mirror/snipe-it
3
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2026-02-04 23:25:31 +00:00
Code Issues Projects Releases Wiki Activity
Files
5b5695ffe10d794ab829f7fe0bb67e52145d5c20
snipe-it/tests/Unit/DatabaseSslConfigurationTest.php
Vasily Plotnikov 5b5695ffe1 Fixed #18312: support aws rds mysql with force tls
2025-12-30 11:59:31 +00:00

102 lines
3.6 KiB
PHP
Raw Blame History

<?php
namespace Tests\Unit;
use PDO;
use Tests\TestCase;
class DatabaseSslConfigurationTest extends TestCase
{
public function testMysqlSslConfigurationWithPaasMode(): void
{
config([
'database.connections.mysql.options' => null
]);
// Test PAAS mode SSL configuration
config([
'database.connections.mysql.options' => $this->getSslOptions(true, false, true) // isPaas=true, verifyServer=false, sslEnabled=true
]);
$options = config('database.connections.mysql.options');
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_CA, $options);
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT, $options);
// PAAS mode should not include client certificate attributes
$this->assertArrayNotHasKey(PDO::MYSQL_ATTR_SSL_KEY, $options);
$this->assertArrayNotHasKey(PDO::MYSQL_ATTR_SSL_CERT, $options);
$this->assertArrayNotHasKey(PDO::MYSQL_ATTR_SSL_CIPHER, $options);
}
public function testMysqlSslConfigurationWithNonPaasMode(): void
{
config([
'database.connections.mysql.options' => null
]);
// Test non-PAAS mode SSL configuration
config([
'database.connections.mysql.options' => $this->getSslOptions(false, false, true) // isPaas=false, verifyServer=false, sslEnabled=true
]);
$options = config('database.connections.mysql.options');
// Non-PAAS mode should include all SSL attributes
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_CA, $options);
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT, $options);
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_KEY, $options);
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_CERT, $options);
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_CIPHER, $options);
}
public function testMysqlSslConfigurationWithoutSsl(): void
{
config([
'database.connections.mysql.options' => null
]);
// Test SSL disabled configuration
config([
'database.connections.mysql.options' => $this->getSslOptions(true, false, false) // isPaas=true, verifyServer=false, sslEnabled=false
]);
$options = config('database.connections.mysql.options');
// When SSL is disabled, options should be empty
$this->assertEmpty($options);
}
public function testSslVerifyServerDefaultsToFalse(): void
{
// Test that SSL_VERIFY_SERVER defaults to false when not explicitly set
$options = $this->getSslOptions(true, null, true); // isPaas=true, verifyServer=null, sslEnabled=true
$this->assertArrayHasKey(PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT, $options);
$this->assertFalse($options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT]);
}
private function getSslOptions(bool $isPaas, ?bool $verifyServer=false, bool $sslEnabled=true): array
{
// simulates the SSL options logic from database.php
if (!$sslEnabled) {
return [];
}
if ($isPaas) {
return [
PDO::MYSQL_ATTR_SSL_CA => '/path/to/ca.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => $verifyServer ?? false,
];
}
return [
PDO::MYSQL_ATTR_SSL_KEY => '/path/to/key.pem',
PDO::MYSQL_ATTR_SSL_CERT => '/path/to/cert.pem',
PDO::MYSQL_ATTR_SSL_CA => '/path/to/ca.pem',
PDO::MYSQL_ATTR_SSL_CIPHER => null,
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => $verifyServer ?? false,
];
}
}
Reference in New Issue View Git Blame Copy Permalink