From 8e028e6507ac3e112a3503aaf500eb07f69026bf Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Fri, 13 Nov 2015 17:36:45 -0800
Subject: [PATCH] Insert Android Keystore JCA Provider at the correct position.

Security.insertProviderAt uses 1-based positions whereas the
AndroidKeyStoreProvider.install code was incorrectly passing in
0-based positions, thus installing the AndroidKeyStoreBCWorkaround
provider one level higher than intended. This change fixes the issue
in AndroidKeyStoreProvider.

Bug: 25399691
Change-Id: I4a66bf37c0d151edb9a2349db9d91939064c0574
---
 .../security/keystore/AndroidKeyStoreProvider.java  | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
index ba39ba70f4d3b..85cb4dfb095ae 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
@@ -97,20 +97,21 @@ public class AndroidKeyStoreProvider extends Provider {
      */
     public static void install() {
         Provider[] providers = Security.getProviders();
-        int bcProviderPosition = -1;
-        for (int position = 0; position < providers.length; position++) {
-            Provider provider = providers[position];
+        int bcProviderIndex = -1;
+        for (int i = 0; i < providers.length; i++) {
+            Provider provider = providers[i];
             if ("BC".equals(provider.getName())) {
-                bcProviderPosition = position;
+                bcProviderIndex = i;
                 break;
             }
         }
 
         Security.addProvider(new AndroidKeyStoreProvider());
         Provider workaroundProvider = new AndroidKeyStoreBCWorkaroundProvider();
-        if (bcProviderPosition != -1) {
+        if (bcProviderIndex != -1) {
             // Bouncy Castle provider found -- install the workaround provider above it.
-            Security.insertProviderAt(workaroundProvider, bcProviderPosition);
+            // insertProviderAt uses 1-based positions.
+            Security.insertProviderAt(workaroundProvider, bcProviderIndex + 1);
         } else {
             // Bouncy Castle provider not found -- install the workaround provider at lowest
             // priority.