Remove java.util.Base64

java.util.Base64 was not added until JDK8, so we should use
Spring Security's Base64 in 4.x

Issue: gh-5323

crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java

@@ -15,7 +15,7 @@
  */
 package org.springframework.security.crypto.keygen;
 
-import java.util.Base64;
+import org.springframework.security.crypto.codec.Base64;
 
 /**
  * A StringKeyGenerator that generates base64-encoded String keys. Delegates to a
@@ -28,7 +28,6 @@ import java.util.Base64;
 public class Base64StringKeyGenerator implements StringKeyGenerator {
 	private static final int DEFAULT_KEY_LENGTH = 32;
 	private final BytesKeyGenerator keyGenerator;
-	private final Base64.Encoder encoder;
 
 	/**
 	 * Creates an instance with keyLength of 32 bytes and standard Base64 encoding.
@@ -43,37 +42,16 @@ public class Base64StringKeyGenerator implements StringKeyGenerator {
 	 * @param keyLength the key length in bytes
 	 */
 	public Base64StringKeyGenerator(int keyLength) {
-		this(Base64.getEncoder(), keyLength);
-	}
-
-	/**
-	 * Creates an instance with keyLength of 32 bytes and the provided encoder.
-	 * @param encoder the encoder to use
-	 */
-	public Base64StringKeyGenerator(Base64.Encoder encoder) {
-		this(encoder, DEFAULT_KEY_LENGTH);
-	}
-
-	/**
-	 * Creates an instance with the provided key length and encoder.
-	 * @param encoder the encoder to use
-	 * @param keyLength the key length to use
-	 */
-	public Base64StringKeyGenerator(Base64.Encoder encoder, int keyLength) {
-		if(encoder == null) {
-			throw new IllegalArgumentException("encode cannot be null");
-		}
 		if(keyLength < DEFAULT_KEY_LENGTH) {
 			throw new IllegalArgumentException("keyLength must be greater than or equal to" + DEFAULT_KEY_LENGTH);
 		}
-		this.encoder = encoder;
 		this.keyGenerator = KeyGenerators.secureRandom(keyLength);
 	}
 
 	@Override
 	public String generateKey() {
 		byte[] key = this.keyGenerator.generateKey();
-		byte[] base64EncodedKey = this.encoder.encode(key);
+		byte[] base64EncodedKey = Base64.encode(key);
 		return new String(base64EncodedKey);
 	}
 }

crypto/src/main/java/org/springframework/security/crypto/password/LdapShaPasswordEncoder.java

@@ -16,12 +16,12 @@
 
 package org.springframework.security.crypto.password;
 
+import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
 import java.security.MessageDigest;
-import java.util.Base64;
 
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
@@ -132,13 +132,13 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
 			prefix = forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
 		}
 
-		return prefix + Utf8.decode(Base64.getEncoder().encode(hash));
+		return prefix + Utf8.decode(Base64.encode(hash));
 	}
 
 	private byte[] extractSalt(String encPass) {
 		String encPassNoLabel = encPass.substring(6);
 
-		byte[] hashAndSalt = Base64.getDecoder().decode(encPassNoLabel.getBytes());
+		byte[] hashAndSalt = Base64.decode(encPassNoLabel.getBytes());
 		int saltLength = hashAndSalt.length - SHA_LENGTH;
 		byte[] salt = new byte[saltLength];
 		System.arraycopy(hashAndSalt, SHA_LENGTH, salt, 0, saltLength);

crypto/src/main/java/org/springframework/security/crypto/password/Md4PasswordEncoder.java

@@ -15,13 +15,12 @@
  */
 package org.springframework.security.crypto.password;
 
+import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 
-import java.util.Base64;
-
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered secure.
  *
@@ -120,7 +119,7 @@ public class Md4PasswordEncoder implements PasswordEncoder {
 
 	private String encode(byte[] digest) {
 		if (this.encodeHashAsBase64) {
-			return Utf8.decode(Base64.getEncoder().encode(digest));
+			return Utf8.decode(Base64.encode(digest));
 		}
 		else {
 			return new String(Hex.encode(digest));

crypto/src/main/java/org/springframework/security/crypto/password/MessageDigestPasswordEncoder.java

