Use locale insensitive case changes to ensure user code doesn't break… (

#4268)

* Use locale insensitive case changes to ensure user code doesn't break in other locales (i.e. Turkey)

Signed-off-by: Michael Jameson <mjameson.se@gmail.com>

connectors/jdk-connector/src/main/java/org/glassfish/jersey/jdk/connector/internal/ProxyDigestAuthenticator.java

@@ -22,6 +22,7 @@
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.util.Locale;
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -98,7 +99,7 @@ private DigestScheme parseAuthHeaders(final String authHeader) throws IOExceptio
         if (parts.length != 2) {
             return null;
         }
-        if (!parts[0].toLowerCase().equals("digest")) {
+        if (!parts[0].toLowerCase(Locale.ROOT).equals("digest")) {
             return null;
         }
 
@@ -326,7 +327,7 @@ public static Algorithm parse(String val) {
                 return Algorithm.UNSPECIFIED;
             }
             val = val.trim();
-            if (val.contains(MD5_SESS.md) || val.contains(MD5_SESS.md.toLowerCase())) {
+            if (val.contains(MD5_SESS.md) || val.contains(MD5_SESS.md.toLowerCase(Locale.ROOT))) {
                 return MD5_SESS;
             }
             return MD5;

containers/netty-http/src/main/java/org/glassfish/jersey/netty/httpserver/NettyHttp2ResponseWriter.java

@@ -19,6 +19,7 @@
 import java.io.IOException;
 import java.io.OutputStream;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
@@ -74,7 +75,7 @@ public OutputStream writeResponseStatusAndHeaders(long contentLength, ContainerR
         response.status(Integer.toString(responseContext.getStatus()));
 
         for (final Map.Entry<String, List<String>> e : responseContext.getStringHeaders().entrySet()) {
-            response.add(e.getKey().toLowerCase(), e.getValue());
+            response.add(e.getKey().toLowerCase(Locale.ROOT), e.getValue());
         }
 
         response.set(HttpHeaderNames.CONTENT_LENGTH, Long.toString(contentLength));

core-client/src/main/java/org/glassfish/jersey/client/JerseyInvocation.java

@@ -125,7 +125,7 @@ private void validateHttpMethodAndEntity(final ClientRequest request) {
 
         final String method = request.getMethod();
 
-        final EntityPresence entityPresence = METHODS.get(method.toUpperCase());
+        final EntityPresence entityPresence = METHODS.get(method.toUpperCase(Locale.ROOT));
         if (entityPresence == EntityPresence.MUST_BE_NULL && request.hasEntity()) {
             if (suppressExceptions) {
                 LOGGER.warning(LocalizationMessages.ERROR_HTTP_METHOD_ENTITY_NOT_NULL(method));

core-client/src/main/java/org/glassfish/jersey/client/authentication/BasicAuthenticator.java

@@ -17,6 +17,7 @@
 package org.glassfish.jersey.client.authentication;
 
 import java.util.Base64;
+import java.util.Locale;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -96,7 +97,7 @@ public void filterRequest(ClientRequestContext request) {
      */
     public boolean filterResponseAndAuthenticate(ClientRequestContext request, ClientResponseContext response) {
         final String authenticate = response.getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE);
-        if (authenticate != null && authenticate.trim().toUpperCase().startsWith("BASIC")) {
+        if (authenticate != null && authenticate.trim().toUpperCase(Locale.ROOT).startsWith("BASIC")) {
             HttpAuthenticationFilter.Credentials credentials = HttpAuthenticationFilter
                     .getCredentials(request, defaultCredentials, HttpAuthenticationFilter.Type.BASIC);
 

core-client/src/main/java/org/glassfish/jersey/client/authentication/DigestAuthenticator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2019 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -24,6 +24,7 @@
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -166,7 +167,7 @@ private DigestScheme parseAuthHeaders(final List<?> headers) throws IOException
             if (parts.length != 2) {
                 continue;
             }
-            if (!"digest".equals(parts[0].toLowerCase())) {
+            if (!"digest".equals(parts[0].toLowerCase(Locale.ROOT))) {
                 continue;
             }
 
