implements PrivateKey {
      * PKCS8Key object is returned.
      * 
      * <P>
-     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be accomodated.
+     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of
+     * losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be
+     * accomodated.
      * 
      * @param in the DER-encoded SubjectPublicKeyInfo value
      * @exception IOException on data format errors
@@ -118,7 +120,8 @@ public class PKCS8Key implements PrivateKey {
      * DSS/DSA keys encapsulate a single unsigned integer.
      * 
      * <P>
-     * This function is called when creating PKCS#8 SubjectPublicKeyInfo values using the PKCS8Key member functions, such as <code>parse</code> and <code>decode</code>.
+     * This function is called when creating PKCS#8 SubjectPublicKeyInfo values using the PKCS8Key member functions,
+     * such as <code>parse</code> and <code>decode</code>.
      * 
      * @exception IOException if a parsing error occurs.
      * @exception InvalidKeyException if the key encoding is invalid.
@@ -288,7 +291,8 @@ public class PKCS8Key implements PrivateKey {
      * often used to encapsulate another DER encoded sequence.)
      * 
      * <P>
-     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code> method to parse any fields inside the <code>key</code> member.
+     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code>
+     * method to parse any fields inside the <code>key</code> member.
      * 
      * @param in an input stream with a DER-encoded PKCS#8
      *            SubjectPublicKeyInfo value
diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java b/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java
index fa51a3ed9..ef0f6a481 100644
--- a/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java
+++ b/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java
@@ -484,7 +484,8 @@ public class PKCS9Attribute implements DerEncoder {
      * Arrays of length zero are accepted, though probably useless.
      * 
      * <P>
-     * The following table gives the class that <code>value</code> must have for a given attribute. Reasonable variants of these attributes are accepted; in particular, case does not matter.
+     * The following table gives the class that <code>value</code> must have for a given attribute. Reasonable variants
+     * of these attributes are accepted; in particular, case does not matter.
      * 
      * <P>
      * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER>
@@ -761,7 +762,8 @@ public class PKCS9Attribute implements DerEncoder {
      * Write the DER encoding of this attribute to an output stream.
      * 
      * <P>
-     * N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1 <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s.
+     * N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1
+     * <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s.
      */
     public void derEncode(OutputStream out) throws IOException {
         DerOutputStream temp = new DerOutputStream();
diff --git a/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java b/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java
index f9736467c..a56839ac1 100644
--- a/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java
+++ b/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java
@@ -190,7 +190,8 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
     }
 
     /**
-     * Initializes the DSA key pair generator. If <code>genParams</code> is false, a set of pre-computed parameters is used. In this case, <code>modelen</code> must be 512, 768, or 1024.
+     * Initializes the DSA key pair generator. If <code>genParams</code> is false, a set of pre-computed parameters is
+     * used. In this case, <code>modelen</code> must be 512, 768, or 1024.
      */
     public void initialize(int modlen, boolean genParams, SecureRandom random)
             throws InvalidParameterException {
diff --git a/pki/base/util/src/netscape/security/provider/SHA.java b/pki/base/util/src/netscape/security/provider/SHA.java
index 560770f8f..5aed99264 100644
--- a/pki/base/util/src/netscape/security/provider/SHA.java
+++ b/pki/base/util/src/netscape/security/provider/SHA.java
@@ -27,7 +27,8 @@ import java.security.MessageDigestSpi;
  * fip-180 as superseded by fip-180-1.
  * 
  * <p>
- * It implement JavaSecurity MessageDigest, and can be used by in the Java Security framework, as a pluggable implementation, as a filter for the digest stream classes.
+ * It implement JavaSecurity MessageDigest, and can be used by in the Java Security framework, as a pluggable
+ * implementation, as a filter for the digest stream classes.
  * 
  * @version 1.30 97/12/10
  * @author Roger Riggs
diff --git a/pki/base/util/src/netscape/security/util/DerInputStream.java b/pki/base/util/src/netscape/security/util/DerInputStream.java
index f4aaf0813..e85d48ed6 100644
--- a/pki/base/util/src/netscape/security/util/DerInputStream.java
+++ b/pki/base/util/src/netscape/security/util/DerInputStream.java
@@ -33,10 +33,13 @@ import java.util.Vector;
  * it uses the "Definite" Encoding Rules (DER) not the "Basic" ones (BER).
  * 
  * <P>
- * Note that, like BER/1, DER streams are streams of explicitly tagged data values. Accordingly, this programming interface does not expose any variant of the java.io.InputStream interface, since that kind of input stream holds untagged data values and using that I/O model could prevent correct parsing of the DER data.
+ * Note that, like BER/1, DER streams are streams of explicitly tagged data values. Accordingly, this programming
+ * interface does not expose any variant of the java.io.InputStream interface, since that kind of input stream holds
+ * untagged data values and using that I/O model could prevent correct parsing of the DER data.
  * 
  * <P>
- * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for parsing most X.509 certificates.
+ * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is
+ * sufficient for parsing most X.509 certificates.
