Merge pull request #142 from fxmw11/master

MySQL over SSL

7 files changed, 53 insertions, 3 deletions

diff --git a/README.md b/README.md
index e2bb19d..ee11548 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,9 @@ Name | Description | Details
 **Database** | The name of the database. | Mandatory.
 **Username** | The name of the user for the connection. | Optional.
 **Password** | The password of the user for the connection. | Optional.
+**SSL CA** | The file path to the SSL certificate authority (relative to Nextcloud serverroot) | Optional.<br/>Requires: SQL driver *mysql*.
+**SSL Certificate** | The file path to the SSL certificate (relative to Nextcloud serverroot) | Optional.<br/>Requires: SQL driver *mysql*.
+**SSL Key** | The file path to the SSL key (relative to Nextcloud serverroot) | Optional.<br/>Requires: SQL driver *mysql*.
 **System wide values** | Place where database connection parameters are stored.<br/>- *true* - config.php (System wide values).<br/>- *false* - database (App values). | Optional.<br/>Default: *false*.
 
 #### Options
diff --git a/js/settings.js b/js/settings.js
index 07c3e41..a78359c 100644
--- a/js/settings.js
+++ b/js/settings.js
@@ -127,6 +127,21 @@ user_sql.adminSettingsUI = function () {
             cryptoChanged();
         };
 
+        $("#db-driver").change(function () {
+            var ssl_ca = $("#db-ssl_ca").parent().parent();
+            var ssl_cert = $("#db-ssl_cert").parent().parent();
+            var ssl_key = $("#db-ssl_key").parent().parent();
+            if ($("#db-driver").val() === 'mysql') {
+                ssl_ca.show();
+                ssl_cert.show();
+                ssl_key.show();
+            } else {
+                ssl_ca.hide();
+                ssl_cert.hide();
+                ssl_key.hide();
+            }
+        });
+
         $("#user_sql-db_connection_verify").click(function (event) {
             return click(event, "/apps/user_sql/settings/db/verify");
         });
diff --git a/lib/Constant/DB.php b/lib/Constant/DB.php
index f3365bd..641674d 100644
--- a/lib/Constant/DB.php
+++ b/lib/Constant/DB.php
@@ -32,6 +32,9 @@ final class DB
     const DRIVER = "db.driver";
     const HOSTNAME = "db.hostname";
     const PASSWORD = "db.password";
+    const SSL_CA = "db.ssl_ca";
+    const SSL_CERT = "db.ssl_cert";
+    const SSL_KEY = "db.ssl_key";
     const USERNAME = "db.username";
 
     const GROUP_TABLE = "db.table.group";
diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
index 6d83920..0e59261 100644
--- a/lib/Controller/SettingsController.php
+++ b/lib/Controller/SettingsController.php
@@ -146,6 +146,9 @@ class SettingsController extends Controller
         $dbDatabase = $this->request->getParam("db-database");
         $dbUsername = $this->request->getParam("db-username");
         $dbPassword = $this->request->getParam("db-password");
+        $dbSSL_ca = $this->request->getParam("db-ssl_ca");
+        $dbSSL_cert = $this->request->getParam("db-ssl_cert");
+        $dbSSL_key = $this->request->getParam("db-ssl_key");
 
         if (empty($dbDriver)) {
             throw new DatabaseException("No database driver specified.");
@@ -160,9 +163,19 @@ class SettingsController extends Controller
             "password" => $dbPassword,
             "user" => $dbUsername,
             "dbname" => $dbDatabase,
-            "tablePrefix" => ""
+            "tablePrefix" => "",
+            "driverOptions" => array()
         ];
 
+        if ($dbDriver == 'mysql') {
+            if ($dbSSL_ca)
+                $parameters["driverOptions"][\PDO::MYSQL_ATTR_SSL_CA] = \OC::$SERVERROOT.'/'.$dbSSL_ca;
+            if ($dbSSL_cert)
+                $parameters["driverOptions"][\PDO::MYSQL_ATTR_SSL_CERT] = \OC::$SERVERROOT.'/'.$dbSSL_cert;
+            if ($dbSSL_key)
+                $parameters["driverOptions"][\PDO::MYSQL_ATTR_SSL_KEY] = \OC::$SERVERROOT.'/'.$dbSSL_key;
+        }
+
         $connection = $connectionFactory->getConnection($dbDriver, $parameters);
         $connection->executeQuery("SELECT 'user_sql'");
 
