db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From be...@apache.org
Subject svn commit: r511785 - in /db/derby/code/trunk/java: client/org/apache/derby/client/am/ client/org/apache/derby/client/net/ client/org/apache/derby/jdbc/ drda/org/apache/derby/impl/drda/ engine/org/apache/derby/iapi/reference/
Date Mon, 26 Feb 2007 11:20:15 GMT
Author: bernt
Date: Mon Feb 26 03:20:10 2007
New Revision: 511785

URL: http://svn.apache.org/viewvc?view=rev&rev=511785
Log:
DERBY-2356 Make SSL server authentication optional (submitted by Bernt M. Johnsen)

Added:
    db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java   (with
props)
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java   (with
props)
Modified:
    db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java
    db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java
    db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java
    db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
    db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java

Modified: db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java?view=diff&rev=511785&r1=511784&r2=511785
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java Mon Feb 26
03:20:10 2007
@@ -136,7 +136,7 @@
     public org.apache.derby.jdbc.ClientBaseDataSource dataSource_;
     public String serverNameIP_;
     public int portNumber_;
-    public boolean useSSL_ = false;
+    public int clientSSLMode_ = org.apache.derby.jdbc.ClientBaseDataSource.SSL_OFF;
 
     public java.util.Hashtable clientCursorNameCache_ = new java.util.Hashtable();
     public boolean canUseCachedConnectBytes_ = false;
@@ -199,7 +199,7 @@
                 loginTimeout_,
                 serverNameIP_,
                 portNumber_,
-                false /*TODO: SSL & Datasource*/);
+                0 /*TODO: SSL & Datasource*/);
     }
 
     // For jdbc 2 connections
@@ -228,7 +228,7 @@
                 loginTimeout_,
                 serverNameIP_,
                 portNumber_,
-                false /*TODO: SSL & Datasource*/);
+                0 /*TODO: SSL & Datasource*/);
     }
 
     // This is a callback method, called by subsystem - NetConnection
@@ -321,13 +321,13 @@
         loginTimeout_ = driverManagerLoginTimeout;
         serverNameIP_ = serverName;
         portNumber_ = portNumber;
-        useSSL_ = ClientDataSource.getSsl(properties);
+        clientSSLMode_ = ClientDataSource.getClientSSLMode(properties);
 
         agent_ = newAgent_(logWriter,
                 loginTimeout_,
                 serverNameIP_,
                 portNumber_,
-                useSSL_);
+                clientSSLMode_);
     }
 
     // Users are advised to call the method close() on Statement and Connection objects when
they are done with them.
@@ -1751,7 +1751,7 @@
                                                      String databaseName);
     //--------------------Abstract material factory methods-----------------
 
-    protected abstract Agent newAgent_(LogWriter logWriter, int loginTimeout, String serverName,
int portNumber, boolean useSSL) throws SqlException;
+    protected abstract Agent newAgent_(LogWriter logWriter, int loginTimeout, String serverName,
int portNumber, int clientSSLMode) throws SqlException;
 
 
     protected abstract DatabaseMetaData newDatabaseMetaData_();