  * 
  * @version 1.35
  * 
diff --git a/pki/base/util/src/netscape/security/util/DerOutputStream.java b/pki/base/util/src/netscape/security/util/DerOutputStream.java
index 17c303289..44a4df8f0 100644
--- a/pki/base/util/src/netscape/security/util/DerOutputStream.java
+++ b/pki/base/util/src/netscape/security/util/DerOutputStream.java
@@ -38,7 +38,8 @@ import java.util.TimeZone;
  * that byte array.
  * 
  * <P>
- * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for generating most X.509 certificates.
+ * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is
+ * sufficient for generating most X.509 certificates.
  * 
  * @version 1.32
  * 
@@ -613,7 +614,8 @@ public class DerOutputStream
      * Marshals a DER UTC time/date value.
      * 
      * <P>
-     * YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX partI.
+     * YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX
+     * partI.
      */
     public void putUTCTime(Date d) throws IOException {
         /*
@@ -642,7 +644,8 @@ public class DerOutputStream
      * Marshals a DER Generalized Time/date value.
      * 
      * <P>
-     * YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX partI.
+     * YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per
+     * IETF-PKIX partI.
      */
     public void putGeneralizedTime(Date d) throws IOException {
         /*
diff --git a/pki/base/util/src/netscape/security/util/DerValue.java b/pki/base/util/src/netscape/security/util/DerValue.java
index 298a08cd6..71b6f7f2c 100644
--- a/pki/base/util/src/netscape/security/util/DerValue.java
+++ b/pki/base/util/src/netscape/security/util/DerValue.java
@@ -36,10 +36,13 @@ import netscape.security.x509.GenericValueConverter;
  * ("Definite" encoding) to encode any given value.
  * 
  * <P>
- * All DER-encoded data are triples <em>{type, length, data}</em>. This class represents such tagged values as they have been read (or constructed), and provides structured access to the encoded data.
+ * All DER-encoded data are triples <em>{type, length, data}</em>. This class represents such tagged values as they have
+ * been read (or constructed), and provides structured access to the encoded data.
  * 
  * <P>
- * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for parsing most X.509 certificates, and working with selected additional formats (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data).
+ * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is
+ * sufficient for parsing most X.509 certificates, and working with selected additional formats (such as PKCS #10
+ * certificate requests, and some kinds of PKCS #7 data).
  * 
  * @version 1.43
  * 
diff --git a/pki/base/util/src/netscape/security/util/ObjectIdentifier.java b/pki/base/util/src/netscape/security/util/ObjectIdentifier.java
index f2badf8bd..8dd547760 100644
--- a/pki/base/util/src/netscape/security/util/ObjectIdentifier.java
+++ b/pki/base/util/src/netscape/security/util/ObjectIdentifier.java
@@ -25,10 +25,14 @@ import java.util.StringTokenizer;
  * Represent an ISO Object Identifier.
  * 
  * <P>
- * Object Identifiers are arbitrary length hierarchical identifiers. The individual components are numbers, and they define paths from the root of an ISO-managed identifier space. You will sometimes see a string name used instead of (or in addition to) the numerical id. These are synonyms for the numerical IDs, but are not widely used since most sites do not know all the requisite strings, while all sites can parse the numeric forms.
+ * Object Identifiers are arbitrary length hierarchical identifiers. The individual components are numbers, and they
+ * define paths from the root of an ISO-managed identifier space. You will sometimes see a string name used instead of
+ * (or in addition to) the numerical id. These are synonyms for the numerical IDs, but are not widely used since most
+ * sites do not know all the requisite strings, while all sites can parse the numeric forms.
  * 
  * <P>
- * So for example, JavaSoft has the sole authority to assign the meaning to identifiers below the 1.3.6.1.4.42.2.17 node in the hierarchy, and other organizations can easily acquire the ability to assign such unique identifiers.
+ * So for example, JavaSoft has the sole authority to assign the meaning to identifiers below the 1.3.6.1.4.42.2.17 node
+ * in the hierarchy, and other organizations can easily acquire the ability to assign such unique identifiers.
  * 
  * @version 1.23
  * 
@@ -92,7 +96,8 @@ final public class ObjectIdentifier implements Serializable {
      * In this case, that means a triple { typeId, length, data }.
      * 
      * <P>
-     * <STRONG>NOTE:</STRONG> When an exception is thrown, the input stream has not been returned to its "initial" state.
+     * <STRONG>NOTE:</STRONG> When an exception is thrown, the input stream has not been returned to its "initial"
+     * state.
      * 
      * @param in DER-encoded data holding an object ID
      * @exception IOException indicates a decoding error
diff --git a/pki/base/util/src/netscape/security/x509/AVA.java b/pki/base/util/src/netscape/security/x509/AVA.java
index 0b7d0f849..ad94c2c61 100644
--- a/pki/base/util/src/netscape/security/x509/AVA.java
+++ b/pki/base/util/src/netscape/security/x509/AVA.java
@@ -39,7 +39,8 @@ import netscape.security.util.ObjectIdentifier;
  * parsing (and generating) RFC 1779 syntax strings.
  * 
  * <P>
- * AVAs are components of X.500 relative names. Think of them as being individual fields of a database record. The attribute ID is how you identify the field, and the value is part of a particular record.
+ * AVAs are components of X.500 relative names. Think of them as being individual fields of a database record. The
+ * attribute ID is how you identify the field, and the value is part of a particular record.
