Make javadoc JDK 11 compatible

src/main/java/net/ripe/rpki/commons/crypto/crl/X509Crl.java

@@ -213,9 +213,9 @@ public URI getCrlUri() {
 
     /**
      * This method is required by the interface, but should never be called
-     * on X509Crl objects.. it's pointless. They don't have an AIA.
+     * on X509Crl objects. it's pointless. They don't have an AIA.
      *
-     * @throws UnsupportedOperationException
+     * @throws UnsupportedOperationException whenever it is called
      */
     @Override
     public URI getParentCertificateUri() {

src/main/java/net/ripe/rpki/commons/crypto/x509cert/X509CertificateBuilderHelper.java

@@ -1,5 +1,6 @@
 package net.ripe.rpki.commons.crypto.x509cert;
 
+import com.google.common.annotations.VisibleForTesting;
 import net.ripe.ipresource.IpResourceSet;
 import net.ripe.ipresource.IpResourceType;
 import net.ripe.rpki.commons.crypto.ValidityPeriod;
@@ -150,9 +151,10 @@ public X509CertificateBuilderHelper withSigningKeyPair(KeyPair signingKey) {
 
     /**
      * Careful! You probably want to stick to the default. This method is here
-     * mainly to allow for testing the parser -> it should reject sig algos not
-     * allowed by RFC
+     * mainly to allow for testing the parser. The parser should reject signature
+     * algorithms not allowed by RFC.
      */
+    @VisibleForTesting
     public X509CertificateBuilderHelper withSignatureAlgorithm(
             String signatureAlgorithm) {
         this.signatureAlgorithm = signatureAlgorithm;

src/main/java/net/ripe/rpki/commons/crypto/x509cert/X509CertificateUtil.java

@@ -48,6 +48,7 @@
 import static net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER;
 
 public final class X509CertificateUtil {
+    public static final String RSYNC = "rsync";
 
     private X509CertificateUtil() {
         //Utility classes should not have a public or default constructor.
@@ -90,7 +91,7 @@ public static X509Certificate parseX509Certificate(byte[] encoded) {
     /**
      * Get a base 64-encoded, DER-encoded X.509 subjectPublicKeyInfo as used for the Trust Anchor Locator (TAL)
      *
-     * @throws X509CertificateOperationException
+     * @throws X509CertificateOperationException when SPKI can not be extracted
      */
     public static String getEncodedSubjectPublicKeyInfo(X509Certificate certificate) {
 
@@ -179,12 +180,12 @@ public static X509CertificateInformationAccessDescriptor[] getSubjectInformation
 
     public static URI findFirstAuthorityInformationAccessByMethod(X509Certificate certificate, ASN1ObjectIdentifier method) {
         Validate.notNull(method, "method is null");
-        return findFirstByMethod(method, "rsync", getAuthorityInformationAccess(certificate));
+        return findFirstByMethod(method, RSYNC, getAuthorityInformationAccess(certificate));
     }
 
     public static URI findFirstSubjectInformationAccessByMethod(X509Certificate certificate, ASN1ObjectIdentifier method) {
         Validate.notNull(method, "method is null");
-        return findFirstByMethod(method, "rsync", getSubjectInformationAccess(certificate));
+        return findFirstByMethod(method, RSYNC, getSubjectInformationAccess(certificate));
     }
 
     private static URI findFirstByMethod(ASN1ObjectIdentifier method, String scheme, X509CertificateInformationAccessDescriptor[] accessDescriptor) {
@@ -213,7 +214,7 @@ public static URI[] getCrlDistributionPoints(X509Certificate certificate) {
     }
 
     private static URI[] convertCrlDistributionPointToUris(CRLDistPoint crldp) {
-        List<URI> result = new ArrayList<URI>();
+        List<URI> result = new ArrayList<>();
         for (DistributionPoint dp : crldp.getDistributionPoints()) {
             GeneralNames names = (GeneralNames) dp.getDistributionPoint().getName();
             for (GeneralName name : names.getNames()) {
@@ -230,7 +231,7 @@ public static URI findFirstRsyncCrlDistributionPoint(X509Certificate certificate
             return null;
         }
         for (URI uri : crlDistributionPoints) {
-            if (uri != null && "rsync".equalsIgnoreCase(uri.getScheme())) {
+            if (uri != null && RSYNC.equalsIgnoreCase(uri.getScheme())) {
                 return uri;
             }
         }

src/main/java/net/ripe/rpki/commons/crypto/x509cert/X509ResourceCertificateBuilder.java

