Integrate Forbidden API Checker and resolve issues it flagged.

pom.xml

@@ -650,6 +650,19 @@
                     </excludes>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>de.thetaphi</groupId>
+                <artifactId>forbiddenapis</artifactId>
+                <version>3.6</version>
+                <configuration>
+                    <bundledSignatures>
+                        <bundledSignature>jdk-unsafe</bundledSignature>
+                        <bundledSignature>jdk-deprecated</bundledSignature>
+                        <bundledSignature>jdk-non-portable</bundledSignature>
+                        <bundledSignature>jdk-reflection</bundledSignature>
+                    </bundledSignatures>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
     <profiles>
@@ -805,5 +818,46 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>forbiddenapis</id>
+            <activation>
+                <jdk>[16,)</jdk>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>de.thetaphi</groupId>
+                        <artifactId>forbiddenapis</artifactId>
+                        <configuration>
+                            <releaseVersion>16</releaseVersion>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <id>check</id>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                                <configuration>
+                                    <bundledSignatures combine.children="append">
+                                        <bundledSignature>jdk-system-out</bundledSignature>
+                                    </bundledSignatures>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>testCheck</id>
+                                <goals>
+                                    <goal>testCheck</goal>
+                                </goals>
+                                <configuration>
+                                    <bundledSignatures combine.children="append">
+                                        <bundledSignature>commons-io-unsafe-2.14.0</bundledSignature>
+                                    </bundledSignatures>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 </project>

src/main/java/com/jcraft/jsch/HostKey.java

@@ -26,6 +26,8 @@
 
 package com.jcraft.jsch;
 
+import java.util.Locale;
+
 public class HostKey {
 
   private static final byte[][] names =
@@ -118,7 +120,7 @@ public String getKey() {
   public String getFingerPrint(JSch jsch) {
     HASH hash = null;
     try {
-      String _c = JSch.getConfig("FingerprintHash").toLowerCase();
+      String _c = JSch.getConfig("FingerprintHash").toLowerCase(Locale.ROOT);
       Class<? extends HASH> c = Class.forName(JSch.getConfig(_c)).asSubclass(HASH.class);
       hash = c.getDeclaredConstructor().newInstance();
     } catch (Exception e) {

src/main/java/com/jcraft/jsch/JSchAlgoNegoFailException.java

@@ -1,5 +1,7 @@
 package com.jcraft.jsch;
 
+import java.util.Locale;
+
 /**
  * Extension of {@link JSchException} to indicate when a connection fails during algorithm
  * negotiation.
@@ -35,7 +37,7 @@ public String getServerProposal() {
   }
 
   private static String failString(int algorithmIndex, String jschProposal, String serverProposal) {
-    return String.format(
+    return String.format(Locale.ROOT,
         "Algorithm negotiation fail: algorithmName=\"%s\" jschProposal=\"%s\" serverProposal=\"%s\"",
         algorithmNameFromIndex(algorithmIndex), jschProposal, serverProposal);
   }

src/main/java/com/jcraft/jsch/KeyExchange.java

@@ -26,6 +26,8 @@
 
 package com.jcraft.jsch;
 
+import java.util.Locale;
+
 public abstract class KeyExchange {
 
   static final int PROPOSAL_KEX_ALGS = 0;
@@ -198,7 +200,7 @@ protected static String[] guess(Session session, byte[] I_S, byte[] I_C) throws
   public String getFingerPrint() {
     HASH hash = null;
     try {
-      String _c = session.getConfig("FingerprintHash").toLowerCase();
+      String _c = session.getConfig("FingerprintHash").toLowerCase(Locale.ROOT);
       Class<? extends HASH> c = Class.forName(session.getConfig(_c)).asSubclass(HASH.class);
       hash = c.getDeclaredConstructor().newInstance();
     } catch (Exception e) {

src/main/java/com/jcraft/jsch/OpenSSHConfig.java

@@ -36,6 +36,7 @@
 import java.util.Arrays;
 import java.util.Hashtable;
 import java.util.List;
+import java.util.Locale;
 import java.util.Set;
 import java.util.Vector;
 import java.util.stream.Collectors;
@@ -75,9 +76,10 @@
  */
 public class OpenSSHConfig implements ConfigRepository {
 
