diff --git a/installation/forms/setup.xml b/installation/forms/setup.xml
index 61c3587613914..d093f284c50cd 100644
--- a/installation/forms/setup.xml
+++ b/installation/forms/setup.xml
@@ -122,5 +122,79 @@
id="db_old"
default="backup"
/>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/installation/language/en-GB/en-GB.ini b/installation/language/en-GB/en-GB.ini
index d8c09ce9749ed..d5fba73fce3ca 100644
--- a/installation/language/en-GB/en-GB.ini
+++ b/installation/language/en-GB/en-GB.ini
@@ -28,6 +28,16 @@ INSTL_SETUP_LOGIN_DATA="Setup Login Data"
;Precheck view
INSTL_DATABASE_SUPPORT="Database Support:"
+INSTL_DATABASE_ENCRYPTION_CA_LABEL="Path to CA File"
+INSTL_DATABASE_ENCRYPTION_CAPATH_LABEL="Path to CA Folder"
+INSTL_DATABASE_ENCRYPTION_CERT_LABEL="Path to Certificate File"
+INSTL_DATABASE_ENCRYPTION_CIPHER_LABEL="Supported Cipher Suite"
+INSTL_DATABASE_ENCRYPTION_ENABLE_LABEL="Connection Encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_NONE="Default (server controlled)"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_ONE_WAY="One-way encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_TWO_WAY="Two-way encryption"
+INSTL_DATABASE_ENCRYPTION_KEY_LABEL="Path to Private Key File"
+INSTL_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL="Verify Server Certificate"
INSTL_JSON_SUPPORT_AVAILABLE="JSON Support"
INSTL_MB_LANGUAGE_IS_DEFAULT="MB Language is Default"
INSTL_MB_STRING_OVERLOAD_OFF="MB String Overload Off"
diff --git a/installation/language/en-US/en-US.ini b/installation/language/en-US/en-US.ini
index dfdb4437ec119..dc96c089e9348 100644
--- a/installation/language/en-US/en-US.ini
+++ b/installation/language/en-US/en-US.ini
@@ -51,6 +51,16 @@ INSTL_ZLIB_COMPRESSION_SUPPORT="Zlib Compression Support"
; Database view
INSTL_DATABASE="Database Configuration"
+INSTL_DATABASE_ENCRYPTION_CA_LABEL="Path to CA File"
+INSTL_DATABASE_ENCRYPTION_CAPATH_LABEL="Path to CA Folder"
+INSTL_DATABASE_ENCRYPTION_CERT_LABEL="Path to Certificate File"
+INSTL_DATABASE_ENCRYPTION_CIPHER_LABEL="Supported Cipher Suite"
+INSTL_DATABASE_ENCRYPTION_ENABLE_LABEL="Connection Encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_NONE="Default (server controlled)"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_ONE_WAY="One-way encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_TWO_WAY="Two-way encryption"
+INSTL_DATABASE_ENCRYPTION_KEY_LABEL="Path to Private Key File"
+INSTL_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL="Verify Server Certificate"
INSTL_DATABASE_ERROR_POSTGRESQL_QUERY="PostgreSQL database query failed."
INSTL_DATABASE_HOST_DESC="Enter the host name, usually \"localhost\" or a name provided by your host."
INSTL_DATABASE_HOST_LABEL="Host Name"
diff --git a/installation/src/Helper/DatabaseHelper.php b/installation/src/Helper/DatabaseHelper.php
index d0b4bd49f3aae..16d50e99c1297 100644
--- a/installation/src/Helper/DatabaseHelper.php
+++ b/installation/src/Helper/DatabaseHelper.php
@@ -30,12 +30,13 @@ abstract class DatabaseHelper
* @param string $database The database to use.
* @param string $prefix The table prefix to use.
* @param boolean $select True if the database should be selected.
+ * @param array $ssl Database TLS connection options.
*
* @return DatabaseInterface
*
* @since 1.6
*/
- public static function getDbo($driver, $host, $user, $password, $database, $prefix, $select = true)
+ public static function getDbo($driver, $host, $user, $password, $database, $prefix, $select = true, array $ssl = [])
{
static $db;
@@ -52,6 +53,22 @@ public static function getDbo($driver, $host, $user, $password, $database, $pref
'select' => $select,
];
+ if (isset($ssl['dbencryption']) === true && (int) $ssl['dbencryption'] !== 0)
+ {
+ $options['ssl'] = [
+ 'enable' => true,
+ 'verify_server_cert' => (bool) $ssl['dbsslverifyservercert'],
+ ];
+ foreach (['cipher', 'ca', 'capath', 'key', 'cert'] as $value)
+ {
+ $confVal = trim($ssl['dbssl' . $value]);
+ if ($confVal !== '')
+ {
+ $options['ssl'][$value] = $confVal;
+ }
+ }
+ }
+
// Enable utf8mb4 connections for mysql adapters
if (strtolower($driver) === 'mysqli')
{
@@ -69,4 +86,26 @@ public static function getDbo($driver, $host, $user, $password, $database, $pref
return $db;
}
+
+ /**
+ * Convert encryption options to array.
