Getting H2 connection from SSLFactory.
Hello H2 "experts".
I'm not so deep in the whole SSL/TLS layer technique.
I have the following problem.
- We are using a commercial application, Jboss in the background. So we
don't want change a lot within the product configuration itself, due to
support reasons.
- The product is offering a scripting interface. So you can add a source
code script (Groovy or Java) into the product. The product is compiling in
background and calling the script in some situations.
- The script must implement an Interface. We must implement methods "init",
"destroy" and "process".
- So "init" can be used to connect to H2 database and "destroy" to close
the connection.
- We want communicate with SSL/TLS to the H2 server (a remote host).
- When I use direct url jdbc:h2:ssl://<remote server>>:<remote
port>/<dbname>, I'm getting a "PKIX path building failed" problems.
- Same/similar code in a standalone java client is working, when I change
for example the SSL settings. Either adding a "open" TrustManager or
dealing with truststore keystore. I can connect. Or setting e.g
-Djavax.net.ssl.trustStore to my truststore, it works
- Same code in the product is also working, so I can connect to the
database.
- BUT:
- my SSL/TLS manipulation in the java stack is changing the SSL layer also
for the rest of the product, so some components getting trouble.
- Remark: again this is a script embedded in the application itself. This
is not similar to have another container running within the same Jboss
(like a .war file). So the script can more or less directly influence the
product.
- I'm try to manipulate the TrustManagers, adding my object. So I can
within "init" establish a connection to H2. I also restore the old
SSLContext, when I have an open connection to DB. So after restoring the
SSLContext to old value,
I assumed the product is not impacted, but I still see some errors.
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new
java.security.SecureRandom());
SSLContext.setDefault(sslContext);
Restore is done by SSLContext.setDefault(oldSslContext).
- I found some hint in the internet, e.g Postgres can create a secure
connection to a db, using a CustomSSLSocketFactory. Examples are:
DriverManager.getConnection(url, props); where Properties props has a
key/value like "sslFactory" & full qualified Class Name of the
CustomSSLFactory, extends SSLSocketFactory
https://jdbc.postgresql.org/documentation/head/connect.html
https://jdbc.postgresql.org/documentation/head/ssl-factory.html
Do we also have such logic for H2 DB?
My hope is, I can offer a CustomSSLSocketFactory, where I can do my own
TrustManager settings (either "open" or using certificate from a
truststore/keystore).
So H2 connection is created in a "isolated" environment.
Thanks in advance
Uwe
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/h2-database/087ff797-a45e-497c-8682-b05a7a597e6fn%40googlegroups.com.
