Remove compile dependency on Guava

Only needed as test dependency now

commons/pom.xml

@@ -0,0 +1,33 @@
+<project>
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>io.github.nbaars</groupId>
+        <artifactId>paseto4j</artifactId>
+        <version>0.0.15-SNAPSHOT</version>
+    </parent>
+    <artifactId>paseto4j-commons</artifactId>
+    <packaging>jar</packaging>
+    <name>paseto4j-commons</name>
+
+    <properties>
+        <sonar.coverage.jacoco.xmlReportPaths>target/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
+    </properties>
+
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>3.2.0</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

commons/src/main/java/org/paseto4j/commons/ByteUtils.java

@@ -0,0 +1,25 @@
+package org.paseto4j.commons;
+
+public class ByteUtils {
+
+    private ByteUtils() {
+
+    }
+
+    public static byte[] concat(byte[]... arrays) {
+        var length = 0;
+
+        for (var i = 0; i < arrays.length; i++) {
+            length = length + arrays[i].length;
+        }
+
+        var result = new byte[length];
+        var end = 0;
+        for (var i = 0; i < arrays.length; i++) {
+            System.arraycopy(arrays[i], 0, result, end, arrays[i].length);
+            end += arrays[i].length;
+        }
+
+        return result;
+    }
+}

commons/src/main/java/org/paseto4j/commons/Conditions.java

@@ -0,0 +1,17 @@
+package org.paseto4j.commons;
+
+public class Conditions {
+
+    private Conditions() {
+    }
+
+    public static void verify(boolean expression, String errorMessage) {
+        if (!expression) {
+            throw new PasetoException(errorMessage);
+        }
+    }
+
+    public static boolean isNullOrEmpty(String str) {
+        return str == null || str.isEmpty();
+    }
+}

commons/src/main/java/org/paseto4j/commons/PasetoException.java

@@ -0,0 +1,8 @@
+package org.paseto4j.commons;
+
+public class PasetoException extends RuntimeException {
+
+    public PasetoException(String errorMessage) {
+        super(errorMessage);
+    }
+}

commons/src/test/java/org/paseto4j/commons/HexToBytes.java

@@ -0,0 +1,14 @@
+package org.paseto4j.commons;
+
+import com.google.common.io.BaseEncoding;
+
+public class HexToBytes {
+
+    public static byte[] hexToBytes(String hex) {
+        return BaseEncoding.base16().lowerCase().decode(hex);
+    }
+
+    public static String hexEncode(byte[] bytes) {
+        return BaseEncoding.base16().lowerCase().encode(bytes);
+    }
+}

examples/pom.xml

@@ -7,7 +7,7 @@
     </parent>
     <artifactId>paseto4j-examples</artifactId>
     <packaging>jar</packaging>
-    <name>paseto4j-version1</name>
+    <name>paseto4j-examples</name>
 
     <properties>
         <paseto4j.deploy.skip>true</paseto4j.deploy.skip>

pom.xml

@@ -33,6 +33,8 @@
         <maven.compiler.target>11</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
+        <bouncy.castle.version>1.69</bouncy.castle.version>
+
         <sonar.host.url>https://sonarcloud.io/</sonar.host.url>
         <sonar.organization>nbaars-github</sonar.organization>
         <sonar.projectKey>nbaars_paseto4j</sonar.projectKey>
@@ -43,6 +45,10 @@
         <sonar.surefire.reportsPath>${project.build.directory}/surefire-reports</sonar.surefire.reportsPath>
 
         <paseto4j.deploy.skip>false</paseto4j.deploy.skip>
+        <jnr-ffi.version>2.1.8</jnr-ffi.version>
+        <tuweni.version>2.0.0</tuweni.version>
+        <junit.version>5.2.0</junit.version>
+        <guava.version>30.0-jre</guava.version>
     </properties>
 
     <profiles>
@@ -124,36 +130,36 @@
     </distributionManagement>
 
     <modules>
+        <module>commons</module>
         <module>version1</module>
         <module>version2</module>
         <module>examples</module>
     </modules>
 
     <dependencies>
-        <dependency>
-            <groupId>com.squareup.okio</groupId>
-            <artifactId>okio</artifactId>
-            <version>1.14.1</version>
-        </dependency>
-        <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <version>30.0-jre</version>
-        </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.2.0</version>
+            <version>${junit.version}</version>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.2.0</version>
+            <version>${junit.version}</version>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.2.0</version>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>${guava.version}</version>
+            <scope>test</scope>
         </dependency>
     </dependencies>
 

version1/pom.xml

@@ -15,20 +15,28 @@
 
 
     <dependencies>
+        <dependency>
+            <groupId>io.github.nbaars</groupId>
+            <artifactId>paseto4j-commons</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.69</version>
+            <version>${bouncy.castle.version}</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpkix-jdk15on</artifactId>
-            <version>1.69</version>
+            <version>${bouncy.castle.version}</version>
         </dependency>
+
         <dependency>
-            <groupId>org.apache.tuweni</groupId>
-            <artifactId>tuweni-bytes</artifactId>
-            <version>2.0.0</version>
+            <groupId>io.github.nbaars</groupId>
+            <artifactId>paseto4j-commons</artifactId>
+            <version>${project.version}</version>
+            <classifier>tests</classifier>
+            <scope>test</scope>
         </dependency>
     </dependencies>
 </project>

version1/src/main/java/org/paseto4j/version1/CryptoFunctions.java

@@ -24,7 +24,6 @@
 
 package org.paseto4j.version1;
 
