7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done

Reviewed-by: xuelei, wetmore

jdk/src/share/classes/sun/security/pkcs/PKCS7.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -72,16 +72,19 @@ public class PKCS7 {
 
     /*
      * Random number generator for creating nonce values
+     * (Lazy initialization)
      */
-    private static final SecureRandom RANDOM;
+    private static class SecureRandomHolder {
-    static {
+        static final SecureRandom RANDOM;
-        SecureRandom tmp = null;
+        static {
-        try {
+            SecureRandom tmp = null;
-            tmp = SecureRandom.getInstance("SHA1PRNG");
+            try {
-        } catch (NoSuchAlgorithmException e) {
+                tmp = SecureRandom.getInstance("SHA1PRNG");
-            // should not happen
+            } catch (NoSuchAlgorithmException e) {
+                // should not happen
+            }
+            RANDOM = tmp;
         }
-        RANDOM = tmp;
     }
 
     /*
@@ -862,8 +865,8 @@ public class PKCS7 {
 
         // Generate a nonce
         BigInteger nonce = null;
-        if (RANDOM != null) {
+        if (SecureRandomHolder.RANDOM != null) {
-            nonce = new BigInteger(64, RANDOM);
+            nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
             tsQuery.setNonce(nonce);
         }
         tsQuery.requestCertificate(true);