@@ -216,6 +229,9 @@ class SettingsController extends Controller
             unset($this->properties[DB::PASSWORD]);
             unset($this->properties[DB::USERNAME]);
             unset($this->properties[DB::DATABASE]);
+            unset($this->properties[DB::SSL_CA]);
+            unset($this->properties[DB::SSL_CERT]);
+            unset($this->properties[DB::SSL_KEY]);
             $this->properties[Opt::SAFE_STORE] = $safeStore;
         }
 
diff --git a/lib/Properties.php b/lib/Properties.php
index bd97d2c..d30ae1a 100644
--- a/lib/Properties.php
+++ b/lib/Properties.php
@@ -160,7 +160,7 @@ class Properties implements \ArrayAccess
      */
     private function isSystemValue($param)
     {
-        return $this->safeStore && in_array($param, array(DB::HOSTNAME, DB::PASSWORD, DB::USERNAME, DB::DATABASE));
+        return $this->safeStore && in_array($param, array(DB::HOSTNAME, DB::PASSWORD, DB::USERNAME, DB::DATABASE, DB::SSL_CA, DB::SSL_CERT, DB::SSL_KEY));
     }
 
     /**
diff --git a/lib/Query/DataQuery.php b/lib/Query/DataQuery.php
index 55bef51..c71b464 100644
--- a/lib/Query/DataQuery.php
+++ b/lib/Query/DataQuery.php
@@ -145,9 +145,19 @@ class DataQuery
             "password" => $this->properties[DB::PASSWORD],
             "user" => $this->properties[DB::USERNAME],
             "dbname" => $this->properties[DB::DATABASE],
-            "tablePrefix" => ""
+            "tablePrefix" => "",
+            "driverOptions" => array()
         );
 
+        if ($this->properties[DB::DRIVER] == 'mysql') {
+            if ($this->properties[DB::SSL_CA])
+                $parameters["driverOptions"][\PDO::MYSQL_ATTR_SSL_CA] = \OC::$SERVERROOT.'/'.$this->properties[DB::SSL_CA];
+            if ($this->properties[DB::SSL_CERT])
+                $parameters["driverOptions"][\PDO::MYSQL_ATTR_SSL_CERT] = \OC::$SERVERROOT.'/'.$this->properties[DB::SSL_CERT];
+            if ($this->properties[DB::SSL_KEY])
+                $parameters["driverOptions"][\PDO::MYSQL_ATTR_SSL_KEY] = \OC::$SERVERROOT.'/'.$this->properties[DB::SSL_KEY];
+        }
+
         $this->connection = $connectionFactory->getConnection(
             $this->properties[DB::DRIVER], $parameters
         );
diff --git a/templates/admin.php b/templates/admin.php
index 548d805..74772e7 100644
--- a/templates/admin.php
+++ b/templates/admin.php
@@ -100,6 +100,9 @@ function print_select_options(
                 print_text_input($l, "db-database", "Database", $_["db.database"]);
                 print_text_input($l, "db-username", "Username", $_["db.username"]);
                 print_text_input($l, "db-password", "Password", $_["db.password"], "password");
+                print_text_input($l, "db-ssl_ca", "SSL CA", $_["db.ssl_ca"]);
+                print_text_input($l, "db-ssl_cert", "SSL Certificate", $_["db.ssl_cert"]);
+                print_text_input($l, "db-ssl_key", "SSL Key", $_["db.ssl_key"]);
                 print_checkbox_input($l, "opt-safe_store", "System wide values", $_["opt.safe_store"]); ?>
                 <div class="button-right">
                     <input type="submit" id="user_sql-db_connection_verify" value="<?php p($l->t("Verify settings")); ?>">