From a945e8b64d2a7e164ae19aefc34dc7aaa5ba875a Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 19 Nov 2018 18:24:08 +0100
Subject: [PATCH] Openvpn export, add p12 password input for
 https://github.com/opnsense/core/issues/2787

---
 .../OPNsense/OpenVPN/Api/ExportController.php |  5 ++++
 .../OPNsense/OpenVPN/forms/export_options.xml |  7 ++++++
 .../app/views/OPNsense/OpenVPN/export.volt    | 23 ++++++++++++++++++-
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
index 0b2acdaab..153d6967d 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
@@ -380,6 +380,11 @@ class ExportController extends ApiControllerBase
                 // overlay (saved) user settings
                 if ($this->request->hasPost('openvpn_export')) {
                     $response = $this->storePresetsAction($vpnid);
+                    // p12 password shouldn't be saved to the config, so we need to copy the content here as
+                    // not defined in either model or configuration data.
+                    if (!empty($this->request->getPost('openvpn_export')['p12_password'])) {
+                        $config['p12_password'] = $this->request->getPost('openvpn_export')['p12_password'];
+                    }
                 }
                 foreach ($this->getModel()->getServer($vpnid)->iterateItems() as $key => $value) {
                     if ($value !== "") {
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
index 0e9800c39..2b85cebf0 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
@@ -31,6 +31,13 @@
         <type>checkbox</type>
         <help>Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently.</help>
     </field>
+    <field>
+        <id>openvpn_export.p12_password</id>
+        <label>P12 Password/confirm</label>
+        <style>password_field</style>
+        <type>password</type>
+        <help>Use a password to protect the pkcs12 file contents</help>
+    </field>
     <field>
         <id>openvpn_export.validate_server_cn</id>
         <label>Validate server CN</label>
diff --git a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt
index e78dd6e2f..1759317b7 100644
--- a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt
@@ -24,6 +24,13 @@
  # POSSIBILITY OF SUCH DAMAGE.
  #}
 
+<style>
+    .input-spacing {
+        margin-top: 5px;
+        margin-bottom: 5px;
+    }
+</style>
+
 <script>
 
     $( document ).ready(function() {
@@ -132,9 +139,23 @@
                     });
                 }
             });
-
             //
         });
+
+        $("#row_openvpn_export\\.p12_password > td:eq(1)").append($("<hr class='input-spacing'/>"));
+        $("#row_openvpn_export\\.p12_password > td:eq(1)").append(
+            $("<input type='password' class='form-control password_field' size='50' id='openvpn_export.p12_password_confirm'/>")
+        );
+
+        $(".password_field").on("keyup", function(){
+            if ($("#openvpn_export\\.p12_password").val() != $("#openvpn_export\\.p12_password_confirm").val()) {
+                $(".password_field").addClass("has-warning");
+                $(".password_field").closest('tr').addClass('has-warning');
+            } else {
+                $(".password_field").removeClass("has-warning");
+                $(".password_field").closest('tr').removeClass('has-warning');
+            }
+        });
     });