Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 54036 invoked from network); 26 Feb 2007 11:20:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 26 Feb 2007 11:20:40 -0000 Received: (qmail 38721 invoked by uid 500); 26 Feb 2007 11:20:49 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 38660 invoked by uid 500); 26 Feb 2007 11:20:49 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 38647 invoked by uid 99); 26 Feb 2007 11:20:48 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Feb 2007 03:20:48 -0800 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Feb 2007 03:20:39 -0800 Received: by eris.apache.org (Postfix, from userid 65534) id AEBFC1A981A; Mon, 26 Feb 2007 03:20:18 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r511785 - in /db/derby/code/trunk/java: client/org/apache/derby/client/am/ client/org/apache/derby/client/net/ client/org/apache/derby/jdbc/ drda/org/apache/derby/impl/drda/ engine/org/apache/derby/iapi/reference/ Date: Mon, 26 Feb 2007 11:20:15 -0000 To: derby-commits@db.apache.org From: bernt@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070226112018.AEBFC1A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: bernt Date: Mon Feb 26 03:20:10 2007 New Revision: 511785 URL: http://svn.apache.org/viewvc?view=rev&rev=511785 Log: DERBY-2356 Make SSL server authentication optional (submitted by Bernt M. Johnsen) Added: db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java (with props) db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java (with props) Modified: db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java Modified: db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java?view=diff&rev=511785&r1=511784&r2=511785 ============================================================================== --- db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java (original) +++ db/derby/code/trunk/java/client/org/apache/derby/client/am/Connection.java Mon Feb 26 03:20:10 2007 @@ -136,7 +136,7 @@ public org.apache.derby.jdbc.ClientBaseDataSource dataSource_; public String serverNameIP_; public int portNumber_; - public boolean useSSL_ = false; + public int clientSSLMode_ = org.apache.derby.jdbc.ClientBaseDataSource.SSL_OFF; public java.util.Hashtable clientCursorNameCache_ = new java.util.Hashtable(); public boolean canUseCachedConnectBytes_ = false; @@ -199,7 +199,7 @@ loginTimeout_, serverNameIP_, portNumber_, - false /*TODO: SSL & Datasource*/); + 0 /*TODO: SSL & Datasource*/); } // For jdbc 2 connections @@ -228,7 +228,7 @@ loginTimeout_, serverNameIP_, portNumber_, - false /*TODO: SSL & Datasource*/); + 0 /*TODO: SSL & Datasource*/); } // This is a callback method, called by subsystem - NetConnection @@ -321,13 +321,13 @@ loginTimeout_ = driverManagerLoginTimeout; serverNameIP_ = serverName; portNumber_ = portNumber; - useSSL_ = ClientDataSource.getSsl(properties); + clientSSLMode_ = ClientDataSource.getClientSSLMode(properties); agent_ = newAgent_(logWriter, loginTimeout_, serverNameIP_, portNumber_, - useSSL_); + clientSSLMode_); } // Users are advised to call the method close() on Statement and Connection objects when they are done with them. @@ -1751,7 +1751,7 @@ String databaseName); //--------------------Abstract material factory methods----------------- - protected abstract Agent newAgent_(LogWriter logWriter, int loginTimeout, String serverName, int portNumber, boolean useSSL) throws SqlException; + protected abstract Agent newAgent_(LogWriter logWriter, int loginTimeout, String serverName, int portNumber, int clientSSLMode) throws SqlException; protected abstract DatabaseMetaData newDatabaseMetaData_(); Added: db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java?view=auto&rev=511785 ============================================================================== --- db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java (added) +++ db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java Mon Feb 26 03:20:10 2007 @@ -0,0 +1,106 @@ +/* + + Derby - Class org.apache.derby.client.net.NaiveTrustManager + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + +package org.apache.derby.client.net; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateException; + +/** + * This is a naive trust manager we use when we don't want server + * authentication. Any certificate will be accepted. + **/ +public class NaiveTrustManager + implements X509TrustManager +{ + + /** + * We don't want more than one instence of this TrustManager + */ + private NaiveTrustManager() + { + } + + static private TrustManager[] thisManager = null; + + /** + * Generate a socket factory with this trust manager. Derby + * Utility routine which is not part of the X509TrustManager + * interface. + **/ + public static SocketFactory getSocketFactory() + throws java.security.NoSuchAlgorithmException, + java.security.KeyManagementException + { + if (thisManager == null) { + thisManager = new TrustManager [] {new NaiveTrustManager()}; + } + + SSLContext ctx = SSLContext.getInstance("SSL"); + ctx.init(null, // Use