  * 
  * @see X500Name
  * @see RDN
diff --git a/pki/base/util/src/netscape/security/x509/AVAValueConverter.java b/pki/base/util/src/netscape/security/x509/AVAValueConverter.java
index 8153099c5..cd3ce7616 100644
--- a/pki/base/util/src/netscape/security/x509/AVAValueConverter.java
+++ b/pki/base/util/src/netscape/security/x509/AVAValueConverter.java
@@ -28,7 +28,9 @@ import netscape.security.util.DerValue;
  * directory string, ia5string, etc.
  * 
  * <P>
- * For example, to convert a string, such as an organization name for the "O" attribute to a DerValue, the "O" attribute is mapped to the DirStrConverter which is used to convert the organization name to a DER encoded Directory String which is a DerValue of a ASN.1 PrintableString, T.61String or UniversalString for the organization name.
+ * For example, to convert a string, such as an organization name for the "O" attribute to a DerValue, the "O" attribute
+ * is mapped to the DirStrConverter which is used to convert the organization name to a DER encoded Directory String
+ * which is a DerValue of a ASN.1 PrintableString, T.61String or UniversalString for the organization name.
  * 
  * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc.
  */
diff --git a/pki/base/util/src/netscape/security/x509/AlgorithmId.java b/pki/base/util/src/netscape/security/x509/AlgorithmId.java
index 5bf3997c4..a30d45ca0 100644
--- a/pki/base/util/src/netscape/security/x509/AlgorithmId.java
+++ b/pki/base/util/src/netscape/security/x509/AlgorithmId.java
@@ -37,10 +37,14 @@ import netscape.security.util.ObjectIdentifier;
  * defined according to OID and (where relevant) parameters.
  * 
  * <P>
- * Subclasses may be used, for example when when the algorithm ID has associated parameters which some code (e.g. code using public keys) needs to have parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and the Digital Signature Standard Algorithm (DSS/DSA).
+ * Subclasses may be used, for example when when the algorithm ID has associated parameters which some code (e.g. code
+ * using public keys) needs to have parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and the
+ * Digital Signature Standard Algorithm (DSS/DSA).
  * 
  * <P>
- * The OID constants defined in this class correspond to some widely used algorithms, for which conventional string names have been defined. This class is not a general repository for OIDs, or for such string names. Note that the mappings between algorithm IDs and algorithm names is not one-to-one.
+ * The OID constants defined in this class correspond to some widely used algorithms, for which conventional string
+ * names have been defined. This class is not a general repository for OIDs, or for such string names. Note that the
+ * mappings between algorithm IDs and algorithm names is not one-to-one.
  * 
  * @version 1.70
  * 
@@ -425,7 +429,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
     /**
      * Returns the ISO OID for this algorithm. This is usually converted
      * to a string and used as part of an algorithm name, for example
-     * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> call when you do not need to ensure cross-system portability
+     * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> call when you do not need to ensure cross-system
+     * portability
      * of algorithm names, or need a user friendly name.
      */
     final public ObjectIdentifier getOID() {
diff --git a/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java b/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
index e6fa227ab..b7f84f9f7 100644
--- a/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
+++ b/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
@@ -31,7 +31,9 @@ import netscape.security.util.DerValue;
  * This class represents the Authority Key Identifier Extension.
  * 
  * <p>
- * The authority key identifier extension provides a means of identifying the particular public key used to sign a certificate. This extension would be used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover).
+ * The authority key identifier extension provides a means of identifying the particular public key used to sign a
+ * certificate. This extension would be used where an issuer has multiple signing keys (either due to multiple
+ * concurrent key pairs or due to changeover).
  * <p>
  * The ASN.1 syntax for this is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java
index 43f993ee3..5846296d1 100644
--- a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java
@@ -32,7 +32,8 @@ import netscape.security.util.DerValue;
  * This class represents the Basic Constraints Extension.
  * 
  * <p>
- * The basic constraints extension identifies whether the subject of the certificate is a CA and how deep a certification path may exist through that CA.
+ * The basic constraints extension identifies whether the subject of the certificate is a CA and how deep a
+ * certification path may exist through that CA.
  * 
  * <pre>
  * The ASN.1 syntax for this extension is:
diff --git a/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java b/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java
index 9475117be..e3965753c 100755
--- a/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java
+++ b/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java
@@ -33,7 +33,9 @@ import netscape.security.util.DerValue;
  * Represent the CRL Number Extension.
  * 
  * <p>
- * This extension, if present, conveys a monotonically increasing sequence number for each CRL issued by a given CA through a specific CA X.500 Directory entry or CRL distribution point. This extension allows users to easily determine when a particular CRL supersedes another CRL.
+ * This extension, if present, conveys a monotonically increasing sequence number for each CRL issued by a given CA
+ * through a specific CA X.500 Directory entry or CRL distribution point. This extension allows users to easily
+ * determine when a particular CRL supersedes another CRL.
  * 
  * @author Hemma Prafullchandra
  * @version 1.2
diff --git a/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java b/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java
index f13a4852e..1579d46bf 100644
--- a/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java
+++ b/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java
@@ -40,15 +40,19 @@ import netscape.security.pkcs.PKCS10;
  * provided primarily for ease of use.
