Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 83f4f6a9 编写于 作者: A asaha
浏览文件
操作

Merge

上级 93db103c 44e04b6b
隐藏空白更改
内联 并排
Showing with 3632 addition and 2026 deletion
.hgtags
浏览文件 @ 83f4f6a9
......@@ -663,11 +663,21 @@ c86d82567b1200bdb2d2a757f676179a637c4244 jdk8u112-b10
d2d8b67021a0f41e0eabd711bfd87a943dc0a8d5 jdk8u112-b14
60767ec3909b3d0cb26dd7b3f952c62053719dda jdk8u112-b15
5dd7e4bae5c2f1ee4f80c5570e7e3e2f715f7a32 jdk8u112-b16
41fac11792c1ee6945f56721ee558a7424395a81 jdk8u112-b31
ab5ff8f1e52c5e3ca02e988f4d978af63ceca5b8 jdk8u121-b00
5f0839ac7e0d25dd1ae705df496b12ca76c26d59 jdk8u121-b01
f91e3aa155b3c6774afb456db15fb358313d5771 jdk8u121-b02
ecdb635eaf4886829089b987c339e35dfb5ea0e8 jdk8u121-b03
d54219144844fb358f87f4a37255242aae9782fa jdk8u121-b04
fb4e3a7375c91e02bd1c0a764dfb53fba3839c18 jdk8u121-b05
3bc671481026decc460e636e8b2f19a36bfe89af jdk8u121-b06
a2c2fbc61674869e85d5345804cff4834cc010d1 jdk8u121-b07
392209fbe127896df2749344ea127f2c0a62da55 jdk8u121-b08
494d27357b8cfc6b6c4346a814c8717a8502d769 jdk8u121-b09
d66de7e2f672a1ff6947846818412fa899456972 jdk8u121-b10
ec72a941be0a50ab77f5375cf710bc06e4f118d3 jdk8u121-b11
9561afc12df843ef21ecd9d7b3633371e7a2bfc4 jdk8u121-b12
2974746e56192cdd14fc2dd43179bcf28e4faf4a jdk8u121-b13
032874d46bf95478cb86690b3c91d335c0764b0b jdk8u131-b00
a160009bbe1417d85f1c0eec890fdb17391b3637 jdk8u141-b00
072e084bceeedeb75467e40ca77786ac9ef5227a jdk8u151-b00
make/data/tzdata/VERSION
浏览文件 @ 83f4f6a9
......@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
tzdata2016f
tzdata2016i
make/data/tzdata/africa
浏览文件 @ 83f4f6a9
......@@ -487,7 +487,7 @@ Zone Africa/Monrovia -0:43:08 - LMT 1882
# http://www.libyaherald.com/2013/10/24/correction-no-time-change-tomorrow/
#
# From Paul Eggert (2013-10-25):
# For now, assume they're reverting to the pre-2012 rules of permanent UTC+2.
# For now, assume they're reverting to the pre-2012 rules of permanent UT +02.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Libya 1951 only - Oct 14 2:00 1:00 S
......
make/data/tzdata/antarctica
浏览文件 @ 83f4f6a9
......@@ -33,9 +33,7 @@
# http://www.spri.cam.ac.uk/bob/periant.htm
# for information.
# Unless otherwise specified, we have no time zone information.
#
# Except for the French entries,
# I made up all time zone abbreviations mentioned here; corrections welcome!
# FORMAT is '-00' and GMTOFF is 0 for locations while uninhabited.
# Argentina - year-round bases
......@@ -52,7 +50,7 @@
# previously sealers and scientific personnel wintered
# Margaret Turner reports
# http://web.archive.org/web/20021204222245/http://www.dstc.qut.edu.au/DST/marg/daylight.html
# (1999-09-30) that they're UTC+5, with no DST;
# (1999-09-30) that they're UT +05, with no DST;
# presumably this is when they have visitors.
#
# year-round bases
......@@ -89,25 +87,29 @@
# Background:
# http://www.timeanddate.com/news/time/antartica-time-changes-2010.html
# From Steffen Thorsen (2016-10-28):
# Australian Antarctica Division informed us that Casey changed time
# zone to UTC+11 in "the morning of 22nd October 2016".
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Casey 0 - -00 1969
8:00 - AWST 2009 Oct 18 2:00
# Australian Western Std Time
11:00 - CAST 2010 Mar 5 2:00 # Casey Time
8:00 - AWST 2011 Oct 28 2:00
11:00 - CAST 2012 Feb 21 17:00u
8:00 - AWST
8:00 - +08 2009 Oct 18 2:00
11:00 - +11 2010 Mar 5 2:00
8:00 - +08 2011 Oct 28 2:00
11:00 - +11 2012 Feb 21 17:00u
8:00 - +08 2016 Oct 22
11:00 - +11
Zone Antarctica/Davis 0 - -00 1957 Jan 13
7:00 - DAVT 1964 Nov # Davis Time
7:00 - +07 1964 Nov
0 - -00 1969 Feb
7:00 - DAVT 2009 Oct 18 2:00
5:00 - DAVT 2010 Mar 10 20:00u
7:00 - DAVT 2011 Oct 28 2:00
5:00 - DAVT 2012 Feb 21 20:00u
7:00 - DAVT
7:00 - +07 2009 Oct 18 2:00
5:00 - +05 2010 Mar 10 20:00u
7:00 - +07 2011 Oct 28 2:00
5:00 - +05 2012 Feb 21 20:00u
7:00 - +07
Zone Antarctica/Mawson 0 - -00 1954 Feb 13
6:00 - MAWT 2009 Oct 18 2:00 # Mawson Time
5:00 - MAWT
6:00 - +06 2009 Oct 18 2:00
5:00 - +05
# References:
# Casey Weather (1998-02-26)
# http://www.antdiv.gov.au/aad/exop/sfo/casey/casey_aws.html
......@@ -161,7 +163,7 @@ Zone Antarctica/Mawson 0 - -00 1954 Feb 13
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français
5:00 - TFT # ISO code TF Time
5:00 - +05
#
# year-round base in the main continent
# Dumont d'Urville, Île des Pétrels, -6640+14001, since 1956-11
......@@ -172,9 +174,9 @@ Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/DumontDUrville 0 - -00 1947
10:00 - PMT 1952 Jan 14 # Port-Martin Time
10:00 - +10 1952 Jan 14
0 - -00 1956 Nov
10:00 - DDUT # Dumont-d'Urville Time
10:00 - +10
# France & Italy - year-round base
# Concordia, -750600+1232000, since 2005
......@@ -200,7 +202,7 @@ Zone Antarctica/DumontDUrville 0 - -00 1947
# station of Japan, it's appropriate for the principal location.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Syowa 0 - -00 1957 Jan 29
3:00 - SYOT # Syowa Time
3:00 - +03
# See:
# NIPR Antarctic Research Activities (1999-08-17)
# http://www.nipr.ac.jp/english/ara01.html
......@@ -237,17 +239,17 @@ Zone Antarctica/Syowa 0 - -00 1957 Jan 29
# correct, but they should be quite close to the actual dates.
#
# From Paul Eggert (2014-03-21):
# The CET-switching Troll rules require zic from tzcode 2014b or later, so as
# The CET-switching Troll rules require zic from tz 2014b or later, so as
# suggested by Bengt-Inge Larsson comment them out for now, and approximate
# with only UTC and CEST. Uncomment them when 2014b is more prevalent.
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
#Rule Troll 2005 max - Mar 1 1:00u 1:00 CET
Rule Troll 2005 max - Mar lastSun 1:00u 2:00 CEST
#Rule Troll 2005 max - Oct lastSun 1:00u 1:00 CET
#Rule Troll 2004 max - Nov 7 1:00u 0:00 UTC
#Rule Troll 2005 max - Mar 1 1:00u 1:00 +01
Rule Troll 2005 max - Mar lastSun 1:00u 2:00 +02
#Rule Troll 2005 max - Oct lastSun 1:00u 1:00 +01
#Rule Troll 2004 max - Nov 7 1:00u 0:00 +00
# Remove the following line when uncommenting the above '#Rule' lines.
Rule Troll 2004 max - Oct lastSun 1:00u 0:00 UTC
Rule Troll 2004 max - Oct lastSun 1:00u 0:00 +00
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Troll 0 - -00 2005 Feb 12
0:00 Troll %s
......@@ -288,10 +290,10 @@ Zone Antarctica/Troll 0 - -00 2005 Feb 12
# changes during the year and does not necessarily correspond to mean
# solar noon. So the Vostok time might have been whatever the clocks
# happened to be during their visit. So we still don't really know what time
# it is at Vostok. But we'll guess UTC+6.
# it is at Vostok. But we'll guess +06.
#
Zone Antarctica/Vostok 0 - -00 1957 Dec 16
6:00 - VOST # Vostok time
6:00 - +06
# S Africa - year-round bases
# Marion Island, -4653+03752
......@@ -324,7 +326,7 @@ Zone Antarctica/Vostok 0 - -00 1957 Dec 16
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Rothera 0 - -00 1976 Dec 1
-3:00 - ROTT # Rothera time
-3:00 - -03
# Uruguay - year round base
# Artigas, King George Island, -621104-0585107
......
make/data/tzdata/asia
浏览文件 @ 83f4f6a9
......@@ -139,13 +139,11 @@ Zone Asia/Kabul 4:36:48 - LMT 1890
# http://www.worldtimezone.com/dst_news/dst_news_armenia03.html
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Yerevan 2:58:00 - LMT 1924 May 2
3:00 - YERT 1957 Mar # Yerevan Time
4:00 RussiaAsia YER%sT 1991 Mar 31 2:00s
3:00 1:00 YERST 1991 Sep 23 # independence
3:00 RussiaAsia AM%sT 1995 Sep 24 2:00s
4:00 - AMT 1997
4:00 RussiaAsia AM%sT 2012 Feb 9
4:00 - AMT
3:00 - +03 1957 Mar
4:00 RussiaAsia +04/+05 1991 Mar 31 2:00s
3:00 RussiaAsia +03/+04 1995 Sep 24 2:00s
4:00 - +04 1997
4:00 RussiaAsia +04/+05
# Azerbaijan
......@@ -166,13 +164,12 @@ Rule Azer 1997 2015 - Mar lastSun 4:00 1:00 S
Rule Azer 1997 2015 - Oct lastSun 5:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Baku 3:19:24 - LMT 1924 May 2
3:00 - BAKT 1957 Mar # Baku Time
4:00 RussiaAsia BAK%sT 1991 Mar 31 2:00s
3:00 1:00 BAKST 1991 Aug 30 # independence
3:00 RussiaAsia AZ%sT 1992 Sep lastSun 2:00s
4:00 - AZT 1996 # Azerbaijan Time
4:00 EUAsia AZ%sT 1997
4:00 Azer AZ%sT
3:00 - +03 1957 Mar
4:00 RussiaAsia +04/+05 1991 Mar 31 2:00s
3:00 RussiaAsia +03/+04 1992 Sep lastSun 2:00s
4:00 - +04 1996
4:00 EUAsia +04/+05 1997
4:00 Azer +04/+05
# Bahrain
# See Asia/Qatar.
......@@ -291,7 +288,7 @@ Zone Asia/Brunei 7:39:40 - LMT 1926 Mar # Bandar Seri Begawan
# Milne says 6:24:40 was the meridian of the time ball observatory at Rangoon.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Rangoon 6:24:40 - LMT 1880 # or Yangon
Zone Asia/Yangon 6:24:40 - LMT 1880 # or Rangoon
6:24:40 - RMT 1920 # Rangoon Mean Time?
6:30 - BURT 1942 May # Burma Time
9:00 - JST 1945 May 3
......@@ -406,7 +403,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Lewiston (ME) Daily Sun (1939-05-29), p 17, said "Even the time is
# different - the occupied districts going by Tokyo time, an hour
# ahead of that prevailing in the rest of Shanghai." Guess that the
# Xujiahui Observatory was under French control and stuck with UT+8.
# Xujiahui Observatory was under French control and stuck with UT +08.
#
# In earlier versions of this file, China had many separate Zone entries, but
# this was based on what were apparently incorrect data in Shanks & Pottenger.
......@@ -415,26 +412,26 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Proposed in 1918 and theoretically in effect until 1949 (although in practice
# mainly observed in coastal areas), the five zones were:
#
# Changbai Time ("Long-white Time", Long-white = Heilongjiang area) UT+8.5
# Changbai Time ("Long-white Time", Long-white = Heilongjiang area) UT +08:30
# Asia/Harbin (currently a link to Asia/Shanghai)
# Heilongjiang (except Mohe county), Jilin
#
# Zhongyuan Time ("Central plain Time") UT+8
# Zhongyuan Time ("Central plain Time") UT +08
# Asia/Shanghai
# most of China
# This currently represents most other zones as well,
# as apparently these regions have been the same since 1970.
# Milne gives 8:05:43.2 for Xujiahui Observatory time; round to nearest.
# Guo says Shanghai switched to UT+8 "from the end of the 19th century".
# Guo says Shanghai switched to UT +08 "from the end of the 19th century".
#
# Long-shu Time (probably due to Long and Shu being two names of that area) UT+7
# Long-shu Time (probably due to Long and Shu being two names of the area) UT +07
# Asia/Chongqing (currently a link to Asia/Shanghai)
# Guangxi, Guizhou, Hainan, Ningxia, Sichuan, Shaanxi, and Yunnan;
# most of Gansu; west Inner Mongolia; west Qinghai; and the Guangdong
# counties Deqing, Enping, Kaiping, Luoding, Taishan, Xinxing,
# Yangchun, Yangjiang, Yu'nan, and Yunfu.
#
# Xin-zang Time ("Xinjiang-Tibet Time") UT+6
# Xin-zang Time ("Xinjiang-Tibet Time") UT +06
# Asia/Urumqi
# This currently represents Kunlun Time as well,
# as apparently the two regions have been the same since 1970.
......@@ -447,7 +444,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Shihezi, Changji, Yanqi, Heshuo, Tuokexun, Tulufan, Shanshan, Hami,
# Fukang, Kuitun, Kumukuli, Miquan, Qitai, and Turfan.
#
# Kunlun Time UT+5.5
# Kunlun Time UT +05:30
# Asia/Kashgar (currently a link to Asia/Urumqi)
# West Tibet, including Pulan, Aheqi, Shufu, Shule;
# West Xinjiang, including Aksu, Atushi, Yining, Hetian, Cele, Luopu, Nileke,
......@@ -463,7 +460,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
#
# On the other hand, ethnic Uyghurs, who make up about half the
# population of Xinjiang, typically use "Xinjiang time" which is two
# hours behind Beijing time, or UTC +0600. The government of the Xinjiang
# hours behind Beijing time, or UT +06. The government of the Xinjiang
# Uyghur Autonomous Region, (XAUR, or just Xinjiang for short) as well as
# local governments such as the Ürümqi city government use both times in
# publications, referring to what is popularly called Xinjiang time as
......@@ -519,8 +516,8 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# having the same time as Beijing.
# From Paul Eggert (2014-06-30):
# In the early days of the PRC, Tibet was given its own time zone (UT+6) but
# this was withdrawn in 1959 and never reinstated; see Tubten Khétsun,
# In the early days of the PRC, Tibet was given its own time zone (UT +06)
# but this was withdrawn in 1959 and never reinstated; see Tubten Khétsun,
# Memories of life in Lhasa under Chinese Rule, Columbia U Press, ISBN
# 978-0231142861 (2008), translator's introduction by Matthew Akester, p x.
# As this is before our 1970 cutoff, Tibet doesn't need a separate zone.
......@@ -534,12 +531,12 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Republics, the Soviet Union, the Kuomintang, and the People's Republic of
# China, and tracking down all these organizations' timekeeping rules would be
# quite a trick. Approximate this lost history by a transition from LMT to
# XJT at the start of 1928, the year of accession of the warlord Jin Shuren,
# UT +06 at the start of 1928, the year of accession of the warlord Jin Shuren,
# which happens to be the date given by Shanks & Pottenger (no doubt as a
# guess) as the transition from LMT. Ignore the usage of UT+8 before
# 1986-02-01 under the theory that the transition date to UT+8 is unknown and
# guess) as the transition from LMT. Ignore the usage of +08 before
# 1986-02-01 under the theory that the transition date to +08 is unknown and
# that the sort of users who prefer Asia/Urumqi now typically ignored the
# UT+8 mandate back then.
# +08 mandate back then.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Beijing time, used throughout China; represented by Shanghai.
......@@ -744,7 +741,7 @@ Zone Asia/Hong_Kong 7:36:42 - LMT 1904 Oct 30
# be found from historical government announcement database.
# From Paul Eggert (2014-07-03):
# As per Yu-Cheng Chuang, say that Taiwan was at UT+9 from 1937-10-01
# As per Yu-Cheng Chuang, say that Taiwan was at UT +09 from 1937-10-01
# until 1945-09-21 at 01:00, overriding Shanks & Pottenger.
# Likewise, use Yu-Cheng Chuang's data for DST in Taiwan.
......@@ -797,9 +794,19 @@ Zone Asia/Macau 7:34:20 - LMT 1912 Jan 1
###############################################################################
# Cyprus
#
# Milne says the Eastern Telegraph Company used 2:14:00. Stick with LMT.
# IATA SSIM (1998-09) has Cyprus using EU rules for the first time.
# From Paul Eggert (2016-09-09):
# Yesterday's Cyprus Mail reports that Northern Cyprus followed Turkey's
# lead and switched from +02/+03 to +03 year-round.
# http://cyprus-mail.com/2016/09/08/two-time-zones-cyprus-turkey-will-not-turn-clocks-back-next-month/
#
# From Even Scharning (2016-10-31):
# Looks like the time zone split in Cyprus went through last night.
# http://cyprus-mail.com/2016/10/30/cyprus-new-division-two-time-zones-now-reality/
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Cyprus 1975 only - Apr 13 0:00 1:00 S
Rule Cyprus 1975 only - Oct 12 0:00 0 -
......@@ -814,7 +821,10 @@ Rule Cyprus 1981 1998 - Mar lastSun 0:00 1:00 S
Zone Asia/Nicosia 2:13:28 - LMT 1921 Nov 14
2:00 Cyprus EE%sT 1998 Sep
2:00 EUAsia EE%sT
# IATA SSIM (1998-09) has Cyprus using EU rules for the first time.
Zone Asia/Famagusta 2:15:48 - LMT 1921 Nov 14
2:00 Cyprus EE%sT 1998 Sep
2:00 EUAsia EE%sT 2016 Sep 8
3:00 - +03
# Classically, Cyprus belongs to Asia; e.g. see Herodotus, Histories, I.72.
# However, for various reasons many users expect to find it under Europe.
......@@ -858,16 +868,15 @@ Link Asia/Nicosia Europe/Nicosia
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Tbilisi 2:59:11 - LMT 1880
2:59:11 - TBMT 1924 May 2 # Tbilisi Mean Time
3:00 - TBIT 1957 Mar # Tbilisi Time
4:00 RussiaAsia TBI%sT 1991 Mar 31 2:00s
3:00 1:00 TBIST 1991 Apr 9 # independence
3:00 RussiaAsia GE%sT 1992 # Georgia Time
3:00 E-EurAsia GE%sT 1994 Sep lastSun
4:00 E-EurAsia GE%sT 1996 Oct lastSun
4:00 1:00 GEST 1997 Mar lastSun
4:00 E-EurAsia GE%sT 2004 Jun 27
3:00 RussiaAsia GE%sT 2005 Mar lastSun 2:00
4:00 - GET
3:00 - +03 1957 Mar
4:00 RussiaAsia +04/+05 1991 Mar 31 2:00s
3:00 RussiaAsia +03/+04 1992
3:00 E-EurAsia +03/+04 1994 Sep lastSun
4:00 E-EurAsia +04/+05 1996 Oct lastSun
4:00 1:00 +05 1997 Mar lastSun
4:00 E-EurAsia +04/+05 2004 Jun 27
3:00 RussiaAsia +03/+04 2005 Mar lastSun 2:00
4:00 - +04
# East Timor
......@@ -944,7 +953,7 @@ Zone Asia/Kolkata 5:53:28 - LMT 1880 # Kolkata
# These would be the earliest possible times for a change.
# Régimes horaires pour le monde entier, by Henri Le Corre, (Éditions
# Traditionnelles, 1987, Paris) says that Java and Madura switched
# from JST to UTC+07:30 on 1945-09-23, and gives 1944-09-01 for Jayapura
# from UT +09 to +07:30 on 1945-09-23, and gives 1944-09-01 for Jayapura
# (Hollandia). For now, assume all Indonesian locations other than Jayapura
# switched on 1945-09-23.
#
......@@ -955,11 +964,11 @@ Zone Asia/Kolkata 5:53:28 - LMT 1880 # Kolkata
# summary published by the Time and Frequency Laboratory of the
# Research Center for Calibration, Instrumentation and Metrology,
# Indonesia, <http://time.kim.lipi.go.id/time-eng.php> (2006-09-29).
# The abbreviations are:
# The time zone abbreviations and UT offsets are:
#
# WIB - UTC+7 - Waktu Indonesia Barat (Indonesia western time)
# WITA - UTC+8 - Waktu Indonesia Tengah (Indonesia central time)
# WIT - UTC+9 - Waktu Indonesia Timur (Indonesia eastern time)
# WIB - +07 - Waktu Indonesia Barat (Indonesia western time)
# WITA - +08 - Waktu Indonesia Tengah (Indonesia central time)
# WIT - +09 - Waktu Indonesia Timur (Indonesia eastern time)
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Java, Sumatra
......@@ -1848,11 +1857,11 @@ Rule Kyrgyz 1997 2005 - Mar lastSun 2:30 1:00 S
Rule Kyrgyz 1997 2004 - Oct lastSun 2:30 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Bishkek 4:58:24 - LMT 1924 May 2
5:00 - FRUT 1930 Jun 21 # Frunze Time
6:00 RussiaAsia FRU%sT 1991 Mar 31 2:00s
5:00 1:00 FRUST 1991 Aug 31 2:00 # independence
5:00 Kyrgyz KG%sT 2005 Aug 12 # Kyrgyzstan Time
6:00 - KGT
5:00 - +05 1930 Jun 21
6:00 RussiaAsia +06/+07 1991 Mar 31 2:00s
5:00 RussiaAsia +05/+06 1991 Aug 31 2:00
5:00 Kyrgyz +05/+06 2005 Aug 12
6:00 - +06
###############################################################################
......@@ -1891,25 +1900,24 @@ Rule ROK 1957 1960 - Sep Sun>=18 0:00 0 S
Rule ROK 1987 1988 - May Sun>=8 2:00 1:00 D
Rule ROK 1987 1988 - Oct Sun>=8 3:00 0 S
# From Paul Eggert (2014-10-30):
# From Paul Eggert (2016-08-23):
# The Korean Wikipedia entry gives the following sources for UT offsets:
#
# 1908: Official Journal Article No. 3994 (Edict No. 5)
# 1908: Official Journal Article No. 3994 (decree No. 5)
# 1912: Governor-General of Korea Official Gazette Issue No. 367
# (Announcement No. 338)
# 1954: Presidential Decree No. 876 (1954-03-17)
# 1961: Law No. 676 (1961-08-07)
# 1987: Law No. 3919 (1986-12-31)
#
# The Wikipedia entry also has confusing information about a change
# to UT+9 in April 1910, but then what would be the point of the later change
# to UT+9 on 1912-01-01? Omit the 1910 change for now.
# (Another source "1987: Law No. 3919 (1986-12-31)" was in the 2014-10-30
# edition of the Korean Wikipedia entry.)
#
# I guessed that time zone abbreviations through 1945 followed the same
# rules as discussed under Taiwan, with nominal switches from JST to KST
# when the respective cities were taken over by the Allies after WWII.
#
# For Pyongyang we have no information; guess no changes since World War II.
# For Pyongyang, guess no changes from World War II until 2015, as we
# have no information otherwise.
# From Steffen Thorsen (2015-08-07):
# According to many news sources, North Korea is going to change to
......@@ -2069,7 +2077,7 @@ Zone Indian/Maldives 4:54:00 - LMT 1880 # Male
# Bill Bonnet (2005-05-19) reports that the US Embassy in Ulaanbaatar says
# there is only one time zone and that DST is observed, citing Microsoft
# Windows XP as the source. Risto Nykänen (2005-05-16) reports that
# travelmongolia.org says there are two time zones (UTC+7, UTC+8) with no DST.
# travelmongolia.org says there are two time zones (UT +07, +08) with no DST.
# Oscar van Vlijmen (2005-05-20) reports that the Mongolian Embassy in
# Washington, DC says there are two time zones, with DST observed.
# He also found
......@@ -2572,11 +2580,6 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
# From Paul Eggert (2015-03-03):
# http://www.timeanddate.com/time/change/west-bank/ramallah?year=2014
# says that the fall 2014 transition was Oct 23 at 24:00.
# For future dates, guess the last Friday in March at 24:00 through
# the first Friday on or after October 21 at 00:00. This is consistent with
# the predictions in today's editions of the following URLs:
# http://www.timeanddate.com/time/change/gaza-strip/gaza
# http://www.timeanddate.com/time/change/west-bank/hebron
# From Hannah Kreitem (2016-03-09):
# http://www.palestinecabinet.gov.ps/WebSite/ar/ViewDetails?ID=31728
......@@ -2586,7 +2589,21 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
#
# From Paul Eggert (2016-03-12):
# Predict spring transitions on March's last Saturday at 01:00 from now on.
# Leave fall predictions alone for now.
# From Sharef Mustafa (2016-10-19):
# [T]he Palestinian cabinet decision (Mar 8th 2016) published on
# http://www.palestinecabinet.gov.ps/WebSite/Upload/Decree/GOV_17/16032016134830.pdf
# states that summer time will end on Oct 29th at 01:00.
#
# From Tim Parenti (2016-10-19):
# Predict fall transitions on October's last Saturday at 01:00 from now on.
# This is consistent with the 2016 transition as well as our spring
# predictions.
#
# From Paul Eggert (2016-10-19):
# It's also consistent with predictions in the following URLs today:
# http://www.timeanddate.com/time/change/gaza-strip/gaza
# http://www.timeanddate.com/time/change/west-bank/hebron
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
......@@ -2615,9 +2632,10 @@ Rule Palestine 2011 only - Sep 30 0:00 0 -
Rule Palestine 2012 2014 - Mar lastThu 24:00 1:00 S
Rule Palestine 2012 only - Sep 21 1:00 0 -
Rule Palestine 2013 only - Sep Fri>=21 0:00 0 -
Rule Palestine 2014 max - Oct Fri>=21 0:00 0 -
Rule Palestine 2014 2015 - Oct Fri>=21 0:00 0 -
Rule Palestine 2015 only - Mar lastFri 24:00 1:00 S
Rule Palestine 2016 max - Mar lastSat 1:00 1:00 S
Rule Palestine 2016 max - Oct lastSat 1:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
......@@ -2705,7 +2723,7 @@ Link Asia/Qatar Asia/Bahrain
# earlier date.
#
# Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two
# time zones; the other zone, at UTC+4, was in the far eastern part of
# time zones; the other zone, at UT +04, was in the far eastern part of
# the country. Ignore this, as it's before our 1970 cutoff.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -2767,45 +2785,31 @@ Zone Asia/Singapore 6:55:25 - LMT 1901 Jan 1
# People who live in regions under Tamil control can use [TZ='Asia/Kolkata'],
# as that zone has agreed with the Tamil areas since our cutoff date of 1970.
# From K Sethu (2006-04-25):
# I think the abbreviation LKT originated from the world of computers at
# the time of or subsequent to the time zone changes by SL Government
# twice in 1996 and probably SL Government or its standardization
# agencies never declared an abbreviation as a national standard.
#
# I recollect before the recent change the government announcements
# mentioning it as simply changing Sri Lanka Standard Time or Sri Lanka
# Time and no mention was made about the abbreviation.
#
# If we look at Sri Lanka Department of Government's "Official News
# Website of Sri Lanka" ... http://www.news.lk/ we can see that they
# use SLT as abbreviation in time stamp at the beginning of each news
# item....
#
# Within Sri Lanka I think LKT is well known among computer users and
# administrators. In my opinion SLT may not be a good choice because the
# nation's largest telcom / internet operator Sri Lanka Telcom is well
# known by that abbreviation - simply as SLT (there IP domains are
# slt.lk and sltnet.lk).
#
# But if indeed our government has adopted SLT as standard abbreviation
# (that we have not known so far) then it is better that it be used for
# all computers.
# From Paul Eggert (2006-04-25):
# One possibility is that we wait for a bit for the dust to settle down
# and then see what people actually say in practice.
# From Sadika Sumanapala (2016-10-19):
# According to http://www.sltime.org (maintained by Measurement Units,
# Standards & Services Department, Sri Lanka) abbreviation for Sri Lanka
# standard time is SLST.
#
# From Paul Eggert (2016-10-18):
# "SLST" seems to be reasonably recent and rarely-used outside time
# zone nerd sources. I searched Google News and found three uses of
# it in the International Business Times of India in February and
# March of this year when discussing cricket match times, but nothing
# since then (though there has been a lot of cricket) and nothing in
# other English-language news sources. Our old abbreviation "LKT" is
# even worse. For now, let's use a numeric abbreviation; we can
# switch to "SLST" if it catches on.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Colombo 5:19:24 - LMT 1880
5:19:32 - MMT 1906 # Moratuwa Mean Time
5:30 - IST 1942 Jan 5
5:30 0:30 IHST 1942 Sep
5:30 1:00 IST 1945 Oct 16 2:00
5:30 - IST 1996 May 25 0:00
6:30 - LKT 1996 Oct 26 0:30
6:00 - LKT 2006 Apr 15 0:30
5:30 - IST
5:30 - +0530 1942 Jan 5
5:30 0:30 +0530/+06 1942 Sep
5:30 1:00 +0530/+0630 1945 Oct 16 2:00
5:30 - +0530 1996 May 25 0:00
6:30 - +0630 1996 Oct 26 0:30
6:00 - +06 2006 Apr 15 0:30
5:30 - +0530
# Syria
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
......@@ -2974,10 +2978,10 @@ Zone Asia/Damascus 2:25:12 - LMT 1920 # Dimashq
# From Shanks & Pottenger.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Dushanbe 4:35:12 - LMT 1924 May 2
5:00 - DUST 1930 Jun 21 # Dushanbe Time
6:00 RussiaAsia DUS%sT 1991 Mar 31 2:00s
5:00 1:00 DUSST 1991 Sep 9 2:00s
5:00 - TJT # Tajikistan Time
5:00 - +05 1930 Jun 21
6:00 RussiaAsia +06/+07 1991 Mar 31 2:00s
5:00 1:00 +05/+06 1991 Sep 9 2:00s
5:00 - +05
# Thailand
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -2991,11 +2995,10 @@ Link Asia/Bangkok Asia/Vientiane # Laos
# From Shanks & Pottenger.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Ashgabat 3:53:32 - LMT 1924 May 2 # or Ashkhabad
4:00 - ASHT 1930 Jun 21 # Ashkhabad Time
5:00 RussiaAsia ASH%sT 1991 Mar 31 2:00
4:00 RussiaAsia ASH%sT 1991 Oct 27 # independence
4:00 RussiaAsia TM%sT 1992 Jan 19 2:00
5:00 - TMT
4:00 - +04 1930 Jun 21
5:00 RussiaAsia +05/+06 1991 Mar 31 2:00
4:00 RussiaAsia +04/+05 1992 Jan 19 2:00
5:00 - +05
# United Arab Emirates
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -3007,20 +3010,18 @@ Link Asia/Dubai Asia/Muscat # Oman
# Byalokoz 1919 says Uzbekistan was 4:27:53.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Samarkand 4:27:53 - LMT 1924 May 2
4:00 - SAMT 1930 Jun 21 # Samarkand Time
5:00 - SAMT 1981 Apr 1
5:00 1:00 SAMST 1981 Oct 1
6:00 - TAST 1982 Apr 1 # Tashkent Time
5:00 RussiaAsia SAM%sT 1991 Sep 1 # independence
5:00 RussiaAsia UZ%sT 1992
5:00 - UZT
4:00 - +04 1930 Jun 21
5:00 - +05 1981 Apr 1
5:00 1:00 +06 1981 Oct 1
6:00 - +06 1982 Apr 1
5:00 RussiaAsia +05/+06 1992
5:00 - +05
# Milne says Tashkent was 4:37:10.8; round to nearest.
Zone Asia/Tashkent 4:37:11 - LMT 1924 May 2
5:00 - TAST 1930 Jun 21 # Tashkent Time
6:00 RussiaAsia TAS%sT 1991 Mar 31 2:00
5:00 RussiaAsia TAS%sT 1991 Sep 1 # independence
5:00 RussiaAsia UZ%sT 1992
5:00 - UZT
5:00 - +05 1930 Jun 21
6:00 RussiaAsia +06/+07 1991 Mar 31 2:00
5:00 RussiaAsia +05/+06 1992
5:00 - +05
# Vietnam
......
make/data/tzdata/australasia
浏览文件 @ 83f4f6a9
......@@ -373,7 +373,13 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
# commencing at 2.00 am on Sunday 1st November, 2015 and ending at
# 3.00 am on Sunday 17th January, 2016.
# From Paul Eggert (2015-09-01):
# From Raymond Kumar (2016-10-04):
# http://www.fiji.gov.fj/Media-Center/Press-Releases/DAYLIGHT-SAVING-STARTS-ON-6th-NOVEMBER,-2016.aspx
# "Fiji's daylight savings will begin on Sunday, 6 November 2016, when
# clocks go forward an hour at 2am to 3am.... Daylight Saving will
# end at 3.00am on Sunday 15th January 2017."
# From Paul Eggert (2016-10-03):
# For now, guess DST from 02:00 the first Sunday in November to
# 03:00 the third Sunday in January. Although ad hoc, it matches
# transitions since late 2014 and seems more likely to match future
......@@ -568,7 +574,7 @@ Zone Pacific/Port_Moresby 9:48:40 - LMT 1880
# Base the Bougainville entry on the Arawa-Kieta region, which appears to have
# the most people even though it was devastated in the Bougainville Civil War.
#
# Although Shanks gives 1942-03-15 / 1943-11-01 for JST, these dates
# Although Shanks gives 1942-03-15 / 1943-11-01 for UT +09, these dates
# are apparently rough guesswork from the starts of military campaigns.
# The World War II entries below are instead based on Arawa-Kieta.
# The Japanese occupied Kieta in July 1942,
......@@ -576,8 +582,8 @@ Zone Pacific/Port_Moresby 9:48:40 - LMT 1880
# http://pwencycl.kgbudge.com/B/o/Bougainville.htm
# and seem to have controlled it until their 1945-08-21 surrender.
#
# The Autonomous Region of Bougainville plans to switch from UTC+10 to UTC+11
# on 2014-12-28 at 02:00. They call UTC+11 "Bougainville Standard Time";
# The Autonomous Region of Bougainville switched from UT +10 to +11
# on 2014-12-28 at 02:00. They call +11 "Bougainville Standard Time";
# abbreviate this as BST. See:
# http://www.bougainville24.com/bougainville-issues/bougainville-gets-own-timezone/
#
......@@ -643,7 +649,7 @@ Link Pacific/Pago_Pago Pacific/Midway # in US minor outlying islands
# From Paul Eggert (2014-06-27):
# The International Date Line Act 2011
# http://www.parliament.gov.ws/images/ACTS/International_Date_Line_Act__2011_-_Eng.pdf
# changed Samoa from UTC-11 to UTC+13, effective "12 o'clock midnight, on
# changed Samoa from UT -11 to +13, effective "12 o'clock midnight, on
# Thursday 29th December 2011". The International Date Line was adjusted
# accordingly.
......@@ -719,11 +725,13 @@ Rule Tonga 1999 only - Oct 7 2:00s 1:00 S
Rule Tonga 2000 only - Mar 19 2:00s 0 -
Rule Tonga 2000 2001 - Nov Sun>=1 2:00 1:00 S
Rule Tonga 2001 2002 - Jan lastSun 2:00 0 -
Rule Tonga 2016 max - Nov Sun>=1 2:00 1:00 S
Rule Tonga 2017 max - Jan Sun>=15 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Tongatapu 12:19:20 - LMT 1901
12:20 - TOT 1941 # Tonga Time
13:00 - TOT 1999
13:00 Tonga TO%sT
12:20 - +1220 1941
13:00 - +13 1999
13:00 Tonga +13/+14
# Tuvalu
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -738,7 +746,7 @@ Zone Pacific/Funafuti 11:56:52 - LMT 1901
# 1886-1891; Baker was similar but exact dates are not known.
# Inhabited by civilians 1935-1942; U.S. military bases 1943-1944;
# uninhabited thereafter.
# Howland observed Hawaii Standard Time (UT-10:30) in 1937;
# Howland observed Hawaii Standard Time (UT -10:30) in 1937;
# see page 206 of Elgen M. Long and Marie K. Long,
# Amelia Earhart: the Mystery Solved, Simon & Schuster (2000).
# So most likely Howland and Baker observed Hawaii Time from 1935
......@@ -1496,7 +1504,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# Zealand time. I understand that is the time they keep locally, anyhow."
# For now, assume this practice goes back to the introduction of standard time
# in New Zealand, as this would make Chatham Islands time almost exactly match
# LMT back when New Zealand was at UTC+11:30; also, assume Chatham Islands did
# LMT back when New Zealand was at UT +11:30; also, assume Chatham Islands did
# not observe New Zealand's prewar DST.
###############################################################################
......@@ -1552,7 +1560,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# For now, we assume the Ladrones switched at the same time as the Philippines;
# see Asia/Manila.
# US Public Law 106-564 (2000-12-23) made UTC+10 the official standard time,
# US Public Law 106-564 (2000-12-23) made UT +10 the official standard time,
# under the name "Chamorro Standard Time". There is no official abbreviation,
# but Congressman Robert A. Underwood, author of the bill that became law,
# wrote in a press release (2000-12-27) that he will seek the use of "ChST".
......@@ -1564,15 +1572,15 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# "I am certain, having lived there for the past decade, that 'Truk'
# (now properly known as Chuuk) ... is in the time zone GMT+10."
#
# Shanks & Pottenger write that Truk switched from UTC+10 to UTC+11
# Shanks & Pottenger write that Truk switched from UT +10 to +11
# on 1978-10-01; ignore this for now.
# From Paul Eggert (1999-10-29):
# The Federated States of Micronesia Visitors Board writes in
# The Federated States of Micronesia - Visitor Information (1999-01-26)
# http://www.fsmgov.org/info/clocks.html
# that Truk and Yap are UTC+10, and Ponape and Kosrae are UTC+11.
# We don't know when Kosrae switched from UTC+12; assume January 1 for now.
# that Truk and Yap are UT +10, and Ponape and Kosrae are +11.
# We don't know when Kosrae switched from +12; assume January 1 for now.
# Midway
......@@ -1638,11 +1646,11 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# ordaining - by a masterpiece of diplomatic flattery - that
# the Fourth of July should be celebrated twice in that year."
# Although Shanks & Pottenger says they both switched to UTC-11:30
# in 1911, and to UTC-11 in 1950. many earlier sources give UTC-11
# Although Shanks & Pottenger says they both switched to UT -11:30
# in 1911, and to -11 in 1950. many earlier sources give -11
# for American Samoa, e.g., the US National Bureau of Standards
# circular "Standard Time Throughout the World", 1932.
# Assume American Samoa switched to UTC-11 in 1911, not 1950,
# Assume American Samoa switched to -11 in 1911, not 1950,
# and that after 1950 they agreed until (western) Samoa skipped a
# day in 2011. Assume also that the Samoas follow the US and New
# Zealand's "ST"/"DT" style of daylight-saving abbreviations.
......@@ -1729,9 +1737,17 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# of January the standard time in the Kingdom shall be moved backward by one
# hour to 1:00am.
# From Pulu 'Anau (2002-11-05):
# From Pulu ʻAnau (2002-11-05):
# The law was for 3 years, supposedly to get renewed. It wasn't.
# From Pulu ʻAnau (2016-10-27):
# http://mic.gov.to/news-today/press-releases/6375-daylight-saving-set-to-run-from-6-november-2016-to-15-january-2017
# Cannot find anyone who knows the rules, has seen the duration or has seen
# the cabinet decision, but it appears we are following Fiji's rule set.
#
# From Tim Parenti (2016-10-26):
# Assume Tonga will observe DST from the first Sunday in November at 02:00
# through the third Sunday in January at 03:00, like Fiji, for now.
# Wake
......
make/data/tzdata/backward
浏览文件 @ 83f4f6a9
......@@ -59,6 +59,7 @@ Link Asia/Shanghai Asia/Harbin
Link Asia/Urumqi Asia/Kashgar
Link Asia/Kathmandu Asia/Katmandu
Link Asia/Macau Asia/Macao
Link Asia/Yangon Asia/Rangoon
Link Asia/Ho_Chi_Minh Asia/Saigon
Link Asia/Jerusalem Asia/Tel_Aviv
Link Asia/Thimphu Asia/Thimbu
......
