fixed sonar findings

security/src/main/java/de/muehlencord/shared/security/OldPasswordUtil.java

@@ -10,7 +10,9 @@ import org.apache.commons.codec.binary.Base64;
 /**
  *
  * @author joern@muehlencord.de
+ * @Deprecated uses old algorithms, do not use this class anylonger
  */
+@Deprecated 
 public abstract class OldPasswordUtil {
 
     /** logging object */

security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java

@@ -18,11 +18,11 @@ public class PasswordUtil {
     private final static int PARALLELIZATION = 1;
     private final static int KEY_LENGTH = 32;
 
-    private final String SYSTEMSALT;
+    private final String systemsalt;
 
     public PasswordUtil(String systemSaltBase64Coded) {
         // TODO make some tests like lengths etc
-        this.SYSTEMSALT = systemSaltBase64Coded;
+        this.systemsalt = systemSaltBase64Coded;
     }
 
     public String getHash(String clearPassword) {
@@ -33,7 +33,7 @@ public class PasswordUtil {
         String userSalt = new String(Base64.encode(userSaltBytes));
 
         // create passwordhash with salt
-        String passwordHash = getPasswordHash(SYSTEMSALT, userSalt, clearPassword);
+        String passwordHash = getPasswordHash(systemsalt, userSalt, clearPassword);
 
         StringBuilder sb = new StringBuilder();
         sb.append(userSalt);
@@ -52,7 +52,7 @@ public class PasswordUtil {
         String userSalt = passwordHashWithSalt.substring(0, passwordHashWithSalt.indexOf(":"));
         String passwordHash = passwordHashWithSalt.substring(passwordHashWithSalt.indexOf(":")+1);
         
-        String validationHash = getPasswordHash(SYSTEMSALT, userSalt, clearPassword);
+        String validationHash = getPasswordHash(systemsalt, userSalt, clearPassword);
         return validationHash.equals(passwordHash);
     }