-  private static final Set<String> keysWithListAdoption =
-      Stream.of("KexAlgorithms", "Ciphers", "HostKeyAlgorithms", "MACs", "PubkeyAcceptedAlgorithms",
-          "PubkeyAcceptedKeyTypes").map(String::toUpperCase).collect(Collectors.toSet());
+  private static final Set<String> keysWithListAdoption = Stream
+      .of("KexAlgorithms", "Ciphers", "HostKeyAlgorithms", "MACs", "PubkeyAcceptedAlgorithms",
+          "PubkeyAcceptedKeyTypes")
+      .map(string -> string.toUpperCase(Locale.ROOT)).collect(Collectors.toSet());
 
   /**
    * Parses the given string, and returns an instance of ConfigRepository.
@@ -209,13 +211,13 @@ private String find(String key) {
       if (keymap.get(key) != null) {
         key = keymap.get(key);
       }
-      key = key.toUpperCase();
+      key = key.toUpperCase(Locale.ROOT);
       String value = null;
       for (int i = 0; i < _configs.size(); i++) {
         Vector<String[]> v = _configs.elementAt(i);
         for (int j = 0; j < v.size(); j++) {
           String[] kv = v.elementAt(j);
-          if (kv[0].toUpperCase().equals(key)) {
+          if (kv[0].toUpperCase(Locale.ROOT).equals(key)) {
             value = kv[1];
             break;
           }
@@ -255,13 +257,13 @@ private String find(String key) {
     }
 
     private String[] multiFind(String key) {
-      key = key.toUpperCase();
+      key = key.toUpperCase(Locale.ROOT);
       Vector<String> value = new Vector<>();
       for (int i = 0; i < _configs.size(); i++) {
         Vector<String[]> v = _configs.elementAt(i);
         for (int j = 0; j < v.size(); j++) {
           String[] kv = v.elementAt(j);
-          if (kv[0].toUpperCase().equals(key)) {
+          if (kv[0].toUpperCase(Locale.ROOT).equals(key)) {
             String foo = kv[1];
             if (foo != null) {
               value.remove(foo);

src/main/java/com/jcraft/jsch/PageantConnector.java

@@ -40,6 +40,7 @@
 import com.sun.jna.platform.win32.WinNT.HANDLE;
 import com.sun.jna.platform.win32.WinUser;
 import com.sun.jna.platform.win32.WinUser.COPYDATASTRUCT;
+import java.util.Locale;
 
 public class PageantConnector implements AgentConnector {
 
@@ -84,7 +85,8 @@ public void query(Buffer buffer) throws AgentProxyException {
       throw new AgentProxyException("Pageant is not runnning.");
     }
 
-    String mapname = String.format("PageantRequest%08x", kernel32.GetCurrentThreadId());
+    String mapname =
+        String.format(Locale.ROOT, "PageantRequest%08x", kernel32.GetCurrentThreadId());
 
     HANDLE sharedFile = null;
     Pointer sharedMemory = null;

src/main/java/com/jcraft/jsch/Session.java

@@ -37,6 +37,7 @@
 import java.util.Hashtable;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Locale;
 import java.util.Properties;
 import java.util.Vector;
 
@@ -400,7 +401,7 @@ public void connect(int connectTimeout) throws JSchException {
       if (!auth) {
         smethods = uan.getMethods();
         if (smethods != null) {
-          smethods = smethods.toLowerCase();
+          smethods = smethods.toLowerCase(Locale.ROOT);
         } else {
           // methods: publickey,password,keyboard-interactive
           // smethods = "publickey,password,keyboard-interactive";

src/main/java/com/jcraft/jsch/UserAuthKeyboardInteractive.java

@@ -26,6 +26,8 @@
 
 package com.jcraft.jsch;
 
