WD-330 Update versions of java & libs, fix HashUtils (#20)

* WD-330 Update versions of java & libs, fix HashUtils

* WD-330 Review fix (constant)

Author: YokiToki

.github/workflows/distribution.yml

@@ -12,7 +12,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-java@v1
       with:
-        java-version: 1.8
+        java-version: 11
     - uses: eskatos/gradle-command-action@v1
       with:
         arguments: build

README.md

@@ -12,7 +12,7 @@ repositories {
 }
 
 // Append dependency
-implementation("com.icerockdev:web-utils:0.6.1")
+implementation("com.icerockdev:web-utils:0.7.0")
 ````
 
 ## Library usage

build.gradle

@@ -16,7 +16,7 @@ allprojects {
 
     plugins.withId('org.jetbrains.kotlin.jvm', { _ ->
         compileJava.dependsOn copyLibsCompile
-        sourceCompatibility=1.8
+        sourceCompatibility=JavaVersion.VERSION_11
     })
 
     task copyLibsCompile(type: Copy) {

gradle.properties

@@ -3,22 +3,21 @@ org.gradle.configureondemand=false
 org.gradle.parallel=true
 org.gradle.caching=true
 
-logback_version=1.2.3
 kotlin.code.style=official
-kotlin_version=1.3.70
-coroutines_version=1.3.3
-ktor_version=1.3.1
-jodatime_version = 2.9.9
-# validation
-jsonassert_version=1.5.0
-junit_version=4.13
+kotlin_version=1.4.0
+ktor_version=1.4.0
+logback_version=1.2.3
+jodatime_version = 2.10.6
+# Validation
+javax_validation=2.0.0.Final
 javax_el_version=2.2.6
 javax_el_api_version=3.0.0
 beanutils_version=1.9.4
-javax_validation=2.0.0.Final
 hibernate_validator_version=6.0.2.Final
 hibernate_validator_annotation_processor_version=6.0.2.Final
-# i18n
+# I18N
 gnu_gettext_version=0.18.3
-# bcrypt
-spring_core_version=5.1.6.RELEASE
+# BCrypt
+bcrypt_version=0.9.0
+# Testing
+junit_version=4.13

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,5 @@
-#Tue Nov 27 11:58:01 NOVT 2018
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.6-all.zip

sample/build.gradle.kts

@@ -35,13 +35,13 @@ dependencies {
 }
 
 java {
-    sourceCompatibility = JavaVersion.VERSION_1_8
-    targetCompatibility = JavaVersion.VERSION_1_8
+    sourceCompatibility = JavaVersion.VERSION_11
+    targetCompatibility = JavaVersion.VERSION_11
 }
 
 tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile> {
     kotlinOptions {
-        jvmTarget = "1.8"
+        jvmTarget = JavaVersion.VERSION_11.toString()
     }
 }
 

settings.gradle.kts

@@ -27,12 +27,12 @@ pluginManagement {
 }
 
 include(":web-utils")
-//
-val properties = startParameter.projectProperties
+
+val properties: Map<String, String> = startParameter.projectProperties
 
 // ./gradlew -PlibraryPublish publishToMavenLocal
 // ./gradlew -DBINTRAY_USER=user -DBINTRAY_KEY=key -PlibraryPublish
 val libraryPublish: Boolean = properties.containsKey("libraryPublish")
 if(!libraryPublish) {
     include(":sample")
-}
+}

web-utils/build.gradle.kts

@@ -13,7 +13,7 @@ apply(plugin = "java")
 apply(plugin = "kotlin")
 
 group = "com.icerockdev"
-version = "0.6.1"
+version = "0.7.0"
 
 val sourcesJar by tasks.registering(Jar::class) {
     classifier = "sources"
@@ -44,7 +44,7 @@ dependencies {
     api("commons-beanutils:commons-beanutils:${properties["beanutils_version"]}")
 
     // BCrypt
-    implementation(group = "org.springframework.security", name = "spring-security-core", version = properties["spring_core_version"].toString())
