harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: [classlib][security]Algorithm comparation should use locale neutral string manipulation.
Date Wed, 10 Oct 2007 12:30:48 GMT
Leo Li wrote:
> Hi, all
>      I found that harmony has problem to get Signature under the Turkish Locale.
>      Here is an example:
>        // Enfore that providers information has been loaded.
>         Signature.getInstance("DSA");
>         Locale defaultLocale = Locale.getDefault();
>         try {
>             Locale.setDefault(new Locale("tr"));
>             Signature.getInstance("MD5withRSA");
>         } finally {
>             Locale.setDefault(defaultLocale);
>         }
>      It is due to we use algorithm.toUpperCase() as key to get
> according instance from existing services. Although the algorithm
> string actually only contain a limited charsets, under Turkish locale
> the String.toUpperCase() will get the unexpected result:
>     "MD5withRSA".toUpperCase will get "MD5W?THRSA".
>      Thus it fails to get the signature instance from installed
> providers since their information is updated under other locale.
>     Seems manipulations of Strings, including toUpperCase(),
> toLowerCase() and equalsIgnoreCase(), shall use Locale.US when
> treating with algorithm names and properties from config files in
> security module since they will only contain chars in ASCII if I have
> not missed something.
>     Besides in org.apache.harmony.security.x509.GeneralName.equals(Name)
> and isAcceptable(GeneralName), shall we also use the locale neutral
> means? If the string here is confined to ASCII, I think it does.

I guess you will have to experiment to figure out if the name is locale
specific -- I don't see anything in the spec [1] to say the must be
ASCII, but that may be the case.  If it is then you can use the LUNI
util [2] to uppercase it.

[1] http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA
[2] org.apache.harmony.luni.util.Util.toASCIIUpperCase(String)


View raw message