rework additional method to setup for secure connections

Author: TheTechsTech

lib/Database/ez_mysqli.php

@@ -9,10 +9,7 @@
 use ezsql\DatabaseInterface;
 
 class ez_mysqli extends ezsqlModel implements DatabaseInterface
-{    
-    private static $isSecure = false;
-    private static $secure = null;
-
+{
     /**
     * Database connection handle 
     * @var resource

lib/Database/ez_pdo.php

@@ -11,10 +11,6 @@
 
 class ez_pdo extends ezsqlModel implements DatabaseInterface
 {
-    private static $isSecure = false;
-    private static $secure = null;
-    private static $_options = [];
-
     /**
     * Database connection handle 
     * @var resource
@@ -56,84 +52,73 @@ public function settings()
         return $this->database;
     }
 
-    public static function securePDO(
-        $vendor = null, 
-        $key = 'certificate.key', 
-        $cert = 'certificate.crt', 
-        $ca = 'cacert.pem', 
-        $path = '.'.\_DS) 
-    {
-        if (\array_key_exists(\strtolower($vendor), \VENDOR) 
-            && (! \file_exists($path.$cert) || ! \file_exists($path.$key)))
-            $path = ezQuery::createCertificate();
-        elseif ($path == '.'.\_DS) {
-            $ssl_path = \getcwd();
-            $path = \preg_replace('/\\\/', \_DS, $ssl_path). \_DS;
-        }
-
-        if (($vendor == \PGSQL) || ($vendor == \POSTGRESQL)) {
-            self::$secure = "sslmode=require;sslcert=".$path.$cert.";sslkey=".$path.$key.";sslrootcert=".$path.$ca.";";
-            self::$isSecure = true;
-        } elseif (($vendor == \MYSQL) || ($vendor == \MYSQLI)) {
-            self::$_options = array(
-                \PDO::MYSQL_ATTR_SSL_KEY => $path.$key,
-                \PDO::MYSQL_ATTR_SSL_CERT => $path.$cert,
-                \PDO::MYSQL_ATTR_SSL_CA => $path.$ca,
-                \PDO::MYSQL_ATTR_SSL_CAPATH => $path,
-                \PDO::MYSQL_ATTR_SSL_CIPHER => 'DHE-RSA-AES256-SHA',
-                \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
-            );
-        } elseif (($vendor == \SQLSERVER) || ($vendor == \MSSQL) || ($vendor == \SQLSRV)) {
-            self::$secure = ";Encrypt=true;TrustServerCertificate=true";
-            self::$isSecure = true;
-        }
-    }
-
     /**
-    * Try to connect to the database server in the DSN parameters
-    *
-    * @param string $dsn The connection parameter string
-    *                  Default is empty string
-    * @param string $user The database user name
-    *                  Default is empty string
-    * @param string $password The database password
-    *                  Default is empty string
-    * @param array $options Array for setting connection options as MySQL
-    * charset for example
-    *                  Default is an empty array
-    * @param boolean $isFileBased File based databases like SQLite don't need user and password, 
-    * they work with path in the dsn parameter
-    *                  Default is false
-    * @return boolean
-    */
+     * Try to connect to the database server in the DSN parameters
+     *
+     * @param string $dsn The connection parameter string
+     *                  Default is empty string
+     * @param string $user The database user name
+     *                  Default is empty string
+     * @param string $password The database password
+     *                  Default is empty string
+     * @param array $options Array for setting connection options
+     *                  Default is an empty array
+     * @param boolean $isFileBased File based databases like SQLite don't need user and password, 
+     *                  Default is false
+     * @return boolean
+     */
     public function connect(
         $dsn = '', 
         $user = '', 
         $password = '', 
         $options = array(), 
         $isFile = false) 
     {
-        $this->_connected = false;
-        if (self::$isSecure)
-            $setDsn = empty($dsn) ? $this->database->getDsn().$this->secure : $dsn.$this->secure;
+        $this->_connected = false;	
+        $key = $this->sslKey;
+        $cert = $this->sslCert;
+		$ca = $this->sslCa;
+        $path = $this->sslPath;
+        
+        $vendor = $this->database->getDsn();
+        if ($this->isSecure) {
+            if (\strpos($vendor, \PGSQL) !== false) {
+                $this->secureOptions = 'sslmode=require;sslcert='.$path.$cert.';sslkey='.$path.$key.';sslrootcert='.$path.$ca.';';
+            } elseif (\strpos($vendor, 'mysql') !== false) {
+                $this->secureOptions = array(
+                    \PDO::MYSQL_ATTR_SSL_KEY => $path.$key,
+                    \PDO::MYSQL_ATTR_SSL_CERT => $path.$cert,
+                    \PDO::MYSQL_ATTR_SSL_CA => $path.$ca,
+                    \PDO::MYSQL_ATTR_SSL_CAPATH => $path,
+                    \PDO::MYSQL_ATTR_SSL_CIPHER => 'DHE-RSA-AES256-SHA',
+                    \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
+                );
+            } elseif (\strpos($vendor, \MSSQL) !== false) {
+                $this->secureOptions = ';Encrypt=true;TrustServerCertificate=true';
+            }
+        }
+
+        if ($this->isSecure && \is_string($this->secureOptions))
+            $dsn = empty($dsn) ? $vendor.$this->secureOptions : $dsn.$this->secureOptions;
         else
-            $setDsn = empty($dsn) ? $this->database->getDsn() : $dsn;
+            $dsn = empty($dsn) ? $vendor : $dsn;
 
