Skip to content
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
65d56c0
Enable TLS connections in Mysqli driver
andrepereiradasilva Jul 15, 2019
0d331d3
Enable TLS connections in PDO Mysql driver
andrepereiradasilva Jul 15, 2019
06a9396
Add getConnectionEncryption to interface
andrepereiradasilva Jul 15, 2019
5e73c2a
Add getConnectionEncryption() empty method to SqlLite Driver
andrepereiradasilva Jul 15, 2019
4502c64
Add getConnectionEncryption() empty method to Sqlsrv Driver
andrepereiradasilva Jul 15, 2019
c50fe4e
@andrepereiradasilva Add getConnectionEncryption() empty method to Pg…
andrepereiradasilva Jul 15, 2019
233f2ee
Add getConnectionEncryption() method to NoSQL Driver test
andrepereiradasilva Jul 15, 2019
829aa6b
Add getConnectionEncryption methos to driver mock
andrepereiradasilva Jul 15, 2019
55f1fbc
cs line size ...
andrepereiradasilva Jul 15, 2019
367784f
cs line size ...
andrepereiradasilva Jul 15, 2019
ddcadcb
cs again
andrepereiradasilva Jul 15, 2019
5936623
default cipher suit
andrepereiradasilva Jul 15, 2019
66c39cf
static...
andrepereiradasilva Jul 15, 2019
8de2ead
ups
andrepereiradasilva Jul 15, 2019
cbba29a
move tls options to main PDO driver so it's available fro all PDO dri…
andrepereiradasilva Jul 16, 2019
42f7bd8
move tls options to main PDO driver so it's available fro all PDO dri…
andrepereiradasilva Jul 16, 2019
1b61431
Add TLS encryption to postgresql PDO driver (by docs - not tested)
andrepereiradasilva Jul 16, 2019
1a7de1c
cs
andrepereiradasilva Jul 16, 2019
9b5820c
getConnectionEncryption for postgresql (form docs - not tested)
andrepereiradasilva Jul 16, 2019
c4ee862
Update src/Mysql/MysqlDriver.php
andrepereiradasilva Jul 22, 2019
84f5578
Update src/Mysql/MysqlDriver.php
andrepereiradasilva Jul 22, 2019
3da0568
Update src/Mysql/MysqlDriver.php
andrepereiradasilva Jul 22, 2019
19c1564
Update src/Mysql/MysqlDriver.php
andrepereiradasilva Jul 22, 2019
6c26322
Update src/Pdo/PdoDriver.php
andrepereiradasilva Jul 22, 2019
326ac82
Update MysqlDriver.php
andrepereiradasilva Jul 22, 2019
2392206
Update PdoDriver.php
richard67 Aug 6, 2019
2f5242a
Merge pull request #4 from richard67/patch-2
andrepereiradasilva Aug 6, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions src/DatabaseInterface.php
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,15 @@ public function getConnection();
*/
public function getConnectionCollation();

/**
* Method to get the database encryption details (cipher and protocol) in use.
*
* @return string The database encryption details.
*
* @since __DEPLOY_VERSION__
*/
public function getConnectionEncryption(): string;
Comment thread
andrepereiradasilva marked this conversation as resolved.

/**
* Get the total number of SQL statements executed by the database driver.
*
Expand Down
62 changes: 62 additions & 0 deletions src/Mysql/MysqlDriver.php
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,18 @@ public function __construct(array $options)
$options['driver'] = 'mysql';
$options['charset'] = $options['charset'] ?? 'utf8';
$options['sqlModes'] = isset($options['sqlModes']) ? (array) $options['sqlModes'] : $sqlModes;
$options['ssl'] = isset($options['ssl']) ? $options['ssl'] : [];

if ($options['ssl'] !== [])
{
$options['ssl']['enable'] = isset($options['ssl']['enable']) ? $options['ssl']['enable'] : false;
$options['ssl']['cipher'] = isset($options['ssl']['cipher']) ? $options['ssl']['cipher'] : null;
$options['ssl']['ca'] = isset($options['ssl']['ca']) ? $options['ssl']['ca'] : null;
$options['ssl']['capath'] = isset($options['ssl']['capath']) ? $options['ssl']['capath'] : null;
$options['ssl']['key'] = isset($options['ssl']['key']) ? $options['ssl']['key'] : null;
$options['ssl']['cert'] = isset($options['ssl']['cert']) ? $options['ssl']['cert'] : null;
$options['ssl']['verify_server_cert'] = isset($options['ssl']['verify_server_cert']) ? $options['ssl']['verify_server_cert'] : null;
}

$this->charset = $options['charset'];

Expand Down Expand Up @@ -132,6 +144,34 @@ public function connect()
return;
}

// For SSL/TLS connection encryption.
if ($this->options['ssl'] !== [] && $this->options['ssl']['enable'] === true)
{
$tlsContextIsNull = true;

// If costumized, add ciphersuit, ca file path, ca path, private key file path and certificate file path to PDO driver options.
Comment thread
andrepereiradasilva marked this conversation as resolved.
Outdated
foreach (['cipher', 'ca', 'capath', 'key', 'cert'] as $key => $value)
{
if ($this->options['ssl'][$value] !== null)
{
$this->options['driverOptions'][constant('\PDO::MYSQL_ATTR_SSL_' . strtoupper($value))] = $this->options['ssl'][$value];
$tlsContextIsNull = false;
}
}