make/data/tzdata/etcetera
浏览文件 @ 83f4f6a9
......@@ -31,6 +31,13 @@
# need now for the entries that are not on UTC are for ships at sea
# that cannot use POSIX TZ settings.
# Starting with POSIX 1003.1-2001, the entries below are all
# unnecessary as settings for the TZ environment variable. E.g.,
# instead of TZ='Etc/GMT+4' one can use the POSIX setting TZ='<-04>+4'.
#
# Do not use a POSIX TZ setting like TZ='GMT+4', which is four hours
# behind GMT but uses the completely misleading abbreviation "GMT".
Zone Etc/GMT 0 - GMT
Zone Etc/UTC 0 - UTC
Zone Etc/UCT 0 - UCT
......@@ -49,23 +56,13 @@ Link Etc/GMT Etc/GMT-0
Link Etc/GMT Etc/GMT+0
Link Etc/GMT Etc/GMT0
# We use POSIX-style signs in the Zone names and the output abbreviations,
# Be consistent with POSIX TZ settings in the Zone names,
# even though this is the opposite of what many people expect.
# POSIX has positive signs west of Greenwich, but many people expect
# positive signs east of Greenwich. For example, TZ='Etc/GMT+4' uses
# the abbreviation "GMT+4" and corresponds to 4 hours behind UT
# the abbreviation "-04" and corresponds to 4 hours behind UT
# (i.e. west of Greenwich) even though many people would expect it to
# mean 4 hours ahead of UT (i.e. east of Greenwich).
#
# In the draft 5 of POSIX 1003.1-200x, the angle bracket notation allows for
# TZ='<GMT-4>+4'; if you want time zone abbreviations conforming to
# ISO 8601 you can use TZ='<-0400>+4'. Thus the commonly-expected
# offset is kept within the angle bracket (and is used for display)
# while the POSIX sign is kept outside the angle bracket (and is used
# for calculation).
#
# Do not use a TZ setting like TZ='GMT+4', which is four hours behind
# GMT but uses the completely misleading abbreviation "GMT".
# Earlier incarnations of this package were not POSIX-compliant,
# and had lines such as
......@@ -74,30 +71,31 @@ Link Etc/GMT Etc/GMT0
# way does a
# zic -l GMT-12
# so we moved the names into the Etc subdirectory.
# Also, the time zone abbreviations are now compatible with %z.
Zone Etc/GMT-14 14 - GMT-14 # 14 hours ahead of GMT
Zone Etc/GMT-13 13 - GMT-13
Zone Etc/GMT-12 12 - GMT-12
Zone Etc/GMT-11 11 - GMT-11
Zone Etc/GMT-10 10 - GMT-10
Zone Etc/GMT-9 9 - GMT-9
Zone Etc/GMT-8 8 - GMT-8
Zone Etc/GMT-7 7 - GMT-7
Zone Etc/GMT-6 6 - GMT-6
Zone Etc/GMT-5 5 - GMT-5
Zone Etc/GMT-4 4 - GMT-4
Zone Etc/GMT-3 3 - GMT-3
Zone Etc/GMT-2 2 - GMT-2
Zone Etc/GMT-1 1 - GMT-1
Zone Etc/GMT+1 -1 - GMT+1
Zone Etc/GMT+2 -2 - GMT+2
Zone Etc/GMT+3 -3 - GMT+3
Zone Etc/GMT+4 -4 - GMT+4
Zone Etc/GMT+5 -5 - GMT+5
Zone Etc/GMT+6 -6 - GMT+6
Zone Etc/GMT+7 -7 - GMT+7
Zone Etc/GMT+8 -8 - GMT+8
Zone Etc/GMT+9 -9 - GMT+9
Zone Etc/GMT+10 -10 - GMT+10
Zone Etc/GMT+11 -11 - GMT+11
Zone Etc/GMT+12 -12 - GMT+12
Zone Etc/GMT-14 14 - +14
Zone Etc/GMT-13 13 - +13
Zone Etc/GMT-12 12 - +12
Zone Etc/GMT-11 11 - +11
Zone Etc/GMT-10 10 - +10
Zone Etc/GMT-9 9 - +09
Zone Etc/GMT-8 8 - +08
Zone Etc/GMT-7 7 - +07
Zone Etc/GMT-6 6 - +06
Zone Etc/GMT-5 5 - +05
Zone Etc/GMT-4 4 - +04
Zone Etc/GMT-3 3 - +03
Zone Etc/GMT-2 2 - +02
Zone Etc/GMT-1 1 - +01
Zone Etc/GMT+1 -1 - -01
Zone Etc/GMT+2 -2 - -02
Zone Etc/GMT+3 -3 - -03
Zone Etc/GMT+4 -4 - -04
Zone Etc/GMT+5 -5 - -05
Zone Etc/GMT+6 -6 - -06
Zone Etc/GMT+7 -7 - -07
Zone Etc/GMT+8 -8 - -08
Zone Etc/GMT+9 -9 - -09
Zone Etc/GMT+10 -10 - -10
Zone Etc/GMT+11 -11 - -11
Zone Etc/GMT+12 -12 - -12
make/data/tzdata/europe
浏览文件 @ 83f4f6a9
......@@ -98,8 +98,7 @@
# 1:00 CET CEST CEMT Central Europe
# 1:00:14 SET Swedish (1879-1899)*
# 2:00 EET EEST Eastern Europe
# 3:00 FET Further-eastern Europe (2011-2014)*
# 3:00 MSK MSD MSM* Minsk, Moscow
# 3:00 MSK MSD Moscow
# From Peter Ilieve (1994-12-04),
# The original six [EU members]: Belgium, France, (West) Germany, Italy,
......@@ -606,16 +605,33 @@ Rule E-Eur 1979 1995 - Sep lastSun 0:00 0 -
Rule E-Eur 1981 max - Mar lastSun 0:00 1:00 S
Rule E-Eur 1996 max - Oct lastSun 0:00 0 -
# Daylight saving time for Russia and the Soviet Union
#
# The 1917-1921 decree URLs are from Alexander Belopolsky (2016-08-23).
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Russia 1917 only - Jul 1 23:00 1:00 MST # Moscow Summer Time
#
# Decree No. 142 (1917-12-22) http://istmat.info/node/28137
Rule Russia 1917 only - Dec 28 0:00 0 MMT # Moscow Mean Time
#
# Decree No. 497 (1918-05-30) http://istmat.info/node/30001
Rule Russia 1918 only - May 31 22:00 2:00 MDST # Moscow Double Summer Time
Rule Russia 1918 only - Sep 16 1:00 1:00 MST
#
# Decree No. 258 (1919-05-29) http://istmat.info/node/37949
Rule Russia 1919 only - May 31 23:00 2:00 MDST
Rule Russia 1919 only - Jul 1 2:00 1:00 MSD
#
Rule Russia 1919 only - Jul 1 0:00u 1:00 MSD
Rule Russia 1919 only - Aug 16 0:00 0 MSK
#
# Decree No. 63 (1921-02-03) http://istmat.info/node/45840
Rule Russia 1921 only - Feb 14 23:00 1:00 MSD
Rule Russia 1921 only - Mar 20 23:00 2:00 MSM # Midsummer
#
# Decree No. 121 (1921-03-07) http://istmat.info/node/45949
Rule Russia 1921 only - Mar 20 23:00 2:00 +05
#
Rule Russia 1921 only - Sep 1 0:00 1:00 MSD
Rule Russia 1921 only - Oct 1 0:00 0 -
# Act No. 925 of the Council of Ministers of the USSR (1980-10-24):
......@@ -798,8 +814,6 @@ Zone Europe/Vienna 1:05:21 - LMT 1893 Apr
# From Alexander Bokovoy (2014-10-09):
# Belarussian government decided against changing to winter time....
# http://eng.belta.by/all_news/society/Belarus-decides-against-adjusting-time-in-Russias-wake_i_76335.html
# From Paul Eggert (2014-10-08):
# Hence Belarus can share time zone abbreviations with Moscow again.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Minsk 1:50:16 - LMT 1880
......@@ -810,8 +824,7 @@ Zone Europe/Minsk 1:50:16 - LMT 1880
3:00 Russia MSK/MSD 1990
3:00 - MSK 1991 Mar 31 2:00s
2:00 Russia EE%sT 2011 Mar 27 2:00s
3:00 - FET 2014 Oct 26 1:00s
3:00 - MSK
3:00 - +03
# Belgium
#
......@@ -1319,7 +1332,7 @@ Zone Europe/Paris 0:09:21 - LMT 1891 Mar 15 0:01
# http://www.parlament-berlin.de/pds-fraktion.nsf/727459127c8b66ee8525662300459099/defc77cb784f180ac1256c2b0030274b/$FILE/bersarint.pdf
# says that Bersarin issued an order to use Moscow time on May 20.
# However, Moscow did not observe daylight saving in 1945, so
# this was equivalent to CEMT (GMT+3), not GMT+4.
# this was equivalent to UT +03, not +04.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
......@@ -1510,73 +1523,84 @@ Zone Atlantic/Reykjavik -1:28 - LMT 1908
# But these events all occurred before the 1970 cutoff,
# so record only the time in Rome.
#
# From Paul Eggert (2006-03-22):
# For Italian DST we have three sources: Shanks & Pottenger, Whitman, and
# F. Pollastri
# Day-light Saving Time in Italy (2006-02-03)
# http://toi.iriti.cnr.it/uk/ienitlt.html
# ('FP' below), taken from an Italian National Electrotechnical Institute
# publication. When the three sources disagree, guess who's right, as follows:
#
# year FP Shanks&P. (S) Whitman (W) Go with:
# 1916 06-03 06-03 24:00 06-03 00:00 FP & W
# 09-30 09-30 24:00 09-30 01:00 FP; guess 24:00s
# 1917 04-01 03-31 24:00 03-31 00:00 FP & S
# 09-30 09-29 24:00 09-30 01:00 FP & W
# 1918 03-09 03-09 24:00 03-09 00:00 FP & S
# 10-06 10-05 24:00 10-06 01:00 FP & W
# 1919 03-01 03-01 24:00 03-01 00:00 FP & S
# 10-04 10-04 24:00 10-04 01:00 FP; guess 24:00s
# 1920 03-20 03-20 24:00 03-20 00:00 FP & S
# 09-18 09-18 24:00 10-01 01:00 FP; guess 24:00s
# 1944 04-02 04-03 02:00 S (see C-Eur)
# 09-16 10-02 03:00 FP; guess 24:00s
# 1945 09-14 09-16 24:00 FP; guess 24:00s
# 1970 05-21 05-31 00:00 S
# 09-20 09-27 00:00 S
# From Michael Deckers (2016-10-24):
# http://www.ac-ilsestante.it/MERIDIANE/ora_legale quotes a law of 1893-08-10
# ... [translated as] "The preceding dispositions will enter into
# force at the instant at which, according to the time specified in
# the 1st article, the 1st of November 1893 will begin...."
#
# From Pierpaolo Bernardi (2016-10-20):
# The authoritative source for time in Italy is the national metrological
# institute, which has a summary page of historical DST data at
# http://www.inrim.it/res/tf/ora_legale_i.shtml
# (2016-10-24):
# http://www.renzobaldini.it/le-ore-legali-in-italia/
# has still different data for 1944. It divides Italy in two, as
# there were effectively two governments at the time, north of Gothic
# Line German controlled territory, official government RSI, and south
# of the Gothic Line, controlled by allied armies.
#
# From Brian Inglis (2016-10-23):
# Viceregal LEGISLATIVE DECREE. 14 September 1944, no. 219.
# Restoration of Standard Time. (044U0219) (OJ 62 of 30.9.1944) ...
# Given the R. law decreed on 1944-03-29, no. 92, by which standard time is
# advanced to sixty minutes later starting at hour two on 1944-04-02; ...
# Starting at hour three on the date 1944-09-17 standard time will be resumed.
#
# From Paul Eggert (2016-10-27):
# Go with INRiM for DST rules, except as corrected by Inglis for 1944
# for the Kingdom of Italy. This is consistent with Renzo Baldini.
# Model Rome's occupation by using using C-Eur rules from 1943-09-10
# to 1944-06-04; although Rome was an open city during this period, it
# was effectively controlled by Germany.
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Italy 1916 only - Jun 3 0:00s 1:00 S
Rule Italy 1916 only - Oct 1 0:00s 0 -
Rule Italy 1917 only - Apr 1 0:00s 1:00 S
Rule Italy 1917 only - Sep 30 0:00s 0 -
Rule Italy 1918 only - Mar 10 0:00s 1:00 S
Rule Italy 1918 1919 - Oct Sun>=1 0:00s 0 -
Rule Italy 1919 only - Mar 2 0:00s 1:00 S
Rule Italy 1920 only - Mar 21 0:00s 1:00 S
Rule Italy 1920 only - Sep 19 0:00s 0 -
Rule Italy 1940 only - Jun 15 0:00s 1:00 S
Rule Italy 1944 only - Sep 17 0:00s 0 -
Rule Italy 1945 only - Apr 2 2:00 1:00 S
Rule Italy 1945 only - Sep 15 0:00s 0 -
Rule Italy 1946 only - Mar 17 2:00s 1:00 S
Rule Italy 1946 only - Oct 6 2:00s 0 -
Rule Italy 1947 only - Mar 16 0:00s 1:00 S
Rule Italy 1947 only - Oct 5 0:00s 0 -
Rule Italy 1948 only - Feb 29 2:00s 1:00 S
Rule Italy 1948 only - Oct 3 2:00s 0 -
Rule Italy 1966 1968 - May Sun>=22 0:00 1:00 S
Rule Italy 1966 1969 - Sep Sun>=22 0:00 0 -
Rule Italy 1969 only - Jun 1 0:00 1:00 S
Rule Italy 1970 only - May 31 0:00 1:00 S
Rule Italy 1970 only - Sep lastSun 0:00 0 -
Rule Italy 1971 1972 - May Sun>=22 0:00 1:00 S
Rule Italy 1971 only - Sep lastSun 1:00 0 -
Rule Italy 1972 only - Oct 1 0:00 0 -
Rule Italy 1973 only - Jun 3 0:00 1:00 S
Rule Italy 1973 1974 - Sep lastSun 0:00 0 -
Rule Italy 1974 only - May 26 0:00 1:00 S
Rule Italy 1975 only - Jun 1 0:00s 1:00 S
Rule Italy 1975 1977 - Sep lastSun 0:00s 0 -
Rule Italy 1976 only - May 30 0:00s 1:00 S
Rule Italy 1977 1979 - May Sun>=22 0:00s 1:00 S
Rule Italy 1978 only - Oct 1 0:00s 0 -
Rule Italy 1979 only - Sep 30 0:00s 0 -
Rule Italy 1916 only - Jun 3 24:00 1:00 S
Rule Italy 1916 1917 - Sep 30 24:00 0 -
Rule Italy 1917 only - Mar 31 24:00 1:00 S
Rule Italy 1918 only - Mar 9 24:00 1:00 S
Rule Italy 1918 only - Oct 6 24:00 0 -
Rule Italy 1919 only - Mar 1 24:00 1:00 S
Rule Italy 1919 only - Oct 4 24:00 0 -
Rule Italy 1920 only - Mar 20 24:00 1:00 S
Rule Italy 1920 only - Sep 18 24:00 0 -
Rule Italy 1940 only - Jun 14 24:00 1:00 S
Rule Italy 1942 only - Nov 2 2:00s 0 -
Rule Italy 1943 only - Mar 29 2:00s 1:00 S
Rule Italy 1943 only - Oct 4 2:00s 0 -
Rule Italy 1944 only - Apr 2 2:00s 1:00 S
Rule Italy 1944 only - Sep 17 2:00s 0 -
Rule Italy 1945 only - Apr 2 2:00 1:00 S
Rule Italy 1945 only - Sep 15 1:00 0 -
Rule Italy 1946 only - Mar 17 2:00s 1:00 S
Rule Italy 1946 only - Oct 6 2:00s 0 -
Rule Italy 1947 only - Mar 16 0:00s 1:00 S
Rule Italy 1947 only - Oct 5 0:00s 0 -
Rule Italy 1948 only - Feb 29 2:00s 1:00 S
Rule Italy 1948 only - Oct 3 2:00s 0 -
Rule Italy 1966 1968 - May Sun>=22 0:00s 1:00 S
Rule Italy 1966 only - Sep 24 24:00 0 -
Rule Italy 1967 1969 - Sep Sun>=22 0:00s 0 -
Rule Italy 1969 only - Jun 1 0:00s 1:00 S
Rule Italy 1970 only - May 31 0:00s 1:00 S
Rule Italy 1970 only - Sep lastSun 0:00s 0 -
Rule Italy 1971 1972 - May Sun>=22 0:00s 1:00 S
Rule Italy 1971 only - Sep lastSun 0:00s 0 -
Rule Italy 1972 only - Oct 1 0:00s 0 -
Rule Italy 1973 only - Jun 3 0:00s 1:00 S
Rule Italy 1973 1974 - Sep lastSun 0:00s 0 -
Rule Italy 1974 only - May 26 0:00s 1:00 S
Rule Italy 1975 only - Jun 1 0:00s 1:00 S
Rule Italy 1975 1977 - Sep lastSun 0:00s 0 -
Rule Italy 1976 only - May 30 0:00s 1:00 S
Rule Italy 1977 1979 - May Sun>=22 0:00s 1:00 S
Rule Italy 1978 only - Oct 1 0:00s 0 -
Rule Italy 1979 only - Sep 30 0:00s 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Rome 0:49:56 - LMT 1866 Sep 22
0:49:56 - RMT 1893 Nov 1 0:00s # Rome Mean
1:00 Italy CE%sT 1942 Nov 2 2:00s
1:00 C-Eur CE%sT 1944 Jul
0:49:56 - RMT 1893 Oct 31 23:49:56 # Rome Mean
1:00 Italy CE%sT 1943 Sep 10
1:00 C-Eur CE%sT 1944 Jun 4
1:00 Italy CE%sT 1980
1:00 EU CE%sT
......@@ -1775,6 +1799,10 @@ Zone Europe/Luxembourg 0:24:36 - LMT 1904 Jun
# See Europe/Belgrade.
# Malta
#
# From Paul Eggert (2016-10-21):
# Assume 1900-1972 was like Rome, overriding Shanks.
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Malta 1973 only - Mar 31 0:00s 1:00 S
Rule Malta 1973 only - Sep 29 0:00s 0 -
......@@ -1785,8 +1813,6 @@ Rule Malta 1975 1980 - Sep Sun>=15 2:00 0 -
Rule Malta 1980 only - Mar 31 2:00 1:00 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Malta 0:58:04 - LMT 1893 Nov 2 0:00s # Valletta
1:00 Italy CE%sT 1942 Nov 2 2:00s
1:00 C-Eur CE%sT 1945 Apr 2 2:00s
1:00 Italy CE%sT 1973 Mar 31
1:00 Malta CE%sT 1981
1:00 EU CE%sT
......@@ -1918,7 +1944,7 @@ Zone Europe/Monaco 0:29:32 - LMT 1891 Mar 15
# Amsterdam mean time.
# The data entries before 1945 are taken from
# http://www.phys.uu.nl/~vgent/wettijd/wettijd.htm
# http://www.staff.science.uu.nl/~gent0113/wettijd/wettijd.htm
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Neth 1916 only - May 1 0:00 1:00 NST # Netherlands Summer Time
......@@ -2283,7 +2309,6 @@ Zone Europe/Bucharest 1:44:24 - LMT 1891 Oct
# http://www.worldtimezone.com/dst_news/dst_news_russia-map-2014-07.html
# From Paul Eggert (2006-03-22):
# Except for Moscow after 1919-07-01, I invented the time zone abbreviations.
# Moscow time zone abbreviations after 1919-07-01, and Moscow rules after 1991,
# are from Andrey A. Chernov. The rest is from Shanks & Pottenger,
# except we follow Chernov's report that 1992 DST transitions were Sat
......@@ -2359,7 +2384,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
2:00 Poland CE%sT 1946
3:00 Russia MSK/MSD 1989 Mar 26 2:00s
2:00 Russia EE%sT 2011 Mar 27 2:00s
3:00 - FET 2014 Oct 26 2:00s
3:00 - +03 2014 Oct 26 2:00s
2:00 - EET
......@@ -2412,6 +2437,16 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
# 78 RU-SPE Saint Petersburg
# 83 RU-NEN Nenets Autonomous Okrug
# From Paul Eggert (2016-08-23):
# The Soviets switched to UT-based time in 1919. Decree No. 59
# (1919-02-08) http://istmat.info/node/35567 established UT-based time
# zones, and Decree No. 147 (1919-03-29) http://istmat.info/node/35854
# specified a transition date of 1919-07-01, apparently at 00:00 UT.
# No doubt only the Soviet-controlled regions switched on that date;
# later transitions to UT-based time in other parts of Russia are
# taken from what appear to be guesses by Shanks.
# (Thanks to Alexander Belopolsky for pointers to the decrees.)
# From Stepan Golosunov (2016-03-07):
# 11. Regions-violators, 1981-1982.
# Wikipedia refers to
......@@ -2453,7 +2488,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
# attributes the 1982 changes to the Act of the Council of Ministers
# of the USSR No. 126 from 18.02.1982. 1980-925.txt also adds
# Udmurtia to the list of affected territories and lists Khatangsky
# district separately from Taymyr Autonomous Okurg. Probably erroneously.
# district separately from Taymyr Autonomous Okrug. Probably erroneously.
#
# The affected territories are currently listed under Europe/Moscow,
# Asia/Yekaterinburg and Asia/Krasnoyarsk.
......@@ -2513,7 +2548,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
Zone Europe/Moscow 2:30:17 - LMT 1880
2:30:17 - MMT 1916 Jul 3 # Moscow Mean Time
2:31:19 Russia %s 1919 Jul 1 2:00
2:31:19 Russia %s 1919 Jul 1 0:00u
3:00 Russia %s 1921 Oct
3:00 Russia MSK/MSD 1922 Oct
2:00 - EET 1930 Jun 21
......@@ -2596,22 +2631,21 @@ Zone Europe/Astrakhan 3:12:12 - LMT 1924 May
# The 1988 transition is from USSR act No. 5 (1988-01-04).
Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3
3:00 - TSAT 1925 Apr 6 # Tsaritsyn Time
3:00 - STAT 1930 Jun 21 # Stalingrad Time
4:00 - STAT 1961 Nov 11
4:00 Russia VOL%sT 1988 Mar 27 2:00s # Volgograd T
3:00 Russia VOL%sT 1991 Mar 31 2:00s
4:00 - VOLT 1992 Mar 29 2:00s
3:00 Russia MSK/MSD 2011 Mar 27 2:00s
4:00 - MSK 2014 Oct 26 2:00s
3:00 - MSK
3:00 - +03 1930 Jun 21
4:00 - +04 1961 Nov 11
4:00 Russia +04/+05 1988 Mar 27 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
4:00 - +04 1992 Mar 29 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04 2014 Oct 26 2:00s
3:00 - +03
# From Paul Eggert (2016-03-18):
# Europe/Kirov covers:
# 43 RU-KIR Kirov Oblast
# The 1989 transition is from USSR act No. 227 (1989-03-14).
#
Zone Europe/Kirov 3:18:48 - LMT 1919 Jul 1 2:00
Zone Europe/Kirov 3:18:48 - LMT 1919 Jul 1 0:00u
3:00 - +03 1930 Jun 21
4:00 Russia +04/+05 1989 Mar 26 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
......@@ -2629,16 +2663,16 @@ Zone Europe/Kirov 3:18:48 - LMT 1919 Jul 1 2:00
# Byalokoz 1919 says Samara was 3:20:20.
# The 1989 transition is from USSR act No. 227 (1989-03-14).
Zone Europe/Samara 3:20:20 - LMT 1919 Jul 1 2:00
3:00 - SAMT 1930 Jun 21 # Samara Time
4:00 - SAMT 1935 Jan 27
4:00 Russia KUY%sT 1989 Mar 26 2:00s # Kuybyshev
3:00 Russia MSK/MSD 1991 Mar 31 2:00s
2:00 Russia EE%sT 1991 Sep 29 2:00s
3:00 - SAMT 1991 Oct 20 3:00
4:00 Russia SAM%sT 2010 Mar 28 2:00s
3:00 Russia SAM%sT 2011 Mar 27 2:00s
4:00 - SAMT
Zone Europe/Samara 3:20:20 - LMT 1919 Jul 1 0:00u
3:00 - +03 1930 Jun 21
4:00 - +04 1935 Jan 27
4:00 Russia +04/+05 1989 Mar 26 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
2:00 Russia +02/+03 1991 Sep 29 2:00s
3:00 - +03 1991 Oct 20 3:00
4:00 Russia +04/+05 2010 Mar 28 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04
# From Paul Eggert (2016-03-18):
# Europe/Ulyanovsk covers:
......@@ -2653,7 +2687,7 @@ Zone Europe/Samara 3:20:20 - LMT 1919 Jul 1 2:00
# From Matt Johnson (2016-03-09):
# http://publication.pravo.gov.ru/Document/View/0001201603090051
Zone Europe/Ulyanovsk 3:13:36 - LMT 1919 Jul 1 2:00
Zone Europe/Ulyanovsk 3:13:36 - LMT 1919 Jul 1 0:00u
3:00 - +03 1930 Jun 21
4:00 Russia +04/+05 1989 Mar 26 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
......@@ -2685,12 +2719,12 @@ Zone Europe/Ulyanovsk 3:13:36 - LMT 1919 Jul 1 2:00
Zone Asia/Yekaterinburg 4:02:33 - LMT 1916 Jul 3
3:45:05 - PMT 1919 Jul 15 4:00
4:00 - SVET 1930 Jun 21 # Sverdlovsk Time
5:00 Russia SVE%sT 1991 Mar 31 2:00s
4:00 Russia SVE%sT 1992 Jan 19 2:00s
5:00 Russia YEK%sT 2011 Mar 27 2:00s
6:00 - YEKT 2014 Oct 26 2:00s
5:00 - YEKT
4:00 - +04 1930 Jun 21
5:00 Russia +05/+06 1991 Mar 31 2:00s
4:00 Russia +04/+05 1992 Jan 19 2:00s
5:00 Russia +05/+06 2011 Mar 27 2:00s
6:00 - +06 2014 Oct 26 2:00s
5:00 - +05
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
......@@ -2700,12 +2734,12 @@ Zone Asia/Yekaterinburg 4:02:33 - LMT 1916 Jul 3
# Byalokoz 1919 says Omsk was 4:53:30.
Zone Asia/Omsk 4:53:30 - LMT 1919 Nov 14
5:00 - OMST 1930 Jun 21 # Omsk Time
6:00 Russia OMS%sT 1991 Mar 31 2:00s
5:00 Russia OMS%sT 1992 Jan 19 2:00s
6:00 Russia OMS%sT 2011 Mar 27 2:00s
7:00 - OMST 2014 Oct 26 2:00s
6:00 - OMST
5:00 - +05 1930 Jun 21
6:00 Russia +06/+07 1991 Mar 31 2:00s
5:00 Russia +05/+06 1992 Jan 19 2:00s
6:00 Russia +06/+07 2011 Mar 27 2:00s
7:00 - +07 2014 Oct 26 2:00s
6:00 - +06
# From Paul Eggert (2016-02-22):
# Asia/Barnaul covers:
......@@ -2785,7 +2819,7 @@ Zone Asia/Novosibirsk 5:31:40 - LMT 1919 Dec 14 6:00
# Note that time belts (numbered from 2 (Moscow) to 12 according to their
# GMT/UTC offset and having too many exceptions like regions formally
# belonging to one belt but using time from another) were replaced
# with time zones in 2011 with different numberings (there was a
# with time zones in 2011 with different numbering (there was a
# 2-hour gap between second and third zones in 2011-2014).
# From Stepan Golosunov (2016-04-12):
......@@ -2868,12 +2902,12 @@ Zone Asia/Novokuznetsk 5:48:48 - LMT 1924 May 1
# Byalokoz 1919 says Krasnoyarsk was 6:11:26.
Zone Asia/Krasnoyarsk 6:11:26 - LMT 1920 Jan 6
6:00 - KRAT 1930 Jun 21 # Krasnoyarsk Time
7:00 Russia KRA%sT 1991 Mar 31 2:00s
6:00 Russia KRA%sT 1992 Jan 19 2:00s
7:00 Russia KRA%sT 2011 Mar 27 2:00s
8:00 - KRAT 2014 Oct 26 2:00s
7:00 - KRAT
6:00 - +06 1930 Jun 21
7:00 Russia +07/+08 1991 Mar 31 2:00s
6:00 Russia +06/+07 1992 Jan 19 2:00s
7:00 Russia +07/+08 2011 Mar 27 2:00s
8:00 - +08 2014 Oct 26 2:00s
7:00 - +07
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
......@@ -2890,12 +2924,12 @@ Zone Asia/Krasnoyarsk 6:11:26 - LMT 1920 Jan 6
Zone Asia/Irkutsk 6:57:05 - LMT 1880
6:57:05 - IMT 1920 Jan 25 # Irkutsk Mean Time
7:00 - IRKT 1930 Jun 21 # Irkutsk Time
8:00 Russia IRK%sT 1991 Mar 31 2:00s
7:00 Russia IRK%sT 1992 Jan 19 2:00s
8:00 Russia IRK%sT 2011 Mar 27 2:00s
9:00 - IRKT 2014 Oct 26 2:00s
8:00 - IRKT
7:00 - +07 1930 Jun 21
8:00 Russia +08/+09 1991 Mar 31 2:00s
7:00 Russia +07/+08 1992 Jan 19 2:00s
8:00 Russia +08/+09 2011 Mar 27 2:00s
9:00 - +09 2014 Oct 26 2:00s
8:00 - +08
# From Tim Parenti (2014-07-06):
......@@ -2912,13 +2946,13 @@ Zone Asia/Irkutsk 6:57:05 - LMT 1880
# http://publication.pravo.gov.ru/Document/View/0001201512300107
Zone Asia/Chita 7:33:52 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAK%sT 1991 Mar 31 2:00s
8:00 Russia YAK%sT 1992 Jan 19 2:00s
9:00 Russia YAK%sT 2011 Mar 27 2:00s
10:00 - YAKT 2014 Oct 26 2:00s
8:00 - IRKT 2016 Mar 27 2:00
9:00 - YAKT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1991 Mar 31 2:00s
8:00 Russia +08/+09 1992 Jan 19 2:00s
9:00 Russia +09/+10 2011 Mar 27 2:00s
10:00 - +10 2014 Oct 26 2:00s
8:00 - +08 2016 Mar 27 2:00
9:00 - +09
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
......@@ -2958,12 +2992,12 @@ Zone Asia/Chita 7:33:52 - LMT 1919 Dec 15
# Byalokoz 1919 says Yakutsk was 8:38:58.
Zone Asia/Yakutsk 8:38:58 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAK%sT 1991 Mar 31 2:00s
8:00 Russia YAK%sT 1992 Jan 19 2:00s
9:00 Russia YAK%sT 2011 Mar 27 2:00s
10:00 - YAKT 2014 Oct 26 2:00s
9:00 - YAKT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1991 Mar 31 2:00s
8:00 Russia +08/+09 1992 Jan 19 2:00s
9:00 Russia +09/+10 2011 Mar 27 2:00s
10:00 - +10 2014 Oct 26 2:00s
9:00 - +09
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
......@@ -2981,12 +3015,12 @@ Zone Asia/Yakutsk 8:38:58 - LMT 1919 Dec 15
# Go with Byalokoz.
Zone Asia/Vladivostok 8:47:31 - LMT 1922 Nov 15
9:00 - VLAT 1930 Jun 21 # Vladivostok Time
10:00 Russia VLA%sT 1991 Mar 31 2:00s
9:00 Russia VLA%sT 1992 Jan 19 2:00s
10:00 Russia VLA%sT 2011 Mar 27 2:00s
11:00 - VLAT 2014 Oct 26 2:00s
10:00 - VLAT
9:00 - +09 1930 Jun 21
10:00 Russia +10/+11 1991 Mar 31 2:00s
9:00 Russia +09/+10 1992 Jan 19 2:00s
10:00 Russia +10/+11 2011 Mar 27 2:00s
11:00 - +11 2014 Oct 26 2:00s
10:00 - +10
# From Tim Parenti (2014-07-03):
......@@ -3004,14 +3038,14 @@ Zone Asia/Vladivostok 8:47:31 - LMT 1922 Nov 15
# This transition is no doubt wrong, but we have no better info.
Zone Asia/Khandyga 9:02:13 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAK%sT 1991 Mar 31 2:00s
8:00 Russia YAK%sT 1992 Jan 19 2:00s
9:00 Russia YAK%sT 2004
10:00 Russia VLA%sT 2011 Mar 27 2:00s
11:00 - VLAT 2011 Sep 13 0:00s # Decree 725?
10:00 - YAKT 2014 Oct 26 2:00s
9:00 - YAKT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1991 Mar 31 2:00s
8:00 Russia +08/+09 1992 Jan 19 2:00s
9:00 Russia +09/+10 2004
10:00 Russia +10/+11 2011 Mar 27 2:00s
11:00 - +11 2011 Sep 13 0:00s # Decree 725?
10:00 - +10 2014 Oct 26 2:00s
9:00 - +09
# From Tim Parenti (2014-07-03):
......@@ -3027,15 +3061,14 @@ Zone Asia/Khandyga 9:02:13 - LMT 1919 Dec 15
# The Zone name should be Asia/Yuzhno-Sakhalinsk, but that's too long.
Zone Asia/Sakhalin 9:30:48 - LMT 1905 Aug 23
9:00 - JCST 1937 Oct 1
9:00 - JST 1945 Aug 25
11:00 Russia SAK%sT 1991 Mar 31 2:00s # Sakhalin T
10:00 Russia SAK%sT 1992 Jan 19 2:00s
11:00 Russia SAK%sT 1997 Mar lastSun 2:00s
10:00 Russia SAK%sT 2011 Mar 27 2:00s
11:00 - SAKT 2014 Oct 26 2:00s
10:00 - SAKT 2016 Mar 27 2:00s
11:00 - SAKT
9:00 - +09 1945 Aug 25
11:00 Russia +11/+12 1991 Mar 31 2:00s # Sakhalin T
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 1997 Mar lastSun 2:00s
10:00 Russia +10/+11 2011 Mar 27 2:00s
11:00 - +11 2014 Oct 26 2:00s
10:00 - +10 2016 Mar 27 2:00s
11:00 - +11
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
......@@ -3058,13 +3091,13 @@ Zone Asia/Sakhalin 9:30:48 - LMT 1905 Aug 23
# http://publication.pravo.gov.ru/Document/View/0001201604050038
Zone Asia/Magadan 10:03:12 - LMT 1924 May 2
10:00 - MAGT 1930 Jun 21 # Magadan Time
11:00 Russia MAG%sT 1991 Mar 31 2:00s
10:00 Russia MAG%sT 1992 Jan 19 2:00s
11:00 Russia MAG%sT 2011 Mar 27 2:00s
12:00 - MAGT 2014 Oct 26 2:00s
10:00 - MAGT 2016 Apr 24 2:00s
11:00 - MAGT
10:00 - +10 1930 Jun 21 # Magadan Time
11:00 Russia +11/+12 1991 Mar 31 2:00s
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12 2014 Oct 26 2:00s
10:00 - +10 2016 Apr 24 2:00s
11:00 - +11
# From Tim Parenti (2014-07-06):
......@@ -3107,17 +3140,14 @@ Zone Asia/Magadan 10:03:12 - LMT 1924 May 2
# in Russian.) In addition, Srednekolymsk appears to be a much older
# settlement and the population of Zyryanka seems to be declining.
# Go with Srednekolymsk.
#
# Since Magadan Oblast moves to UTC+10 on 2014-10-26, we cannot keep using MAGT
# as the abbreviation. Use SRET instead.
Zone Asia/Srednekolymsk 10:14:52 - LMT 1924 May 2
10:00 - MAGT 1930 Jun 21 # Magadan Time
11:00 Russia MAG%sT 1991 Mar 31 2:00s
10:00 Russia MAG%sT 1992 Jan 19 2:00s
11:00 Russia MAG%sT 2011 Mar 27 2:00s
12:00 - MAGT 2014 Oct 26 2:00s
11:00 - SRET # Srednekolymsk Time
10:00 - +10 1930 Jun 21
11:00 Russia +11/+12 1991 Mar 31 2:00s
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12 2014 Oct 26 2:00s
11:00 - +11
# From Tim Parenti (2014-07-03):
......@@ -3135,14 +3165,14 @@ Zone Asia/Srednekolymsk 10:14:52 - LMT 1924 May 2
# UTC+12 since at least then, too.
Zone Asia/Ust-Nera 9:32:54 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAKT 1981 Apr 1
11:00 Russia MAG%sT 1991 Mar 31 2:00s
10:00 Russia MAG%sT 1992 Jan 19 2:00s
11:00 Russia MAG%sT 2011 Mar 27 2:00s
12:00 - MAGT 2011 Sep 13 0:00s # Decree 725?
11:00 - VLAT 2014 Oct 26 2:00s
10:00 - VLAT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1981 Apr 1
11:00 Russia +11/+12 1991 Mar 31 2:00s
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12 2011 Sep 13 0:00s # Decree 725?
11:00 - +11 2014 Oct 26 2:00s
10:00 - +10
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
......@@ -3155,12 +3185,12 @@ Zone Asia/Ust-Nera 9:32:54 - LMT 1919 Dec 15
# The Zone name should be Asia/Petropavlovsk-Kamchatski or perhaps
# Asia/Petropavlovsk-Kamchatsky, but these are too long.
Zone Asia/Kamchatka 10:34:36 - LMT 1922 Nov 10
11:00 - PETT 1930 Jun 21 # P-K Time
12:00 Russia PET%sT 1991 Mar 31 2:00s
11:00 Russia PET%sT 1992 Jan 19 2:00s
12:00 Russia PET%sT 2010 Mar 28 2:00s
11:00 Russia PET%sT 2011 Mar 27 2:00s
12:00 - PETT
11:00 - +11 1930 Jun 21
12:00 Russia +12/+13 1991 Mar 31 2:00s
11:00 Russia +11/+12 1992 Jan 19 2:00s
12:00 Russia +12/+13 2010 Mar 28 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12
# From Tim Parenti (2014-07-03):
......@@ -3168,13 +3198,13 @@ Zone Asia/Kamchatka 10:34:36 - LMT 1922 Nov 10
# 87 RU-CHU Chukotka Autonomous Okrug
Zone Asia/Anadyr 11:49:56 - LMT 1924 May 2
12:00 - ANAT 1930 Jun 21 # Anadyr Time
13:00 Russia ANA%sT 1982 Apr 1 0:00s
12:00 Russia ANA%sT 1991 Mar 31 2:00s
11:00 Russia ANA%sT 1992 Jan 19 2:00s
12:00 Russia ANA%sT 2010 Mar 28 2:00s
11:00 Russia ANA%sT 2011 Mar 27 2:00s
12:00 - ANAT
12:00 - +12 1930 Jun 21
13:00 Russia +13/+14 1982 Apr 1 0:00s
12:00 Russia +12/+13 1991 Mar 31 2:00s
11:00 Russia +11/+12 1992 Jan 19 2:00s
12:00 Russia +12/+13 2010 Mar 28 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12
# San Marino
......@@ -3433,22 +3463,24 @@ Zone Europe/Zurich 0:34:08 - LMT 1853 Jul 16 # See above comment.
# Turkey
# From Amar Devegowda (2007-01-03):
# The time zone rules for Istanbul, Turkey have not been changed for years now.
# ... The latest rules are available at:
# http://www.timeanddate.com/worldclock/timezone.html?n=107
# From Steffen Thorsen (2007-01-03):
# I have been able to find press records back to 1996 which all say that
# DST started 01:00 local time and end at 02:00 local time. I am not sure
# what happened before that. One example for each year from 1996 to 2001:
# http://newspot.byegm.gov.tr/arsiv/1996/21/N4.htm
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING97/03/97X03X25.TXT
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING98/03/98X03X02.HTM
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING99/10/99X10X26.HTM#%2016
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING2000/03/00X03X06.HTM#%2021
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING2001/03/23x03x01.HTM#%2027
# From Paul Eggert (2007-01-03):
# Prefer the above source to Shanks & Pottenger for time stamps after 1990.
# From Kıvanç Yazan (2016-09-25):
# 1) For 1986-2006, DST started at 01:00 local and ended at 02:00 local, with
# no exceptions.
# 2) 1994's lastSun was overridden with Mar 20 ...
# Here are official papers:
# http://www.resmigazete.gov.tr/arsiv/19032.pdf - page 2 for 1986
# http://www.resmigazete.gov.tr/arsiv/19400.pdf - page 4 for 1987
# http://www.resmigazete.gov.tr/arsiv/19752.pdf - page 15 for 1988
# http://www.resmigazete.gov.tr/arsiv/20102.pdf - page 6 for 1989
# http://www.resmigazete.gov.tr/arsiv/20464.pdf - page 1 for 1990 - 1992
# http://www.resmigazete.gov.tr/arsiv/21531.pdf - page 15 for 1993 - 1995
# http://www.resmigazete.gov.tr/arsiv/21879.pdf - page 1 for overriding 1994
# http://www.resmigazete.gov.tr/arsiv/22588.pdf - page 1 for 1996, 1997
# http://www.resmigazete.gov.tr/arsiv/23286.pdf - page 10 for 1998 - 2000
# http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001
# http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006
# From Paul Eggert (2016-09-25):
# Prefer the above sources to Shanks & Pottenger for time stamps after 1985.
# From Steffen Thorsen (2007-03-09):
# Starting 2007 though, it seems that they are adopting EU's 1:00 UTC
......@@ -3495,6 +3527,14 @@ Zone Europe/Zurich 0:34:08 - LMT 1853 Jul 16 # See above comment.
# Engineered Standard Time," said Twitter user @aysekarahasan.
# http://www.bbc.com/news/world-europe-34631326
# From Burak AYDIN (2016-09-08):
# Turkey will stay in Daylight Saving Time even in winter....
# http://www.resmigazete.gov.tr/eskiler/2016/09/20160908-2.pdf
#
# From Paul Eggert (2016-09-07):
# The change is permanent, so this is the new standard time in Turkey.
# It takes effect today, which is not much notice.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Turkey 1916 only - May 1 0:00 1:00 S
Rule Turkey 1916 only - Oct 1 0:00 0 -
......@@ -3549,16 +3589,16 @@ Rule Turkey 1983 only - Jul 31 0:00 1:00 S
Rule Turkey 1983 only - Oct 2 0:00 0 -
Rule Turkey 1985 only - Apr 20 0:00 1:00 S
Rule Turkey 1985 only - Sep 28 0:00 0 -
Rule Turkey 1986 1990 - Mar lastSun 2:00s 1:00 S
Rule Turkey 1986 1990 - Sep lastSun 2:00s 0 -
Rule Turkey 1991 2006 - Mar lastSun 1:00s 1:00 S
Rule Turkey 1991 1995 - Sep lastSun 1:00s 0 -
Rule Turkey 1986 1993 - Mar lastSun 1:00s 1:00 S
Rule Turkey 1986 1995 - Sep lastSun 1:00s 0 -
Rule Turkey 1994 only - Mar 20 1:00s 1:00 S
Rule Turkey 1995 2006 - Mar lastSun 1:00s 1:00 S
Rule Turkey 1996 2006 - Oct lastSun 1:00s 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Istanbul 1:55:52 - LMT 1880
1:56:56 - IMT 1910 Oct # Istanbul Mean Time?
2:00 Turkey EE%sT 1978 Oct 15
3:00 Turkey TR%sT 1985 Apr 20 # Turkey Time
3:00 Turkey +03/+04 1985 Apr 20
2:00 Turkey EE%sT 2007
2:00 EU EE%sT 2011 Mar 27 1:00u
2:00 - EET 2011 Mar 28 1:00u
......@@ -3566,7 +3606,8 @@ Zone Europe/Istanbul 1:55:52 - LMT 1880
2:00 - EET 2014 Mar 31 1:00u
2:00 EU EE%sT 2015 Oct 25 1:00u
2:00 1:00 EEST 2015 Nov 8 1:00u
2:00 EU EE%sT
2:00 EU EE%sT 2016 Sep 7
3:00 - +03
Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents.
# Ukraine
......
make/data/tzdata/factory
浏览文件 @ 83f4f6a9
......@@ -24,9 +24,10 @@
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
# For companies who don't want to put time zone specification in
# their installation procedures. When users run date, they'll get the message.
# Also useful for the "comp.sources" version.
# For distributors who don't want to put time zone specification in
# their installation procedures. Users that run 'date' will get the
# time zone abbreviation "-00", indicating that the actual time zone
# is unknown.
# Zone NAME GMTOFF RULES FORMAT
Zone Factory 0 - "Local time zone must be set--see zic manual page"
Zone Factory 0 - -00
make/data/tzdata/leapseconds
浏览文件 @ 83f4f6a9
......@@ -79,6 +79,7 @@ Leap 2005 Dec 31 23:59:60 + S
Leap 2008 Dec 31 23:59:60 + S
Leap 2012 Jun 30 23:59:60 + S
Leap 2015 Jun 30 23:59:60 + S
Leap 2016 Dec 31 23:59:60 + S
# Updated through IERS Bulletin C51
# File expires on: 28 December 2016
# Updated through IERS Bulletin C52
# File expires on: 28 June 2017
make/data/tzdata/northamerica
浏览文件 @ 83f4f6a9
......@@ -47,8 +47,32 @@
# was the result of his proposals at the Convention of Railroad Trunk Lines
# in New York City (1869-10). His 1870 proposal was based on Washington, DC,
# but in 1872-05 he moved the proposed origin to Greenwich.
# His proposal was adopted by the railroads on 1883-11-18 at 12:00,
# and the most of the country soon followed suit.
# From Paul Eggert (2016-09-21):
# Dowd's proposal left many details unresolved, such as where to draw
# lines between time zones. The key individual who made time zones
# work in the US was William Frederick Allen - railway engineer,
# managing editor of the Travelers' Guide, and secretary of the
# General Time Convention, a railway standardization group. Allen
# spent months in dialogs with scientific and railway leaders,
# developed a workable plan to institute time zones, and presented it
# to the General Time Convention on 1883-04-11, saying that his plan
# meant "local time would be practically abolished" - a plus for
# railway scheduling. By the next convention on 1883-10-11 nearly all
# railroads had agreed and it took effect on 1883-11-18 at 12:00.
# That Sunday was called the "day of two noons", as the eastern parts
# of the new zones observed noon twice. Allen witnessed the
# transition in New York City, writing:
#
# I heard the bells of St. Paul's strike on the old time. Four
# minutes later, obedient to the electrical signal from the Naval
# Observatory ... the time-ball made its rapid descent, the chimes
# of old Trinity rang twelve measured strokes, and local time was
# abandoned, probably forever.
#
# Most of the US soon followed suit. See:
# Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56.
