From 7b7ebe628e41850dae2486163593500198d9f352 Mon Sep 17 00:00:00 2001
From: Sebastian Marcet <smarcet@gmail.com>
Date: Thu, 23 Aug 2018 13:51:02 -0300
Subject: [PATCH] Updated PDO Config to Support SSL connections

added new configuration keys to set up
SSL CERTS and connection properties.

Change-Id: I0302f3c6332da39468699062126600df7f247a37
---
 .env.example        |  6 +++++
 config/database.php | 64 +++++++++++++++++++++++++++++----------------
 2 files changed, 48 insertions(+), 22 deletions(-)

diff --git a/.env.example b/.env.example
index af8a169c..6da2e962 100644
--- a/.env.example
+++ b/.env.example
@@ -17,6 +17,12 @@ SS_DB_DATABASE=homestead
 SS_DB_USERNAME=homestead
 SS_DB_PASSWORD=secret
 
+DB_USE_SSL=false
+DB_MYSQL_ATTR_SSL_CA=
+DB_MYSQL_ATTR_SSL_KEY=
+DB_MYSQL_ATTR_SSL_CERT=
+DB_MYSQL_ATTR_SSL_CIPHER=DHE-RSA-AES256-SHA
+
 REDIS_HOST=127.0.0.1
 REDIS_PORT=port
 REDIS_DB=0
diff --git a/config/database.php b/config/database.php
index c790330b..ed389062 100644
--- a/config/database.php
+++ b/config/database.php
@@ -1,4 +1,44 @@
 <?php
+$use_ssl = env('DB_USE_SSL', false);
+
+$idp_db_config =  [
+    'driver'    => 'mysql',
+    'host'      => env('DB_HOST'),
+    'database'  => env('DB_DATABASE'),
+    'username'  => env('DB_USERNAME'),
+    'password'  => env('DB_PASSWORD'),
+    'port'      => env('DB_PORT', 3306),
+    'charset'   => 'utf8',
+    'collation' => 'utf8_unicode_ci',
+    'prefix'    => '',
+];
+
+$ss_db_config =  [
+    'driver'    => env('SS_DB_DRIVER'),
+    'host'      => env('SS_DB_HOST'),
+    'database'  => env('SS_DATABASE'),
+    'username'  => env('SS_DB_USERNAME'),
+    'password'  => env('SS_DB_PASSWORD'),
+    'port'      => env('SS_DB_PORT', 3306),
+    'charset'   => 'utf8',
+    'collation' => 'utf8_unicode_ci',
+    'prefix'    => '',
+];
+
+if($use_ssl){
+    $idp_db_config['options'] = [
+        PDO::MYSQL_ATTR_SSL_CA => env('DB_MYSQL_ATTR_SSL_CA','/etc/client-ssl/ca-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_KEY =>  env('DB_MYSQL_ATTR_SSL_KEY','/etc/client-ssl/client-key.pem'),
+        PDO::MYSQL_ATTR_SSL_CERT  =>  env('DB_MYSQL_ATTR_SSL_CERT','/etc/client-ssl/client-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_CIPHER =>  env('DB_MYSQL_ATTR_SSL_CIPHER', 'DHE-RSA-AES256-SHA'),
+    ];
+    $ss_db_config['options'] = [
+        PDO::MYSQL_ATTR_SSL_CA => env('DB_MYSQL_ATTR_SSL_CA','/etc/mysql-client-ssl/ca-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_KEY =>  env('DB_MYSQL_ATTR_SSL_KEY','/etc/mysql-client-ssl/client-key.pem'),
+        PDO::MYSQL_ATTR_SSL_CERT  =>  env('DB_MYSQL_ATTR_SSL_CERT','/etc/mysql-client-ssl/client-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_CIPHER =>  env('DB_MYSQL_ATTR_SSL_CIPHER', 'DHE-RSA-AES256-SHA'),
+    ];
+}
 
 return [
 
@@ -46,29 +86,9 @@ return [
 
     'connections' => [
         //primary DB
-        'openstackid' => array(
-            'driver'    => 'mysql',
-            'host'      => env('DB_HOST'),
-            'database'  => env('DB_DATABASE'),
-            'username'  => env('DB_USERNAME'),
-            'password'  => env('DB_PASSWORD'),
-            'port'      => env('DB_PORT', 3306),
-            'charset'   => 'utf8',
-            'collation' => 'utf8_unicode_ci',
-            'prefix'    => '',
-        ),
+        'openstackid' => $idp_db_config,
         //secondary DB (SS OS)
-        'ss' => array(
-            'driver'    => env('SS_DB_DRIVER'),
-            'host'      => env('SS_DB_HOST'),
-            'database'  => env('SS_DATABASE'),
-            'username'  => env('SS_DB_USERNAME'),
-            'password'  => env('SS_DB_PASSWORD'),
-            'port'      => env('SS_DB_PORT', 3306),
-            'charset'   => 'utf8',
-            'collation' => 'utf8_unicode_ci',
-            'prefix'    => '',
-        ),
+        'ss' => $ss_db_config,
     ],
 
     /*