diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php index e18364950..de2625ac0 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php @@ -36,6 +36,7 @@ use OPNsense\Trust\Store; use OPNsense\OpenVPN\OpenVPN; use OPNsense\OpenVPN\Export; use OPNsense\OpenVPN\ExportFactory; +use OPNsense\Trust\Cert; /** * Class ExportController handles client export functions @@ -124,23 +125,6 @@ class ExportController extends ApiControllerBase } } - /** - * find CA record - * @param string $caref - * @return mixed - */ - private function getCA($caref) - { - if (isset(Config::getInstance()->object()->ca)) { - foreach (Config::getInstance()->object()->ca as $cert) { - if (isset($cert->refid) && (string)$caref == $cert->refid) { - return $cert; - } - } - } - return null; - } - /** * Determine configured settings for selected server * @param string $vpnid server handle @@ -208,24 +192,21 @@ class ExportController extends ApiControllerBase ]; $server = (new OpenVPN())->getInstanceById($vpnid); if ($server !== null) { - // collect certificates for this server's ca - if (isset(Config::getInstance()->object()->cert)) { - foreach (Config::getInstance()->object()->cert as $cert) { - if (isset($cert->refid) && isset($cert->caref) && $server['caref'] == $cert->caref) { - $result[(string)$cert->refid] = array( - "description" => (string)$cert->descr, - "users" => array() - ); - } - } - } - // collect linked users + $usernames = []; foreach (Config::getInstance()->object()->system->user as $user) { - if (isset($user->cert)) { - foreach ($user->cert as $cert) { - if (!empty($result[(string)$cert])) { - $result[(string)$cert]['users'][] = (string)$user->name; - } + $usernames[] = (string)$user->name; + } + foreach ((new Cert())->cert->iterateItems() as $cert) { + if ($cert->caref == $server['caref']) { + $result[(string)$cert->refid] = [ + "description" => (string)$cert->descr, + "users" => [] + ]; + if ( + in_array($cert->commonname, $usernames) && + in_array($cert->cert_type, ['usr_cert', 'combined_server_client']) + ) { + $result[(string)$cert->refid]['users'][] = (string)$cert->commonname; } } } diff --git a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt index 1bdd11347..f56cd48ad 100644 --- a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt +++ b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt @@ -196,7 +196,7 @@ {{ lang._('Certificate')}} - {{ lang._('Linked user(s)')}} + {{ lang._('Linked user')}}