Hashing with Argon2 in Java (#14009)

* Hashing with Argon2 in Java

* Hashing with Argon2 in Java

core-java-modules/core-java-security-3/pom.xml

@@ -30,12 +30,18 @@
             <artifactId>jaxb-api</artifactId>
             <version>${jaxb-api.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-crypto</artifactId>
+            <version>${spring-security-crypto.version}</version>
+        </dependency>
     </dependencies>
 
     <properties>
-        <bouncycastle.version>1.60</bouncycastle.version>
+        <bouncycastle.version>1.70</bouncycastle.version>
         <commons-codec.version>1.11</commons-codec.version>
         <jaxb-api.version>2.3.1</jaxb-api.version>
+        <spring-security-crypto.version>6.0.3</spring-security-crypto.version>
     </properties>
 
 </project>

core-java-modules/core-java-security-3/src/test/java/com/baeldung/hash/argon/HashPasswordUnitTest.java

@@ -0,0 +1,65 @@
+package com.baeldung.hash.argon;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.nio.charset.StandardCharsets;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
+import org.bouncycastle.crypto.params.Argon2Parameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
+
+import java.util.Arrays;
+import java.util.Base64;
+
+public class HashPasswordUnitTest {
+
+    @Test
+    public void givenRawPassword_whenEncodedWithArgon2_thenMatchesEncodedPassword() {
+        String rawPassword = "Baeldung";
+
+        Argon2PasswordEncoder arg2SpringSecurity = new Argon2PasswordEncoder(16, 32, 1, 60000, 10);
+        String hashPassword = arg2SpringSecurity.encode(rawPassword);
+
+        assertTrue(arg2SpringSecurity.matches(rawPassword, hashPassword));
+    }
+
+    @Test
+    public void givenRawPasswordAndSalt_whenArgon2AlgorithmIsUsed_thenHashIsCorrect() {
+        byte[] salt = generateSalt16Byte();
+        String password = "Baeldung";
+
+        int iterations = 2;
+        int memLimit = 66536;
+        int hashLength = 32;
+        int parallelism = 1;
+        Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id).withVersion(Argon2Parameters.ARGON2_VERSION_13)
+          .withIterations(iterations)
+          .withMemoryAsKB(memLimit)
+          .withParallelism(parallelism)
+          .withSalt(salt);
+
+        Argon2BytesGenerator generate = new Argon2BytesGenerator();
+        generate.init(builder.build());
+        byte[] result = new byte[hashLength];
+        generate.generateBytes(password.getBytes(StandardCharsets.UTF_8), result, 0, result.length);
+
+        Argon2BytesGenerator verifier = new Argon2BytesGenerator();
+        verifier.init(builder.build());
+        byte[] testHash = new byte[hashLength];
+        verifier.generateBytes(password.getBytes(StandardCharsets.UTF_8), testHash, 0, testHash.length);
+
+        assertTrue(Arrays.equals(result, testHash));
+    }
+
+    private static byte[] generateSalt16Byte() {
+        SecureRandom secureRandom = new SecureRandom();
+        byte[] salt = new byte[16];
+        secureRandom.nextBytes(salt);
+        return salt;
+    }
+
+}