# http://dx.doi.org/10.2307/3105430
# From Paul Eggert (2005-04-16):
# That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
......@@ -436,11 +460,42 @@ Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04
# north of the Salmon River, and the towns of Burgdorf and Warren),
# Nevada (except West Wendover), Oregon (except the northern 3/4 of
# Malheur county), and Washington
# From Paul Eggert (2016-08-20):
# In early February 1948, in response to California's electricity shortage,
# PG&E changed power frequency from 60 to 59.5 Hz during daylight hours,
# causing electric clocks to lose six minutes per day. (This did not change
# legal time, and is not part of the data here.) See:
# Ross SA. An energy crisis from the past: Northern California in 1948.
# Working Paper No. 8, Institute of Governmental Studies, UC Berkeley,
# 1973-11. http://escholarship.org/uc/item/8x22k30c
#
# In another measure to save electricity, DST was instituted from 1948-03-14
# at 02:01 to 1949-01-16 at 02:00, with the governor having the option to move
# the fallback transition earlier. See pages 3-4 of:
# http://clerk.assembly.ca.gov/sites/clerk.assembly.ca.gov/files/archive/Statutes/1948/48Vol1_Chapters.pdf
#
# In response:
#
# Governor Warren received a torrent of objecting mail, and it is not too much
# to speculate that the objections to Daylight Saving Time were one important
# factor in the defeat of the Dewey-Warren Presidential ticket in California.
# -- Ross, p 25
#
# On December 8 the governor exercised the option, setting the date to January 1
# (LA Times 1948-12-09). The transition time was 02:00 (LA Times 1949-01-01).
#
# Despite the controversy, in 1949 California voters approved Proposition 12,
# which established DST from April's last Sunday at 01:00 until September's
# last Sunday at 02:00. This was amended by 1962's Proposition 6, which changed
# the fall-back date to October's last Sunday. See:
# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1501&context=ca_ballot_props
# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1636&context=ca_ballot_props
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER
Rule CA 1948 only - Mar 14 2:00 1:00 D
Rule CA 1948 only - Mar 14 2:01 1:00 D
Rule CA 1949 only - Jan 1 2:00 0 S
Rule CA 1950 1966 - Apr lastSun 2:00 1:00 D
Rule CA 1950 1966 - Apr lastSun 1:00 1:00 D
Rule CA 1950 1961 - Sep lastSun 2:00 0 S
Rule CA 1962 1966 - Oct lastSun 2:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -3304,7 +3359,7 @@ Zone America/Miquelon -3:44:40 - LMT 1911 May 15 # St Pierre
# indicating that the normal ET rules are followed.
#
# From Paul Eggert (2014-08-19):
# The 2014-08-13 Cabinet meeting decided to stay on UTC-4 year-round. See:
# The 2014-08-13 Cabinet meeting decided to stay on UT -04 year-round. See:
# http://tcweeklynews.com/daylight-savings-time-to-be-maintained-p5353-127.htm
# Model this as a switch from EST/EDT to AST ...
# From Chris Walton (2014-11-04):
......
make/data/tzdata/southamerica
浏览文件 @ 83f4f6a9
......@@ -433,9 +433,9 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
# stuck on Summer daylight savings time even though the summer is over.
# From Paul Eggert (2013-09-05):
# Perhaps San Luis operates on the legal fiction that it is at UTC-4
# Perhaps San Luis operates on the legal fiction that it is at -04
# with perpetual summer time, but ordinary usage typically seems to
# just say it's at UTC-3; see, for example,
# just say it's at -03; see, for example,
# http://es.wikipedia.org/wiki/Hora_oficial_argentina
# We've documented similar situations as being plain changes to
# standard time, so let's do that here too. This does not change UTC
......
make/data/tzdata/zone.tab
浏览文件 @ 83f4f6a9
......@@ -175,7 +175,8 @@ CU +2308-08222 America/Havana
CV +1455-02331 Atlantic/Cape_Verde
CW +1211-06900 America/Curacao
CX -1025+10543 Indian/Christmas
CY +3510+03322 Asia/Nicosia
CY +3510+03322 Asia/Nicosia Cyprus (most areas)
CY +3507+03357 Asia/Famagusta Northern Cyprus
CZ +5005+01426 Europe/Prague
DE +5230+01322 Europe/Berlin Germany (most areas)
DE +4742+00841 Europe/Busingen Busingen
......@@ -284,7 +285,7 @@ MH +0709+17112 Pacific/Majuro Marshall Islands (most areas)
MH +0905+16720 Pacific/Kwajalein Kwajalein
MK +4159+02126 Europe/Skopje
ML +1239-00800 Africa/Bamako
MM +1647+09610 Asia/Rangoon
MM +1647+09610 Asia/Yangon
MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas)
MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar
......
src/macosx/native/sun/awt/CMenuComponent.m
浏览文件 @ 83f4f6a9
......@@ -41,45 +41,11 @@
return self;
}
-(void) cleanup {
// Used by subclasses
}
-(void) disposer {
-(void) dealloc {
JNIEnv *env = [ThreadUtilities getJNIEnvUncached];
JNFDeleteGlobalRef(env, fPeer);
fPeer = NULL;
[self cleanup];
[self release];
}
// The method is used by all subclasses, since the process of the creation
// is the same. The only exception is the CMenuItem class.
- (void) _create_OnAppKitThread: (NSMutableArray *)argValue {
jobject cPeerObjGlobal = (jobject)[[argValue objectAtIndex: 0] pointerValue];
CMenuItem *aCMenuItem = [self initWithPeer:cPeerObjGlobal];
[argValue removeAllObjects];
[argValue addObject: aCMenuItem];
[super dealloc];
}
@end
/*
* Class: sun_lwawt_macosx_CMenuComponent
* Method: nativeDispose
* Signature: (J)V
*/
JNIEXPORT void JNICALL
Java_sun_lwawt_macosx_CMenuComponent_nativeDispose
(JNIEnv *env, jobject peer, jlong menuItemObj)
{
JNF_COCOA_ENTER(env);
[ThreadUtilities performOnMainThread:@selector(disposer)
on:((id)jlong_to_ptr(menuItemObj))
withObject:nil
waitUntilDone:NO];
JNF_COCOA_EXIT(env);
}
src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java
浏览文件 @ 83f4f6a9
......@@ -729,7 +729,11 @@ public class PNGImageReader extends ImageReader {
parse_iCCP_chunk(chunkLength);
break;
case iTXt_TYPE:
parse_iTXt_chunk(chunkLength);
if (ignoreMetadata) {
stream.skipBytes(chunkLength);
} else {
parse_iTXt_chunk(chunkLength);
}
break;
case pHYs_TYPE:
parse_pHYs_chunk();
......@@ -753,7 +757,11 @@ public class PNGImageReader extends ImageReader {
parse_tRNS_chunk(chunkLength);
break;
case zTXt_TYPE:
parse_zTXt_chunk(chunkLength);
if (ignoreMetadata) {
stream.skipBytes(chunkLength);
} else {
parse_zTXt_chunk(chunkLength);
}
break;
default:
// Read an unknown chunk
......
src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java
浏览文件 @ 83f4f6a9
......@@ -33,6 +33,8 @@ import java.util.Hashtable;
import org.omg.CosNaming.*;
import com.sun.jndi.toolkit.corba.CorbaUtils;
/**
* Implements the JNDI NamingEnumeration interface for COS
* Naming. Gets hold of a list of bindings from the COS Naming Server
......@@ -212,7 +214,10 @@ final class CNBindingEnumeration
Name cname = CNNameParser.cosNameToName(bndg.binding_name);
try {
// Check whether object factory codebase is trusted
if (CorbaUtils.isObjectFactoryTrusted(obj)) {
obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env);
}
} catch (NamingException e) {
throw e;
} catch (Exception e) {
......
src/share/classes/com/sun/jndi/cosnaming/CNCtx.java
浏览文件 @ 83f4f6a9
......@@ -36,6 +36,8 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import org.omg.CosNaming.*;
import org.omg.CosNaming.NamingContextPackage.*;
......@@ -82,6 +84,19 @@ public class CNCtx implements javax.naming.Context {
private static final String FED_PROP = "com.sun.jndi.cosnaming.federation";
boolean federation = false;
/**
* Determines whether classes may be loaded from an arbitrary URL code base.
*/
public static final boolean trustURLCodebase;
static {
// System property to control whether classes may be loaded from an
// arbitrary URL code base
PrivilegedAction<String> act = () -> System.getProperty(
"com.sun.jndi.cosnaming.object.trustURLCodebase", "false");
String trust = AccessController.doPrivileged(act);
trustURLCodebase = "true".equalsIgnoreCase(trust);
}
// Reference counter for tracking _orb references
OrbReuseTracker orbTracker = null;
int enumCount;
......@@ -534,12 +549,16 @@ public class CNCtx implements javax.naming.Context {
if (name.size() == 0 )
return this; // %%% should clone() so that env can be changed
NameComponent[] path = CNNameParser.nameToCosName(name);
java.lang.Object answer = null;
try {
java.lang.Object answer = callResolve(path);
answer = callResolve(path);
try {
return NamingManager.getObjectInstance(answer, name, this, _env);
// Check whether object factory codebase is trusted
if (CorbaUtils.isObjectFactoryTrusted(answer)) {
answer = NamingManager.getObjectInstance(
answer, name, this, _env);
}
} catch (NamingException e) {
throw e;
} catch (Exception e) {
......@@ -552,6 +571,7 @@ public class CNCtx implements javax.naming.Context {
javax.naming.Context cctx = getContinuationContext(cpe);
return cctx.lookup(cpe.getRemainingName());
}
return answer;
}
/**
......
src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java
浏览文件 @ 83f4f6a9
......@@ -33,6 +33,8 @@ import org.omg.CosNaming.*;
import org.omg.CosNaming.NamingContextPackage.*;
import org.omg.CORBA.*;
import com.sun.jndi.toolkit.corba.CorbaUtils;
/**
* A convenience class to map the COS Naming exceptions to the JNDI exceptions.
* @author Raj Krishnamurthy
......@@ -202,10 +204,13 @@ public final class ExceptionMapper {
// Not a context, use object factory to transform object.
Name cname = CNNameParser.cosNameToName(resolvedName);
java.lang.Object resolvedObj2;
java.lang.Object resolvedObj2 = null;
try {
// Check whether object factory codebase is trusted
if (CorbaUtils.isObjectFactoryTrusted(resolvedObj)) {
resolvedObj2 = NamingManager.getObjectInstance(resolvedObj,
cname, ctx, ctx._env);
}
} catch (NamingException ge) {
throw ge;
} catch (Exception ge) {
......
src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java
浏览文件 @ 83f4f6a9
......@@ -32,6 +32,8 @@ import java.rmi.*;
import java.rmi.server.*;
import java.rmi.registry.Registry;
import java.rmi.registry.LocateRegistry;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.naming.*;
import javax.naming.spi.NamingManager;
......@@ -52,6 +54,18 @@ public class RegistryContext implements Context, Referenceable {
private int port;
private static final NameParser nameParser = new AtomicNameParser();
private static final String SOCKET_FACTORY = "com.sun.jndi.rmi.factory.socket";
/**
* Determines whether classes may be loaded from an arbitrary URL code base.
*/
static final boolean trustURLCodebase;
static {
// System property to control whether classes may be loaded from an
// arbitrary URL codebase
PrivilegedAction<String> act = () -> System.getProperty(
"com.sun.jndi.rmi.object.trustURLCodebase", "false");
String trust = AccessController.doPrivileged(act);
trustURLCodebase = "true".equalsIgnoreCase(trust);
}
Reference reference = null; // ref used to create this context, if any
......@@ -461,6 +475,27 @@ public class RegistryContext implements Context, Referenceable {
Object obj = (r instanceof RemoteReference)
? ((RemoteReference)r).getReference()
: (Object)r;
/*
* Classes may only be loaded from an arbitrary URL codebase when
* the system property com.sun.jndi.rmi.object.trustURLCodebase
* has been set to "true".
*/
// Use reference if possible
Reference ref = null;
if (obj instanceof Reference) {
ref = (Reference) obj;
} else if (obj instanceof Referenceable) {
ref = ((Referenceable)(obj)).getReference();
}
if (ref != null && ref.getFactoryClassLocation() != null &&
!trustURLCodebase) {
throw new ConfigurationException(
"The object factory is untrusted. Set the system property" +
" 'com.sun.jndi.rmi.object.trustURLCodebase' to 'true'.");
}
return NamingManager.getObjectInstance(obj, name, this,
environment);
} catch (NamingException e) {
......
src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java
浏览文件 @ 83f4f6a9
......@@ -36,8 +36,9 @@ import java.util.Enumeration;
import org.omg.CORBA.ORB;
import javax.naming.Context;
import javax.naming.ConfigurationException;
import javax.naming.*;
import com.sun.jndi.cosnaming.CNCtx;
/**
* Contains utilities for performing CORBA-related tasks:
......@@ -203,6 +204,32 @@ public class CorbaUtils {
return ORB.init(new String[0], orbProp);
}
/**
* Check whether object factory code base is trusted.
* Classes may only be loaded from an arbitrary URL code base when
* the system property com.sun.jndi.rmi.object.trustURLCodebase
* has been set to "true".
*/
public static boolean isObjectFactoryTrusted(Object obj)
throws NamingException {
// Extract Reference, if possible
Reference ref = null;
if (obj instanceof Reference) {
ref = (Reference) obj;
} else if (obj instanceof Referenceable) {
ref = ((Referenceable)(obj)).getReference();
}
if (ref != null && ref.getFactoryClassLocation() != null &&
!CNCtx.trustURLCodebase) {
throw new ConfigurationException(
"The object factory is untrusted. Set the system property" +
" 'com.sun.jndi.cosnaming.object.trustURLCodebase' to 'true'.");
}
return true;
}
/**
* This method returns a new ORB instance for the given applet
* without creating a static dependency on java.applet.
......
src/share/classes/java/lang/invoke/MethodHandles.java
浏览文件 @ 83f4f6a9
......@@ -680,7 +680,9 @@ public class MethodHandles {
// disallow lookup more restricted packages
if (allowedModes == ALL_MODES && lookupClass.getClassLoader() == null) {
if (name.startsWith("java.") ||
(name.startsWith("sun.") && !name.startsWith("sun.invoke."))) {
(name.startsWith("sun.")
&& !name.startsWith("sun.invoke.")
&& !name.equals("sun.reflect.ReflectionFactory"))) {
throw newIllegalArgumentException("illegal lookupClass: " + lookupClass);
}
}
......
src/share/classes/java/net/URLStreamHandler.java
浏览文件 @ 83f4f6a9
......@@ -161,9 +161,9 @@ public abstract class URLStreamHandler {
(spec.charAt(start + 1) == '/')) {
start += 2;
i = spec.indexOf('/', start);
if (i < 0) {
if (i < 0 || i > limit) {
i = spec.indexOf('?', start);
if (i < 0)
if (i < 0 || i > limit)
i = limit;
}
......@@ -171,8 +171,14 @@ public abstract class URLStreamHandler {
int ind = authority.indexOf('@');
if (ind != -1) {
userInfo = authority.substring(0, ind);
host = authority.substring(ind+1);
if (ind != authority.lastIndexOf('@')) {
// more than one '@' in authority. This is not server based
userInfo = null;
host = null;
} else {
userInfo = authority.substring(0, ind);
host = authority.substring(ind+1);
}
} else {
userInfo = null;
}
......
src/share/classes/java/time/format/ZoneName.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -25,11 +25,8 @@
package java.time.format;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
/**
* A helper class to map a zone name to metazone and back to the
......@@ -335,6 +332,7 @@ class ZoneName {
"America/Eirunepe", "Amazon", "America/Manaus",
"Africa/Nairobi", "Africa_Eastern", "Africa/Nairobi",
"Asia/Yakutsk", "Yakutsk", "Asia/Yakutsk",
"Asia/Yangon", "Myanmar", "Asia/Rangoon",
"America/Goose_Bay", "Atlantic", "America/Halifax",
"Africa/Maseru", "Africa_Southern", "Africa/Johannesburg",
"America/Swift_Current", "America_Central", "America/Chicago",
......@@ -770,6 +768,7 @@ class ZoneName {
"America/Indianapolis", "America/Indiana/Indianapolis",
"Europe/Belfast", "Europe/London",
"America/Kralendijk", "America/Curacao",
"Asia/Rangoon", "Asia/Yangon",
};
private static final Map<String, String> zidToMzone = new HashMap<>();
......
src/share/classes/java/util/concurrent/atomic/AtomicIntegerFieldUpdater.java
浏览文件 @ 83f4f6a9
......@@ -40,6 +40,7 @@ import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Objects;
import java.util.function.IntBinaryOperator;
import java.util.function.IntUnaryOperator;
import sun.reflect.CallerSensitive;
......@@ -410,7 +411,17 @@ public abstract class AtomicIntegerFieldUpdater<T> {
if (!Modifier.isVolatile(modifiers))
throw new IllegalArgumentException("Must be volatile type");
this.cclass = (Modifier.isProtected(modifiers)) ? caller : tclass;
// Access to protected field members is restricted to receivers only
// of the accessing class, or one of its subclasses, and the
// accessing class must in turn be a subclass (or package sibling)
// of the protected member's defining class.
// If the updater refers to a protected field of a declaring class
// outside the current package, the receiver argument will be
// narrowed to the type of the accessing class.
this.cclass = (Modifier.isProtected(modifiers) &&
tclass.isAssignableFrom(caller) &&
!isSamePackage(tclass, caller))
? caller : tclass;
this.tclass = tclass;
this.offset = U.objectFieldOffset(field);
}
......@@ -431,6 +442,21 @@ public abstract class AtomicIntegerFieldUpdater<T> {
return false;
}
/**
* Returns true if the two classes have the same class loader and
* package qualifier
*/
private static boolean isSamePackage(Class<?> class1, Class<?> class2) {
return class1.getClassLoader() == class2.getClassLoader()
&& Objects.equals(getPackageName(class1), getPackageName(class2));
}
private static String getPackageName(Class<?> cls) {
String cn = cls.getName();
int dot = cn.lastIndexOf('.');
return (dot != -1) ? cn.substring(0, dot) : "";
}
/**
* Checks that target argument is instance of cclass. On
* failure, throws cause.
......
src/share/classes/java/util/concurrent/atomic/AtomicLongFieldUpdater.java
浏览文件 @ 83f4f6a9
......@@ -40,6 +40,7 @@ import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Objects;
import java.util.function.LongBinaryOperator;
import java.util.function.LongUnaryOperator;
import sun.reflect.CallerSensitive;
......@@ -408,7 +409,17 @@ public abstract class AtomicLongFieldUpdater<T> {
if (!Modifier.isVolatile(modifiers))
throw new IllegalArgumentException("Must be volatile type");
this.cclass = (Modifier.isProtected(modifiers)) ? caller : tclass;
// Access to protected field members is restricted to receivers only
// of the accessing class, or one of its subclasses, and the
// accessing class must in turn be a subclass (or package sibling)
// of the protected member's defining class.
// If the updater refers to a protected field of a declaring class
// outside the current package, the receiver argument will be
// narrowed to the type of the accessing class.
this.cclass = (Modifier.isProtected(modifiers) &&
tclass.isAssignableFrom(caller) &&
!isSamePackage(tclass, caller))
? caller : tclass;
this.tclass = tclass;
this.offset = U.objectFieldOffset(field);
}
......@@ -539,7 +550,17 @@ public abstract class AtomicLongFieldUpdater<T> {
if (!Modifier.isVolatile(modifiers))
throw new IllegalArgumentException("Must be volatile type");
this.cclass = (Modifier.isProtected(modifiers)) ? caller : tclass;
// Access to protected field members is restricted to receivers only
// of the accessing class, or one of its subclasses, and the
// accessing class must in turn be a subclass (or package sibling)
// of the protected member's defining class.
// If the updater refers to a protected field of a declaring class
// outside the current package, the receiver argument will be
// narrowed to the type of the accessing class.
this.cclass = (Modifier.isProtected(modifiers) &&
tclass.isAssignableFrom(caller) &&
!isSamePackage(tclass, caller))
? caller : tclass;
this.tclass = tclass;
this.offset = U.objectFieldOffset(field);
}
......@@ -620,4 +641,19 @@ public abstract class AtomicLongFieldUpdater<T> {
} while (acl != null);
return false;
}
/**
* Returns true if the two classes have the same class loader and
* package qualifier
*/
private static boolean isSamePackage(Class<?> class1, Class<?> class2) {
return class1.getClassLoader() == class2.getClassLoader()
&& Objects.equals(getPackageName(class1), getPackageName(class2));
}
private static String getPackageName(Class<?> cls) {
String cn = cls.getName();
int dot = cn.lastIndexOf('.');
return (dot != -1) ? cn.substring(0, dot) : "";
}
}
src/share/classes/java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java
浏览文件 @ 83f4f6a9
......@@ -40,6 +40,7 @@ import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Objects;
import java.util.function.BinaryOperator;
import java.util.function.UnaryOperator;
import sun.reflect.CallerSensitive;
......@@ -346,7 +347,17 @@ public abstract class AtomicReferenceFieldUpdater<T,V> {
if (!Modifier.isVolatile(modifiers))
throw new IllegalArgumentException("Must be volatile type");
this.cclass = (Modifier.isProtected(modifiers)) ? caller : tclass;
// Access to protected field members is restricted to receivers only
// of the accessing class, or one of its subclasses, and the
// accessing class must in turn be a subclass (or package sibling)
// of the protected member's defining class.
// If the updater refers to a protected field of a declaring class
// outside the current package, the receiver argument will be
// narrowed to the type of the accessing class.
this.cclass = (Modifier.isProtected(modifiers) &&
tclass.isAssignableFrom(caller) &&
!isSamePackage(tclass, caller))
? caller : tclass;
this.tclass = tclass;
this.vclass = vclass;
this.offset = U.objectFieldOffset(field);
......@@ -368,6 +379,21 @@ public abstract class AtomicReferenceFieldUpdater<T,V> {
return false;
}
/**
* Returns true if the two classes have the same class loader and
* package qualifier
*/
private static boolean isSamePackage(Class<?> class1, Class<?> class2) {
return class1.getClassLoader() == class2.getClassLoader()
&& Objects.equals(getPackageName(class1), getPackageName(class2));
}
private static String getPackageName(Class<?> cls) {
String cn = cls.getName();
int dot = cn.lastIndexOf('.');
return (dot != -1) ? cn.substring(0, dot) : "";
}
/**
* Checks that target argument is instance of cclass. On
* failure, throws cause.
......
src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -992,7 +992,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
filterValues[i] =
unwrap(filters[i], targetCl, defaultClassLoader,
NotificationFilter.class, delegationSubjects[i]);
NotificationFilter.class, sbjs[i]);
if (debug) logger.debug("addNotificationListener"+
"(ObjectName,NotificationFilter)",
......
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
浏览文件 @ 83f4f6a9
......@@ -21,7 +21,7 @@
* under the License.
*/
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
*/
/*
* $Id: DOMSignatureMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
......@@ -41,6 +41,7 @@ import org.w3c.dom.Element;
import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA;
import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
import org.jcp.xml.dsig.internal.SignerOutputStream;
import sun.security.util.KeyUtil;
/**
* DOM-based abstract implementation of SignatureMethod.
......@@ -162,6 +163,7 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
if (!(key instanceof PublicKey)) {
throw new InvalidKeyException("key must be PublicKey");
}
checkKeySize(context, key);
if (signature == null) {
try {
Provider p = (Provider)context.getProperty
......@@ -197,6 +199,37 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
}
}
/**
* If secure validation mode is enabled, checks that the key size is
* restricted.
*
* @param context the context
* @param key the key to check
* @throws XMLSignatureException if the key size is restricted
*/
private static void checkKeySize(XMLCryptoContext context, Key key)
throws XMLSignatureException {
if (Utils.secureValidation(context)) {
int size = KeyUtil.getKeySize(key);
if (size == -1) {
// key size cannot be determined, so we cannot check against
// restrictions. Note that a DSA key w/o params will be
// rejected later if the certificate chain is validated.
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Size for " +
key.getAlgorithm() + " key cannot be determined");
}
return;
}
if (Policy.restrictKey(key.getAlgorithm(), size)) {
throw new XMLSignatureException(key.getAlgorithm() +
" keys less than " +
Policy.minKeySize(key.getAlgorithm()) + " bits are" +
" forbidden when secure validation is enabled");
}
}
}
byte[] sign(Key key, SignedInfo si, XMLSignContext context)
throws InvalidKeyException, XMLSignatureException
{
......@@ -207,6 +240,7 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
if (!(key instanceof PrivateKey)) {
throw new InvalidKeyException("key must be PrivateKey");
}
checkKeySize(context, key);
if (signature == null) {
try {
Provider p = (Provider)context.getProperty
......
src/share/classes/org/jcp/xml/dsig/internal/dom/Policy.java
浏览文件 @ 83f4f6a9
......@@ -31,8 +31,10 @@ import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
/**
......@@ -46,6 +48,7 @@ public final class Policy {
private static int maxTrans = Integer.MAX_VALUE;
private static int maxRefs = Integer.MAX_VALUE;
private static Set<String> disallowedRefUriSchemes = new HashSet<>();
private static Map<String, Integer> minKeyMap = new HashMap<>();
private static boolean noDuplicateIds = false;
private static boolean noRMLoops = false;
......@@ -101,6 +104,13 @@ public final class Policy {
scheme.toLowerCase(Locale.ROOT));
}
break;
case "minKeySize":
if (tokens.length != 3) {
error(entry);
}
minKeyMap.put(tokens[1],
Integer.parseUnsignedInt(tokens[2]));
break;
case "noDuplicateIds":
if (tokens.length != 1) {
error(entry);
......@@ -147,6 +157,10 @@ public final class Policy {
return false;
}
public static boolean restrictKey(String type, int size) {
return (size < minKeyMap.getOrDefault(type, 0));
}
public static boolean restrictDuplicateIds() {
return noDuplicateIds;
}
......@@ -171,6 +185,10 @@ public final class Policy {
return Collections.<String>unmodifiableSet(disallowedRefUriSchemes);
}
public static int minKeySize(String type) {
return minKeyMap.getOrDefault(type, 0);
}
private static void error(String entry) {
throw new IllegalArgumentException(
"Invalid jdk.xml.dsig.secureValidationPolicy entry: " + entry);
......
src/share/classes/sun/reflect/ReflectionFactory.java
浏览文件 @ 83f4f6a9
......@@ -25,16 +25,28 @@
package sun.reflect;
import java.io.Externalizable;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.io.OptionalDataException;
import java.io.Serializable;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.reflect.Field;
import java.lang.reflect.Executable;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Constructor;
import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.util.Objects;
import sun.reflect.misc.ReflectUtil;
/** <P> The master factory for all reflective objects, both those in
java.lang.reflect (Fields, Methods, Constructors) as well as their
delegates (FieldAccessors, MethodAccessors, ConstructorAccessors).
......@@ -56,6 +68,9 @@ public class ReflectionFactory {
// Provides access to package-private mechanisms in java.lang.reflect
private static volatile LangReflectAccess langReflectAccess;
/* Method for static class initializer <clinit>, or null */
private static volatile Method hasStaticInitializerMethod;
//
// "Inflation" mechanism. Loading bytecodes to implement
// Method.invoke() and Constructor.newInstance() currently costs
......@@ -73,8 +88,7 @@ public class ReflectionFactory {
private static boolean noInflation = false;
private static int inflationThreshold = 15;
private ReflectionFactory() {
}
private ReflectionFactory() {}
/**
* A convenience class for acquiring the capability to instantiate
......@@ -328,6 +342,14 @@ public class ReflectionFactory {
//
//
/**
* Returns an accessible constructor capable of creating instances
* of the given class, initialized by the given constructor.
*
* @param classToInstantiate the class to instantiate
* @param constructorToCall the constructor to call
* @return an accessible constructor
*/
public Constructor<?> newConstructorForSerialization
(Class<?> classToInstantiate, Constructor<?> constructorToCall)
{
......@@ -335,6 +357,42 @@ public class ReflectionFactory {
if (constructorToCall.getDeclaringClass() == classToInstantiate) {
return constructorToCall;
}
return generateConstructor(classToInstantiate, constructorToCall);
}
/**
* Returns an accessible no-arg constructor for a class.
* The no-arg constructor is found searching the class and its supertypes.
*
* @param cl the class to instantiate
* @return a no-arg constructor for the class or {@code null} if
* the class or supertypes do not have a suitable no-arg constructor
*/
public final Constructor<?> newConstructorForSerialization(Class<?> cl) {
Class<?> initCl = cl;
while (Serializable.class.isAssignableFrom(initCl)) {
if ((initCl = initCl.getSuperclass()) == null) {
return null;
}
}
Constructor<?> constructorToCall;
try {
constructorToCall = initCl.getDeclaredConstructor();
int mods = constructorToCall.getModifiers();
if ((mods & Modifier.PRIVATE) != 0 ||
((mods & (Modifier.PUBLIC | Modifier.PROTECTED)) == 0 &&
!packageEquals(cl, initCl))) {
return null;
}
} catch (NoSuchMethodException ex) {
return null;
}
return generateConstructor(cl, constructorToCall);
}
private final Constructor<?> generateConstructor(Class<?> classToInstantiate,
Constructor<?> constructorToCall) {
ConstructorAccessor acc = new MethodAccessorGenerator().
generateSerializationConstructor(classToInstantiate,
......@@ -355,9 +413,222 @@ public class ReflectionFactory {
langReflectAccess().
getConstructorParameterAnnotations(constructorToCall));
setConstructorAccessor(c, acc);
c.setAccessible(true);
return c;
}
/**
* Returns an accessible no-arg constructor for an externalizable class to be
* initialized using a public no-argument constructor.
*
* @param cl the class to instantiate
* @return A no-arg constructor for the class; returns {@code null} if
* the class does not implement {@link java.io.Externalizable}
*/
public final Constructor<?> newConstructorForExternalization(Class<?> cl) {
if (!Externalizable.class.isAssignableFrom(cl)) {
return null;
}
try {
Constructor<?> cons = cl.getConstructor();
cons.setAccessible(true);
return cons;
} catch (NoSuchMethodException ex) {
return null;
}
}
/**
* Returns a direct MethodHandle for the {@code readObject} method on
* a Serializable class.
* The first argument of {@link MethodHandle#invoke} is the serializable
* object and the second argument is the {@code ObjectInputStream} passed to
* {@code readObject}.
*
* @param cl a Serializable class
* @return a direct MethodHandle for the {@code readObject} method of the class or
* {@code null} if the class does not have a {@code readObject} method
*/
public final MethodHandle readObjectForSerialization(Class<?> cl) {
return findReadWriteObjectForSerialization(cl, "readObject", ObjectInputStream.class);
}
/**
* Returns a direct MethodHandle for the {@code readObjectNoData} method on
* a Serializable class.
* The first argument of {@link MethodHandle#invoke} is the serializable
* object and the second argument is the {@code ObjectInputStream} passed to
* {@code readObjectNoData}.
*
* @param cl a Serializable class
* @return a direct MethodHandle for the {@code readObjectNoData} method
* of the class or {@code null} if the class does not have a
* {@code readObjectNoData} method
*/
public final MethodHandle readObjectNoDataForSerialization(Class<?> cl) {
return findReadWriteObjectForSerialization(cl, "readObjectNoData", ObjectInputStream.class);
}
/**
* Returns a direct MethodHandle for the {@code writeObject} method on
* a Serializable class.
* The first argument of {@link MethodHandle#invoke} is the serializable
* object and the second argument is the {@code ObjectOutputStream} passed to
* {@code writeObject}.
*
* @param cl a Serializable class
* @return a direct MethodHandle for the {@code writeObject} method of the class or
* {@code null} if the class does not have a {@code writeObject} method
*/
public final MethodHandle writeObjectForSerialization(Class<?> cl) {
return findReadWriteObjectForSerialization(cl, "writeObject", ObjectOutputStream.class);
}
private final MethodHandle findReadWriteObjectForSerialization(Class<?> cl,
String methodName,
Class<?> streamClass) {
if (!Serializable.class.isAssignableFrom(cl)) {
return null;
}
try {
Method meth = cl.getDeclaredMethod(methodName, streamClass);
int mods = meth.getModifiers();
if (meth.getReturnType() != Void.TYPE ||
Modifier.isStatic(mods) ||
!Modifier.isPrivate(mods)) {
return null;
}
meth.setAccessible(true);
return MethodHandles.lookup().unreflect(meth);
} catch (NoSuchMethodException ex) {
return null;
} catch (IllegalAccessException ex1) {
throw new InternalError("Error", ex1);
}
}
/**
* Returns a direct MethodHandle for the {@code readResolve} method on
* a serializable class.
* The single argument of {@link MethodHandle#invoke} is the serializable
* object.
*
* @param cl the Serializable class
* @return a direct MethodHandle for the {@code readResolve} method of the class or
* {@code null} if the class does not have a {@code readResolve} method
*/
public final MethodHandle readResolveForSerialization(Class<?> cl) {
return getReplaceResolveForSerialization(cl, "readResolve");
}
/**
* Returns a direct MethodHandle for the {@code writeReplace} method on
* a serializable class.
* The single argument of {@link MethodHandle#invoke} is the serializable
* object.
*
* @param cl the Serializable class
* @return a direct MethodHandle for the {@code writeReplace} method of the class or
* {@code null} if the class does not have a {@code writeReplace} method
*/
public final MethodHandle writeReplaceForSerialization(Class<?> cl) {
return getReplaceResolveForSerialization(cl, "writeReplace");
}
/**
* Returns a direct MethodHandle for the {@code writeReplace} method on
* a serializable class.
* The single argument of {@link MethodHandle#invoke} is the serializable
* object.
*
* @param cl the Serializable class
* @return a direct MethodHandle for the {@code writeReplace} method of the class or
* {@code null} if the class does not have a {@code writeReplace} method
*/
private MethodHandle getReplaceResolveForSerialization(Class<?> cl,
String methodName) {
if (!Serializable.class.isAssignableFrom(cl)) {
return null;
}
Class<?> defCl = cl;
while (defCl != null) {
try {
Method m = defCl.getDeclaredMethod(methodName);
if (m.getReturnType() != Object.class) {
return null;
}
int mods = m.getModifiers();
if (Modifier.isStatic(mods) | Modifier.isAbstract(mods)) {
return null;
} else if (Modifier.isPublic(mods) | Modifier.isProtected(mods)) {
// fall through
} else if (Modifier.isPrivate(mods) && (cl != defCl)) {
return null;
} else if (!packageEquals(cl, defCl)) {
return null;
}
try {
// Normal return
m.setAccessible(true);
return MethodHandles.lookup().unreflect(m);
} catch (IllegalAccessException ex0) {
// setAccessible should prevent IAE
throw new InternalError("Error", ex0);
}
} catch (NoSuchMethodException ex) {
defCl = defCl.getSuperclass();
}
}
return null;
}
/**
* Returns true if the class has a static initializer.
* The presence of a static initializer is used to compute the serialVersionUID.
* @param cl a serializable classLook
* @return {@code true} if the class has a static initializer,
* otherwise {@code false}
*/
public final boolean hasStaticInitializerForSerialization(Class<?> cl) {
Method m = hasStaticInitializerMethod;
if (m == null) {
try {
m = ObjectStreamClass.class.getDeclaredMethod("hasStaticInitializer",
new Class<?>[]{Class.class});
m.setAccessible(true);
hasStaticInitializerMethod = m;
} catch (NoSuchMethodException ex) {
throw new InternalError("No such method hasStaticInitializer on "
+ ObjectStreamClass.class, ex);
}
}
try {
return (Boolean) m.invoke(null, cl);
} catch (InvocationTargetException | IllegalAccessException ex) {
throw new InternalError("Exception invoking hasStaticInitializer", ex);
}
}
/**
* Returns a new OptionalDataException with {@code eof} set to {@code true}
* or {@code false}.
* @param bool the value of {@code eof} in the created OptionalDataException
* @return a new OptionalDataException
*/
public final OptionalDataException newOptionalDataExceptionForSerialization(boolean bool) {
try {
Constructor<OptionalDataException> boolCtor =
OptionalDataException.class.getDeclaredConstructor(Boolean.TYPE);
boolCtor.setAccessible(true);
return boolCtor.newInstance(bool);
} catch (NoSuchMethodException | InstantiationException|
IllegalAccessException|InvocationTargetException ex) {
throw new InternalError("unable to create OptionalDataException", ex);
}
}
//--------------------------------------------------------------------------
//
// Internals only below this point
......@@ -421,4 +692,17 @@ public class ReflectionFactory {
}
return langReflectAccess;
}
/**
* Returns true if classes are defined in the classloader and same package, false
* otherwise.
* @param cl1 a class
* @param cl2 another class
* @returns true if the two classes are in the same classloader and package
*/
private static boolean packageEquals(Class<?> cl1, Class<?> cl2) {
return cl1.getClassLoader() == cl2.getClassLoader() &&
Objects.equals(cl1.getPackage(), cl2.getPackage());
}
}
src/share/classes/sun/security/ec/ECDSASignature.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -25,6 +25,7 @@
package sun.security.ec;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.math.BigInteger;
......@@ -363,13 +364,22 @@ abstract class ECDSASignature extends SignatureSpi {
}
// Convert the DER encoding of R and S into a concatenation of R and S
private byte[] decodeSignature(byte[] signature) throws SignatureException {
private byte[] decodeSignature(byte[] sig) throws SignatureException {
try {
DerInputStream in = new DerInputStream(signature);
// Enforce strict DER checking for signatures
DerInputStream in = new DerInputStream(sig, 0, sig.length, false);
DerValue[] values = in.getSequence(2);
// check number of components in the read sequence
// and trailing data
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("Invalid encoding for signature");
}
BigInteger r = values[0].getPositiveBigInteger();
BigInteger s = values[1].getPositiveBigInteger();
// trim leading zeroes
byte[] rBytes = trimZeroes(r.toByteArray());
byte[] sBytes = trimZeroes(s.toByteArray());
......@@ -383,7 +393,7 @@ abstract class ECDSASignature extends SignatureSpi {
return result;
} catch (Exception e) {
throw new SignatureException("Could not decode signature", e);
throw new SignatureException("Invalid encoding for signature", e);
}
}
......
src/share/classes/sun/security/pkcs/SignerInfo.java
浏览文件 @ 83f4f6a9
......@@ -498,6 +498,23 @@ public class SignerInfo implements DerEncoder {
return unauthenticatedAttributes;
}
/**
* Returns the timestamp PKCS7 data unverified.
* @return a PKCS7 object
*/
public PKCS7 getTsToken() throws IOException {
if (unauthenticatedAttributes == null) {
return null;
}
PKCS9Attribute tsTokenAttr =
unauthenticatedAttributes.getAttribute(
PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
if (tsTokenAttr == null) {
return null;
}
return new PKCS7((byte[])tsTokenAttr.getValue());
}
/*
* Extracts a timestamp from a PKCS7 SignerInfo.
*
......@@ -525,19 +542,12 @@ public class SignerInfo implements DerEncoder {
if (timestamp != null || !hasTimestamp)
return timestamp;
if (unauthenticatedAttributes == null) {
hasTimestamp = false;
return null;
}
PKCS9Attribute tsTokenAttr =
unauthenticatedAttributes.getAttribute(
PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
if (tsTokenAttr == null) {
PKCS7 tsToken = getTsToken();
if (tsToken == null) {
hasTimestamp = false;
return null;
}
PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue());
// Extract the content (an encoded timestamp token info)
byte[] encTsTokenInfo = tsToken.getContentInfo().getData();
// Extract the signer (the Timestamping Authority)
......
src/share/classes/sun/security/pkcs11/P11Signature.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -705,12 +705,21 @@ final class P11Signature extends SignatureSpi {
}
}
private static byte[] asn1ToDSA(byte[] signature) throws SignatureException {
private static byte[] asn1ToDSA(byte[] sig) throws SignatureException {
try {
DerInputStream in = new DerInputStream(signature);
// Enforce strict DER checking for signatures
DerInputStream in = new DerInputStream(sig, 0, sig.length, false);
DerValue[] values = in.getSequence(2);
// check number of components in the read sequence
// and trailing data
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("Invalid encoding for signature");
}
BigInteger r = values[0].getPositiveBigInteger();
BigInteger s = values[1].getPositiveBigInteger();
byte[] br = toByteArray(r, 20);
byte[] bs = toByteArray(s, 20);
if ((br == null) || (bs == null)) {
......@@ -720,16 +729,25 @@ final class P11Signature extends SignatureSpi {
} catch (SignatureException e) {
throw e;
} catch (Exception e) {
throw new SignatureException("invalid encoding for signature", e);
throw new SignatureException("Invalid encoding for signature", e);
}
}
private byte[] asn1ToECDSA(byte[] signature) throws SignatureException {
private byte[] asn1ToECDSA(byte[] sig) throws SignatureException {
try {
DerInputStream in = new DerInputStream(signature);
// Enforce strict DER checking for signatures
DerInputStream in = new DerInputStream(sig, 0, sig.length, false);
DerValue[] values = in.getSequence(2);
// check number of components in the read sequence
// and trailing data
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("Invalid encoding for signature");
}
BigInteger r = values[0].getPositiveBigInteger();
BigInteger s = values[1].getPositiveBigInteger();
// trim leading zeroes
byte[] br = KeyUtil.trimZeroes(r.toByteArray());
byte[] bs = KeyUtil.trimZeroes(s.toByteArray());
......@@ -740,7 +758,7 @@ final class P11Signature extends SignatureSpi {
System.arraycopy(bs, 0, res, res.length - bs.length, bs.length);
return res;
} catch (Exception e) {
throw new SignatureException("invalid encoding for signature", e);
throw new SignatureException("Invalid encoding for signature", e);
}
}
......
src/share/classes/sun/security/provider/DSA.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -267,14 +267,20 @@ abstract class DSA extends SignatureSpi {
BigInteger s = null;
// first decode the signature.
try {
DerInputStream in = new DerInputStream(signature, offset, length);
// Enforce strict DER checking for signatures
DerInputStream in =
new DerInputStream(signature, offset, length, false);
DerValue[] values = in.getSequence(2);
// check number of components in the read sequence
// and trailing data
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("Invalid encoding for signature");
}
r = values[0].getBigInteger();
s = values[1].getBigInteger();
} catch (IOException e) {
throw new SignatureException("invalid encoding for signature");
throw new SignatureException("Invalid encoding for signature", e);
}
// some implementations do not correctly encode values in the ASN.1
......@@ -366,13 +372,49 @@ abstract class DSA extends SignatureSpi {
return t5.mod(q);
}
// NOTE: This following impl is defined in FIPS 186-4 AppendixB.2.1.
protected BigInteger generateK(BigInteger q) {
// Implementation defined in FIPS 186-4 AppendixB.2.1.
SecureRandom random = getSigningRandom();
byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8];
random.nextBytes(kValue);
return new BigInteger(1, kValue).mod(q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
BigInteger k = new BigInteger(1, kValue).mod(
q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
// Using an equivalent exponent of fixed length (same as q or 1 bit
// less than q) to keep the kG timing relatively constant.
//
// Note that this is an extra step on top of the approach defined in
// FIPS 186-4 AppendixB.2.1 so as to make a fixed length K.
k = k.add(q).divide(BigInteger.valueOf(2));
// An alternative implementation based on FIPS 186-4 AppendixB2.2
// with fixed-length K.
//
// Please keep it here as we may need to switch to it in the future.
//
// SecureRandom random = getSigningRandom();
// byte[] kValue = new byte[(q.bitLength() + 7)/8];
// BigInteger d = q.subtract(BigInteger.TWO);
// BigInteger k;
// do {
// random.nextBytes(kValue);
// BigInteger c = new BigInteger(1, kValue);
// if (c.compareTo(d) <= 0) {
// k = c.add(BigInteger.ONE);
// // Using an equivalent exponent of fixed length to keep
// // the g^k timing relatively constant.
// //
// // Note that this is an extra step on top of the approach
// // defined in FIPS 186-4 AppendixB.2.2 so as to make a
// // fixed length K.
// if (k.bitLength() >= q.bitLength()) {
// break;
// }
// }
// } while (true);
return k;
}
// Use the application-specified SecureRandom Object if provided.
......
src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
浏览文件 @ 83f4f6a9
......@@ -29,7 +29,6 @@ import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Set;
import java.util.EnumSet;
import java.math.BigInteger;
......@@ -60,7 +59,7 @@ import sun.security.x509.X509CRLImpl;
import sun.security.x509.AlgorithmId;
/**
* A {@code PKIXCertPathChecker} implementation to check whether a
* A <code>PKIXCertPathChecker</code> implementation to check whether a
* specified certificate contains the required algorithm constraints.
* <p>
* Certificate fields such as the subject public key, the signature
......@@ -75,7 +74,6 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
private final AlgorithmConstraints constraints;
private final PublicKey trustedPubKey;
private final Date pkixdate;
private PublicKey prevPubKey;
private final static Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
......@@ -101,7 +99,7 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
private boolean trustedMatch = false;
/**
* Create a new {@code AlgorithmChecker} with the algorithm
* Create a new <code>AlgorithmChecker</code> with the algorithm
* constraints specified in security property
* "jdk.certpath.disabledAlgorithms".
*
......@@ -109,26 +107,11 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
* certificate
*/
public AlgorithmChecker(TrustAnchor anchor) {
this(anchor, certPathDefaultConstraints, null);
this(anchor, certPathDefaultConstraints);
}
/**
* Create a new {@code AlgorithmChecker} with the
* given {@code TrustAnchor} and {@code AlgorithmConstraints}.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
*
* @throws IllegalArgumentException if the {@code anchor} is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints) {
this(anchor, constraints, null);
}
/**
* Create a new {@code AlgorithmChecker} with the
* Create a new <code>AlgorithmChecker</code> with the
* given {@code AlgorithmConstraints}.
* <p>
* Note that this constructor will be used to check a certification
......@@ -141,24 +124,20 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
this.prevPubKey = null;
this.trustedPubKey = null;
this.constraints = constraints;
this.pkixdate = null;
}
/**
* Create a new {@code AlgorithmChecker} with the
* given {@code TrustAnchor} and {@code AlgorithmConstraints}.
* Create a new <code>AlgorithmChecker</code> with the
* given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
* @param pkixdate Date the constraints are checked against. The value is
* either the PKIXParameter date or null for the current date.
*
* @throws IllegalArgumentException if the {@code anchor} is null
* @throws IllegalArgumentException if the <code>anchor</code> is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints,
Date pkixdate) {
AlgorithmConstraints constraints) {
if (anchor == null) {
throw new IllegalArgumentException(
......@@ -178,22 +157,6 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
this.prevPubKey = trustedPubKey;
this.constraints = constraints;
this.pkixdate = pkixdate;
}
/**
* Create a new {@code AlgorithmChecker} with the
* given {@code TrustAnchor} and {@code PKIXParameter} date.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param pkixdate Date the constraints are checked against. The value is
* either the PKIXParameter date or null for the current date.
