diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml new file mode 100644 index 0000000..c1a10af --- /dev/null +++ b/.github/workflows/build_deploy.yml @@ -0,0 +1,64 @@ +name: Build and Deploy with Maven + +on: + push: + branches: + - main + tags: + - '*' # Trigger on all tags + pull_request: {} + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + - name: Set up JDK 8 + uses: actions/setup-java@v3 + with: + java-version: '8' + distribution: 'adopt' + cache: 'maven' + - name: Build with Maven + run: ./mvnw -B clean package checkstyle:checkstyle jacoco:report -DcommonConfig.jarSign.skip=true + - name: Upload coverage reports to CodeCov + uses: codecov/codecov-action@v3 + + deploy: + needs: build + if: startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Retrieve Keystore from secrets + env: + KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }} + run: | + echo $KEYSTORE_BASE64 | base64 --decode > keystore.jks + - name: Set up Maven Central Repository + uses: actions/setup-java@v3 + with: + java-version: '8' + distribution: 'adopt' + cache: 'maven' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + - name: Publish package + run: mvn -B deploy -DskipTests + env: + OPENSOURCE_PROJECTS_KS_PW: ${{ secrets.KEYSTORE_PASSWORD }} + OPENSOURCE_PROJECTS_KEY_PW: ${{ secrets.KEYSTORE_KEY_PASSWORD }} + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + - name: Create and upload Github Release + uses: xresloader/upload-to-github-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + file: "modules/bcrypt/target/bcrypt-*.jar;modules/bcrypt/target/*.sha256;modules/bcrypt/target/checksum-sha256.txt;modules/bcrypt-cli/target/bcrypt-*-full.jar;modules/bcrypt-cli/target/*.sha256" + tags: true + draft: false diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index dc1d30f..0000000 --- a/.travis.yml +++ /dev/null @@ -1,54 +0,0 @@ -# To let the CI execute the maven wrapper, use this command and push the change: -# git update-index --chmod=+x mvnw - -language: java -install: true -jdk: - - openjdk8 - -env: - global: - - secure: "N8EZ+1uW2P0sQHdVQ5dm9Ha/Lr36iBuWRg0lXOrdzzp/5RxvKQ2nnGGF9m1FacLa++SJ4+xJtQCMPDkELK6vhvG+bS86MuzlBVdys+awiuBlxiO6KcUDnu/VQ5PGXxGexJ5NQbkuwYQWwE2yeRZR9tq0FoAOBllXOmi3Tqk7LN0Yt5DpoEaBW4YNZee8Qz7fNV5wd7ekGn4On42/Ngvcg2yOAdJbxn9XAvDJlBABCsDx8zlNPZUhAnWZERnLATcN7KGYQAiZy3TVyBs/8wsGVfrWoPLbvoVZ6ZJI19Q083JEk2wQSNw/AD7fqd32BoMlVQ0cuUcvTTP8Swj4hIyhreXhdG6r+x6KqVtK81HiNa8rFTkAGmzZNF5UZoNN2I5XIJwIty2h4JtR1LmuzJgS4o4oarlm4kjnz/mXER8qRRJg6y3I50zt9Nba14Fger4zBQwyrjdr8DVCGfxnupYoSfjBAQfT9n5Mja6lsowL5BS7hSs1REr9VQwZlvUwNEbc/NrFu+PMP7y0Z4YEYoCpeMZ6P01/qRZUehugrhSHks5Ff1L895dAh7lqXKXmzClVAcq9gfiVitD4PKok9LFUHKCmkdSAQ2c+zPWHvPYRqh4FxKPjBRzSbtgwq+0ctnnDa4ji9PIWOP1VzOn7UNJVzQbiD460Ix/hlCsse4YmBnU=" - - secure: "rO0GEdDFN4QlA6+SLJXOvOPmKWt6RGM5YdVgI+RupmAcwlYB+VW+gmVPC+G1jQIbN6rtRLtyO2J2j0rLtBpCTKsWSwmLUQytlpIc5qQBSaYHoij+JR4j3Cngfb0ifjH9Doj6kb40/k+4Qy9t3ypbhRcZ32eXkOI3dlrnK2AubaUA1XlmxDG/ViA9FCpukcNLBVOqFdmzw3ity3YsXm5xRCXVkoTX/9zBl2x7XEHYWRR1ZgyOUCVSkQgT/OP5sqlfT7vRb0gg00ShgP5wepLDfQ1zc4QERo4/+CkD3ES/69fvQJWlAwTJ3b57pGZM8dkfhEQCInCHIL9HhQyXhwZ3gzsfflnu4+hSRnlmJIaNogFtdgOYF/NpadNBPBTytDHkLy7LKEJadz3snPFQM47ZBtleqygNMEq02QdD1tUkBQeDE0xNjUowPZcNQDEucihgHHBVQfCR/eR+3zxSlFnH1cKNn0k4Y5Hwx55eTqrnVtNQFXmD3E3ZfdTK9ne4c3Uk9gYHpuvj6vflUhDAlzGJfplsb9xMBtGDAt2qKDLgObnae9780RTxPDIM3FVP+WS1ATB6UCKNsrK/7KcCT6zrGwX3a5biCGCx9x/em5NHG4ZuF/Nq6m7qnHuVhrghjQgVL8wx6t3J9fLEidTcXiYo26A+kxzmlY7widyBb/l7g9U=" - -before_install: - - openssl aes-256-cbc -K $encrypted_55afeb8ba94e_key -iv $encrypted_55afeb8ba94e_iv -in secrets.tar.enc -out secrets.tar -d - - tar xvf secrets.tar - -script: - - 'if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then ./mvnw clean install -Djarsigner.skip=true; fi' - - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then ./mvnw clean install -Djarsigner.skip=false; fi' - -after_success: - - ./mvnw test jacoco:report coveralls:report - -deploy: - - provider: script - script: ./mvnw -s ci-settings.xml deploy -X checkstyle:checkstyle - skip_cleanup: true - on: - branch: master - tags: true - - provider: releases - api_key: - secure: "jTRC8q1o58sepRHphhUJEVnWPatWESdQuO8IYcqxQOSWsObD8Xr5KNrsLSgBAAGKCTEFdSb88/HrXQShZp1w4pdqTrmB4+eXgWxjtYNPzcaMkWMxsiJabLss91ahvvUVpNVp3AE2iHjUEOOqeXyx7ynhBVtvDn0Bf80O8ufqvq0PqQunQa5xlYp0UgTIEZ1BAoOtMTyWQrywvTRZj2ZLi0Aa5Lnqbrr2U2ZLqC3FLFOKveWJ8XxG10a2x2DmyRyW9h9EamXgoWVS3DqWOYdNDwEjgeih+0yNtJ1CWcDDC6PC77Nkit9/L5roCCnaTJbdhNdsVFBKP+1AUH81xMdSMl9SRKi16eVbjyEcu4laEzJlYz46eO8spbYJrmIDs59ij4C4dPQeb3LQPeioheEkFmUD/krZHH2klDnlN4T4nU2VPm0iYSkqezRHOkess+SDKxXvS8ZjmBcJLaI20QYLk+MFpWGw69JcgI90WHHFXBDLC+juz+16kmIEs6X96iaK0buysE0aSIy1/3l03mfnAl2fdMydrRhOkvWOpvOc67QCpkehEbhhC29TrbZAp954fu9akaKoHrdFU/I0Y4esM7CgzWUOc3oxfzInJ4Uva+Dun17gZxyuAXhvXqe7x9fPjpMnJGZUSe1E1GCja8BKpx4VFlz1SmBqC+FhDqTlmk8=" - file_glob: true - file: - - "modules/bcrypt/target/bcrypt-*.jar" - - "modules/bcrypt/target/*.sha256" - - "modules/bcrypt/target/checksum-sha256.txt" - - "modules/bcrypt-cli/target/bcrypt-*-full.jar" - - "modules/bcrypt-cli/target/*.sha256" - skip_cleanup: true - on: - branch: master - tags: true - -cache: - directories: - - $HOME/.m2 - -notifications: - slack: - secure: "M94V15GAKJqqX+zY1DwqQeEPMZoO2TLihxdnjvxrdH6LE37BTZcPH8KF5kEQ1ZrwN7F6kHWg9DlDNjKhwz2t7aeFuM7vn6HjhVGFPe6N1UT9vxeFf892LeTalM2ayScBXpPUpQ2RKak4rpQzhNILZabafFuJA7VB5gVSRBfj1I3PCQYWxlIiUbfjx7fS4OeQ8YCWjqHkrAyhksXhs344cyTzlWGXb7pVNHim9J52ZF33YUt9T5aRKdpdyFBAxL73/U+jdKqPZhg0JHrQVWO31q6nsQCaL2DYwj2ykB4ZRYnd3VYpqt1XnwEMyMHC7Vrc0G1Pnm2pqJU809Pps5nrstsjfxd6wz/51hk6kX+p+hFZN6cwR0XtzQcakGG9Pm4RNvNdyo03Y5+uHemmWl6rThgf9Q22RaDHuxkJ5STyWwHTrpmDtV3g/LJNjMEPT6sZGCzH0MgUFd8PP9L2ANq7N8t5a/te3p86gtjMLl0BHTiksNwv5y9QszoiOhCP+G0BIcixYus9XfKmxsA/LcAD1249OQumebcKcnUGwYA3wrhqJ9L1JllJCo/FxEM7gehWqdKws+3PrZ7k2AFT4vdvZKoy1Uj6utjX0udF5AdRK0p1gLrioSqXiFElD3hs/VPy72Gygk4obOkFXzzKpcwVDOCHAh2EInm1we+dCwzyW7o=" - email: false diff --git a/CHANGELOG b/CHANGELOG index 88d9d77..43442da 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,12 @@ # Releases +## v0.10.0 + +* [BREAKING CHANGE] the null terminator will not be counted to the 72 byte max length anymore. This changes the behaviour IF you used passwords with EXACTLY 72 bytes. #43, #44 (thx @quinot) +* migrate to Maven Central, Github Actions and Codecov #46 +* update many dependencies and remove warnings for CVE-2020-15522 (bc) CVE-2020-15250 (junit) -> were