We should investigate how much performance improvement can be gained by creating Certificates without parsing them; in other words instantiating them with a byte array and not parsing the certificate data, extensions, etc.

This fast instantiation of certificates should not always be performed, but may be valuable for the case when the security dialog has already been accepted and the certificates have already been validated but are still needed from the deployment cache for running cached signed applications/jars. In this case the certificates are needed to properly construct the CodeSource and ProtectionDomain that the classes will be bound to. However, these certificates are just used for byte-array comparisons, and normally none of the other information is needed, thus I think there should be no need to fully parse them.