*
* @throws IllegalArgumentException if the {@code anchor} is null
*/
public AlgorithmChecker(TrustAnchor anchor, Date pkixdate) {
this(anchor, certPathDefaultConstraints, pkixdate);
}
// Check this 'cert' for restrictions in the AnchorCertificates
......@@ -292,16 +255,17 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
PublicKey currPubKey = cert.getPublicKey();
// Check against DisabledAlgorithmConstraints certpath constraints.
// permits() will throw exception on failure.
certPathDefaultConstraints.permits(primitives,
if (constraints instanceof DisabledAlgorithmConstraints) {
// Check against DisabledAlgorithmConstraints certpath constraints.
// permits() will throw exception on failure.
((DisabledAlgorithmConstraints)constraints).permits(primitives,
new CertConstraintParameters((X509Certificate)cert,
trustedMatch, pkixdate));
// new CertConstraintParameters(x509Cert, trustedMatch));
// If there is no previous key, set one and exit
if (prevPubKey == null) {
prevPubKey = currPubKey;
return;
trustedMatch));
// If there is no previous key, set one and exit
if (prevPubKey == null) {
prevPubKey = currPubKey;
return;
}
}
X509CertImpl x509Cert;
......
src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
浏览文件 @ 83f4f6a9
......@@ -172,7 +172,7 @@ public final class PKIXCertPathValidator extends CertPathValidatorSpi {
List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
// add standard checkers that we will be using
certPathCheckers.add(untrustedChecker);
certPathCheckers.add(new AlgorithmChecker(anchor, params.date()));
certPathCheckers.add(new AlgorithmChecker(anchor));
certPathCheckers.add(new KeyChecker(certPathLen,
params.targetCertConstraints()));
certPathCheckers.add(new ConstraintsChecker(certPathLen));
......
src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
浏览文件 @ 83f4f6a9
......@@ -343,8 +343,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
checkers.add(policyChecker);
// add the algorithm checker
checkers.add(new AlgorithmChecker(builder.trustAnchor,
buildParams.date()));
checkers.add(new AlgorithmChecker(builder.trustAnchor));
BasicChecker basicChecker = null;
if (nextState.keyParamsNeeded()) {
......
src/share/classes/sun/security/rsa/RSASignature.java
浏览文件 @ 83f4f6a9
......@@ -223,9 +223,10 @@ public abstract class RSASignature extends SignatureSpi {
* Decode the signature data. Verify that the object identifier matches
* and return the message digest.
*/
public static byte[] decodeSignature(ObjectIdentifier oid, byte[] signature)
public static byte[] decodeSignature(ObjectIdentifier oid, byte[] sig)
throws IOException {
DerInputStream in = new DerInputStream(signature);
// Enforce strict DER checking for signatures
DerInputStream in = new DerInputStream(sig, 0, sig.length, false);
DerValue[] values = in.getSequence(2);
if ((values.length != 2) || (in.available() != 0)) {
throw new IOException("SEQUENCE length error");
......
src/share/classes/sun/security/ssl/ServerHandshaker.java
浏览文件 @ 83f4f6a9
......@@ -1026,11 +1026,18 @@ final class ServerHandshaker extends Handshaker {
if (trySetCipherSuite(suite) == false) {
continue;
}
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Standard ciphersuite chosen: " + suite);
}
return;
}
for (CipherSuite suite : legacySuites) {
if (trySetCipherSuite(suite)) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Legacy ciphersuite chosen: " + suite);
}
return;
}
}
......
src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java
浏览文件 @ 83f4f6a9
......@@ -280,7 +280,7 @@ final class SupportedEllipticCurvesExtension extends HelloExtension {
private static int getPreferredCurve(int[] curves,
AlgorithmConstraints constraints) {
for (int curveId : curves) {
if (constraints.permits(
if (isSupported(curveId) && constraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
"EC", idToParams.get(curveId))) {
return curveId;
......
src/share/classes/sun/security/tools/jarsigner/Main.java
浏览文件 @ 83f4f6a9
......@@ -53,6 +53,9 @@ import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.util.Map.Entry;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;
import sun.security.timestamp.TimestampToken;
import sun.security.tools.KeyStoreUtil;
import sun.security.tools.PathList;
import sun.security.x509.*;
......@@ -97,6 +100,15 @@ public class Main {
private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds
private static final DisabledAlgorithmConstraints DISABLED_CHECK =
new DisabledAlgorithmConstraints(
DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS);
private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET = Collections
.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST));
private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections
.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
// Attention:
// This is the entry that get launched by the security tool jarsigner.
public static void main(String args[]) throws Exception {
......@@ -172,6 +184,8 @@ public class Main {
private boolean badExtendedKeyUsage = false;
private boolean badNetscapeCertType = false;
private boolean seeWeak = false;
CertificateFactory certificateFactory;
CertPathValidator validator;
PKIXParameters pkixParameters;
......@@ -577,6 +591,10 @@ public class Main {
{
boolean anySigned = false; // if there exists entry inside jar signed
JarFile jf = null;
Map<String,String> digestMap = new HashMap<>();
Map<String,PKCS7> sigMap = new HashMap<>();
Map<String,String> sigNameMap = new HashMap<>();
Map<String,String> unparsableSignatures = new HashMap<>();
try {
jf = new JarFile(jarName, true);
......@@ -587,17 +605,44 @@ public class Main {
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
entriesVec.addElement(je);
InputStream is = null;
try (InputStream is = jf.getInputStream(je)) {
String name = je.getName();
if (signatureRelated(name)
&& SignatureFileVerifier.isBlockOrSF(name)) {
String alias = name.substring(name.lastIndexOf('/') + 1,
name.lastIndexOf('.'));
try {
is = jf.getInputStream(je);
int n;
while ((n = is.read(buffer, 0, buffer.length)) != -1) {
if (name.endsWith(".SF")) {
Manifest sf = new Manifest(is);
boolean found = false;
for (Object obj : sf.getMainAttributes().keySet()) {
String key = obj.toString();
if (key.endsWith("-Digest-Manifest")) {
digestMap.put(alias,
key.substring(0, key.length() - 16));
found = true;
break;
}
}
if (!found) {
unparsableSignatures.putIfAbsent(alias,
String.format(
rb.getString("history.unparsable"),
name));
}
} else {
sigNameMap.put(alias, name);
sigMap.put(alias, new PKCS7(is));
}
} catch (IOException ioe) {
unparsableSignatures.putIfAbsent(alias, String.format(
rb.getString("history.unparsable"), name));
}
} else {
while (is.read(buffer, 0, buffer.length) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails.
}
} finally {
if (is != null) {
is.close();
}
}
}
......@@ -756,13 +801,106 @@ public class Main {
System.out.println(rb.getString(
".X.not.signed.by.specified.alias.es."));
}
System.out.println();
}
if (man == null)
if (man == null) {
System.out.println();
System.out.println(rb.getString("no.manifest."));
}
// Even if the verbose option is not specified, all out strings
// must be generated so seeWeak can be updated.
if (!digestMap.isEmpty()
|| !sigMap.isEmpty()
|| !unparsableSignatures.isEmpty()) {
if (verbose != null) {
System.out.println();
}
for (String s : sigMap.keySet()) {
if (!digestMap.containsKey(s)) {
unparsableSignatures.putIfAbsent(s, String.format(
rb.getString("history.nosf"), s));
}
}
for (String s : digestMap.keySet()) {
PKCS7 p7 = sigMap.get(s);
if (p7 != null) {
String history;
try {
SignerInfo si = p7.getSignerInfos()[0];
X509Certificate signer = si.getCertificate(p7);
String digestAlg = digestMap.get(s);
String sigAlg = AlgorithmId.makeSigAlg(
si.getDigestAlgorithmId().getName(),
si.getDigestEncryptionAlgorithmId().getName());
PublicKey key = signer.getPublicKey();
PKCS7 tsToken = si.getTsToken();
if (tsToken != null) {
SignerInfo tsSi = tsToken.getSignerInfos()[0];
X509Certificate tsSigner = tsSi.getCertificate(tsToken);
byte[] encTsTokenInfo = tsToken.getContentInfo().getData();
TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
PublicKey tsKey = tsSigner.getPublicKey();
String tsDigestAlg = tsTokenInfo.getHashAlgorithm().getName();
String tsSigAlg = AlgorithmId.makeSigAlg(
tsSi.getDigestAlgorithmId().getName(),
tsSi.getDigestEncryptionAlgorithmId().getName());
Calendar c = Calendar.getInstance(
TimeZone.getTimeZone("UTC"),
Locale.getDefault(Locale.Category.FORMAT));
c.setTime(tsTokenInfo.getDate());
history = String.format(
rb.getString("history.with.ts"),
signer.getSubjectX500Principal(),
withWeak(digestAlg, DIGEST_PRIMITIVE_SET),
withWeak(sigAlg, SIG_PRIMITIVE_SET),
withWeak(key),
c,
tsSigner.getSubjectX500Principal(),
withWeak(tsDigestAlg, DIGEST_PRIMITIVE_SET),
withWeak(tsSigAlg, SIG_PRIMITIVE_SET),
withWeak(tsKey));
} else {
history = String.format(
rb.getString("history.without.ts"),
signer.getSubjectX500Principal(),
withWeak(digestAlg, DIGEST_PRIMITIVE_SET),
withWeak(sigAlg, SIG_PRIMITIVE_SET),
withWeak(key));
}
} catch (Exception e) {
// The only usage of sigNameMap, remember the name
// of the block file if it's invalid.
history = String.format(
rb.getString("history.unparsable"),
sigNameMap.get(s));
}
if (verbose != null) {
System.out.println(history);
}
} else {
unparsableSignatures.putIfAbsent(s, String.format(
rb.getString("history.nobk"), s));
}
}
if (verbose != null) {
for (String s : unparsableSignatures.keySet()) {
System.out.println(unparsableSignatures.get(s));
}
}
}
System.out.println();
if (!anySigned) {
if (hasSignature) {
if (seeWeak) {
if (verbose != null) {
System.out.println(rb.getString("jar.treated.unsigned.see.weak.verbose"));
System.out.println("\n " +
DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS +
"=" + Security.getProperty(DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS));
} else {
System.out.println(rb.getString("jar.treated.unsigned.see.weak"));
}
} else if (hasSignature) {
System.out.println(rb.getString("jar.treated.unsigned"));
} else {
System.out.println(rb.getString("jar.is.unsigned"));
......@@ -869,6 +1007,26 @@ public class Main {
System.exit(1);
}
private String withWeak(String alg, Set<CryptoPrimitive> primitiveSet) {
if (DISABLED_CHECK.permits(primitiveSet, alg, null)) {
return alg;
} else {
seeWeak = true;
return String.format(rb.getString("with.weak"), alg);
}
}
private String withWeak(PublicKey key) {
if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
return String.format(
rb.getString("key.bit"), KeyUtil.getKeySize(key));
} else {
seeWeak = true;
return String.format(
rb.getString("key.bit.weak"), KeyUtil.getKeySize(key));
}
}
private static MessageFormat validityTimeForm = null;
private static MessageFormat notYetTimeForm = null;
private static MessageFormat expiredTimeForm = null;
......
src/share/classes/sun/security/tools/jarsigner/Resources.java
浏览文件 @ 83f4f6a9
......@@ -138,11 +138,26 @@ public class Resources extends java.util.ListResourceBundle {
{"jar.is.unsigned",
"jar is unsigned."},
{"jar.treated.unsigned",
"Signature not parsable or verifiable. The jar will be treated as unsigned. The jar may have been signed with a weak algorithm that is now disabled. For more information, rerun jarsigner with debug enabled (-J-Djava.security.debug=jar)."},
"WARNING: Signature is either not parsable or not verifiable, and the jar will be treated as unsigned. For more information, re-run jarsigner with debug enabled (-J-Djava.security.debug=jar)."},
{"jar.treated.unsigned.see.weak",
"The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner with the -verbose option for more details."},
{"jar.treated.unsigned.see.weak.verbose",
"WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:"},
{"jar.signed.", "jar signed."},
{"jar.signed.with.signer.errors.", "jar signed, with signer errors."},
{"jar.verified.", "jar verified."},
{"jar.verified.with.signer.errors.", "jar verified, with signer errors."},
{"history.with.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s\n Timestamped by \"%6$s\" on %5$tc\n Timestamp digest algorithm: %7$s\n Timestamp signature algorithm: %8$s, %9$s"},
{"history.without.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s"},
{"history.unparsable", "- Unparsable signature-related file %s"},
{"history.nosf", "- Missing signature-related file META-INF/%s.SF"},
{"history.nobk", "- Missing block file for signature-related file META-INF/%s.SF"},
{"with.weak", "%s (weak)"},
{"key.bit", "%d-bit key"},
{"key.bit.weak", "%d-bit key (weak)"},
{"jarsigner.", "jarsigner: "},
{"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
"signature filename must consist of the following characters: A-Z, 0-9, _ or -"},
......
src/share/classes/sun/security/tools/jarsigner/Resources_ja.java
浏览文件 @ 83f4f6a9
......@@ -135,12 +135,29 @@ public class Resources_ja extends java.util.ListResourceBundle {
{"no.manifest.", "\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u306F\u5B58\u5728\u3057\u307E\u305B\u3093\u3002"},
{".Signature.related.entries.","(\u30B7\u30B0\u30CD\u30C1\u30E3\u95A2\u9023\u30A8\u30F3\u30C8\u30EA)"},
{".Unsigned.entries.", "(\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA)"},
{"jar.is.unsigned.signatures.missing.or.not.parsable.",
"jar\u306F\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002(\u30B7\u30B0\u30CD\u30C1\u30E3\u304C\u898B\u3064\u304B\u3089\u306A\u3044\u304B\u3001\u69CB\u6587\u89E3\u6790\u3067\u304D\u307E\u305B\u3093)"},
{"jar.is.unsigned",
"jar\u306F\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"},
{"jar.treated.unsigned",
"\u8B66\u544A: \u7F72\u540D\u304C\u69CB\u6587\u89E3\u6790\u3067\u304D\u306A\u3044\u304B\u691C\u8A3C\u3067\u304D\u306A\u3044\u305F\u3081\u3001\u3053\u306Ejar\u306F\u672A\u7F72\u540D\u3068\u3057\u3066\u6271\u308F\u308C\u307E\u3059\u3002\u8A73\u7D30\u306F\u3001\u30C7\u30D0\u30C3\u30B0\u3092\u6709\u52B9\u306B\u3057\u3066(-J-Djava.security.debug=jar) jarsigner\u3092\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
{"jar.treated.unsigned.see.weak",
"\u3053\u306Ejar\u306F\u3001\u73FE\u5728\u7121\u52B9\u306B\u306A\u3063\u3066\u3044\u308B\u5F31\u3044\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u3067\u7F72\u540D\u3055\u308C\u3066\u3044\u308B\u305F\u3081\u3001\u672A\u7F72\u540D\u3068\u3057\u3066\u6271\u308F\u308C\u307E\u3059\u3002\n\n\u8A73\u7D30\u306F\u3001-verbose\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066jarsigner\u3092\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
{"jar.treated.unsigned.see.weak.verbose",
"\u8B66\u544A: \u3053\u306Ejar\u306F\u3001\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30FB\u30D7\u30ED\u30D1\u30C6\u30A3\u306B\u3088\u3063\u3066\u73FE\u5728\u7121\u52B9\u306B\u306A\u3063\u3066\u3044\u308B\u5F31\u3044\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u3067\u7F72\u540D\u3055\u308C\u3066\u3044\u308B\u305F\u3081\u3001\u672A\u7F72\u540D\u3068\u3057\u3066\u6271\u308F\u308C\u307E\u3059:"},
{"jar.signed.", "jar\u306F\u7F72\u540D\u3055\u308C\u307E\u3057\u305F\u3002"},
{"jar.signed.with.signer.errors.", "jar\u306F\u7F72\u540D\u3055\u308C\u307E\u3057\u305F - \u7F72\u540D\u8005\u30A8\u30E9\u30FC\u304C\u3042\u308A\u307E\u3059\u3002"},
{"jar.verified.", "jar\u304C\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F\u3002"},
{"jar.verified.with.signer.errors.", "jar\u306F\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F - \u7F72\u540D\u8005\u30A8\u30E9\u30FC\u304C\u3042\u308A\u307E\u3059\u3002"},
{"history.with.ts", "- \u7F72\u540D\u8005: \"%1$s\"\n \u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %2$s\n \u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %3$s\u3001%4$s\n \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u4ED8\u52A0\u8005: \"%6$s\" \u65E5\u6642: %5$tc\n \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %7$s\n \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %8$s\u3001%9$s"},
{"history.without.ts", "- \u7F72\u540D\u8005: \"%1$s\"\n \u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %2$s\n \u7F72\u540D\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0: %3$s\u3001%4$s"},
{"history.unparsable", "- \u7F72\u540D\u95A2\u9023\u30D5\u30A1\u30A4\u30EB%s\u3092\u89E3\u6790\u3067\u304D\u307E\u305B\u3093"},
{"history.nosf", "- \u7F72\u540D\u95A2\u9023\u30D5\u30A1\u30A4\u30EBMETA-INF/%s.SF\u304C\u3042\u308A\u307E\u305B\u3093"},
{"history.nobk", "- \u7F72\u540D\u95A2\u9023\u30D5\u30A1\u30A4\u30EBMETA-INF/%s.SF\u306E\u30D6\u30ED\u30C3\u30AF\u30FB\u30D5\u30A1\u30A4\u30EB\u304C\u3042\u308A\u307E\u305B\u3093"},
{"with.weak", "%s (\u5F31)"},
{"key.bit", "%d\u30D3\u30C3\u30C8\u9375"},
{"key.bit.weak", "%d\u30D3\u30C3\u30C8\u9375(\u5F31)"},
{"jarsigner.", "jarsigner: "},
{"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
"\u30B7\u30B0\u30CD\u30C1\u30E3\u306E\u30D5\u30A1\u30A4\u30EB\u540D\u306B\u4F7F\u7528\u3067\u304D\u308B\u6587\u5B57\u306F\u3001A-Z\u30010-9\u3001_\u3001- \u306E\u307F\u3067\u3059\u3002"},
......
src/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
浏览文件 @ 83f4f6a9
......@@ -135,12 +135,29 @@ public class Resources_zh_CN extends java.util.ListResourceBundle {
{"no.manifest.", "\u6CA1\u6709\u6E05\u5355\u3002"},
{".Signature.related.entries.","(\u4E0E\u7B7E\u540D\u76F8\u5173\u7684\u6761\u76EE)"},
{".Unsigned.entries.", "(\u672A\u7B7E\u540D\u6761\u76EE)"},
{"jar.is.unsigned.signatures.missing.or.not.parsable.",
"jar \u672A\u7B7E\u540D\u3002(\u7F3A\u5C11\u7B7E\u540D\u6216\u65E0\u6CD5\u89E3\u6790\u7B7E\u540D)"},
{"jar.is.unsigned",
"jar \u672A\u7B7E\u540D\u3002"},
{"jar.treated.unsigned",
"\u8B66\u544A: \u7B7E\u540D\u65E0\u6CD5\u89E3\u6790\u6216\u9A8C\u8BC1, \u8BE5 jar \u5C06\u88AB\u89C6\u4E3A\u672A\u7B7E\u540D\u3002\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u5728\u542F\u7528\u8C03\u8BD5\u7684\u60C5\u51B5\u4E0B\u91CD\u65B0\u8FD0\u884C jarsigner (-J-Djava.security.debug=jar)\u3002"},
{"jar.treated.unsigned.see.weak",
"\u7531\u4E8E\u8BE5 jar \u662F\u4F7F\u7528\u76EE\u524D\u5DF2\u7981\u7528\u7684\u5F31\u7B97\u6CD5\u7B7E\u540D\u7684, \u56E0\u6B64\u8BE5 jar \u5C06\u88AB\u89C6\u4E3A\u672A\u7B7E\u540D\u3002\n\n\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u9009\u9879\u91CD\u65B0\u8FD0\u884C jarsigner\u3002"},
{"jar.treated.unsigned.see.weak.verbose",
"\u8B66\u544A: \u7531\u4E8E\u8BE5 jar \u662F\u4F7F\u7528\u76EE\u524D\u5DF2\u7531\u5B89\u5168\u5C5E\u6027\u7981\u7528\u7684\u5F31\u7B97\u6CD5\u7B7E\u540D\u7684, \u56E0\u6B64\u8BE5 jar \u5C06\u88AB\u89C6\u4E3A\u672A\u7B7E\u540D:"},
{"jar.signed.", "jar \u5DF2\u7B7E\u540D\u3002"},
{"jar.signed.with.signer.errors.", "jar \u5DF2\u7B7E\u540D, \u4F46\u51FA\u73B0\u7B7E\u540D\u8005\u9519\u8BEF\u3002"},
{"jar.verified.", "jar \u5DF2\u9A8C\u8BC1\u3002"},
{"jar.verified.with.signer.errors.", "jar \u5DF2\u9A8C\u8BC1, \u4F46\u51FA\u73B0\u7B7E\u540D\u8005\u9519\u8BEF\u3002"},
{"history.with.ts", "- \u7531 \"%1$s\" \u7B7E\u540D\n \u6458\u8981\u7B97\u6CD5: %2$s\n \u7B7E\u540D\u7B97\u6CD5: %3$s, %4$s\n \u7531 \"%6$s\" \u4E8E %5$tc \u52A0\u65F6\u95F4\u6233\n \u65F6\u95F4\u6233\u6458\u8981\u7B97\u6CD5: %7$s\n \u65F6\u95F4\u6233\u7B7E\u540D\u7B97\u6CD5: %8$s, %9$s"},
{"history.without.ts", "- \u7531 \"%1$s\" \u7B7E\u540D\n \u6458\u8981\u7B97\u6CD5: %2$s\n \u7B7E\u540D\u7B97\u6CD5: %3$s, %4$s"},
{"history.unparsable", "- \u65E0\u6CD5\u89E3\u6790\u7684\u4E0E\u7B7E\u540D\u76F8\u5173\u7684\u6587\u4EF6 %s"},
{"history.nosf", "- \u7F3A\u5C11\u4E0E\u7B7E\u540D\u76F8\u5173\u7684\u6587\u4EF6 META-INF/%s.SF"},
{"history.nobk", "- \u4E0E\u7B7E\u540D\u76F8\u5173\u7684\u6587\u4EF6 META-INF/%s.SF \u7F3A\u5C11\u5757\u6587\u4EF6"},
{"with.weak", "%s (\u5F31)"},
{"key.bit", "%d \u4F4D\u5BC6\u94A5"},
{"key.bit.weak", "%d \u4F4D\u5BC6\u94A5 (\u5F31)"},
{"jarsigner.", "jarsigner: "},
{"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
"\u7B7E\u540D\u6587\u4EF6\u540D\u5FC5\u987B\u5305\u542B\u4EE5\u4E0B\u5B57\u7B26: A-Z, 0-9, _ \u6216 -"},
......
src/share/classes/sun/security/tools/policytool/Resources_sv.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -43,7 +43,7 @@ public class Resources_sv extends java.util.ListResourceBundle {
{"Illegal.option.option", "Otill\u00E5tet alternativ: {0}"},
{"Usage.policytool.options.", "Syntax: policytool [alternativ]"},
{".file.file.policy.file.location",
" [-file <fil>] policyfilens plats"},
" [-file <fil>] policyfiladress"},
{"New", "&Nytt"},
{"Open", "&\u00D6ppna..."},
{"Save", "S&para"},
......
src/share/classes/sun/security/util/AnchorCertificates.java
浏览文件 @ 83f4f6a9
......@@ -56,7 +56,7 @@ public class AnchorCertificates {
try {
cacerts = KeyStore.getInstance("JKS");
try (FileInputStream fis = new FileInputStream(f)) {
cacerts.load(fis, "changeit".toCharArray());
cacerts.load(fis, null);
certs = new HashSet<>();
Enumeration<String> list = cacerts.aliases();
String alias;
......
src/share/classes/sun/security/util/CertConstraintParameters.java
浏览文件 @ 83f4f6a9
......@@ -26,7 +26,6 @@
package sun.security.util;
import java.security.cert.X509Certificate;
import java.util.Date;
/**
* This class is a wrapper for keeping state and passing objects between PKIX,
......@@ -35,21 +34,18 @@ import java.util.Date;
public class CertConstraintParameters {
// A certificate being passed to check against constraints.
private final X509Certificate cert;
// This is true if the trust anchor in the certificate chain matches a cert
// in AnchorCertificates
private final boolean trustedMatch;
// PKIXParameter date
private final Date pkixDate;
public CertConstraintParameters(X509Certificate c, boolean match,
Date pkixdate) {
public CertConstraintParameters(X509Certificate c, boolean match) {
cert = c;
trustedMatch = match;
pkixDate = pkixdate;
}
public CertConstraintParameters(X509Certificate c) {
this(c, false, null);
this(c, false);
}
// Returns if the trust anchor has a match if anchor checking is enabled.
......@@ -60,9 +56,4 @@ public class CertConstraintParameters {
public X509Certificate getCertificate() {
return cert;
}
public Date getPKIXParamDate() {
return pkixDate;
}
}
src/share/classes/sun/security/util/DerInputBuffer.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -147,6 +147,11 @@ class DerInputBuffer extends ByteArrayInputStream implements Cloneable {
System.arraycopy(buf, pos, bytes, 0, len);
skip(len);
// check to make sure no extra leading 0s for DER
if (len >= 2 && (bytes[0] == 0) && (bytes[1] >= 0)) {
throw new IOException("Invalid encoding: redundant leading 0s");
}
if (makePositive) {
return new BigInteger(1, bytes);
} else {
......
src/share/classes/sun/security/util/DerInputStream.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -77,7 +77,7 @@ public class DerInputStream {
* @param data the buffer from which to create the string (CONSUMED)
*/
public DerInputStream(byte[] data) throws IOException {
init(data, 0, data.length);
init(data, 0, data.length, true);
}
/**
......@@ -92,23 +92,48 @@ public class DerInputStream {
* starting at "offset"
*/
public DerInputStream(byte[] data, int offset, int len) throws IOException {
init(data, offset, len);
init(data, offset, len, true);
}
/**
* Create a DER input stream from part of a data buffer with
* additional arg to indicate whether to allow constructed
* indefinite-length encoding.
* The buffer is not copied, it is shared. Accordingly, the
* buffer should be treated as read-only.
*
* @param data the buffer from which to create the string (CONSUMED)
* @param offset the first index of <em>data</em> which will
* be read as DER input in the new stream
* @param len how long a chunk of the buffer to use,
* starting at "offset"
* @param allowIndefiniteLength whether to allow constructed
* indefinite-length encoding
*/
public DerInputStream(byte[] data, int offset, int len,
boolean allowIndefiniteLength) throws IOException {
init(data, offset, len, allowIndefiniteLength);
}
/*
* private helper routine
*/
private void init(byte[] data, int offset, int len) throws IOException {
private void init(byte[] data, int offset, int len,
boolean allowIndefiniteLength) throws IOException {
if ((offset+2 > data.length) || (offset+len > data.length)) {
throw new IOException("Encoding bytes too short");
}
// check for indefinite length encoding
if (DerIndefLenConverter.isIndefinite(data[offset+1])) {
byte[] inData = new byte[len];
System.arraycopy(data, offset, inData, 0, len);
DerIndefLenConverter derIn = new DerIndefLenConverter();
buffer = new DerInputBuffer(derIn.convert(inData));
if (!allowIndefiniteLength) {
throw new IOException("Indefinite length BER encoding found");
} else {
byte[] inData = new byte[len];
System.arraycopy(data, offset, inData, 0, len);
DerIndefLenConverter derIn = new DerIndefLenConverter();
buffer = new DerInputBuffer(derIn.convert(inData));
}
} else
buffer = new DerInputBuffer(data, offset, len);
buffer.mark(Integer.MAX_VALUE);
......@@ -233,12 +258,21 @@ public class DerInputStream {
* First byte = number of excess bits in the last octet of the
* representation.
*/
int validBits = length*8 - buffer.read();
int excessBits = buffer.read();
if (excessBits < 0) {
throw new IOException("Unused bits of bit string invalid");
}
int validBits = length*8 - excessBits;
if (validBits < 0) {
throw new IOException("Valid bits of bit string invalid");
}
byte[] repn = new byte[length];
if ((length != 0) && (buffer.read(repn) != length))
throw new IOException("short read of DER bit string");
if ((length != 0) && (buffer.read(repn) != length)) {
throw new IOException("Short read of DER bit string");
}
return new BitArray(validBits, repn);
}
......@@ -252,7 +286,7 @@ public class DerInputStream {
int length = getLength(buffer);
byte[] retval = new byte[length];
if ((length != 0) && (buffer.read(retval) != length))
throw new IOException("short read of DER octet string");
throw new IOException("Short read of DER octet string");
return retval;
}
......@@ -262,7 +296,7 @@ public class DerInputStream {
*/
public void getBytes(byte[] val) throws IOException {
if ((val.length != 0) && (buffer.read(val) != val.length)) {
throw new IOException("short read of DER octet string");
throw new IOException("Short read of DER octet string");
}
}
......@@ -346,7 +380,7 @@ public class DerInputStream {
DerInputStream newstr;
byte lenByte = (byte)buffer.read();
int len = getLength((lenByte & 0xff), buffer);
int len = getLength(lenByte, buffer);
if (len == -1) {
// indefinite length encoding found
......@@ -392,7 +426,7 @@ public class DerInputStream {
} while (newstr.available() > 0);
if (newstr.available() != 0)
throw new IOException("extra data at end of vector");
throw new IOException("Extra data at end of vector");
/*
* Now stick them into the array we're returning.
......@@ -483,7 +517,7 @@ public class DerInputStream {
int length = getLength(buffer);
byte[] retval = new byte[length];
if ((length != 0) && (buffer.read(retval) != length))
throw new IOException("short read of DER " +
throw new IOException("Short read of DER " +
stringName + " string");
return new String(retval, enc);
......@@ -544,7 +578,11 @@ public class DerInputStream {
*/
static int getLength(int lenByte, InputStream in) throws IOException {
int value, tmp;
if (lenByte == -1) {
throw new IOException("Short read of DER length");
}
String mdName = "DerInputStream.getLength(): ";
tmp = lenByte;
if ((tmp & 0x080) == 0x00) { // short form, 1 byte datum
value = tmp;
......@@ -558,17 +596,23 @@ public class DerInputStream {
if (tmp == 0)
return -1;
if (tmp < 0 || tmp > 4)
throw new IOException("DerInputStream.getLength(): lengthTag="
+ tmp + ", "
throw new IOException(mdName + "lengthTag=" + tmp + ", "
+ ((tmp < 0) ? "incorrect DER encoding." : "too big."));
for (value = 0; tmp > 0; tmp --) {
value = 0x0ff & in.read();
tmp--;
if (value == 0) {
// DER requires length value be encoded in minimum number of bytes
throw new IOException(mdName + "Redundant length bytes found");
}
while (tmp-- > 0) {
value <<= 8;
value += 0x0ff & in.read();
}
if (value < 0) {
throw new IOException("DerInputStream.getLength(): "
+ "Invalid length bytes");
throw new IOException(mdName + "Invalid length bytes");
} else if (value <= 127) {
throw new IOException(mdName + "Should use short form for length");
}
}
return value;
......
src/share/classes/sun/security/util/DerValue.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -249,7 +249,7 @@ public class DerValue {
tag = (byte)in.read();
byte lenByte = (byte)in.read();
length = DerInputStream.getLength((lenByte & 0xff), in);
length = DerInputStream.getLength(lenByte, in);
if (length == -1) { // indefinite length encoding found
DerInputBuffer inbuf = in.dup();
int readLen = inbuf.available();
......@@ -362,7 +362,7 @@ public class DerValue {
tag = (byte)in.read();
byte lenByte = (byte)in.read();
length = DerInputStream.getLength((lenByte & 0xff), in);
length = DerInputStream.getLength(lenByte, in);
if (length == -1) { // indefinite length encoding found
int readLen = in.available();
int offset = 2; // for tag and length bytes
......
src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
浏览文件 @ 83f4f6a9
......@@ -31,15 +31,11 @@ import java.security.Key;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
......@@ -242,8 +238,6 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
private Map<String, Set<Constraint>> constraintsMap = new HashMap<>();
private static final Pattern keySizePattern = Pattern.compile(
"keySize\\s*(<=|<|==|!=|>|>=)\\s*(\\d+)");
private static final Pattern denyAfterPattern = Pattern.compile(
"denyAfter\\s+(\\d{4})-(\\d{2})-(\\d{2})");
public Constraints(String[] constraintArray) {
for (String constraintEntry : constraintArray) {
......@@ -274,11 +268,10 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
}
// Convert constraint conditions into Constraint classes
Constraint c, lastConstraint = null;
Constraint c = null;
Constraint lastConstraint = null;
// Allow only one jdkCA entry per constraint entry
boolean jdkCALimit = false;
// Allow only one denyAfter entry per constraint entry
boolean denyAfterLimit = false;
for (String entry : policy.split("&")) {
entry = entry.trim();
......@@ -304,25 +297,6 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
}
c = new jdkCAConstraint(algorithm);
jdkCALimit = true;
} else if(matcher.usePattern(denyAfterPattern).matches()) {
if (debug != null) {
debug.println("Constraints set to denyAfter");
}
if (denyAfterLimit) {
throw new IllegalArgumentException("Only one " +
"denyAfter entry allowed in property. " +
"Constraint: " + constraintEntry);
}
int year = Integer.parseInt(matcher.group(1));
int month = Integer.parseInt(matcher.group(2));
int day = Integer.parseInt(matcher.group(3));
c = new DenyAfterConstraint(algorithm, year, month,
day);
denyAfterLimit = true;
} else {
throw new IllegalArgumentException("Error in security" +
" property. Constraint unknown: " + entry);
}
// Link multiple conditions for a single constraint
......@@ -332,7 +306,9 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
constraintsMap.putIfAbsent(algorithm,
new HashSet<>());
}
constraintsMap.get(algorithm).add(c);
if (c != null) {
constraintsMap.get(algorithm).add(c);
}
} else {
lastConstraint.nextConstraint = c;
}
......@@ -396,15 +372,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
}
}
/**
* This abstract Constraint class for algorithm-based checking
* may contain one or more constraints. If the '&' on the {@Security}
* property is used, multiple constraints have been grouped together
* requiring all the constraints to fail for the check to be disallowed.
*
* If the class contains multiple constraints, the next constraint
* is stored in {@code nextConstraint} in linked-list fashion.
*/
// Abstract class for algorithm constraint checking
private abstract static class Constraint {
String algorithm;
Constraint nextConstraint = null;
......@@ -440,79 +408,22 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
}
/**
* Check if an algorithm constraint is permitted with a given key.
*
* If the check inside of {@code permit()} fails, it must call
* {@code next()} with the same {@code Key} parameter passed if
* multiple constraints need to be checked.
*
* Check if an algorithm constraint permit this key to be used.
* @param key Public key
* @return 'true' if constraint is allowed, 'false' if disallowed.
* @return true if constraints do not match
*/
public boolean permits(Key key) {
return true;
}
/**
* Check if an algorithm constraint is permitted with a given
* CertConstraintParameters.
*
* If the check inside of {@code permits()} fails, it must call
* {@code next()} with the same {@code CertConstraintParameters}
* parameter passed if multiple constraints need to be checked.
*
* @param cp CertConstraintParameter containing certificate info
* @throws CertPathValidatorException if constraint disallows.
*
* Check if an algorithm constraint is permit this certificate to
* be used.
* @param cp CertificateParameter containing certificate and state info
* @return true if constraints do not match
*/
public abstract void permits(CertConstraintParameters cp)
throws CertPathValidatorException;
/**
* Recursively check if the constraints are allowed.
*
* If {@code nextConstraint} is non-null, this method will
* call {@code nextConstraint}'s {@code permits()} to check if the
* constraint is allowed or denied. If the constraint's
* {@code permits()} is allowed, this method will exit this and any
* recursive next() calls, returning 'true'. If the constraints called
* were disallowed, the last constraint will throw
* {@code CertPathValidatorException}.
*
* @param cp CertConstraintParameters
* @return 'true' if constraint allows the operation, 'false' if
* we are at the end of the constraint list or,
* {@code nextConstraint} is null.
*/
boolean next(CertConstraintParameters cp)
throws CertPathValidatorException {
if (nextConstraint != null) {
nextConstraint.permits(cp);
return true;
}
return false;
}
/**
* Recursively check if this constraint is allowed,
*
* If {@code nextConstraint} is non-null, this method will
* call {@code nextConstraint}'s {@code permit()} to check if the
* constraint is allowed or denied. If the constraint's
* {@code permit()} is allowed, this method will exit this and any
* recursive next() calls, returning 'true'. If the constraints
* called were disallowed the check will exit with 'false'.
*
* @param key Public key
* @return 'true' if constraint allows the operation, 'false' if
* the constraint denies the operation.
*/
boolean next(Key key) {
if (nextConstraint != null && nextConstraint.permits(key)) {
return true;
}
return false;
}
}
/*
......@@ -525,9 +436,9 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
}
/*
* Check if CertConstraintParameters has a trusted match, if it does
* call next() for any following constraints. If it does not, exit
* as this constraint(s) does not restrict the operation.
* Check if each constraint fails and check if there is a linked
* constraint Any permitted constraint will exit the linked list
* to allow the operation.
*/
public void permits(CertConstraintParameters cp)
throws CertPathValidatorException {
......@@ -535,9 +446,10 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
debug.println("jdkCAConstraints.permits(): " + algorithm);
}
// Check chain has a trust anchor in cacerts
// Return false if the chain has a trust anchor in cacerts
if (cp.isTrustedMatch()) {
if (next(cp)) {
if (nextConstraint != null) {
nextConstraint.permits(cp);
return;
}
throw new CertPathValidatorException(
......@@ -548,99 +460,6 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
}
}
/*
* This class handles the denyAfter constraint. The date is in the UTC/GMT
* timezone.
*/
private static class DenyAfterConstraint extends Constraint {
private Date denyAfterDate;
private static final SimpleDateFormat dateFormat =
new SimpleDateFormat("EEE, MMM d HH:mm:ss z YYYY");
DenyAfterConstraint(String algo, int year, int month, int day) {
Calendar c;
algorithm = algo;
if (debug != null) {
debug.println("DenyAfterConstraint read in as: year " +
year + ", month = " + month + ", day = " + day);
}
c = new Calendar.Builder().setTimeZone(TimeZone.getTimeZone("GMT"))
.setDate(year, month - 1, day).build();
if (year > c.getActualMaximum(Calendar.YEAR) ||
year < c.getActualMinimum(Calendar.YEAR)) {
throw new IllegalArgumentException(
"Invalid year given in constraint: " + year);
}
if ((month - 1) > c.getActualMaximum(Calendar.MONTH) ||
(month - 1) < c.getActualMinimum(Calendar.MONTH)) {
throw new IllegalArgumentException(
"Invalid month given in constraint: " + month);
}
if (day > c.getActualMaximum(Calendar.DAY_OF_MONTH) ||
day < c.getActualMinimum(Calendar.DAY_OF_MONTH)) {
throw new IllegalArgumentException(
"Invalid Day of Month given in constraint: " + day);
}
denyAfterDate = c.getTime();
if (debug != null) {
debug.println("DenyAfterConstraint date set to: " +
dateFormat.format(denyAfterDate));
}
}
/*
* Checking that the provided date is not beyond the constraint date.
* The provided date can be the PKIXParameter date if given,
* otherwise it is the current date.
*
* If the constraint disallows, call next() for any following
* constraints. Throw an exception if this is the last constraint.
*/
@Override
public void permits(CertConstraintParameters cp)
throws CertPathValidatorException {
Date currentDate;
if (cp.getPKIXParamDate() != null) {
currentDate = cp.getPKIXParamDate();
} else {
currentDate = new Date();
}
if (!denyAfterDate.after(currentDate)) {
if (next(cp)) {
return;
}
throw new CertPathValidatorException(
"denyAfter constraint check failed. " +
"Constraint date: " +
dateFormat.format(denyAfterDate) +
"; Cert date: " +
dateFormat.format(currentDate),
null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
/*
* Return result if the constraint's date is beyond the current date
* in UTC timezone.
