Use Static Holder

By using a static holder, we can leave method contracts as-is and still maintain the performance benefit. Issue gh-17824 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-05-22 21:33:16 +00:00 · 2026-04-06 13:15:02 -06:00
parent 7c31eb58ac
commit c21fc6c433
2 changed files with 13 additions and 20 deletions
@@ -716,12 +716,7 @@ public class BCrypt {
 	 * factor therefore increases as 2**log_rounds.
 	 * @return an encoded salt value
 	 * @exception IllegalArgumentException if prefix or log_rounds is invalid
 	 * @deprecated since 6.4 in favor of {@link #gensalt(String, int, SecureRandom)}.
 	 * Creating a new {@code SecureRandom} instance on every invocation incurs significant
 	 * performance overhead. Use {@link #gensalt(String, int, SecureRandom)} with a reusable
 	 * {@code SecureRandom} instance instead.
 	 */
 	@Deprecated(since = "6.4", forRemoval = false)
 	public static String gensalt(String prefix, int log_rounds) throws IllegalArgumentException {
 		return gensalt(prefix, log_rounds, new SecureRandom());
 	}
@@ -744,12 +739,7 @@ public class BCrypt {
 	 * factor therefore increases as 2**log_rounds.
 	 * @return an encoded salt value
 	 * @exception IllegalArgumentException if log_rounds is invalid
 	 * @deprecated since 6.4 in favor of {@link #gensalt(int, SecureRandom)}.
 	 * Creating a new {@code SecureRandom} instance on every invocation incurs significant
 	 * performance overhead. Use {@link #gensalt(int, SecureRandom)} with a reusable
 	 * {@code SecureRandom} instance instead.
 	 */
 	@Deprecated(since = "6.4", forRemoval = false)
 	public static String gensalt(int log_rounds) throws IllegalArgumentException {
 		return gensalt(log_rounds, new SecureRandom());
 	}
@@ -44,24 +44,24 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder {
 	private final BCryptVersion version;
-	private final @Nullable SecureRandom random;
+	private final SecureRandom random;
 	public BCryptPasswordEncoder() {
-		this(-1, new SecureRandom());
+		this(-1);
 	}
 	/**
 	 * @param strength the log rounds to use, between 4 and 31
 	 */
 	public BCryptPasswordEncoder(int strength) {
-		this(strength, new SecureRandom());
+		this(strength, null);
 	}
 	/**
 	 * @param version the version of bcrypt, can be 2a,2b,2y
 	 */
 	public BCryptPasswordEncoder(BCryptVersion version) {
-		this(version, new SecureRandom());
+		this(version, null);
 	}
 	/**
@@ -85,7 +85,7 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder {
 	 * @param strength the log rounds to use, between 4 and 31
 	 */
 	public BCryptPasswordEncoder(BCryptVersion version, int strength) {
-		this(version, strength, new SecureRandom());
+		this(version, strength, null);
 	}
 	/**
@@ -99,7 +99,7 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder {
 		}
 		this.version = version;
 		this.strength = (strength == -1) ? 10 : strength;
-		this.random = random;
+		this.random = (random != null) ? random : SecureRandomHolder.INSTANCE;
 	}
 	@Override
@@ -109,10 +109,7 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder {
 	}
 	private String getSalt() {
-		if (this.random != null) {
+		return BCrypt.gensalt(this.version.getVersion(), this.strength, this.random);
 			return BCrypt.gensalt(this.version.getVersion(), this.strength, this.random);
 		}
 		return BCrypt.gensalt(this.version.getVersion(), this.strength);
 	}
 	@Override
@@ -159,4 +156,10 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder {
 	}
 	private static final class SecureRandomHolder {
 		private static final SecureRandom INSTANCE = new SecureRandom();
 	}
 }