Skip to content

Improve ECFSSLContextFactory.getInstance0(String,String) #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
merks wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Improve ECFSSLContextFactory.getInstance0(String,String) #231

merks wants to merge 1 commit into from

Conversation

@merks
Copy link
Contributor

@merks merks commented Nov 12, 2025

  • Modify the behavior so that getInstance0 returns the SSLContext.getDefault() instance if that instance is the one for the specified protocol and for the specified named provider.

eclipse-platform/eclipse.platform#1690

@merks
Improve ECFSSLContextFactory.getInstance0(String,String)
47be416 
- Modify the behavior so that getInstance0 returns the
SSLContext.getDefault() instance if that instance is the one for the
specified protocol and for the specified named provider.

eclipse-platform/eclipse.platform#1690
@eclipse-ecf-bot
Copy link

eclipse-ecf-bot commented Nov 12, 2025

Can one of the admins verify this patch?

@sratz
Copy link
Contributor

sratz commented Nov 12, 2025
edited
Loading

I think this is not exactly the right solution.

There is a distinction between

  • SSLContext.getDefault() which guarantees the returned context to be initialized.
  • SSLContext.getInstance(String[, ...]) which makes no guarantee (*) that the context is initialized

org.eclipse.ecf.core.security.SSLContextFactory wraps this behavior (as a delayed, lazy-loading delegate) in its equivalent API methods.

So the call path
org.eclipse.ecf.core.security.SSLContextFactory.getDefault()
should always just return the default.
The implementation should not delegate to
org.eclipse.ecf.core.security.ECFSSLContextFactory.getInstance0(String, String)
at all.

With eclipse-platform/eclipse.platform#1690 we uncover this discrepancy, because the guarantee (*) above is undefined:

  • If nonce calls SSLContext.setDefault(SSLContext), then we are lucky, and all methods
    SSLContext.getDefault(), SSLContext.getInstance(String[, ...])
    do return the internal 'default default' context, and all of them are initialized.
  • If once calls SSLContext.setDefault(SSLContext), then
    SSLContext.getDefault()
    and
    SSLContext.getInstance(String[, ...])
    contain different internal engines.

So to sum up,

  • I think whenever you call
    SSLContext.getInstance(String[, ...])
    the caller must initialize this context and must not rely on it being initialized implicitly.
  • org.eclipse.ecf.core.security.SSLContextFactory.getDefault() should just return SSLContext.getDefault()

@sratz sratz mentioned this pull request Nov 12, 2025
Closed
2 tasks
@merks
Copy link
Contributor Author

merks commented Nov 12, 2025

So to sum up,

* I think whenever you call
  `SSLContext.getInstance(String[, ...])`
  the caller _must_ initialize this context and must not rely on it being initialized implicitly.

* `org.eclipse.ecf.core.security.SSLContextFactory.getDefault()` should just return `SSLContext.getDefault()`

I think this not always true though almost always true because I've already look at this case in the debugger. Here we see the call when the special context has not been set:

image

In this case, we see there is a call to initialize the context and it would be invalid to try to initialize that context:

image

This is probably the only case that has been tested given that initialization would seem to be expected in general.

So yes, I think generally one should expect the call creates a new context that needs to be initialized and of course in the case we have our specialized already-initialized content, we really want that to be used and not some new instance and not something initialized differently...

I only did the minimal change to ECF that works for the default case and works for our new case with no deep understanding of the intended use case for creating a new context...

@scottslewis
Copy link
Contributor

scottslewis commented Nov 12, 2025

I introduced the SSLContextFactory osgi service (currently created and configures in ECF core activation) in order to try to get ECF providers away from existing complexities and insecurities wrt SSLContext.getDefault(), SSLContext.setDefault(SSLContext), and SSLContext.getInstance().

e.g. #174

The intention was that as OSGi services are dynamic (defined at start/runtime) rather than statically defined (i.e. SSLContext.getDefault()/getInstance()/setDefault). That it could be configured dynamically in Eclipse (e.g. on startup) or any other OSGi environment.

FWIW, I had very little input or interaction with the original authors of ECFSSLContextFactory (from IBM at the time) and so can't be much help wrt how/why/use cases driving them other than support of early jvm support of https....which was just getting established.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@merks @eclipse-ecf-bot @sratz @scottslewis