Rule request: AvoidRecreatingSecurityProviders

Question

Rule request: AvoidRecreatingSecurityProviders

Closed this issue a year ago · 1 comments

The following takes substantial time because of class loading for the algorithms and when called often, becoming really bad with many threads because of lock contention:

private Cipher initBlowfish(int mode) throws GeneralSecurityException {
        Security.addProvider(new BouncyCastleProvider());
        // build a Cipher
    }

Solved:

private Cipher initBlowfish(int mode) throws GeneralSecurityException {
    Provider bouncyCastleProvider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
    if (bouncyCastleProvider == null) {
        bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
    }
   // build a Cipher

Answer 1 · 2023-10-18T15:23:29.000Z

Bad when a class implementing java.security.Provider is constructed in an ordinary method and not inside an if-block. If test should be (Provider instance == null)