@@ -14,7 +14,7 @@
 import java.util.EnumSet;
 
 /**
- * Generic Builder for X509ResourceCertificates<br />
+ * Generic Builder for X509ResourceCertificates.
  * Note that you may want to use one of the following more specific builders to build standard conform signed object EE or CA certificates:
  *
  * @see RpkiSignedObjectEeCertificateBuilder

src/main/java/net/ripe/rpki/commons/provisioning/payload/list/request/ResourceClassListQueryPayloadSerializer.java

@@ -11,10 +11,10 @@
 /**
  * See RFC6492 section 3.3.1 (https://tools.ietf.org/html/rfc6492#section-3.3.1). Example:
  *
- * <code>
- * &lt;?xml version="1.0" encoding="UTF-8"?>
- * &lt;message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender" recipient="recipient" type="list"/>
- * </code>
+ * <pre>{@code
+ *   <?xml version="1.0" encoding="UTF-8"?>
+ *   <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender" recipient="recipient" type="list"/>
+ * }</pre>
  */
 public class ResourceClassListQueryPayloadSerializer extends AbstractProvisioningPayloadXmlSerializer<ResourceClassListQueryPayload> {
     public ResourceClassListQueryPayloadSerializer() {

src/main/java/net/ripe/rpki/commons/provisioning/payload/list/response/ResourceClassListResponsePayloadSerializer.java

@@ -13,10 +13,10 @@
 /**
  * See RFC6492 section 3.3.1 (https://tools.ietf.org/html/rfc6492#section-3.3.1). Example:
  *
- * <code>
- * &lt;?xml version="1.0" encoding="UTF-8"?>
- * &lt;message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender" recipient="recipient" type="list"/>
- * </code>
+ * <pre>{@code
+ *   <xml version="1.0" encoding="UTF-8"?>
+ *   <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender" recipient="recipient" type="list"/>
+ * }</pre>
  */
 public class ResourceClassListResponsePayloadSerializer extends AbstractProvisioningPayloadXmlSerializer<ResourceClassListResponsePayload> {
     public ResourceClassListResponsePayloadSerializer() {

src/main/java/net/ripe/rpki/commons/provisioning/x509/pkcs10/RpkiCaCertificateRequestBuilder.java

@@ -61,8 +61,6 @@ public RpkiCaCertificateRequestBuilder withNotificationUri(URI notificationUri)
 
     /**
      * Default: SunRsaSign
-     *
-     * @return
      */
     public RpkiCaCertificateRequestBuilder withSignatureProvider(String signatureProvider) {
         this.signatureProvider = signatureProvider;
@@ -71,8 +69,6 @@ public RpkiCaCertificateRequestBuilder withSignatureProvider(String signaturePro
 
     /**
      * Default: SHA256withRSA
-     *
-     * @return
      */
     public RpkiCaCertificateRequestBuilder withSignatureAlgorithm(String signatureAlgorithm) {
         this.signatureAlgorithm = signatureAlgorithm;

src/main/java/net/ripe/rpki/commons/validation/ValidationOptions.java

@@ -66,8 +66,6 @@ public static ValidationOptions backCompatibleRipeNccValidator() {
      * RIPE regularly refresh Crl/Manifest in our RPKI core every 16 hours,with validity for 24 hours.
      * Leaving 8 for troubleshooting if needed. This one will invalidates a crl/manifest with still 7 hours
      * remaining, indicating something wrong with refresh.
-     *
-     * @return
      */
     public static ValidationOptions paranoidTestValidations() {
         return new ValidationOptions(true, Duration.standardHours(-7), Duration.standardHours(-7));