From fa5fc6dd62a2d6ae21f6f1be356db0d8bb85fb6e Mon Sep 17 00:00:00 2001 From: Joe Grandja <10884212+jgrandja@users.noreply.github.com> Date: Mon, 18 Nov 2024 04:56:17 -0500 Subject: [PATCH] Fix checkstyle errors for toLower/toUpperCase usage --- .../password/HaveIBeenPwnedRestApiPasswordChecker.java | 3 ++- .../HaveIBeenPwnedRestApiReactivePasswordChecker.java | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java index b5e9f89ced..248d760947 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java +++ b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java @@ -21,6 +21,7 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Collections; import java.util.List; +import java.util.Locale; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -63,7 +64,7 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa @NonNull public CompromisedPasswordDecision check(String password) { byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8)); - String encoded = new String(Hex.encode(hash)).toUpperCase(); + String encoded = new String(Hex.encode(hash)).toUpperCase(Locale.ROOT); String prefix = encoded.substring(0, PREFIX_LENGTH); String suffix = encoded.substring(PREFIX_LENGTH); diff --git a/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java index f431d2070d..fd0141d535 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java +++ b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java @@ -19,6 +19,7 @@ package org.springframework.security.web.authentication.password; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Locale; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -67,8 +68,8 @@ public class HaveIBeenPwnedRestApiReactivePasswordChecker implements ReactiveCom } private Mono findLeakedPassword(String encodedPassword) { - String prefix = encodedPassword.substring(0, PREFIX_LENGTH).toUpperCase(); - String suffix = encodedPassword.substring(PREFIX_LENGTH).toUpperCase(); + String prefix = encodedPassword.substring(0, PREFIX_LENGTH).toUpperCase(Locale.ROOT); + String suffix = encodedPassword.substring(PREFIX_LENGTH).toUpperCase(Locale.ROOT); return getLeakedPasswordsForPrefix(prefix).any((leakedPw) -> leakedPw.startsWith(suffix)); }