Fix checkstyle errors for toLower/toUpperCase usage

web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java

@@ -21,6 +21,7 @@ import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -63,7 +64,7 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa
 	@NonNull
 	public CompromisedPasswordDecision check(String password) {
 		byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8));
-		String encoded = new String(Hex.encode(hash)).toUpperCase();
+		String encoded = new String(Hex.encode(hash)).toUpperCase(Locale.ROOT);
 		String prefix = encoded.substring(0, PREFIX_LENGTH);
 		String suffix = encoded.substring(PREFIX_LENGTH);
 

web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java

@@ -19,6 +19,7 @@ package org.springframework.security.web.authentication.password;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.Locale;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -67,8 +68,8 @@ public class HaveIBeenPwnedRestApiReactivePasswordChecker implements ReactiveCom
 	}
 
 	private Mono<Boolean> findLeakedPassword(String encodedPassword) {
-		String prefix = encodedPassword.substring(0, PREFIX_LENGTH).toUpperCase();
-		String suffix = encodedPassword.substring(PREFIX_LENGTH).toUpperCase();
+		String prefix = encodedPassword.substring(0, PREFIX_LENGTH).toUpperCase(Locale.ROOT);
+		String suffix = encodedPassword.substring(PREFIX_LENGTH).toUpperCase(Locale.ROOT);
 		return getLeakedPasswordsForPrefix(prefix).any((leakedPw) -> leakedPw.startsWith(suffix));
 	}