diff --git a/bom/pom.xml b/bom/pom.xml
index a4c8690015ca..53ac85bdaa4c 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -196,9 +196,9 @@ THE SOFTWARE.
${groovy.version}
- org.connectbot.jbcrypt
+ org.connectbot
jbcrypt
- 1.0.0
+ 1.0.2
diff --git a/core/pom.xml b/core/pom.xml
index 45539865962a..82d3b76bbb21 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -282,7 +282,7 @@ THE SOFTWARE.
groovy-all
- org.connectbot.jbcrypt
+ org.connectbot
jbcrypt
diff --git a/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java b/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
index 9d7e2b7b5980..09aab39cb0e3 100644
--- a/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
+++ b/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
@@ -55,7 +55,7 @@ public void timingPBKDF2() {
* or slow hardware, so this is commented out but left for ease of running locally when desired.
*/
//@Test
- public void timingBcrypt() {
+ public void timingJBCrypt() {
// ignore the salt generation - check just matching....
JBCryptEncoder encoder = new JBCryptEncoder();
String encoded = encoder.encode("thisIsMyPassword1");
@@ -143,4 +143,12 @@ public void passwordPBKDF2HashWithInvalidKeySpec() throws Exception {
assertThrows(RuntimeException.class, () -> pbkdf2PasswordEncoder.matches("MySecurePassword", PBKDF2_HMAC_SHA512_ENCODED_PASSWORD));
}
}
+
+ @Test
+ public void testJBCryptPasswordMatching() {
+ JBCryptEncoder encoder = new JBCryptEncoder();
+ String encoded = encoder.encode("thisIsMyPassword");
+ assertTrue(encoder.matches("thisIsMyPassword", encoded));
+ assertFalse(encoder.matches("thisIsNotMyPassword", encoded));
+ }
}