harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject [classlib][security]Algorithm comparation should use locale neutral string manipulation.
Date Wed, 10 Oct 2007 05:29:03 GMT
Hi, all
     I found that harmony has problem to get Signature under the Turkish Locale.
     Here is an example:

       // Enfore that providers information has been loaded.
        Signature.getInstance("DSA");

        Locale defaultLocale = Locale.getDefault();
        try {
            Locale.setDefault(new Locale("tr"));
            Signature.getInstance("MD5withRSA");
        } finally {
            Locale.setDefault(defaultLocale);
        }

     It is due to we use algorithm.toUpperCase() as key to get
according instance from existing services. Although the algorithm
string actually only contain a limited charsets, under Turkish locale
the String.toUpperCase() will get the unexpected result:
    "MD5withRSA".toUpperCase will get "MD5W?THRSA".
     Thus it fails to get the signature instance from installed
providers since their information is updated under other locale.

    Seems manipulations of Strings, including toUpperCase(),
toLowerCase() and equalsIgnoreCase(), shall use Locale.US when
treating with algorithm names and properties from config files in
security module since they will only contain chars in ASCII if I have
not missed something.

    Besides in org.apache.harmony.security.x509.GeneralName.equals(Name)
and isAcceptable(GeneralName), shall we also use the locale neutral
means? If the string here is confined to ASCII, I think it does.


Good luck!
-- 
Leo Li
China Software Development Lab, IBM

Mime
View raw message