We don't need BouncyCastle provider on Android

app/proguard-rules.pro

@@ -16,12 +16,6 @@
 #   public *;
 #}
 
-# BouncyCastle
--keep,allowoptimization class org.bouncycastle.jcajce.provider.asymmetric.rsa.**SHA1** { *; }
--keep,allowoptimization class org.bouncycastle.jcajce.provider.asymmetric.RSA** { *; }
--keep,allowoptimization class org.bouncycastle.jcajce.provider.digest.SHA1** { *; }
--dontwarn javax.naming.**
-
 # Snet
 -keepclassmembers class com.topjohnwu.magisk.utils.ISafetyNetHelper { *; }
 -keep,allowobfuscation interface com.topjohnwu.magisk.utils.ISafetyNetHelper$Callback
@@ -40,12 +34,6 @@
 # BootSigner
 -keepclassmembers class com.topjohnwu.signing.BootSigner { *; }
 
-# SVG
--dontwarn com.caverock.androidsvg.SVGAndroidRenderer
-
-# RetroStreams
--dontwarn java9.**
-
 # Strip logging
 -assumenosideeffects class com.topjohnwu.magisk.utils.Logger {
   public *** debug(...);

signing/build.gradle

@@ -35,6 +35,6 @@ dependencies {
     implementation fileTree(include: ['*.jar'], dir: 'libs')
 
     def bcVer = '1.61'
-    implementation "org.bouncycastle:bcprov-jdk15on:${bcVer}"
+    api "org.bouncycastle:bcprov-jdk15on:${bcVer}"
-    implementation "org.bouncycastle:bcpkix-jdk15on:${bcVer}"
+    api "org.bouncycastle:bcpkix-jdk15on:${bcVer}"
 }

signing/src/main/java/com/topjohnwu/signing/JarMap.java

@@ -23,7 +23,7 @@ import java.util.zip.ZipFile;
 * On the other hand, when a JarFile is provided, it simply works as a wrapper.
 * */
 
-public class JarMap implements Closeable, AutoCloseable {
+public class JarMap implements Closeable {
 
     private JarFile jarFile;
     private JarInputStream jis;
@@ -119,7 +119,10 @@ public class JarMap implements Closeable, AutoCloseable {
 
     @Override
     public void close() throws IOException {
-        (jarFile == null ? jis : jarFile).close();
+        if (jarFile != null)
+            jarFile.close();
+        else
+            jis.close();
     }
 
     private static class JarMapEntry extends JarEntry {

signing/src/main/java/com/topjohnwu/signing/SignAPK.java

@@ -11,7 +11,6 @@ import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.CMSTypedData;
 import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
@@ -60,16 +59,11 @@ public class SignAPK {
     private static final String CERT_SF_NAME = "META-INF/CERT.SF";
     private static final String CERT_SIG_NAME = "META-INF/CERT.%s";
 
-    private static Provider sBouncyCastleProvider;
+    private static Provider sBouncyCastleProvider = Security.getProvider("BC");
     // bitmasks for which hash algorithms we need the manifest to include.
     private static final int USE_SHA1 = 1;
     private static final int USE_SHA256 = 2;
 
-    static {
-        sBouncyCastleProvider = new BouncyCastleProvider();
-        Security.insertProviderAt(sBouncyCastleProvider, 1);
-    }
-
     public static void sign(JarMap input, OutputStream output) throws Exception {
         sign(SignAPK.class.getResourceAsStream("/keys/testkey.x509.pem"),
              SignAPK.class.getResourceAsStream("/keys/testkey.pk8"), input, output);

signing/src/main/java/com/topjohnwu/signing/SignBoot.java

@@ -12,7 +12,6 @@ import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERPrintableString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 import java.io.ByteArrayInputStream;
 import java.io.FilterInputStream;
@@ -23,7 +22,6 @@ import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.Security;
 import java.security.Signature;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateFactory;
@@ -32,10 +30,6 @@ import java.util.Arrays;
 
 public class SignBoot {
 
-    static {
-        Security.addProvider(new BouncyCastleProvider());
-    }
-
     private static class PushBackRWStream extends FilterInputStream {
         private OutputStream out;
         private int pos = 0;

signing/src/main/java/com/topjohnwu/signing/ZipSigner.java

@@ -1,9 +1,12 @@
 package com.topjohnwu.signing;
 
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.security.Security;
 
 public class ZipSigner {
 
@@ -22,6 +25,8 @@ public class ZipSigner {
         if (args.length != 2 && args.length != 4 && args.length != 6)
             usage();
 
+        Security.insertProviderAt(new BouncyCastleProvider(), 1);
+
         try (JarMap in = new JarMap(args[args.length - 2], false);
              OutputStream out = new FileOutputStream(args[args.length - 1])) {
             if (args.length == 2) {