#84: removed commons lang3

pom.xml

@@ -48,12 +48,6 @@
             <version>2.0.3</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
-            <version>3.12.0</version>
-        </dependency>
-
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

src/main/java/com/password4j/AlgorithmFinder.java

@@ -16,6 +16,12 @@
  */
 package com.password4j;
 
+import com.password4j.types.Argon2;
+import com.password4j.types.Bcrypt;
+import com.password4j.types.Hmac;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.security.SecureRandom;
@@ -24,13 +30,6 @@
 import java.util.List;
 import java.util.Set;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.password4j.types.Argon2;
-import com.password4j.types.Bcrypt;
-import com.password4j.types.Hmac;
-
 
 /**
  * This utility class finds algorithms with their configuration

src/main/java/com/password4j/Argon2Function.java

@@ -16,20 +16,13 @@
  */
 package com.password4j;
 
+import com.password4j.types.Argon2;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-
-import org.apache.commons.lang3.StringUtils;
-
-import com.password4j.types.Argon2;
+import java.util.concurrent.*;
 
 
 /**
@@ -302,12 +295,12 @@ private static Object[] decodeHash(String hash)
         String[] parts = hash.split("\\$");
         if (parts.length == 6)
         {
-            result[0] = StringUtils.removeStart(parts[1], "argon2");
+            result[0] = remove(parts[1], "argon2");
             String[] params = parts[3].split(",");
-            result[1] = Integer.parseInt(StringUtils.removeStart(parts[2], "v="));
-            result[2] = Integer.parseInt(StringUtils.removeStart(params[0], "m="));
-            result[3] = Integer.parseInt(StringUtils.removeStart(params[1], "t="));
-            result[4] = Integer.parseInt(StringUtils.removeStart(params[2], "p="));
+            result[1] = Integer.parseInt(remove(parts[2], "v="));
+            result[2] = Integer.parseInt(remove(params[0], "m="));
+            result[3] = Integer.parseInt(remove(params[1], "t="));
+            result[4] = Integer.parseInt(remove(params[2], "p="));
             result[5] = Utils.decodeBase64(parts[4]);
             result[6] = Utils.decodeBase64(parts[5]);
             return result;
@@ -802,6 +795,11 @@ private long[][] copyOf(long[][] old)
         return current;
     }
 
+    private static String remove(String source, String remove)
+    {
+        return source.substring(remove.length());
+    }
+
     private String encodeHash(byte[] hash, String salt)
     {
         return "$argon2" + variant.name()

src/main/java/com/password4j/BcryptFunction.java

@@ -16,14 +16,14 @@
  */
 package com.password4j;
 
+import com.password4j.types.Bcrypt;
+
 import java.security.MessageDigest;
 import java.util.Arrays;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
-import com.password4j.types.Bcrypt;
-
 
 /**
  * Class containing the implementation of bcrypt function and its parameters.

src/main/java/com/password4j/CompressedPBKDF2Function.java

@@ -17,11 +17,11 @@
 
 package com.password4j;
 
+import com.password4j.types.Hmac;
+
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.password4j.types.Hmac;
-
 
 /**
  * Class containing the implementation of PBKDF2 function and its parameters.

src/main/java/com/password4j/Hash.java

@@ -19,8 +19,6 @@
 import java.util.Arrays;
 import java.util.Objects;
 
-import org.apache.commons.lang3.StringUtils;
-
 
 /**
  * This class contains all the information computed after
@@ -243,13 +241,48 @@ public boolean equals(Object obj)
 
     private boolean hasSameValues(Hash otherHash)
     {
-        return StringUtils.equals(this.result, otherHash.result) //
+        return areEquals(this.result, otherHash.result) //
                 && Arrays.equals(this.bytes, otherHash.bytes) //
-                && StringUtils.equals(this.salt, otherHash.salt) //
-                && StringUtils.equals(this.pepper, otherHash.pepper) //
+                && areEquals(this.salt, otherHash.salt) //
+                && areEquals(this.pepper, otherHash.pepper) //
                 && this.hashingFunction.equals(otherHash.hashingFunction);
     }
 
+    private static boolean areEquals(CharSequence cs1, CharSequence cs2)
+    {
+        if (cs1 == cs2)
+        {
+            return true;
+        }
+        else if (cs1 != null && cs2 != null)
+        {
+            if (cs1.length() != cs2.length())
+            {
+                return false;
+            }
+            else if (cs1 instanceof String && cs2 instanceof String)
+            {
+                return cs1.equals(cs2);
+            }
+            else
+            {
+                int length = cs1.length();
+                for(int i = 0; i < length; ++i)
+                {
+                    if (cs1.charAt(i) != cs2.charAt(i))
+                    {
+                        return false;
+                    }
+                }
+                return true;
+            }
+        }
+        else
+        {
+            return false;
+        }
+    }
+
     @Override
     public int hashCode()
     {

src/main/java/com/password4j/PBKDF2Function.java

@@ -16,18 +16,17 @@
  */
 package com.password4j;
 