  * 
  * <P>
- * This provides some simple certificate management functionality. Specifically, it allows you to create self-signed X.509 certificates as well as PKCS 10 based certificate signing requests.
+ * This provides some simple certificate management functionality. Specifically, it allows you to create self-signed
+ * X.509 certificates as well as PKCS 10 based certificate signing requests.
  * 
  * <P>
- * Keys for some public key signature algorithms have algorithm parameters, such as DSS/DSA. Some sites' Certificate Authorities adopt fixed algorithm parameters, which speeds up some operations including key generation and signing. <em>At this time, this interface
+ * Keys for some public key signature algorithms have algorithm parameters, such as DSS/DSA. Some sites' Certificate
+ * Authorities adopt fixed algorithm parameters, which speeds up some operations including key generation and signing.
+ * <em>At this time, this interface
  * does not provide a way to provide such algorithm parameters, e.g.
  * by providing the CA certificate which includes those parameters.</em>
  * 
  * <P>
- * Also, note that at this time only signature-capable keys may be acquired through this interface. Diffie-Hellman keys, used for secure key exchange, may be supported later.
+ * Also, note that at this time only signature-capable keys may be acquired through this interface. Diffie-Hellman keys,
+ * used for secure key exchange, may be supported later.
  * 
  * @author David Brownell
  * @author Hemma Prafullchandra
@@ -95,7 +99,9 @@ public final class CertAndKeyGen {
      * easier to perform such attacks. Small keys are to be avoided.
      * 
      * <P>
-     * Note that not all values of "keyBits" are valid for all algorithms, and not all public key algorithms are currently supported for use in X.509 certificates. If the algorithm you specified does not produce X.509 compatible keys, an invalid key exception is thrown.
+     * Note that not all values of "keyBits" are valid for all algorithms, and not all public key algorithms are
+     * currently supported for use in X.509 certificates. If the algorithm you specified does not produce X.509
+     * compatible keys, an invalid key exception is thrown.
      * 
      * @param keyBits the number of bits in the keys.
      * @exception InvalidKeyException if the environment does not
@@ -150,7 +156,9 @@ public final class CertAndKeyGen {
      * The certificate is immediately valid.
      * 
      * <P>
-     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes.
+     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always
+     * be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security
+     * infrastructure, or deploying system prototypes.
      * 
      * @deprecated Use the new <a href =
      *             "#getSelfCertificate(netscape.security.x509.X500Name, long)">
@@ -179,7 +187,9 @@ public final class CertAndKeyGen {
      * The certificate is immediately valid. No extensions.
      * 
      * <P>
-     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes.
+     * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always
+     * be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security
+     * infrastructure, or deploying system prototypes.
      * 
      * @param myname X.500 name of the subject (who is also the issuer)
      * @param validity how long the certificate should be valid, in seconds
@@ -233,11 +243,13 @@ public final class CertAndKeyGen {
     }
 
     /**
-     * Returns a PKCS #10 certificate request. The caller uses either <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> operations on the result, to get the request in an appropriate
+     * Returns a PKCS #10 certificate request. The caller uses either <code>PKCS10.print</code> or
+     * <code>PKCS10.toByteArray</code> operations on the result, to get the request in an appropriate
      * transmission format.
      * 
      * <P>
-     * PKCS #10 certificate requests are sent, along with some proof of identity, to Certificate Authorities (CAs) which then issue X.509 public key certificates.
+     * PKCS #10 certificate requests are sent, along with some proof of identity, to Certificate Authorities (CAs) which
+     * then issue X.509 public key certificates.
      * 
      * @param myname X.500 name of the subject
      * @exception InvalidKeyException on key handling errors.
diff --git a/pki/base/util/src/netscape/security/x509/CertAttrSet.java b/pki/base/util/src/netscape/security/x509/CertAttrSet.java
index acfcb7cce..958432668 100755
--- a/pki/base/util/src/netscape/security/x509/CertAttrSet.java
+++ b/pki/base/util/src/netscape/security/x509/CertAttrSet.java
@@ -29,7 +29,8 @@ import java.util.Enumeration;
  * Subject Name. A CertAttrSet may compromise one attribute or many
  * attributes.
  * <p>
- * A CertAttrSet itself can also be comprised of other sub-sets. In the case of X.509 V3 certificates, for example, the "extensions" attribute has subattributes, such as those for KeyUsage and AuthorityKeyIdentifier.
+ * A CertAttrSet itself can also be comprised of other sub-sets. In the case of X.509 V3 certificates, for example, the
+ * "extensions" attribute has subattributes, such as those for KeyUsage and AuthorityKeyIdentifier.
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java b/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
index 3809b3973..490c087bb 100644
--- a/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
+++ b/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
@@ -32,7 +32,8 @@ import netscape.security.util.DerValue;
  * Represent the CRL Certificate Issuer Extension.
  * 
  * <p>
- * This CRL entry extension identifies the certificate issuer associated with an entry in an indirect CRL, i.e. a CRL that has the indirectCRL indicator set in its issuing distribution point extension.
+ * This CRL entry extension identifies the certificate issuer associated with an entry in an indirect CRL, i.e. a CRL
+ * that has the indirectCRL indicator set in its issuing distribution point extension.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java b/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java
index 83c031ead..d4e1cf86a 100644
--- a/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java
+++ b/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java
@@ -32,8 +32,12 @@ import netscape.security.util.ObjectIdentifier;
  * This class defines the Certificate Policies Extension.
