Actually, although there is some conditional compilation in the ANT build
(can't build against what's not available in the JVM at run time) the
factory itself still uses dynamic loading, but it does so at the class,
rather than method level now. So, it's possible to build under any
configuration that at build time that detects jsse is available, like this:
<target name="-javajsse">
<available classname="javax.net.ssl.SSLSession"
property="ant.java.hasjsse"/>
<echo message="ant.java.hasjsse=${ant.java.hasjsse}" />
</target>
jsse has been around since JDK 1.2 (?) and because it is mostly confined to
javax (except dependence on jce, which has been around since JDK 1.1 (?), it
should be quite possible to build HsqlSocketFactorySecure for runtime use
under JDK 1.1 using third party jsse implementations, such as mentioned
below.
In HsqlSocketFactory, the method is:
public static HsqlSocketFactory getInstance(boolean tls)
throws Exception {
return tls ? getSSLImpl()
: getPlainImpl();
}
When getSSLImpl() is invoked, it calls:
private static final HsqlSocketFactory getSSLImpl() throws Exception {
synchronized (HsqlSocketFactory.class) {
if (sslImpl == null) {
sslImpl = newFactory("org.hsqldb.HsqlSocketFactorySecure");
}
}
return sslImpl;
}
which in turn calls:
private static final HsqlSocketFactory newFactory(String implClass)
throws Exception {
Class clazz;
Constructor ctor;
Class[] ctorParm;
Object[] ctorArg;
Object factory;
clazz = Class.forName(implClass);
ctorParm = new Class[0];
// protected constructor
ctor = clazz.getDeclaredConstructor(ctorParm);
ctorArg = new Object[0];
try {
factory = ctor.newInstance(ctorArg);
} catch (InvocationTargetException e) {
Throwable t = e.getTargetException();
throw (t instanceof Exception) ? ((Exception) t)
: new RuntimeException(
t.toString());
}
return (HsqlSocketFactory) factory;
}
For JDK 1.1 clients, Adam Megacz of www.xwt.org has developed TinySSL, based
on the libraries of the bouncy castle people. This can be used to handle
the client side of the solution for HSQLS protocol (uses embedded,
non-configurable list of root certs copied from Internet Explorer around
release 5), but not for HTTPS. I am not currently aware of an open
offering (indeed any non-commercial offering) that provides https previous
to JDK 1.4.x.
At some point, it was intened to provide the ability for people to supply in
system properties the name of an alternate HsqlSocketFactory implementation
(with TinySSL being the default), in the case that it was not possible to
instantiate the default HsqlSocketFactorySecure at runtime in response to
specifying true for HsqlSocketFactory getInstance(boolean tls).
//--
Anyway, I did not really add any significant features to Blaine's original
contribution, especially in terms of support for HTTPS where it is not
available by default from the underlying JVM. So, as per Blaine's original
notes on the matter, running an HTTPS org.hsqldb.WebServer required JDK
1.4.x+ (or custom coding to the org.hsqldb.HsqlSocketFactory class to
produce implementations based on some third party library), because JDK
1.4.x+ is the first JDK release to come with https support built in.
Hope that helps clarify.
Campbell
----- Original Message -----
From: "Blaine Simpson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: 16 May, 2004 11:51 AM
Subject: [Hsqldb-developers] TLS support
> I think that when I added TLS support, I just added it for Server, not
> WebServer. But I
> think Campbell redesigned it to use conditional compilation in
> preference to dynamic
> loading. My question to Campbell or anybody else who may know, is, is
> TLS still
> supported only for Server? I'm updating the docs and don't have time to
> try things out myself.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: SourceForge.net Broadband
> Sign-up now for SourceForge Broadband and get the fastest
> 6.0/768 connection for only $19.95/mo for the first 3 months!
> http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> _______________________________________________
> hsqldb-developers mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/hsqldb-developers
>
-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
hsqldb-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/hsqldb-developers
