7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done
Reviewed-by: xuelei, wetmore
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Thu Feb 02 15:37:22 2012 -0800
+++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Mon Feb 13 14:26:25 2012 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -72,16 +72,19 @@
/*
* Random number generator for creating nonce values
+ * (Lazy initialization)
*/
- private static final SecureRandom RANDOM;
- static {
- SecureRandom tmp = null;
- try {
- tmp = SecureRandom.getInstance("SHA1PRNG");
- } catch (NoSuchAlgorithmException e) {
- // should not happen
+ private static class SecureRandomHolder {
+ static final SecureRandom RANDOM;
+ static {
+ SecureRandom tmp = null;
+ try {
+ tmp = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ // should not happen
+ }
+ RANDOM = tmp;
}
- RANDOM = tmp;
}
/*
@@ -862,8 +865,8 @@
// Generate a nonce
BigInteger nonce = null;
- if (RANDOM != null) {
- nonce = new BigInteger(64, RANDOM);
+ if (SecureRandomHolder.RANDOM != null) {
+ nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
tsQuery.setNonce(nonce);
}
tsQuery.requestCertificate(true);