+import com.password4j.types.Hmac;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-
-import com.password4j.types.Hmac;
-
 
 /**
  * Class containing the implementation of PBKDF2 function and its parameters.

src/main/java/com/password4j/PepperGenerator.java

@@ -17,8 +17,6 @@
 
 package com.password4j;
 
-import org.apache.commons.lang3.RandomStringUtils;
-
 
 /**
  * This class contains static functions that
@@ -58,7 +56,7 @@ public static String generate(int length)
         {
             throw new BadParametersException("Pepper length cannot be negative");
         }
-        return RandomStringUtils.random(length, 32, 126, false, false, null, AlgorithmFinder.getSecureRandom());
+        return Utils.randomPrintable(length);
     }
 
     /**

src/main/java/com/password4j/PropertyReader.java

@@ -16,16 +16,15 @@
  */
 package com.password4j;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Properties;
 
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 
 class PropertyReader
 {
@@ -117,7 +116,7 @@ static void init()
         String customPath = System.getProperty(CONFIGURATION_KEY, null);
 
         InputStream in;
-        if (StringUtils.isEmpty(customPath))
+        if (customPath == null || customPath.length() == 0)
         {
             in = getResource(FILE_NAME);
         }

src/main/java/com/password4j/ScryptFunction.java

@@ -16,13 +16,13 @@
  */
 package com.password4j;
 
+import com.password4j.types.Hmac;
+
 import java.security.GeneralSecurityException;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
-import com.password4j.types.Hmac;
-
 
 /**
  * Class containing the implementation of scrypt function and its parameters.

src/main/java/com/password4j/SystemChecker.java

@@ -17,13 +17,13 @@
 
 package com.password4j;
 
-import java.util.List;
-import java.util.Set;
-
 import com.password4j.types.Argon2;
 import com.password4j.types.Bcrypt;
 import com.password4j.types.Hmac;
 
+import java.util.List;
+import java.util.Set;
+
 
 /**
  * This class benchmarks the target environment.

src/main/java/com/password4j/Utils.java

@@ -23,13 +23,9 @@
 import java.nio.charset.CharsetEncoder;
 import java.nio.charset.CodingErrorAction;
 import java.nio.charset.StandardCharsets;
-import java.security.AccessController;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivilegedAction;
-import java.security.SecureRandom;
-import java.security.Security;
+import java.security.*;
 import java.util.Arrays;
+import java.util.Random;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -540,4 +536,20 @@ public String run()
         throw new NoSuchAlgorithmException("No strong SecureRandom impls available: " + property);
     }
 
+    static String randomPrintable(int count)
+    {
+        Random random = AlgorithmFinder.getSecureRandom();
+
+        StringBuilder builder = new StringBuilder(count);
+        int start = 32;
+        int gap = 126 - start;
+
+        while (count-- != 0)
+        {
+            int codePoint = random.nextInt(gap) + start;
+            builder.appendCodePoint(codePoint);
+        }
+        return builder.toString();
+    }
+
 }

src/test/com/password4j/BcryptFunctionTest.java

@@ -17,7 +17,6 @@
 package com.password4j;
 
 import com.password4j.types.Bcrypt;
-import org.apache.commons.lang3.StringUtils;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -551,8 +550,8 @@ public void testBadSalt5()
     @Test
     public void genSaltGeneratesCorrectSaltPrefix()
     {
-        Assert.assertTrue(StringUtils.startsWith(BcryptFunction.getInstance(4).hash("").getResult(), "$2b$04$"));
-        Assert.assertTrue(StringUtils.startsWith(BcryptFunction.getInstance(31).hash("").getResult(), "$2b$31$"));
+        Assert.assertEquals(0, BcryptFunction.getInstance(4).hash("").getResult().indexOf("$2b$04$"));
+        Assert.assertEquals(0, BcryptFunction.getInstance(31).hash("").getResult().indexOf("$2b$31$"));
     }
 
     @Test(expected = BadParametersException.class)

src/test/com/password4j/HashTest.java

@@ -1,10 +1,10 @@
 package com.password4j;
 
-import java.util.Arrays;
-
 import org.junit.Assert;
 import org.junit.Test;
 
+import java.util.Arrays;
+
 
 public class HashTest
 {

src/test/com/password4j/PBKDF2FunctionTest.java

@@ -16,9 +16,6 @@
  */
 package com.password4j;
 
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-
 import com.password4j.types.Bcrypt;
 import com.password4j.types.Hmac;
 import org.junit.Assert;
@@ -28,6 +25,9 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
 
 public class PBKDF2FunctionTest
 {