7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done

Reviewed-by: xuelei, wetmore
2012-02-13 14:26:25 +00:00 · 2012-02-13 14:26:25 +00:00 · 7c7523d968
commit 7c7523d968
parent c750a3e42c
1 changed files with 14 additions and 11 deletions
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java
+++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -72,8 +72,10 @@ public class PKCS7 {

    /*
     * Random number generator for creating nonce values
+     * (Lazy initialization)
     */
-    private static final SecureRandom RANDOM;
+    private static class SecureRandomHolder {
+        static final SecureRandom RANDOM;
        static {
            SecureRandom tmp = null;
            try {
@ -83,6 +85,7 @@ public class PKCS7 {
            }
            RANDOM = tmp;
        }
+    }

    /*
     * Object identifier for the timestamping key purpose.
@ -862,8 +865,8 @@ public class PKCS7 {

        // Generate a nonce
        BigInteger nonce = null;
-        if (RANDOM != null) {
-            nonce = new BigInteger(64, RANDOM);
+        if (SecureRandomHolder.RANDOM != null) {
+            nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
            tsQuery.setNonce(nonce);
        }
        tsQuery.requestCertificate(true);