From 5e61d8733aa90e2f1174fe60f3faf5d0c3a4fe05 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 17 Jan 2022 22:08:31 +0000
Subject: [PATCH 1/2] Initial steps for cert fetch data

---
 add_certificate_modal.php  | 5 +++--
 edit_certificate_modal.php | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/add_certificate_modal.php b/add_certificate_modal.php
index fa1582e1..9a9bff27 100644
--- a/add_certificate_modal.php
+++ b/add_certificate_modal.php
@@ -25,10 +25,11 @@
             <label>Domain <strong class="text-danger">*</strong></label>
             <div class="input-group">
               <div class="input-group-prepend">
-                <span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
+                <span class="input-group-text"><i class="fa fa-fw fa-globe"></i>&nbsp;https://</span>
               </div>
-              <input type="text" class="form-control" name="domain" placeholder="Domain name" required>
+              <input type="text" class="form-control" name="domain" placeholder="FQDN" required>
             </div>
+              <p align="right">Fetch</p>
           </div>
           
           <div class="form-group">
diff --git a/edit_certificate_modal.php b/edit_certificate_modal.php
index b6e8c2d7..b0b616a7 100644
--- a/edit_certificate_modal.php
+++ b/edit_certificate_modal.php
@@ -25,10 +25,11 @@
             <label>Domain <strong class="text-danger">*</strong></label>
             <div class="input-group">
               <div class="input-group-prepend">
-                <span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
+                <span class="input-group-text"><i class="fa fa-fw fa-globe"></i>&nbsp;https://</span>
               </div>
               <input type="text" class="form-control" name="domain" placeholder="Domain" value="<?php echo $certificate_domain; ?>" required>
             </div>
+              <p align="right">Fetch</p>
           </div>
 
           <div class="form-group">

From 4eed8be0aa096a06aec843d60c5c192cb2e7a3f8 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Tue, 18 Jan 2022 20:04:00 +0000
Subject: [PATCH 2/2] Add fetch button to retrieve certifiate from domain
 provided #289

---
 add_certificate_modal.php  | 10 ++++-----
 client_certificates.php    | 30 ++++++++++++++++++++++++-
 edit_certificate_modal.php | 10 ++++-----
 post.php                   | 45 ++++++++++++++++++++++++++++++++++++--
 4 files changed, 82 insertions(+), 13 deletions(-)

diff --git a/add_certificate_modal.php b/add_certificate_modal.php
index 9a9bff27..5da590cc 100644
--- a/add_certificate_modal.php
+++ b/add_certificate_modal.php
@@ -27,9 +27,9 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-globe"></i>&nbsp;https://</span>
               </div>
-              <input type="text" class="form-control" name="domain" placeholder="FQDN" required>
+              <input type="text" class="form-control" name="domain" id="domain" placeholder="FQDN" required>
             </div>
-              <p align="right">Fetch</p>
+              <p align="right" onclick="fetchSSL()"><i>Fetch</i></p>
           </div>
           
           <div class="form-group">
@@ -38,7 +38,7 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
               </div>
-              <input type="text" class="form-control" name="issued_by" placeholder="Issued By">
+              <input type="text" class="form-control" name="issued_by" id="issued_by" placeholder="Issued By">
             </div>
           </div>
         
@@ -48,7 +48,7 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
               </div>
-              <input type="date" class="form-control" name="expire"> 
+              <input type="date" class="form-control" name="expire" id="expire">
             </div>
           </div>
 
@@ -58,7 +58,7 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
               </div>
-              <textarea class="form-control" name="public_key" placeholder="-----BEGIN CERTIFICATE-----"></textarea>
+              <textarea class="form-control" name="public_key" id="public_key" placeholder="-----BEGIN CERTIFICATE-----"></textarea>
             </div>
           </div>
 
diff --git a/client_certificates.php b/client_certificates.php
index 99615af9..ecdf67b5 100644
--- a/client_certificates.php
+++ b/client_certificates.php
@@ -135,4 +135,32 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   </div>
 </div>
 
