Getting H2 connection from SSLFactory.

[ula....@gmail.com]

Getting H2 connection from SSLFactory.

Hello H2 "experts".
I'm not so deep in the whole SSL/TLS layer technique.
I have the following problem.

- We are using a commercial application, Jboss in the background. So we don't want change a lot within the product configuration itself, due to support reasons.
- The product is offering a scripting interface. So you can add a source code script (Groovy or Java) into the product. The product is compiling in background and calling the script in some situations.
- The script must implement an Interface. We must implement methods "init", "destroy" and "process".
- So "init" can be used to connect to H2 database and "destroy" to close the connection.
- We want communicate with SSL/TLS to the H2 server (a remote host).
- When I use direct url jdbc:h2:ssl://<remote server>>:<remote port>/<dbname>, I'm getting a "PKIX path building failed" problems.
- Same/similar code in a standalone java client is working, when I change for example the SSL settings. Either adding a "open" TrustManager or dealing with truststore keystore. I can connect. Or setting e.g -Djavax.net.ssl.trustStore to my truststore, it works
- Same code in the product is also working, so I can connect to the database.

- BUT:
- my SSL/TLS manipulation in the java stack is changing the SSL layer also for the rest of the product, so some components getting trouble.
- Remark: again this is a script embedded in the application itself. This is not similar to have another container running within the same Jboss (like a .war file). So the script can more or less directly influence the product.
- I'm try to manipulate the TrustManagers, adding my object. So I can within "init" establish a connection to H2. I also restore the old SSLContext, when I have an open connection to DB. So after restoring the SSLContext to old value,
I assumed the product is not impacted, but I still see some errors.

        sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        SSLContext.setDefault(sslContext);

Restore is done by SSLContext.setDefault(oldSslContext).

- I found some hint in the internet, e.g Postgres can create a secure connection to a db, using a CustomSSLSocketFactory. Examples are:
  DriverManager.getConnection(url, props); where Properties props has a key/value like "sslFactory" & full qualified Class Name of the CustomSSLFactory, extends SSLSocketFactory
  https://jdbc.postgresql.org/documentation/head/connect.html
  https://jdbc.postgresql.org/documentation/head/ssl-factory.html
 
 
Do we also have such logic for H2 DB?
My hope is, I can offer a CustomSSLSocketFactory, where I can do my own TrustManager settings (either "open" or using certificate from a truststore/keystore).
So H2 connection is created in a "isolated" environment.

Thanks in advance
Uwe

[ula uvula]