Added: db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java?view=auto&rev=511785
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java (added)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java Mon
Feb 26 03:20:10 2007
@@ -0,0 +1,106 @@
+/*
+
+   Derby - Class org.apache.derby.client.net.NaiveTrustManager
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+*/
+
+package org.apache.derby.client.net;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateException;
+
+/**
+ * This is a naive trust manager we use when we don't want server
+ * authentication. Any certificate will be accepted. 
+ **/
+public class NaiveTrustManager
+    implements X509TrustManager
+{
+
+    /**
+     * We don't want more than one instence of this TrustManager
+     */
+    private NaiveTrustManager()
+    {
+    }
+
+    static private TrustManager[] thisManager = null;
+
+    /** 
+     * Generate a socket factory with this trust manager. Derby
+     * Utility routine which is not part of the X509TrustManager
+     * interface.
+     **/
+    public static SocketFactory getSocketFactory()
+        throws java.security.NoSuchAlgorithmException,
+               java.security.KeyManagementException
+    {
+        if (thisManager == null) {
+            thisManager = new TrustManager [] {new NaiveTrustManager()};
+        }
+        
+        SSLContext ctx = SSLContext.getInstance("SSL");
+        ctx.init(null, // Use default key manager
+                 thisManager,
+                 null); // Use default random source
+        return ctx.getSocketFactory();
+    }
+    
+    /** 
+     * Checks wether the we trust the client. Since this trust manager
+     * is just for the Derby clients, this routine is actually never
+     * called, but need to be here when we implement X509TrustManager.
+     * @param chain The client's certificate chain
+     * @param authType authorization type (e.g. "RSA" or "DHE_DSS")
+     **/
+    public void checkClientTrusted(X509Certificate[] chain, 
+                                   String authType)
+        throws CertificateException
+    {
+        // Reject all attemtpts to truts a client. We should never end
+        // up here.
+        throw new CertificateException();
+    }
+    
+    /** 
+     * Checks wether the we trust the server, which we allways will.
+     * @param chain The server's certificate chain
+     * @param authType authorization type (e.g. "RSA" or "DHE_DSS")
+     **/
+    public void checkServerTrusted(X509Certificate[] chain, 
+                                   String authType)
+        throws CertificateException
+    {
+        // Do nothing. We trust everyone.
+    }
+    
+    /**
+     * Return an array of certificate authority certificates which are
+     * trusted for authenticating peers. Not relevant for this trust
+     * manager.
+     */
+    public X509Certificate[] getAcceptedIssuers()
+    {
+        return new X509Certificate[0];
+    }
+    
+}

Propchange: db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java?view=diff&rev=511785&r1=511784&r2=511785
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java Mon Feb 26 03:20:10
2007
@@ -82,7 +82,7 @@
 
     String server_;
     int port_;
-    boolean useSSL_;
+    int clientSSLMode_;
 
     public CcsidManager sourceCcsidManager_;
     public CcsidManager targetCcsidManager_;
@@ -109,13 +109,13 @@
              int loginTimeout,
              String server,
              int port,
-             boolean useSSL) throws SqlException {
+             int clientSSLMode) throws SqlException {
         super(netConnection, netLogWriter);
 
         server_ = server;
         port_ = port;
         netConnection_ = netConnection;
-        useSSL_ = useSSL;
+        clientSSLMode_ = clientSSLMode;
 
         if (server_ == null) {
             throw new DisconnectException(this, 
@@ -124,7 +124,7 @@
         }
 
         try {
-            socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new OpenSocketAction(server,
port, useSSL_));
+            socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new OpenSocketAction(server,
port, clientSSLMode_));
         } catch (java.security.PrivilegedActionException e) {
             throw new DisconnectException(this,
                 new ClientMessageId(SQLState.CONNECT_UNABLE_TO_CONNECT_TO_SERVER),

Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java?view=diff&rev=511785&r1=511784&r2=511785
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java Mon Feb
26 03:20:10 2007
@@ -1081,14 +1081,14 @@
 
     //-------------------Abstract object factories--------------------------------
 
-    protected org.apache.derby.client.am.Agent newAgent_(org.apache.derby.client.am.LogWriter
logWriter, int loginTimeout, String serverName, int portNumber, boolean useSSL)
+    protected org.apache.derby.client.am.Agent newAgent_(org.apache.derby.client.am.LogWriter
logWriter, int loginTimeout, String serverName, int portNumber, int clientSSLMode)
             throws SqlException {
         return new NetAgent(this,
                 (NetLogWriter) logWriter,
                 loginTimeout,
                 serverName,
                 portNumber,
-                useSSL);
+                clientSSLMode);
     }
 
 
@@ -1653,9 +1653,9 @@
         return new org.apache.derby.client.am.SectionManager(collection, agent, databaseName);
     }
 
-    protected int getSocketAndInputOutputStreams(String server, int port, boolean useSSL)
{
+    protected int getSocketAndInputOutputStreams(String server, int port, int clientSSLMode)
{
         try {
-            netAgent_.socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new
OpenSocketAction(server, port, useSSL));
+            netAgent_.socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new
OpenSocketAction(server, port, clientSSLMode));
         } catch (java.security.PrivilegedActionException e) {
             Exception openSocketException = e.getException();
             if (netAgent_.loggingEnabled()) {

Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java?view=diff&rev=511785&r1=511784&r2=511785
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java Mon
Feb 26 03:20:10 2007
@@ -22,31 +22,44 @@
 package org.apache.derby.client.net;
 
 import javax.net.SocketFactory;
-import javax.net.ServerSocketFactory;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
 
 public class OpenSocketAction implements java.security.PrivilegedExceptionAction {
     private String server_;
     private int port_;
-    private boolean useSSL_;
+    private int clientSSLMode_;
 
-    public OpenSocketAction(String server, int port, boolean useSSL) {
+    public OpenSocketAction(String server, int port, int clientSSLMode) {
         server_ = server;
         port_ = port;
-        useSSL_ = useSSL;
+        clientSSLMode_ = clientSSLMode;
     }
 
     public Object run() 
         throws java.net.UnknownHostException, 
-               java.io.IOException {
-
+               java.io.IOException,
+               java.security.NoSuchAlgorithmException,
+               java.security.KeyManagementException {
+        
         SocketFactory sf;
-        if (useSSL_) {
-            sf = SSLSocketFactory.getDefault();
-        } else {
+        switch (clientSSLMode_) {
+        case org.apache.derby.jdbc.ClientBaseDataSource.SSL_BASIC:
+            sf = NaiveTrustManager.getSocketFactory();
+            break;
+        case org.apache.derby.jdbc.ClientBaseDataSource.SSL_PEER_AUTHENTICATION:
+            sf = (SocketFactory)SSLSocketFactory.getDefault();
+            break;
+        case org.apache.derby.jdbc.ClientBaseDataSource.SSL_OFF:
+            sf = SocketFactory.getDefault();
+            break;
+        default: 
+            // Assumes cleartext for undefined values
             sf = SocketFactory.getDefault();
+            break;
         }
         return sf.createSocket(server_, port_);
     }
+
 }

Modified: db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java?view=diff&rev=511785&r1=511784&r2=511785
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java Mon Feb
26 03:20:10 2007
@@ -172,9 +172,28 @@
 
     //---------------------- client SSL ----------------
 
-    public static final boolean getSsl(Properties properties)
+    public final static int SSL_OFF = 0;
+    public final static int SSL_BASIC = 1;
+    public final static int SSL_PEER_AUTHENTICATION = 2;
+    
+    public static final int getClientSSLMode(Properties properties)
     {
-        return Boolean.valueOf(properties.getProperty(Attribute.SSL_ATTR)).booleanValue();
+        String s = properties.getProperty(Attribute.SSL_ATTR);
+		if (s != null){
+			if (s.equalsIgnoreCase("off")) {
+				return SSL_OFF;
+            } else if (s.equalsIgnoreCase("basic")) {
+				return SSL_BASIC;
+			} else if (s.equalsIgnoreCase("peerAuthentication")) {
+				return SSL_PEER_AUTHENTICATION;
+			} else {
+				// Default
+				return SSL_OFF;
+			}
+		} else {
+			// Default
+			return SSL_OFF;
+		}
     }
 
     // ---------------------------- user -----------------------------------
@@ -879,7 +898,7 @@
     public final static int TRACE_ALL = 0xFFFFFFFF;
 
     public final static int propertyDefault_traceLevel = TRACE_ALL;
-    
+
     protected int traceLevel = propertyDefault_traceLevel;
 
