Use explicit locale and charset in security-utils module

Replace implicit locale and charset usage to avoid platform-dependent
behavior:
- Add Locale.ROOT to String.format() calls for locale-independent formatting
- Replace .formatted() with String.format(Locale.ROOT, ...)
- Add StandardCharsets.UTF_8 for explicit charset when converting bytes to strings

Author: arnej27959

security-utils/src/main/java/com/yahoo/security/AutoReloadingX509KeyManager.java

@@ -14,6 +14,7 @@
 import java.security.cert.X509Certificate;
 import java.time.Duration;
 import java.util.List;
+import java.util.Locale;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
@@ -87,11 +88,11 @@ private class KeyManagerReloader implements Runnable {
         @Override
         public void run() {
             try {
-                log.log(Level.FINE, () -> String.format("Reloading key and certificate chain (private-key='%s', certificates='%s')", privateKeyFile, certificatesFile));
+                log.log(Level.FINE, () -> String.format(Locale.ROOT, "Reloading key and certificate chain (private-key='%s', certificates='%s')", privateKeyFile, certificatesFile));
                 mutableX509KeyManager.updateKeystore(createKeystore(privateKeyFile, certificatesFile), new char[0]);
             } catch (Throwable t) {
                 log.log(Level.SEVERE,
-                        String.format("Failed to load X509 key manager (private-key='%s', certificates='%s'): %s",
+                        String.format(Locale.ROOT, "Failed to load X509 key manager (private-key='%s', certificates='%s'): %s",
                                       privateKeyFile, certificatesFile, t.getMessage()),
                         t);
             }

security-utils/src/main/java/com/yahoo/security/BaseNCodec.java

@@ -3,6 +3,7 @@
 
 import java.math.BigInteger;
 import java.util.Arrays;
+import java.util.Locale;
 
 /**
  * <p>
@@ -70,8 +71,7 @@ private static class Alphabet {
             Arrays.fill(reverseLut, -1); // -1 => invalid mapping
             for (int i = 0; i < alphabetChars.length; ++i) {
                 if (reverseLut[alphabetChars[i]] != -1) {
-                    throw new IllegalArgumentException("Alphabet character '%c' occurs more than once"
-                                                       .formatted(alphabetChars[i]));
+                    throw new IllegalArgumentException(String.format(Locale.ROOT, "Alphabet character '%c' occurs more than once", alphabetChars[i]));
                 }
                 reverseLut[alphabetChars[i]] = i;
             }

security-utils/src/main/java/com/yahoo/security/HKDF.java

@@ -6,6 +6,7 @@
 import java.nio.ByteBuffer;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.util.Locale;
 import java.util.Objects;
 
 /**
@@ -179,8 +180,7 @@ private void verifyWantedBytesWithinBounds(int wantedBytes) {
             throw new IllegalArgumentException("Requested negative or zero number of HKDF output bytes");
         }
         if (wantedBytes > MAX_OUTPUT_SIZE) {
-            throw new IllegalArgumentException("Too many requested HKDF output bytes (max %d, got %d)"
-                                               .formatted(MAX_OUTPUT_SIZE, wantedBytes));
+            throw new IllegalArgumentException(String.format(Locale.ROOT, "Too many requested HKDF output bytes (max %d, got %d)", MAX_OUTPUT_SIZE, wantedBytes));
         }
     }
 

security-utils/src/main/java/com/yahoo/security/KeyId.java

@@ -2,6 +2,7 @@
 package com.yahoo.security;
 
 import java.util.Arrays;
+import java.util.Locale;
 import java.util.Objects;
 
 import static com.yahoo.security.ArrayUtils.fromUtf8Bytes;
@@ -22,8 +23,7 @@ public class KeyId {
 
     private KeyId(byte[] keyIdBytes) {
         if (keyIdBytes.length > MAX_KEY_ID_UTF8_LENGTH) {
-            throw new IllegalArgumentException("Key ID is too large to be encoded (max is %d, got %d)"
-                                               .formatted(MAX_KEY_ID_UTF8_LENGTH, keyIdBytes.length));
+            throw new IllegalArgumentException(String.format(Locale.ROOT, "Key ID is too large to be encoded (max is %d, got %d)", MAX_KEY_ID_UTF8_LENGTH, keyIdBytes.length));
         }
         verifyByteStringRoundtripsAsValidUtf8(keyIdBytes);
         this.keyIdBytes = keyIdBytes;
@@ -75,7 +75,7 @@ public int hashCode() {
 