*/
public boolean permits(Key key) {
if (next(key)) {
return true;
}
if (debug != null) {
debug.println("DenyAfterConstraints.permits(): " + algorithm);
}
return denyAfterDate.after(new Date());
}
}
/*
* This class contains constraints dealing with the key size
......
src/share/classes/sun/security/util/ObjectIdentifier.java
浏览文件 @ 83f4f6a9
......@@ -255,7 +255,13 @@ class ObjectIdentifier implements Serializable
+ " (tag = " + type_id + ")"
);
encoding = new byte[in.getLength()];
int len = in.getLength();
if (len > in.available()) {
throw new IOException("ObjectIdentifier() -- length exceeds" +
"data available. Length: " + len + ", Available: " +
in.available());
}
encoding = new byte[len];
in.getBytes(encoding);
check(encoding);
}
......
src/share/classes/sun/util/resources/TimeZoneNames.java
浏览文件 @ 83f4f6a9
......@@ -188,6 +188,9 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
String MHT[] = new String[] {"Marshall Islands Time", "MHT",
"Marshall Islands Summer Time", "MHST",
"Marshall Islands Time", "MHT"};
String MMT[] = new String[] {"Myanmar Time", "MMT",
"Myanmar Summer Time", "MMST",
"Myanmar Time", "MMT"};
String MSK[] = new String[] {"Moscow Standard Time", "MSK",
"Moscow Daylight Time", "MSD",
"Moscow Time", "MT"};
......@@ -683,9 +686,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Qyzylorda Time", "QYZT",
"Qyzylorda Summer Time", "QYZST",
"Qyzylorda Time", "QYZT"}},
{"Asia/Rangoon", new String[] {"Myanmar Time", "MMT",
"Myanmar Summer Time", "MMST",
"Myanmar Time", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"Sakhalin Time", "SAKT",
......@@ -718,6 +719,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
"Vladivostok Summer Time", "VLAST",
"Vladivostok Time", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Yekaterinburg Time", "YEKT",
"Yekaterinburg Summer Time", "YEKST",
"Yekaterinburg Time", "YEKT"}},
......
src/share/classes/sun/util/resources/de/TimeZoneNames_de.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
String MHT[] = new String[] {"Marshallinseln Zeit", "MHT",
"Marshallinseln Sommerzeit", "MHST",
"Marshallinseln Zeit", "MHT"};
String MMT[] = new String[] {"Myanmar Zeit", "MMT",
"Myanmar Sommerzeit", "MMST",
"Myanmar Zeit", "MMT"};
String MSK[] = new String[] {"Moskauer Normalzeit", "MSK",
"Moskauer Sommerzeit", "MSD",
"Zeitzone f\u00FCr Moskau", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Qyzylorda Zeit", "QYZT",
"Qyzylorda Sommerzeit", "QYZST",
"Qyzylorda Zeit", "QYZT"}},
{"Asia/Rangoon", new String[] {"Myanmar Zeit", "MMT",
"Myanmar Sommerzeit", "MMST",
"Myanmar Zeit", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"Sakhalin Zeit", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
"Wladiwostok Sommerzeit", "VLAST",
"Wladiwostok Zeit", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Jekaterinburger Zeit", "YEKT",
"Jekaterinburger Sommerzeit", "YEKST",
"Jekaterinburger Zeit", "YEKT"}},
......
src/share/classes/sun/util/resources/es/TimeZoneNames_es.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
String MHT[] = new String[] {"Hora de las Islas Marshall", "MHT",
"Hora de verano de las Islas Marshall", "MHST",
"Hora de Islas Marshall", "MHT"};
String MMT[] = new String[] {"Hora de Myanmar", "MMT",
"Hora de verano de Myanmar", "MMST",
"Hora de Myanmar", "MMT"};
String MSK[] = new String[] {"Hora est\u00e1ndar de Mosc\u00fa", "MSK",
"Hora de verano de Mosc\u00fa", "MSD",
"Hora de Mosc\u00FA", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Hora de Qyzylorda", "QYZT",
"Hora de verano de Qyzylorda", "QYZST",
"Hora de Qyzylorda", "QYZT"}},
{"Asia/Rangoon", new String[] {"Hora de Myanmar", "MMT",
"Hora de verano de Myanmar", "MMST",
"Hora de Myanmar", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"Hora de Sajalin", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
"Hora de verano de Vladivostok", "VLAST",
"Hora de Vladivostok", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Hora de Ekaterinburgo", "YEKT",
"Hora de verano de Ekaterinburgo", "YEKST",
"Hora de Ekaterinburgo", "YEKT"}},
......
src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
String MHT[] = new String[] {"Heure des Iles Marshall", "MHT",
"Heure d'\u00e9t\u00e9 des Iles Marshall", "MHST",
"Heure des Iles Marshall", "MHT"};
String MMT[] = new String[] {"Heure de Myanmar", "MMT",
"Heure d'\u00e9t\u00e9 de Myanmar", "MMST",
"Heure de Myanmar", "MMT"};
String MSK[] = new String[] {"Heure standard de Moscou", "MSK",
"Heure avanc\u00e9e de Moscou", "MSD",
"Moscou", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Heure de Kyzylorda", "QYZT",
"Heure d'\u00e9t\u00e9 de Kyzylorda", "QYZST",
"Heure de Kyzylorda", "QYZT"}},
{"Asia/Rangoon", new String[] {"Heure de Myanmar", "MMT",
"Heure d'\u00e9t\u00e9 de Myanmar", "MMST",
"Heure de Myanmar", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"Heure de Sakhalin", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
"Heure d'\u00e9t\u00e9 de Vladivostok", "VLAST",
"Heure de Vladivostok", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Heure de Yekaterinburg", "YEKT",
"Heure d'\u00e9t\u00e9 de Yekaterinburg", "YEKST",
"Heure de Yekaterinburg", "YEKT"}},
......
src/share/classes/sun/util/resources/it/TimeZoneNames_it.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
String MHT[] = new String[] {"Ora delle Isole Marshall", "MHT",
"Ora estiva delle Isole Marshall", "MHST",
"Ora delle Isole Marshall", "MHT"};
String MMT[] = new String[] {"Ora della Birmania/Myanmar", "MMT",
"Ora estiva della Birmania/Myanmar", "MMST",
"Ora della Birmania/Myanmar", "MMT"};
String MSK[] = new String[] {"Ora standard di Mosca", "MSK",
"Ora legale di Mosca", "MSD",
"Ora Mosca", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Ora di Qyzylorda", "QYZT",
"Ora estiva di Qyzylorda", "QYZST",
"Ora di Qyzylorda", "QYZT"}},
{"Asia/Rangoon", new String[] {"Ora della Birmania/Myanmar", "MMT",
"Ora estiva della Birmania/Myanmar", "MMST",
"Ora della Birmania/Myanmar", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"Ora di Sakhalin", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
"Ora estiva di Vladivostok", "VLAST",
"Ora di Vladivostok", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Ora di Ekaterinburg", "YEKT",
"Ora estiva di Ekaterinburg", "YEKST",
"Ora di Ekaterinburg", "YEKT"}},
......
src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
String MHT[] = new String[] {"\u30de\u30fc\u30b7\u30e3\u30eb\u5cf6\u6642\u9593", "MHT",
"\u30de\u30fc\u30b7\u30e3\u30eb\u5cf6\u590f\u6642\u9593", "MHST",
"\u30DE\u30FC\u30B7\u30E3\u30EB\u8AF8\u5CF6\u6642\u9593", "MHT"};
String MMT[] = new String[] {"\u30df\u30e3\u30f3\u30de\u30fc\u6642\u9593", "MMT",
"\u30df\u30e3\u30f3\u30de\u30fc\u590f\u6642\u9593", "MMST",
"\u30DF\u30E3\u30F3\u30DE\u30FC\u6642\u9593", "MMT"};
String MSK[] = new String[] {"\u30e2\u30b9\u30af\u30ef\u6a19\u6e96\u6642", "MSK",
"\u30e2\u30b9\u30af\u30ef\u590f\u6642\u9593", "MSD",
"\u30E2\u30B9\u30AF\u30EF\u6642\u9593", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"\u30ad\u30b8\u30eb\u30aa\u30eb\u30c0\u6642\u9593", "QYZT",
"\u30ad\u30b8\u30eb\u30aa\u30eb\u30c0\u590f\u6642\u9593", "QYZST",
"\u30AF\u30BA\u30ED\u30EB\u30C0\u6642\u9593", "QYZT"}},
{"Asia/Rangoon", new String[] {"\u30df\u30e3\u30f3\u30de\u30fc\u6642\u9593", "MMT",
"\u30df\u30e3\u30f3\u30de\u30fc\u590f\u6642\u9593", "MMST",
"\u30DF\u30E3\u30F3\u30DE\u30FC\u6642\u9593", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"\u6a3a\u592a\u6642\u9593", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
"\u30a6\u30e9\u30b8\u30aa\u30b9\u30c8\u30af\u590f\u6642\u9593", "VLAST",
"\u30A6\u30E9\u30B8\u30AA\u30B9\u30C8\u30AF\u6642\u9593", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"\u30a8\u30ab\u30c6\u30ea\u30f3\u30d6\u30eb\u30b0\u6642\u9593", "YEKT",
"\u30a8\u30ab\u30c6\u30ea\u30f3\u30d6\u30eb\u30b0\u590f\u6642\u9593", "YEKST",
"\u30A8\u30AB\u30C6\u30EA\u30F3\u30D6\u30EB\u30AF\u6642\u9593", "YEKT"}},
......
src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
String MHT[] = new String[] {"\ub9c8\uc15c\uc81c\ub3c4 \uc2dc\uac04", "MHT",
"\ub9c8\uc15c\uc81c\ub3c4 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "MHST",
"\uB9C8\uC15C \uC81C\uB3C4 \uD45C\uC900\uC2DC", "MHT"};
String MMT[] = new String[] {"\ubbf8\uc580\ub9c8 \uc2dc\uac04", "MMT",
"\ubbf8\uc580\ub9c8 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "MMST",
"\uBBF8\uC580\uB9C8 \uD45C\uC900\uC2DC", "MMT"};
String MSK[] = new String[] {"\ubaa8\uc2a4\ud06c\ubc14 \ud45c\uc900\uc2dc", "MSK",
"\ubaa8\uc2a4\ud06c\ubc14 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "MSD",
"\uBAA8\uC2A4\uD06C\uBC14 \uD45C\uC900\uC2DC", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Qyzylorda \ud45c\uc900\uc2dc", "QYZT",
"Qyzylorda \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "QYZST",
"\uD0A4\uC9C8\uB85C\uB974\uB2E4 \uD45C\uC900\uC2DC", "QYZT"}},
{"Asia/Rangoon", new String[] {"\ubbf8\uc580\ub9c8 \uc2dc\uac04", "MMT",
"\ubbf8\uc580\ub9c8 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "MMST",
"\uBBF8\uC580\uB9C8 \uD45C\uC900\uC2DC", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"\uc0ac\ud560\ub9b0 \uc2dc\uac04", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
"\ube14\ub77c\ub514\ubcf4\uc2a4\ud1a1 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "VLAST",
"\uBE14\uB77C\uB514\uBCF4\uC2A4\uD1A1 \uD45C\uC900\uC2DC", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"\uc608\uce74\ud14c\ub9b0\ubc84\uadf8 \uc2dc\uac04", "YEKT",
"\uc608\uce74\ud14c\ub9b0\ubc84\uadf8 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "YEKST",
"\uC608\uCE74\uD14C\uB9B0\uBD80\uB974\uD06C \uD45C\uC900\uC2DC", "YEKT"}},
......
src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
String MSK[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Moscou", "MSK",
"Hor\u00e1rio de luz natural de Moscou", "MSD",
"Hor\u00E1rio de Moscou", "MT"};
String MMT[] = new String[] {"Fuso hor\u00e1rio de Mianmar", "MMT",
"Fuso hor\u00e1rio de ver\u00e3o de Mianmar", "MMST",
"Hor\u00E1rio de Mianmar", "MMT"};
String MST[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o das montanhas", "MST",
"Hor\u00e1rio de luz natural das montanhas", "MDT",
"Hor\u00E1rio das Montanhas Rochosas", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Fuso hor\u00e1rio de Kizil-Orda", "QYZT",
"Fuso hor\u00e1rio de ver\u00e3o de Kizil-Orda", "QYZST",
"Hor\u00E1rio de Qyzylorda", "QYZT"}},
{"Asia/Rangoon", new String[] {"Fuso hor\u00e1rio de Mianmar", "MMT",
"Fuso hor\u00e1rio de ver\u00e3o de Mianmar", "MMST",
"Hor\u00E1rio de Mianmar", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"Fuso hor\u00e1rio de Sakhalina", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
"Fuso hor\u00e1rio de ver\u00e3o de Vladivostok", "VLAST",
"Hor\u00E1rio de Vladivostok", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Fuso hor\u00e1rio de Yekaterinburgo", "YEKT",
"Fuso hor\u00e1rio de ver\u00e3o de Yekaterinburgo", "YEKST",
"Hor\u00E1rio de Yekaterinburg", "YEKT"}},
......
src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
String MHT[] = new String[] {"Marshall\u00f6arna, normaltid", "MHT",
"Marshall\u00f6arna, sommartid", "MHST",
"Marshall\u00F6arna-tid", "MHT"};
String MMT[] = new String[] {"Myanmar, normaltid", "MMT",
"Myanmar, sommartid", "MMST",
"Myanmar-tid", "MMT"};
String MSK[] = new String[] {"Moskva, normaltid", "MSK",
"Moskva, sommartid", "MSD",
"Moskvas tid", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Qyzylorda, normaltid", "QYZT",
"Qyzylorda, sommartid", "QYZST",
"Qyzylorda-tid", "QYZT"}},
{"Asia/Rangoon", new String[] {"Myanmar, normaltid", "MMT",
"Myanmar, sommartid", "MMST",
"Myanmar-tid", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"Sakhalin, normaltid", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
"Vladivostok, sommartid", "VLAST",
"Vladivostok-tid", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Jekaterinburg, normaltid", "YEKT",
"Jekaterinburg, sommartid", "YEKST",
"Jekaterinburg-tid", "YEKT"}},
......
src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
String MHT[] = new String[] {"\u9a6c\u7ecd\u5c14\u7fa4\u5c9b\u65f6\u95f4", "MHT",
"\u9a6c\u7ecd\u5c14\u7fa4\u5c9b\u590f\u4ee4\u65f6", "MHST",
"\u9A6C\u7ECD\u5C14\u7FA4\u5C9B\u65F6\u95F4", "MHT"};
String MMT[] = new String[] {"\u7f05\u7538\u65f6\u95f4", "MMT",
"\u7f05\u7538\u590f\u4ee4\u65f6", "MMST",
"\u7F05\u7538\u65F6\u95F4", "MMT"};
String MSK[] = new String[] {"\u83ab\u65af\u79d1\u6807\u51c6\u65f6\u95f4", "MSK",
"\u83ab\u65af\u79d1\u590f\u4ee4\u65f6", "MSD",
"\u83AB\u65AF\u79D1\u65F6\u95F4", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Qyzylorda \u65f6\u95f4", "QYZT",
"Qyzylorda \u590f\u4ee4\u65f6", "QYZST",
"Qyzylorda \u65F6\u95F4", "QYZT"}},
{"Asia/Rangoon", new String[] {"\u7f05\u7538\u65f6\u95f4", "MMT",
"\u7f05\u7538\u590f\u4ee4\u65f6", "MMST",
"\u7F05\u7538\u65F6\u95F4", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"\u5e93\u9875\u5c9b\u65f6\u95f4", "SAKT",
......@@ -719,6 +720,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
"\u6d77\u53c2\u5d34\u590f\u4ee4\u65f6", "VLAST",
"\u6D77\u53C2\u5D34\u65F6\u95F4", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Yekaterinburg \u65f6\u95f4", "YEKT",
"Yekaterinburg \u590f\u4ee4\u65f6", "YEKST",
"Yekaterinburg \u65F6\u95F4", "YEKT"}},
......
src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java
浏览文件 @ 83f4f6a9
......@@ -189,6 +189,9 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
String MHT[] = new String[] {"\u99ac\u7d39\u723e\u7fa4\u5cf6\u6642\u9593", "MHT",
"\u99ac\u7d39\u723e\u7fa4\u5cf6\u590f\u4ee4\u6642\u9593", "MHST",
"\u99AC\u7D39\u723E\u7FA4\u5CF6\u6642\u9593", "MHT"};
String MMT[] = new String[] {"\u7dec\u7538\u6642\u9593", "MMT",
"\u7dec\u7538\u590f\u4ee4\u6642\u9593", "MMST",
"\u7DEC\u7538\u6642\u9593", "MMT"};
String MSK[] = new String[] {"\u83ab\u65af\u79d1\u6a19\u6e96\u6642\u9593", "MSK",
"\u83ab\u65af\u79d1\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "MSD",
"\u83AB\u65AF\u79D1\u6642\u9593", "MT"};
......@@ -684,9 +687,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
{"Asia/Qyzylorda", new String[] {"Qyzylorda \u6642\u9593", "QYZT",
"Qyzylorda \u590f\u4ee4\u6642\u9593", "QYZST",
"\u514B\u5B5C\u6D1B\u723E\u9054\u6642\u9593", "QYZT"}},
{"Asia/Rangoon", new String[] {"\u7dec\u7538\u6642\u9593", "MMT",
"\u7dec\u7538\u590f\u4ee4\u6642\u9593", "MMST",
"\u7DEC\u7538\u6642\u9593", "MMT"}},
{"Asia/Rangoon", MMT},
{"Asia/Riyadh", ARAST},
{"Asia/Saigon", ICT},
{"Asia/Sakhalin", new String[] {"\u5eab\u9801\u5cf6\u6642\u9593", "SAKT",
......@@ -721,6 +722,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
"\u6d77\u53c3\u5d34\u590f\u4ee4\u6642\u9593", "VLAST",
"\u6D77\u53C3\u5D34\u6642\u9593", "VLAT"}},
{"Asia/Yakutsk", YAKT},
{"Asia/Yangon", MMT},
{"Asia/Yekaterinburg", new String[] {"Yekaterinburg \u6642\u9593", "YEKT",
"Yekaterinburg \u590f\u4ee4\u6642\u9593", "YEKST",
"\u8449\u5361\u6377\u7433\u5821\u6642\u9593", "YEKT"}},
......
src/share/lib/security/java.security-aix
浏览文件 @ 83f4f6a9
......@@ -422,7 +422,9 @@ krb5.kdc.bad.policy = tryLast
# describes the mechanism for disabling algorithms based on algorithm name
# and/or key length. This includes algorithms used in certificates, as well
# as revocation information such as CRLs and signed OCSP Responses.
# The syntax of the disabled algorithm string is described as follows:
#
# The syntax of the disabled algorithm string is described as this Java
# BNF-style:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
......@@ -433,22 +435,25 @@ krb5.kdc.bad.policy = tryLast
# (see below)
#
# Constraint:
# KeySizeConstraint | CAConstraint | DenyAfterConstraint
# KeySizeConstraint, CertConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
# keySize Operator DecimalInteger
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
# DecimalInteger:
# DecimalDigits
#
# CAConstraint:
# jdkCA
# DecimalDigits:
# DecimalDigit {DecimalDigit}
#
# DecimalDigit: one of
# 1 2 3 4 5 6 7 8 9 0
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# CertConstraint
# jdkCA
#
# The "AlgorithmName" is the standard algorithm name of the disabled
# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
......@@ -462,42 +467,27 @@ krb5.kdc.bad.policy = tryLast
# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion
# will not disable algorithms related to "ECDSA".
#
# A "Constraint" defines restrictions on the keys and/or certificates for
# a specified AlgorithmName:
#
# KeySizeConstraint:
# keySize Operator KeyLength
# The constraint requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "KeyLength" indicates
# the key size specified in number of bits. For example,
# "RSA keySize <= 1024" indicates that any RSA key with key size less
# than or equal to 1024 bits should be disabled, and
# "RSA keySize < 1024, RSA keySize > 2048" indicates that any RSA key
# with key size less than 1024 or greater than 2048 should be disabled.
# This constraint is only used on algorithms that have a key size.
#
# CAConstraint:
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
# Example:  To apply this constraint to SHA-1 certificates, include
# the following:  "SHA1 jdkCA"
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# This constraint prohibits a certificate with the specified algorithm
# from being used after the date regardless of the certificate's
# validity.  JAR files that are signed and timestamped before the
# constraint date with certificates containing the disabled algorithm
# will not be restricted.  The date is processed in the UTC timezone.
# This constraint can only be used once in a DisabledAlgorithm
# expression.
# Example: To deny usage of RSA 2048 bit certificates after Feb 3 2020,
# use the following: "RSA keySize == 2048 & denyAfter 2020-02-03"
# A "Constraint" provides further guidance for the algorithm being specified.
# The "KeySizeConstraint" requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the
# key size specified in number of bits. For example, "RSA keySize <= 1024"
# indicates that any RSA key with key size less than or equal to 1024 bits
# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
# that any RSA key with key size less than 1024 or greater than 2048 should
# be disabled. Note that the "KeySizeConstraint" only makes sense to key
# algorithms.
#
# "CertConstraint" specifies additional constraints for
# certificates that contain algorithms that are restricted:
#
# "jdkCA" prohibits the specified algorithm only if the algorithm is used
# in a certificate chain that terminates at a marked trust anchor in the
# lib/security/cacerts keystore. All other chains are not affected.
# If the jdkCA constraint is not set, then all chains using the
# specified algorithm are restricted. jdkCA may only be used once in
# a DisabledAlgorithm expression.
# Example: To apply this constraint to SHA-1 certificates, include
# the following "SHA1 jdkCA"
#
# When an algorithm must satisfy more than one constraint, it must be
# delimited by an ampersand '&'. For example, to restrict certificates in a
......@@ -520,6 +510,43 @@ krb5.kdc.bad.policy = tryLast
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
#
......@@ -674,7 +701,7 @@ jdk.tls.legacyAlgorithms= \
# Constraint {"," Constraint }
# Constraint:
# AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
# ReferenceUriSchemeConstraint | OtherConstraint
# ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
# AlgConstraint
# "disallowAlg" Uri
# MaxTransformsConstraint:
......@@ -683,12 +710,16 @@ jdk.tls.legacyAlgorithms= \
# "maxReferences" Integer
# ReferenceUriSchemeConstraint:
# "disallowReferenceUriSchemes" String { String }
# KeySizeConstraint:
# "minKeySize" KeyAlg Integer
# OtherConstraint:
# "noDuplicateIds" | "noRetrievalMethodLoops"
#
# For AlgConstraint, Uri is the algorithm URI String that is not allowed.
# See the XML Signature Recommendation for more information on algorithm
# URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is
# URI Identifiers. For KeySizeConstraint, KeyAlg is the standard algorithm
# name of the key type (ex: "RSA"). If the MaxTransformsConstraint,
# MaxReferencesConstraint or KeySizeConstraint (for the same key type) is
# specified more than once, only the last entry is enforced.
#
# Note: This property is currently used by the JDK Reference implementation. It
......@@ -702,46 +733,11 @@ jdk.xml.dsig.secureValidationPolicy=\
maxTransforms 5,\
maxReferences 30,\
disallowReferenceUriSchemes file http https,\
minKeySize RSA 1024,\
minKeySize DSA 1024,\
noDuplicateIds,\
noRetrievalMethodLoops
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Serialization process-wide filter
#
......
src/share/lib/security/java.security-linux
浏览文件 @ 83f4f6a9
......@@ -422,7 +422,9 @@ krb5.kdc.bad.policy = tryLast
# describes the mechanism for disabling algorithms based on algorithm name
# and/or key length. This includes algorithms used in certificates, as well
# as revocation information such as CRLs and signed OCSP Responses.
# The syntax of the disabled algorithm string is described as follows:
#
# The syntax of the disabled algorithm string is described as this Java
# BNF-style:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
......@@ -433,22 +435,25 @@ krb5.kdc.bad.policy = tryLast
# (see below)
#
# Constraint:
# KeySizeConstraint | CAConstraint | DenyAfterConstraint
# KeySizeConstraint, CertConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
# keySize Operator DecimalInteger
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
# DecimalInteger:
# DecimalDigits
#
# CAConstraint:
# jdkCA
# DecimalDigits:
# DecimalDigit {DecimalDigit}
#
# DecimalDigit: one of
# 1 2 3 4 5 6 7 8 9 0
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# CertConstraint
# jdkCA
#
# The "AlgorithmName" is the standard algorithm name of the disabled
# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
......@@ -462,42 +467,27 @@ krb5.kdc.bad.policy = tryLast
# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion
# will not disable algorithms related to "ECDSA".
#
# A "Constraint" defines restrictions on the keys and/or certificates for
# a specified AlgorithmName:
#
# KeySizeConstraint:
# keySize Operator KeyLength
# The constraint requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "KeyLength" indicates
# the key size specified in number of bits. For example,
# "RSA keySize <= 1024" indicates that any RSA key with key size less
# than or equal to 1024 bits should be disabled, and
# "RSA keySize < 1024, RSA keySize > 2048" indicates that any RSA key
# with key size less than 1024 or greater than 2048 should be disabled.
# This constraint is only used on algorithms that have a key size.
#
# CAConstraint:
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
# Example:  To apply this constraint to SHA-1 certificates, include
# the following:  "SHA1 jdkCA"
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# This constraint prohibits a certificate with the specified algorithm
# from being used after the date regardless of the certificate's
# validity.  JAR files that are signed and timestamped before the
# constraint date with certificates containing the disabled algorithm
# will not be restricted.  The date is processed in the UTC timezone.
# This constraint can only be used once in a DisabledAlgorithm
# expression.
# Example: To deny usage of RSA 2048 bit certificates after Feb 3 2020,
# use the following: "RSA keySize == 2048 & denyAfter 2020-02-03"
# A "Constraint" provides further guidance for the algorithm being specified.
# The "KeySizeConstraint" requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the
# key size specified in number of bits. For example, "RSA keySize <= 1024"
# indicates that any RSA key with key size less than or equal to 1024 bits
# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
# that any RSA key with key size less than 1024 or greater than 2048 should
# be disabled. Note that the "KeySizeConstraint" only makes sense to key
# algorithms.
#
# "CertConstraint" specifies additional constraints for
# certificates that contain algorithms that are restricted:
#
# "jdkCA" prohibits the specified algorithm only if the algorithm is used
# in a certificate chain that terminates at a marked trust anchor in the
# lib/security/cacerts keystore. All other chains are not affected.
# If the jdkCA constraint is not set, then all chains using the
# specified algorithm are restricted. jdkCA may only be used once in
# a DisabledAlgorithm expression.
# Example: To apply this constraint to SHA-1 certificates, include
# the following: "SHA1 jdkCA"
#
# When an algorithm must satisfy more than one constraint, it must be
# delimited by an ampersand '&'. For example, to restrict certificates in a
......@@ -520,6 +510,43 @@ krb5.kdc.bad.policy = tryLast
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
#
......@@ -674,7 +701,7 @@ jdk.tls.legacyAlgorithms= \
# Constraint {"," Constraint }
# Constraint:
# AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
# ReferenceUriSchemeConstraint | OtherConstraint
# ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
# AlgConstraint
# "disallowAlg" Uri
# MaxTransformsConstraint:
......@@ -683,12 +710,16 @@ jdk.tls.legacyAlgorithms= \
# "maxReferences" Integer
# ReferenceUriSchemeConstraint:
# "disallowReferenceUriSchemes" String { String }
# KeySizeConstraint:
# "minKeySize" KeyAlg Integer
# OtherConstraint:
# "noDuplicateIds" | "noRetrievalMethodLoops"
#
# For AlgConstraint, Uri is the algorithm URI String that is not allowed.
# See the XML Signature Recommendation for more information on algorithm
# URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is
# URI Identifiers. For KeySizeConstraint, KeyAlg is the standard algorithm
# name of the key type (ex: "RSA"). If the MaxTransformsConstraint,
# MaxReferencesConstraint or KeySizeConstraint (for the same key type) is
# specified more than once, only the last entry is enforced.
#
# Note: This property is currently used by the JDK Reference implementation. It
......@@ -702,46 +733,11 @@ jdk.xml.dsig.secureValidationPolicy=\
maxTransforms 5,\
maxReferences 30,\
disallowReferenceUriSchemes file http https,\
minKeySize RSA 1024,\
minKeySize DSA 1024,\
noDuplicateIds,\
noRetrievalMethodLoops
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Serialization process-wide filter
#
......
src/share/lib/security/java.security-macosx
浏览文件 @ 83f4f6a9
......@@ -425,7 +425,9 @@ krb5.kdc.bad.policy = tryLast
# describes the mechanism for disabling algorithms based on algorithm name
# and/or key length. This includes algorithms used in certificates, as well
# as revocation information such as CRLs and signed OCSP Responses.
# The syntax of the disabled algorithm string is described as follows:
#
# The syntax of the disabled algorithm string is described as this Java
# BNF-style:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
......@@ -436,22 +438,25 @@ krb5.kdc.bad.policy = tryLast
# (see below)
#
# Constraint:
# KeySizeConstraint | CAConstraint | DenyAfterConstraint
# KeySizeConstraint, CertConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
# keySize Operator DecimalInteger
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
# DecimalInteger:
# DecimalDigits
#
# CAConstraint:
# jdkCA
# DecimalDigits:
# DecimalDigit {DecimalDigit}
#
# DecimalDigit: one of
# 1 2 3 4 5 6 7 8 9 0
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# CertConstraint
# jdkCA
#
# The "AlgorithmName" is the standard algorithm name of the disabled
# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
......@@ -465,42 +470,27 @@ krb5.kdc.bad.policy = tryLast
# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion
# will not disable algorithms related to "ECDSA".
#
# A "Constraint" defines restrictions on the keys and/or certificates for
# a specified AlgorithmName:
#
# KeySizeConstraint:
# keySize Operator KeyLength
# The constraint requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "KeyLength" indicates
# the key size specified in number of bits. For example,
# "RSA keySize <= 1024" indicates that any RSA key with key size less
# than or equal to 1024 bits should be disabled, and
# "RSA keySize < 1024, RSA keySize > 2048" indicates that any RSA key
# with key size less than 1024 or greater than 2048 should be disabled.
# This constraint is only used on algorithms that have a key size.
#
# CAConstraint:
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
# Example:  To apply this constraint to SHA-1 certificates, include
# the following:  "SHA1 jdkCA"
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# This constraint prohibits a certificate with the specified algorithm
# from being used after the date regardless of the certificate's
# validity.  JAR files that are signed and timestamped before the
# constraint date with certificates containing the disabled algorithm
# will not be restricted.  The date is processed in the UTC timezone.
# This constraint can only be used once in a DisabledAlgorithm
# expression.
# Example: To deny usage of RSA 2048 bit certificates after Feb 3 2020,
# use the following: "RSA keySize == 2048 & denyAfter 2020-02-03"
# A "Constraint" provides further guidance for the algorithm being specified.
# The "KeySizeConstraint" requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the
# key size specified in number of bits. For example, "RSA keySize <= 1024"
# indicates that any RSA key with key size less than or equal to 1024 bits
# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
# that any RSA key with key size less than 1024 or greater than 2048 should
# be disabled. Note that the "KeySizeConstraint" only makes sense to key
# algorithms.
#
# "CertConstraint" specifies additional constraints for
# certificates that contain algorithms that are restricted:
#
# "jdkCA" prohibits the specified algorithm only if the algorithm is used
# in a certificate chain that terminates at a marked trust anchor in the
# lib/security/cacerts keystore. All other chains are not affected.
# If the jdkCA constraint is not set, then all chains using the
# specified algorithm are restricted. jdkCA may only be used once in
# a DisabledAlgorithm expression.
# Example: To apply this constraint to SHA-1 certificates, include
# the following: "SHA1 jdkCA"
#
# When an algorithm must satisfy more than one constraint, it must be
# delimited by an ampersand '&'. For example, to restrict certificates in a
......@@ -523,6 +513,43 @@ krb5.kdc.bad.policy = tryLast
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
#
......@@ -677,7 +704,7 @@ jdk.tls.legacyAlgorithms= \
# Constraint {"," Constraint }
# Constraint:
# AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
# ReferenceUriSchemeConstraint | OtherConstraint
# ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
# AlgConstraint
# "disallowAlg" Uri
# MaxTransformsConstraint:
......@@ -686,12 +713,16 @@ jdk.tls.legacyAlgorithms= \
# "maxReferences" Integer
# ReferenceUriSchemeConstraint:
# "disallowReferenceUriSchemes" String { String }
# KeySizeConstraint:
# "minKeySize" KeyAlg Integer
# OtherConstraint:
# "noDuplicateIds" | "noRetrievalMethodLoops"
#
# For AlgConstraint, Uri is the algorithm URI String that is not allowed.
# See the XML Signature Recommendation for more information on algorithm
# URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is
# URI Identifiers. For KeySizeConstraint, KeyAlg is the standard algorithm
# name of the key type (ex: "RSA"). If the MaxTransformsConstraint,
# MaxReferencesConstraint or KeySizeConstraint (for the same key type) is
# specified more than once, only the last entry is enforced.
#
# Note: This property is currently used by the JDK Reference implementation. It
......@@ -705,46 +736,11 @@ jdk.xml.dsig.secureValidationPolicy=\
maxTransforms 5,\
maxReferences 30,\
disallowReferenceUriSchemes file http https,\
minKeySize RSA 1024,\
minKeySize DSA 1024,\
noDuplicateIds,\
noRetrievalMethodLoops
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Serialization process-wide filter
#
......
src/share/lib/security/java.security-solaris
浏览文件 @ 83f4f6a9
......@@ -424,7 +424,9 @@ krb5.kdc.bad.policy = tryLast
# describes the mechanism for disabling algorithms based on algorithm name
# and/or key length. This includes algorithms used in certificates, as well
# as revocation information such as CRLs and signed OCSP Responses.
# The syntax of the disabled algorithm string is described as follows:
#
# The syntax of the disabled algorithm string is described as this Java
# BNF-style:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
......@@ -435,22 +437,25 @@ krb5.kdc.bad.policy = tryLast
# (see below)
#
# Constraint:
# KeySizeConstraint | CAConstraint | DenyAfterConstraint
# KeySizeConstraint, CertConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
# keySize Operator DecimalInteger
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
# DecimalInteger:
# DecimalDigits
#
# CAConstraint:
# jdkCA
# DecimalDigits:
# DecimalDigit {DecimalDigit}
#
# DecimalDigit: one of
# 1 2 3 4 5 6 7 8 9 0
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# CertConstraint
# jdkCA
#
# The "AlgorithmName" is the standard algorithm name of the disabled
# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
......@@ -464,42 +469,27 @@ krb5.kdc.bad.policy = tryLast
# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion
# will not disable algorithms related to "ECDSA".
#
# A "Constraint" defines restrictions on the keys and/or certificates for
# a specified AlgorithmName:
#
# KeySizeConstraint:
# keySize Operator KeyLength
# The constraint requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "KeyLength" indicates
# the key size specified in number of bits. For example,
# "RSA keySize <= 1024" indicates that any RSA key with key size less
# than or equal to 1024 bits should be disabled, and
# "RSA keySize < 1024, RSA keySize > 2048" indicates that any RSA key
# with key size less than 1024 or greater than 2048 should be disabled.
# This constraint is only used on algorithms that have a key size.
#
# CAConstraint:
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
# Example:  To apply this constraint to SHA-1 certificates, include
# the following:  "SHA1 jdkCA"
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# This constraint prohibits a certificate with the specified algorithm
# from being used after the date regardless of the certificate's
# validity.  JAR files that are signed and timestamped before the
# constraint date with certificates containing the disabled algorithm
# will not be restricted.  The date is processed in the UTC timezone.
# This constraint can only be used once in a DisabledAlgorithm
# expression.
# Example: To deny usage of RSA 2048 bit certificates after Feb 3 2020,
# use the following: "RSA keySize == 2048 & denyAfter 2020-02-03"
# A "Constraint" provides further guidance for the algorithm being specified.
# The "KeySizeConstraint" requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the
# key size specified in number of bits. For example, "RSA keySize <= 1024"
# indicates that any RSA key with key size less than or equal to 1024 bits
# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
# that any RSA key with key size less than 1024 or greater than 2048 should
# be disabled. Note that the "KeySizeConstraint" only makes sense to key
# algorithms.
#
# "CertConstraint" specifies additional constraints for
# certificates that contain algorithms that are restricted:
#
# "jdkCA" prohibits the specified algorithm only if the algorithm is used
# in a certificate chain that terminates at a marked trust anchor in the
# lib/security/cacerts keystore. All other chains are not affected.
# If the jdkCA constraint is not set, then all chains using the
# specified algorithm are restricted. jdkCA may only be used once in
# a DisabledAlgorithm expression.
# Example: To apply this constraint to SHA-1 certificates, include
# the following: "SHA1 jdkCA"
#
# When an algorithm must satisfy more than one constraint, it must be
# delimited by an ampersand '&'. For example, to restrict certificates in a
......@@ -522,6 +512,43 @@ krb5.kdc.bad.policy = tryLast
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
#
......@@ -676,7 +703,7 @@ jdk.tls.legacyAlgorithms= \
# Constraint {"," Constraint }
# Constraint:
# AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
# ReferenceUriSchemeConstraint | OtherConstraint
# ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
# AlgConstraint
# "disallowAlg" Uri
# MaxTransformsConstraint:
......@@ -685,12 +712,16 @@ jdk.tls.legacyAlgorithms= \
# "maxReferences" Integer
# ReferenceUriSchemeConstraint:
# "disallowReferenceUriSchemes" String { String }
# KeySizeConstraint:
# "minKeySize" KeyAlg Integer
# OtherConstraint:
# "noDuplicateIds" | "noRetrievalMethodLoops"
#
# For AlgConstraint, Uri is the algorithm URI String that is not allowed.
# See the XML Signature Recommendation for more information on algorithm
# URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is
# URI Identifiers. For KeySizeConstraint, KeyAlg is the standard algorithm
# name of the key type (ex: "RSA"). If the MaxTransformsConstraint,
# MaxReferencesConstraint or KeySizeConstraint (for the same key type) is
# specified more than once, only the last entry is enforced.
#
# Note: This property is currently used by the JDK Reference implementation. It
......@@ -704,46 +735,11 @@ jdk.xml.dsig.secureValidationPolicy=\
maxTransforms 5,\
maxReferences 30,\
disallowReferenceUriSchemes file http https,\
minKeySize RSA 1024,\
minKeySize DSA 1024,\
noDuplicateIds,\
noRetrievalMethodLoops
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Serialization process-wide filter
#
......
src/share/lib/security/java.security-windows
浏览文件 @ 83f4f6a9
......@@ -425,7 +425,9 @@ krb5.kdc.bad.policy = tryLast
# describes the mechanism for disabling algorithms based on algorithm name
# and/or key length. This includes algorithms used in certificates, as well
# as revocation information such as CRLs and signed OCSP Responses.
# The syntax of the disabled algorithm string is described as follows:
#
# The syntax of the disabled algorithm string is described as this Java
# BNF-style:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
......@@ -436,22 +438,25 @@ krb5.kdc.bad.policy = tryLast
# (see below)
#
# Constraint:
# KeySizeConstraint | CAConstraint | DenyAfterConstraint
# KeySizeConstraint, CertConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
# keySize Operator DecimalInteger
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
# DecimalInteger:
# DecimalDigits
#
# CAConstraint:
# jdkCA
# DecimalDigits:
# DecimalDigit {DecimalDigit}
#
# DecimalDigit: one of
# 1 2 3 4 5 6 7 8 9 0
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# CertConstraint
# jdkCA
#
# The "AlgorithmName" is the standard algorithm name of the disabled
# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
......@@ -465,42 +470,27 @@ krb5.kdc.bad.policy = tryLast
# that rely on DSA, such as NONEwithDSA, SHA1withDSA. However, the assertion
# will not disable algorithms related to "ECDSA".
#
# A "Constraint" defines restrictions on the keys and/or certificates for
# a specified AlgorithmName:
#
# KeySizeConstraint:
# keySize Operator KeyLength
# The constraint requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "KeyLength" indicates
# the key size specified in number of bits. For example,
# "RSA keySize <= 1024" indicates that any RSA key with key size less
# than or equal to 1024 bits should be disabled, and
# "RSA keySize < 1024, RSA keySize > 2048" indicates that any RSA key
# with key size less than 1024 or greater than 2048 should be disabled.
# This constraint is only used on algorithms that have a key size.
#
# CAConstraint:
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
# Example:  To apply this constraint to SHA-1 certificates, include
# the following:  "SHA1 jdkCA"
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# This constraint prohibits a certificate with the specified algorithm
# from being used after the date regardless of the certificate's
# validity.  JAR files that are signed and timestamped before the
# constraint date with certificates containing the disabled algorithm
# will not be restricted.  The date is processed in the UTC timezone.
# This constraint can only be used once in a DisabledAlgorithm
# expression.
# Example: To deny usage of RSA 2048 bit certificates after Feb 3 2020,
# use the following: "RSA keySize == 2048 & denyAfter 2020-02-03"
# A "Constraint" provides further guidance for the algorithm being specified.
# The "KeySizeConstraint" requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the
# key size specified in number of bits. For example, "RSA keySize <= 1024"
# indicates that any RSA key with key size less than or equal to 1024 bits
# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
# that any RSA key with key size less than 1024 or greater than 2048 should
# be disabled. Note that the "KeySizeConstraint" only makes sense to key
# algorithms.
#
# "CertConstraint" specifies additional constraints for
# certificates that contain algorithms that are restricted:
#
# "jdkCA" prohibits the specified algorithm only if the algorithm is used
# in a certificate chain that terminates at a marked trust anchor in the
# lib/security/cacerts keystore. All other chains are not affected.
# If the jdkCA constraint is not set, then all chains using the
# specified algorithm are restricted. jdkCA may only be used once in
# a DisabledAlgorithm expression.
# Example: To apply this constraint to SHA-1 certificates, include
# the following: "SHA1 jdkCA"
#
# When an algorithm must satisfy more than one constraint, it must be
# delimited by an ampersand '&'. For example, to restrict certificates in a
......@@ -523,6 +513,43 @@ krb5.kdc.bad.policy = tryLast
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
#
......@@ -677,7 +704,7 @@ jdk.tls.legacyAlgorithms= \
# Constraint {"," Constraint }
# Constraint:
# AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
# ReferenceUriSchemeConstraint | OtherConstraint
# ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
# AlgConstraint
# "disallowAlg" Uri
# MaxTransformsConstraint:
......@@ -686,12 +713,16 @@ jdk.tls.legacyAlgorithms= \
# "maxReferences" Integer
# ReferenceUriSchemeConstraint:
# "disallowReferenceUriSchemes" String { String }
# KeySizeConstraint:
# "minKeySize" KeyAlg Integer
# OtherConstraint:
# "noDuplicateIds" | "noRetrievalMethodLoops"
#
# For AlgConstraint, Uri is the algorithm URI String that is not allowed.
# See the XML Signature Recommendation for more information on algorithm
# URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is
# URI Identifiers. For KeySizeConstraint, KeyAlg is the standard algorithm
# name of the key type (ex: "RSA"). If the MaxTransformsConstraint,
# MaxReferencesConstraint or KeySizeConstraint (for the same key type) is
# specified more than once, only the last entry is enforced.
#
# Note: This property is currently used by the JDK Reference implementation. It
......@@ -705,46 +736,11 @@ jdk.xml.dsig.secureValidationPolicy=\
maxTransforms 5,\
maxReferences 30,\
disallowReferenceUriSchemes file http https,\
minKeySize RSA 1024,\
minKeySize DSA 1024,\
noDuplicateIds,\
noRetrievalMethodLoops
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable
# for signed JAR validation. For example, "MD2" is generally no longer
# considered to be a secure hash algorithm. This section describes the
# mechanism for disabling algorithms based on algorithm name and/or key length.
# JARs signed with any of the disabled algorithms or key sizes will be treated
# as unsigned.
#
# The syntax of the disabled algorithm string is described as follows:
# DisabledAlgorithms:
# " DisabledAlgorithm { , DisabledAlgorithm } "
#
# DisabledAlgorithm:
# AlgorithmName [Constraint]
#
# AlgorithmName:
# (see below)
#
# Constraint:
# KeySizeConstraint
#
# KeySizeConstraint:
# keySize Operator KeyLength
#
# Operator:
# <= | < | == | != | >= | >
#
# KeyLength:
# Integer value of the algorithm's key length in bits
#
# Note: This property is currently used by the JDK Reference
# implementation. It is not guaranteed to be examined and used by other
# implementations.
#
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
#
# Serialization process-wide filter
#
......
src/share/native/sun/security/ec/impl/ec.c
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
......@@ -34,7 +34,7 @@
* Dr Vipul Gupta <vipul.gupta@sun.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: April 2015
* Last Modified Date from the Original Code: November 2016
*********************************************************************** */
#include "mplogic.h"
......@@ -713,6 +713,16 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
goto cleanup;
}
/*
* Using an equivalent exponent of fixed length (same as n or 1 bit less
* than n) to keep the kG timing relatively constant.
*
* Note that this is an extra step on top of the approach defined in
* ANSI X9.62 so as to make a fixed length K.
*/
CHECK_MPI_OK( mp_add(&k, &n, &k) );
CHECK_MPI_OK( mp_div_2(&k, &k) );
/*
** ANSI X9.62, Section 5.3.2, Step 2
**
......
test/java/security/Signature/SignatureLength.java 0 → 100644
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
/*
* @test
* @bug 8161571
* @summary Reject signatures presented for verification that contain extra
* bytes.
* @run main SignatureLength
*/
public class SignatureLength {
public static void main(String[] args) throws Exception {
main0("EC", 256, "SHA256withECDSA", "SunEC");
main0("RSA", 2048, "SHA256withRSA", "SunRsaSign");
main0("DSA", 2048, "SHA256withDSA", "SUN");
if (System.getProperty("os.name").equals("SunOS")) {
main0("EC", 256, "SHA256withECDSA", null);
main0("RSA", 2048, "SHA256withRSA", null);
}
}
private static void main0(String keyAlgorithm, int keysize,
String signatureAlgorithm, String provider) throws Exception {
byte[] plaintext = "aaa".getBytes("UTF-8");
// Generate
KeyPairGenerator generator =
provider == null ?
(KeyPairGenerator) KeyPairGenerator.getInstance(keyAlgorithm) :
(KeyPairGenerator) KeyPairGenerator.getInstance(
keyAlgorithm, provider);
generator.initialize(keysize);
System.out.println("Generating " + keyAlgorithm + " keypair using " +
generator.getProvider().getName() + " JCE provider");
KeyPair keypair = generator.generateKeyPair();
// Sign
Signature signer =
provider == null ?
Signature.getInstance(signatureAlgorithm) :
Signature.getInstance(signatureAlgorithm, provider);
signer.initSign(keypair.getPrivate());
signer.update(plaintext);
System.out.println("Signing using " + signer.getProvider().getName() +
" JCE provider");
byte[] signature = signer.sign();
// Invalidate
System.out.println("Invalidating signature ...");
byte[] badSignature = new byte[signature.length + 5];
System.arraycopy(signature, 0, badSignature, 0, signature.length);
badSignature[signature.length] = 0x01;
badSignature[signature.length + 1] = 0x01;
badSignature[signature.length + 2] = 0x01;
badSignature[signature.length + 3] = 0x01;
badSignature[signature.length + 4] = 0x01;
// Verify
Signature verifier =
provider == null ?
Signature.getInstance(signatureAlgorithm) :
Signature.getInstance(signatureAlgorithm, provider);
verifier.initVerify(keypair.getPublic());
verifier.update(plaintext);
System.out.println("Verifying using " +
verifier.getProvider().getName() + " JCE provider");
try {
System.out.println("Valid? " + verifier.verify(badSignature));
throw new Exception(
"ERROR: expected a SignatureException but none was thrown");
} catch (SignatureException e) {
System.out.println("OK: caught expected exception: " + e);
}
System.out.println();
}
}
test/java/time/test/java/time/format/TestZoneTextPrinterParser.java
浏览文件 @ 83f4f6a9
......@@ -49,7 +49,7 @@ import org.testng.annotations.Test;
/*
* @test
* @bug 8081022 8151876
* @bug 8081022 8151876 8166875
* @key randomness
*/
......
test/java/time/test/java/time/format/ZoneName.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -378,6 +378,7 @@ class ZoneName {
"Europe/Helsinki", "Europe_Eastern", "Europe/Bucharest",
"America/Nome", "Alaska", "America/Juneau",
"Asia/Yakutsk", "Yakutsk", "Asia/Yakutsk",
"Asia/Yangon", "Myanmar", "Asia/Rangoon",
"Africa/Conakry", "GMT", "Atlantic/Reykjavik",
"Asia/Seoul", "Korea", "Asia/Seoul",
"America/Antigua", "Atlantic", "America/Halifax",
......@@ -747,6 +748,7 @@ class ZoneName {
"NZ", "Pacific/Auckland",
"Asia/Tel_Aviv", "Asia/Jerusalem",
"Hongkong", "Asia/Hong_Kong",
"Asia/Rangoon", "Asia/Yangon",
};
private static final Map<String, String> zidToMzone = new HashMap<>();
......
test/lib/testlibrary/jdk/testlibrary/JarUtils.java
浏览文件 @ 83f4f6a9
......@@ -25,6 +25,7 @@ package jdk.testlibrary;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Path;
......@@ -43,7 +44,8 @@ public final class JarUtils {
/**
* Create jar file with specified files from specified location.