     /**

Added: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java?view=auto&rev=511785
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java (added)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java Mon Feb
26 03:20:10 2007
@@ -0,0 +1,106 @@
+/*
+
+   Derby - Class org.apache.derby.impl.drda.NaiveTrustManager
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+*/
+
+package org.apache.derby.impl.drda;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateException;
+
+/**
+ * This is a naive trust manager we use when we don't want server
+ * authentication. Any certificate will be accepted. 
+ **/
+public class NaiveTrustManager
+    implements X509TrustManager
+{
+    
+    /**
+     * We don't want more than one instence of this TrustManager
+     */
+    private NaiveTrustManager()
+    {
+    }
+
+    static private TrustManager[] thisManager = null;
+
+    /** 
+     * Generate a socket factory with this trust manager. Derby
+     * Utility routine which is not part of the X509TrustManager
+     * interface.
+     **/
+    public static SocketFactory getSocketFactory()
+        throws java.security.NoSuchAlgorithmException,
+               java.security.KeyManagementException
+    {
+        if (thisManager == null) {
+            thisManager = new TrustManager [] {new NaiveTrustManager()};
+        }
+        
+        SSLContext ctx = SSLContext.getInstance("SSL");
+        ctx.init(null, // Use default key manager
+                 thisManager,
+                 null); // Use default random source
+        return ctx.getSocketFactory();
+    }
+    
+    /** 
+     * Checks wether the we trust the client. Since this trust manager
+     * is just for the Derby clients, this routine is actually never
+     * called, but need to be here when we implement X509TrustManager.
+     * @param chain The client's certificate chain
+     * @param authType authorization type (e.g. "RSA" or "DHE_DSS")
+     **/
+    public void checkClientTrusted(X509Certificate[] chain, 
+                                   String authType)
+        throws CertificateException
+    {
+        // Reject all attemtpts to truts a client. We should never end
+        // up here.
+        throw new CertificateException();
+    }
+    
+    /** 
+     * Checks wether the we trust the server, which we allways will.
+     * @param chain The server's certificate chain
+     * @param authType authorization type (e.g. "RSA" or "DHE_DSS")
+     **/
+    public void checkServerTrusted(X509Certificate[] chain, 
+                                   String authType)
+        throws CertificateException
+    {
+        // Do nothing. We trust everyone.
+    }
+    
+    /**
+     * Return an array of certificate authority certificates which are
+     * trusted for authenticating peers. Not relevant for this trust
+     * manager.
+     */
+    public X509Certificate[] getAcceptedIssuers()
+    {
+        return new X509Certificate[0];
+    }
+    
+}

Propchange: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?view=diff&rev=511785&r1=511784&r2=511785
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
(original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Mon Feb 26 03:20:10 2007
@@ -306,8 +306,8 @@
 
 	// SSL related stuff
 	private static final int SSL_OFF = 0;
-	private static final int SSL_ON = 1;
-	private static final int SSL_CLIENT_AUTH = 2;
+	private static final int SSL_BASIC = 1;
+	private static final int SSL_PEER_AUTHENTICATION = 2;
 
 	private int sslMode = SSL_OFF;
 
@@ -602,20 +602,21 @@
 			return sf.createServerSocket(portNumber
 										 ,0,
 										 hostAddress);
-		case SSL_ON:
+		case SSL_BASIC:
 			SSLServerSocketFactory ssf =
 				(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
-			return ssf.createServerSocket(portNumber
-										  ,0,
-										  hostAddress);
-		case SSL_CLIENT_AUTH:
+			return (SSLServerSocket)ssf.createServerSocket(portNumber,
+														   0,
+														   hostAddress);
+		case SSL_PEER_AUTHENTICATION:
 			SSLServerSocketFactory ssf2 =
 				(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
-			SSLServerSocket sss= (SSLServerSocket)ssf2.createServerSocket(portNumber
-																		  ,0,
-																		  hostAddress);
-			sss.setNeedClientAuth(true);
-			return sss;
+			SSLServerSocket sss2= 
+				(SSLServerSocket)ssf2.createServerSocket(portNumber,
+														 0,
+														 hostAddress);
+			sss2.setNeedClientAuth(true);
+			return sss2;
 		}
 	}
 	
@@ -687,12 +688,12 @@
 				{Integer.toString(portNumber), att_srvclsnm, versionString,
 				 getFormattedTimestamp()});
 			break;
-		case SSL_ON:
+		case SSL_BASIC:
 			consolePropertyMessage("DRDA_SSLReady.I", new String [] 
 				{Integer.toString(portNumber), att_srvclsnm, versionString,
 				 getFormattedTimestamp()});
 			break;
-		case SSL_CLIENT_AUTH:
+		case SSL_PEER_AUTHENTICATION:
 			consolePropertyMessage("DRDA_SSLClientAuthReady.I", new String [] 
 				{Integer.toString(portNumber), att_srvclsnm, versionString,
 				 getFormattedTimestamp()});
@@ -2222,7 +2223,11 @@
 			clientSocket = (Socket) AccessController.doPrivileged(
 								new PrivilegedExceptionAction() {
 										
