From 997795b935df45caf1881d3b3b4318256cb3b04a Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@sonntag.fr>
Date: Fri, 22 Jun 2018 19:04:03 +0200
Subject: [PATCH] starting to implement ssl best cert finder

---
 bureau/class/m_ssl.php | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/bureau/class/m_ssl.php b/bureau/class/m_ssl.php
index 7ba3f011..0631f18c 100644
--- a/bureau/class/m_ssl.php
+++ b/bureau/class/m_ssl.php
@@ -53,7 +53,9 @@ class m_ssl {
      * Constructor
      */
     function m_ssl() {
-        
+        global $L_FQDN;
+        $this->last_certificate_id=variable_get('last_certificate_id',0,'Latest certificate ID parsed by update_domains. Do not change this unless you know what you are doing');
+        $this->default_certificate_fqdn=variable_get('default_certificate_fqdn',$L_FQDN,'FQDN of the certificate we will use as a default one before getting a proper one through any provider. If unsure, keep the default');
     }
 
     // ----------------------------------------------------------------- 
@@ -283,6 +285,42 @@ class m_ssl {
         return true;
     }
 
+    // -----------------------------------------------------------------
+    /** Return all the valid certificates that can be used for a specific FQDN
+     * return the list of certificates by order of preference (2 lasts bein the default FQDN and the snakeoil if necessary)
+     * keys: id, provider, crt, chain, key, validstart, validend
+     */
+    function get_valid_certs($fqdn) {
+        global $db, $msg, $cuid;
+        $db->query("SELECT * FROM certificates WHERE status=".self::STATUS_OK." ORDER BY validstart DESC;");
+        $good=array();
+        $bad=array();
+        $ugly=array();
+        $wildcard="*".substr($fqdn,strpos($fqdn,".");
+        $defaultwild="*".substr($this->default_certificate_fqdn,strpos($this->default_certificate_fqdn,".");
+
+        while($db->next_record()) {
+            $good=false
+            if ($db->Record["fqdn"]==$fqdn || $db->Record["fqdn"]==$wildcard) {
+                $good=true;
+            } else {
+                $alts=explode("\n",$db->Record["altnames"]);
+                foreach($alts as $alt) {
+                    if ($alt==$fqdn || $alt==$wildcard) {
+                        $good=true;
+                        break;
+                    }
+                }
+            }
+            if ($good) {
+                $good[]=$db->Record;
+            }
+            // TODO : manages BAD (default) and UGLY (snakeoil)
+        }
+        return $good;
+    }
+
+
     // ----------------------------------------------------------------- 
     /** Return all the subdomains that can be ssl-enabled for the current account.
      * @return array of strings : all the subdomains.