* Create jar file with specified files. If a specified file does not exist,
* a new jar entry will be created with the file name itself as the content.
*/
public static void createJar(String dest, Path filesLocation,
String... fileNames) throws IOException {
......@@ -63,6 +65,8 @@ public final class JarUtils {
}
try (FileInputStream fis = new FileInputStream(file)) {
Utils.transferBetweenStreams(fis, jos);
} catch (FileNotFoundException e) {
jos.write(fileName.getBytes());
}
}
}
......@@ -78,7 +82,17 @@ public final class JarUtils {
}
/**
* Add specified files to existing jar file.
* Add or remove specified files to existing jar file. If a specified file
* to be updated or added does not exist, the jar entry will be created
* with the file name itself as the content.
*
* @param src the original jar file name
* @param dest the new jar file name
* @param files the files to update. The list is broken into 2 groups
* by a "-" string. The files before in the 1st group will
* be either updated or added. The files in the 2nd group
* will be removed. If no "-" exists, all files belong to
* the 1st group.
*/
public static void updateJar(String src, String dest, String... files)
throws IOException {
......@@ -94,8 +108,11 @@ public final class JarUtils {
JarEntry entry = entries.nextElement();
String name = entry.getName();
boolean found = false;
boolean update = true;
for (String file : files) {
if (name.equals(file)) {
if (file.equals("-")) {
update = false;
} else if (name.equals(file)) {
updatedFiles.add(file);
found = true;
break;
......@@ -103,11 +120,18 @@ public final class JarUtils {
}
if (found) {
if (update) {
System.out.println(String.format("Updating %s with %s",
dest, name));
jos.putNextEntry(new JarEntry(name));
try (FileInputStream fis = new FileInputStream(name)) {
Utils.transferBetweenStreams(fis, jos);
} catch (FileNotFoundException e) {
jos.write(name.getBytes());
}
} else {
System.out.println(String.format("Removing %s from %s",
name, dest));
}
} else {
System.out.println(String.format("Copying %s to %s",
......@@ -121,12 +145,17 @@ public final class JarUtils {
// append new files
for (String file : files) {
if (file.equals("-")) {
break;
}
if (!updatedFiles.contains(file)) {
System.out.println(String.format("Adding %s with %s",
dest, file));
jos.putNextEntry(new JarEntry(file));
try (FileInputStream fis = new FileInputStream(file)) {
Utils.transferBetweenStreams(fis, jos);
} catch (FileNotFoundException e) {
jos.write(file.getBytes());
}
}
}
......
test/sun/reflect/ReflectionFactory/ReflectionFactoryTest.java 0 → 100644
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.io.OptionalDataException;
import java.io.Serializable;
import java.lang.invoke.MethodHandle;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import sun.reflect.ReflectionFactory;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.testng.annotations.DataProvider;
import org.testng.TestNG;
/*
* @test
* @bug 8137058 8164908 8168980
* @run testng ReflectionFactoryTest
* @run testng/othervm/policy=security.policy ReflectionFactoryTest
* @summary Basic test for the unsupported ReflectionFactory
*/
public class ReflectionFactoryTest {
// Initialized by init()
static ReflectionFactory factory;
@DataProvider(name = "ClassConstructors")
static Object[][] classConstructors() {
return new Object[][] {
{Object.class},
{Foo.class},
{Bar.class},
};
}
@BeforeClass
static void init() {
factory = ReflectionFactory.getReflectionFactory();
}
/**
* Test that the correct Constructor is selected and run.
* @param type type of object to create
* @throws NoSuchMethodException - error
* @throws InstantiationException - error
* @throws IllegalAccessException - error
* @throws InvocationTargetException - error
*/
@Test(dataProvider="ClassConstructors")
static void testConstructor(Class<?> type)
throws NoSuchMethodException, InstantiationException,
IllegalAccessException, InvocationTargetException
{
@SuppressWarnings("unchecked")
Constructor<?> c = factory.newConstructorForSerialization(type);
Object o = c.newInstance();
Assert.assertEquals(o.getClass(), type, "Instance is wrong type");
if (o instanceof Foo) {
Foo foo = (Foo)o;
foo.check();
}
}
@DataProvider(name = "NonSerialConstructors")
static Object[][] constructors() throws NoSuchMethodException {
return new Object[][] {
{Foo.class, Object.class.getDeclaredConstructor()},
{Foo.class, Foo.class.getDeclaredConstructor()},
{Baz.class, Object.class.getDeclaredConstructor()},
{Baz.class, Foo.class.getDeclaredConstructor()},
{Baz.class, Baz.class.getDeclaredConstructor()}
};
}
/**
* Tests that the given Constructor, in the hierarchy, is run.
*/
@Test(dataProvider="NonSerialConstructors")
static void testNonSerializableConstructor(Class<?> cl,
Constructor<?> constructorToCall)
throws ReflectiveOperationException
{
@SuppressWarnings("unchecked")
Constructor<?> c = factory.newConstructorForSerialization(cl,
constructorToCall);
Object o = c.newInstance();
Assert.assertEquals(o.getClass(), cl, "Instance is wrong type");
int expectedFoo = 0;
int expectedBaz = 0;
if (constructorToCall.getName().equals("ReflectionFactoryTest$Foo")) {
expectedFoo = 1;
} else if (constructorToCall.getName().equals("ReflectionFactoryTest$Baz")) {
expectedFoo = 1;
expectedBaz = 4;
}
Assert.assertEquals(((Foo)o).foo(), expectedFoo);
if (o instanceof Baz) {
Assert.assertEquals(((Baz)o).baz(), expectedBaz);
}
}
static class Foo {
private int foo;
public Foo() {
this.foo = 1;
}
public String toString() {
return "foo: " + foo;
}
public void check() {
int expectedFoo = 1;
Assert.assertEquals(foo, expectedFoo, "foo() constructor not run");
}
public int foo() { return foo; }
}
static class Bar extends Foo implements Serializable {
private static final long serialVersionUID = 3L;
private int bar;
public Bar() {
this.bar = 1;
}
public String toString() {
return super.toString() + ", bar: " + bar;
}
public void check() {
super.check();
int expectedBar = 0;
Assert.assertEquals(bar, expectedBar, "bar() constructor not run");
}
}
static class Baz extends Foo {
private static final long serialVersionUID = 4L;
private final int baz;
public Baz() { this.baz = 4; }
public int baz() { return baz; }
}
/**
* Test newConstructorForExternalization returns the constructor and it can be called.
* @throws NoSuchMethodException - error
* @throws InstantiationException - error
* @throws IllegalAccessException - error
* @throws InvocationTargetException - error
*/
@Test
static void newConstructorForExternalization()
throws NoSuchMethodException, InstantiationException,
IllegalAccessException, InvocationTargetException {
Constructor<?> cons = factory.newConstructorForExternalization(Ext.class);
Ext ext = (Ext)cons.newInstance();
Assert.assertEquals(ext.ext, 1, "Constructor not run");
}
static class Ext implements Externalizable {
private static final long serialVersionUID = 1L;
int ext;
public Ext() {
ext = 1;
}
@Override
public void writeExternal(ObjectOutput out) throws IOException {}
@Override
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {}
}
@Test
static void testReadWriteObjectForSerialization() throws Throwable {
MethodHandle readObjectMethod = factory.readObjectForSerialization(Ser.class);
Assert.assertNotNull(readObjectMethod, "readObjectMethod not found");
MethodHandle readObjectNoDataMethod = factory.readObjectNoDataForSerialization(Ser.class);
Assert.assertNotNull(readObjectNoDataMethod, "readObjectNoDataMethod not found");
MethodHandle writeObjectMethod = factory.writeObjectForSerialization(Ser.class);
Assert.assertNotNull(writeObjectMethod, "writeObjectMethod not found");
MethodHandle readResolveMethod = factory.readResolveForSerialization(Ser.class);
Assert.assertNotNull(readResolveMethod, "readResolveMethod not found");
MethodHandle writeReplaceMethod = factory.writeReplaceForSerialization(Ser.class);
Assert.assertNotNull(writeReplaceMethod, "writeReplaceMethod not found");
byte[] data = null;
try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos)) {
Ser ser = new Ser();
writeReplaceMethod.invoke(ser);
Assert.assertTrue(ser.writeReplaceCalled, "writeReplace not called");
Assert.assertFalse(ser.writeObjectCalled, "writeObject should not have been called");
writeObjectMethod.invoke(ser, oos);
Assert.assertTrue(ser.writeReplaceCalled, "writeReplace should have been called");
Assert.assertTrue(ser.writeObjectCalled, "writeObject not called");
oos.flush();
data = baos.toByteArray();
}
try (ByteArrayInputStream bais = new ByteArrayInputStream(data);
ObjectInputStream ois = new ObjectInputStream(bais)) {
Ser ser2 = new Ser();
readObjectMethod.invoke(ser2, ois);
Assert.assertTrue(ser2.readObjectCalled, "readObject not called");
Assert.assertFalse(ser2.readObjectNoDataCalled, "readObjectNoData should not be called");
Assert.assertFalse(ser2.readResolveCalled, "readResolve should not be called");
readObjectNoDataMethod.invoke(ser2, ois);
Assert.assertTrue(ser2.readObjectCalled, "readObject should have been called");
Assert.assertTrue(ser2.readObjectNoDataCalled, "readObjectNoData not called");
Assert.assertFalse(ser2.readResolveCalled, "readResolve should not be called");
readResolveMethod.invoke(ser2);
Assert.assertTrue(ser2.readObjectCalled, "readObject should have been called");
Assert.assertTrue(ser2.readObjectNoDataCalled, "readObjectNoData not called");
Assert.assertTrue(ser2.readResolveCalled, "readResolve not called");
}
}
@Test
static void hasStaticInitializer() {
boolean actual = factory.hasStaticInitializerForSerialization(Ser.class);
Assert.assertTrue(actual, "hasStaticInitializerForSerialization is wrong");
}
static class Ser implements Serializable {
private static final long serialVersionUID = 2L;
static {
// Define a static class initialization method
}
boolean readObjectCalled = false;
boolean readObjectNoDataCalled = false;
boolean writeObjectCalled = false;
boolean readResolveCalled = false;
boolean writeReplaceCalled = false;
public Ser() {}
private void readObject(ObjectInputStream ois) throws IOException {
Assert.assertFalse(writeObjectCalled, "readObject called too many times");
readObjectCalled = ois.readBoolean();
}
private void readObjectNoData(ObjectInputStream ois) throws IOException {
Assert.assertFalse(readObjectNoDataCalled, "readObjectNoData called too many times");
readObjectNoDataCalled = true;
}
private void writeObject(ObjectOutputStream oos) throws IOException {
Assert.assertFalse(writeObjectCalled, "writeObject called too many times");
writeObjectCalled = true;
oos.writeBoolean(writeObjectCalled);
}
private Object writeReplace() {
Assert.assertFalse(writeReplaceCalled, "writeReplace called too many times");
writeReplaceCalled = true;
return this;
}
private Object readResolve() {
Assert.assertFalse(readResolveCalled, "readResolve called too many times");
readResolveCalled = true;
return this;
}
}
/**
* Test the constructor of OptionalDataExceptions.
*/
@Test
static void newOptionalDataException() {
OptionalDataException ode = factory.newOptionalDataExceptionForSerialization(true);
Assert.assertTrue(ode.eof, "eof wrong");
ode = factory.newOptionalDataExceptionForSerialization(false);
Assert.assertFalse(ode.eof, "eof wrong");
}
// Main can be used to run the tests from the command line with only testng.jar.
@SuppressWarnings("raw_types")
@Test(enabled = false)
public static void main(String[] args) {
Class<?>[] testclass = {ReflectionFactoryTest.class};
TestNG testng = new TestNG();
testng.setTestClasses(testclass);
testng.run();
}
}
test/sun/reflect/ReflectionFactory/security.policy 0 → 100644
浏览文件 @ 83f4f6a9
// Individual Permissions for ReflectionFactoryTest
grant {
// Permissions needed to run the test
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete,execute";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
permission java.lang.RuntimePermission "reflectionFactoryAccess";
};
test/sun/security/smartcardio/TestChannel.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -46,6 +46,11 @@ public class TestChannel extends Utils {
public static void main(String[] args) throws Exception {
CardTerminal terminal = getTerminal(args);
if (terminal == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
// establish a connection with the card
Card card = terminal.connect("T=0");
......
test/sun/security/smartcardio/TestConnect.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -39,23 +39,12 @@ import javax.smartcardio.CardTerminal;
public class TestConnect extends Utils {
public static void main(String[] args) throws Exception {
TerminalFactory factory = TerminalFactory.getInstance("PC/SC", null, "SunPCSC");
System.out.println(factory);
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals: " + terminals);
if (terminals.isEmpty()) {
throw new Exception("No card terminals available");
}
CardTerminal terminal = terminals.get(0);
if (terminal.isCardPresent() == false) {
System.out.println("*** Insert card");
if (terminal.waitForCardPresent(20 * 1000) == false) {
throw new Exception("no card available");
}
CardTerminal terminal = getTerminal(args, "SunPCSC");
if (terminal == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
System.out.println("card present: " + terminal.isCardPresent());
Card card = terminal.connect("*");
System.out.println("card: " + card);
......
test/sun/security/smartcardio/TestConnectAgain.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -39,6 +39,11 @@ public class TestConnectAgain extends Utils {
public static void main(String[] args) throws Exception {
CardTerminal terminal = getTerminal(args);
if (terminal == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
Card card = terminal.connect("T=0");
CardChannel channel = card.getBasicChannel();
......
test/sun/security/smartcardio/TestControl.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -40,6 +40,11 @@ public class TestControl extends Utils {
public static void main(String[] args) throws Exception {
CardTerminal terminal = getTerminal(args);
if (terminal == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
// establish a connection with the card
Card card = terminal.connect("T=0");
......
test/sun/security/smartcardio/TestDefault.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -40,10 +40,12 @@ public class TestDefault {
TerminalFactory factory = TerminalFactory.getDefault();
System.out.println("Type: " + factory.getType());
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals: " + terminals);
if (terminals.isEmpty()) {
throw new Exception("no terminals");
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
System.out.println("Terminals: " + terminals);
System.out.println("OK.");
}
......
test/sun/security/smartcardio/TestDirect.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -40,10 +40,12 @@ public class TestDirect {
public static void main(String[] args) throws Exception {
TerminalFactory terminalFactory = TerminalFactory.getDefault();
List<CardTerminal> cardTerminals = terminalFactory.terminals().list();
System.out.println("Terminals: " + cardTerminals);
if (cardTerminals.isEmpty()) {
throw new Exception("No card terminals available");
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
System.out.println("Terminals: " + cardTerminals);
CardTerminal cardTerminal = cardTerminals.get(0);
Card card = cardTerminal.connect("DIRECT");
card.disconnect(true);
......
test/sun/security/smartcardio/TestExclusive.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -44,6 +44,11 @@ public class TestExclusive extends Utils {
public static void main(String[] args) throws Exception {
CardTerminal terminal = getTerminal(args);
if (terminal == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
// establish a connection with the card
Card card = terminal.connect("T=0");
......
test/sun/security/smartcardio/TestMultiplePresent.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -40,7 +40,12 @@ public class TestMultiplePresent {
public static void main(String[] args) throws Exception {
Utils.setLibrary(args);
TerminalFactory factory = TerminalFactory.getInstance("PC/SC", null);
TerminalFactory factory = Utils.getTerminalFactory(null);
if (factory == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
System.out.println(factory);
CardTerminals terminals = factory.terminals();
......@@ -49,7 +54,9 @@ public class TestMultiplePresent {
boolean multipleReaders = true;
if (list.size() < 2) {
if (list.isEmpty()) {
throw new Exception("no terminals");
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
System.out.println("Only one reader present, using simplified test");
multipleReaders = false;
......
test/sun/security/smartcardio/TestPresent.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -34,7 +34,7 @@ import java.util.List;
import javax.smartcardio.CardTerminal;
import javax.smartcardio.TerminalFactory;
public class TestPresent {
public class TestPresent extends Utils {
private static class Timer {
private long time = System.currentTimeMillis();
......@@ -66,15 +66,12 @@ public class TestPresent {
}
public static void main(String[] args) throws Exception {
TerminalFactory factory = TerminalFactory.getInstance("PC/SC", null);
System.out.println(factory);
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals: " + terminals);
if (terminals.isEmpty()) {
throw new Exception("No card terminals available");
CardTerminal terminal = getTerminal(args);
if (terminal == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
CardTerminal terminal = terminals.get(0);
while (terminal.isCardPresent()) {
System.out.println("*** Remove card!");
......
test/sun/security/smartcardio/TestTransmit.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -48,6 +48,11 @@ public class TestTransmit extends Utils {
public static void main(String[] args) throws Exception {
CardTerminal terminal = getTerminal(args);
if (terminal == null) {
System.out.println("Skipping the test: " +
"no card terminals available");
return;
}
Card card = terminal.connect("T=0");
CardChannel channel = card.getBasicChannel();
......
test/sun/security/smartcardio/Utils.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -27,6 +27,7 @@
import java.io.StringReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.List;
import javax.smartcardio.CardTerminal;
......@@ -43,26 +44,59 @@ public class Utils {
}
}
static TerminalFactory getTerminalFactory(String provName) throws Exception {
try {
TerminalFactory factory = (provName == null)
? TerminalFactory.getInstance("PC/SC", null)
: TerminalFactory.getInstance("PC/SC", null, provName);
System.out.println(factory);
return factory;
} catch (NoSuchAlgorithmException e) {
Throwable cause = e.getCause();
if (cause != null && cause.getMessage().startsWith("PC/SC not available")) {
return null;
}
throw e;
}
}
static CardTerminal getTerminal(String[] args) throws Exception {
return getTerminal(args, null);
}
static CardTerminal getTerminal(String[] args, String provider) throws Exception {
setLibrary(args);
TerminalFactory factory = TerminalFactory.getInstance("PC/SC", null);
System.out.println(factory);
try {
TerminalFactory factory = (provider == null)
? TerminalFactory.getInstance("PC/SC", null)
: TerminalFactory.getInstance("PC/SC", null, provider);
System.out.println(factory);
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals: " + terminals);
if (terminals.isEmpty()) {
return null;
}
CardTerminal terminal = terminals.get(0);
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals: " + terminals);
if (terminals.isEmpty()) {
throw new Exception("No card terminals available");
}
CardTerminal terminal = terminals.get(0);
if (terminal.isCardPresent() == false) {
System.out.println("*** Insert card");
if (terminal.waitForCardPresent(20 * 1000) == false) {
throw new Exception("no card available");
}
}
System.out.println("card present: " + terminal.isCardPresent());
return terminal;
if (terminal.isCardPresent() == false) {
System.out.println("*** Insert card");
if (terminal.waitForCardPresent(20 * 1000) == false) {
throw new Exception("no card available");
} catch (NoSuchAlgorithmException e) {
Throwable cause = e.getCause();
if (cause != null && cause.getMessage().startsWith("PC/SC not available")) {
return null;
}
throw e;
}
return terminal;
}
static final byte[] C1 = parse("00 A4 04 00 07 A0 00 00 00 62 81 01 00");
......
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java
浏览文件 @ 83f4f6a9
/*
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,9 +28,12 @@
/*
* @test
* @bug 6916074
* @bug 6916074 8170131
* @summary Add support for TLS 1.2
* @run main/othervm PKIXExtendedTM
* @run main/othervm PKIXExtendedTM 0
* @run main/othervm PKIXExtendedTM 1
* @run main/othervm PKIXExtendedTM 2
* @run main/othervm PKIXExtendedTM 3
*/
import java.net.*;
......@@ -42,6 +45,7 @@ import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertPathValidatorException;
import java.security.spec.*;
import java.security.interfaces.*;
import java.math.BigInteger;
......@@ -792,20 +796,85 @@ public class PKIXExtendedTM {
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
static class Test {
String tlsDisAlgs;
String certPathDisAlgs;
boolean fail;
Test(String tlsDisAlgs, String certPathDisAlgs, boolean fail) {
this.tlsDisAlgs = tlsDisAlgs;
this.certPathDisAlgs = certPathDisAlgs;
this.fail = fail;
}
}
static Test[] tests = {
// MD5 is used in this test case, don't disable MD5 algorithm.
new Test(
"SSLv3, RC4, DH keySize < 768",
"MD2, RSA keySize < 1024",
false),
// Disable MD5 but only if cert chains back to public root CA, should
// pass because the MD5 cert in this test case is issued by test CA
new Test(
"SSLv3, RC4, DH keySize < 768",
"MD2, MD5 jdkCA, RSA keySize < 1024",
false),
// Disable MD5 alg via TLS property and expect failure
new Test(
"SSLv3, MD5, RC4, DH keySize < 768",
"MD2, RSA keySize < 1024",
true),
// Disable MD5 alg via certpath property and expect failure
new Test(
"SSLv3, RC4, DH keySize < 768",
"MD2, MD5, RSA keySize < 1024",
true),
};
public static void main(String args[]) throws Exception {
if (args.length != 1) {
throw new Exception("Incorrect number of arguments");
}
Test test = tests[Integer.parseInt(args[0])];
Security.setProperty("jdk.tls.disabledAlgorithms", test.tlsDisAlgs);
Security.setProperty("jdk.certpath.disabledAlgorithms",
"MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
test.certPathDisAlgs);
if (debug)
if (debug) {
System.setProperty("javax.net.debug", "all");
}
/*
* Start the tests.
*/
new PKIXExtendedTM();
try {
new PKIXExtendedTM();
if (test.fail) {
throw new Exception("Expected MD5 certificate to be blocked");
}
} catch (Exception e) {
if (test.fail) {
// find expected cause
boolean correctReason = false;
Throwable cause = e.getCause();
while (cause != null) {
if (cause instanceof CertPathValidatorException) {
CertPathValidatorException cpve =
(CertPathValidatorException)cause;
if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) {
correctReason = true;
break;
}
}
cause = cause.getCause();
}
if (!correctReason) {
throw new Exception("Unexpected exception", e);
}
} else {
throw e;
}
}
}
Thread clientThread = null;
......
test/sun/security/tools/jarsigner/TimestampCheck.java
浏览文件 @ 83f4f6a9
......@@ -22,25 +22,31 @@
*/
import com.sun.net.httpserver.*;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.InetSocketAddress;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.List;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import sun.misc.IOUtils;
import jdk.testlibrary.*;
import jdk.testlibrary.JarUtils;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
......@@ -52,11 +58,22 @@ import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;
/*
* @test
* @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8169688
* @summary checking response of timestamp
* @modules java.base/sun.security.pkcs
* java.base/sun.security.timestamp
* java.base/sun.security.x509
* java.base/sun.security.util
* java.base/sun.security.tools.keytool
* @library /lib/testlibrary
* @run main/timeout=600 TimestampCheck
*/
public class TimestampCheck {
static final String TSKS = "tsks";
static final String JAR = "old.jar";
static final String defaultPolicyId = "2.3.4.5";
static final String defaultPolicyId = "2.3.4";
static String host = null;
static class Handler implements HttpHandler, AutoCloseable {
......@@ -75,11 +92,7 @@ public class TimestampCheck {
t.getRequestBody().read(input);
try {
int path = 0;
if (t.getRequestURI().getPath().length() > 1) {
path = Integer.parseInt(
t.getRequestURI().getPath().substring(1));
}
String path = t.getRequestURI().getPath().substring(1);
byte[] output = sign(input, path);
Headers out = t.getResponseHeaders();
out.set("Content-Type", "application/timestamp-reply");
......@@ -97,24 +110,9 @@ public class TimestampCheck {
/**
* @param input The data to sign
* @param path different cases to simulate, impl on URL path
* 0: normal
* 1: Missing nonce
* 2: Different nonce
* 3: Bad digets octets in messageImprint
* 4: Different algorithmId in messageImprint
* 5: whole chain in cert set
* 6: extension is missing
* 7: extension is non-critical
* 8: extension does not have timestamping
* 9: no cert in response
* 10: normal
* 11: always return default policy id
* 12: normal
* otherwise: normal
* @returns the signed
*/
byte[] sign(byte[] input, int path) throws Exception {
// Read TSRequest
byte[] sign(byte[] input, String path) throws Exception {
DerValue value = new DerValue(input);
System.err.println("\nIncoming Request\n===================");
System.err.println("Version: " + value.data.getInteger());
......@@ -138,36 +136,35 @@ public class TimestampCheck {
}
}
// Write TSResponse
System.err.println("\nResponse\n===================");
KeyStore ks = KeyStore.getInstance("JKS");
try (FileInputStream fis = new FileInputStream(keystore)) {
ks.load(fis, "changeit".toCharArray());
}
FileInputStream is = new FileInputStream(keystore);
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(is, "changeit".toCharArray());
is.close();
String alias = "ts";
if (path == 6) alias = "tsbad1";
if (path == 7) alias = "tsbad2";
if (path == 8) alias = "tsbad3";
if (path.startsWith("bad") || path.equals("weak")) {
alias = "ts" + path;
}
if (path == 11) {
if (path.equals("diffpolicy")) {
policyId = new ObjectIdentifier(defaultPolicyId);
}
DerOutputStream statusInfo = new DerOutputStream();
statusInfo.putInteger(0);
DerOutputStream token = new DerOutputStream();
AlgorithmId[] algorithms = {aid};
Certificate[] chain = ks.getCertificateChain(alias);
X509Certificate[] signerCertificateChain = null;
X509Certificate[] signerCertificateChain;
X509Certificate signer = (X509Certificate)chain[0];
if (path == 5) { // Only case 5 uses full chain
if (path.equals("fullchain")) { // Only case 5 uses full chain
signerCertificateChain = new X509Certificate[chain.length];
for (int i=0; i<chain.length; i++) {
signerCertificateChain[i] = (X509Certificate)chain[i];
}
} else if (path == 9) {
} else if (path.equals("nocert")) {
signerCertificateChain = new X509Certificate[0];
} else {
signerCertificateChain = new X509Certificate[1];
......@@ -179,11 +176,11 @@ public class TimestampCheck {
tst.putInteger(1);
tst.putOID(policyId);
if (path != 3 && path != 4) {
if (!path.equals("baddigest") && !path.equals("diffalg")) {
tst.putDerValue(messageImprint);
} else {
byte[] data = messageImprint.toByteArray();
if (path == 4) {
if (path.equals("diffalg")) {
data[6] = (byte)0x01;
} else {
data[data.length-1] = (byte)0x01;
......@@ -198,10 +195,10 @@ public class TimestampCheck {
Calendar cal = Calendar.getInstance();
tst.putGeneralizedTime(cal.getTime());
if (path == 2) {
if (path.equals("diffnonce")) {
tst.putInteger(1234);
} else if (path == 1) {
// do nothing
} else if (path.equals("nononce")) {
// no noce
} else {
tst.putInteger(nonce);
}
......@@ -212,6 +209,8 @@ public class TimestampCheck {
DerOutputStream tstInfo2 = new DerOutputStream();
tstInfo2.putOctetString(tstInfo.toByteArray());
// Always use the same algorithm at timestamp signing
// so it is different from the hash algorithm.
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initSign((PrivateKey)(ks.getKey(
alias, "changeit".toCharArray())));
......@@ -229,12 +228,11 @@ public class TimestampCheck {
SignerInfo signerInfo = new SignerInfo(
new X500Name(signer.getIssuerX500Principal().getName()),
signer.getSerialNumber(),
aid, AlgorithmId.get("RSA"), sig.sign());
AlgorithmId.get("SHA-1"), AlgorithmId.get("RSA"), sig.sign());
SignerInfo[] signerInfos = {signerInfo};
PKCS7 p7 =
new PKCS7(algorithms, contentInfo, signerCertificateChain,
signerInfos);
PKCS7 p7 = new PKCS7(algorithms, contentInfo,
signerCertificateChain, signerInfos);
ByteArrayOutputStream p7out = new ByteArrayOutputStream();
p7.encodeSignedData(p7out);
......@@ -293,42 +291,79 @@ public class TimestampCheck {
stop();
}
}
public static void main(String[] args) throws Exception {
try (Handler tsa = Handler.init(0, TSKS);) {
public static void main(String[] args) throws Throwable {
prepare();
try (Handler tsa = Handler.init(0, "tsks");) {
tsa.start();
int port = tsa.getPort();
String cmd;
// Use -J-Djava.security.egd=file:/dev/./urandom to speed up
// nonce generation in timestamping request. Not avaibale on
// Windows and defaults to thread seed generator, not too bad.
if (System.getProperty("java.home").endsWith("jre")) {
cmd = System.getProperty("java.home") + "/../bin/jarsigner";
} else {
cmd = System.getProperty("java.home") + "/bin/jarsigner";
}
cmd += " -J-Djava.security.egd=file:/dev/./urandom"
+ " -debug -keystore " + TSKS + " -storepass changeit"
+ " -tsa http://localhost:" + port + "/%d"
+ " -signedjar new_%d.jar " + JAR + " old";
host = "http://localhost:" + port + "/";
if (args.length == 0) { // Run this test
jarsigner(cmd, 0, true); // Success, normal call
jarsigner(cmd, 1, false); // These 4 should fail
jarsigner(cmd, 2, false);
jarsigner(cmd, 3, false);
jarsigner(cmd, 4, false);
jarsigner(cmd, 5, true); // Success, 6543440 solved.
jarsigner(cmd, 6, false); // tsbad1
jarsigner(cmd, 7, false); // tsbad2
jarsigner(cmd, 8, false); // tsbad3
jarsigner(cmd, 9, false); // no cert in timestamp
jarsigner(cmd + " -tsapolicyid 1.2.3.4", 10, true);
checkTimestamp("new_10.jar", "1.2.3.4", "SHA-256");
jarsigner(cmd + " -tsapolicyid 1.2.3.5", 11, false);
jarsigner(cmd + " -tsadigestalg SHA", 12, true);
checkTimestamp("new_12.jar", defaultPolicyId, "SHA-1");
sign("none")
.shouldContain("is not timestamped")
.shouldHaveExitValue(0);
sign("badku")
.shouldHaveExitValue(0);
checkBadKU("badku.jar");
sign("normal")
.shouldNotContain("is not timestamped")
.shouldHaveExitValue(0);
sign("nononce")
.shouldHaveExitValue(1);
sign("diffnonce")
.shouldHaveExitValue(1);
sign("baddigest")
.shouldHaveExitValue(1);
sign("diffalg")
.shouldHaveExitValue(1);
sign("fullchain")
.shouldHaveExitValue(0); // Success, 6543440 solved.
sign("bad1")
.shouldHaveExitValue(1);
sign("bad2")
.shouldHaveExitValue(1);
sign("bad3")
.shouldHaveExitValue(1);
sign("nocert")
.shouldHaveExitValue(1);
sign("policy", "-tsapolicyid", "1.2.3")
.shouldHaveExitValue(0);
checkTimestamp("policy.jar", "1.2.3", "SHA-256");
sign("diffpolicy", "-tsapolicyid", "1.2.3")
.shouldHaveExitValue(1);
sign("tsaalg", "-tsadigestalg", "SHA")
.shouldHaveExitValue(0);
checkTimestamp("tsaalg.jar", defaultPolicyId, "SHA-1");
sign("weak", "-digestalg", "MD2",
"-sigalg", "MD2withRSA", "-tsadigestalg", "MD2")
.shouldHaveExitValue(0);
checkWeak("weak.jar");
signWithAliasAndTsa("halfWeak", "old.jar", "old", "-digestalg", "MD5")
.shouldHaveExitValue(0);
checkHalfWeak("halfWeak.jar");
// sign with DSA key
signWithAliasAndTsa("sign1", "old.jar", "dsakey")
.shouldHaveExitValue(0);
// sign with RSAkeysize < 1024
signWithAliasAndTsa("sign2", "sign1.jar", "weakkeysize")
.shouldHaveExitValue(0);
checkMultiple("sign2.jar");
// When .SF or .RSA is missing or invalid
checkMissingOrInvalidFiles("normal.jar");
} else { // Run as a standalone server
System.err.println("Press Enter to quit server");
System.in.read();
......@@ -336,6 +371,132 @@ public class TimestampCheck {
}
}
private static void checkMissingOrInvalidFiles(String s)
throws Throwable {
JarUtils.updateJar(s, "1.jar", "-", "META-INF/OLD.SF");
verify("1.jar", "-verbose")
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldContain("Missing signature-related file META-INF/OLD.SF");
JarUtils.updateJar(s, "2.jar", "-", "META-INF/OLD.RSA");
verify("2.jar", "-verbose")
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldContain("Missing block file for signature-related file META-INF/OLD.SF");
JarUtils.updateJar(s, "3.jar", "META-INF/OLD.SF");
verify("3.jar", "-verbose")
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldContain("Unparsable signature-related file META-INF/OLD.SF");
JarUtils.updateJar(s, "4.jar", "META-INF/OLD.RSA");
verify("4.jar", "-verbose")
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldContain("Unparsable signature-related file META-INF/OLD.RSA");
}
static OutputAnalyzer jarsigner(List<String> extra)
throws Throwable {
JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jarsigner")
.addVMArg("-Duser.language=en")
.addVMArg("-Duser.country=US")
.addToolArg("-keystore")
.addToolArg("tsks")
.addToolArg("-storepass")
.addToolArg("changeit");
for (String s : extra) {
if (s.startsWith("-J")) {
launcher.addVMArg(s.substring(2));
} else {
launcher.addToolArg(s);
}
}
System.err.println("COMMAND: ");
for (String cmd : launcher.getCommand()) {
System.err.print(cmd + " ");
}
System.err.println();
return ProcessTools.executeCommand(launcher.getCommand());
}
static OutputAnalyzer verify(String file, String... extra)
throws Throwable {
List<String> args = new ArrayList<>();
args.add("-verify");
args.add(file);
args.addAll(Arrays.asList(extra));
return jarsigner(args);
}
static void checkBadKU(String file) throws Throwable {
System.err.println("BadKU: " + file);
verify(file)
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldContain("re-run jarsigner with debug enabled");
verify(file, "-verbose")
.shouldHaveExitValue(0)
.shouldContain("Signed by")
.shouldContain("treated as unsigned")
.shouldContain("re-run jarsigner with debug enabled");
verify(file, "-J-Djava.security.debug=jar")
.shouldHaveExitValue(0)
.shouldContain("SignatureException: Key usage restricted")
.shouldContain("treated as unsigned")
.shouldContain("re-run jarsigner with debug enabled");
}
static void checkWeak(String file) throws Throwable {
verify(file)
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldMatch("weak algorithm that is now disabled.")
.shouldMatch("Re-run jarsigner with the -verbose option for more details");
verify(file, "-verbose")
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldMatch("weak algorithm that is now disabled by")
.shouldMatch("Digest algorithm: .*weak")
.shouldMatch("Signature algorithm: .*weak")
.shouldMatch("Timestamp digest algorithm: .*weak")
.shouldNotMatch("Timestamp signature algorithm: .*weak.*weak")
.shouldMatch("Timestamp signature algorithm: .*key.*weak");
verify(file, "-J-Djava.security.debug=jar")
.shouldHaveExitValue(0)
.shouldMatch("SignatureException:.*Disabled");
}
static void checkHalfWeak(String file) throws Throwable {
verify(file)
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldMatch("weak algorithm that is now disabled.")
.shouldMatch("Re-run jarsigner with the -verbose option for more details");
verify(file, "-verbose")
.shouldHaveExitValue(0)
.shouldContain("treated as unsigned")
.shouldMatch("weak algorithm that is now disabled by")
.shouldMatch("Digest algorithm: .*weak")
.shouldNotMatch("Signature algorithm: .*weak")
.shouldNotMatch("Timestamp digest algorithm: .*weak")
.shouldNotMatch("Timestamp signature algorithm: .*weak.*weak")
.shouldNotMatch("Timestamp signature algorithm: .*key.*weak");
}
static void checkMultiple(String file) throws Throwable {
verify(file)
.shouldHaveExitValue(0)
.shouldContain("jar verified");
verify(file, "-verbose", "-certs")
.shouldHaveExitValue(0)
.shouldContain("jar verified")
.shouldMatch("X.509.*CN=dsakey")
.shouldNotMatch("X.509.*CN=weakkeysize")
.shouldMatch("Signed by .*CN=dsakey")
.shouldMatch("Signed by .*CN=weakkeysize")
.shouldMatch("Signature algorithm: .*key.*weak");
}
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
......@@ -362,41 +523,75 @@ public class TimestampCheck {
}
}
static int which = 0;
/**
* @param cmd the command line (with a hole to plug in)
* @param path the path in the URL, i.e, http://localhost/path
* @param expected if this command should succeed
* @param extra more args given to jarsigner
*/
static void jarsigner(String cmd, int path, boolean expected)
throws Exception {
System.err.println("Test " + path);
Process p = Runtime.getRuntime().exec(String.format(cmd, path, path));
BufferedReader reader = new BufferedReader(
new InputStreamReader(p.getErrorStream()));
while (true) {
String s = reader.readLine();
if (s == null) break;
System.err.println(s);
}
static OutputAnalyzer sign(String path, String... extra)
throws Throwable {
String alias = path.equals("badku") ? "badku" : "old";
return signWithAliasAndTsa(path, "old.jar", alias, extra);
}
// Will not see noTimestamp warning
boolean seeWarning = false;
reader = new BufferedReader(
new InputStreamReader(p.getInputStream()));
while (true) {
String s = reader.readLine();
if (s == null) break;
System.err.println(s);
if (s.indexOf("Warning:") >= 0) {
seeWarning = true;
}
}
int result = p.waitFor();
if (expected && result != 0 || !expected && result == 0) {
throw new Exception("Failed");
}
if (seeWarning) {
throw new Exception("See warning");
static OutputAnalyzer signWithAliasAndTsa (String path, String jar,
String alias, String...extra) throws Throwable {
which++;
System.err.println("\n>> Test #" + which + ": " + Arrays.toString(extra));
List<String> args = new ArrayList<>();
args.add("-J-Djava.security.egd=file:/dev/./urandom");
args.add("-debug");
args.add("-signedjar");
args.add(path + ".jar");
args.add(jar);
args.add(alias);
if (!path.equals("none") && !path.equals("badku")) {
args.add("-tsa");
args.add(host + path);
}
args.addAll(Arrays.asList(extra));
return jarsigner(args);
}
static void prepare() throws Exception {
jdk.testlibrary.JarUtils.createJar("old.jar", "A");
Files.deleteIfExists(Paths.get("tsks"));
keytool("-alias ca -genkeypair -ext bc -dname CN=CA");
keytool("-alias old -genkeypair -dname CN=old");
keytool("-alias dsakey -genkeypair -keyalg DSA -dname CN=dsakey");
keytool("-alias weakkeysize -genkeypair -keysize 512 -dname CN=weakkeysize");
keytool("-alias badku -genkeypair -dname CN=badku");
keytool("-alias ts -genkeypair -dname CN=ts");
keytool("-alias tsweak -genkeypair -keysize 512 -dname CN=tsbad1");
keytool("-alias tsbad1 -genkeypair -dname CN=tsbad1");
keytool("-alias tsbad2 -genkeypair -dname CN=tsbad2");
keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3");
gencert("old");
gencert("dsakey");
gencert("weakkeysize");
gencert("badku", "-ext ku:critical=keyAgreement");
gencert("ts", "-ext eku:critical=ts");
gencert("tsweak", "-ext eku:critical=ts");
gencert("tsbad1");
gencert("tsbad2", "-ext eku=ts");
gencert("tsbad3", "-ext eku:critical=cs");
}
static void gencert(String alias, String... extra) throws Exception {
keytool("-alias " + alias + " -certreq -file " + alias + ".req");
String genCmd = "-gencert -alias ca -infile " +
alias + ".req -outfile " + alias + ".cert";
for (String s : extra) {
genCmd += " " + s;
}
keytool(genCmd);
keytool("-alias " + alias + " -importcert -file " + alias + ".cert");
}
static void keytool(String cmd) throws Exception {
cmd = "-keystore tsks -storepass changeit -keypass changeit " +
"-keyalg rsa -validity 200 " + cmd;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
}
test/sun/security/tools/jarsigner/ts.sh 已删除 100644 → 0
浏览文件 @ 93db103c
#
# Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 6543842 6543440 6939248 8009636 8024302
# @summary checking response of timestamp
#
# @run shell/timeout=600 ts.sh
# Run for a long time because jarsigner with timestamp needs to create a
# 64-bit random number and it might be extremely slow on a machine with
# not enough entropy pool
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
;;
* )
FS="/"
;;
esac
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
JAR="${TESTJAVA}${FS}bin${FS}jar"
JAVA="${TESTJAVA}${FS}bin${FS}java"
JAVAC="${TESTJAVA}${FS}bin${FS}javac"
KT="${TESTJAVA}${FS}bin${FS}keytool -keystore tsks -storepass changeit -keypass changeit -keyalg rsa -validity 200"
rm tsks
echo Nothing > A
rm old.jar
$JAR cvf old.jar A
# ca is CA
# old is signer for code
# ts is signer for timestamp
# tsbad1 has no extendedKeyUsage
# tsbad2's extendedKeyUsage is non-critical
# tsbad3's extendedKeyUsage has no timestamping
$KT -alias ca -genkeypair -ext bc -dname CN=CA
$KT -alias old -genkeypair -dname CN=old
$KT -alias ts -genkeypair -dname CN=ts
$KT -alias tsbad1 -genkeypair -dname CN=tsbad1
$KT -alias tsbad2 -genkeypair -dname CN=tsbad2
$KT -alias tsbad3 -genkeypair -dname CN=tsbad3
$KT -alias ts -certreq | \
$KT -alias ca -gencert -ext eku:critical=ts | \
$KT -alias ts -importcert
$KT -alias tsbad1 -certreq | \
$KT -alias ca -gencert | \
$KT -alias tsbad1 -importcert
$KT -alias tsbad2 -certreq | \
$KT -alias ca -gencert -ext eku=ts | \
$KT -alias tsbad2 -importcert
$KT -alias tsbad3 -certreq | \
$KT -alias ca -gencert -ext eku:critical=cs | \
$KT -alias tsbad3 -importcert
$JAVAC -XDignore.symbol.file -d . ${TESTSRC}/TimestampCheck.java
$JAVA ${TESTVMOPTS} TimestampCheck
test/sun/security/tools/jarsigner/warnings/Test.java
浏览文件 @ 83f4f6a9
......@@ -197,4 +197,21 @@ public abstract class Test {
cmd.addAll(Arrays.asList(args));
return ProcessTools.executeCommand(cmd.toArray(new String[cmd.size()]));
}
protected OutputAnalyzer keytool(String... cmd) throws Throwable {
return tool(KEYTOOL, cmd);
}
protected OutputAnalyzer jarsigner(String... cmd) throws Throwable {
return tool(JARSIGNER, cmd);
}
private OutputAnalyzer tool(String tool, String... args) throws Throwable {
List<String> cmd = new ArrayList<>();
cmd.add(tool);
cmd.add("-J-Duser.language=en");
cmd.add("-J-Duser.country=US");
cmd.addAll(Arrays.asList(args));
return ProcessTools.executeCommand(cmd.toArray(new String[cmd.size()]));
}
}
test/sun/util/calendar/zi/tzdata/VERSION
浏览文件 @ 83f4f6a9
......@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
tzdata2016f
tzdata2016i
test/sun/util/calendar/zi/tzdata/africa
浏览文件 @ 83f4f6a9
......@@ -487,7 +487,7 @@ Zone Africa/Monrovia -0:43:08 - LMT 1882
# http://www.libyaherald.com/2013/10/24/correction-no-time-change-tomorrow/
#
# From Paul Eggert (2013-10-25):
# For now, assume they're reverting to the pre-2012 rules of permanent UTC+2.
# For now, assume they're reverting to the pre-2012 rules of permanent UT +02.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Libya 1951 only - Oct 14 2:00 1:00 S
......
