andrepereiradasilva · andrepereiradasilva · Aug 5, 2019 · Aug 5, 2019 · Aug 5, 2019 · Aug 18, 2019
diff --git a/administrator/components/com_admin/Model/SysinfoModel.php b/administrator/components/com_admin/Model/SysinfoModel.php
@@ -308,16 +308,18 @@ public function &getInfo()
 		$db = $this->getDbo();
 
 		$this->info = array(
-			'php'                   => php_uname(),
-			'dbserver'              => $db->getServerType(),
-			'dbversion'             => $db->getVersion(),
-			'dbcollation'           => $db->getCollation(),
-			'dbconnectioncollation' => $db->getConnectionCollation(),
-			'phpversion'            => PHP_VERSION,
-			'server'                => $_SERVER['SERVER_SOFTWARE'] ?? getenv('SERVER_SOFTWARE'),
-			'sapi_name'             => PHP_SAPI,
-			'version'               => (new Version)->getLongVersion(),
-			'useragent'             => $_SERVER['HTTP_USER_AGENT'] ?? '',
+			'php'                    => php_uname(),
+			'dbserver'               => $db->getServerType(),
+			'dbversion'              => $db->getVersion(),
+			'dbcollation'            => $db->getCollation(),
+			'dbconnectioncollation'  => $db->getConnectionCollation(),
+			'dbconnectionencryption' => $db->getConnectionEncryption(),
+			'dbconnencryptsupported' => $db->isConnectionEncryptionSupported(),
+			'phpversion'             => PHP_VERSION,
+			'server'                 => $_SERVER['SERVER_SOFTWARE'] ?? getenv('SERVER_SOFTWARE'),
+			'sapi_name'              => PHP_SAPI,
+			'version'                => (new Version)->getLongVersion(),
+			'useragent'              => $_SERVER['HTTP_USER_AGENT'] ?? '',
 		);
 
 		return $this->info;

diff --git a/administrator/components/com_admin/tmpl/sysinfo/default_system.php b/administrator/components/com_admin/tmpl/sysinfo/default_system.php
@@ -71,6 +71,22 @@
 					<?php echo $this->info['dbconnectioncollation']; ?>
 				</td>
 			</tr>
+			<tr>
+				<th scope="row">
+					<?php echo Text::_('COM_ADMIN_DATABASE_CONNECTION_ENCRYPTION'); ?>
+				</th>
+				<td>
+					<?php echo $this->info['dbconnectionencryption'] ?: Text::_('JNONE'); ?>
+				</td>
+			</tr>
+			<tr>
+				<th scope="row">
+					<?php echo Text::_('COM_ADMIN_DATABASE_CONNECTION_ENCRYPTION_SUPPORTED'); ?>
+				</th>
+				<td>
+					<?php echo $this->info['dbconnencryptsupported'] ? Text::_('JYES') : Text::_('JNO'); ?>
+				</td>
+			</tr>
 			<tr>
 				<th scope="row">
 					<?php echo Text::_('COM_ADMIN_PHP_VERSION'); ?>

diff --git a/administrator/components/com_config/forms/application.xml b/administrator/components/com_config/forms/application.xml
@@ -231,6 +231,83 @@
 			size="10"
 		/>
 
+		<field
+			name="dbencryption"
+			type="list"
+			label="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_LABEL"
+			desc="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_DESC"
+			default="0"
+			filter="integer"
+			>
+			<option value="0">COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_VALUE_NONE</option>
+			<option value="1">COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_VALUE_ONE_WAY</option>
+			<option value="2">COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_VALUE_TWO_WAY</option>
+		</field>
+
+		<field
+			name="dbsslverifyservercert"
+			type="radio"
+			label="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL"
+			desc="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_DESC"
+			class="switcher"
+			default="0"
+			filter="boolean"
+			showon="dbencryption:1,2"
+			>
+			<option value="0">JNO</option>
+			<option value="1">JYES</option>
+		</field>
+
+		<field
+			name="dbsslkey"
+			type="text"
+			label="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_KEY_LABEL"
+			desc="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_KEY_DESC"
+			filter="string"
+			size="100"
+			showon="dbencryption:2"
+		/>
+
+		<field
+			name="dbsslcert"
+			type="text"
+			label="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CERT_LABEL"
+			desc="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CERT_DESC"
+			filter="string"
+			size="100"
+			showon="dbencryption:2"
+		/>
+
+		<field
+			name="dbsslca"
+			type="text"
+			label="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CA_LABEL"
+			desc="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CA_DESC"
+			filter="string"
+			size="100"
+			showon="dbencryption:2"
+		/>
+
+		<field
+			name="dbsslcapath"
+			type="text"
+			label="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CAPATH_LABEL"
+			desc="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CAPATH_DESC"
+			filter="string"
+			size="100"
+			showon="dbencryption:2"
+		/>
+
+		<field
+			name="dbsslcipher"
+			type="text"
+			label="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CIPHER_LABEL"
+			desc="COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CIPHER_DESC"
+			filter="string"
+			size="100"
+			showon="dbencryption:2"
+		/>
+
 	</fieldset>
 
