DbUp · MarkOtter · Jul 9, 2024
diff --git a/src/Tests/ApprovalFiles/NoPublicApiChanges.Run.DotNet.verified.cs b/src/Tests/ApprovalFiles/NoPublicApiChanges.Run.DotNet.verified.cs
@@ -11,8 +11,10 @@ public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Bui
     public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(DbUp.Engine.Transactions.IConnectionManager connectionManager, string schema) { }
     public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema) { }
     public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
+    public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema, DbUp.Postgresql.PostgresqlConnectionOptions connectionOptions) { }
     public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString) { }
     public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
+    public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString, DbUp.Postgresql.PostgresqlConnectionOptions connectionOptions) { }
     public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString, DbUp.Engine.Output.IUpgradeLog logger) { }
 }
 namespace DbUp.Postgresql
@@ -21,8 +23,15 @@ public class PostgresqlConnectionManager : DbUp.Engine.Transactions.DatabaseConn
     {
         public PostgresqlConnectionManager(string connectionString) { }
         public PostgresqlConnectionManager(string connectionString, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
+        public PostgresqlConnectionManager(string connectionString, DbUp.Postgresql.PostgresqlConnectionOptions connectionOptions) { }
         public override System.Collections.Generic.IEnumerable<string> SplitScriptIntoCommands(string scriptContents) { }
     }
+    public class PostgresqlConnectionOptions
+    {
+        public PostgresqlConnectionOptions() { }
+        public System.Security.Cryptography.X509Certificates.X509Certificate2 ClientCertificate { get; set; }
+        public System.Net.Security.RemoteCertificateValidationCallback UserCertificateValidationCallback { get; set; }
+    }
     public class PostgresqlObjectParser : DbUp.Support.SqlObjectParser, DbUp.Engine.ISqlObjectParser
     {
         public PostgresqlObjectParser() { }

diff --git a/src/Tests/ApprovalFiles/NoPublicApiChanges.Run.Net.verified.cs b/src/Tests/ApprovalFiles/NoPublicApiChanges.Run.Net.verified.cs
@@ -11,8 +11,10 @@ public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Bui
     public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(DbUp.Engine.Transactions.IConnectionManager connectionManager, string schema) { }
     public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema) { }
     public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
+    public static DbUp.Builder.UpgradeEngineBuilder PostgresqlDatabase(this DbUp.Builder.SupportedDatabases supported, string connectionString, string schema, DbUp.Postgresql.PostgresqlConnectionOptions connectionOptions) { }
     public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString) { }
     public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
+    public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString, DbUp.Postgresql.PostgresqlConnectionOptions connectionOptions) { }
     public static void PostgresqlDatabase(this DbUp.SupportedDatabasesForEnsureDatabase supported, string connectionString, DbUp.Engine.Output.IUpgradeLog logger) { }
 }
 namespace DbUp.Postgresql
@@ -21,8 +23,15 @@ public class PostgresqlConnectionManager : DbUp.Engine.Transactions.DatabaseConn
     {
         public PostgresqlConnectionManager(string connectionString) { }
         public PostgresqlConnectionManager(string connectionString, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
+        public PostgresqlConnectionManager(string connectionString, DbUp.Postgresql.PostgresqlConnectionOptions connectionOptions) { }
         public override System.Collections.Generic.IEnumerable<string> SplitScriptIntoCommands(string scriptContents) { }
     }
+    public class PostgresqlConnectionOptions
+    {
+        public PostgresqlConnectionOptions() { }
+        public System.Security.Cryptography.X509Certificates.X509Certificate2 ClientCertificate { get; set; }
+        public System.Net.Security.RemoteCertificateValidationCallback UserCertificateValidationCallback { get; set; }
+    }
     public class PostgresqlObjectParser : DbUp.Support.SqlObjectParser, DbUp.Engine.ISqlObjectParser
     {
         public PostgresqlObjectParser() { }

diff --git a/src/dbup-postgresql/PostgresqlConnectionManager.cs b/src/dbup-postgresql/PostgresqlConnectionManager.cs
@@ -27,11 +27,23 @@ public PostgresqlConnectionManager(string connectionString)
         /// <param name="connectionString">The PostgreSQL connection string.</param>
         /// <param name="certificate">Certificate for securing connection.</param>
         public PostgresqlConnectionManager(string connectionString, X509Certificate2 certificate)
+            : this(connectionString, new PostgresqlConnectionOptions
+            {
+                ClientCertificate = certificate
+            }) 
+        {
+        }
+
+        /// <summary>
+        /// Create a new PostgreSQL database connection 
+        /// </summary>
+        /// <param name="connectionString">The PostgreSQL connection string.</param>
+        /// <param name="connectionOptions">Custom options to apply on the created connection</param>
+        public PostgresqlConnectionManager(string connectionString, PostgresqlConnectionOptions connectionOptions)
             : base(new DelegateConnectionFactory(l =>
                 {
                     NpgsqlConnection databaseConnection = new NpgsqlConnection(connectionString);
-                    databaseConnection.ProvideClientCertificatesCallback +=
-                        certs => certs.Add(certificate);
+                    databaseConnection.ApplyConnectionOptions(connectionOptions);
 
