From 499088f34f5dad3619cfa67ddd9b9e39f16d7e50 Mon Sep 17 00:00:00 2001 From: Dirk Merkel Date: Wed, 22 Apr 2020 14:44:08 -0700 Subject: [PATCH] Adding SSL support for MySQL connections. --- Migrate/Command/AbstractEnvCommand.php | 21 +++++++++++++++++++ Migrate/Command/AddEnvCommand.php | 28 ++++++++++++++++++++++++++ templates/env.json.tpl | 6 +++++- templates/env.php.tpl | 6 +++++- templates/env.yml.tpl | 18 ++++++++++------- 5 files changed, 70 insertions(+), 9 deletions(-) diff --git a/Migrate/Command/AbstractEnvCommand.php b/Migrate/Command/AbstractEnvCommand.php index 4ac7f42..1597a46 100644 --- a/Migrate/Command/AbstractEnvCommand.php +++ b/Migrate/Command/AbstractEnvCommand.php @@ -79,8 +79,13 @@ protected function init(InputInterface $input, OutputInterface $output, $env = n $username = ArrayUtil::get($conf['connection'], 'username'); $password = ArrayUtil::get($conf['connection'], 'password'); $charset = ArrayUtil::get($conf['connection'], 'charset'); + $sslCert = ArrayUtil::get($conf['connection'], 'cert'); + $sslCertVerify = ArrayUtil::get($conf['connection'], 'cert-verify') || false; + $sslKey = ArrayUtil::get($conf['connection'], 'ssl-key'); + $sslSecret = ArrayUtil::get($conf['connection'], 'ssl-secret'); $uri = $driver; + $opt = array(); if ($driver == 'sqlite') { $uri .= ":$dbname"; @@ -89,6 +94,22 @@ protected function init(InputInterface $input, OutputInterface $output, $env = n $uri .= ($host === null) ? '' : ";host=$host"; $uri .= ($port === null) ? '' : ";port=$port"; $uri .= ($charset === null) ? '' : ";charset=$charset"; + + // add an ssl cert + if (!empty($sslCert)) { + $opt['PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'] => "'" . $sslCert . "'"; + $opt['PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'] => "'" . $sslCertVerify . "'"; + } + + // add ssl an key + if (!empty($sslKey)) { + $opt['PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'] => "'" . $sslKey . "'"; + } + + // add ssl an secret + if (!empty($sslSecret)) { + $opt['PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'] => "'" . $sslSecret . "'"; + } } $this->db = new \PDO( $uri, diff --git a/Migrate/Command/AddEnvCommand.php b/Migrate/Command/AddEnvCommand.php index e158d19..5f69a1b 100644 --- a/Migrate/Command/AddEnvCommand.php +++ b/Migrate/Command/AddEnvCommand.php @@ -101,6 +101,30 @@ protected function execute(InputInterface $input, OutputInterface $output) ); $defaultEditor = $questions->ask($input, $output, $defaultEditorQuestion); + $sslCertQuestion = new Question( + "Please enter the path and name of the SSL certificate to use (if any): ", + "vim" + ); + $sslCert = $questions->ask($input, $output, $sslCertQuestion); + + $sslCertVerifyQuestion = new Question( + "Please enter whether to verify the SSL certificate (default false): ", + "vim" + ); + $sslCertVerify = $questions->ask($input, $output, $sslCertVerifyQuestion); + + $sslKeyQuestion = new Question( + "Please enter the text editor to use by default (default vim): ", + "vim" + ); + $sslKey = $questions->ask($input, $output, $sslKeyQuestion); + + $sslSecretQuestion = new Question( + "Please enter the text editor to use by default (default vim): ", + "vim" + ); + $sslSecret = $questions->ask($input, $output, $sslSecretQuestion); + $confTemplate = file_get_contents(__DIR__ . '/../../templates/env.' . $format . '.tpl'); $confTemplate = str_replace('{DRIVER}', $driver, $confTemplate); $confTemplate = str_replace('{HOST}', $dbHost, $confTemplate); @@ -111,6 +135,10 @@ protected function execute(InputInterface $input, OutputInterface $output) $confTemplate = str_replace('{CHARSET}', $dbCharset, $confTemplate); $confTemplate = str_replace('{CHANGELOG}', $changelogTable, $confTemplate); $confTemplate = str_replace('{EDITOR}', $defaultEditor, $confTemplate); + $confTemplate = str_replace('{SSLCERT}', $sslCert, $confTemplate); + $confTemplate = str_replace('{SSLCERTVERIFY}', $sslCertVerify, $confTemplate); + $confTemplate = str_replace('{SSLKEY}', $sslKey, $confTemplate); + $confTemplate = str_replace('{SSLSECRET}', $sslSecret, $confTemplate); file_put_contents($envConfigFile, $confTemplate); } diff --git a/templates/env.json.tpl b/templates/env.json.tpl index 50e0606..b47f223 100644 --- a/templates/env.json.tpl +++ b/templates/env.json.tpl @@ -5,7 +5,11 @@ "port": "{PORT}", "username": "{USERNAME}", "password": "{PASSWORD}", - "database": "{DATABASE}" + "database": "{DATABASE}", + "ssl-cert": "{SSLCERT}", + "ssl-cert-verify": "{SSLCERTVERIFY}", + "ssl-key": "{SSLKEY}", + "ssl-secret": "{SSLSECRET}", }, "changelog": "{CHANGELOG}", "default_editor": "{EDITOR}" diff --git a/templates/env.php.tpl b/templates/env.php.tpl index 83d836f..a8befb1 100644 --- a/templates/env.php.tpl +++ b/templates/env.php.tpl @@ -7,7 +7,11 @@ return [ "port" => "{PORT}", "username" => "{USERNAME}", "password" => "{PASSWORD}", - "database" => "{DATABASE}" + "database" => "{DATABASE}", + "ssl-cert" => "{SSLCERT}", + "ssl-cert-verify" => "{SSLCERTVERIFY}", + "ssl-key" => "{SSLKEY}", + "ssl-secret" => "{SSLSECRET}", ], "changelog" => "{CHANGELOG}", "default_editor" => "{EDITOR}" diff --git a/templates/env.yml.tpl b/templates/env.yml.tpl index 42094df..8171c23 100644 --- a/templates/env.yml.tpl +++ b/templates/env.yml.tpl @@ -1,11 +1,15 @@ connection: - host: {HOST} - driver: {DRIVER} - port: {PORT} - username: {USERNAME} - password: {PASSWORD} - database: {DATABASE} - charset: {CHARSET} + host: {HOST} + driver: {DRIVER} + port: {PORT} + username: {USERNAME} + password: {PASSWORD} + database: {DATABASE} + charset: {CHARSET} + ssl-cert: {SSLCERT} + ssl-cert: {SSLCERTVERIFY} + ssl-key: {SSLKEY} + ssl-secret: {SSLSECRET} changelog: {CHANGELOG} default_editor: {EDITOR}