richard67 · richard67 · Nov 1, 2019 · Oct 20, 2019 · Oct 20, 2019 · Oct 20, 2019
diff --git a/installation/forms/setup.xml b/installation/forms/setup.xml
@@ -122,5 +122,79 @@
 			id="db_old"
 			default="backup"
 		/>
+
+		<field
+			name="db_encryption"
+			type="list"
+			label="INSTL_DATABASE_ENCRYPTION_ENABLE_LABEL"
+			class="custom-select"
+			required="true"
+			default="0"
+			filter="integer"
+			showon="db_host!:localhost"
+			>
+			<option value="0">INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_NONE</option>
+			<option value="1">INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_ONE_WAY</option>
+			<option value="2">INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_TWO_WAY</option>
+		</field>
+
+		<field
+			name="db_sslverifyservercert"
+			type="radio"
+			label="INSTL_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL"
+			class="switcher"
+			default="0"
+			filter="boolean"
+			showon="db_host!:localhost[AND]db_encryption:1,2"
+			>
+			<option value="0">JNO</option>
+			<option value="1">JYES</option>
+		</field>
+
+		<field
+			name="db_sslkey"
+			type="text"
+			label="INSTL_DATABASE_ENCRYPTION_KEY_LABEL"
+			filter="string"
+			size="250"
+			showon="db_host!:localhost[AND]db_encryption:2"
+		/>
+
+		<field
+			name="db_sslcert"
+			type="text"
+			label="INSTL_DATABASE_ENCRYPTION_CERT_LABEL"
+			filter="string"
+			size="250"
+			showon="db_host!:localhost[AND]db_encryption:2"
+		/>
+
+		<field
+			name="db_sslca"
+			type="text"
+			label="INSTL_DATABASE_ENCRYPTION_CA_LABEL"
+			filter="string"
+			size="250"
+			showon="db_host!:localhost[AND]db_encryption:2"
+		/>
+
+		<field
+			name="db_sslcapath"
+			type="text"
+			label="INSTL_DATABASE_ENCRYPTION_CAPATH_LABEL"
+			filter="string"
+			size="250"
+			showon="db_host!:localhost[AND]db_type:mysql,mysqli[AND]db_encryption:2"
+		/>
+
+		<field
+			name="db_sslcipher"
+			type="text"
+			label="INSTL_DATABASE_ENCRYPTION_CIPHER_LABEL"
+			filter="string"
+			size="300"
+			showon="db_host!:localhost[AND]db_type:mysql,mysqli[AND]db_encryption:2"
+		/>
+
 	</fieldset>
 </form>
diff --git a/installation/language/en-GB/en-GB.ini b/installation/language/en-GB/en-GB.ini
@@ -28,6 +28,16 @@ INSTL_SETUP_LOGIN_DATA="Setup Login Data"
 
 ;Precheck view
 INSTL_DATABASE_SUPPORT="Database Support:"
+INSTL_DATABASE_ENCRYPTION_CA_LABEL="Path to CA File"
+INSTL_DATABASE_ENCRYPTION_CAPATH_LABEL="Path to CA Folder"
+INSTL_DATABASE_ENCRYPTION_CERT_LABEL="Path to Certificate File"
+INSTL_DATABASE_ENCRYPTION_CIPHER_LABEL="Supported Cipher Suite"
+INSTL_DATABASE_ENCRYPTION_ENABLE_LABEL="Connection Encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_NONE="Default (server controlled)"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_ONE_WAY="One-way encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_TWO_WAY="Two-way encryption"
+INSTL_DATABASE_ENCRYPTION_KEY_LABEL="Path to Private Key File"
+INSTL_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL="Verify Server Certificate"
 INSTL_JSON_SUPPORT_AVAILABLE="JSON Support"
 INSTL_MB_LANGUAGE_IS_DEFAULT="MB Language is Default"
 INSTL_MB_STRING_OVERLOAD_OFF="MB String Overload Off"

diff --git a/installation/language/en-US/en-US.ini b/installation/language/en-US/en-US.ini
@@ -51,6 +51,16 @@ INSTL_ZLIB_COMPRESSION_SUPPORT="Zlib Compression Support"
 
