CORDA-1337 Crypto.registerProviders (corda#2962)

CORDA-1337 Crypto.registerProviders + add BCPQC as well
Cassioy · Apr 13, 2018 · 6f69f02 · 6f69f02
1 parent 91c52af
commit 6f69f02
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
@@ -990,5 +990,17 @@ object Crypto {
         } else {
             txId
         }
-     }
+    }
+
+    /**
+     * Method to force registering all [Crypto]-related cryptography [Provider]s.
+     * It is recommended that it is invoked first thing on `main` functions, so the [Provider]s are in place before any
+     * cryptographic operation is requested outside [Crypto] (i.e., SecureRandom, KeyStore, cert-path validation,
+     * CRL & CSR checks etc.).
+     */
+    // TODO: perform all cryptographic operations via Crypto.
+    @JvmStatic
+    fun registerProviders() {
+        providerMap
+    }
 }
diff --git a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
@@ -37,6 +37,8 @@ internal val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
 }
 internal val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply {
     require(name == "BCPQC") // The constant it comes from is not final.
+}.also {
+    Security.addProvider(it)
 }
 // This map is required to defend against users that forcibly call Security.addProvider / Security.removeProvider
 // that could cause unexpected and suspicious behaviour.

diff --git a/node/src/main/kotlin/net/corda/node/Corda.kt b/node/src/main/kotlin/net/corda/node/Corda.kt
@@ -9,7 +9,9 @@ import net.corda.node.internal.NodeStartup
 import kotlin.system.exitProcess
 
 fun main(args: Array<String>) {
-    Crypto.findProvider(CordaSecurityProvider.PROVIDER_NAME) // Install our SecureRandom before e.g. UUID asks for one.
+    // Register all cryptography [Provider]s first thing on boot.
+    // Required to install our [SecureRandom] before e.g., UUID asks for one.
+    Crypto.registerProviders()
     // Pass the arguments to the Node factory. In the Enterprise edition, this line is modified to point to a subclass.
     // It will exit the process in case of startup failure and is not intended to be used by embedders. If you want
     // to embed Node in your own container, instantiate it directly and set up the configuration objects yourself.