test/sun/util/calendar/zi/tzdata/antarctica
浏览文件 @ 83f4f6a9
......@@ -33,9 +33,7 @@
# http://www.spri.cam.ac.uk/bob/periant.htm
# for information.
# Unless otherwise specified, we have no time zone information.
#
# Except for the French entries,
# I made up all time zone abbreviations mentioned here; corrections welcome!
# FORMAT is '-00' and GMTOFF is 0 for locations while uninhabited.
# Argentina - year-round bases
......@@ -52,7 +50,7 @@
# previously sealers and scientific personnel wintered
# Margaret Turner reports
# http://web.archive.org/web/20021204222245/http://www.dstc.qut.edu.au/DST/marg/daylight.html
# (1999-09-30) that they're UTC+5, with no DST;
# (1999-09-30) that they're UT +05, with no DST;
# presumably this is when they have visitors.
#
# year-round bases
......@@ -89,25 +87,29 @@
# Background:
# http://www.timeanddate.com/news/time/antartica-time-changes-2010.html
# From Steffen Thorsen (2016-10-28):
# Australian Antarctica Division informed us that Casey changed time
# zone to UTC+11 in "the morning of 22nd October 2016".
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Casey 0 - -00 1969
8:00 - AWST 2009 Oct 18 2:00
# Australian Western Std Time
11:00 - CAST 2010 Mar 5 2:00 # Casey Time
8:00 - AWST 2011 Oct 28 2:00
11:00 - CAST 2012 Feb 21 17:00u
8:00 - AWST
8:00 - +08 2009 Oct 18 2:00
11:00 - +11 2010 Mar 5 2:00
8:00 - +08 2011 Oct 28 2:00
11:00 - +11 2012 Feb 21 17:00u
8:00 - +08 2016 Oct 22
11:00 - +11
Zone Antarctica/Davis 0 - -00 1957 Jan 13
7:00 - DAVT 1964 Nov # Davis Time
7:00 - +07 1964 Nov
0 - -00 1969 Feb
7:00 - DAVT 2009 Oct 18 2:00
5:00 - DAVT 2010 Mar 10 20:00u
7:00 - DAVT 2011 Oct 28 2:00
5:00 - DAVT 2012 Feb 21 20:00u
7:00 - DAVT
7:00 - +07 2009 Oct 18 2:00
5:00 - +05 2010 Mar 10 20:00u
7:00 - +07 2011 Oct 28 2:00
5:00 - +05 2012 Feb 21 20:00u
7:00 - +07
Zone Antarctica/Mawson 0 - -00 1954 Feb 13
6:00 - MAWT 2009 Oct 18 2:00 # Mawson Time
5:00 - MAWT
6:00 - +06 2009 Oct 18 2:00
5:00 - +05
# References:
# Casey Weather (1998-02-26)
# http://www.antdiv.gov.au/aad/exop/sfo/casey/casey_aws.html
......@@ -161,7 +163,7 @@ Zone Antarctica/Mawson 0 - -00 1954 Feb 13
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français
5:00 - TFT # ISO code TF Time
5:00 - +05
#
# year-round base in the main continent
# Dumont d'Urville, Île des Pétrels, -6640+14001, since 1956-11
......@@ -172,9 +174,9 @@ Zone Indian/Kerguelen 0 - -00 1950 # Port-aux-Français
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/DumontDUrville 0 - -00 1947
10:00 - PMT 1952 Jan 14 # Port-Martin Time
10:00 - +10 1952 Jan 14
0 - -00 1956 Nov
10:00 - DDUT # Dumont-d'Urville Time
10:00 - +10
# France & Italy - year-round base
# Concordia, -750600+1232000, since 2005
......@@ -200,7 +202,7 @@ Zone Antarctica/DumontDUrville 0 - -00 1947
# station of Japan, it's appropriate for the principal location.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Syowa 0 - -00 1957 Jan 29
3:00 - SYOT # Syowa Time
3:00 - +03
# See:
# NIPR Antarctic Research Activities (1999-08-17)
# http://www.nipr.ac.jp/english/ara01.html
......@@ -237,17 +239,17 @@ Zone Antarctica/Syowa 0 - -00 1957 Jan 29
# correct, but they should be quite close to the actual dates.
#
# From Paul Eggert (2014-03-21):
# The CET-switching Troll rules require zic from tzcode 2014b or later, so as
# The CET-switching Troll rules require zic from tz 2014b or later, so as
# suggested by Bengt-Inge Larsson comment them out for now, and approximate
# with only UTC and CEST. Uncomment them when 2014b is more prevalent.
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
#Rule Troll 2005 max - Mar 1 1:00u 1:00 CET
Rule Troll 2005 max - Mar lastSun 1:00u 2:00 CEST
#Rule Troll 2005 max - Oct lastSun 1:00u 1:00 CET
#Rule Troll 2004 max - Nov 7 1:00u 0:00 UTC
#Rule Troll 2005 max - Mar 1 1:00u 1:00 +01
Rule Troll 2005 max - Mar lastSun 1:00u 2:00 +02
#Rule Troll 2005 max - Oct lastSun 1:00u 1:00 +01
#Rule Troll 2004 max - Nov 7 1:00u 0:00 +00
# Remove the following line when uncommenting the above '#Rule' lines.
Rule Troll 2004 max - Oct lastSun 1:00u 0:00 UTC
Rule Troll 2004 max - Oct lastSun 1:00u 0:00 +00
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Troll 0 - -00 2005 Feb 12
0:00 Troll %s
......@@ -288,10 +290,10 @@ Zone Antarctica/Troll 0 - -00 2005 Feb 12
# changes during the year and does not necessarily correspond to mean
# solar noon. So the Vostok time might have been whatever the clocks
# happened to be during their visit. So we still don't really know what time
# it is at Vostok. But we'll guess UTC+6.
# it is at Vostok. But we'll guess +06.
#
Zone Antarctica/Vostok 0 - -00 1957 Dec 16
6:00 - VOST # Vostok time
6:00 - +06
# S Africa - year-round bases
# Marion Island, -4653+03752
......@@ -324,7 +326,7 @@ Zone Antarctica/Vostok 0 - -00 1957 Dec 16
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Antarctica/Rothera 0 - -00 1976 Dec 1
-3:00 - ROTT # Rothera time
-3:00 - -03
# Uruguay - year round base
# Artigas, King George Island, -621104-0585107
......
test/sun/util/calendar/zi/tzdata/asia
浏览文件 @ 83f4f6a9
......@@ -139,13 +139,11 @@ Zone Asia/Kabul 4:36:48 - LMT 1890
# http://www.worldtimezone.com/dst_news/dst_news_armenia03.html
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Yerevan 2:58:00 - LMT 1924 May 2
3:00 - YERT 1957 Mar # Yerevan Time
4:00 RussiaAsia YER%sT 1991 Mar 31 2:00s
3:00 1:00 YERST 1991 Sep 23 # independence
3:00 RussiaAsia AM%sT 1995 Sep 24 2:00s
4:00 - AMT 1997
4:00 RussiaAsia AM%sT 2012 Feb 9
4:00 - AMT
3:00 - +03 1957 Mar
4:00 RussiaAsia +04/+05 1991 Mar 31 2:00s
3:00 RussiaAsia +03/+04 1995 Sep 24 2:00s
4:00 - +04 1997
4:00 RussiaAsia +04/+05
# Azerbaijan
......@@ -166,13 +164,12 @@ Rule Azer 1997 2015 - Mar lastSun 4:00 1:00 S
Rule Azer 1997 2015 - Oct lastSun 5:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Baku 3:19:24 - LMT 1924 May 2
3:00 - BAKT 1957 Mar # Baku Time
4:00 RussiaAsia BAK%sT 1991 Mar 31 2:00s
3:00 1:00 BAKST 1991 Aug 30 # independence
3:00 RussiaAsia AZ%sT 1992 Sep lastSun 2:00s
4:00 - AZT 1996 # Azerbaijan Time
4:00 EUAsia AZ%sT 1997
4:00 Azer AZ%sT
3:00 - +03 1957 Mar
4:00 RussiaAsia +04/+05 1991 Mar 31 2:00s
3:00 RussiaAsia +03/+04 1992 Sep lastSun 2:00s
4:00 - +04 1996
4:00 EUAsia +04/+05 1997
4:00 Azer +04/+05
# Bahrain
# See Asia/Qatar.
......@@ -291,7 +288,7 @@ Zone Asia/Brunei 7:39:40 - LMT 1926 Mar # Bandar Seri Begawan
# Milne says 6:24:40 was the meridian of the time ball observatory at Rangoon.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Rangoon 6:24:40 - LMT 1880 # or Yangon
Zone Asia/Yangon 6:24:40 - LMT 1880 # or Rangoon
6:24:40 - RMT 1920 # Rangoon Mean Time?
6:30 - BURT 1942 May # Burma Time
9:00 - JST 1945 May 3
......@@ -406,7 +403,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Lewiston (ME) Daily Sun (1939-05-29), p 17, said "Even the time is
# different - the occupied districts going by Tokyo time, an hour
# ahead of that prevailing in the rest of Shanghai." Guess that the
# Xujiahui Observatory was under French control and stuck with UT+8.
# Xujiahui Observatory was under French control and stuck with UT +08.
#
# In earlier versions of this file, China had many separate Zone entries, but
# this was based on what were apparently incorrect data in Shanks & Pottenger.
......@@ -415,26 +412,26 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Proposed in 1918 and theoretically in effect until 1949 (although in practice
# mainly observed in coastal areas), the five zones were:
#
# Changbai Time ("Long-white Time", Long-white = Heilongjiang area) UT+8.5
# Changbai Time ("Long-white Time", Long-white = Heilongjiang area) UT +08:30
# Asia/Harbin (currently a link to Asia/Shanghai)
# Heilongjiang (except Mohe county), Jilin
#
# Zhongyuan Time ("Central plain Time") UT+8
# Zhongyuan Time ("Central plain Time") UT +08
# Asia/Shanghai
# most of China
# This currently represents most other zones as well,
# as apparently these regions have been the same since 1970.
# Milne gives 8:05:43.2 for Xujiahui Observatory time; round to nearest.
# Guo says Shanghai switched to UT+8 "from the end of the 19th century".
# Guo says Shanghai switched to UT +08 "from the end of the 19th century".
#
# Long-shu Time (probably due to Long and Shu being two names of that area) UT+7
# Long-shu Time (probably due to Long and Shu being two names of the area) UT +07
# Asia/Chongqing (currently a link to Asia/Shanghai)
# Guangxi, Guizhou, Hainan, Ningxia, Sichuan, Shaanxi, and Yunnan;
# most of Gansu; west Inner Mongolia; west Qinghai; and the Guangdong
# counties Deqing, Enping, Kaiping, Luoding, Taishan, Xinxing,
# Yangchun, Yangjiang, Yu'nan, and Yunfu.
#
# Xin-zang Time ("Xinjiang-Tibet Time") UT+6
# Xin-zang Time ("Xinjiang-Tibet Time") UT +06
# Asia/Urumqi
# This currently represents Kunlun Time as well,
# as apparently the two regions have been the same since 1970.
......@@ -447,7 +444,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Shihezi, Changji, Yanqi, Heshuo, Tuokexun, Tulufan, Shanshan, Hami,
# Fukang, Kuitun, Kumukuli, Miquan, Qitai, and Turfan.
#
# Kunlun Time UT+5.5
# Kunlun Time UT +05:30
# Asia/Kashgar (currently a link to Asia/Urumqi)
# West Tibet, including Pulan, Aheqi, Shufu, Shule;
# West Xinjiang, including Aksu, Atushi, Yining, Hetian, Cele, Luopu, Nileke,
......@@ -463,7 +460,7 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
#
# On the other hand, ethnic Uyghurs, who make up about half the
# population of Xinjiang, typically use "Xinjiang time" which is two
# hours behind Beijing time, or UTC +0600. The government of the Xinjiang
# hours behind Beijing time, or UT +06. The government of the Xinjiang
# Uyghur Autonomous Region, (XAUR, or just Xinjiang for short) as well as
# local governments such as the Ürümqi city government use both times in
# publications, referring to what is popularly called Xinjiang time as
......@@ -519,8 +516,8 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# having the same time as Beijing.
# From Paul Eggert (2014-06-30):
# In the early days of the PRC, Tibet was given its own time zone (UT+6) but
# this was withdrawn in 1959 and never reinstated; see Tubten Khétsun,
# In the early days of the PRC, Tibet was given its own time zone (UT +06)
# but this was withdrawn in 1959 and never reinstated; see Tubten Khétsun,
# Memories of life in Lhasa under Chinese Rule, Columbia U Press, ISBN
# 978-0231142861 (2008), translator's introduction by Matthew Akester, p x.
# As this is before our 1970 cutoff, Tibet doesn't need a separate zone.
......@@ -534,12 +531,12 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# Republics, the Soviet Union, the Kuomintang, and the People's Republic of
# China, and tracking down all these organizations' timekeeping rules would be
# quite a trick. Approximate this lost history by a transition from LMT to
# XJT at the start of 1928, the year of accession of the warlord Jin Shuren,
# UT +06 at the start of 1928, the year of accession of the warlord Jin Shuren,
# which happens to be the date given by Shanks & Pottenger (no doubt as a
# guess) as the transition from LMT. Ignore the usage of UT+8 before
# 1986-02-01 under the theory that the transition date to UT+8 is unknown and
# guess) as the transition from LMT. Ignore the usage of +08 before
# 1986-02-01 under the theory that the transition date to +08 is unknown and
# that the sort of users who prefer Asia/Urumqi now typically ignored the
# UT+8 mandate back then.
# +08 mandate back then.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Beijing time, used throughout China; represented by Shanghai.
......@@ -744,7 +741,7 @@ Zone Asia/Hong_Kong 7:36:42 - LMT 1904 Oct 30
# be found from historical government announcement database.
# From Paul Eggert (2014-07-03):
# As per Yu-Cheng Chuang, say that Taiwan was at UT+9 from 1937-10-01
# As per Yu-Cheng Chuang, say that Taiwan was at UT +09 from 1937-10-01
# until 1945-09-21 at 01:00, overriding Shanks & Pottenger.
# Likewise, use Yu-Cheng Chuang's data for DST in Taiwan.
......@@ -797,9 +794,19 @@ Zone Asia/Macau 7:34:20 - LMT 1912 Jan 1
###############################################################################
# Cyprus
#
# Milne says the Eastern Telegraph Company used 2:14:00. Stick with LMT.
# IATA SSIM (1998-09) has Cyprus using EU rules for the first time.
# From Paul Eggert (2016-09-09):
# Yesterday's Cyprus Mail reports that Northern Cyprus followed Turkey's
# lead and switched from +02/+03 to +03 year-round.
# http://cyprus-mail.com/2016/09/08/two-time-zones-cyprus-turkey-will-not-turn-clocks-back-next-month/
#
# From Even Scharning (2016-10-31):
# Looks like the time zone split in Cyprus went through last night.
# http://cyprus-mail.com/2016/10/30/cyprus-new-division-two-time-zones-now-reality/
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Cyprus 1975 only - Apr 13 0:00 1:00 S
Rule Cyprus 1975 only - Oct 12 0:00 0 -
......@@ -814,7 +821,10 @@ Rule Cyprus 1981 1998 - Mar lastSun 0:00 1:00 S
Zone Asia/Nicosia 2:13:28 - LMT 1921 Nov 14
2:00 Cyprus EE%sT 1998 Sep
2:00 EUAsia EE%sT
# IATA SSIM (1998-09) has Cyprus using EU rules for the first time.
Zone Asia/Famagusta 2:15:48 - LMT 1921 Nov 14
2:00 Cyprus EE%sT 1998 Sep
2:00 EUAsia EE%sT 2016 Sep 8
3:00 - +03
# Classically, Cyprus belongs to Asia; e.g. see Herodotus, Histories, I.72.
# However, for various reasons many users expect to find it under Europe.
......@@ -858,16 +868,15 @@ Link Asia/Nicosia Europe/Nicosia
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Tbilisi 2:59:11 - LMT 1880
2:59:11 - TBMT 1924 May 2 # Tbilisi Mean Time
3:00 - TBIT 1957 Mar # Tbilisi Time
4:00 RussiaAsia TBI%sT 1991 Mar 31 2:00s
3:00 1:00 TBIST 1991 Apr 9 # independence
3:00 RussiaAsia GE%sT 1992 # Georgia Time
3:00 E-EurAsia GE%sT 1994 Sep lastSun
4:00 E-EurAsia GE%sT 1996 Oct lastSun
4:00 1:00 GEST 1997 Mar lastSun
4:00 E-EurAsia GE%sT 2004 Jun 27
3:00 RussiaAsia GE%sT 2005 Mar lastSun 2:00
4:00 - GET
3:00 - +03 1957 Mar
4:00 RussiaAsia +04/+05 1991 Mar 31 2:00s
3:00 RussiaAsia +03/+04 1992
3:00 E-EurAsia +03/+04 1994 Sep lastSun
4:00 E-EurAsia +04/+05 1996 Oct lastSun
4:00 1:00 +05 1997 Mar lastSun
4:00 E-EurAsia +04/+05 2004 Jun 27
3:00 RussiaAsia +03/+04 2005 Mar lastSun 2:00
4:00 - +04
# East Timor
......@@ -944,7 +953,7 @@ Zone Asia/Kolkata 5:53:28 - LMT 1880 # Kolkata
# These would be the earliest possible times for a change.
# Régimes horaires pour le monde entier, by Henri Le Corre, (Éditions
# Traditionnelles, 1987, Paris) says that Java and Madura switched
# from JST to UTC+07:30 on 1945-09-23, and gives 1944-09-01 for Jayapura
# from UT +09 to +07:30 on 1945-09-23, and gives 1944-09-01 for Jayapura
# (Hollandia). For now, assume all Indonesian locations other than Jayapura
# switched on 1945-09-23.
#
......@@ -955,11 +964,11 @@ Zone Asia/Kolkata 5:53:28 - LMT 1880 # Kolkata
# summary published by the Time and Frequency Laboratory of the
# Research Center for Calibration, Instrumentation and Metrology,
# Indonesia, <http://time.kim.lipi.go.id/time-eng.php> (2006-09-29).
# The abbreviations are:
# The time zone abbreviations and UT offsets are:
#
# WIB - UTC+7 - Waktu Indonesia Barat (Indonesia western time)
# WITA - UTC+8 - Waktu Indonesia Tengah (Indonesia central time)
# WIT - UTC+9 - Waktu Indonesia Timur (Indonesia eastern time)
# WIB - +07 - Waktu Indonesia Barat (Indonesia western time)
# WITA - +08 - Waktu Indonesia Tengah (Indonesia central time)
# WIT - +09 - Waktu Indonesia Timur (Indonesia eastern time)
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Java, Sumatra
......@@ -1848,11 +1857,11 @@ Rule Kyrgyz 1997 2005 - Mar lastSun 2:30 1:00 S
Rule Kyrgyz 1997 2004 - Oct lastSun 2:30 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Bishkek 4:58:24 - LMT 1924 May 2
5:00 - FRUT 1930 Jun 21 # Frunze Time
6:00 RussiaAsia FRU%sT 1991 Mar 31 2:00s
5:00 1:00 FRUST 1991 Aug 31 2:00 # independence
5:00 Kyrgyz KG%sT 2005 Aug 12 # Kyrgyzstan Time
6:00 - KGT
5:00 - +05 1930 Jun 21
6:00 RussiaAsia +06/+07 1991 Mar 31 2:00s
5:00 RussiaAsia +05/+06 1991 Aug 31 2:00
5:00 Kyrgyz +05/+06 2005 Aug 12
6:00 - +06
###############################################################################
......@@ -1891,25 +1900,24 @@ Rule ROK 1957 1960 - Sep Sun>=18 0:00 0 S
Rule ROK 1987 1988 - May Sun>=8 2:00 1:00 D
Rule ROK 1987 1988 - Oct Sun>=8 3:00 0 S
# From Paul Eggert (2014-10-30):
# From Paul Eggert (2016-08-23):
# The Korean Wikipedia entry gives the following sources for UT offsets:
#
# 1908: Official Journal Article No. 3994 (Edict No. 5)
# 1908: Official Journal Article No. 3994 (decree No. 5)
# 1912: Governor-General of Korea Official Gazette Issue No. 367
# (Announcement No. 338)
# 1954: Presidential Decree No. 876 (1954-03-17)
# 1961: Law No. 676 (1961-08-07)
# 1987: Law No. 3919 (1986-12-31)
#
# The Wikipedia entry also has confusing information about a change
# to UT+9 in April 1910, but then what would be the point of the later change
# to UT+9 on 1912-01-01? Omit the 1910 change for now.
# (Another source "1987: Law No. 3919 (1986-12-31)" was in the 2014-10-30
# edition of the Korean Wikipedia entry.)
#
# I guessed that time zone abbreviations through 1945 followed the same
# rules as discussed under Taiwan, with nominal switches from JST to KST
# when the respective cities were taken over by the Allies after WWII.
#
# For Pyongyang we have no information; guess no changes since World War II.
# For Pyongyang, guess no changes from World War II until 2015, as we
# have no information otherwise.
# From Steffen Thorsen (2015-08-07):
# According to many news sources, North Korea is going to change to
......@@ -2069,7 +2077,7 @@ Zone Indian/Maldives 4:54:00 - LMT 1880 # Male
# Bill Bonnet (2005-05-19) reports that the US Embassy in Ulaanbaatar says
# there is only one time zone and that DST is observed, citing Microsoft
# Windows XP as the source. Risto Nykänen (2005-05-16) reports that
# travelmongolia.org says there are two time zones (UTC+7, UTC+8) with no DST.
# travelmongolia.org says there are two time zones (UT +07, +08) with no DST.
# Oscar van Vlijmen (2005-05-20) reports that the Mongolian Embassy in
# Washington, DC says there are two time zones, with DST observed.
# He also found
......@@ -2572,11 +2580,6 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
# From Paul Eggert (2015-03-03):
# http://www.timeanddate.com/time/change/west-bank/ramallah?year=2014
# says that the fall 2014 transition was Oct 23 at 24:00.
# For future dates, guess the last Friday in March at 24:00 through
# the first Friday on or after October 21 at 00:00. This is consistent with
# the predictions in today's editions of the following URLs:
# http://www.timeanddate.com/time/change/gaza-strip/gaza
# http://www.timeanddate.com/time/change/west-bank/hebron
# From Hannah Kreitem (2016-03-09):
# http://www.palestinecabinet.gov.ps/WebSite/ar/ViewDetails?ID=31728
......@@ -2586,7 +2589,21 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
#
# From Paul Eggert (2016-03-12):
# Predict spring transitions on March's last Saturday at 01:00 from now on.
# Leave fall predictions alone for now.
# From Sharef Mustafa (2016-10-19):
# [T]he Palestinian cabinet decision (Mar 8th 2016) published on
# http://www.palestinecabinet.gov.ps/WebSite/Upload/Decree/GOV_17/16032016134830.pdf
# states that summer time will end on Oct 29th at 01:00.
#
# From Tim Parenti (2016-10-19):
# Predict fall transitions on October's last Saturday at 01:00 from now on.
# This is consistent with the 2016 transition as well as our spring
# predictions.
#
# From Paul Eggert (2016-10-19):
# It's also consistent with predictions in the following URLs today:
# http://www.timeanddate.com/time/change/gaza-strip/gaza
# http://www.timeanddate.com/time/change/west-bank/hebron
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
......@@ -2615,9 +2632,10 @@ Rule Palestine 2011 only - Sep 30 0:00 0 -
Rule Palestine 2012 2014 - Mar lastThu 24:00 1:00 S
Rule Palestine 2012 only - Sep 21 1:00 0 -
Rule Palestine 2013 only - Sep Fri>=21 0:00 0 -
Rule Palestine 2014 max - Oct Fri>=21 0:00 0 -
Rule Palestine 2014 2015 - Oct Fri>=21 0:00 0 -
Rule Palestine 2015 only - Mar lastFri 24:00 1:00 S
Rule Palestine 2016 max - Mar lastSat 1:00 1:00 S
Rule Palestine 2016 max - Oct lastSat 1:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
......@@ -2705,7 +2723,7 @@ Link Asia/Qatar Asia/Bahrain
# earlier date.
#
# Shanks & Pottenger also state that until 1968-05-01 Saudi Arabia had two
# time zones; the other zone, at UTC+4, was in the far eastern part of
# time zones; the other zone, at UT +04, was in the far eastern part of
# the country. Ignore this, as it's before our 1970 cutoff.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -2767,45 +2785,31 @@ Zone Asia/Singapore 6:55:25 - LMT 1901 Jan 1
# People who live in regions under Tamil control can use [TZ='Asia/Kolkata'],
# as that zone has agreed with the Tamil areas since our cutoff date of 1970.
# From K Sethu (2006-04-25):
# I think the abbreviation LKT originated from the world of computers at
# the time of or subsequent to the time zone changes by SL Government
# twice in 1996 and probably SL Government or its standardization
# agencies never declared an abbreviation as a national standard.
#
# I recollect before the recent change the government announcements
# mentioning it as simply changing Sri Lanka Standard Time or Sri Lanka
# Time and no mention was made about the abbreviation.
#
# If we look at Sri Lanka Department of Government's "Official News
# Website of Sri Lanka" ... http://www.news.lk/ we can see that they
# use SLT as abbreviation in time stamp at the beginning of each news
# item....
#
# Within Sri Lanka I think LKT is well known among computer users and
# administrators. In my opinion SLT may not be a good choice because the
# nation's largest telcom / internet operator Sri Lanka Telcom is well
# known by that abbreviation - simply as SLT (there IP domains are
# slt.lk and sltnet.lk).
#
# But if indeed our government has adopted SLT as standard abbreviation
# (that we have not known so far) then it is better that it be used for
# all computers.
# From Paul Eggert (2006-04-25):
# One possibility is that we wait for a bit for the dust to settle down
# and then see what people actually say in practice.
# From Sadika Sumanapala (2016-10-19):
# According to http://www.sltime.org (maintained by Measurement Units,
# Standards & Services Department, Sri Lanka) abbreviation for Sri Lanka
# standard time is SLST.
#
# From Paul Eggert (2016-10-18):
# "SLST" seems to be reasonably recent and rarely-used outside time
# zone nerd sources. I searched Google News and found three uses of
# it in the International Business Times of India in February and
# March of this year when discussing cricket match times, but nothing
# since then (though there has been a lot of cricket) and nothing in
# other English-language news sources. Our old abbreviation "LKT" is
# even worse. For now, let's use a numeric abbreviation; we can
# switch to "SLST" if it catches on.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Colombo 5:19:24 - LMT 1880
5:19:32 - MMT 1906 # Moratuwa Mean Time
5:30 - IST 1942 Jan 5
5:30 0:30 IHST 1942 Sep
5:30 1:00 IST 1945 Oct 16 2:00
5:30 - IST 1996 May 25 0:00
6:30 - LKT 1996 Oct 26 0:30
6:00 - LKT 2006 Apr 15 0:30
5:30 - IST
5:30 - +0530 1942 Jan 5
5:30 0:30 +0530/+06 1942 Sep
5:30 1:00 +0530/+0630 1945 Oct 16 2:00
5:30 - +0530 1996 May 25 0:00
6:30 - +0630 1996 Oct 26 0:30
6:00 - +06 2006 Apr 15 0:30
5:30 - +0530
# Syria
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
......@@ -2974,10 +2978,10 @@ Zone Asia/Damascus 2:25:12 - LMT 1920 # Dimashq
# From Shanks & Pottenger.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Dushanbe 4:35:12 - LMT 1924 May 2
5:00 - DUST 1930 Jun 21 # Dushanbe Time
6:00 RussiaAsia DUS%sT 1991 Mar 31 2:00s
5:00 1:00 DUSST 1991 Sep 9 2:00s
5:00 - TJT # Tajikistan Time
5:00 - +05 1930 Jun 21
6:00 RussiaAsia +06/+07 1991 Mar 31 2:00s
5:00 1:00 +05/+06 1991 Sep 9 2:00s
5:00 - +05
# Thailand
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -2991,11 +2995,10 @@ Link Asia/Bangkok Asia/Vientiane # Laos
# From Shanks & Pottenger.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Ashgabat 3:53:32 - LMT 1924 May 2 # or Ashkhabad
4:00 - ASHT 1930 Jun 21 # Ashkhabad Time
5:00 RussiaAsia ASH%sT 1991 Mar 31 2:00
4:00 RussiaAsia ASH%sT 1991 Oct 27 # independence
4:00 RussiaAsia TM%sT 1992 Jan 19 2:00
5:00 - TMT
4:00 - +04 1930 Jun 21
5:00 RussiaAsia +05/+06 1991 Mar 31 2:00
4:00 RussiaAsia +04/+05 1992 Jan 19 2:00
5:00 - +05
# United Arab Emirates
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -3007,20 +3010,18 @@ Link Asia/Dubai Asia/Muscat # Oman
# Byalokoz 1919 says Uzbekistan was 4:27:53.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Samarkand 4:27:53 - LMT 1924 May 2
4:00 - SAMT 1930 Jun 21 # Samarkand Time
5:00 - SAMT 1981 Apr 1
5:00 1:00 SAMST 1981 Oct 1
6:00 - TAST 1982 Apr 1 # Tashkent Time
5:00 RussiaAsia SAM%sT 1991 Sep 1 # independence
5:00 RussiaAsia UZ%sT 1992
5:00 - UZT
4:00 - +04 1930 Jun 21
5:00 - +05 1981 Apr 1
5:00 1:00 +06 1981 Oct 1
6:00 - +06 1982 Apr 1
5:00 RussiaAsia +05/+06 1992
5:00 - +05
# Milne says Tashkent was 4:37:10.8; round to nearest.
Zone Asia/Tashkent 4:37:11 - LMT 1924 May 2
5:00 - TAST 1930 Jun 21 # Tashkent Time
6:00 RussiaAsia TAS%sT 1991 Mar 31 2:00
5:00 RussiaAsia TAS%sT 1991 Sep 1 # independence
5:00 RussiaAsia UZ%sT 1992
5:00 - UZT
5:00 - +05 1930 Jun 21
6:00 RussiaAsia +06/+07 1991 Mar 31 2:00
5:00 RussiaAsia +05/+06 1992
5:00 - +05
# Vietnam
......
test/sun/util/calendar/zi/tzdata/australasia
浏览文件 @ 83f4f6a9
......@@ -373,7 +373,13 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
# commencing at 2.00 am on Sunday 1st November, 2015 and ending at
# 3.00 am on Sunday 17th January, 2016.
# From Paul Eggert (2015-09-01):
# From Raymond Kumar (2016-10-04):
# http://www.fiji.gov.fj/Media-Center/Press-Releases/DAYLIGHT-SAVING-STARTS-ON-6th-NOVEMBER,-2016.aspx
# "Fiji's daylight savings will begin on Sunday, 6 November 2016, when
# clocks go forward an hour at 2am to 3am.... Daylight Saving will
# end at 3.00am on Sunday 15th January 2017."
# From Paul Eggert (2016-10-03):
# For now, guess DST from 02:00 the first Sunday in November to
# 03:00 the third Sunday in January. Although ad hoc, it matches
# transitions since late 2014 and seems more likely to match future
......@@ -568,7 +574,7 @@ Zone Pacific/Port_Moresby 9:48:40 - LMT 1880
# Base the Bougainville entry on the Arawa-Kieta region, which appears to have
# the most people even though it was devastated in the Bougainville Civil War.
#
# Although Shanks gives 1942-03-15 / 1943-11-01 for JST, these dates
# Although Shanks gives 1942-03-15 / 1943-11-01 for UT +09, these dates
# are apparently rough guesswork from the starts of military campaigns.
# The World War II entries below are instead based on Arawa-Kieta.
# The Japanese occupied Kieta in July 1942,
......@@ -576,8 +582,8 @@ Zone Pacific/Port_Moresby 9:48:40 - LMT 1880
# http://pwencycl.kgbudge.com/B/o/Bougainville.htm
# and seem to have controlled it until their 1945-08-21 surrender.
#
# The Autonomous Region of Bougainville plans to switch from UTC+10 to UTC+11
# on 2014-12-28 at 02:00. They call UTC+11 "Bougainville Standard Time";
# The Autonomous Region of Bougainville switched from UT +10 to +11
# on 2014-12-28 at 02:00. They call +11 "Bougainville Standard Time";
# abbreviate this as BST. See:
# http://www.bougainville24.com/bougainville-issues/bougainville-gets-own-timezone/
#
......@@ -643,7 +649,7 @@ Link Pacific/Pago_Pago Pacific/Midway # in US minor outlying islands
# From Paul Eggert (2014-06-27):
# The International Date Line Act 2011
# http://www.parliament.gov.ws/images/ACTS/International_Date_Line_Act__2011_-_Eng.pdf
# changed Samoa from UTC-11 to UTC+13, effective "12 o'clock midnight, on
# changed Samoa from UT -11 to +13, effective "12 o'clock midnight, on
# Thursday 29th December 2011". The International Date Line was adjusted
# accordingly.
......@@ -719,11 +725,13 @@ Rule Tonga 1999 only - Oct 7 2:00s 1:00 S
Rule Tonga 2000 only - Mar 19 2:00s 0 -
Rule Tonga 2000 2001 - Nov Sun>=1 2:00 1:00 S
Rule Tonga 2001 2002 - Jan lastSun 2:00 0 -
Rule Tonga 2016 max - Nov Sun>=1 2:00 1:00 S
Rule Tonga 2017 max - Jan Sun>=15 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Tongatapu 12:19:20 - LMT 1901
12:20 - TOT 1941 # Tonga Time
13:00 - TOT 1999
13:00 Tonga TO%sT
12:20 - +1220 1941
13:00 - +13 1999
13:00 Tonga +13/+14
# Tuvalu
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -738,7 +746,7 @@ Zone Pacific/Funafuti 11:56:52 - LMT 1901
# 1886-1891; Baker was similar but exact dates are not known.
# Inhabited by civilians 1935-1942; U.S. military bases 1943-1944;
# uninhabited thereafter.
# Howland observed Hawaii Standard Time (UT-10:30) in 1937;
# Howland observed Hawaii Standard Time (UT -10:30) in 1937;
# see page 206 of Elgen M. Long and Marie K. Long,
# Amelia Earhart: the Mystery Solved, Simon & Schuster (2000).
# So most likely Howland and Baker observed Hawaii Time from 1935
......@@ -1496,7 +1504,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# Zealand time. I understand that is the time they keep locally, anyhow."
# For now, assume this practice goes back to the introduction of standard time
# in New Zealand, as this would make Chatham Islands time almost exactly match
# LMT back when New Zealand was at UTC+11:30; also, assume Chatham Islands did
# LMT back when New Zealand was at UT +11:30; also, assume Chatham Islands did
# not observe New Zealand's prewar DST.
###############################################################################
......@@ -1552,7 +1560,7 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# For now, we assume the Ladrones switched at the same time as the Philippines;
# see Asia/Manila.
# US Public Law 106-564 (2000-12-23) made UTC+10 the official standard time,
# US Public Law 106-564 (2000-12-23) made UT +10 the official standard time,
# under the name "Chamorro Standard Time". There is no official abbreviation,
# but Congressman Robert A. Underwood, author of the bill that became law,
# wrote in a press release (2000-12-27) that he will seek the use of "ChST".
......@@ -1564,15 +1572,15 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# "I am certain, having lived there for the past decade, that 'Truk'
# (now properly known as Chuuk) ... is in the time zone GMT+10."
#
# Shanks & Pottenger write that Truk switched from UTC+10 to UTC+11
# Shanks & Pottenger write that Truk switched from UT +10 to +11
# on 1978-10-01; ignore this for now.
# From Paul Eggert (1999-10-29):
# The Federated States of Micronesia Visitors Board writes in
# The Federated States of Micronesia - Visitor Information (1999-01-26)
# http://www.fsmgov.org/info/clocks.html
# that Truk and Yap are UTC+10, and Ponape and Kosrae are UTC+11.
# We don't know when Kosrae switched from UTC+12; assume January 1 for now.
# that Truk and Yap are UT +10, and Ponape and Kosrae are +11.
# We don't know when Kosrae switched from +12; assume January 1 for now.
# Midway
......@@ -1638,11 +1646,11 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# ordaining - by a masterpiece of diplomatic flattery - that
# the Fourth of July should be celebrated twice in that year."
# Although Shanks & Pottenger says they both switched to UTC-11:30
# in 1911, and to UTC-11 in 1950. many earlier sources give UTC-11
# Although Shanks & Pottenger says they both switched to UT -11:30
# in 1911, and to -11 in 1950. many earlier sources give -11
# for American Samoa, e.g., the US National Bureau of Standards
# circular "Standard Time Throughout the World", 1932.
# Assume American Samoa switched to UTC-11 in 1911, not 1950,
# Assume American Samoa switched to -11 in 1911, not 1950,
# and that after 1950 they agreed until (western) Samoa skipped a
# day in 2011. Assume also that the Samoas follow the US and New
# Zealand's "ST"/"DT" style of daylight-saving abbreviations.
......@@ -1729,9 +1737,17 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# of January the standard time in the Kingdom shall be moved backward by one
# hour to 1:00am.
# From Pulu 'Anau (2002-11-05):
# From Pulu ʻAnau (2002-11-05):
# The law was for 3 years, supposedly to get renewed. It wasn't.
# From Pulu ʻAnau (2016-10-27):
# http://mic.gov.to/news-today/press-releases/6375-daylight-saving-set-to-run-from-6-november-2016-to-15-january-2017
# Cannot find anyone who knows the rules, has seen the duration or has seen
# the cabinet decision, but it appears we are following Fiji's rule set.
#
# From Tim Parenti (2016-10-26):
# Assume Tonga will observe DST from the first Sunday in November at 02:00
# through the third Sunday in January at 03:00, like Fiji, for now.
# Wake
......
test/sun/util/calendar/zi/tzdata/backward
浏览文件 @ 83f4f6a9
......@@ -59,6 +59,7 @@ Link Asia/Shanghai Asia/Harbin
Link Asia/Urumqi Asia/Kashgar
Link Asia/Kathmandu Asia/Katmandu
Link Asia/Macau Asia/Macao
Link Asia/Yangon Asia/Rangoon
Link Asia/Ho_Chi_Minh Asia/Saigon
Link Asia/Jerusalem Asia/Tel_Aviv
Link Asia/Thimphu Asia/Thimbu
......
test/sun/util/calendar/zi/tzdata/etcetera
浏览文件 @ 83f4f6a9
......@@ -31,6 +31,13 @@
# need now for the entries that are not on UTC are for ships at sea
# that cannot use POSIX TZ settings.
# Starting with POSIX 1003.1-2001, the entries below are all
# unnecessary as settings for the TZ environment variable. E.g.,
# instead of TZ='Etc/GMT+4' one can use the POSIX setting TZ='<-04>+4'.
#
# Do not use a POSIX TZ setting like TZ='GMT+4', which is four hours
# behind GMT but uses the completely misleading abbreviation "GMT".
Zone Etc/GMT 0 - GMT
Zone Etc/UTC 0 - UTC
Zone Etc/UCT 0 - UCT
......@@ -49,23 +56,13 @@ Link Etc/GMT Etc/GMT-0
Link Etc/GMT Etc/GMT+0
Link Etc/GMT Etc/GMT0
# We use POSIX-style signs in the Zone names and the output abbreviations,
# Be consistent with POSIX TZ settings in the Zone names,
# even though this is the opposite of what many people expect.
# POSIX has positive signs west of Greenwich, but many people expect
# positive signs east of Greenwich. For example, TZ='Etc/GMT+4' uses
# the abbreviation "GMT+4" and corresponds to 4 hours behind UT
# the abbreviation "-04" and corresponds to 4 hours behind UT
# (i.e. west of Greenwich) even though many people would expect it to
# mean 4 hours ahead of UT (i.e. east of Greenwich).
#
# In the draft 5 of POSIX 1003.1-200x, the angle bracket notation allows for
# TZ='<GMT-4>+4'; if you want time zone abbreviations conforming to
# ISO 8601 you can use TZ='<-0400>+4'. Thus the commonly-expected
# offset is kept within the angle bracket (and is used for display)
# while the POSIX sign is kept outside the angle bracket (and is used
# for calculation).
#
# Do not use a TZ setting like TZ='GMT+4', which is four hours behind
# GMT but uses the completely misleading abbreviation "GMT".
# Earlier incarnations of this package were not POSIX-compliant,
# and had lines such as
......@@ -74,30 +71,31 @@ Link Etc/GMT Etc/GMT0
# way does a
# zic -l GMT-12
# so we moved the names into the Etc subdirectory.
# Also, the time zone abbreviations are now compatible with %z.
Zone Etc/GMT-14 14 - GMT-14 # 14 hours ahead of GMT
Zone Etc/GMT-13 13 - GMT-13
Zone Etc/GMT-12 12 - GMT-12
Zone Etc/GMT-11 11 - GMT-11
Zone Etc/GMT-10 10 - GMT-10
Zone Etc/GMT-9 9 - GMT-9
Zone Etc/GMT-8 8 - GMT-8
Zone Etc/GMT-7 7 - GMT-7
Zone Etc/GMT-6 6 - GMT-6
Zone Etc/GMT-5 5 - GMT-5
Zone Etc/GMT-4 4 - GMT-4
Zone Etc/GMT-3 3 - GMT-3
Zone Etc/GMT-2 2 - GMT-2
Zone Etc/GMT-1 1 - GMT-1
Zone Etc/GMT+1 -1 - GMT+1
Zone Etc/GMT+2 -2 - GMT+2
Zone Etc/GMT+3 -3 - GMT+3
Zone Etc/GMT+4 -4 - GMT+4
Zone Etc/GMT+5 -5 - GMT+5
Zone Etc/GMT+6 -6 - GMT+6
Zone Etc/GMT+7 -7 - GMT+7
Zone Etc/GMT+8 -8 - GMT+8
Zone Etc/GMT+9 -9 - GMT+9
Zone Etc/GMT+10 -10 - GMT+10
Zone Etc/GMT+11 -11 - GMT+11
Zone Etc/GMT+12 -12 - GMT+12
Zone Etc/GMT-14 14 - +14
Zone Etc/GMT-13 13 - +13
Zone Etc/GMT-12 12 - +12
Zone Etc/GMT-11 11 - +11
Zone Etc/GMT-10 10 - +10
Zone Etc/GMT-9 9 - +09
Zone Etc/GMT-8 8 - +08
Zone Etc/GMT-7 7 - +07
Zone Etc/GMT-6 6 - +06
Zone Etc/GMT-5 5 - +05
Zone Etc/GMT-4 4 - +04
Zone Etc/GMT-3 3 - +03
Zone Etc/GMT-2 2 - +02
Zone Etc/GMT-1 1 - +01
Zone Etc/GMT+1 -1 - -01
Zone Etc/GMT+2 -2 - -02
Zone Etc/GMT+3 -3 - -03
Zone Etc/GMT+4 -4 - -04
Zone Etc/GMT+5 -5 - -05
Zone Etc/GMT+6 -6 - -06
Zone Etc/GMT+7 -7 - -07
Zone Etc/GMT+8 -8 - -08
Zone Etc/GMT+9 -9 - -09
Zone Etc/GMT+10 -10 - -10
Zone Etc/GMT+11 -11 - -11
Zone Etc/GMT+12 -12 - -12
test/sun/util/calendar/zi/tzdata/europe
浏览文件 @ 83f4f6a9
......@@ -98,8 +98,7 @@
# 1:00 CET CEST CEMT Central Europe
# 1:00:14 SET Swedish (1879-1899)*
# 2:00 EET EEST Eastern Europe
# 3:00 FET Further-eastern Europe (2011-2014)*
# 3:00 MSK MSD MSM* Minsk, Moscow
# 3:00 MSK MSD Moscow
# From Peter Ilieve (1994-12-04),
# The original six [EU members]: Belgium, France, (West) Germany, Italy,
......@@ -606,16 +605,33 @@ Rule E-Eur 1979 1995 - Sep lastSun 0:00 0 -
Rule E-Eur 1981 max - Mar lastSun 0:00 1:00 S
Rule E-Eur 1996 max - Oct lastSun 0:00 0 -
# Daylight saving time for Russia and the Soviet Union
#
# The 1917-1921 decree URLs are from Alexander Belopolsky (2016-08-23).
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Russia 1917 only - Jul 1 23:00 1:00 MST # Moscow Summer Time