 ; Database view
 INSTL_DATABASE="Database Configuration"
+INSTL_DATABASE_ENCRYPTION_CA_LABEL="Path to CA File"
+INSTL_DATABASE_ENCRYPTION_CAPATH_LABEL="Path to CA Folder"
+INSTL_DATABASE_ENCRYPTION_CERT_LABEL="Path to Certificate File"
+INSTL_DATABASE_ENCRYPTION_CIPHER_LABEL="Supported Cipher Suite"
+INSTL_DATABASE_ENCRYPTION_ENABLE_LABEL="Connection Encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_NONE="Default (server controlled)"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_ONE_WAY="One-way encryption"
+INSTL_DATABASE_ENCRYPTION_ENABLE_VALUE_TWO_WAY="Two-way encryption"
+INSTL_DATABASE_ENCRYPTION_KEY_LABEL="Path to Private Key File"
+INSTL_DATABASE_ENCRYPTION_VERIFY_SERVER_CERT_LABEL="Verify Server Certificate"
 INSTL_DATABASE_ERROR_POSTGRESQL_QUERY="PostgreSQL database query failed."
 INSTL_DATABASE_HOST_DESC="Enter the host name, usually \"localhost\" or a name provided by your host."
 INSTL_DATABASE_HOST_LABEL="Host Name"

diff --git a/installation/src/Helper/DatabaseHelper.php b/installation/src/Helper/DatabaseHelper.php
@@ -30,12 +30,13 @@ abstract class DatabaseHelper
 	 * @param   string   $database  The database to use.
 	 * @param   string   $prefix    The table prefix to use.
 	 * @param   boolean  $select    True if the database should be selected.
+	 * @param   array    $ssl       Database TLS connection options.
 	 *
 	 * @return  DatabaseInterface
 	 *
 	 * @since   1.6
 	 */
-	public static function getDbo($driver, $host, $user, $password, $database, $prefix, $select = true)
+	public static function getDbo($driver, $host, $user, $password, $database, $prefix, $select = true, array $ssl = [])
 	{
 		static $db;
 
@@ -52,6 +53,22 @@ public static function getDbo($driver, $host, $user, $password, $database, $pref
 				'select'   => $select,
 			];
 
+			if (isset($ssl['dbencryption']) === true && (int) $ssl['dbencryption'] !== 0)
+			{
+				$options['ssl'] = [
+					'enable'             => true,
+					'verify_server_cert' => (bool) $ssl['dbsslverifyservercert'],
+				];
+				foreach (['cipher', 'ca', 'capath', 'key', 'cert'] as $value)
+				{
+					$confVal = trim($ssl['dbssl' . $value]);
+					if ($confVal !== '')
+					{
+						$options['ssl'][$value] = $confVal;
+					}
+				}
+			}
+
 			// Enable utf8mb4 connections for mysql adapters
 			if (strtolower($driver) === 'mysqli')
 			{
@@ -69,4 +86,26 @@ public static function getDbo($driver, $host, $user, $password, $database, $pref
 
 		return $db;
 	}
+
+	/**
+	 * Convert encryption options to array.
+	 *
+	 * @param   \stdClass  $options  The session options
+	 *
+	 * @return  array  The encryption settings
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public static function getEncryptionSettings($options)
+	{
+		return [
+			'dbencryption'          => $options->db_encryption,
+			'dbsslverifyservercert' => $options->db_sslverifyservercert,
+			'dbsslkey'              => $options->db_sslkey,
+			'dbsslcert'             => $options->db_sslcert,
+			'dbsslca'               => $options->db_sslca,
+			'dbsslcapath'           => $options->db_sslcapath,
+			'dbsslcipher'           => $options->db_sslcipher,
+		];
+	}
 }
diff --git a/installation/src/Model/ConfigurationModel.php b/installation/src/Model/ConfigurationModel.php
@@ -275,7 +275,9 @@ private function createRootUser($options)
 				$options->db_user,
 				$options->db_pass_plain,
 				$options->db_name,
-				$options->db_prefix
+				$options->db_prefix,
+				true,
+				DatabaseHelper::getEncryptionSettings($options)
 			);
 		}
 		catch (\RuntimeException $e)

diff --git a/installation/src/Model/DatabaseModel.php b/installation/src/Model/DatabaseModel.php
@@ -307,7 +307,8 @@ public function initialise()
 				$options->db_pass_plain,
 				$options->db_name,
 				$options->db_prefix,
-				isset($options->db_select) ? $options->db_select : false
+				isset($options->db_select) ? $options->db_select : false,
+				DatabaseHelper::getEncryptionSettings($options)
 			);
 		}
 		catch (\RuntimeException $e)
@@ -380,6 +381,7 @@ public function createDatabase($options)
 					'password' => $options->db_pass_plain,
 					'prefix'   => $options->db_prefix,
 					'select'   => $options->db_select,
+					DatabaseHelper::getEncryptionSettings($options),
 				);
 
