[JENKINS-72466] Upgrade jbcrypt dependency (#8811)

JENKINS-72466: Upgrades jbcrypt dependency

bom/pom.xml

@@ -196,9 +196,9 @@ THE SOFTWARE.
  <version>${groovy.version}</version>
  </dependency>
  <dependency>
- <groupId>org.connectbot.jbcrypt</groupId>
+ <groupId>org.connectbot</groupId>
  <artifactId>jbcrypt</artifactId>
- <version>1.0.0</version>
+ <version>1.0.2</version>
  </dependency>
  <dependency>
  <!-- Groovy shell uses this, but it doesn't declare the dependency -->

core/pom.xml

@@ -282,7 +282,7 @@ THE SOFTWARE.
  <artifactId>groovy-all</artifactId>
  </dependency>
  <dependency>
- <groupId>org.connectbot.jbcrypt</groupId>
+ <groupId>org.connectbot</groupId>
  <artifactId>jbcrypt</artifactId>
  </dependency>
  <dependency>

core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java

@@ -55,7 +55,7 @@ public void timingPBKDF2() {
  * or slow hardware, so this is commented out but left for ease of running locally when desired.
  */
  //@Test
- public void timingBcrypt() {
+ public void timingJBCrypt() {
  // ignore the salt generation - check just matching....
  JBCryptEncoder encoder = new JBCryptEncoder();
  String encoded = encoder.encode("thisIsMyPassword1");
@@ -143,4 +143,12 @@ public void passwordPBKDF2HashWithInvalidKeySpec() throws Exception {
  assertThrows(RuntimeException.class, () -> pbkdf2PasswordEncoder.matches("MySecurePassword", PBKDF2_HMAC_SHA512_ENCODED_PASSWORD));
  }
  }
+
+ @Test
+ public void testJBCryptPasswordMatching() {
+ JBCryptEncoder encoder = new JBCryptEncoder();
+ String encoded = encoder.encode("thisIsMyPassword");
+ assertTrue(encoder.matches("thisIsMyPassword", encoded));
+ assertFalse(encoder.matches("thisIsNotMyPassword", encoded));
+ }
 }