-        if (!empty(self::$_options))
-            $this->database->setOptions(self::$_options);
+        if ($this->isSecure && \is_array($this->secureOptions))       
+            $options = $this->secureOptions;
+        else 
+            $options = empty($options) ? $this->database->getOptions() : $options;
 
-        $setUser = empty($user) ? $this->database->getUser() : $user;
-        $setPassword = empty($password) ? $this->database->getPassword() : $password;        
-        $setOptions = empty($options) ? $this->database->getOptions() : $options;
-        $IsFile = empty($isFile) ? $this->database->getIsFile() : $isFile;
+        $user = empty($user) ? $this->database->getUser() : $user;
+        $password = empty($password) ? $this->database->getPassword() : $password; 
+        $isFile = empty($isFile) ? $this->database->getIsFile() : $isFile;
 
         // Establish PDO connection
         try  {
-            if ($IsFile) {
-                $this->dbh = new \PDO($setDsn, null, null, null);
+            if ($isFile) {
+                $this->dbh = new \PDO($dsn, null, null, null);
                 $this->_connected = true;
             } else {
-                $this->dbh = new \PDO($setDsn, $setUser, $setPassword, $setOptions);
+                $this->dbh = new \PDO($dsn, $user, $password, $options);
                 $this->_connected = true;
             }
         } catch (\PDOException $e) {

lib/Database/ez_pgsql.php

@@ -10,9 +10,6 @@
 
 class ez_pgsql extends ezsqlModel implements DatabaseInterface
 {
-    private static $isSecure = false;
-    private static $secure = null;
-
     /**
     * Database connection handle 
     * @var resource

lib/Database/ez_sqlsrv.php

@@ -20,8 +20,6 @@ class ez_sqlsrv extends ezsqlModel implements DatabaseInterface
         -11 => 'uniqueidentifier', -3 => 'varbinary', 12 => 'varchar', -152 => 'xml',
     );
 
-    private static $isSecure = false;
-
     /**
     * Database connection handle 
     * @var resource
@@ -86,7 +84,7 @@ public function connect($user = '', $password = '', $name = '', $host = 'localho
         $host = ($host != 'localhost') ? $this->database->getHost() : $host;
 
         // Blank user assumes Windows Authentication
-        if (self::$isSecure) {
+        if ($this->isSecure) {
             $connectionOptions = array(
                 "UID" => $user,
                 "PWD" => $password,

lib/ezFunctions.php

@@ -102,30 +102,12 @@ function createCertificate(
         array $details = ["commonName" => "localhost"]
     ) 
     {
-        ezQuery::createCertificate($privatekeyFile, $certificateFile, $signingFile, $ssl_path, $details);
-    }
-
-    function securePDO(
-        $vendor = null, 
-        $key = 'certificate.key', 
-        $cert = 'certificate.crt', 
-        $ca = 'cacert.pem', 
-        $path = '.'.\_DS) 
-    {
-        ez_pdo::securePDO($vendor, $key, $cert, $ca, $path);
-    }
-
-    function secureSQL(
-        $key = 'certificate.key', 
-        $cert = 'certificate.crt', 
-        $ca = 'cacert.pem', 
-        $path = '.'.\_DS) 
-    {
-        // todo
+        return ezQuery::createCertificate($privatekeyFile, $certificateFile, $signingFile, $ssl_path, $details);
     }
 