@@ -15,13 +15,13 @@
  */
 package org.springframework.security.crypto.password;
 
+import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 
 import java.security.MessageDigest;
-import java.util.Base64;
 
 /**
  * This {@link PasswordEncoder} is provided for legacy purposes only and is not considered secure.
@@ -126,7 +126,7 @@ public class MessageDigestPasswordEncoder implements PasswordEncoder {
 
 	private String encode(byte[] digest) {
 		if (this.encodeHashAsBase64) {
-			return Utf8.decode(Base64.getEncoder().encode(digest));
+			return Utf8.decode(Base64.encode(digest));
 		}
 		else {
 			return new String(Hex.encode(digest));

crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java

@@ -17,11 +17,11 @@ package org.springframework.security.crypto.password;
 
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
 
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
 
+import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
@@ -132,7 +132,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	private String encode(byte[] bytes) {
 		if(this.encodeHashAsBase64) {
-			return Base64.getEncoder().encodeToString(bytes);
+			return Utf8.decode(Base64.encode(bytes));
 		}
 		return String.valueOf(Hex.encode(bytes));
 	}
@@ -161,7 +161,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	private byte[] decode(String encodedBytes) {
 		if(this.encodeHashAsBase64) {
-			return Base64.getDecoder().decode(encodedBytes);
+			return Base64.decode(Utf8.encode(encodedBytes));
 		}
 		return Hex.decode(encodedBytes);
 	}

crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java

@@ -16,15 +16,14 @@
 
 package org.springframework.security.crypto.keygen;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 import org.junit.Test;
-
-import java.util.Base64;
-
-import static org.assertj.core.api.Assertions.*;
+import org.springframework.security.crypto.codec.Base64;
 
 /**
  * @author Rob Winch
- * @since 5.0
+ * @since 4.2.6
  */
 public class Base64StringKeyGeneratorTests {
 	@Test(expected = IllegalArgumentException.class)
@@ -32,35 +31,16 @@ public class Base64StringKeyGeneratorTests {
 		new Base64StringKeyGenerator(31);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
-	public void constructorEncoderWhenEncoderNullThenThrowsIllegalArgumentException() {
-		Base64.Encoder encoder = null;
-		new Base64StringKeyGenerator(null);
-	}
-
 	@Test
 	public void generateKeyWhenDefaultConstructorThen32Bytes() {
 		String result = new Base64StringKeyGenerator().generateKey();
-		assertThat(Base64.getDecoder().decode(result.getBytes())).hasSize(32);
+		assertThat(Base64.decode(result.getBytes())).hasSize(32);
 	}
 
 	@Test
 	public void generateKeyWhenCustomKeySizeThen32Bytes() {
 		int size = 40;
 		String result = new Base64StringKeyGenerator(size).generateKey();
-		assertThat(Base64.getDecoder().decode(result.getBytes())).hasSize(size);
-	}
-
-	@Test
-	public void generateKeyWhenBase64Then32Bytes() {
-		String result = new Base64StringKeyGenerator(Base64.getUrlEncoder()).generateKey();
-		assertThat(Base64.getUrlDecoder().decode(result.getBytes())).hasSize(32);
-	}
-
-	@Test
-	public void generateKeyWhenBase64AndCustomKeySizeThen32Bytes() {
-		int size = 40;
-		String result = new Base64StringKeyGenerator(Base64.getUrlEncoder(), size).generateKey();
-		assertThat(Base64.getUrlDecoder().decode(result.getBytes())).hasSize(size);
+		assertThat(Base64.decode(result.getBytes())).hasSize(size);
 	}
 }

crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java

@@ -19,7 +19,9 @@ import java.util.Arrays;
 
 import org.junit.Test;
 
+import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.crypto.codec.Hex;
+import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.security.crypto.keygen.KeyGenerators;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -91,7 +93,7 @@ public class Pbkdf2PasswordEncoderTests {
 		String encodedPassword = "3FOwOMcDgxP+z1x/sv184LFY2WVD+ZGMgYP3LPOSmCcDmk1XPYvcCQ==";
 
 		assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue();
-		java.util.Base64.getDecoder().decode(encodedPassword); // validate can decode as Base64
+		Base64.decode(Utf8.encode(encodedPassword)); // validate can decode as Base64
 	}
 
 	@Test