@@ -400,7 +401,7 @@ public static Algorithm parse(String val) {
                 return Algorithm.UNSPECIFIED;
             }
             val = val.trim();
-            if (val.contains(MD5_SESS.md) || val.contains(MD5_SESS.md.toLowerCase())) {
+            if (val.contains(MD5_SESS.md) || val.contains(MD5_SESS.md.toLowerCase(Locale.ROOT))) {
                 return MD5_SESS;
             }
             return MD5;

core-client/src/main/java/org/glassfish/jersey/client/authentication/HttpAuthenticationFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2019 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -23,6 +23,7 @@
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 
 import javax.annotation.Priority;
@@ -202,7 +203,7 @@ public void filter(ClientRequestContext request, ClientResponseContext response)
             List<String> authStrings = response.getHeaders().get(HttpHeaders.WWW_AUTHENTICATE);
             if (authStrings != null) {
                 for (String authString : authStrings) {
-                    final String upperCaseAuth = authString.trim().toUpperCase();
+                    final String upperCaseAuth = authString.trim().toUpperCase(Locale.ROOT);
                     if (result == null && upperCaseAuth.startsWith("BASIC")) {
                         result = Type.BASIC;
                     } else if (upperCaseAuth.startsWith("DIGEST")) {

core-client/src/main/java/org/glassfish/jersey/client/internal/HttpUrlConnector.java

@@ -29,6 +29,7 @@
 import java.security.PrivilegedExceptionAction;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
@@ -90,7 +91,7 @@ public class HttpUrlConnector implements Connector {
 
     static {
         for (String headerName : restrictedHeaders) {
-            restrictedHeaderSet.add(headerName.toLowerCase());
+            restrictedHeaderSet.add(headerName.toLowerCase(Locale.ROOT));
         }
     }
 
@@ -424,7 +425,7 @@ private void setOutboundHeaders(MultivaluedMap<String, String> headers, HttpURLC
     }
 
     private boolean isHeaderRestricted(String name, String value) {
-        name = name.toLowerCase();
+        name = name.toLowerCase(Locale.ROOT);
         return name.startsWith("sec-")
                 || restrictedHeaderSet.contains(name)
                 && !("connection".equalsIgnoreCase(name) && "close".equalsIgnoreCase(value));

core-common/src/main/java/org/glassfish/jersey/internal/util/PropertiesHelper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2018 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -20,6 +20,7 @@
 import java.lang.reflect.Method;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Properties;
 import java.util.logging.Level;
@@ -217,7 +218,7 @@ public static <T> T getValue(Map<String, ?> properties, RuntimeType runtimeType,
             String runtimeAwareKey = getPropertyNameForRuntime(key, runtimeType);
             if (key.equals(runtimeAwareKey)) {
                 // legacy behaviour
-                runtimeAwareKey = key + "." + runtimeType.name().toLowerCase();
+                runtimeAwareKey = key + "." + runtimeType.name().toLowerCase(Locale.ROOT);
             }
             value = properties.get(runtimeAwareKey);
         }
@@ -251,11 +252,11 @@ public static String getPropertyNameForRuntime(String key, RuntimeType runtimeTy
         if (runtimeType != null && key.startsWith("jersey.config")) {
             RuntimeType[] types = RuntimeType.values();
             for (RuntimeType type : types) {
-                if (key.startsWith("jersey.config." + type.name().toLowerCase())) {
+                if (key.startsWith("jersey.config." + type.name().toLowerCase(Locale.ROOT))) {
                     return key;
                 }
             }
-            return key.replace("jersey.config", "jersey.config." + runtimeType.name().toLowerCase());
+            return key.replace("jersey.config", "jersey.config." + runtimeType.name().toLowerCase(Locale.ROOT));
         }
         return key;
     }

core-common/src/main/java/org/glassfish/jersey/message/internal/CacheControlProvider.java

