SCRIPT and RUNSCRIPT: the password can now be set using a prepared statement.…

SCRIPT and RUNSCRIPT: the password can now be set using a prepared statement. Previously, it was required to be a literal in the SQL statement.

h2/src/docsrc/html/changelog.html

@@ -18,7 +18,9 @@ Change Log
 <h1>Change Log</h1>
 
 <h2>Next Version (unreleased)</h2>
-<ul><li>MySQL compatibility: SUBSTR with a negative start index now works like MySQL.
+<ul><li>SCRIPT and RUNSCRIPT: the password can now be set using a prepared statement.
+    Previously, it was required to be a literal in the SQL statement.
+</li><li>MySQL compatibility: SUBSTR with a negative start index now works like MySQL.
 </li><li>When enabling autocommit, the transaction is now committed (as required by the JDBC API).
 </li><li>The shell script <code>h2.sh</code> did not work with spaces in the path.
     It also works now with quoted spaces in the argument list.

h2/src/main/org/h2/command/Parser.java

@@ -4677,7 +4677,7 @@ public class Parser {
         if (readIf("CIPHER")) {
             command.setCipher(readUniqueIdentifier());
             if (readIf("PASSWORD")) {
-                command.setPassword(readString().toCharArray());
+                command.setPassword(readExpression());
             }
         }
         if (readIf("CHARSET")) {
@@ -4721,7 +4721,7 @@ public class Parser {
             if (readIf("CIPHER")) {
                 command.setCipher(readUniqueIdentifier());
                 if (readIf("PASSWORD")) {
-                    command.setPassword(readString().toCharArray());
+                    command.setPassword(readExpression());
                 }
             }
             if (readIf("CHARSET")) {

h2/src/main/org/h2/command/dml/ScriptBase.java

@@ -56,10 +56,12 @@ abstract class ScriptBase extends Prepared implements DataHandler {
      * The file name (if set).
      */
     private Expression fileNameExpr;
+
+    private Expression password;
+
     private String fileName;
 
     private String cipher;
-    private byte[] key;
     private FileStore store;
     private String compressionAlgorithm;
 
@@ -75,8 +77,8 @@ abstract class ScriptBase extends Prepared implements DataHandler {
         return cipher != null;
     }
 
-    public void setPassword(char[] password) {
-        key = SHA256.getKeyPasswordHash("script", password);
+    public void setPassword(Expression password) {
+        this.password = password;
     }
 
     public void setFileNameExpr(Expression file) {
@@ -110,7 +112,11 @@ abstract class ScriptBase extends Prepared implements DataHandler {
 
     private void initStore() {
         Database db = session.getDatabase();
-        // script files are always in text format
+        byte[] key = null;
+        if (cipher != null && password != null) {
+            char[] pass = password.optimize(session).getValue(session).getString().toCharArray();
+            key = SHA256.getKeyPasswordHash("script", pass);
+        }
         String file = getFileName();
         store = FileStore.open(db, file, "rw", cipher, key);
         store.setCheckedWriting(false);

h2/src/test/org/h2/test/db/TestRunscript.java

@@ -201,11 +201,16 @@ public class TestRunscript extends TestBase implements Trigger {
         PreparedStatement prep = conn1.prepareStatement("insert into blob values (?)");
         prep.setBytes(1, new byte[65536]);
         prep.execute();
-        String sql = "script to '" + getBaseDir() + "/backup.2.sql'";
+        String sql = "script to ?";
         if (password) {
-            sql += " CIPHER AES PASSWORD 't1e2s3t4'";
+            sql += " CIPHER AES PASSWORD ?";
+        }
+        prep = conn1.prepareStatement(sql);
+        prep.setString(1, getBaseDir() + "/backup.2.sql");
+        if (password) {
+            prep.setString(2, "t1e2s3t4");
         }
-        stat1.execute(sql);
+        prep.execute();
 
         deleteDb("runscriptRestore");
         conn2 = getConnection("runscriptRestore");