  * 
  * <p>
- * The certificate policies extension conatins a sequence of policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the certificate has been issued and the purposes for which the certificate may be used. Aplications with specific policy requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in the certificate to that list. If
- * this extension is critical, the path validation software must be able to interpret this extension, or must reject the certificate.
+ * The certificate policies extension conatins a sequence of policy information terms, each of which consists of an
+ * object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the
+ * certificate has been issued and the purposes for which the certificate may be used. Aplications with specific policy
+ * requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in
+ * the certificate to that list. If this extension is critical, the path validation software must be able to interpret
+ * this extension, or must reject the certificate.
  * 
  * <pre>
  * CertificatePolicies ::= SEQUENECE OF PolicyInformation
diff --git a/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java b/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java
index fd7090a94..6e8f9fa02 100755
--- a/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java
+++ b/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * Represent the Delta CRL Indicator Extension.
  * 
  * <p>
- * The delta CRL indicator is a critical CRL extension that identifies a delta-CRL. The value of BaseCRLNumber identifies the CRL number of the base CRL that was used as the starting point in the generation of this delta- CRL. The delta-CRL contains the changes between the base CRL and the current CRL issued along with the delta-CRL.
+ * The delta CRL indicator is a critical CRL extension that identifies a delta-CRL. The value of BaseCRLNumber
+ * identifies the CRL number of the base CRL that was used as the starting point in the generation of this delta- CRL.
+ * The delta-CRL contains the changes between the base CRL and the current CRL issued along with the delta-CRL.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/DirStrConverter.java b/pki/base/util/src/netscape/security/x509/DirStrConverter.java
index 7c52707f8..776344c0a 100644
--- a/pki/base/util/src/netscape/security/x509/DirStrConverter.java
+++ b/pki/base/util/src/netscape/security/x509/DirStrConverter.java
@@ -32,8 +32,11 @@ import netscape.security.util.DerValue;
  * Universal String (UCS-4), and vice versa.
  * 
  * <p>
- * The string to DerValue conversion is done as follows. If the string has only PrintableString characters it is converted to a ASN.1 Printable String using the PrintableString encoder from the global default ASN1CharStrConvMap. If it has only characters covered in the PrintableString or T.61 character set it is converted to a ASN.1 T.61 string using the T.61 encoder from the ASN1CharStrCovnMap. Otherwise it is converted to a ASN.1 UniversalString (UCS-4 character set) which covers all
- * characters.
+ * The string to DerValue conversion is done as follows. If the string has only PrintableString characters it is
+ * converted to a ASN.1 Printable String using the PrintableString encoder from the global default ASN1CharStrConvMap.
+ * If it has only characters covered in the PrintableString or T.61 character set it is converted to a ASN.1 T.61 string
+ * using the T.61 encoder from the ASN1CharStrCovnMap. Otherwise it is converted to a ASN.1 UniversalString (UCS-4
+ * character set) which covers all characters.
  * 
  * @see AVAValueConverter
  * @see ASN1CharStrConvMap
diff --git a/pki/base/util/src/netscape/security/x509/Extension.java b/pki/base/util/src/netscape/security/x509/Extension.java
index 036d15d22..5d0029875 100644
--- a/pki/base/util/src/netscape/security/x509/Extension.java
+++ b/pki/base/util/src/netscape/security/x509/Extension.java
@@ -29,10 +29,13 @@ import netscape.security.util.ObjectIdentifier;
  * Represent a X509 Extension Attribute.
  * 
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * <pre>
  * ASN.1 definition of Extension:
diff --git a/pki/base/util/src/netscape/security/x509/GenericValueConverter.java b/pki/base/util/src/netscape/security/x509/GenericValueConverter.java
index dbea7d86a..73bc1979c 100644
--- a/pki/base/util/src/netscape/security/x509/GenericValueConverter.java
+++ b/pki/base/util/src/netscape/security/x509/GenericValueConverter.java
@@ -33,7 +33,11 @@ import netscape.security.util.DerValue;
  * Universal String.
  * 
  * <p>
- * The conversion is done as follows. An encoder is obtained for the all the character sets from the global default ASN1CharStrConvMap. The encoders are then used to convert the string to the smallest character set first -- printableString. If the string contains characters outside of that character set, it is converted to the next character set -- IA5String character set. If that is not enough it is converted to a BMPString, then Universal String which contains all characters.
+ * The conversion is done as follows. An encoder is obtained for the all the character sets from the global default
+ * ASN1CharStrConvMap. The encoders are then used to convert the string to the smallest character set first --
+ * printableString. If the string contains characters outside of that character set, it is converted to the next
+ * character set -- IA5String character set. If that is not enough it is converted to a BMPString, then Universal String
+ * which contains all characters.
  * 
  * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc.
  * 
@@ -49,7 +53,9 @@ public class GenericValueConverter implements AVAValueConverter {
      * UniversalString. The string is not expected to be encoded in any form.
      * 
      * <p>
-     * If an encoder is not available for a character set that is needed to convert the string, the string cannot be converted and an IOException is thrown. For example, if the string contains characters outside the PrintableString character and only a PrintableString encoder is available then an IOException is thrown.