     @Override
     public String toString() {
-        return "KeyId(%s)".formatted(asString());
+        return String.format(Locale.ROOT, "KeyId(%s)", asString());
     }
 
     private static void verifyByteStringRoundtripsAsValidUtf8(byte[] byteStr) {

security-utils/src/main/java/com/yahoo/security/SealedSharedKey.java

@@ -3,6 +3,7 @@
 
 import java.nio.ByteBuffer;
 import java.util.Arrays;
+import java.util.Locale;
 import java.util.Objects;
 
 import static com.yahoo.security.ArrayUtils.hex;
@@ -30,8 +31,7 @@ public record SealedSharedKey(int version, KeyId keyId, byte[] enc, byte[] ciphe
 
     public SealedSharedKey {
         if (enc.length > MAX_ENC_CONTEXT_LENGTH) {
-            throw new IllegalArgumentException("Encryption context is too large to be encoded (max is %d, got %d)"
-                                               .formatted(MAX_ENC_CONTEXT_LENGTH, enc.length));
+            throw new IllegalArgumentException(String.format(Locale.ROOT, "Encryption context is too large to be encoded (max is %d, got %d)", MAX_ENC_CONTEXT_LENGTH, enc.length));
         }
     }
 
@@ -78,8 +78,7 @@ static SealedSharedKey fromSerializedBytes(byte[] rawTokenBytes) {
         // u8 token version || u8 length(key id) || key id || u8 length(enc) || enc || ciphertext
         int version = Byte.toUnsignedInt(decoded.get());
         if (version < 1 || version > CURRENT_TOKEN_VERSION) {
-            throw new IllegalArgumentException("Token had unexpected version. Expected value in [1, %d], was %d"
-                                               .formatted(CURRENT_TOKEN_VERSION, version));
+            throw new IllegalArgumentException(String.format(Locale.ROOT, "Token had unexpected version. Expected value in [1, %d], was %d", CURRENT_TOKEN_VERSION, version));
         }
         int keyIdLen = Byte.toUnsignedInt(decoded.get());
         byte[] keyIdBytes = new byte[keyIdLen];

security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java

@@ -2,6 +2,7 @@
 package com.yahoo.security;
 
 import javax.crypto.SecretKey;
+import java.util.Locale;
 
 /**
  * A SecretSharedKey represents a pairing of both the secret and public parts of
@@ -18,7 +19,7 @@ public record SecretSharedKey(SecretKey secretKey, SealedSharedKey sealedSharedK
     // via an implicitly generated method. Only print the sealed key (which is entirely public).
     @Override
     public String toString() {
-        return "SharedSecretKey(sealed: %s)".formatted(sealedSharedKey.toTokenString());
+        return String.format(Locale.ROOT, "SharedSecretKey(sealed: %s)", sealedSharedKey.toTokenString());
     }
 
     /**

security-utils/src/main/java/com/yahoo/security/SharedKeyResealingSession.java

@@ -7,6 +7,7 @@
 import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.security.interfaces.XECPublicKey;
+import java.util.Locale;
 import java.util.Optional;
 