-<?php include("add_certificate_modal.php"); ?>
\ No newline at end of file
+<?php include("add_certificate_modal.php"); ?>
+
+<script type="text/javascript">
+    function fetchSSL()
+    {
+        // Get the domain name input
+        var domain = document.getElementById("domain").value;
+
+        //Send a GET request to post.php as post.php?fetch_certificate=TRUE&domain=DOMAIN
+        jQuery.get(
+            "post.php",
+            {fetch_certificate: 'TRUE', domain: domain},
+            function(data){
+                //If we get a response from post.php, parse it as JSON
+                const ssl_data = JSON.parse(data);
+
+                if(ssl_data.success == "TRUE"){
+                    // Fill the form fields with the cert data
+                    document.getElementById("issued_by").value = ssl_data.issued_by;
+                    document.getElementById("expire").value = ssl_data.expire;
+                    document.getElementById("public_key").value = ssl_data.public_key;
+                }
+                else{
+                    alert("Error whilst parsing/retrieving details for domain")
+                }
+            }
+        );
+    }
+</script>
diff --git a/edit_certificate_modal.php b/edit_certificate_modal.php
index b0b616a7..9e056a27 100644
--- a/edit_certificate_modal.php
+++ b/edit_certificate_modal.php
@@ -27,9 +27,9 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-globe"></i>&nbsp;https://</span>
               </div>
-              <input type="text" class="form-control" name="domain" placeholder="Domain" value="<?php echo $certificate_domain; ?>" required>
+              <input type="text" class="form-control" name="domain" placeholder="Domain" id="domain"  value="<?php echo $certificate_domain; ?>" required>
             </div>
-              <p align="right">Fetch</p>
+              <p align="right" onclick="fetchSSL()"><i>Fetch</i></p>
           </div>
 
           <div class="form-group">
@@ -38,7 +38,7 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-building"></i></span>
               </div>
-              <input type="text" class="form-control" name="issued_by" placeholder="Issued By" value="<?php echo $certificate_issued_by; ?>">
+              <input type="text" class="form-control" name="issued_by" placeholder="Issued By" id="issued_by" value="<?php echo $certificate_issued_by; ?>">
             </div>
           </div>
         
@@ -48,7 +48,7 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
               </div>
-              <input type="date" class="form-control" name="expire" value="<?php echo $certificate_expire; ?>"> 
+              <input type="date" class="form-control" name="expire" id="expire" value="<?php echo $certificate_expire; ?>">
             </div>
           </div>
 
@@ -58,7 +58,7 @@
               <div class="input-group-prepend">
                 <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
               </div>
-              <textarea class="form-control" name="public_key"><?php echo $certificate_public_key; ?></textarea>
+              <textarea class="form-control" name="public_key" id="public_key"><?php echo $certificate_public_key; ?></textarea>
             </div>
           </div>
 
diff --git a/post.php b/post.php
index 17da2fc5..0656b301 100644
--- a/post.php
+++ b/post.php
@@ -4786,7 +4786,8 @@ if(isset($_POST['add_certificate'])){
     $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
     $public_key = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['public_key'])));
 
-    if (!empty($public_key)) {
+    // Parse public key data for a manually provided public key
+    if(!empty($public_key) && (empty($expire) && empty($issued_by))) {
         // Parse the public certificate key. If successful, set attributes from the certificate
         $public_key_obj = openssl_x509_parse($_POST['public_key']);
         if ($public_key_obj) {
@@ -4819,7 +4820,8 @@ if(isset($_POST['edit_certificate'])){
     $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
     $public_key = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['public_key'])));
 
-    if (!empty($public_key)) {
+    // Parse public key data for a manually provided public key
+    if(!empty($public_key) && (empty($expire) && empty($issued_by))) {
         // Parse the public certificate key. If successful, set attributes from the certificate
         $public_key_obj = openssl_x509_parse($_POST['public_key']);
         if ($public_key_obj) {
@@ -4843,6 +4845,45 @@ if(isset($_POST['edit_certificate'])){
 
 }
 
+if(isset($_GET['fetch_certificate'])){
+    $domain = $_GET['domain'];
+
+    // FQDNs in database shouldn't have a URL scheme, adding one
+    $domain = "https://".$domain;
+
+    // Parse host and port
+    $url = parse_url($domain, PHP_URL_HOST);
+    $port = parse_url($domain, PHP_URL_PORT);
+    // Default port
+    if(!$port){
+        $port = "443";
+    }
+
+    // Get certificate
+    // Using verify peer false to allow for self-signed / internal CA certs
+    $socket = "ssl://$url:$port";
+    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE, "verify_peer" => FALSE,)));
+    $read = stream_socket_client($socket, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
+    $cert = stream_context_get_params($read);
+    $cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
+    openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
+
+    // Process data
+    if($cert_public_key_obj){
+        $cert_data['success'] = "TRUE";
+        $cert_data['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']);
+        $cert_data['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']);
+        $cert_data['public_key'] = $export; //nl2br
+    }
+    else{
+        $cert_data['success'] = "FALSE";
+    }
+
+    // Return as JSON
+    echo json_encode($cert_data);
+
+}
+
 if(isset($_GET['delete_certificate'])){
     $certificate_id = intval($_GET['delete_certificate']);