-									public Object run() throws UnknownHostException,IOException
+									public Object run() 
+										throws UnknownHostException,
+											   IOException, 
+											   java.security.NoSuchAlgorithmException,
+											   java.security.KeyManagementException
 									{
 										if (hostAddress == null)
 											hostAddress = InetAddress.getByName(hostArg);
@@ -2238,10 +2243,17 @@
 											connectAddress = hostAddress;
 
 										SocketFactory sf;
-										if (getSSLMode() > SSL_OFF) {
+										switch(getSSLMode()) {
+										case SSL_BASIC:
+											sf = NaiveTrustManager.getSocketFactory();
+											break;
+										case SSL_PEER_AUTHENTICATION:
 											sf = SSLSocketFactory.getDefault();
-										} else {
+											break;
+										case SSL_OFF:
+										default:
 											sf = SocketFactory.getDefault();
+											break;
 										}
 										return sf.createSocket(connectAddress, portNumber);
 									}
@@ -2802,9 +2814,9 @@
     
 	/**
 	 * Get the SSL-mode from a string.
-	 * @param s the SSL-mode string ("off", "on"/"true" or
-	 * "clientAuth"
-	 * @return SSL_OFF, SSL_ON or SSL_CLIENT_AUTH. Will default to
+	 * @param s the SSL-mode string ("off"/"false", "on"/"true" or
+	 * "authenticate"/"auth"
+	 * @return SSL_OFF, SSL_BASIC or SSL_PEER_AUTHENTICATION. Will default to
 	 * SSL_OFF if the input does not match one of the four listed
 	 * above.
 	 **/
@@ -2814,13 +2826,9 @@
 		if (s != null){
 			if (StringUtil.SQLEqualsIgnoreCase(s,"off")) {
 				return SSL_OFF;
-			} else if (StringUtil.SQLEqualsIgnoreCase(s,"on")) {
-				return SSL_ON;
-			} else if (StringUtil.SQLEqualsIgnoreCase(s,"true")) {
-				// "true" equivalent to "on"
-				return SSL_ON;
-			} else if (StringUtil.SQLEqualsIgnoreCase(s,"clientAuth")) {
-				return SSL_CLIENT_AUTH;
+			} else if (StringUtil.SQLEqualsIgnoreCase(s,"basic")) {
+				return SSL_BASIC;
+			} else if (StringUtil.SQLEqualsIgnoreCase(s,"peerAuthentication")) {				return SSL_PEER_AUTHENTICATION;
 			} else {
 				// Default
 				return SSL_OFF;
@@ -2834,9 +2842,10 @@
 	/**
 	 * Get the string value of the SSL-mode. This is the inverse of
 	 * getSSLModeValue.
-	 * @param i The SSL-mode value (SSL_OFF, SSL_ON or AAL_CLIENT_AUTH)
+	 * @param i The SSL-mode value (SSL_OFF, SSL_BASIC or
+	 * SSL_PEER_AUTHENTICATION)
 	 * @return The string representation ("off","on" or
-	 * "clientAuth"). Will default to SSL_OFF for other values than
+	 * "autneticate"). Will default to SSL_OFF for other values than
 	 * those listed above.
 	 */
 	
@@ -2844,12 +2853,16 @@
 	{
 		switch(i) {
 		case SSL_OFF:
-		default:
 			return "off";
-		case SSL_ON:
-			return "on";
-		case SSL_CLIENT_AUTH:
-			return "clientAuth";
+		case SSL_BASIC:
+			return "basic";
+		case SSL_PEER_AUTHENTICATION:
+			return "peerAuthentication";
+		default: 
+			// Assumes no SSL encryption for faulty values Anyway,
+			// this should not happen thince the input values are
+			// strings...
+			return "off";
 		}
 	}
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java?view=diff&rev=511785&r1=511784&r2=511785
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java Mon Feb
26 03:20:10 2007
@@ -782,8 +782,9 @@
      * <BR>
      * This property may be set to one of the following three values
      * off: No Wire encryption
-     * on:  Encryption, but no SSL client authentication
-     * clientAuth: Encryption and with SSL client authentication
+     * basic:  Encryption, but no SSL client authentication
+     * peerAuthentication: Encryption and with SSL client
+     * authentication 
      */
 
     public final static String DRDA_PROP_SSL_MODE = "derby.drda.sslMode";



Mime
View raw message