 				$altDB = DatabaseDriver::getInstance($altDBoptions);

diff --git a/installation/src/Model/SetupModel.php b/installation/src/Model/SetupModel.php
@@ -364,7 +364,8 @@ public function validateDbConnection()
 				$options->db_pass_plain,
 				$options->db_name,
 				$options->db_prefix,
-				isset($options->db_select) ? $options->db_select : false
+				isset($options->db_select) ? $options->db_select : false,
+				DatabaseHelper::getEncryptionSettings($options)
 			);
 
 			$db->connect();

diff --git a/installation/template/js/setup.js b/installation/template/js/setup.js
@@ -117,6 +117,23 @@ Joomla.checkDbCredentials = function() {
   });
 };
 
+/**
+ * Method reset DB Encryption fields when localhost is chosen
+ *
+ * @return void
+ */
+Joomla.resetDbEncryptionFields = function() {
+	if (document.getElementById('jform_db_host').value === 'localhost') {
+		document.getElementById('jform_db_sslverifyservercert0').checked = true;
+		document.getElementById('jform_db_sslverifyservercert1').checked = false;
+		document.getElementById('jform_db_sslkey').value = '';
+		document.getElementById('jform_db_sslcert').value = '';
+		document.getElementById('jform_db_sslca').value = '';
+		document.getElementById('jform_db_sslcapath').value = '';
+		document.getElementById('jform_db_sslcipher').value = '';
+		document.getElementById('jform_db_encryption').value = 0;
+	}
+};
 
 (function() {
   // Merge options from the session storage
@@ -180,6 +197,12 @@ Joomla.checkDbCredentials = function() {
           if (document.getElementById('jform_db_type')) {
             document.getElementById('jform_db_type').focus();
           }
+
+		  // Attach event to dbhost field
+			var dbHostField = document.getElementById('jform_db_host');
+
+			dbHostField.addEventListener('change', Joomla.resetDbEncryptionFields);
+			dbHostField.addEventListener('keyup', Joomla.resetDbEncryptionFields);
         }
       }
     });
@@ -190,5 +213,5 @@ Joomla.checkDbCredentials = function() {
       Joomla.checkInputs();
     })
   }
-
+ 
 })();
diff --git a/installation/template/js/template.js b/installation/template/js/template.js
@@ -14,7 +14,7 @@
       var name = elements[i].name;
       var value = elements[i].value;
       if(name) {
-        if ((elements[i].type === 'checkbox' && elements[i].checked === true) || (elements[i].type !== 'checkbox')) {
+        if (((elements[i].type === 'checkbox' || elements[i].type === 'radio') && elements[i].checked === true) || (elements[i].type !== 'checkbox' && elements[i].type !== 'radio')) {
           obj.push(name.replace('[', '%5B').replace(']', '%5D') + '=' + encodeURIComponent(value));
         }
       }

diff --git a/installation/tmpl/setup/default.php b/installation/tmpl/setup/default.php
@@ -102,6 +102,13 @@
 					<?php echo $this->form->getLabel('db_prefix'); ?>
 					<?php echo $this->form->getInput('db_prefix'); ?>
 				</div>
+				<?php echo $this->form->getField('db_encryption')->renderField(); ?>
+				<?php echo $this->form->getField('db_sslverifyservercert')->renderField(); ?>
+				<?php echo $this->form->getField('db_sslkey')->renderField(); ?>
+				<?php echo $this->form->getField('db_sslcert')->renderField(); ?>
+				<?php echo $this->form->getField('db_sslca')->renderField(); ?>
+				<?php echo $this->form->getField('db_sslcapath')->renderField(); ?>
+				<?php echo $this->form->getField('db_sslcipher')->renderField(); ?>
 				<div class="form-group">
 					<?php //echo $this->form->getLabel('db_old'); ?>
 					<?php echo $this->form->getInput('db_old'); ?>