 	<fieldset

diff --git a/administrator/language/en-GB/en-GB.com_admin.ini b/administrator/language/en-GB/en-GB.com_admin.ini
@@ -9,6 +9,8 @@ COM_ADMIN_CACHE_DIRECTORY="(Cache folder)"
 COM_ADMIN_CONFIGURATION_FILE="Configuration File"
 COM_ADMIN_DATABASE_COLLATION="Database Collation"
 COM_ADMIN_DATABASE_CONNECTION_COLLATION="Database Connection Collation"
+COM_ADMIN_DATABASE_CONNECTION_ENCRYPTION="Database Connection Encryption"
+COM_ADMIN_DATABASE_CONNECTION_ENCRYPTION_SUPPORTED="Database Server Supports Connection Encryption"
 COM_ADMIN_DATABASE_TYPE="Database Type"
 COM_ADMIN_DATABASE_VERSION="Database Version"
 COM_ADMIN_DIRECTORY="Folder"

diff --git a/administrator/language/en-GB/en-GB.com_config.ini b/administrator/language/en-GB/en-GB.com_config.ini
@@ -36,6 +36,23 @@ COM_CONFIG_FIELD_CACHE_TIME_LABEL="Cache Time (minutes)"
 COM_CONFIG_FIELD_COOKIE_DOMAIN_DESC="Precede domain with '.' if cookie should be valid for all subdomains."
 COM_CONFIG_FIELD_COOKIE_DOMAIN_LABEL="Cookie Domain"
 COM_CONFIG_FIELD_COOKIE_PATH_LABEL="Cookie Path"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CA_DESC="..."
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CA_LABEL="CA File"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CAPATH_DESC="..."
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CAPATH_LABEL="CA Path"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CERT_DESC="..."
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CERT_LABEL="Certificate File"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CIPHER_DESC="..."
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_CIPHER_LABEL="Cipher Suite"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_DESC="Connection Encryption desc..."
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_LABEL="Connection Encryption"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_VALUE_NONE="No encryption"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_VALUE_ONE_WAY="One-way encryption"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_ENABLE_VALUE_TWO_WAY="Two-way encryption"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_KEY_DESC="Private Key File desc..."
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_KEY_LABEL="Private Key File"
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_DESC="Verify desc..."
+COM_CONFIG_FIELD_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL="Verify"
 COM_CONFIG_FIELD_DATABASE_HOST_LABEL="Host"
 COM_CONFIG_FIELD_DATABASE_NAME_LABEL="Database Name"
 COM_CONFIG_FIELD_DATABASE_PREFIX_LABEL="Database Tables Prefix"

diff --git a/libraries/src/Factory.php b/libraries/src/Factory.php
@@ -667,6 +667,24 @@ protected static function createDbo()
 
 		$options = array('driver' => $driver, 'host' => $host, 'user' => $user, 'password' => $password, 'database' => $database, 'prefix' => $prefix);
 
+		if ((int) $conf->get('dbencryption') !== 0)
+		{
+			$options['ssl'] = [
+				'enable'             => true,
+				'verify_server_cert' => (bool) $conf->get('dbsslverifyservercert'),
+			];
+
+			foreach (['cipher', 'ca', 'capath', 'key', 'cert'] as $key => $value)
+			{
+				$confVal = trim($conf->get('dbssl' . $value, ''));
+
+				if ($confVal !== '')
+				{
+					$options['ssl'][$value] = $confVal;
+				}
+			}
+		}
+
 		try
 		{
 			$db = DatabaseDriver::getInstance($options);

diff --git a/libraries/src/Service/Provider/Database.php b/libraries/src/Service/Provider/Database.php
@@ -90,6 +90,24 @@ function (Container $container)
 						'prefix'   => $conf->get('dbprefix'),
 					];
 
+					if ((int) $conf->get('dbencryption') !== 0)
+					{
+						$options['ssl'] = [
+							'enable'             => true,
+							'verify_server_cert' => (bool) $conf->get('dbsslverifyservercert'),
+						];
+
+						foreach (['cipher', 'ca', 'capath', 'key', 'cert'] as $key => $value)
+						{
+							$confVal = trim($conf->get('dbssl' . $value, ''));
+
+							if ($confVal !== '')
+							{
+								$options['ssl'][$value] = $confVal;
+							}
+						}
+					}
+
 					// Enable utf8mb4 connections for mysql adapters
 					if (strtolower($dbtype) === 'mysqli')
 					{

diff --git a/plugins/system/debug/DataCollector/InfoCollector.php b/plugins/system/debug/DataCollector/InfoCollector.php
@@ -206,6 +206,8 @@ private function getDatabaseInfo(array $info): array
 			'dbversion' => $info['dbversion'] ?? '',
 			'dbcollation' => $info['dbcollation'] ?? '',
 			'dbconnectioncollation' => $info['dbconnectioncollation'] ?? '',
+			'dbconnectionencryption' => $info['dbconnectionencryption'] ?? '',
+			'dbconnencryptsupported' => $info['dbconnencryptsupported'] ?? '',
 		];
 	}
 }