Getting H2 connection from SSLFactory.
Hello H2 "experts".
I'm not so deep in the whole SSL/TLS layer technique.
I have the following problem.
- We are using a commercial application, Jboss in the background. So we
don't want change a lot within the product configuration itself, due to
support reasons.
- The product is offering a scripting interface. So you can add a source
code script (Groovy or Java) into the product. The product is compiling in
background and calling the script in some situations.
- The script must implement an Interface. We must implement methods "init",
"destroy" and "process".
- So "init" can be used to connect to H2 database and "destroy" to close
the connection.
- We want communicate with SSL/TLS to the H2 server (a remote host).
- When I use direct url jdbc:h2:ssl://<remote server>>:<remote
port>/<dbname>, I'm getting a "PKIX path building failed" problems.
- Same/similar code in a standalone java client is working, when I change
for example the SSL settings. Either adding a "open" TrustManager or
dealing with truststore keystore. I can connect. Or setting e.g
-Djavax.net.ssl.trustStore to my truststore, it works
- Same code in the product is also working, so I can connect to the
database.
- BUT:
- my SSL/TLS manipulation in the java stack is changing the SSL layer also
for the rest of the product, so some components getting trouble.
- Remark: again this is a script embedded in the application itself. This
is not similar to have another container running within the same Jboss
(like a .war file). So the script can more or less directly influence the
product.
- I'm try to manipulate the TrustManagers, adding my object. So I can
within "init" establish a connection to H2. I also restore the old
SSLContext, when I have an open connection to DB. So after restoring the
SSLContext to old value,
I assumed the product is not impacted, but I still see some errors.
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new
java.security.SecureRandom());
SSLContext.setDefault(sslContext);
Restore is done by SSLContext.setDefault(oldSslContext).
- I found some hint in the internet, e.g Postgres can create a secure
connection to a db, using a CustomSSLSocketFactory. Examples are:
DriverManager.getConnection(url, props); where Properties props has a
key/value like "sslFactory" & full qualified Class Name of the
CustomSSLFactory, extends SSLSocketFactory
https://jdbc.postgresql.org/documentation/head/connect.html
https://jdbc.postgresql.org/documentation/head/ssl-factory.html
Do we also have such logic for H2 DB?
My hope is, I can offer a CustomSSLSocketFactory, where I can do my own
TrustManager settings (either "open" or using certificate from a
truststore/keystore).
So H2 connection is created in a "isolated" environment.
Thanks in advance
Uwe
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to h2-database+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/h2-database/f58f57e8-1714-48c2-b4c4-39227cd94b17o%40googlegroups.com.
