From 97ace45f6544973f3c0b6addf836bd5674b2f0ca Mon Sep 17 00:00:00 2001
From: Laurent <laurent.crema@gmail.com>
Date: Fri, 5 Dec 2025 21:41:38 +0100
Subject: [PATCH] Add some encryption

---
 build.gradle.kts                              |  3 +-
 .../src/authorization/AuthorizedClients.java  | 33 +++++++++++++++----
 .../httpServer/src/authorization/Client.java  | 18 +++++++++-
 .../src/authorization/PasswordHasher.java     | 32 ++++++++++++++++++
 4 files changed, 77 insertions(+), 9 deletions(-)
 create mode 100644 src/main/java/httpsServer/httpServer/src/authorization/PasswordHasher.java

diff --git a/build.gradle.kts b/build.gradle.kts
index 0f1e8d5..c91436a 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -19,7 +19,7 @@ sourceSets {
         java.srcDir("externalApp/src")
     }
 
-    create("httpsServer") {
+    create("httpServer") {
         java.srcDir("httpServer/src")
     }
 }
@@ -79,6 +79,7 @@ dependencies {
     testImplementation("org.junit.jupiter:junit-jupiter")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")
 
+    implementation("org.springframework.security:spring-security-crypto:6.4.5")
     implementation("com.fasterxml.jackson.core:jackson-databind:2.17.1")
 }
 
diff --git a/src/main/java/httpsServer/httpServer/src/authorization/AuthorizedClients.java b/src/main/java/httpsServer/httpServer/src/authorization/AuthorizedClients.java
index 20e79d0..cb70d74 100644
--- a/src/main/java/httpsServer/httpServer/src/authorization/AuthorizedClients.java
+++ b/src/main/java/httpsServer/httpServer/src/authorization/AuthorizedClients.java
@@ -1,5 +1,7 @@
 package httpsServer.httpServer.src.authorization;
 
+import org.springframework.security.crypto.bcrypt.BCrypt;
+
 import java.util.*;
 
 public class AuthorizedClients {
@@ -12,12 +14,21 @@ public class AuthorizedClients {
     }
 
     private void populateClients() {
-        registerClient("Aude Vaiselle", "password1");
-        registerClient("Tony Truand", "password2");
-        registerClient("Jean Porte", "password3");
-        registerClient("Ruby Gnaule", "password4");
-        registerClient("Nat Action", "password5");
-        registerClient("hepl", "hepl");
+
+        //Aude Vaiselle:password
+        registerClient(
+                "Aude Vaiselle",
+                "$2a$14$0l9j/3YPt7lKooaNkjArNOLdjfaUvpzhzOEqcAjrQ8MU3aaH.tcVe");
+
+        //Nat Action:password
+        registerClient(
+                "Nat Action",
+                "$2a$14$8v0DBDBgrd.66ScMyZxfb.OtG71xIlcmvDorX4hw5ibF3GcdnbbiS");
+
+        //hepl:hepl
+        registerClient(
+                "hepl",
+                "$2a$14$3TFtoKXLlbCskAtagSNKLOi3lOePjng5TjNRpr9idAd1D4ml7WJtu");
     }
 
     private void registerClient(String username, String password) {
@@ -30,6 +41,14 @@ public class AuthorizedClients {
     }
 
     public boolean isAuthorized(String username, String password) {
-        return clients.contains(new Client(username, password));
+        Client candidate = clients
+                .stream()
+                .filter(c -> c.username().equals(username))
+                .findAny().orElse(null);
+        if(candidate == null) {
+            return false;
+        }
+
+        return BCrypt.checkpw(password, candidate.password());
     }
 }
diff --git a/src/main/java/httpsServer/httpServer/src/authorization/Client.java b/src/main/java/httpsServer/httpServer/src/authorization/Client.java
index a5d6a36..f0fd906 100644
--- a/src/main/java/httpsServer/httpServer/src/authorization/Client.java
+++ b/src/main/java/httpsServer/httpServer/src/authorization/Client.java
@@ -1,3 +1,19 @@
 package httpsServer.httpServer.src.authorization;
 
-public record Client(String username, String password) {}
+import java.util.Objects;
+
+public record Client(String username, String password) {
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj) return true;
+        if (obj == null || getClass() != obj.getClass()) return false;
+
+        Client other = (Client) obj;
+        return Objects.equals(username, other.username);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(username);
+    }
+}
diff --git a/src/main/java/httpsServer/httpServer/src/authorization/PasswordHasher.java b/src/main/java/httpsServer/httpServer/src/authorization/PasswordHasher.java
new file mode 100644
index 0000000..53472f6
--- /dev/null
+++ b/src/main/java/httpsServer/httpServer/src/authorization/PasswordHasher.java
@@ -0,0 +1,32 @@
+package httpsServer.httpServer.src.authorization;
+
+import org.springframework.security.crypto.bcrypt.BCrypt;
+
+import java.util.Scanner;
+
+public class PasswordHasher {
+
+    public static String genSalt(){
+        return BCrypt.gensalt(14);
+    }
+
+    public static String hashPassword(String password, String salt) {
+        return BCrypt.hashpw(password, salt);
+    }
+
+    public static void main(String[] args) {
+        System.out.print("Enter password: ");
+        Scanner in = new Scanner(System.in);
+        String password = in.nextLine();
+
+        String salt = genSalt();
+        String hashed = hashPassword(password, salt);
+
+        System.out.println("Hashed Password: " + hashed);
+
+        // Example of verifying a password
+        /*
+            boolean matches = BCrypt.checkpw(plainPassword, storedHash);
+        */
+    }
+}
\ No newline at end of file