+import java.util.Locale;
+
 class UserAuthKeyboardInteractive extends UserAuth {
   @Override
   public boolean start(Session session) throws Exception {
@@ -129,7 +131,7 @@ public boolean start(Session session) throws Exception {
           byte[][] response = null;
 
           if (password != null && prompt.length == 1 && !echo[0]
-              && prompt[0].toLowerCase().indexOf("password:") >= 0) {
+              && prompt[0].toLowerCase(Locale.ROOT).indexOf("password:") >= 0) {
             response = new byte[1][];
             response[0] = password;
             password = null;

src/main/java/com/jcraft/jsch/jzlib/InflaterInputStream.java

@@ -27,6 +27,7 @@
 package com.jcraft.jsch.jzlib;
 
 import java.io.*;
+import java.nio.charset.StandardCharsets;
 
 final class InflaterInputStream extends FilterInputStream {
   protected final Inflater inflater;
@@ -223,7 +224,7 @@ byte[] getAvailIn() {
 
   void readHeader() throws IOException {
 
-    byte[] empty = "".getBytes();
+    byte[] empty = "".getBytes(StandardCharsets.UTF_8);
     inflater.setInput(empty, 0, 0, false);
     inflater.setOutput(empty, 0, 0);
 

src/test/java/com/jcraft/jsch/AbstractBufferMargin.java

@@ -14,6 +14,7 @@
 import java.nio.file.Paths;
 import java.util.Base64;
 import java.util.List;
+import java.util.Locale;
 import java.util.Random;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.io.input.BoundedInputStream;
@@ -140,7 +141,8 @@ private JSch createRSAIdentity() throws Exception {
   private HostKey readHostKey(String fileName) throws Exception {
     List<String> lines = Files.readAllLines(Paths.get(fileName), UTF_8);
     String[] split = lines.get(0).split("\\s+");
-    String hostname = String.format("[%s]:%d", sshd.getHost(), sshd.getFirstMappedPort());
+    String hostname =
+        String.format(Locale.ROOT, "[%s]:%d", sshd.getHost(), sshd.getFirstMappedPort());
     return new HostKey(hostname, Base64.getDecoder().decode(split[1]));
   }
 

src/test/java/com/jcraft/jsch/Algorithms2IT.java

@@ -16,6 +16,7 @@
 import java.nio.file.Paths;
 import java.util.Base64;
 import java.util.List;
+import java.util.Locale;
 import java.util.Optional;
 import java.util.Random;
 import org.apache.commons.codec.digest.DigestUtils;
@@ -146,7 +147,7 @@ public void testKEXs(String kex) throws Exception {
     session.setConfig("kex", kex);
     doSftp(session, true);
 
-    String expected = String.format("kex: algorithm: %s.*", kex);
+    String expected = String.format(Locale.ROOT, "kex: algorithm: %s.*", kex);
     checkLogs(expected);
   }
 
@@ -177,9 +178,9 @@ public void testDHGEXSizes(String kex, String size) throws Exception {
     session.setConfig("dhgex_preferred", size);
     doSftp(session, true);
 
-    String expectedKex = String.format("kex: algorithm: %s.*", kex);
-    String expectedSizes =
-        String.format("SSH_MSG_KEX_DH_GEX_REQUEST\\(%s<%s<%s\\) sent", size, size, size);
+    String expectedKex = String.format(Locale.ROOT, "kex: algorithm: %s.*", kex);
+    String expectedSizes = String.format(Locale.ROOT,
+        "SSH_MSG_KEX_DH_GEX_REQUEST\\(%s<%s<%s\\) sent", size, size, size);
     checkLogs(expectedKex);
     checkLogs(expectedSizes);
   }
@@ -235,7 +236,7 @@ public void testRSA(String keyType) throws Exception {
     session.setConfig("server_host_key", keyType);
     doSftp(session, true);
 
-    String expected = String.format("kex: host key algorithm: %s.*", keyType);
+    String expected = String.format(Locale.ROOT, "kex: host key algorithm: %s.*", keyType);
     checkLogs(expected);
   }
 
