Merge pull request #55170 from nextcloud/feat/pgsql-ssl

2 weeks ago · 52acc5ef15
parent 00f589e765 5883914422
commit 52acc5ef15
3 changed files with 51 additions and 0 deletions
--- a/config/config.sample.php
+++ b/config/config.sample.php
@ -2118,6 +2118,17 @@ $CONFIG = [
 	 */
 	'mysql.collation' => null,

+	/**
+	 * PostgreSQL SSL connection
+	 */
+	'pgsql_ssl' => [
+		'mode' => '',
+		'cert' => '',
+		'rootcert' => '',
+		'key' => '',
+		'crl' => '',
+	],
+
 	/**
 	 * Database types supported for installation.
 	 *
--- a/lib/private/DB/ConnectionFactory.php
+++ b/lib/private/DB/ConnectionFactory.php
@ -198,6 +198,17 @@ class ConnectionFactory {
 			'tablePrefix' => $connectionParams['tablePrefix']
 		];

+		if ($type === 'pgsql') {
+			$pgsqlSsl = $this->config->getValue('pgsql_ssl', false);
+			if (is_array($pgsqlSsl)) {
+				$connectionParams['sslmode'] = $pgsqlSsl['mode'] ?? '';
+				$connectionParams['sslrootcert'] = $pgsqlSsl['rootcert'] ?? '';
+				$connectionParams['sslcert'] = $pgsqlSsl['cert'] ?? '';
+				$connectionParams['sslkey'] = $pgsqlSsl['key'] ?? '';
+				$connectionParams['sslcrl'] = $pgsqlSsl['crl'] ?? '';
+			}
+		}
+
 		if ($type === 'mysql' && $this->config->getValue('mysql.utf8mb4', false)) {
 			$connectionParams['defaultTableOptions'] = [
 				'collate' => 'utf8mb4_bin',
--- a/tests/lib/DB/ConnectionFactoryTest.php
+++ b/tests/lib/DB/ConnectionFactoryTest.php
@ -40,4 +40,33 @@ class ConnectionFactoryTest extends TestCase {

 		$this->assertEquals($expected, self::invokePrivate($factory, 'splitHostFromPortAndSocket', [$host]));
 	}
+
+	public function testPgsqlSslConnection(): void {
+		/** @var SystemConfig|\PHPUnit\Framework\MockObject\MockObject $config */
+		$config = $this->createMock(SystemConfig::class);
+		$config->method('getValue')
+			->willReturnCallback(function ($key, $default) {
+				return match ($key) {
+					'dbtype' => 'pgsql',
+					'pgsql_ssl' => [
+						'mode' => 'verify-full',
+						'cert' => 'client.crt',
+						'key' => 'client.key',
+						'crl' => 'client.crl',
+						'rootcert' => 'rootCA.crt',
+					],
+					default => $default,
+				};
+			});
+		$factory = new ConnectionFactory($config);
+
+		$params = $factory->createConnectionParams();
+
+		$this->assertEquals('pdo_pgsql', $params['driver']);
+		$this->assertEquals('verify-full', $params['sslmode']);
+		$this->assertEquals('rootCA.crt', $params['sslrootcert']);
+		$this->assertEquals('client.crt', $params['sslcert']);
+		$this->assertEquals('client.key', $params['sslkey']);
+		$this->assertEquals('client.crl', $params['sslcrl']);
+	}
 }