7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done
authorvinnie
Mon, 13 Feb 2012 14:26:25 +0000
changeset 11842 c2259ebc75e1
parent 11822 475ac0b35c06
child 11843 95aeecf515eb
7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done Reviewed-by: xuelei, wetmore
jdk/src/share/classes/sun/security/pkcs/PKCS7.java
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java	Thu Feb 02 15:37:22 2012 -0800
+++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java	Mon Feb 13 14:26:25 2012 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -72,16 +72,19 @@
 
     /*
      * Random number generator for creating nonce values
+     * (Lazy initialization)
      */
-    private static final SecureRandom RANDOM;
-    static {
-        SecureRandom tmp = null;
-        try {
-            tmp = SecureRandom.getInstance("SHA1PRNG");
-        } catch (NoSuchAlgorithmException e) {
-            // should not happen
+    private static class SecureRandomHolder {
+        static final SecureRandom RANDOM;
+        static {
+            SecureRandom tmp = null;
+            try {
+                tmp = SecureRandom.getInstance("SHA1PRNG");
+            } catch (NoSuchAlgorithmException e) {
+                // should not happen
+            }
+            RANDOM = tmp;
         }
-        RANDOM = tmp;
     }
 
     /*
@@ -862,8 +865,8 @@
 
         // Generate a nonce
         BigInteger nonce = null;
-        if (RANDOM != null) {
-            nonce = new BigInteger(64, RANDOM);
+        if (SecureRandomHolder.RANDOM != null) {
+            nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
             tsQuery.setNonce(nonce);
         }
         tsQuery.requestCertificate(true);