+    implementation("at.favre.lib:bcrypt:${properties["bcrypt_version"]}")
 
     // i18n
     implementation("org.gnu.gettext:libintl:${properties["gnu_gettext_version"]}")
@@ -55,13 +55,13 @@ dependencies {
 }
 
 java {
-    sourceCompatibility = JavaVersion.VERSION_1_8
-    targetCompatibility = JavaVersion.VERSION_1_8
+    sourceCompatibility = JavaVersion.VERSION_11
+    targetCompatibility = JavaVersion.VERSION_11
 }
 
 tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile> {
     kotlinOptions {
-        jvmTarget = "1.8"
+        jvmTarget = JavaVersion.VERSION_11.toString()
     }
 }
 

web-utils/src/main/kotlin/com/icerockdev/util/HashUtils.kt

@@ -1,21 +1,25 @@
 package com.icerockdev.util
 
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import at.favre.lib.crypto.bcrypt.BCrypt
 import java.security.MessageDigest
 
+// To avoid using springframework components and keep backward compatibility
+// GENSALT_DEFAULT_LOG2_ROUNDS in org.springframework.security.crypto.bcrypt.Bcrypt
+const val BCRYPT_COST = 10
+
 object HashUtils {
-    fun sha512(input: String) = hashString("SHA-512", input)
+    fun sha512(input: String): String = hash("SHA-512", input)
 
-    fun sha256(input: String) = hashString("SHA-256", input)
+    fun sha256(input: String): String = hash("SHA-256", input)
 
-    fun sha1(input: String) = hashString("SHA-1", input)
+    fun sha1(input: String): String = hash("SHA-1", input)
 
     fun generatePasswordHash(password: String): String {
-        return BCryptPasswordEncoder().encode(password)
+        return BCrypt.withDefaults().hashToString(BCRYPT_COST, password.toCharArray());
     }
 
     fun verifyPassword(password: String, passwordHash: String): Boolean {
-        return BCryptPasswordEncoder().matches(password, passwordHash)
+        return BCrypt.verifyer().verify(password.toCharArray(), passwordHash).verified
     }
 
     fun generateRandomToken(): String {
@@ -36,9 +40,9 @@ object HashUtils {
     }
 
 
-    private fun hashString(type: String, input: String): String {
+    private fun hash(algorithm: String, input: String): String {
         return MessageDigest
-            .getInstance(type)
+            .getInstance(algorithm)
             .digest(input.toByteArray())
             .fold("", { str, it -> str + "%02x".format(it) })
     }

web-utils/src/test/kotlin/com/icerockdev/util/HashUtilsTest.kt

@@ -0,0 +1,29 @@
+package com.icerockdev.util
+
+import org.junit.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertTrue
+
+const val RAW_STRING = "123456"
+const val SHA_1_HASH = "7c4a8d09ca3762af61e59520943dc26494f8941b"
+const val SHA_256_HASH = "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92"
+const val SHA_512_HASH =
+    "ba3253876aed6bc22d4a6ff53d8406c6ad864195ed144ab5c87621b6c233b548baeae6956df346ec8c17f5ea10f35ee3cbc514797ed7ddd3145464e2a0bab413"
+
+class HashUtilsTest {
+    @Test
+    fun bcryptPasswordHashTest() {
+        val passwordHash = HashUtils.generatePasswordHash(RAW_STRING)
+
+        assertTrue {
+            HashUtils.verifyPassword(RAW_STRING, passwordHash)
+        }
+    }
+
+    @Test
+    fun hashTest() {
+        assertEquals(HashUtils.sha1(RAW_STRING), SHA_1_HASH)
+        assertEquals(HashUtils.sha256(RAW_STRING), SHA_256_HASH)
+        assertEquals(HashUtils.sha512(RAW_STRING), SHA_512_HASH)
+    }
+}