rework build a bit

Author: mkleene

.github/workflows/checks.yaml

@@ -85,15 +85,22 @@ jobs:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
-      - name: Maven Test Coverage
+      - name: Generate sources
         env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           BUF_INPUT_HTTPS_USERNAME: opentdf-bot
           BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }}
+        run: mvn --batch-mode clean generate-sources
+      - name: Tests and enforcer (fips)
+        run: mvn --batch-mode verify -P 'fips,!non-fips' -Dmaven.antrun.skip
+      - name: Tests with coverage and javadoc (non-fips)
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
-          mvn --batch-mode clean verify -P 'fips,!non-fips' && \
-          mvn --batch-mode verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dmaven.antrun.skip -Dsonar.projectKey=opentdf_java-sdk -P 'coverage,non-fips,!fips'
+          mvn --batch-mode verify javadoc:javadoc \
+            org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+            -Dmaven.antrun.skip -Dsonar.projectKey=opentdf_java-sdk \
+            -P 'coverage,non-fips,!fips'
 
   platform-integration:
     runs-on: ubuntu-22.04

sdk/pom.xml

@@ -483,20 +483,10 @@
                 <activeByDefault>true</activeByDefault>
             </activation>
             <dependencies>
-                <dependency>
-                    <groupId>org.bouncycastle</groupId>
-                    <artifactId>bcprov-jdk18on</artifactId>
-                    <scope>runtime</scope>
-                </dependency>
                 <dependency>
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>bcpkix-jdk18on</artifactId>
-                    <scope>runtime</scope>
-                </dependency>
-                <dependency>
-                    <groupId>org.bouncycastle</groupId>
-                    <artifactId>bctls-jdk18on</artifactId>
-                    <scope>runtime</scope>
+                    <scope>test</scope>
                 </dependency>
             </dependencies>
         </profile>

sdk/src/test/java.security.fips.test …c/test/resources/java.security.fips.testsdk/src/test/java.security.fips.test renamed to sdk/src/test/resources/java.security.fips.test sdk/src/test/java.security.fips.test renamed to sdk/src/test/resources/java.security.fips.test

@@ -3,12 +3,14 @@
 ssl.KeyManagerFactory.algorithm=PKIX
 ssl.TrustManagerFactory.algorithm=PKIX
 
+# the SUN provider is required so that we can get the NativePRNGBlocking algorithm
 securerandom.strongAlgorithms=NativePRNGBlocking:SUN
 
 security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
 security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
-# the SUN provider is required so that we can get the NativePRNGBlocking algorithm
 security.provider.3=SUN
+
+# since this file is appended we need to make sure that we remove the other providers
 security.provider.4=
 security.provider.5=
 security.provider.6=