// In PDO, if no cipher, ca, capath, cert and key are set, we can't start TLS one-way encryption, so set a ciphersuit with common ciphers to force it.
if ($tlsContextIsNull === true)
{
$this->options['driverOptions'][\PDO::MYSQL_ATTR_SSL_CIPHER] = 'AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-CBC-SHA256:AES256-CBC-SHA384:DES-CBC3-SHA';
}

// If costumized, for capable systems (PHP 7.0.14+ or PHP 7.1.4+) add flag to verify server certificate (along with Common Name) to PDO driver options.
if ($this->options['ssl']['verify_server_cert'] !== null && defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'))
{
$this->options['driverOptions'][\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $this->options['ssl']['verify_server_cert'];
}
}

try
{
// Try to connect to MySQL
Expand Down Expand Up @@ -296,6 +336,28 @@ public function getConnectionCollation()
return $this->setQuery('SELECT @@collation_connection;')->loadResult();
}

/**
* Method to get the database encryption details (cipher and protocol) in use.
*
* @return string The database encryption details.
*
* @since __DEPLOY_VERSION__
* @throws \RuntimeException
*/
public function getConnectionEncryption(): string
{
$this->connect();

$variables = $this->setQuery('SHOW SESSION STATUS WHERE `Variable_name` IN (\'Ssl_version\', \'Ssl_cipher\')')->loadObjectList('Variable_name');

if (!empty($variables['Ssl_cipher']->Value))
{
return $variables['Ssl_version']->Value . ' (' . $variables['Ssl_cipher']->Value . ')';
}

return '';
}

/**
* Return the query string to create new Database.
*
Expand Down
77 changes: 76 additions & 1 deletion src/Mysqli/MysqliDriver.php
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,18 @@ public function __construct(array $options)
$options['socket'] = $options['socket'] ?? null;
$options['utf8mb4'] = isset($options['utf8mb4']) ? (bool) $options['utf8mb4'] : false;
$options['sqlModes'] = isset($options['sqlModes']) ? (array) $options['sqlModes'] : $sqlModes;
$options['ssl'] = isset($options['ssl']) ? $options['ssl'] : [];

if ($options['ssl'] !== [])
{
$options['ssl']['enable'] = isset($options['ssl']['enable']) ? $options['ssl']['enable'] : false;
$options['ssl']['cipher'] = isset($options['ssl']['cipher']) ? $options['ssl']['cipher'] : null;
$options['ssl']['ca'] = isset($options['ssl']['ca']) ? $options['ssl']['ca'] : null;
$options['ssl']['capath'] = isset($options['ssl']['capath']) ? $options['ssl']['capath'] : null;
$options['ssl']['key'] = isset($options['ssl']['key']) ? $options['ssl']['key'] : null;
$options['ssl']['cert'] = isset($options['ssl']['cert']) ? $options['ssl']['cert'] : null;
$options['ssl']['verify_server_cert'] = isset($options['ssl']['verify_server_cert']) ? $options['ssl']['verify_server_cert'] : null;
}

// Finalize initialisation.
parent::__construct($options);
Expand Down Expand Up @@ -211,9 +223,50 @@ public function connect()

$this->connection = mysqli_init();

$connectionFlags = 0;

// For SSL/TLS connection encryption.
if ($this->options['ssl'] !== [] && $this->options['ssl']['enable'] === true)
{
$connectionFlags += MYSQLI_CLIENT_SSL;

// Verify server certificate is only availble in PHP 5.6.16+. See https://www.php.net/ChangeLog-5.php#5.6.16
if (isset($this->options['ssl']['verify_server_cert']))
{
// New constants in PHP 5.6.16+. See https://www.php.net/ChangeLog-5.php#5.6.16
if ($this->options['ssl']['verify_server_cert'] === true && defined('MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT'))
{
$connectionFlags += MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT;
}
elseif ($this->options['ssl']['verify_server_cert'] === false && defined('MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT'))
{
$connectionFlags += MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
}
elseif (defined('MYSQLI_OPT_SSL_VERIFY_SERVER_CERT'))
{
$this->connection->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, $this->options['ssl']['verify_server_cert']);
}
}

// Add SSL/TLS options only if changed.
$this->connection->ssl_set(
$this->options['ssl']['key'],
$this->options['ssl']['cert'],
$this->options['ssl']['ca'],
$this->options['ssl']['capath'],
$this->options['ssl']['cipher']
);
}

// Attempt to connect to the server, use error suppression to silence warnings and allow us to throw an Exception separately.
$connected = @$this->connection->real_connect(
$this->options['host'], $this->options['user'], $this->options['password'], null, $this->options['port'], $this->options['socket']
$this->options['host'],
$this->options['user'],
$this->options['password'],
null,
$this->options['port'],
$this->options['socket'],
$connectionFlags
);

if (!$connected)
Expand Down Expand Up @@ -408,6 +461,28 @@ public function getConnectionCollation()
return $this->setQuery('SELECT @@collation_connection;')->loadResult();
}

/**
* Method to get the database encryption details (cipher and protocol) in use.
*
* @return string The database encryption details.
*
* @since __DEPLOY_VERSION__
* @throws \RuntimeException
*/
public function getConnectionEncryption(): string
{
$this->connect();

$variables = $this->setQuery('SHOW SESSION STATUS WHERE `Variable_name` IN (\'Ssl_version\', \'Ssl_cipher\')')->loadObjectList('Variable_name');

if (!empty($variables['Ssl_cipher']->Value))
{
return $variables['Ssl_version']->Value . ' (' . $variables['Ssl_cipher']->Value . ')';
}

return '';
}

/**
* Return the query string to create new Database.
*
Expand Down