-import com.google.common.base.Verify;
 import org.bouncycastle.crypto.CryptoException;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;
@@ -36,6 +35,7 @@
 import org.bouncycastle.crypto.util.PrivateKeyFactory;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.paseto4j.commons.Conditions;
 
 import javax.crypto.Cipher;
 import javax.crypto.Mac;
@@ -141,7 +141,7 @@ public static byte[] signRsaPssSha384(byte[] privateKey, byte[] msg) {
 
         try {
             RSAPrivateCrtKeyParameters key = (RSAPrivateCrtKeyParameters) PrivateKeyFactory.createKey(privateKey);
-            Verify.verify(key.getModulus().bitLength() == 2048, "RSA 2048 should be used");
+            Conditions.verify(key.getModulus().bitLength() == 2048, "RSA 2048 should be used");
 
             signer.init(true, key);
             signer.update(msg, 0, msg.length);

version1/src/main/java/org/paseto4j/version1/PasetoLocal.java

@@ -24,20 +24,21 @@
 
 package org.paseto4j.version1;
 
-import com.google.common.primitives.Bytes;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.paseto4j.commons.ByteUtils;
+import org.paseto4j.commons.PreAuthenticationEncoder;
 
+import java.security.MessageDigest;
 import java.security.Security;
 import java.util.Arrays;
 import java.util.Base64;
 
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Strings.isNullOrEmpty;
-import static com.google.common.base.Verify.verify;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.Base64.getUrlDecoder;
 import static java.util.Base64.getUrlEncoder;
+import static java.util.Objects.requireNonNull;
+import static org.paseto4j.commons.Conditions.isNullOrEmpty;
+import static org.paseto4j.commons.Conditions.verify;
 import static org.paseto4j.version1.CryptoFunctions.*;
 
 class PasetoLocal {
@@ -48,7 +49,8 @@ class PasetoLocal {
 
     private static final String LOCAL = "v1.local.";
 
-    private PasetoLocal() {}
+    private PasetoLocal() {
+    }
 
     /**
      * https://github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Version1.md#encrypt
@@ -61,9 +63,9 @@ public static String encrypt(byte[] key, String payload, String footer) {
      * https://github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Version1.md#encrypt
      */
     static String encrypt(byte[] key, byte[] randomKey, String payload, String footer) {
-        checkNotNull(key);
-        checkNotNull(payload);
-        checkArgument(key.length == 32, "key should be 32 bytes");
+        requireNonNull(key);
+        requireNonNull(payload);
+        verify(key.length == 32, "key should be 32 bytes");
 
         //3
         byte[] nonce = getNonce(payload.getBytes(UTF_8), randomKey);
@@ -76,13 +78,13 @@ static String encrypt(byte[] key, byte[] randomKey, String payload, String foote
         byte[] cipherText = encryptAesCtr(ek, Arrays.copyOfRange(nonce, 16, 32), payload.getBytes(UTF_8));
 
         //6
-        byte[] preAuth = Util.pae(LOCAL.getBytes(UTF_8), nonce, cipherText, footer.getBytes(UTF_8));
+        byte[] preAuth = PreAuthenticationEncoder.encode(LOCAL.getBytes(UTF_8), nonce, cipherText, footer.getBytes(UTF_8));
 
         //7
         byte[] t = hmac384(ak, preAuth);
 
         //8
-        String signedToken = LOCAL + getUrlEncoder().withoutPadding().encodeToString(Bytes.concat(nonce, cipherText, t));
+        String signedToken = LOCAL + getUrlEncoder().withoutPadding().encodeToString(ByteUtils.concat(nonce, cipherText, t));
 
         if (!isNullOrEmpty(footer)) {
             signedToken = signedToken + "." + Base64.getUrlEncoder().withoutPadding().encodeToString(footer.getBytes(UTF_8));
@@ -106,9 +108,9 @@ private static byte[] authenticationKey(byte[] key, byte[] nonce) {
      * https://github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Version1.md#decrypt
      */
     static String decrypt(byte[] key, String token, String footer) {
-        checkNotNull(key);
-        checkNotNull(token);
-        checkArgument(key.length == 32, "Secret key should be 32 bytes");
+        requireNonNull(key);
+        requireNonNull(token);
+        verify(key.length == 32, "Secret key should be 32 bytes");
 
         String[] tokenParts = token.split("\\.");
         verify(tokenParts.length == 3 || tokenParts.length == 4, "Token should contain at least 3 parts");
@@ -132,13 +134,15 @@ static String decrypt(byte[] key, String token, String footer) {
         byte[] ak = authenticationKey(key, nonce);
 
         //5
-        byte[] preAuth = Util.pae(LOCAL.getBytes(UTF_8), nonce, c, footer.getBytes(UTF_8));
+        byte[] preAuth = PreAuthenticationEncoder.encode(LOCAL.getBytes(UTF_8), nonce, c, footer.getBytes(UTF_8));
 
         //6
         byte[] t2 = hmac384(ak, preAuth);
 
         //7
-        verify(Arrays.equals(t, t2));
+        if (!MessageDigest.isEqual(t, t2)) {
+            throw new IllegalStateException("HMAC verification failed");
+        }
 
         //8
         byte[] message = decryptAesCtr(ek, Arrays.copyOfRange(nonce, 16, 32), c);