+     * If an encoder is not available for a character set that is needed to convert the string, the string cannot be
+     * converted and an IOException is thrown. For example, if the string contains characters outside the
+     * PrintableString character and only a PrintableString encoder is available then an IOException is thrown.
      * 
      * @param s A string representing a generic attribute string value.
      * 
diff --git a/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java b/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java
index e6fb81b88..80324f8d8 100644
--- a/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java
+++ b/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java
@@ -34,7 +34,8 @@ import netscape.security.util.ObjectIdentifier;
  * Represent the CRL Hold Instruction Code Extension.
  * 
  * <p>
- * The hold instruction code is a non-critical CRL entry extension that provides a registered instruction identifier which indicates the action to be taken after encountering a certificate that has been placed on hold.
+ * The hold instruction code is a non-critical CRL entry extension that provides a registered instruction identifier
+ * which indicates the action to be taken after encountering a certificate that has been placed on hold.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java b/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java
index 30c33b213..73e76087f 100755
--- a/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java
+++ b/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * Represent the CRL Invalidity Date Extension.
  * 
  * <p>
- * This CRL entry extension, if present, provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid. Invalidity date may be earlier than the revocation date.
+ * This CRL entry extension, if present, provides the date on which it is known or suspected that the private key was
+ * compromised or that the certificate otherwise became invalid. Invalidity date may be earlier than the revocation
+ * date.
  * 
  * @see Extension
  * @see CertAttrSet
diff --git a/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java b/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
index 64b0eb59e..a21d3ac32 100644
--- a/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
+++ b/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * alternative names.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java
index 7906746e9..043208806 100644
--- a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java
+++ b/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java
@@ -32,7 +32,9 @@ import netscape.security.util.DerValue;
  * Represent the Key Usage Extension.
  * 
  * <p>
- * This extension, if present, defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a multipurpose key is to be restricted (e.g., when an RSA key should be used only for signing or only for key encipherment).
+ * This extension, if present, defines the purpose (e.g., encipherment, signature, certificate signing) of the key
+ * contained in the certificate. The usage restriction might be employed when a multipurpose key is to be restricted
+ * (e.g., when an RSA key should be used only for signing or only for key encipherment).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java
index 3a0718d30..d3ca8c116 100644
--- a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java
@@ -31,7 +31,10 @@ import netscape.security.util.PrettyPrintFormat;
 /**
  * This class defines the Name Constraints Extension.
  * <p>
- * The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.
+ * The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be
+ * included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or
+ * subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of
+ * information appearing in the permitted subtrees.
  * <p>
  * The ASN.1 syntax for this is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java
index d694deda4..9946a5c57 100644
--- a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java
+++ b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java
@@ -23,10 +23,13 @@ import netscape.security.util.ObjectIdentifier;
  * Lists all the object identifiers of the X509 extensions of the PKIX profile.
  * 
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @see Extension
  * 
diff --git a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java
index ae782dfcd..194903dd5 100644
--- a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java
@@ -33,7 +33,9 @@ import netscape.security.util.DerValue;
  * This class defines the certificate extension which specifies the
  * Policy constraints.
  * <p>
- * The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier.
+ * The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension
+ * constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in
+ * a path contain an acceptable policy identifier.
  * <p>
  * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the module definition):
  * 
diff --git a/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java b/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java
index 3d69782cd..6f2e583bc 100644
--- a/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java
+++ b/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java
@@ -33,10 +33,13 @@ import netscape.security.util.DerValue;
  * This extension, if present, identifies the certificate policies considered
  * identical between the issuing and the subject CA.
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java
index 4a155aeb3..a38443644 100644
--- a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java
+++ b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java
@@ -37,7 +37,10 @@ import netscape.security.util.DerValue;
  * This class defines the Private Key Usage Extension.
  * 
  * <p>
- * The Private Key Usage Period extension allows the certificate issuer to specify a different validity period for the private key than the certificate. This extension is intended for use with digital signature keys. This extension consists of two optional components notBefore and notAfter. The private key associated with the certificate should not be used to sign objects before or after the times specified by the two components, respectively.
+ * The Private Key Usage Period extension allows the certificate issuer to specify a different validity period for the
+ * private key than the certificate. This extension is intended for use with digital signature keys. This extension
+ * consists of two optional components notBefore and notAfter. The private key associated with the certificate should
+ * not be used to sign objects before or after the times specified by the two components, respectively.
  * 
  * <pre>
  * PrivateKeyUsagePeriod ::= SEQUENCE {
diff --git a/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java b/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java
index 05e0b9182..3271768f7 100755
--- a/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java
+++ b/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java
@@ -37,7 +37,8 @@ import netscape.security.util.ObjectIdentifier;
 
 /**
  * <p>
- * Abstract class for a revoked certificate in a CRL. This class is for each entry in the <code>revokedCertificates</code>, so it deals with the inner <em>SEQUENCE</em>. The ASN.1 definition for this is:
+ * Abstract class for a revoked certificate in a CRL. This class is for each entry in the
+ * <code>revokedCertificates</code>, so it deals with the inner <em>SEQUENCE</em>. The ASN.1 definition for this is:
  * 
  * <pre>
  * revokedCertificates    SEQUENCE OF SEQUENCE  {
diff --git a/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java b/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
index 572f2be17..779503e60 100644
--- a/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
+++ b/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
@@ -34,7 +34,9 @@ import netscape.security.util.DerValue;
  * alternative names.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * <p>
  * The ASN.1 syntax for this is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java b/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java
index 236981768..40e7a3f0d 100644
--- a/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java
+++ b/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java
@@ -31,7 +31,8 @@ import netscape.security.util.DerValue;
  * This class represents the Subject Directory Attributes Extension.
