HashedPassword: Remove dependency on apache commons codec

The dependency is only needed for the DecoderException which is
only thrown internally from the HashedPassword implementation.

Replace it with an inner class of the same name, thus removing the
dependency.

Change-Id: I6a8b7ab430badc7115e582f1933cb64cd7692ba0

java/com/google/gerrit/server/account/HashedPassword.java

@@ -22,7 +22,6 @@ import com.google.common.primitives.Ints;
 import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 import java.util.List;
-import org.apache.commons.codec.DecoderException;
 import org.bouncycastle.crypto.generators.BCrypt;
 import org.bouncycastle.util.Arrays;
 
@@ -39,6 +38,14 @@ public class HashedPassword {
   // for a high cost.
   private static final int DEFAULT_COST = 4;
 
+  public static class DecoderException extends Exception {
+    private static final long serialVersionUID = 1L;
+
+    public DecoderException(String message) {
+      super(message);
+    }
+  }
+
   /**
    * decodes a hashed password encoded with {@link #encode}.
    *

java/com/google/gerrit/server/account/externalids/ExternalIdsConsistencyChecker.java

@@ -30,7 +30,6 @@ import com.google.inject.Singleton;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
-import org.apache.commons.codec.DecoderException;
 import org.eclipse.jgit.errors.ConfigInvalidException;
 import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.Repository;
@@ -131,7 +130,7 @@ public class ExternalIdsConsistencyChecker {
     if (extId.password() != null && extId.isScheme(SCHEME_USERNAME)) {
       try {
         HashedPassword.decode(extId.password());
-      } catch (DecoderException e) {
+      } catch (HashedPassword.DecoderException e) {
         addError(
             String.format(
                 "External ID '%s' has an invalid password: %s", extId.key().get(), e.getMessage()),

java/com/google/gerrit/server/account/externalids/PasswordVerifier.java

@@ -21,7 +21,6 @@ import com.google.common.flogger.FluentLogger;
 import com.google.gerrit.common.Nullable;
 import com.google.gerrit.server.account.HashedPassword;
 import java.util.Collection;
-import org.apache.commons.codec.DecoderException;
 
 /** Checks if a given username and password match a user's external IDs. */
 public class PasswordVerifier {
@@ -43,7 +42,7 @@ public class PasswordVerifier {
       if (!Strings.isNullOrEmpty(hashedStr)) {
         try {
           return HashedPassword.decode(hashedStr).checkPassword(password);
-        } catch (DecoderException e) {
+        } catch (HashedPassword.DecoderException e) {
           logger.atSevere().log("DecoderException for user %s: %s ", username, e.getMessage());
           return false;
         }

javatests/com/google/gerrit/server/account/HashedPasswordTest.java

@@ -18,7 +18,7 @@ import static com.google.common.truth.Truth.assertThat;
 import static com.google.gerrit.testing.GerritJUnit.assertThrows;
 
 import com.google.common.base.Strings;
-import org.apache.commons.codec.DecoderException;
+import com.google.gerrit.server.account.HashedPassword.DecoderException;
 import org.junit.Test;
 
 public class HashedPasswordTest {