CORDA-3758: Ensure that providerMap is immutable, at the very least. (#6209)

core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt

@@ -15,8 +15,10 @@ import org.bouncycastle.jcajce.provider.asymmetric.ec.AlgorithmParametersSpi
 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter
 import org.bouncycastle.jce.provider.BouncyCastleProvider
 import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider
+import java.security.Provider
 import java.security.SecureRandom
 import java.security.Security
+import java.util.Collections.unmodifiableMap
 
 val cordaSecurityProvider = CordaSecurityProvider().also {
     // Among the others, we should register [CordaSecurityProvider] as the first provider, to ensure that when invoking [SecureRandom()]
@@ -52,8 +54,11 @@ val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply {
 // This map is required to defend against users that forcibly call Security.addProvider / Security.removeProvider
 // that could cause unexpected and suspicious behaviour.
 // i.e. if someone removes a Provider and then he/she adds a new one with the same name.
-// The val is private to avoid any harmful state changes.
-val providerMap = listOf(cordaBouncyCastleProvider, cordaSecurityProvider, bouncyCastlePQCProvider).map { it.name to it }.toMap()
+// The val is immutable to avoid any harmful state changes.
+internal val providerMap: Map<String, Provider> = unmodifiableMap(
+    listOf(cordaBouncyCastleProvider, cordaSecurityProvider, bouncyCastlePQCProvider)
+        .associateByTo(LinkedHashMap(), Provider::getName)
+)
 
 @DeleteForDJVM
 fun platformSecureRandomFactory(): SecureRandom = platformSecureRandom() // To minimise diff of CryptoUtils against open-source.