A Simple Shell Script to Check the Trap of Case-Insensitive String

In the post of "The Trap of Case-Insensitive String", it is talked about the locale sensitive of String.toUpperCase() or String.toLowerCase(). I wrote a very simple KSH script to check the potential problems in Java source code. The script may be useful to facilitate the checking of the trap.

#!/bin/ksh

set -A KEYWORDS
KEYWORDS[0]="toLowerCase\(\)|toUpperCase\(\)"
typeset -i keywords_number=1

# KEYWORDS[0]="toLowerCase\(\).hashCode\(\)"
# KEYWORDS[1]="toUpperCase\(\).hashCode\(\)"
# KEYWORDS[2]="toLowerCase\(\).equals\("
# KEYWORDS[3]="toUpperCase\(\).equals\("
# typeset -i keywords_number=4

EXCLUDE_LINES="\/\/| \* "   # inaccurate filter

typeset -i keywords_i=0
while [ ${keywords_i} -lt ${keywords_number} ]; do
    echo
    echo Running "Checking operatoin ${KEYWORDS[${keywords_i}]} ..."

    find ./ -name "*.java" |xargs egrep "${KEYWORDS[${keywords_i}]}" \
        |egrep -v "${EXCLUDE_LINES}"

    echo "    ... DONE with the checking of ${KEYWORDS[${keywords_i}]}"
    echo

    ((keywords_i=keywords_i+1))
done

Please check the output to make sure there is no potential issues with String.toUpperCase() or String.toLowerCase().

Enjoy it!

Popular posts from this blog

TLS Server Name Indication Extension and Unrecognized_name

Image
It's getting hot that some TLS/HTTPS server failed with "unrecognized_name". For example, the Adobe AIR 3 Code Signing Certificate Problem, the ADT handshake alert, and the jarsigner issue with timestamp.geotrust.com, etc. This entry will discussion some background of the "unrecognized_name" alert, and the TLS Server Name Indication (SNI) extension.

Background
"Unrecognized_name" is an error alert, define by RFC4366.  In section 4 of RFC4366:
- "unrecognized_name": this alert is sent by servers that receive a server_name extension request, but do not recognize the server name. This message MAY be fatal. And in section 3.1 of of RFC4366:
If the server understood the client hello extension but does not recognize the server name, it SHOULD send an "unrecognized_name" alert (which MAY be fatal).
From above sections, we see that "unrecognized_name" is related to "the server name" or "server_name" extensi…
Read more

JEP 115: AES-GCM CipherSuites in JDK 8

Image
RFC 5288 describes the use of AES in Galois Counter Mode (GCM) (AES-GCM) with various key exchange mechanisms as a cipher suite for TLS. AES-GCM is an authenticated encryption with associated data (AEAD) cipher (as defined in TLS 1.2) providing both confidentiality and data origin authentication.

Java SE had already defined the AES-GCM interfaces in Java SE 7.  In the coming Java SE 8, as an implementation of JEP 115, AES-GCM algorithms is implemented in SunJCE provider, and AES-GCM cipher suites are implemented in SunJSSE provider.

The following SSL/TLS AEAD/GCM cipher suites, in preference order, are enabled by default in SunJSSE provider for TLS version 1.2:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288) TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_…
Read more

Understanding of OCSP Stapling

Image
What's OCSP Stapling?
OCSP stapling, also known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved in providing OCSP responses, instead of the issuing Certificate Authority (CA). [WIKI]

With OCSP stapling, it is the responsibility of the web site to get the OCSP response and send OCSP response to clients/browsers in SSL/TLS handshaking.

OCSP stapling is defined as TLS Certificate Status Request extension in section 8 of RFC 6066.

The Benefits of OCSP StaplingThe performance bottleneck of OCSP server
If client checks the certificate status directly from OCSP server, for each client with a given certificate, the OCSP server has to response with a particular certificate status. For high traffic web site, OCSP server is likely to be the performance bottleneck…
Read more