 	/**
      * Creates an array from expressions in the following format
+     * 
      * @param strings $x, - The left expression.
      * @param strings $operator, - One of 
      *      '<', '>', '=', '!=', '>=', '<=', '<>', 'IN',, 'NOT IN', 'LIKE', 

lib/ezsqlModel.php

@@ -11,6 +11,13 @@
  */	
 class ezsqlModel extends ezQuery implements ezsqlModelInterface
 {
+    protected $isSecure = false;
+	protected $secureOptions = null;
+	protected $sslKey = null;
+	protected $sslCert = null;
+	protected $sslCa = null;
+	protected $sslPath = null;
+
 	/**
 	 * If set to true (i.e. $db->debug_all = true;) Then it will print out ALL queries and ALL results of your script.
 	 * @var boolean
@@ -642,7 +649,39 @@ public function count($all = true, $increase = false)
 		return ($all) ? $this->num_queries : $this->conn_queries;
 	}
 
-    	/**
+    public function secureSetup(
+        string $key = 'certificate.key', 
+        string $cert = 'certificate.crt', 
+        string $ca = 'cacert.pem', 
+        string $path = '.'.\_DS) 
+    {
+		if (! \file_exists($path.$cert) || ! \file_exists($path.$key)) {
+			$vendor = \getVendor();
+			if (($vendor != \SQLITE) || ($vendor != \MSSQL))
+            	$path = ezQuery::createCertificate();
+		} elseif ($path == '.'.\_DS) {
+            $ssl_path = \getcwd();
+            $path = \preg_replace('/\\\/', \_DS, $ssl_path). \_DS;
+        }
+
+        $this->isSecure = true;
+        $this->sslKey = $key;
+        $this->sslCert = $cert;
+		$this->sslCa = $ca;
+		$this->sslPath = $path;
+	}
+
+    public function secureReset() 
+    {
+        $this->isSecure = false;
+        $this->sslKey = null;
+        $this->sslCert = null;
+		$this->sslCa = null;
+		$this->sslPath = null;
+		$this->secureOptions = null;
+	}
+
+    /**
       * Returns, whether a database connection is established, or not
       *
       * @return boolean

tests/pdo/pdo_mysqlTest.php

@@ -109,14 +109,43 @@ public function testMySQLQuery() {
 
         $this->assertEquals(0, $this->object->query('DROP TABLE unit_test'));
     } 
- 
+
+     /**
+     * @covers ezsql\ezsqlModel::secureSetup
+     * @covers ezsql\ezsqlModel::secureReset
+     * @covers ezsql\Database\ez_pdo::handle
+     * @covers ezsql\ezQuery::drop
+     * @covers \primary
+     */
+    public function testSecureSetup()
+    {
+        $this->object->secureSetup();
+        $this->object->connect('mysql:host=' . self::TEST_DB_HOST . ';dbname=' . self::TEST_DB_NAME . ';port=' . self::TEST_DB_PORT, self::TEST_DB_USER, self::TEST_DB_PASSWORD);
+             
+        $this->assertEquals(0, $this->object->drop('new_create_test2'));
+        $this->assertEquals(0, $this->object->create('new_create_test2',
+            column('id', INTR, 11, notNULL, AUTO),
+            column('create_key', VARCHAR, 50),
+            primary('id_pk', 'id'))
+        );
+
+        $this->assertEquals(1, $this->object->insert('new_create_test2',
+            ['create_key' => 'test 2'])
+        );
+
+        $conn = $this->object->handle();
+        $res = $conn->query("SHOW STATUS LIKE 'Ssl_cipher';")->fetchAll();
+        $this->assertEquals('Ssl_cipher', $res[0]['Variable_name']);
+        $this->assertEquals(0, $this->object->drop('new_create_test2'));
+        $this->object->secureReset();
+    }
 
     /**
-     * @covers  ezsql\ezQuery::create
+     * @covers ezsql\ezQuery::create
      */
     public function testCreate()
     {
-        $this->assertTrue($this->object->connect('mysql:host=' . self::TEST_DB_HOST . ';dbname=' . self::TEST_DB_NAME . ';port=' . self::TEST_DB_PORT, self::TEST_DB_USER, self::TEST_DB_PASSWORD));
+        $this->assertTrue($this->object->connect());
 
         $this->assertEquals($this->object->create('new_create_test',
             column('id', INTR, 11, notNULL, AUTO),
@@ -132,7 +161,7 @@ public function testCreate()
     }
 
     /**
-     * @covers  ezsql\ezQuery::drop
+     * @covers ezsql\ezQuery::drop
      */
     public function testDrop()
     {
@@ -142,7 +171,7 @@ public function testDrop()
     }
 
     /**
-     * @covers  ezsql\ezQuery::insert
+     * @covers ezsql\ezQuery::insert
      */
     public function testInsert()
     {