Remove bcprov from direct dependencies - a major step towards eventually removing Bouncy Castle

assets/src/main/resources/META-INF/services/bisq.asset.Asset

@@ -40,7 +40,6 @@ bisq.asset.coins.Donu
 bisq.asset.coins.Dragonglass
 bisq.asset.coins.DSTRA
 bisq.asset.coins.Emercoin
-bisq.asset.coins.Ergo
 bisq.asset.coins.Ether
 bisq.asset.coins.EtherClassic
 bisq.asset.coins.FourtyTwo

build.gradle

@@ -158,7 +158,6 @@ configure(project(':assets')) {
         compile "com.google.guava:guava:$guavaVersion"
         compile "org.slf4j:slf4j-api:$slf4jVersion"
         compile "org.apache.commons:commons-lang3:$langVersion"
-        compile "org.bouncycastle:bcpg-jdk15on:$bcVersion"
     }
 }
 
@@ -199,7 +198,6 @@ configure(project(':common')) {
             exclude(module: 'protobuf-java')
         }
         compile "org.jetbrains:annotations:$jetbrainsAnnotationsVersion"
-        runtime "org.bouncycastle:bcprov-jdk15on:$bcVersion"
         compile "org.bouncycastle:bcpg-jdk15on:$bcVersion"
         compile "commons-io:commons-io:$ioVersion"
         compile "org.apache.commons:commons-lang3:$langVersion"
@@ -396,7 +394,6 @@ configure(project(':seednode')) {
 
     dependencies {
         compile project(':core')
-        runtime "org.bouncycastle:bcprov-jdk15on:$bcVersion"
         compileOnly "org.projectlombok:lombok:$lombokVersion"
         annotationProcessor "org.projectlombok:lombok:$lombokVersion"
         testCompile "org.springframework:spring-test:$springVersion"

common/src/main/java/bisq/common/crypto/CryptoUtils.java

@@ -38,4 +38,3 @@ public static byte[] getRandomBytes(int size) {
         return bytes;
     }
 }
-

common/src/main/java/bisq/common/crypto/Encryption.java

@@ -18,8 +18,7 @@
 package bisq.common.crypto;
 
 import bisq.common.util.Utilities;
-
-import org.bouncycastle.util.encoders.Hex;
+import bisq.common.util.Hex;
 
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
@@ -177,7 +176,7 @@ public static byte[] encryptPayloadWithHmac(byte[] payload, SecretKey secretKey)
 
     public static byte[] decryptPayloadWithHmac(byte[] encryptedPayloadWithHmac, SecretKey secretKey) throws CryptoException {
         byte[] payloadWithHmac = decrypt(encryptedPayloadWithHmac, secretKey);
-        String payloadWithHmacAsHex = Hex.toHexString(payloadWithHmac);
+        String payloadWithHmacAsHex = Hex.encode(payloadWithHmac);
         // first part is raw message
         int length = payloadWithHmacAsHex.length();
         int sep = length - 64;

common/src/main/java/bisq/common/crypto/PGP.java

@@ -17,6 +17,8 @@
 
 package bisq.common.crypto;
 
+import bisq.common.util.Hex;
+
 import com.google.common.base.Charsets;
 
 import org.bouncycastle.bcpg.BCPGKey;
@@ -27,7 +29,6 @@
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.jcajce.JcaPGPPublicKeyRingCollection;
-import org.bouncycastle.util.encoders.Hex;
 
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
@@ -71,7 +72,7 @@ public static PGPPublicKey getPubKeyFromPem(@Nullable String pem) {
                                 log.debug(pgpPublicKey.getClass().getName()
                                         + " KeyID: " + Long.toHexString(pgpPublicKey.getKeyID())
                                         + " type: " + pgpPublicKey.getAlgorithm()
-                                        + " fingerprint: " + new String(Hex.encode(pgpPublicKey.getFingerprint())));
+                                        + " fingerprint: " + Hex.encode(pgpPublicKey.getFingerprint()));
 
                                 BCPGKey bcKey = pgpPublicKey.getPublicKeyPacket().getKey();
                                 log.debug(bcKey.getClass().getName());

common/src/main/java/bisq/common/crypto/Sig.java

@@ -18,11 +18,10 @@
 package bisq.common.crypto;
 
 import bisq.common.util.Utilities;
+import bisq.common.util.Base64;
 
 import com.google.common.base.Charsets;
 