default key manager + thisManager, + null); // Use default random source + return ctx.getSocketFactory(); + } + + /** + * Checks wether the we trust the client. Since this trust manager + * is just for the Derby clients, this routine is actually never + * called, but need to be here when we implement X509TrustManager. + * @param chain The client's certificate chain + * @param authType authorization type (e.g. "RSA" or "DHE_DSS") + **/ + public void checkClientTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + // Reject all attemtpts to truts a client. We should never end + // up here. + throw new CertificateException(); + } + + /** + * Checks wether the we trust the server, which we allways will. + * @param chain The server's certificate chain + * @param authType authorization type (e.g. "RSA" or "DHE_DSS") + **/ + public void checkServerTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + // Do nothing. We trust everyone. + } + + /** + * Return an array of certificate authority certificates which are + * trusted for authenticating peers. Not relevant for this trust + * manager. + */ + public X509Certificate[] getAcceptedIssuers() + { + return new X509Certificate[0]; + } + +} Propchange: db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java?view=diff&rev=511785&r1=511784&r2=511785 ============================================================================== --- db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java (original) +++ db/derby/code/trunk/java/client/org/apache/derby/client/net/NetAgent.java Mon Feb 26 03:20:10 2007 @@ -82,7 +82,7 @@ String server_; int port_; - boolean useSSL_; + int clientSSLMode_; public CcsidManager sourceCcsidManager_; public CcsidManager targetCcsidManager_; @@ -109,13 +109,13 @@ int loginTimeout, String server, int port, - boolean useSSL) throws SqlException { + int clientSSLMode) throws SqlException { super(netConnection, netLogWriter); server_ = server; port_ = port; netConnection_ = netConnection; - useSSL_ = useSSL; + clientSSLMode_ = clientSSLMode; if (server_ == null) { throw new DisconnectException(this, @@ -124,7 +124,7 @@ } try { - socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new OpenSocketAction(server, port, useSSL_)); + socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new OpenSocketAction(server, port, clientSSLMode_)); } catch (java.security.PrivilegedActionException e) { throw new DisconnectException(this, new ClientMessageId(SQLState.CONNECT_UNABLE_TO_CONNECT_TO_SERVER), Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java?view=diff&rev=511785&r1=511784&r2=511785 ============================================================================== --- db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java (original) +++ db/derby/code/trunk/java/client/org/apache/derby/client/net/NetConnection.java Mon Feb 26 03:20:10 2007 @@ -1081,14 +1081,14 @@ //-------------------Abstract object factories-------------------------------- - protected org.apache.derby.client.am.Agent newAgent_(org.apache.derby.client.am.LogWriter logWriter, int loginTimeout, String serverName, int portNumber, boolean useSSL) + protected org.apache.derby.client.am.Agent newAgent_(org.apache.derby.client.am.LogWriter logWriter, int loginTimeout, String serverName, int portNumber, int clientSSLMode) throws SqlException { return new NetAgent(this, (NetLogWriter) logWriter, loginTimeout, serverName, portNumber, - useSSL); + clientSSLMode); } @@ -1653,9 +1653,9 @@ return new org.apache.derby.client.am.SectionManager(collection, agent, databaseName); } - protected int getSocketAndInputOutputStreams(String server, int port, boolean useSSL) { + protected int getSocketAndInputOutputStreams(String server, int port, int clientSSLMode) { try { - netAgent_.socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new OpenSocketAction(server, port, useSSL)); + netAgent_.socket_ = (java.net.Socket) java.security.AccessController.doPrivileged(new OpenSocketAction(server, port, clientSSLMode)); } catch (java.security.PrivilegedActionException e) { Exception openSocketException = e.getException(); if (netAgent_.loggingEnabled()) { Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java?view=diff&rev=511785&r1=511784&r2=511785 ============================================================================== --- db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java (original) +++ db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java Mon Feb 26 03:20:10 2007 @@ -22,31 +22,44 @@ package org.apache.derby.client.net; import javax.net.SocketFactory; -import javax.net.ServerSocketFactory; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; public class OpenSocketAction implements java.security.PrivilegedExceptionAction { private String server_; private int port_; - private boolean useSSL_; + private int clientSSLMode_; - public OpenSocketAction(String server, int port, boolean useSSL) { + public OpenSocketAction(String server, int port, int clientSSLMode) { server_ = server; port_ = port; - useSSL_ = useSSL; + clientSSLMode_ = clientSSLMode; } public Object run() throws java.net.UnknownHostException, - java.io.IOException { - + java.io.IOException, + java.security.NoSuchAlgorithmException, + java.security.KeyManagementException { + SocketFactory sf; - if (useSSL_) { - sf = SSLSocketFactory.getDefault(); - } else { + switch (clientSSLMode_) { + case org.apache.derby.jdbc.ClientBaseDataSource.SSL_BASIC: + sf = NaiveTrustManager.getSocketFactory(); + break; + case org.apache.derby.jdbc.ClientBaseDataSource.SSL_PEER_AUTHENTICATION: + sf = (SocketFactory)SSLSocketFactory.getDefault(); + break; + case org.apache.derby.jdbc.ClientBaseDataSource.SSL_OFF: + sf = SocketFactory.getDefault(); + break; + default: + // Assumes cleartext for undefined values sf = SocketFactory.getDefault(); + break; } return sf.createSocket(server_, port_); } + } Modified: db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java?view=diff&rev=511785&r1=511784&r2=511785 ============================================================================== --- db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java (original) +++ db/derby/code/trunk/java/client/org/apache/derby/jdbc/ClientBaseDataSource.java Mon Feb 26 03:20:10 2007 @@ -172,9 +172,28 @@ //---------------------- client SSL ---------------- - public static final boolean getSsl(Properties properties) + public final static int SSL_OFF = 0; + public final static int SSL_BASIC = 1; + public final static int SSL_PEER_AUTHENTICATION = 2; + + public static final int getClientSSLMode(Properties properties) { - return Boolean.valueOf(properties.getProperty(Attribute.SSL_ATTR)).booleanValue(); + String s = properties.getProperty(Attribute.SSL_ATTR); + if (s != null){ + if (s.equalsIgnoreCase("off")) { + return SSL_OFF; + } else if (s.equalsIgnoreCase("basic")) { + return SSL_BASIC; + } else if (s.equalsIgnoreCase("peerAuthentication")) { + return SSL_PEER_AUTHENTICATION; + } else { + // Default + return SSL_OFF; + } + } else { + // Default + return SSL_OFF; + } } // ---------------------------- user ----------------------------------- @@ -879,7 +898,7 @@ public final static int TRACE_ALL = 0xFFFFFFFF; public final static int propertyDefault_traceLevel = TRACE_ALL; - + protected int traceLevel = propertyDefault_traceLevel; /** Added: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java?view=auto&rev=511785 ============================================================================== --- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java (added) +++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java Mon Feb 26 03:20:10 2007 @@ -0,0 +1,106 @@ +/* + + Derby - Class org.apache.derby.impl.drda.NaiveTrustManager + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + +package org.apache.derby.impl.drda; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateException; + +/** + * This is a naive trust manager we use when we don't want server + * authentication. Any certificate will be accepted. + **/ +public class NaiveTrustManager + implements X509TrustManager +{ + + /** + * We don't want more than one instence of this TrustManager + */ + private NaiveTrustManager() + { + } + + static private TrustManager[] thisManager = null; + + /** + * Generate a socket factory with this trust manager. Derby + * Utility routine which is not part of the X509TrustManager + * interface. + **/ + public static SocketFactory getSocketFactory() + throws java.security.NoSuchAlgorithmException, + java.security.KeyManagementException + { + if (thisManager == null) { + thisManager = new TrustManager [] {new NaiveTrustManager()}; + } + + SSLContext ctx = SSLContext.getInstance("SSL"); + ctx.init(null, // Use default key manager + thisManager, + null); // Use default random source + return ctx.getSocketFactory(); + } + + /** + * Checks wether the we trust the client. Since this trust manager + * is just for the Derby clients, this routine is actually never + * called, but need to be here when we implement X509TrustManager. + * @param chain The client's certificate chain + * @param authType authorization type (e.g. "RSA" or "DHE_DSS") + **/ + public void checkClientTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + // Reject all attemtpts to truts a client. We should never end + // up here. + throw new CertificateException(); + } + + /** + * Checks wether the we trust the server, which we allways will. + * @param chain The server's certificate chain + * @param authType authorization type (e.g. "RSA" or "DHE_DSS") + **/ + public void checkServerTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + // Do nothing. We trust everyone. + } + + /** + * Return an array of certificate authority certificates which are + * trusted for authenticating peers. Not relevant for this trust + * manager. + */ + public X509Certificate[] getAcceptedIssuers() + { + return new X509Certificate[0]; + } + +} Propchange: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?view=diff&rev=511785&r1=511784&r2=511785 ============================================================================== --- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original) +++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Mon Feb 26 03:20:10 2007 @@ -306,8 +306,8 @@ // SSL related stuff private static final int SSL_OFF = 0; - private static final int SSL_ON = 1; - private static final int SSL_CLIENT_AUTH = 2; + private static final int SSL_BASIC = 1; + private static final int SSL_PEER_AUTHENTICATION = 2; private int sslMode = SSL_OFF; @@ -602,20 +602,21 @@ return sf.createServerSocket(portNumber ,0, hostAddress); - case SSL_ON: + case SSL_BASIC: SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); - return ssf.createServerSocket(portNumber - ,0, - hostAddress); - case SSL_CLIENT_AUTH: + return (SSLServerSocket)ssf.createServerSocket(portNumber, + 0, + hostAddress); + case SSL_PEER_AUTHENTICATION: SSLServerSocketFactory ssf2 = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); - SSLServerSocket sss= (SSLServerSocket)ssf2.createServerSocket(portNumber - ,0, - hostAddress); - sss.setNeedClientAuth(true); - return sss; + SSLServerSocket sss2= + (SSLServerSocket)ssf2.createServerSocket(portNumber, + 0, + hostAddress); + sss2.setNeedClientAuth(true); + return sss2; } } @@ -687,12 +688,12 @@ {Integer.toString(portNumber), att_srvclsnm, versionString, getFormattedTimestamp()}); break; - case SSL_ON: + case SSL_BASIC: consolePropertyMessage("DRDA_SSLReady.I", new String [] {Integer.toString(portNumber), att_srvclsnm, versionString, getFormattedTimestamp()}); break; - case SSL_CLIENT_AUTH: + case SSL_PEER_AUTHENTICATION: consolePropertyMessage("DRDA_SSLClientAuthReady.I", new String [] {Integer.toString(portNumber), att_srvclsnm, versionString, getFormattedTimestamp()}); @@ -2222,7 +2223,11 @@ clientSocket = (Socket) AccessController.doPrivileged( new PrivilegedExceptionAction() { - public Object run() throws UnknownHostException,IOException + public Object run() + throws UnknownHostException, + IOException, + java.security.NoSuchAlgorithmException, + java.security.KeyManagementException { if (hostAddress == null) hostAddress = InetAddress.getByName(hostArg); @@ -2238,10 +2243,17 @@ connectAddress = hostAddress; SocketFactory sf; - if (getSSLMode() > SSL_OFF) { + switch(getSSLMode()) { + case SSL_BASIC: + sf = NaiveTrustManager.getSocketFactory(); + break; + case SSL_PEER_AUTHENTICATION: sf = SSLSocketFactory.getDefault(); - } else { + break; + case SSL_OFF: + default: sf = SocketFactory.getDefault(); + break; } return sf.createSocket(connectAddress, portNumber); } @@ -2802,9 +2814,9 @@ /** * Get the SSL-mode from a string. - * @param s the SSL-mode string ("off", "on"/"true" or - * "clientAuth" - * @return SSL_OFF, SSL_ON or SSL_CLIENT_AUTH. Will default to + * @param s the SSL-mode string ("off"/"false", "on"/"true" or + * "authenticate"/"auth" + * @return SSL_OFF, SSL_BASIC or SSL_PEER_AUTHENTICATION. Will default to * SSL_OFF if the input does not match one of the four listed * above. **/ @@ -2814,13 +2826,9 @@ if (s != null){ if (StringUtil.SQLEqualsIgnoreCase(s,"off")) { return SSL_OFF; - } else if (StringUtil.SQLEqualsIgnoreCase(s,"on")) { - return SSL_ON; - } else if (StringUtil.SQLEqualsIgnoreCase(s,"true")) { - // "true" equivalent to "on" - return SSL_ON; - } else if (StringUtil.SQLEqualsIgnoreCase(s,"clientAuth")) { - return SSL_CLIENT_AUTH; + } else if (StringUtil.SQLEqualsIgnoreCase(s,"basic")) { + return SSL_BASIC; + } else if (StringUtil.SQLEqualsIgnoreCase(s,"peerAuthentication")) { return SSL_PEER_AUTHENTICATION; } else { // Default return SSL_OFF; @@ -2834,9 +2842,10 @@ /** * Get the string value of the SSL-mode. This is the inverse of * getSSLModeValue. - * @param i The SSL-mode value (SSL_OFF, SSL_ON or AAL_CLIENT_AUTH) + * @param i The SSL-mode value (SSL_OFF, SSL_BASIC or + * SSL_PEER_AUTHENTICATION) * @return The string representation ("off","on" or - * "clientAuth"). Will default to SSL_OFF for other values than + * "autneticate"). Will default to SSL_OFF for other values than * those listed above. */ @@ -2844,12 +2853,16 @@ { switch(i) { case SSL_OFF: - default: return "off"; - case SSL_ON: - return "on"; - case SSL_CLIENT_AUTH: - return "clientAuth"; + case SSL_BASIC: + return "basic"; + case SSL_PEER_AUTHENTICATION: + return "peerAuthentication"; + default: + // Assumes no SSL encryption for faulty values Anyway, + // this should not happen thince the input values are + // strings... + return "off"; } } Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java?view=diff&rev=511785&r1=511784&r2=511785 ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java Mon Feb 26 03:20:10 2007 @@ -782,8 +782,9 @@ *
* This property may be set to one of the following three values * off: No Wire encryption - * on: Encryption, but no SSL client authentication - * clientAuth: Encryption and with SSL client authentication + * basic: Encryption, but no SSL client authentication + * peerAuthentication: Encryption and with SSL client + * authentication */ public final static String DRDA_PROP_SSL_MODE = "derby.drda.sslMode";