Programmatically generate htpasswd file (#2539)

* Programmatically generate htpasswd file
GoogleContainerTools · Jun 24, 2020 · 826b5bb · 826b5bb
1 parent 38ea51b
commit 826b5bb
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 13 deletions.
diff --git a/build.gradle b/build.gradle
@@ -76,6 +76,7 @@ subprojects {
     MOCKITO_CORE: '3.2.4',
     SLF4J_API: '1.7.25',
     SYSTEM_RULES: '1.19.0',
+    JBCRYPT: '0.4',
   ]
 
   // Use this to ensure we correctly override transitive dependencies

diff --git a/jib-core/build.gradle b/jib-core/build.gradle
@@ -19,6 +19,7 @@ dependencies {
   testImplementation "org.mockito:mockito-core:${dependencyVersions.MOCKITO_CORE}"
   testImplementation "org.slf4j:slf4j-api:${dependencyVersions.SLF4J_API}"
   testImplementation "com.github.stefanbirkner:system-rules:${dependencyVersions.SYSTEM_RULES}"
+  testImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}"
 }
 
 jar {

diff --git a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java
@@ -30,6 +30,7 @@
 import java.util.UUID;
 import javax.annotation.Nullable;
 import org.junit.rules.ExternalResource;
+import org.mindrot.jbcrypt.BCrypt;
 
 /** Runs a local registry. */
 public class LocalRegistry extends ExternalResource {
@@ -68,19 +69,11 @@ public void start() throws IOException, InterruptedException {
             Arrays.asList(
                 "docker", "run", "--rm", "-d", "-p", port + ":5000", "--name", containerName));
     if (username != null && password != null) {
-      // Generate the htpasswd file to store credentials
-      String credentialString =
-          new Command(
-                  "docker",
-                  "run",
-                  "--rm",
-                  "--entrypoint",
-                  "htpasswd",
-                  "registry:2.7.0", // TODO: correctly fix this when using latest
-                  "-Bbn",
-                  username,
-                  password)
-              .run();
+      // Equivalent of "$ htpasswd -nbB username password".
+      // https://httpd.apache.org/docs/2.4/misc/password_encryptions.html
+      // BCrypt generates hashes using $2a$ algorithm (instead of $2y$ from docs), but this seems
+      // to work okay
+      String credentialString = username + ":" + BCrypt.hashpw(password, BCrypt.gensalt());
       // Creates the temporary directory in /tmp since that is one of the default directories
       // mounted into Docker.
       // See: https://docs.docker.com/docker-for-mac/osxfs