-import org.bouncycastle.util.encoders.Base64;
-
 import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
@@ -95,7 +94,7 @@ public static byte[] sign(PrivateKey privateKey, byte[] data) throws CryptoExcep
      */
     public static String sign(PrivateKey privateKey, String message) throws CryptoException {
         byte[] sigAsBytes = sign(privateKey, message.getBytes(Charsets.UTF_8));
-        return Base64.toBase64String(sigAsBytes);
+        return Base64.encode(sigAsBytes);
     }
 
     /**
@@ -143,4 +142,3 @@ public static byte[] getPublicKeyBytes(PublicKey sigPublicKey) {
         return new X509EncodedKeySpec(sigPublicKey.getEncoded()).getEncoded();
     }
 }
-

common/src/main/java/bisq/common/util/Base64.java

@@ -0,0 +1,33 @@
+/*
+ * This file is part of Bisq.
+ *
+ * Bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package bisq.common.util;
+
+/**
+ * We use Java 8 builtin Base64 because it is much faster than Guava and Apache versions:
+ * http://java-performance.info/base64-encoding-and-decoding-performance/
+ */
+public class Base64 {
+
+    public static byte[] decode(String base64) {
+        return java.util.Base64.getDecoder().decode(base64);
+    }
+
+    public static String encode(byte[] bytes) {
+        return java.util.Base64.getEncoder().encodeToString(bytes);
+    }
+}

common/src/main/java/bisq/common/util/Hex.java

@@ -0,0 +1,31 @@
+/*
+ * This file is part of Bisq.
+ *
+ * Bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package bisq.common.util;
+
+import com.google.common.io.BaseEncoding;
+
+public class Hex {
+
+    public static byte[] decode(String hex) {
+        return BaseEncoding.base16().lowerCase().decode(hex.toLowerCase());
+    }
+
+    public static String encode(byte[] bytes) {
+        return BaseEncoding.base16().lowerCase().encode(bytes);
+    }
+}

core/src/test/java/bisq/core/crypto/EncryptionTest.java

@@ -22,11 +22,8 @@
 import bisq.common.crypto.KeyStorage;
 import bisq.common.storage.FileUtil;
 
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.Security;
 import java.security.cert.CertificateException;
 
 import java.io.File;
@@ -62,5 +59,3 @@ public void tearDown() throws IOException {
 
 
 }
-
-

p2p/src/main/java/bisq/network/p2p/storage/P2PDataStorage.java

@@ -60,6 +60,7 @@
 import bisq.common.storage.Storage;
 import bisq.common.util.Tuple2;
 import bisq.common.util.Utilities;
+import bisq.common.util.Hex;
 
 import com.google.protobuf.ByteString;
 
@@ -69,8 +70,6 @@
 
 import org.apache.commons.lang3.StringUtils;
 
-import org.bouncycastle.util.encoders.Hex;
-
 import java.security.KeyPair;
 import java.security.PublicKey;
 
@@ -890,7 +889,7 @@ public static final class ByteArray implements PersistablePayload {
         @Override
         public String toString() {
             return "ByteArray{" +
-                    "bytes as Hex=" + Hex.toHexString(bytes) +
+                    "bytes as Hex=" + Hex.encode(bytes) +
                     '}';
         }
 

pricenode/src/main/java/bisq/price/spot/providers/BitcoinAverage.java

@@ -19,6 +19,7 @@
 
 import bisq.price.spot.ExchangeRate;
 import bisq.price.spot.ExchangeRateProvider;
+import bisq.common.util.Hex;
 
 import org.knowm.xchange.bitcoinaverage.dto.marketdata.BitcoinAverageTicker;
 import org.knowm.xchange.bitcoinaverage.dto.marketdata.BitcoinAverageTickers;
@@ -32,8 +33,6 @@
 
 import com.google.common.base.Charsets;
 
-import org.bouncycastle.util.encoders.Hex;
-
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -120,7 +119,7 @@ private Map<String, BitcoinAverageTicker> getTickersKeyedByCurrencyPair() {
 
     protected String getAuthSignature() {
         String payload = String.format("%s.%s", Instant.now().getEpochSecond(), pubKey);
-        return String.format("%s.%s", payload, Hex.toHexString(mac.doFinal(payload.getBytes(Charsets.UTF_8))));
+        return String.format("%s.%s", payload, Hex.encode(mac.doFinal(payload.getBytes(Charsets.UTF_8))));
     }
 
     private static Mac initMac(String privKey) {