#
# Decree No. 142 (1917-12-22) http://istmat.info/node/28137
Rule Russia 1917 only - Dec 28 0:00 0 MMT # Moscow Mean Time
#
# Decree No. 497 (1918-05-30) http://istmat.info/node/30001
Rule Russia 1918 only - May 31 22:00 2:00 MDST # Moscow Double Summer Time
Rule Russia 1918 only - Sep 16 1:00 1:00 MST
#
# Decree No. 258 (1919-05-29) http://istmat.info/node/37949
Rule Russia 1919 only - May 31 23:00 2:00 MDST
Rule Russia 1919 only - Jul 1 2:00 1:00 MSD
#
Rule Russia 1919 only - Jul 1 0:00u 1:00 MSD
Rule Russia 1919 only - Aug 16 0:00 0 MSK
#
# Decree No. 63 (1921-02-03) http://istmat.info/node/45840
Rule Russia 1921 only - Feb 14 23:00 1:00 MSD
Rule Russia 1921 only - Mar 20 23:00 2:00 MSM # Midsummer
#
# Decree No. 121 (1921-03-07) http://istmat.info/node/45949
Rule Russia 1921 only - Mar 20 23:00 2:00 +05
#
Rule Russia 1921 only - Sep 1 0:00 1:00 MSD
Rule Russia 1921 only - Oct 1 0:00 0 -
# Act No. 925 of the Council of Ministers of the USSR (1980-10-24):
......@@ -798,8 +814,6 @@ Zone Europe/Vienna 1:05:21 - LMT 1893 Apr
# From Alexander Bokovoy (2014-10-09):
# Belarussian government decided against changing to winter time....
# http://eng.belta.by/all_news/society/Belarus-decides-against-adjusting-time-in-Russias-wake_i_76335.html
# From Paul Eggert (2014-10-08):
# Hence Belarus can share time zone abbreviations with Moscow again.
#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Minsk 1:50:16 - LMT 1880
......@@ -810,8 +824,7 @@ Zone Europe/Minsk 1:50:16 - LMT 1880
3:00 Russia MSK/MSD 1990
3:00 - MSK 1991 Mar 31 2:00s
2:00 Russia EE%sT 2011 Mar 27 2:00s
3:00 - FET 2014 Oct 26 1:00s
3:00 - MSK
3:00 - +03
# Belgium
#
......@@ -1319,7 +1332,7 @@ Zone Europe/Paris 0:09:21 - LMT 1891 Mar 15 0:01
# http://www.parlament-berlin.de/pds-fraktion.nsf/727459127c8b66ee8525662300459099/defc77cb784f180ac1256c2b0030274b/$FILE/bersarint.pdf
# says that Bersarin issued an order to use Moscow time on May 20.
# However, Moscow did not observe daylight saving in 1945, so
# this was equivalent to CEMT (GMT+3), not GMT+4.
# this was equivalent to UT +03, not +04.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
......@@ -1510,73 +1523,84 @@ Zone Atlantic/Reykjavik -1:28 - LMT 1908
# But these events all occurred before the 1970 cutoff,
# so record only the time in Rome.
#
# From Paul Eggert (2006-03-22):
# For Italian DST we have three sources: Shanks & Pottenger, Whitman, and
# F. Pollastri
# Day-light Saving Time in Italy (2006-02-03)
# http://toi.iriti.cnr.it/uk/ienitlt.html
# ('FP' below), taken from an Italian National Electrotechnical Institute
# publication. When the three sources disagree, guess who's right, as follows:
#
# year FP Shanks&P. (S) Whitman (W) Go with:
# 1916 06-03 06-03 24:00 06-03 00:00 FP & W
# 09-30 09-30 24:00 09-30 01:00 FP; guess 24:00s
# 1917 04-01 03-31 24:00 03-31 00:00 FP & S
# 09-30 09-29 24:00 09-30 01:00 FP & W
# 1918 03-09 03-09 24:00 03-09 00:00 FP & S
# 10-06 10-05 24:00 10-06 01:00 FP & W
# 1919 03-01 03-01 24:00 03-01 00:00 FP & S
# 10-04 10-04 24:00 10-04 01:00 FP; guess 24:00s
# 1920 03-20 03-20 24:00 03-20 00:00 FP & S
# 09-18 09-18 24:00 10-01 01:00 FP; guess 24:00s
# 1944 04-02 04-03 02:00 S (see C-Eur)
# 09-16 10-02 03:00 FP; guess 24:00s
# 1945 09-14 09-16 24:00 FP; guess 24:00s
# 1970 05-21 05-31 00:00 S
# 09-20 09-27 00:00 S
# From Michael Deckers (2016-10-24):
# http://www.ac-ilsestante.it/MERIDIANE/ora_legale quotes a law of 1893-08-10
# ... [translated as] "The preceding dispositions will enter into
# force at the instant at which, according to the time specified in
# the 1st article, the 1st of November 1893 will begin...."
#
# From Pierpaolo Bernardi (2016-10-20):
# The authoritative source for time in Italy is the national metrological
# institute, which has a summary page of historical DST data at
# http://www.inrim.it/res/tf/ora_legale_i.shtml
# (2016-10-24):
# http://www.renzobaldini.it/le-ore-legali-in-italia/
# has still different data for 1944. It divides Italy in two, as
# there were effectively two governments at the time, north of Gothic
# Line German controlled territory, official government RSI, and south
# of the Gothic Line, controlled by allied armies.
#
# From Brian Inglis (2016-10-23):
# Viceregal LEGISLATIVE DECREE. 14 September 1944, no. 219.
# Restoration of Standard Time. (044U0219) (OJ 62 of 30.9.1944) ...
# Given the R. law decreed on 1944-03-29, no. 92, by which standard time is
# advanced to sixty minutes later starting at hour two on 1944-04-02; ...
# Starting at hour three on the date 1944-09-17 standard time will be resumed.
#
# From Paul Eggert (2016-10-27):
# Go with INRiM for DST rules, except as corrected by Inglis for 1944
# for the Kingdom of Italy. This is consistent with Renzo Baldini.
# Model Rome's occupation by using using C-Eur rules from 1943-09-10
# to 1944-06-04; although Rome was an open city during this period, it
# was effectively controlled by Germany.
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Italy 1916 only - Jun 3 0:00s 1:00 S
Rule Italy 1916 only - Oct 1 0:00s 0 -
Rule Italy 1917 only - Apr 1 0:00s 1:00 S
Rule Italy 1917 only - Sep 30 0:00s 0 -
Rule Italy 1918 only - Mar 10 0:00s 1:00 S
Rule Italy 1918 1919 - Oct Sun>=1 0:00s 0 -
Rule Italy 1919 only - Mar 2 0:00s 1:00 S
Rule Italy 1920 only - Mar 21 0:00s 1:00 S
Rule Italy 1920 only - Sep 19 0:00s 0 -
Rule Italy 1940 only - Jun 15 0:00s 1:00 S
Rule Italy 1944 only - Sep 17 0:00s 0 -
Rule Italy 1945 only - Apr 2 2:00 1:00 S
Rule Italy 1945 only - Sep 15 0:00s 0 -
Rule Italy 1946 only - Mar 17 2:00s 1:00 S
Rule Italy 1946 only - Oct 6 2:00s 0 -
Rule Italy 1947 only - Mar 16 0:00s 1:00 S
Rule Italy 1947 only - Oct 5 0:00s 0 -
Rule Italy 1948 only - Feb 29 2:00s 1:00 S
Rule Italy 1948 only - Oct 3 2:00s 0 -
Rule Italy 1966 1968 - May Sun>=22 0:00 1:00 S
Rule Italy 1966 1969 - Sep Sun>=22 0:00 0 -
Rule Italy 1969 only - Jun 1 0:00 1:00 S
Rule Italy 1970 only - May 31 0:00 1:00 S
Rule Italy 1970 only - Sep lastSun 0:00 0 -
Rule Italy 1971 1972 - May Sun>=22 0:00 1:00 S
Rule Italy 1971 only - Sep lastSun 1:00 0 -
Rule Italy 1972 only - Oct 1 0:00 0 -
Rule Italy 1973 only - Jun 3 0:00 1:00 S
Rule Italy 1973 1974 - Sep lastSun 0:00 0 -
Rule Italy 1974 only - May 26 0:00 1:00 S
Rule Italy 1975 only - Jun 1 0:00s 1:00 S
Rule Italy 1975 1977 - Sep lastSun 0:00s 0 -
Rule Italy 1976 only - May 30 0:00s 1:00 S
Rule Italy 1977 1979 - May Sun>=22 0:00s 1:00 S
Rule Italy 1978 only - Oct 1 0:00s 0 -
Rule Italy 1979 only - Sep 30 0:00s 0 -
Rule Italy 1916 only - Jun 3 24:00 1:00 S
Rule Italy 1916 1917 - Sep 30 24:00 0 -
Rule Italy 1917 only - Mar 31 24:00 1:00 S
Rule Italy 1918 only - Mar 9 24:00 1:00 S
Rule Italy 1918 only - Oct 6 24:00 0 -
Rule Italy 1919 only - Mar 1 24:00 1:00 S
Rule Italy 1919 only - Oct 4 24:00 0 -
Rule Italy 1920 only - Mar 20 24:00 1:00 S
Rule Italy 1920 only - Sep 18 24:00 0 -
Rule Italy 1940 only - Jun 14 24:00 1:00 S
Rule Italy 1942 only - Nov 2 2:00s 0 -
Rule Italy 1943 only - Mar 29 2:00s 1:00 S
Rule Italy 1943 only - Oct 4 2:00s 0 -
Rule Italy 1944 only - Apr 2 2:00s 1:00 S
Rule Italy 1944 only - Sep 17 2:00s 0 -
Rule Italy 1945 only - Apr 2 2:00 1:00 S
Rule Italy 1945 only - Sep 15 1:00 0 -
Rule Italy 1946 only - Mar 17 2:00s 1:00 S
Rule Italy 1946 only - Oct 6 2:00s 0 -
Rule Italy 1947 only - Mar 16 0:00s 1:00 S
Rule Italy 1947 only - Oct 5 0:00s 0 -
Rule Italy 1948 only - Feb 29 2:00s 1:00 S
Rule Italy 1948 only - Oct 3 2:00s 0 -
Rule Italy 1966 1968 - May Sun>=22 0:00s 1:00 S
Rule Italy 1966 only - Sep 24 24:00 0 -
Rule Italy 1967 1969 - Sep Sun>=22 0:00s 0 -
Rule Italy 1969 only - Jun 1 0:00s 1:00 S
Rule Italy 1970 only - May 31 0:00s 1:00 S
Rule Italy 1970 only - Sep lastSun 0:00s 0 -
Rule Italy 1971 1972 - May Sun>=22 0:00s 1:00 S
Rule Italy 1971 only - Sep lastSun 0:00s 0 -
Rule Italy 1972 only - Oct 1 0:00s 0 -
Rule Italy 1973 only - Jun 3 0:00s 1:00 S
Rule Italy 1973 1974 - Sep lastSun 0:00s 0 -
Rule Italy 1974 only - May 26 0:00s 1:00 S
Rule Italy 1975 only - Jun 1 0:00s 1:00 S
Rule Italy 1975 1977 - Sep lastSun 0:00s 0 -
Rule Italy 1976 only - May 30 0:00s 1:00 S
Rule Italy 1977 1979 - May Sun>=22 0:00s 1:00 S
Rule Italy 1978 only - Oct 1 0:00s 0 -
Rule Italy 1979 only - Sep 30 0:00s 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Rome 0:49:56 - LMT 1866 Sep 22
0:49:56 - RMT 1893 Nov 1 0:00s # Rome Mean
1:00 Italy CE%sT 1942 Nov 2 2:00s
1:00 C-Eur CE%sT 1944 Jul
0:49:56 - RMT 1893 Oct 31 23:49:56 # Rome Mean
1:00 Italy CE%sT 1943 Sep 10
1:00 C-Eur CE%sT 1944 Jun 4
1:00 Italy CE%sT 1980
1:00 EU CE%sT
......@@ -1775,6 +1799,10 @@ Zone Europe/Luxembourg 0:24:36 - LMT 1904 Jun
# See Europe/Belgrade.
# Malta
#
# From Paul Eggert (2016-10-21):
# Assume 1900-1972 was like Rome, overriding Shanks.
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Malta 1973 only - Mar 31 0:00s 1:00 S
Rule Malta 1973 only - Sep 29 0:00s 0 -
......@@ -1785,8 +1813,6 @@ Rule Malta 1975 1980 - Sep Sun>=15 2:00 0 -
Rule Malta 1980 only - Mar 31 2:00 1:00 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Malta 0:58:04 - LMT 1893 Nov 2 0:00s # Valletta
1:00 Italy CE%sT 1942 Nov 2 2:00s
1:00 C-Eur CE%sT 1945 Apr 2 2:00s
1:00 Italy CE%sT 1973 Mar 31
1:00 Malta CE%sT 1981
1:00 EU CE%sT
......@@ -1918,7 +1944,7 @@ Zone Europe/Monaco 0:29:32 - LMT 1891 Mar 15
# Amsterdam mean time.
# The data entries before 1945 are taken from
# http://www.phys.uu.nl/~vgent/wettijd/wettijd.htm
# http://www.staff.science.uu.nl/~gent0113/wettijd/wettijd.htm
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Neth 1916 only - May 1 0:00 1:00 NST # Netherlands Summer Time
......@@ -2283,7 +2309,6 @@ Zone Europe/Bucharest 1:44:24 - LMT 1891 Oct
# http://www.worldtimezone.com/dst_news/dst_news_russia-map-2014-07.html
# From Paul Eggert (2006-03-22):
# Except for Moscow after 1919-07-01, I invented the time zone abbreviations.
# Moscow time zone abbreviations after 1919-07-01, and Moscow rules after 1991,
# are from Andrey A. Chernov. The rest is from Shanks & Pottenger,
# except we follow Chernov's report that 1992 DST transitions were Sat
......@@ -2359,7 +2384,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
2:00 Poland CE%sT 1946
3:00 Russia MSK/MSD 1989 Mar 26 2:00s
2:00 Russia EE%sT 2011 Mar 27 2:00s
3:00 - FET 2014 Oct 26 2:00s
3:00 - +03 2014 Oct 26 2:00s
2:00 - EET
......@@ -2412,6 +2437,16 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
# 78 RU-SPE Saint Petersburg
# 83 RU-NEN Nenets Autonomous Okrug
# From Paul Eggert (2016-08-23):
# The Soviets switched to UT-based time in 1919. Decree No. 59
# (1919-02-08) http://istmat.info/node/35567 established UT-based time
# zones, and Decree No. 147 (1919-03-29) http://istmat.info/node/35854
# specified a transition date of 1919-07-01, apparently at 00:00 UT.
# No doubt only the Soviet-controlled regions switched on that date;
# later transitions to UT-based time in other parts of Russia are
# taken from what appear to be guesses by Shanks.
# (Thanks to Alexander Belopolsky for pointers to the decrees.)
# From Stepan Golosunov (2016-03-07):
# 11. Regions-violators, 1981-1982.
# Wikipedia refers to
......@@ -2453,7 +2488,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
# attributes the 1982 changes to the Act of the Council of Ministers
# of the USSR No. 126 from 18.02.1982. 1980-925.txt also adds
# Udmurtia to the list of affected territories and lists Khatangsky
# district separately from Taymyr Autonomous Okurg. Probably erroneously.
# district separately from Taymyr Autonomous Okrug. Probably erroneously.
#
# The affected territories are currently listed under Europe/Moscow,
# Asia/Yekaterinburg and Asia/Krasnoyarsk.
......@@ -2513,7 +2548,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr
Zone Europe/Moscow 2:30:17 - LMT 1880
2:30:17 - MMT 1916 Jul 3 # Moscow Mean Time
2:31:19 Russia %s 1919 Jul 1 2:00
2:31:19 Russia %s 1919 Jul 1 0:00u
3:00 Russia %s 1921 Oct
3:00 Russia MSK/MSD 1922 Oct
2:00 - EET 1930 Jun 21
......@@ -2596,22 +2631,21 @@ Zone Europe/Astrakhan 3:12:12 - LMT 1924 May
# The 1988 transition is from USSR act No. 5 (1988-01-04).
Zone Europe/Volgograd 2:57:40 - LMT 1920 Jan 3
3:00 - TSAT 1925 Apr 6 # Tsaritsyn Time
3:00 - STAT 1930 Jun 21 # Stalingrad Time
4:00 - STAT 1961 Nov 11
4:00 Russia VOL%sT 1988 Mar 27 2:00s # Volgograd T
3:00 Russia VOL%sT 1991 Mar 31 2:00s
4:00 - VOLT 1992 Mar 29 2:00s
3:00 Russia MSK/MSD 2011 Mar 27 2:00s
4:00 - MSK 2014 Oct 26 2:00s
3:00 - MSK
3:00 - +03 1930 Jun 21
4:00 - +04 1961 Nov 11
4:00 Russia +04/+05 1988 Mar 27 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
4:00 - +04 1992 Mar 29 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04 2014 Oct 26 2:00s
3:00 - +03
# From Paul Eggert (2016-03-18):
# Europe/Kirov covers:
# 43 RU-KIR Kirov Oblast
# The 1989 transition is from USSR act No. 227 (1989-03-14).
#
Zone Europe/Kirov 3:18:48 - LMT 1919 Jul 1 2:00
Zone Europe/Kirov 3:18:48 - LMT 1919 Jul 1 0:00u
3:00 - +03 1930 Jun 21
4:00 Russia +04/+05 1989 Mar 26 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
......@@ -2629,16 +2663,16 @@ Zone Europe/Kirov 3:18:48 - LMT 1919 Jul 1 2:00
# Byalokoz 1919 says Samara was 3:20:20.
# The 1989 transition is from USSR act No. 227 (1989-03-14).
Zone Europe/Samara 3:20:20 - LMT 1919 Jul 1 2:00
3:00 - SAMT 1930 Jun 21 # Samara Time
4:00 - SAMT 1935 Jan 27
4:00 Russia KUY%sT 1989 Mar 26 2:00s # Kuybyshev
3:00 Russia MSK/MSD 1991 Mar 31 2:00s
2:00 Russia EE%sT 1991 Sep 29 2:00s
3:00 - SAMT 1991 Oct 20 3:00
4:00 Russia SAM%sT 2010 Mar 28 2:00s
3:00 Russia SAM%sT 2011 Mar 27 2:00s
4:00 - SAMT
Zone Europe/Samara 3:20:20 - LMT 1919 Jul 1 0:00u
3:00 - +03 1930 Jun 21
4:00 - +04 1935 Jan 27
4:00 Russia +04/+05 1989 Mar 26 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
2:00 Russia +02/+03 1991 Sep 29 2:00s
3:00 - +03 1991 Oct 20 3:00
4:00 Russia +04/+05 2010 Mar 28 2:00s
3:00 Russia +03/+04 2011 Mar 27 2:00s
4:00 - +04
# From Paul Eggert (2016-03-18):
# Europe/Ulyanovsk covers:
......@@ -2653,7 +2687,7 @@ Zone Europe/Samara 3:20:20 - LMT 1919 Jul 1 2:00
# From Matt Johnson (2016-03-09):
# http://publication.pravo.gov.ru/Document/View/0001201603090051
Zone Europe/Ulyanovsk 3:13:36 - LMT 1919 Jul 1 2:00
Zone Europe/Ulyanovsk 3:13:36 - LMT 1919 Jul 1 0:00u
3:00 - +03 1930 Jun 21
4:00 Russia +04/+05 1989 Mar 26 2:00s
3:00 Russia +03/+04 1991 Mar 31 2:00s
......@@ -2685,12 +2719,12 @@ Zone Europe/Ulyanovsk 3:13:36 - LMT 1919 Jul 1 2:00
Zone Asia/Yekaterinburg 4:02:33 - LMT 1916 Jul 3
3:45:05 - PMT 1919 Jul 15 4:00
4:00 - SVET 1930 Jun 21 # Sverdlovsk Time
5:00 Russia SVE%sT 1991 Mar 31 2:00s
4:00 Russia SVE%sT 1992 Jan 19 2:00s
5:00 Russia YEK%sT 2011 Mar 27 2:00s
6:00 - YEKT 2014 Oct 26 2:00s
5:00 - YEKT
4:00 - +04 1930 Jun 21
5:00 Russia +05/+06 1991 Mar 31 2:00s
4:00 Russia +04/+05 1992 Jan 19 2:00s
5:00 Russia +05/+06 2011 Mar 27 2:00s
6:00 - +06 2014 Oct 26 2:00s
5:00 - +05
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
......@@ -2700,12 +2734,12 @@ Zone Asia/Yekaterinburg 4:02:33 - LMT 1916 Jul 3
# Byalokoz 1919 says Omsk was 4:53:30.
Zone Asia/Omsk 4:53:30 - LMT 1919 Nov 14
5:00 - OMST 1930 Jun 21 # Omsk Time
6:00 Russia OMS%sT 1991 Mar 31 2:00s
5:00 Russia OMS%sT 1992 Jan 19 2:00s
6:00 Russia OMS%sT 2011 Mar 27 2:00s
7:00 - OMST 2014 Oct 26 2:00s
6:00 - OMST
5:00 - +05 1930 Jun 21
6:00 Russia +06/+07 1991 Mar 31 2:00s
5:00 Russia +05/+06 1992 Jan 19 2:00s
6:00 Russia +06/+07 2011 Mar 27 2:00s
7:00 - +07 2014 Oct 26 2:00s
6:00 - +06
# From Paul Eggert (2016-02-22):
# Asia/Barnaul covers:
......@@ -2785,7 +2819,7 @@ Zone Asia/Novosibirsk 5:31:40 - LMT 1919 Dec 14 6:00
# Note that time belts (numbered from 2 (Moscow) to 12 according to their
# GMT/UTC offset and having too many exceptions like regions formally
# belonging to one belt but using time from another) were replaced
# with time zones in 2011 with different numberings (there was a
# with time zones in 2011 with different numbering (there was a
# 2-hour gap between second and third zones in 2011-2014).
# From Stepan Golosunov (2016-04-12):
......@@ -2868,12 +2902,12 @@ Zone Asia/Novokuznetsk 5:48:48 - LMT 1924 May 1
# Byalokoz 1919 says Krasnoyarsk was 6:11:26.
Zone Asia/Krasnoyarsk 6:11:26 - LMT 1920 Jan 6
6:00 - KRAT 1930 Jun 21 # Krasnoyarsk Time
7:00 Russia KRA%sT 1991 Mar 31 2:00s
6:00 Russia KRA%sT 1992 Jan 19 2:00s
7:00 Russia KRA%sT 2011 Mar 27 2:00s
8:00 - KRAT 2014 Oct 26 2:00s
7:00 - KRAT
6:00 - +06 1930 Jun 21
7:00 Russia +07/+08 1991 Mar 31 2:00s
6:00 Russia +06/+07 1992 Jan 19 2:00s
7:00 Russia +07/+08 2011 Mar 27 2:00s
8:00 - +08 2014 Oct 26 2:00s
7:00 - +07
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
......@@ -2890,12 +2924,12 @@ Zone Asia/Krasnoyarsk 6:11:26 - LMT 1920 Jan 6
Zone Asia/Irkutsk 6:57:05 - LMT 1880
6:57:05 - IMT 1920 Jan 25 # Irkutsk Mean Time
7:00 - IRKT 1930 Jun 21 # Irkutsk Time
8:00 Russia IRK%sT 1991 Mar 31 2:00s
7:00 Russia IRK%sT 1992 Jan 19 2:00s
8:00 Russia IRK%sT 2011 Mar 27 2:00s
9:00 - IRKT 2014 Oct 26 2:00s
8:00 - IRKT
7:00 - +07 1930 Jun 21
8:00 Russia +08/+09 1991 Mar 31 2:00s
7:00 Russia +07/+08 1992 Jan 19 2:00s
8:00 Russia +08/+09 2011 Mar 27 2:00s
9:00 - +09 2014 Oct 26 2:00s
8:00 - +08
# From Tim Parenti (2014-07-06):
......@@ -2912,13 +2946,13 @@ Zone Asia/Irkutsk 6:57:05 - LMT 1880
# http://publication.pravo.gov.ru/Document/View/0001201512300107
Zone Asia/Chita 7:33:52 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAK%sT 1991 Mar 31 2:00s
8:00 Russia YAK%sT 1992 Jan 19 2:00s
9:00 Russia YAK%sT 2011 Mar 27 2:00s
10:00 - YAKT 2014 Oct 26 2:00s
8:00 - IRKT 2016 Mar 27 2:00
9:00 - YAKT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1991 Mar 31 2:00s
8:00 Russia +08/+09 1992 Jan 19 2:00s
9:00 Russia +09/+10 2011 Mar 27 2:00s
10:00 - +10 2014 Oct 26 2:00s
8:00 - +08 2016 Mar 27 2:00
9:00 - +09
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
......@@ -2958,12 +2992,12 @@ Zone Asia/Chita 7:33:52 - LMT 1919 Dec 15
# Byalokoz 1919 says Yakutsk was 8:38:58.
Zone Asia/Yakutsk 8:38:58 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAK%sT 1991 Mar 31 2:00s
8:00 Russia YAK%sT 1992 Jan 19 2:00s
9:00 Russia YAK%sT 2011 Mar 27 2:00s
10:00 - YAKT 2014 Oct 26 2:00s
9:00 - YAKT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1991 Mar 31 2:00s
8:00 Russia +08/+09 1992 Jan 19 2:00s
9:00 Russia +09/+10 2011 Mar 27 2:00s
10:00 - +10 2014 Oct 26 2:00s
9:00 - +09
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
......@@ -2981,12 +3015,12 @@ Zone Asia/Yakutsk 8:38:58 - LMT 1919 Dec 15
# Go with Byalokoz.
Zone Asia/Vladivostok 8:47:31 - LMT 1922 Nov 15
9:00 - VLAT 1930 Jun 21 # Vladivostok Time
10:00 Russia VLA%sT 1991 Mar 31 2:00s
9:00 Russia VLA%sT 1992 Jan 19 2:00s
10:00 Russia VLA%sT 2011 Mar 27 2:00s
11:00 - VLAT 2014 Oct 26 2:00s
10:00 - VLAT
9:00 - +09 1930 Jun 21
10:00 Russia +10/+11 1991 Mar 31 2:00s
9:00 Russia +09/+10 1992 Jan 19 2:00s
10:00 Russia +10/+11 2011 Mar 27 2:00s
11:00 - +11 2014 Oct 26 2:00s
10:00 - +10
# From Tim Parenti (2014-07-03):
......@@ -3004,14 +3038,14 @@ Zone Asia/Vladivostok 8:47:31 - LMT 1922 Nov 15
# This transition is no doubt wrong, but we have no better info.
Zone Asia/Khandyga 9:02:13 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAK%sT 1991 Mar 31 2:00s
8:00 Russia YAK%sT 1992 Jan 19 2:00s
9:00 Russia YAK%sT 2004
10:00 Russia VLA%sT 2011 Mar 27 2:00s
11:00 - VLAT 2011 Sep 13 0:00s # Decree 725?
10:00 - YAKT 2014 Oct 26 2:00s
9:00 - YAKT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1991 Mar 31 2:00s
8:00 Russia +08/+09 1992 Jan 19 2:00s
9:00 Russia +09/+10 2004
10:00 Russia +10/+11 2011 Mar 27 2:00s
11:00 - +11 2011 Sep 13 0:00s # Decree 725?
10:00 - +10 2014 Oct 26 2:00s
9:00 - +09
# From Tim Parenti (2014-07-03):
......@@ -3027,15 +3061,14 @@ Zone Asia/Khandyga 9:02:13 - LMT 1919 Dec 15
# The Zone name should be Asia/Yuzhno-Sakhalinsk, but that's too long.
Zone Asia/Sakhalin 9:30:48 - LMT 1905 Aug 23
9:00 - JCST 1937 Oct 1
9:00 - JST 1945 Aug 25
11:00 Russia SAK%sT 1991 Mar 31 2:00s # Sakhalin T
10:00 Russia SAK%sT 1992 Jan 19 2:00s
11:00 Russia SAK%sT 1997 Mar lastSun 2:00s
10:00 Russia SAK%sT 2011 Mar 27 2:00s
11:00 - SAKT 2014 Oct 26 2:00s
10:00 - SAKT 2016 Mar 27 2:00s
11:00 - SAKT
9:00 - +09 1945 Aug 25
11:00 Russia +11/+12 1991 Mar 31 2:00s # Sakhalin T
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 1997 Mar lastSun 2:00s
10:00 Russia +10/+11 2011 Mar 27 2:00s
11:00 - +11 2014 Oct 26 2:00s
10:00 - +10 2016 Mar 27 2:00s
11:00 - +11
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
......@@ -3058,13 +3091,13 @@ Zone Asia/Sakhalin 9:30:48 - LMT 1905 Aug 23
# http://publication.pravo.gov.ru/Document/View/0001201604050038
Zone Asia/Magadan 10:03:12 - LMT 1924 May 2
10:00 - MAGT 1930 Jun 21 # Magadan Time
11:00 Russia MAG%sT 1991 Mar 31 2:00s
10:00 Russia MAG%sT 1992 Jan 19 2:00s
11:00 Russia MAG%sT 2011 Mar 27 2:00s
12:00 - MAGT 2014 Oct 26 2:00s
10:00 - MAGT 2016 Apr 24 2:00s
11:00 - MAGT
10:00 - +10 1930 Jun 21 # Magadan Time
11:00 Russia +11/+12 1991 Mar 31 2:00s
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12 2014 Oct 26 2:00s
10:00 - +10 2016 Apr 24 2:00s
11:00 - +11
# From Tim Parenti (2014-07-06):
......@@ -3107,17 +3140,14 @@ Zone Asia/Magadan 10:03:12 - LMT 1924 May 2
# in Russian.) In addition, Srednekolymsk appears to be a much older
# settlement and the population of Zyryanka seems to be declining.
# Go with Srednekolymsk.
#
# Since Magadan Oblast moves to UTC+10 on 2014-10-26, we cannot keep using MAGT
# as the abbreviation. Use SRET instead.
Zone Asia/Srednekolymsk 10:14:52 - LMT 1924 May 2
10:00 - MAGT 1930 Jun 21 # Magadan Time
11:00 Russia MAG%sT 1991 Mar 31 2:00s
10:00 Russia MAG%sT 1992 Jan 19 2:00s
11:00 Russia MAG%sT 2011 Mar 27 2:00s
12:00 - MAGT 2014 Oct 26 2:00s
11:00 - SRET # Srednekolymsk Time
10:00 - +10 1930 Jun 21
11:00 Russia +11/+12 1991 Mar 31 2:00s
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12 2014 Oct 26 2:00s
11:00 - +11
# From Tim Parenti (2014-07-03):
......@@ -3135,14 +3165,14 @@ Zone Asia/Srednekolymsk 10:14:52 - LMT 1924 May 2
# UTC+12 since at least then, too.
Zone Asia/Ust-Nera 9:32:54 - LMT 1919 Dec 15
8:00 - YAKT 1930 Jun 21 # Yakutsk Time
9:00 Russia YAKT 1981 Apr 1
11:00 Russia MAG%sT 1991 Mar 31 2:00s
10:00 Russia MAG%sT 1992 Jan 19 2:00s
11:00 Russia MAG%sT 2011 Mar 27 2:00s
12:00 - MAGT 2011 Sep 13 0:00s # Decree 725?
11:00 - VLAT 2014 Oct 26 2:00s
10:00 - VLAT
8:00 - +08 1930 Jun 21
9:00 Russia +09/+10 1981 Apr 1
11:00 Russia +11/+12 1991 Mar 31 2:00s
10:00 Russia +10/+11 1992 Jan 19 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12 2011 Sep 13 0:00s # Decree 725?
11:00 - +11 2014 Oct 26 2:00s
10:00 - +10
# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
......@@ -3155,12 +3185,12 @@ Zone Asia/Ust-Nera 9:32:54 - LMT 1919 Dec 15
# The Zone name should be Asia/Petropavlovsk-Kamchatski or perhaps
# Asia/Petropavlovsk-Kamchatsky, but these are too long.
Zone Asia/Kamchatka 10:34:36 - LMT 1922 Nov 10
11:00 - PETT 1930 Jun 21 # P-K Time
12:00 Russia PET%sT 1991 Mar 31 2:00s
11:00 Russia PET%sT 1992 Jan 19 2:00s
12:00 Russia PET%sT 2010 Mar 28 2:00s
11:00 Russia PET%sT 2011 Mar 27 2:00s
12:00 - PETT
11:00 - +11 1930 Jun 21
12:00 Russia +12/+13 1991 Mar 31 2:00s
11:00 Russia +11/+12 1992 Jan 19 2:00s
12:00 Russia +12/+13 2010 Mar 28 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12
# From Tim Parenti (2014-07-03):
......@@ -3168,13 +3198,13 @@ Zone Asia/Kamchatka 10:34:36 - LMT 1922 Nov 10
# 87 RU-CHU Chukotka Autonomous Okrug
Zone Asia/Anadyr 11:49:56 - LMT 1924 May 2
12:00 - ANAT 1930 Jun 21 # Anadyr Time
13:00 Russia ANA%sT 1982 Apr 1 0:00s
12:00 Russia ANA%sT 1991 Mar 31 2:00s
11:00 Russia ANA%sT 1992 Jan 19 2:00s
12:00 Russia ANA%sT 2010 Mar 28 2:00s
11:00 Russia ANA%sT 2011 Mar 27 2:00s
12:00 - ANAT
12:00 - +12 1930 Jun 21
13:00 Russia +13/+14 1982 Apr 1 0:00s
12:00 Russia +12/+13 1991 Mar 31 2:00s
11:00 Russia +11/+12 1992 Jan 19 2:00s
12:00 Russia +12/+13 2010 Mar 28 2:00s
11:00 Russia +11/+12 2011 Mar 27 2:00s
12:00 - +12
# San Marino
......@@ -3433,22 +3463,24 @@ Zone Europe/Zurich 0:34:08 - LMT 1853 Jul 16 # See above comment.
# Turkey
# From Amar Devegowda (2007-01-03):
# The time zone rules for Istanbul, Turkey have not been changed for years now.
# ... The latest rules are available at:
# http://www.timeanddate.com/worldclock/timezone.html?n=107
# From Steffen Thorsen (2007-01-03):
# I have been able to find press records back to 1996 which all say that
# DST started 01:00 local time and end at 02:00 local time. I am not sure
# what happened before that. One example for each year from 1996 to 2001:
# http://newspot.byegm.gov.tr/arsiv/1996/21/N4.htm
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING97/03/97X03X25.TXT
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING98/03/98X03X02.HTM
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING99/10/99X10X26.HTM#%2016
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING2000/03/00X03X06.HTM#%2021
# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING2001/03/23x03x01.HTM#%2027
# From Paul Eggert (2007-01-03):
# Prefer the above source to Shanks & Pottenger for time stamps after 1990.
# From Kıvanç Yazan (2016-09-25):
# 1) For 1986-2006, DST started at 01:00 local and ended at 02:00 local, with
# no exceptions.
# 2) 1994's lastSun was overridden with Mar 20 ...
# Here are official papers:
# http://www.resmigazete.gov.tr/arsiv/19032.pdf - page 2 for 1986
# http://www.resmigazete.gov.tr/arsiv/19400.pdf - page 4 for 1987
# http://www.resmigazete.gov.tr/arsiv/19752.pdf - page 15 for 1988
# http://www.resmigazete.gov.tr/arsiv/20102.pdf - page 6 for 1989
# http://www.resmigazete.gov.tr/arsiv/20464.pdf - page 1 for 1990 - 1992
# http://www.resmigazete.gov.tr/arsiv/21531.pdf - page 15 for 1993 - 1995
# http://www.resmigazete.gov.tr/arsiv/21879.pdf - page 1 for overriding 1994
# http://www.resmigazete.gov.tr/arsiv/22588.pdf - page 1 for 1996, 1997
# http://www.resmigazete.gov.tr/arsiv/23286.pdf - page 10 for 1998 - 2000
# http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2 - for 2001
# http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2 - for 2002-2006
# From Paul Eggert (2016-09-25):
# Prefer the above sources to Shanks & Pottenger for time stamps after 1985.
# From Steffen Thorsen (2007-03-09):
# Starting 2007 though, it seems that they are adopting EU's 1:00 UTC
......@@ -3495,6 +3527,14 @@ Zone Europe/Zurich 0:34:08 - LMT 1853 Jul 16 # See above comment.
# Engineered Standard Time," said Twitter user @aysekarahasan.
# http://www.bbc.com/news/world-europe-34631326
# From Burak AYDIN (2016-09-08):
# Turkey will stay in Daylight Saving Time even in winter....
# http://www.resmigazete.gov.tr/eskiler/2016/09/20160908-2.pdf
#
# From Paul Eggert (2016-09-07):
# The change is permanent, so this is the new standard time in Turkey.
# It takes effect today, which is not much notice.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Turkey 1916 only - May 1 0:00 1:00 S
Rule Turkey 1916 only - Oct 1 0:00 0 -
......@@ -3549,16 +3589,16 @@ Rule Turkey 1983 only - Jul 31 0:00 1:00 S
Rule Turkey 1983 only - Oct 2 0:00 0 -
Rule Turkey 1985 only - Apr 20 0:00 1:00 S
Rule Turkey 1985 only - Sep 28 0:00 0 -
Rule Turkey 1986 1990 - Mar lastSun 2:00s 1:00 S
Rule Turkey 1986 1990 - Sep lastSun 2:00s 0 -
Rule Turkey 1991 2006 - Mar lastSun 1:00s 1:00 S
Rule Turkey 1991 1995 - Sep lastSun 1:00s 0 -
Rule Turkey 1986 1993 - Mar lastSun 1:00s 1:00 S
Rule Turkey 1986 1995 - Sep lastSun 1:00s 0 -
Rule Turkey 1994 only - Mar 20 1:00s 1:00 S
Rule Turkey 1995 2006 - Mar lastSun 1:00s 1:00 S
Rule Turkey 1996 2006 - Oct lastSun 1:00s 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Istanbul 1:55:52 - LMT 1880
1:56:56 - IMT 1910 Oct # Istanbul Mean Time?
2:00 Turkey EE%sT 1978 Oct 15
3:00 Turkey TR%sT 1985 Apr 20 # Turkey Time
3:00 Turkey +03/+04 1985 Apr 20
2:00 Turkey EE%sT 2007
2:00 EU EE%sT 2011 Mar 27 1:00u
2:00 - EET 2011 Mar 28 1:00u
......@@ -3566,7 +3606,8 @@ Zone Europe/Istanbul 1:55:52 - LMT 1880
2:00 - EET 2014 Mar 31 1:00u
2:00 EU EE%sT 2015 Oct 25 1:00u
2:00 1:00 EEST 2015 Nov 8 1:00u
2:00 EU EE%sT
2:00 EU EE%sT 2016 Sep 7
3:00 - +03
Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents.
# Ukraine
......
test/sun/util/calendar/zi/tzdata/factory
浏览文件 @ 83f4f6a9
......@@ -24,9 +24,10 @@
# This file is in the public domain, so clarified as of
# 2009-05-17 by Arthur David Olson.
# For companies who don't want to put time zone specification in
# their installation procedures. When users run date, they'll get the message.
# Also useful for the "comp.sources" version.
# For distributors who don't want to put time zone specification in
# their installation procedures. Users that run 'date' will get the
# time zone abbreviation "-00", indicating that the actual time zone
# is unknown.
# Zone NAME GMTOFF RULES FORMAT
Zone Factory 0 - "Local time zone must be set--see zic manual page"
Zone Factory 0 - -00
test/sun/util/calendar/zi/tzdata/leapseconds
浏览文件 @ 83f4f6a9
......@@ -79,6 +79,7 @@ Leap 2005 Dec 31 23:59:60 + S
Leap 2008 Dec 31 23:59:60 + S
Leap 2012 Jun 30 23:59:60 + S
Leap 2015 Jun 30 23:59:60 + S
Leap 2016 Dec 31 23:59:60 + S
# Updated through IERS Bulletin C51
# File expires on: 28 December 2016
# Updated through IERS Bulletin C52
# File expires on: 28 June 2017
test/sun/util/calendar/zi/tzdata/northamerica
浏览文件 @ 83f4f6a9
......@@ -47,8 +47,32 @@
# was the result of his proposals at the Convention of Railroad Trunk Lines
# in New York City (1869-10). His 1870 proposal was based on Washington, DC,
# but in 1872-05 he moved the proposed origin to Greenwich.
# His proposal was adopted by the railroads on 1883-11-18 at 12:00,
# and the most of the country soon followed suit.
# From Paul Eggert (2016-09-21):
# Dowd's proposal left many details unresolved, such as where to draw
# lines between time zones. The key individual who made time zones
# work in the US was William Frederick Allen - railway engineer,
# managing editor of the Travelers' Guide, and secretary of the
# General Time Convention, a railway standardization group. Allen
# spent months in dialogs with scientific and railway leaders,
# developed a workable plan to institute time zones, and presented it
# to the General Time Convention on 1883-04-11, saying that his plan
# meant "local time would be practically abolished" - a plus for
# railway scheduling. By the next convention on 1883-10-11 nearly all
# railroads had agreed and it took effect on 1883-11-18 at 12:00.
# That Sunday was called the "day of two noons", as the eastern parts
# of the new zones observed noon twice. Allen witnessed the
# transition in New York City, writing:
#
# I heard the bells of St. Paul's strike on the old time. Four
# minutes later, obedient to the electrical signal from the Naval
# Observatory ... the time-ball made its rapid descent, the chimes
# of old Trinity rang twelve measured strokes, and local time was
# abandoned, probably forever.
#
# Most of the US soon followed suit. See:
# Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56.
# http://dx.doi.org/10.2307/3105430
# From Paul Eggert (2005-04-16):
# That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
......@@ -436,11 +460,42 @@ Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04
# north of the Salmon River, and the towns of Burgdorf and Warren),
# Nevada (except West Wendover), Oregon (except the northern 3/4 of
# Malheur county), and Washington
# From Paul Eggert (2016-08-20):
# In early February 1948, in response to California's electricity shortage,
# PG&E changed power frequency from 60 to 59.5 Hz during daylight hours,
# causing electric clocks to lose six minutes per day. (This did not change
# legal time, and is not part of the data here.) See:
# Ross SA. An energy crisis from the past: Northern California in 1948.
# Working Paper No. 8, Institute of Governmental Studies, UC Berkeley,
# 1973-11. http://escholarship.org/uc/item/8x22k30c
#
# In another measure to save electricity, DST was instituted from 1948-03-14
# at 02:01 to 1949-01-16 at 02:00, with the governor having the option to move
# the fallback transition earlier. See pages 3-4 of:
# http://clerk.assembly.ca.gov/sites/clerk.assembly.ca.gov/files/archive/Statutes/1948/48Vol1_Chapters.pdf
#
# In response:
#
# Governor Warren received a torrent of objecting mail, and it is not too much
# to speculate that the objections to Daylight Saving Time were one important
# factor in the defeat of the Dewey-Warren Presidential ticket in California.
# -- Ross, p 25
#
# On December 8 the governor exercised the option, setting the date to January 1
# (LA Times 1948-12-09). The transition time was 02:00 (LA Times 1949-01-01).
#
# Despite the controversy, in 1949 California voters approved Proposition 12,
# which established DST from April's last Sunday at 01:00 until September's
# last Sunday at 02:00. This was amended by 1962's Proposition 6, which changed
# the fall-back date to October's last Sunday. See:
# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1501&context=ca_ballot_props
# http://repository.uchastings.edu/cgi/viewcontent.cgi?article=1636&context=ca_ballot_props
#
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER
Rule CA 1948 only - Mar 14 2:00 1:00 D
Rule CA 1948 only - Mar 14 2:01 1:00 D
Rule CA 1949 only - Jan 1 2:00 0 S
Rule CA 1950 1966 - Apr lastSun 2:00 1:00 D
Rule CA 1950 1966 - Apr lastSun 1:00 1:00 D
Rule CA 1950 1961 - Sep lastSun 2:00 0 S
Rule CA 1962 1966 - Oct lastSun 2:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
......@@ -3304,7 +3359,7 @@ Zone America/Miquelon -3:44:40 - LMT 1911 May 15 # St Pierre
# indicating that the normal ET rules are followed.
#
# From Paul Eggert (2014-08-19):
# The 2014-08-13 Cabinet meeting decided to stay on UTC-4 year-round. See:
# The 2014-08-13 Cabinet meeting decided to stay on UT -04 year-round. See:
# http://tcweeklynews.com/daylight-savings-time-to-be-maintained-p5353-127.htm
# Model this as a switch from EST/EDT to AST ...
# From Chris Walton (2014-11-04):
......
test/sun/util/calendar/zi/tzdata/southamerica
浏览文件 @ 83f4f6a9
......@@ -433,9 +433,9 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
# stuck on Summer daylight savings time even though the summer is over.
# From Paul Eggert (2013-09-05):
# Perhaps San Luis operates on the legal fiction that it is at UTC-4
# Perhaps San Luis operates on the legal fiction that it is at -04
# with perpetual summer time, but ordinary usage typically seems to
# just say it's at UTC-3; see, for example,
# just say it's at -03; see, for example,
# http://es.wikipedia.org/wiki/Hora_oficial_argentina
# We've documented similar situations as being plain changes to
# standard time, so let's do that here too. This does not change UTC
......
test/sun/util/calendar/zi/tzdata/zone.tab
浏览文件 @ 83f4f6a9
......@@ -175,7 +175,8 @@ CU +2308-08222 America/Havana
CV +1455-02331 Atlantic/Cape_Verde
CW +1211-06900 America/Curacao
CX -1025+10543 Indian/Christmas
CY +3510+03322 Asia/Nicosia
CY +3510+03322 Asia/Nicosia Cyprus (most areas)
CY +3507+03357 Asia/Famagusta Northern Cyprus
CZ +5005+01426 Europe/Prague
DE +5230+01322 Europe/Berlin Germany (most areas)
DE +4742+00841 Europe/Busingen Busingen
......@@ -284,7 +285,7 @@ MH +0709+17112 Pacific/Majuro Marshall Islands (most areas)
MH +0905+16720 Pacific/Kwajalein Kwajalein
MK +4159+02126 Europe/Skopje
ML +1239-00800 Africa/Bamako
MM +1647+09610 Asia/Rangoon
MM +1647+09610 Asia/Yangon
MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas)
MN +4801+09139 Asia/Hovd Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
MN +4804+11430 Asia/Choibalsan Dornod, Sukhbaatar
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册