@@ -19,6 +19,7 @@
 import java.text.ParseException;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -113,7 +114,7 @@ private int readIntValue(HttpHeaderReader reader, String directiveName)
     private void readDirective(CacheControl cacheControl,
                                HttpHeaderReader reader) throws ParseException {
 
-        final String directiveName = reader.nextToken().toString().toLowerCase();
+        final String directiveName = reader.nextToken().toString().toLowerCase(Locale.ROOT);
         if ("private".equals(directiveName)) {
             cacheControl.setPrivate(true);
             readFieldNames(cacheControl.getPrivateFields(), reader);

core-common/src/main/java/org/glassfish/jersey/message/internal/CookiesParser.java

@@ -19,6 +19,7 @@
 import java.text.ParseException;
 import java.util.Date;
 import java.util.LinkedHashMap;
+import java.util.Locale;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -133,7 +134,7 @@ public static NewCookie parseNewCookie(String header) {
             if (cookie == null) {
                 cookie = new MutableNewCookie(name, value);
             } else {
-                final String param = name.toLowerCase();
+                final String param = name.toLowerCase(Locale.ROOT);
 
                 if (param.startsWith("comment")) {
                     cookie.comment = value;

core-common/src/main/java/org/glassfish/jersey/message/internal/HttpHeaderReader.java

@@ -24,6 +24,7 @@
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
@@ -291,7 +292,7 @@ public static Map<String, String> readParameters(HttpHeaderReader reader, boolea
             }
 
             // Get the parameter name
-            String name = reader.nextToken().toString().toLowerCase();
+            String name = reader.nextToken().toString().toLowerCase(Locale.ROOT);
             reader.nextSeparator('=');
             // Get the parameter value
             String value;

core-common/src/main/java/org/glassfish/jersey/message/internal/InboundMessageContext.java

@@ -539,7 +539,7 @@ public Set<String> getAllowedMethods() {
             return Collections.emptySet();
         }
         try {
-            return new HashSet<String>(HttpHeaderReader.readStringList(allowed.toUpperCase()));
+            return new HashSet<String>(HttpHeaderReader.readStringList(allowed.toUpperCase(Locale.ROOT)));
         } catch (java.text.ParseException e) {
             throw exception(HttpHeaders.ALLOW, allowed, e);
         }

core-common/src/main/java/org/glassfish/jersey/message/internal/MessageBodyFactory.java

@@ -34,6 +34,7 @@
 import java.util.LinkedHashSet;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
@@ -131,7 +132,7 @@ public boolean equals(final MediaType mt1, final MediaType mt2) {
                 @Override
                 public int hash(final MediaType mt) {
                     // treat compatible types as equal
-                    return mt.getType().toLowerCase().hashCode() + mt.getSubtype().toLowerCase().hashCode();
+                    return mt.getType().toLowerCase(Locale.ROOT).hashCode() + mt.getSubtype().toLowerCase(Locale.ROOT).hashCode();
                 }
             };
     /**

core-server/src/main/java/org/glassfish/jersey/server/TracingUtils.java

@@ -18,6 +18,7 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 
 import javax.ws.rs.core.Configuration;
 import javax.ws.rs.core.HttpHeaders;
@@ -36,12 +37,12 @@ public final class TracingUtils {
     private static final List<String> SUMMARY_HEADERS = new ArrayList<>();
 
     static {
-        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT.toLowerCase());
-        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT_ENCODING.toLowerCase());
-        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT_CHARSET.toLowerCase());
-        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT_LANGUAGE.toLowerCase());
-        SUMMARY_HEADERS.add(HttpHeaders.CONTENT_TYPE.toLowerCase());
-        SUMMARY_HEADERS.add(HttpHeaders.CONTENT_LENGTH.toLowerCase());
+        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT.toLowerCase(Locale.ROOT));
+        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT_ENCODING.toLowerCase(Locale.ROOT));
+        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT_CHARSET.toLowerCase(Locale.ROOT));
+        SUMMARY_HEADERS.add(HttpHeaders.ACCEPT_LANGUAGE.toLowerCase(Locale.ROOT));
+        SUMMARY_HEADERS.add(HttpHeaders.CONTENT_TYPE.toLowerCase(Locale.ROOT));
+        SUMMARY_HEADERS.add(HttpHeaders.CONTENT_LENGTH.toLowerCase(Locale.ROOT));
     }
 