  * 
  * <p>
- * The subject directory attributes extension is not recommended as an essential part of this profile, but it may be used in local environments. This extension MUST be non-critical.
+ * The subject directory attributes extension is not recommended as an essential part of this profile, but it may be
+ * used in local environments. This extension MUST be non-critical.
  * 
  * <pre>
  * The ASN.1 syntax for this extension is:
diff --git a/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java b/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java
index 3e6b63daf..fd22b20f0 100644
--- a/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java
+++ b/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java
@@ -35,10 +35,13 @@ import netscape.security.util.DerValue;
  * non-critical.
  * 
  * <p>
- * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension.
+ * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a
+ * "Driving License Certificate" could have the driving license number as a extension.
  * 
  * <p>
- * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value).
+ * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating
+ * whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding
+ * of the extension value).
  * 
  * @author Amit Kapoor
  * @author Hemma Prafullchandra
diff --git a/pki/base/util/src/netscape/security/x509/X500Signer.java b/pki/base/util/src/netscape/security/x509/X500Signer.java
index 75d8144b2..0b8cf87a4 100644
--- a/pki/base/util/src/netscape/security/x509/X500Signer.java
+++ b/pki/base/util/src/netscape/security/x509/X500Signer.java
@@ -28,7 +28,8 @@ import java.security.Signer;
  * is needed in many public key signing applications.
  * 
  * <P>
- * The name of the signer is important, both because knowing it is the whole point of the signature, and because the associated X.509 certificate is always used to verify the signature.
+ * The name of the signer is important, both because knowing it is the whole point of the signature, and because the
+ * associated X.509 certificate is always used to verify the signature.
  * 
  * <P>
  * <em>The X.509 certificate chain is temporarily not associated with
diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
index 551e28046..8c69b6aa0 100755
--- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
+++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
@@ -55,9 +55,11 @@ import netscape.security.util.ObjectIdentifier;
  * <pre>
  * </pre>
  * <p>
- * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }
+ * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING
+ * }
  * <p>
- * A good description and profiling is provided in the IETF PKIX WG draft, Part I: X.509 Certificate and CRL Profile, &lt;draft-ietf-pkix-ipki-part1-06.txt&gt;.
+ * A good description and profiling is provided in the IETF PKIX WG draft, Part I: X.509 Certificate and CRL Profile,
+ * &lt;draft-ietf-pkix-ipki-part1-06.txt&gt;.
  * <p>
  * The ASN.1 definition of <code>tbsCertList</code> is:
  * 
diff --git a/pki/base/util/src/netscape/security/x509/X509Cert.java b/pki/base/util/src/netscape/security/x509/X509Cert.java
index 4675741a9..b524f779b 100644
--- a/pki/base/util/src/netscape/security/x509/X509Cert.java
+++ b/pki/base/util/src/netscape/security/x509/X509Cert.java
@@ -133,10 +133,14 @@ public class X509Cert implements Certificate, Serializable {
      * and are sometimes used as certificate requests.
      * 
      * <P>
-     * Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed certificate. The fields passed to this constructor are available, and must be non-null.
+     * Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be
+     * available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed
+     * certificate. The fields passed to this constructor are available, and must be non-null.
      * 
      * <P>
-     * Note that the public key being signed is generally independent of the signature algorithm being used. So for example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used.
+     * Note that the public key being signed is generally independent of the signature algorithm being used. So for
+     * example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other
+     * signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used.
      * 
      * @see CertAndKeyGen
      * 
@@ -511,7 +515,9 @@ public class X509Cert implements Certificate, Serializable {
      * chose not to place in the certificate.
      * 
      * <P>
-     * Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a Diffie-Hellman certificate and a signature capable certificate.
+     * Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate
+     * in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a
+     * Diffie-Hellman certificate and a signature capable certificate.
      */
     public PublicKey getPublicKey() {
         return pubkey;
diff --git a/pki/base/util/src/netscape/security/x509/X509CertImpl.java b/pki/base/util/src/netscape/security/x509/X509CertImpl.java
index 4d78db067..360028734 100755
--- a/pki/base/util/src/netscape/security/x509/X509CertImpl.java
+++ b/pki/base/util/src/netscape/security/x509/X509CertImpl.java
@@ -62,10 +62,15 @@ import netscape.security.util.ObjectIdentifier;
  * 
  * <P>
  * These certificates are managed and vouched for by <em>Certificate
- * Authorities</em> (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
+ * Authorities</em> (CAs). CAs are services which create certificates by placing data in the X.509 standard format and
+ * then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties,
+ * making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by
+ * themselves, or by some other CA such as a "root" CA.