never part of production code #41 + + ## v0.9.0 * fix license headers and correct credits to jBcrypt * add long-password strategy to verifier #21 diff --git a/README.md b/README.md index 993512f..e79fc20 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,10 @@ This is an implementation of the OpenBSD Blowfish password hashing algorithm, as described in "[A Future-Adaptable Password Scheme](http://www.openbsd.org/papers/bcrypt-paper.ps)" by Niels Provos and David Mazieres. It's core is based on [jBcrypt](https://github.com/djmdjm/jBCrypt), but heavily refactored, modernized and with a lot of updates and enhancements. It supports all common [versions](https://en.wikipedia.org/wiki/Bcrypt#Versioning_history), has a security sensitive API and is fully tested against a range of test vectors and reference implementations. -[![Download](https://api.bintray.com/packages/patrickfav/maven/bcrypt/images/download.svg)](https://bintray.com/patrickfav/maven/bcrypt/_latestVersion) -[![Build Status](https://travis-ci.com/patrickfav/bcrypt.svg?branch=master)](https://travis-ci.com/patrickfav/bcrypt) +![Maven Central](https://img.shields.io/maven-central/v/at.favre.lib/bcrypt) +[![Github Actions](https://github.com/patrickfav/bcrypt/actions/workflows/build_deploy.yml/badge.svg)](https://github.com/patrickfav/bcrypt/actions) [![Javadocs](https://www.javadoc.io/badge/at.favre.lib/bcrypt.svg)](https://www.javadoc.io/doc/at.favre.lib/bcrypt) -[![Coverage Status](https://coveralls.io/repos/github/patrickfav/bcrypt/badge.svg?branch=master)](https://coveralls.io/github/patrickfav/bcrypt?branch=master) +[![codecov](https://codecov.io/gh/patrickfav/bcrypt/branch/master/graph/badge.svg?token=HP8FL3ZJG7)](https://codecov.io/gh/patrickfav/bcrypt) [![Maintainability](https://api.codeclimate.com/v1/badges/bbc7ebd960a9f0bb7baa/maintainability)](https://codeclimate.com/github/patrickfav/bcrypt/maintainability) The code is compiled with target [Java 7](https://en.wikipedia.org/wiki/Java_version_history#Java_SE_7) to be compatible with most [_Android_](https://www.android.com/) versions as well as normal Java applications. @@ -180,7 +180,7 @@ The full API can be read in the doc by passing `-h` ## Download -The artifacts are deployed to [jcenter](https://bintray.com/bintray/jcenter) and [Maven Central](https://search.maven.org/). +The artifacts are deployed to [Maven Central](https://search.maven.org/). ### Maven diff --git a/pom.xml b/pom.xml index d434cad..05c7af6 100644 --- a/pom.xml +++ b/pom.xml @@ -35,15 +35,26 @@ - jcenter - jcenter - https://jcenter.bintray.com + central + Maven Central + https://repo1.maven.org/maven2 false + + + central + Maven Central + https://repo1.maven.org/maven2 + + false + + + + @@ -58,18 +69,14 @@ org.jacoco jacoco-maven-plugin - - org.eluder.coveralls - coveralls-maven-plugin - - bintray-patrickfav - patrickfav-bcrypt - https://api.bintray.com/maven/patrickfav/maven/bcrypt/;publish=1 + ossrh + Central Repository OSSRH + https://oss.sonatype.org/service/local/staging/deploy/maven2/ diff --git a/secrets.tar.enc b/secrets.tar.enc deleted file mode 100644 index bff4944..0000000 Binary files a/secrets.tar.enc and /dev/null differ