+ *
+ * @param \stdClass $options The session options
+ *
+ * @return array The encryption settings
+ *
+ * @since __DEPLOY_VERSION__
+ */
+ public static function getEncryptionSettings($options)
+ {
+ return [
+ 'dbencryption' => $options->db_encryption,
+ 'dbsslverifyservercert' => $options->db_sslverifyservercert,
+ 'dbsslkey' => $options->db_sslkey,
+ 'dbsslcert' => $options->db_sslcert,
+ 'dbsslca' => $options->db_sslca,
+ 'dbsslcapath' => $options->db_sslcapath,
+ 'dbsslcipher' => $options->db_sslcipher,
+ ];
+ }
}
diff --git a/installation/src/Model/ConfigurationModel.php b/installation/src/Model/ConfigurationModel.php
index c84655021981b..f76820a44d995 100644
--- a/installation/src/Model/ConfigurationModel.php
+++ b/installation/src/Model/ConfigurationModel.php
@@ -275,7 +275,9 @@ private function createRootUser($options)
$options->db_user,
$options->db_pass_plain,
$options->db_name,
- $options->db_prefix
+ $options->db_prefix,
+ true,
+ DatabaseHelper::getEncryptionSettings($options)
);
}
catch (\RuntimeException $e)
diff --git a/installation/src/Model/DatabaseModel.php b/installation/src/Model/DatabaseModel.php
index 006d95728e02f..56904fb2b46b2 100644
--- a/installation/src/Model/DatabaseModel.php
+++ b/installation/src/Model/DatabaseModel.php
@@ -307,7 +307,8 @@ public function initialise()
$options->db_pass_plain,
$options->db_name,
$options->db_prefix,
- isset($options->db_select) ? $options->db_select : false
+ isset($options->db_select) ? $options->db_select : false,
+ DatabaseHelper::getEncryptionSettings($options)
);
}
catch (\RuntimeException $e)
@@ -380,6 +381,7 @@ public function createDatabase($options)
'password' => $options->db_pass_plain,
'prefix' => $options->db_prefix,
'select' => $options->db_select,
+ DatabaseHelper::getEncryptionSettings($options),
);
$altDB = DatabaseDriver::getInstance($altDBoptions);
diff --git a/installation/src/Model/SetupModel.php b/installation/src/Model/SetupModel.php
index 7dd2faceefde6..67e1e78bdb987 100644
--- a/installation/src/Model/SetupModel.php
+++ b/installation/src/Model/SetupModel.php
@@ -364,7 +364,8 @@ public function validateDbConnection()
$options->db_pass_plain,
$options->db_name,
$options->db_prefix,
- isset($options->db_select) ? $options->db_select : false
+ isset($options->db_select) ? $options->db_select : false,
+ DatabaseHelper::getEncryptionSettings($options)
);
$db->connect();
diff --git a/installation/template/js/setup.js b/installation/template/js/setup.js
index 7e02da13b509d..2bc789f265c90 100644
--- a/installation/template/js/setup.js
+++ b/installation/template/js/setup.js
@@ -117,6 +117,23 @@ Joomla.checkDbCredentials = function() {
});
};
+/**
+ * Method reset DB Encryption fields when localhost is chosen
+ *
+ * @return void
+ */
+Joomla.resetDbEncryptionFields = function() {
+ if (document.getElementById('jform_db_host').value === 'localhost') {
+ document.getElementById('jform_db_sslverifyservercert0').checked = true;
+ document.getElementById('jform_db_sslverifyservercert1').checked = false;
+ document.getElementById('jform_db_sslkey').value = '';
+ document.getElementById('jform_db_sslcert').value = '';
+ document.getElementById('jform_db_sslca').value = '';
+ document.getElementById('jform_db_sslcapath').value = '';
+ document.getElementById('jform_db_sslcipher').value = '';
+ document.getElementById('jform_db_encryption').value = 0;
+ }
+};
(function() {
// Merge options from the session storage
@@ -180,6 +197,12 @@ Joomla.checkDbCredentials = function() {
if (document.getElementById('jform_db_type')) {
document.getElementById('jform_db_type').focus();
}
+
+ // Attach event to dbhost field
+ var dbHostField = document.getElementById('jform_db_host');
+
+ dbHostField.addEventListener('change', Joomla.resetDbEncryptionFields);
+ dbHostField.addEventListener('keyup', Joomla.resetDbEncryptionFields);
}
}
});
@@ -190,5 +213,5 @@ Joomla.checkDbCredentials = function() {
Joomla.checkInputs();
})
}
-
+
})();
diff --git a/installation/template/js/template.js b/installation/template/js/template.js
index 32fbf67f52343..0e3be0f3a4a79 100644
--- a/installation/template/js/template.js
+++ b/installation/template/js/template.js
@@ -14,7 +14,7 @@
var name = elements[i].name;
var value = elements[i].value;
if(name) {
- if ((elements[i].type === 'checkbox' && elements[i].checked === true) || (elements[i].type !== 'checkbox')) {
+ if (((elements[i].type === 'checkbox' || elements[i].type === 'radio') && elements[i].checked === true) || (elements[i].type !== 'checkbox' && elements[i].type !== 'radio')) {
obj.push(name.replace('[', '%5B').replace(']', '%5D') + '=' + encodeURIComponent(value));
}
}
diff --git a/installation/tmpl/setup/default.php b/installation/tmpl/setup/default.php
index 4d496164d48a7..125bf4e2fece4 100644
--- a/installation/tmpl/setup/default.php
+++ b/installation/tmpl/setup/default.php
@@ -102,6 +102,13 @@
form->getLabel('db_prefix'); ?>
form->getInput('db_prefix'); ?>
+ form->getField('db_encryption')->renderField(); ?>
+ form->getField('db_sslverifyservercert')->renderField(); ?>
+ form->getField('db_sslkey')->renderField(); ?>
+ form->getField('db_sslcert')->renderField(); ?>
+ form->getField('db_sslca')->renderField(); ?>
+ form->getField('db_sslcapath')->renderField(); ?>
+ form->getField('db_sslcipher')->renderField(); ?>
form->getLabel('db_old'); ?>
form->getInput('db_old'); ?>