@@ -250,8 +251,8 @@ public void testCiphers(String cipher, String compression) throws Exception {
     session.setConfig("compression.c2s", compression);
     doSftp(session, true);
 
-    String expectedS2C = String.format("kex: server->client cipher: %s.*", cipher);
-    String expectedC2S = String.format("kex: client->server cipher: %s.*", cipher);
+    String expectedS2C = String.format(Locale.ROOT, "kex: server->client cipher: %s.*", cipher);
+    String expectedC2S = String.format(Locale.ROOT, "kex: client->server cipher: %s.*", cipher);
     checkLogs(expectedS2C);
     checkLogs(expectedC2S);
   }
@@ -274,8 +275,8 @@ public void testMACs(String mac, String compression) throws Exception {
     session.setConfig("cipher.c2s", "aes128-ctr");
     doSftp(session, true);
 
-    String expectedS2C = String.format("kex: server->client .* MAC: %s.*", mac);
-    String expectedC2S = String.format("kex: client->server .* MAC: %s.*", mac);
+    String expectedS2C = String.format(Locale.ROOT, "kex: server->client .* MAC: %s.*", mac);
+    String expectedC2S = String.format(Locale.ROOT, "kex: client->server .* MAC: %s.*", mac);
     checkLogs(expectedS2C);
     checkLogs(expectedC2S);
   }
@@ -304,7 +305,7 @@ public void testCompressionImpls(String impl) throws Exception {
     session.setConfig("zlib", impl);
     doSftp(session, true);
 
-    String expectedImpl = String.format("zlib using %s", impl);
+    String expectedImpl = String.format(Locale.ROOT, "zlib using %s", impl);
     String expectedS2C = "kex: server->client .* compression: zlib.*";
     String expectedC2S = "kex: client->server .* compression: zlib.*";
     checkLogs(expectedImpl);
@@ -332,7 +333,8 @@ private JSch createEd448Identity() throws Exception {
   private HostKey readHostKey(String fileName) throws Exception {
     List<String> lines = Files.readAllLines(Paths.get(fileName), UTF_8);
     String[] split = lines.get(0).split("\\s+");
-    String hostname = String.format("[%s]:%d", sshd.getHost(), sshd.getFirstMappedPort());
+    String hostname =
+        String.format(Locale.ROOT, "[%s]:%d", sshd.getHost(), sshd.getFirstMappedPort());
     return new HostKey(hostname, Base64.getDecoder().decode(split[1]));
   }
 

src/test/java/com/jcraft/jsch/Algorithms3IT.java

@@ -14,6 +14,7 @@
 import java.nio.file.Paths;
 import java.util.Base64;
 import java.util.List;
+import java.util.Locale;
 import java.util.Optional;
 import java.util.Random;
 import org.apache.commons.codec.digest.DigestUtils;
@@ -96,8 +97,8 @@ public void testCiphers(String cipher, String compression) throws Exception {
     session.setConfig("compression.c2s", compression);
     doSftp(session, true);
 
-    String expectedS2C = String.format("kex: server->client cipher: %s.*", cipher);
-    String expectedC2S = String.format("kex: client->server cipher: %s.*", cipher);
+    String expectedS2C = String.format(Locale.ROOT, "kex: server->client cipher: %s.*", cipher);
+    String expectedC2S = String.format(Locale.ROOT, "kex: client->server cipher: %s.*", cipher);
     checkLogs(expectedS2C);
     checkLogs(expectedC2S);
   }
@@ -113,7 +114,8 @@ private JSch createRSAIdentity() throws Exception {
   private HostKey readHostKey(String fileName) throws Exception {
     List<String> lines = Files.readAllLines(Paths.get(fileName), UTF_8);
     String[] split = lines.get(0).split("\\s+");
-    String hostname = String.format("[%s]:%d", sshd.getHost(), sshd.getFirstMappedPort());
+    String hostname =
+        String.format(Locale.ROOT, "[%s]:%d", sshd.getHost(), sshd.getFirstMappedPort());
     return new HostKey(hostname, Base64.getDecoder().decode(split[1]));
   }