                     return databaseConnection;
                 }

diff --git a/src/dbup-postgresql/PostgresqlConnectionOptions.cs b/src/dbup-postgresql/PostgresqlConnectionOptions.cs
@@ -0,0 +1,22 @@
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+namespace DbUp.Postgresql
+{
+    /// <summary>
+    /// Options that will be applied on the created connection
+    /// </summary>
+    public class PostgresqlConnectionOptions
+    {
+        /// <summary>
+        /// Certificate for securing connection.
+        /// </summary>
+        public X509Certificate2 ClientCertificate { get; set; }
+
+        /// <summary>
+        //  Custom handler to verify the remote SSL certificate.
+        //  Ignored if Npgsql.NpgsqlConnectionStringBuilder.TrustServerCertificate is set.
+        /// </summary>
+        public RemoteCertificateValidationCallback UserCertificateValidationCallback { get; set; }
+    }
+}
diff --git a/src/dbup-postgresql/PostgresqlExtensions.cs b/src/dbup-postgresql/PostgresqlExtensions.cs
@@ -51,6 +51,19 @@ public static UpgradeEngineBuilder PostgresqlDatabase(this SupportedDatabases su
     public static UpgradeEngineBuilder PostgresqlDatabase(this SupportedDatabases supported, string connectionString, string schema, X509Certificate2 certificate)
         => PostgresqlDatabase(new PostgresqlConnectionManager(connectionString, certificate), schema);
 
+    /// <summary>
+    /// Creates an upgrader for PostgreSQL databases that use SSL.
+    /// </summary>
+    /// <param name="supported">Fluent helper type.</param>
+    /// <param name="connectionString">PostgreSQL database connection string.</param>
+    /// <param name="schema">The schema in which to check for changes</param>
+    /// <param name="connectionOptions">Connection options to set SSL parameters</param>
+    /// <returns>
+    /// A builder for a database upgrader designed for PostgreSQL databases.
+    /// </returns>
+    public static UpgradeEngineBuilder PostgresqlDatabase(this SupportedDatabases supported, string connectionString, string schema, PostgresqlConnectionOptions connectionOptions)
+        => PostgresqlDatabase(new PostgresqlConnectionManager(connectionString, connectionOptions), schema);
+
     /// <summary>
     /// Creates an upgrader for PostgreSQL databases.
     /// </summary>
@@ -113,6 +126,18 @@ public static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase s
         PostgresqlDatabase(supported, connectionString, new ConsoleUpgradeLog(), certificate);
     }
 
+    /// <summary>
+    /// Ensures that the database specified in the connection string exists using SSL for the connection.
+    /// </summary>
+    /// <param name="supported">Fluent helper type.</param>
+    /// <param name="connectionString">The connection string.</param>
+    /// <param name="connectionOptions">Connection SSL to customize SSL behaviour</param>
+    /// <returns></returns>
+    public static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase supported, string connectionString, PostgresqlConnectionOptions connectionOptions)
+    {
+        PostgresqlDatabase(supported, connectionString, new ConsoleUpgradeLog(), connectionOptions);
+    }
+
     /// <summary>
     /// Ensures that the database specified in the connection string exists.
     /// </summary>
@@ -122,10 +147,19 @@ public static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase s
     /// <returns></returns>
     public static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase supported, string connectionString, IUpgradeLog logger)
     {
-        PostgresqlDatabase(supported, connectionString, logger, null);
+        PostgresqlDatabase(supported, connectionString, logger, (PostgresqlConnectionOptions)null);
     }
-
+    
     private static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase supported, string connectionString, IUpgradeLog logger, X509Certificate2 certificate)
+    {
+        var options = new PostgresqlConnectionOptions
+        { 
+            ClientCertificate = certificate
+        };
+        PostgresqlDatabase(supported, connectionString, logger, options);
+    }
+
+    private static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase supported, string connectionString, IUpgradeLog logger, PostgresqlConnectionOptions connectionOptions)
     {
         if (supported == null) throw new ArgumentNullException("supported");
 
@@ -137,7 +171,7 @@ private static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase
         if (logger == null) throw new ArgumentNullException("logger");
 
         var masterConnectionStringBuilder = new NpgsqlConnectionStringBuilder(connectionString);
-
+        
         var databaseName = masterConnectionStringBuilder.Database;
 
         if (string.IsNullOrEmpty(databaseName) || databaseName.Trim() == string.Empty)
@@ -157,11 +191,7 @@ private static void PostgresqlDatabase(this SupportedDatabasesForEnsureDatabase
 
         using (var connection = new NpgsqlConnection(masterConnectionStringBuilder.ConnectionString))
         {
-            if (certificate != null)
-            {
-                connection.ProvideClientCertificatesCallback +=
-                    certs => certs.Add(certificate);
-            }
+            connection.ApplyConnectionOptions(connectionOptions);
             connection.Open();
 
             var sqlCommandText = string.Format
@@ -216,4 +246,17 @@ public static UpgradeEngineBuilder JournalToPostgresqlTable(this UpgradeEngineBu
         builder.Configure(c => c.Journal = new PostgresqlTableJournal(() => c.ConnectionManager, () => c.Log, schema, table));
         return builder;
     }
+
+    internal static void ApplyConnectionOptions(this NpgsqlConnection connection, PostgresqlConnectionOptions connectionOptions)
+    {
+        if (connectionOptions?.ClientCertificate != null)
+        {
+            connection.ProvideClientCertificatesCallback +=
+                certs => certs.Add(connectionOptions.ClientCertificate);
+        }
+        if (connectionOptions?.UserCertificateValidationCallback != null)
+        {
+            connection.UserCertificateValidationCallback = connectionOptions.UserCertificateValidationCallback;
+        }
+    }
 }