     private static final TracingConfig DEFAULT_CONFIGURATION_TYPE = TracingConfig.OFF;

core-server/src/main/java/org/glassfish/jersey/server/filter/HttpMethodOverrideFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2019 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -17,6 +17,7 @@
 package org.glassfish.jersey.server.filter;
 
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -228,7 +229,7 @@ private String getParamValue(final Source source, final MultivaluedMap<String, S
             return null;
         }
         value = value.trim();
-        return value.length() == 0 ? null : value.toUpperCase();
+        return value.length() == 0 ? null : value.toUpperCase(Locale.ROOT);
     }
 
     @Override

core-server/src/main/java/org/glassfish/jersey/server/internal/scanning/PackageNamesScanner.java

@@ -25,6 +25,7 @@
 import java.security.AccessController;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.Locale;
 import java.util.Map;
 
 import org.glassfish.jersey.internal.OsgiRegistry;
@@ -133,7 +134,7 @@ public Enumeration<URL> getResources(final String packagePath, final ClassLoader
 
     private void add(final UriSchemeResourceFinderFactory uriSchemeResourceFinderFactory) {
         for (final String scheme : uriSchemeResourceFinderFactory.getSchemes()) {
-            finderFactories.put(scheme.toLowerCase(), uriSchemeResourceFinderFactory);
+            finderFactories.put(scheme.toLowerCase(Locale.ROOT), uriSchemeResourceFinderFactory);
         }
     }
 
@@ -254,7 +255,7 @@ public static void setResourcesProvider(final ResourcesProvider provider) throws
     }
 
     private void addResourceFinder(final URI u) {
-        final UriSchemeResourceFinderFactory finderFactory = finderFactories.get(u.getScheme().toLowerCase());
+        final UriSchemeResourceFinderFactory finderFactory = finderFactories.get(u.getScheme().toLowerCase(Locale.ROOT));
         if (finderFactory != null) {
             compositeResourceFinder.push(finderFactory.create(u, recursive));
         } else {

core-server/src/main/java/org/glassfish/jersey/server/model/ResourceMethod.java

@@ -26,6 +26,7 @@
 import java.util.LinkedHashSet;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Locale;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
@@ -578,7 +579,7 @@ private Data(final String httpMethod,
             this.managedAsync = managedAsync;
             this.type = JaxrsType.classify(httpMethod);
 
-            this.httpMethod = (httpMethod == null) ? httpMethod : httpMethod.toUpperCase();
+            this.httpMethod = (httpMethod == null) ? httpMethod : httpMethod.toUpperCase(Locale.ROOT);
 
             this.consumedTypes = Collections.unmodifiableList(new ArrayList<>(consumedTypes));
             this.producedTypes = Collections.unmodifiableList(new ArrayList<>(producedTypes));

core-server/src/main/java/org/glassfish/jersey/server/wadl/config/WadlGeneratorLoader.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2019 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -25,6 +25,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map.Entry;
 import java.util.Properties;
 import java.util.logging.Level;
@@ -147,7 +148,7 @@ private static Callback setProperty(final Object generator,
                                         final Class<?> osgiConfigClass) throws Exception {
         Callback result = null;
 
-        final String methodName = "set" + propertyName.substring(0, 1).toUpperCase() + propertyName.substring(1);
+        final String methodName = "set" + propertyName.substring(0, 1).toUpperCase(Locale.ROOT) + propertyName.substring(1);
         final Method method = getMethodByName(methodName, generator.getClass());
         if (method.getParameterTypes().length != 1) {
             throw new RuntimeException(