diff --git a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt index 0523b00cba..d065aa30e1 100644 --- a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt +++ b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt @@ -15,8 +15,10 @@ import org.bouncycastle.jcajce.provider.asymmetric.ec.AlgorithmParametersSpi import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter import org.bouncycastle.jce.provider.BouncyCastleProvider import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider +import java.security.Provider import java.security.SecureRandom import java.security.Security +import java.util.Collections.unmodifiableMap val cordaSecurityProvider = CordaSecurityProvider().also { // Among the others, we should register [CordaSecurityProvider] as the first provider, to ensure that when invoking [SecureRandom()] @@ -52,8 +54,11 @@ val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply { // This map is required to defend against users that forcibly call Security.addProvider / Security.removeProvider // that could cause unexpected and suspicious behaviour. // i.e. if someone removes a Provider and then he/she adds a new one with the same name. -// The val is private to avoid any harmful state changes. -val providerMap = listOf(cordaBouncyCastleProvider, cordaSecurityProvider, bouncyCastlePQCProvider).map { it.name to it }.toMap() +// The val is immutable to avoid any harmful state changes. +internal val providerMap: Map = unmodifiableMap( + listOf(cordaBouncyCastleProvider, cordaSecurityProvider, bouncyCastlePQCProvider) + .associateByTo(LinkedHashMap(), Provider::getName) +) @DeleteForDJVM fun platformSecureRandomFactory(): SecureRandom = platformSecureRandom() // To minimise diff of CryptoUtils against open-source.