 /**
@@ -139,7 +140,7 @@ public ResealingRequest resealingRequestFor(SealedSharedKey sealedSharedKey) {
 
     public static ResealingResponse reseal(ResealingRequest request, PrivateKeyProvider privateKeyProvider) {
         var privKey = privateKeyProvider.privateKeyForId(request.sealedKey.keyId()).orElseThrow(
-                () -> new IllegalArgumentException("Could not find a private key for key ID '%s'".formatted(request.sealedKey.keyId())));
+                () -> new IllegalArgumentException(String.format(Locale.ROOT, "Could not find a private key for key ID '%s'", request.sealedKey.keyId())));
 
         var secretShared = SharedKeyGenerator.fromSealedKey(request.sealedKey, privKey);
         var resealed = SharedKeyGenerator.reseal(secretShared, request.ephemeralPubKey, KeyId.ofString("resealed-token")); // TODO key id

security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java

@@ -12,6 +12,7 @@
 import java.io.UncheckedIOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.PrivateKey;
@@ -57,7 +58,7 @@ public SslContextBuilder withTrustStore(List<X509Certificate> caCertificates) {
     public SslContextBuilder withTrustStore(Path pemEncodedCaCertificates) {
         this.trustStoreSupplier = () -> {
             List<X509Certificate> caCertificates =
-                    X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(pemEncodedCaCertificates)));
+                    X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(pemEncodedCaCertificates), StandardCharsets.UTF_8));
             return createTrustStore(caCertificates);
         };
         return this;
@@ -102,8 +103,8 @@ public SslContextBuilder withKeyStore(Path file, char[] password, KeyStoreType k
     public SslContextBuilder withKeyStore(Path privateKeyPemFile, Path certificatesPemFile) {
         this.keyStoreSupplier =
                 () ->  {
-                    PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyPemFile)));
-                    List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(certificatesPemFile)));
+                    PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyPemFile), StandardCharsets.UTF_8));
+                    List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(certificatesPemFile), StandardCharsets.UTF_8));
                     return KeyStoreBuilder.withType(KeyStoreType.JKS)
                             .withKeyEntry("default", privateKey, certificates)
                             .build();

security-utils/src/main/java/com/yahoo/security/hpke/Hpke.java

@@ -5,6 +5,7 @@
 import java.security.interfaces.XECPrivateKey;
 import java.security.interfaces.XECPublicKey;
 import java.util.Arrays;
+import java.util.Locale;
 
 import static com.yahoo.security.ArrayUtils.concat;
 import static com.yahoo.security.hpke.Constants.BASE_NONCE_LABEL;
@@ -163,16 +164,13 @@ static void verifyPskInputs(byte mode, byte[] psk, byte[] pskId) {
 
     static void verifyInputLengthRestrictions(byte[] psk, byte[] pskId, byte[] info) {
         if (psk.length > MAX_INPUT_LENGTH) {
-            throw new IllegalArgumentException("Input PSK length (%d) greater than max length (%d)"
-                                               .formatted(psk.length, MAX_INPUT_LENGTH));
+            throw new IllegalArgumentException(String.format(Locale.ROOT, "Input PSK length (%d) greater than max length (%d)", psk.length, MAX_INPUT_LENGTH));
         }
         if (pskId.length > MAX_INPUT_LENGTH) {
-            throw new IllegalArgumentException("Input PSK ID length (%d) greater than max length (%d)"
-                                               .formatted(pskId.length, MAX_INPUT_LENGTH));
+            throw new IllegalArgumentException(String.format(Locale.ROOT, "Input PSK ID length (%d) greater than max length (%d)", pskId.length, MAX_INPUT_LENGTH));
         }
         if (info.length > MAX_INPUT_LENGTH) {
-            throw new IllegalArgumentException("Input info length (%d) greater than max length (%d)"
-                                               .formatted(info.length, MAX_INPUT_LENGTH));
+            throw new IllegalArgumentException(String.format(Locale.ROOT, "Input info length (%d) greater than max length (%d)", info.length, MAX_INPUT_LENGTH));
         }
     }
 

security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java

@@ -7,6 +7,7 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
@@ -80,7 +81,7 @@ public static CapabilitySet fromNames(Collection<String> names) {
             var capability = Capability.fromName(name).orElse(null);
             if (capability != null) caps.add(capability);
             else if (predefinedSet != null) caps.addAll(predefinedSet.caps);
-            else log.warning("Cannot find capability or capability set with name '%s'".formatted(name));
+            else log.warning(String.format(Locale.ROOT, "Cannot find capability or capability set with name '%s'", name));
         }
         return new CapabilitySet(caps);
     }