I have this jOOQ 3.14.4, Scala 2.13 code, that is mixed with some deprecated Play code:
val user = Option(sql
.selectFrom(USER)
.where(USER.EMAIL.equal(email))
.and(USER.PASSWORD.equal(crypto.sign(password)))
.fetchOne())
Note that email and password are Strings.
Now, I want to replace the code that uses the Play deprecated Crypto with a new Java method (which I got from the jBCrypt library):
public static boolean checkpw(String plaintext, String hashed)
1. How can I use BCrypt.checkpw(...) inside the jOOQ code?
equal does not return a boolean, and how do I extract the actual String value in the USER.PASSWORD TableField?
Example of using the BCrypt.checkpw method:
// Check that an unencrypted password matches one that has
// previously been hashed
if (BCrypt.checkpw(candidate, hashed))
System.out.println("It matches");
else
System.out.println("It does not match");
2. Is jBCrypt considered secure, from a cryptographic point of view, for the purpose of encrypting passwords for saving them in a production database?
I don't know the answer to your second question (which I recommend you ask in a new question. The two aren't related). Here's the answer to your first one:
- How can I use BCrypt.checkpw(...) inside the jOOQ code?
With this method signature, you'll have to fetch the hashed password from your database, instead of checking it with SQL. You cannot execute the Java logic behind checkpw in the database. So do this, instead:
val user = Option(sql
.selectFrom(USER)
.where(USER.EMAIL.equal(email))
.fetchOne())
.filter(u => BCrypt.checkpw(password, u.getPassword))