We don't need BouncyCastle provider on Android

2019-05-12 16:06:22 -07:00 · 2019-05-12 16:06:22 -07:00 · e7339ba619
parent d9ad7d522c
commit e7339ba619
6 changed files with 13 additions and 29 deletions
--- a/app/proguard-rules.pro
+++ b/app/proguard-rules.pro
@ -16,12 +16,6 @@
 #   public *;
 #}

-# BouncyCastle
-keep,allowoptimization class org.bouncycastle.jcajce.provider.asymmetric.rsa.**SHA1** { *; }
-keep,allowoptimization class org.bouncycastle.jcajce.provider.asymmetric.RSA** { *; }
-keep,allowoptimization class org.bouncycastle.jcajce.provider.digest.SHA1** { *; }
-dontwarn javax.naming.**
-
 # Snet
 -keepclassmembers class com.topjohnwu.magisk.utils.ISafetyNetHelper { *; }
 -keep,allowobfuscation interface com.topjohnwu.magisk.utils.ISafetyNetHelper$Callback
@ -40,12 +34,6 @@
 # BootSigner
 -keepclassmembers class com.topjohnwu.signing.BootSigner { *; }

-# SVG
-dontwarn com.caverock.androidsvg.SVGAndroidRenderer
-
-# RetroStreams
-dontwarn java9.**
-
 # Strip logging
 -assumenosideeffects class com.topjohnwu.magisk.utils.Logger {
  public *** debug(...);
--- a/signing/build.gradle
+++ b/signing/build.gradle
@ -35,6 +35,6 @@ dependencies {
    implementation fileTree(include: ['*.jar'], dir: 'libs')

    def bcVer = '1.61'
-    implementation "org.bouncycastle:bcprov-jdk15on:${bcVer}"
-    implementation "org.bouncycastle:bcpkix-jdk15on:${bcVer}"
+    api "org.bouncycastle:bcprov-jdk15on:${bcVer}"
+    api "org.bouncycastle:bcpkix-jdk15on:${bcVer}"
 }
--- a/signing/src/main/java/com/topjohnwu/signing/JarMap.java
+++ b/signing/src/main/java/com/topjohnwu/signing/JarMap.java
@ -23,7 +23,7 @@ import java.util.zip.ZipFile;
 * On the other hand, when a JarFile is provided, it simply works as a wrapper.
 * */

-public class JarMap implements Closeable, AutoCloseable {
+public class JarMap implements Closeable {

    private JarFile jarFile;
    private JarInputStream jis;
@ -119,7 +119,10 @@ public class JarMap implements Closeable, AutoCloseable {

    @Override
    public void close() throws IOException {
-        (jarFile == null ? jis : jarFile).close();
+        if (jarFile != null)
+            jarFile.close();
+        else
+            jis.close();
    }

    private static class JarMapEntry extends JarEntry {
--- a/signing/src/main/java/com/topjohnwu/signing/SignAPK.java
+++ b/signing/src/main/java/com/topjohnwu/signing/SignAPK.java
@ -11,7 +11,6 @@ import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.CMSTypedData;
 import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
@ -60,16 +59,11 @@ public class SignAPK {
    private static final String CERT_SF_NAME = "META-INF/CERT.SF";
    private static final String CERT_SIG_NAME = "META-INF/CERT.%s";

-    private static Provider sBouncyCastleProvider;
+    private static Provider sBouncyCastleProvider = Security.getProvider("BC");
    // bitmasks for which hash algorithms we need the manifest to include.
    private static final int USE_SHA1 = 1;
    private static final int USE_SHA256 = 2;

-    static {
-        sBouncyCastleProvider = new BouncyCastleProvider();
-        Security.insertProviderAt(sBouncyCastleProvider, 1);
-    }
-
    public static void sign(JarMap input, OutputStream output) throws Exception {
        sign(SignAPK.class.getResourceAsStream("/keys/testkey.x509.pem"),
             SignAPK.class.getResourceAsStream("/keys/testkey.pk8"), input, output);
--- a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java
+++ b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java
@ -12,7 +12,6 @@ import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERPrintableString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;

 import java.io.ByteArrayInputStream;
 import java.io.FilterInputStream;
@ -23,7 +22,6 @@ import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.Security;
 import java.security.Signature;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateFactory;
@ -32,10 +30,6 @@ import java.util.Arrays;

 public class SignBoot {

-    static {
-        Security.addProvider(new BouncyCastleProvider());
-    }
-
    private static class PushBackRWStream extends FilterInputStream {
        private OutputStream out;
        private int pos = 0;
--- a/signing/src/main/java/com/topjohnwu/signing/ZipSigner.java
+++ b/signing/src/main/java/com/topjohnwu/signing/ZipSigner.java
@ -1,9 +1,12 @@
 package com.topjohnwu.signing;

+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.security.Security;

 public class ZipSigner {

@ -22,6 +25,8 @@ public class ZipSigner {
        if (args.length != 2 && args.length != 4 && args.length != 6)
            usage();

+        Security.insertProviderAt(new BouncyCastleProvider(), 1);
+
        try (JarMap in = new JarMap(args[args.length - 2], false);
             OutputStream out = new FileOutputStream(args[args.length - 1])) {
            if (args.length == 2) {