  * 
  * <P>
- * RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.
+ * RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates.
+ * That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of
+ * personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.
  * 
  * <P>
  * More recent work includes the IETF PKIX Working Group efforts, especially part 1.
diff --git a/pki/base/util/src/netscape/security/x509/X509CertInfo.java b/pki/base/util/src/netscape/security/x509/X509CertInfo.java
index 166462613..9dd43de3f 100644
--- a/pki/base/util/src/netscape/security/x509/X509CertInfo.java
+++ b/pki/base/util/src/netscape/security/x509/X509CertInfo.java
@@ -41,13 +41,17 @@ import netscape.security.util.DerValue;
  * X.509 certificates have several base data elements, including:
  * <UL>
  * 
- * <LI>The <em>Subject Name</em>, an X.500 Distinguished Name for the entity (subject) for which the certificate was issued.
+ * <LI>The <em>Subject Name</em>, an X.500 Distinguished Name for the entity (subject) for which the certificate was
+ * issued.
  * 
- * <LI>The <em>Subject Public Key</em>, the public key of the subject. This is one of the most important parts of the certificate.
+ * <LI>The <em>Subject Public Key</em>, the public key of the subject. This is one of the most important parts of the
+ * certificate.
  * 
- * <LI>The <em>Validity Period</em>, a time period (e.g. six months) within which the certificate is valid (unless revoked).
+ * <LI>The <em>Validity Period</em>, a time period (e.g. six months) within which the certificate is valid (unless
+ * revoked).
  * 
- * <LI>The <em>Issuer Name</em>, an X.500 Distinguished Name for the Certificate Authority (CA) which issued the certificate.
+ * <LI>The <em>Issuer Name</em>, an X.500 Distinguished Name for the Certificate Authority (CA) which issued the
+ * certificate.
  * 
  * <LI>A <em>Serial Number</em> assigned by the CA, for use in certificate revocation and other applications.
  * 
diff --git a/pki/base/util/src/netscape/security/x509/X509Key.java b/pki/base/util/src/netscape/security/x509/X509Key.java
index 54e00cad1..546ce363e 100644
--- a/pki/base/util/src/netscape/security/x509/X509Key.java
+++ b/pki/base/util/src/netscape/security/x509/X509Key.java
@@ -42,7 +42,10 @@ import netscape.security.util.DerValue;
  * "SubjectPublicKeyInfo".
  * 
  * <P>
- * While this class can represent any kind of X.509 key, it may be desirable to provide subclasses which understand how to parse keying data. For example, RSA public keys have two members, one for the public modulus and one for the prime exponent. If such a class is provided, it is used when parsing X.509 keys. If one is not provided, the key still parses correctly.
+ * While this class can represent any kind of X.509 key, it may be desirable to provide subclasses which understand how
+ * to parse keying data. For example, RSA public keys have two members, one for the public modulus and one for the prime
+ * exponent. If such a class is provided, it is used when parsing X.509 keys. If one is not provided, the key still
+ * parses correctly.
  * 
  * @version 1.74, 97/12/10
  * @author David Brownell
@@ -88,7 +91,9 @@ public class X509Key implements PublicKey {
      * X509Key object is returned.
      * 
      * <P>
-     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be accomodated.
+     * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of
+     * losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be
+     * accomodated.
      * 
      * @param in the DER-encoded SubjectPublicKeyInfo value
      * @exception IOException on data format errors
@@ -121,7 +126,8 @@ public class X509Key implements PublicKey {
      * DSS/DSA keys encapsulate a single unsigned integer.
      * 
      * <P>
-     * This function is called when creating X.509 SubjectPublicKeyInfo values using the X509Key member functions, such as <code>parse</code> and <code>decode</code>.
+     * This function is called when creating X.509 SubjectPublicKeyInfo values using the X509Key member functions, such
+     * as <code>parse</code> and <code>decode</code>.
      * 
      * @exception IOException on parsing errors.
      * @exception InvalidKeyException on invalid key encodings.
@@ -302,16 +308,20 @@ public class X509Key implements PublicKey {
 
     /**
      * Initialize an X509Key object from an input stream. The data on that
-     * input stream must be encoded using DER, obeying the X.509 <code>SubjectPublicKeyInfo</code> format. That is, the data is a
+     * input stream must be encoded using DER, obeying the X.509 <code>SubjectPublicKeyInfo</code> format. That is, the
+     * data is a
      * sequence consisting of an algorithm ID and a bit string which holds
      * the key. (That bit string is often used to encapsulate another DER
      * encoded sequence.)
      * 
      * <P>
-     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code> method to parse any fields inside the <code>key</code> member.
+     * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code>
+     * method to parse any fields inside the <code>key</code> member.
      * 
      * <P>
-     * The exception to this rule is that since private keys need not be encoded using the X.509 <code>SubjectPublicKeyInfo</code> format, private keys may override this method, <code>encode</code>, and of course <code>getFormat</code>.
+     * The exception to this rule is that since private keys need not be encoded using the X.509
+     * <code>SubjectPublicKeyInfo</code> format, private keys may override this method, <code>encode</code>, and of
+     * course <code>getFormat</code>.
      * 
      * @param in an input stream with a DER-encoded X.509
      *            SubjectPublicKeyInfo value