Remove Bouncycastle as direct dependency

By not directly depending on Bouncycastle (BC), we avoid conflicts between
different bouncycastle versions. It is also part of the developers job
to take care that all required security primitives are available. If
they are provide by BC or some other security provider should not be
up to Smack to decide.

We now only add BC as test dependency to satisfy this requirement when
the unit tests are executed.

smack-core/build.gradle

@@ -24,6 +24,7 @@ dependencies {
 	testCompile "org.assertj:assertj-core:3.11.1"
 	testCompile "org.xmlunit:xmlunit-assertj:$xmlUnitVersion"
 	testCompile 'com.jamesmurty.utils:java-xmlbuilder:1.2'
+	testCompile 'org.bouncycastle:bcprov-jdk15on:1.64'
 }
 
 class CreateFileTask extends DefaultTask {

smack-core/src/test/java/org/jivesoftware/smack/test/util/SmackTestSuite.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright © 2014-2019 Florian Schmaus
+ * Copyright © 2014-2020 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,11 +16,14 @@
  */
 package org.jivesoftware.smack.test.util;
 
+import java.security.Security;
 import java.util.Base64;
 
 import org.jivesoftware.smack.SmackConfiguration;
 import org.jivesoftware.smack.util.stringencoder.Base64.Encoder;
 
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 /**
  * The SmackTestSuite takes care of initializing Smack for the unit tests. For example the Base64
  * encoder is configured.
@@ -52,5 +55,7 @@ public byte[] encode(byte[] input) {
             }
 
         });
+
+        Security.addProvider(new BouncyCastleProvider());
     }
 }

smack-experimental/build.gradle

@@ -10,6 +10,5 @@ dependencies {
 	testCompile project(path: ":smack-core", configuration: "testRuntime")
 	testCompile project(path: ":smack-extensions", configuration: "testRuntime")
 
-	compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion"
 	compile "org.hsluv:hsluv:0.2"
 }

smack-experimental/src/main/java/org/jivesoftware/smackx/hashes/HashManager.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright © 2017 Paul Schaub, 2019 Florian Schmaus
+ * Copyright © 2017 Paul Schaub, 2019-2020 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,13 +42,10 @@
 
 import org.jivesoftware.smack.Manager;
 import org.jivesoftware.smack.XMPPConnection;
-import org.jivesoftware.smack.util.SecurityUtil;
 
 import org.jivesoftware.smackx.disco.ServiceDiscoveryManager;
 import org.jivesoftware.smackx.hashes.element.HashElement;
 
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 /**
  * Manager that can be used to determine support for hash functions. By default the Manager announces support for
  * XEP-0300, as well as for the recommended set of hash algorithms. Those contain SHA256, SHA384, SHA512, SHA3-256,
@@ -57,12 +54,6 @@
  */
 public final class HashManager extends Manager {
 
-    static {
-        // Remove any BC providers and add a fresh one.
-        // This is done, since older Android versions ship with a crippled BC provider.
-        SecurityUtil.ensureProviderAtFirstPosition(BouncyCastleProvider.class);
-    }
-
     public static final String PREFIX_NS_ALGO = "urn:xmpp:hash-function-text-names:";
 
     public enum NAMESPACE {

smack-experimental/src/test/java/org/jivesoftware/smackx/hashes/HashTest.java

@@ -18,9 +18,12 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
+import java.security.Security;
+
 import org.jivesoftware.smack.test.util.SmackTestSuite;
 import org.jivesoftware.smack.util.StringUtils;
 
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.junit.jupiter.api.Test;
 
 /**
@@ -30,6 +33,10 @@
  */
 public class HashTest extends SmackTestSuite {
 
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
     private static final String testString =     "Hello World!";
     private static final String md5sum =         "ed076287532e86365e841e92bfc50d8c";
     private static final String sha1sum =        "2ef7bde608ce5404e97d5f042f95f89f1c232871";

smack-omemo/build.gradle

@@ -7,7 +7,5 @@ dependencies {
 	compile project(":smack-extensions")
 	compile project(":smack-experimental")
 
-	compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion"
-
 	testCompile project(path: ":smack-core", configuration: "testRuntime")
 }

smack-omemo/src/main/java/org/jivesoftware/smackx/omemo/OmemoInitializer.java

@@ -17,9 +17,6 @@
 package org.jivesoftware.smackx.omemo;
 
 import org.jivesoftware.smack.initializer.UrlInitializer;
-import org.jivesoftware.smack.util.SecurityUtil;
-
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 /**
  * Initializer class that registers omemo providers.
@@ -29,12 +26,6 @@
 @SuppressWarnings("unused")
 public class OmemoInitializer extends UrlInitializer {
 
-    static {
-        // Remove any BC providers and add a fresh one.
-        // This is done, since older Android versions ship with a crippled BC provider.
-        SecurityUtil.ensureProviderAtFirstPosition(BouncyCastleProvider.class);
-    }
-
     @Override
     protected String getProvidersUri() {
         return "classpath:org.jivesoftware.smackx.omemo/omemo.providers";

smack-omemo/src/test/java/org/jivesoftware/smackx/omemo/WrapperObjectsTest.java

@@ -27,7 +27,6 @@
 import java.security.NoSuchAlgorithmException;
 
 import org.jivesoftware.smack.test.util.SmackTestSuite;
-
 import org.jivesoftware.smackx.omemo.element.OmemoElement;
 import org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException;
 import org.jivesoftware.smackx.omemo.internal.CipherAndAuthTag;

version.gradle

@@ -10,7 +10,6 @@ allprojects {
 		// - https://issues.igniterealtime.org/browse/SMACK-858
 		jxmppVersion = '0.7.0-alpha5'
 		miniDnsVersion = '0.4.0-alpha3'
-		bouncyCastleVersion = '1.62'
 		smackMinAndroidSdk = 19
 	}
 }