From 826b5bbff1192ec3bf411bf4d8a14bf52ad157c4 Mon Sep 17 00:00:00 2001
From: Appu <appu@google.com>
Date: Wed, 24 Jun 2020 14:12:57 -0400
Subject: [PATCH] Programmatically generate htpasswd file (#2539)

* Programmatically generate htpasswd file
---
 build.gradle                                  |  1 +
 jib-core/build.gradle                         |  1 +
 .../tools/jib/registry/LocalRegistry.java     | 19 ++++++-------------
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/build.gradle b/build.gradle
index 4ad75102db..a2908af8bc 100644
--- a/build.gradle
+++ b/build.gradle
@@ -76,6 +76,7 @@ subprojects {
     MOCKITO_CORE: '3.2.4',
     SLF4J_API: '1.7.25',
     SYSTEM_RULES: '1.19.0',
+    JBCRYPT: '0.4',
   ]
 
   // Use this to ensure we correctly override transitive dependencies
diff --git a/jib-core/build.gradle b/jib-core/build.gradle
index 261823e601..96259ee1e4 100644
--- a/jib-core/build.gradle
+++ b/jib-core/build.gradle
@@ -19,6 +19,7 @@ dependencies {
   testImplementation "org.mockito:mockito-core:${dependencyVersions.MOCKITO_CORE}"
   testImplementation "org.slf4j:slf4j-api:${dependencyVersions.SLF4J_API}"
   testImplementation "com.github.stefanbirkner:system-rules:${dependencyVersions.SYSTEM_RULES}"
+  testImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}"
 }
 
 jar {
diff --git a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java
index d84be897fb..14288b8c7b 100644
--- a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java
+++ b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java
@@ -30,6 +30,7 @@
 import java.util.UUID;
 import javax.annotation.Nullable;
 import org.junit.rules.ExternalResource;
+import org.mindrot.jbcrypt.BCrypt;
 
 /** Runs a local registry. */
 public class LocalRegistry extends ExternalResource {
@@ -68,19 +69,11 @@ public void start() throws IOException, InterruptedException {
             Arrays.asList(
                 "docker", "run", "--rm", "-d", "-p", port + ":5000", "--name", containerName));
     if (username != null && password != null) {
-      // Generate the htpasswd file to store credentials
-      String credentialString =
-          new Command(
-                  "docker",
-                  "run",
-                  "--rm",
-                  "--entrypoint",
-                  "htpasswd",
-                  "registry:2.7.0", // TODO: correctly fix this when using latest
-                  "-Bbn",
-                  username,
-                  password)
-              .run();
+      // Equivalent of "$ htpasswd -nbB username password".
+      // https://httpd.apache.org/docs/2.4/misc/password_encryptions.html
+      // BCrypt generates hashes using $2a$ algorithm (instead of $2y$ from docs), but this seems
+      // to work okay
+      String credentialString = username + ":" + BCrypt.hashpw(password, BCrypt.gensalt());
       // Creates the temporary directory in /tmp since that is one of the default directories
       // mounted into Docker.
       // See: https://docs.docker.com/docker-for-mac/osxfs