System: Trust: Certificates - map derivative field cert_type to expose purpose to the userinterface. closes https://github.com/opnsense/core/issues/7835

2026-03-15 09:04:39 +00:00 · 2024-09-02 09:16:13 +02:00 · 2024-09-02 09:16:13 +02:00 · f29d93198d
commit f29d93198d
parent 0e2812220d
1 changed files with 5 additions and 2 deletions
--- a/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php
@ -459,7 +459,7 @@ class Store
                }
            }

-            // rfc3280 purpose definitions
+            // rfc3280 purpose definitions (+ cert_type derivative field)
            $result['rfc3280_purpose'] = '';
            if (
                in_array('TLS Web Server Authentication', $purpose['extendedKeyUsage']) &&
@ -469,18 +469,21 @@ class Store
                )
            ) {
                $result['rfc3280_purpose'] = 'id-kp-serverAuth';
+                $both = in_array('TLS Web Client Authentication', $purpose['extendedKeyUsage']);
+                $result['cert_type'] = $both ? 'combined_server_client' : 'server_cert';
            } elseif (
                in_array('TLS Web Client Authentication', $purpose['extendedKeyUsage']) &&
                in_array('Digital Signature', $purpose['keyUsage'])
            ) {
                $result['rfc3280_purpose'] = 'id-kp-clientAuth';
+                $result['cert_type'] = 'usr_cert';
            } elseif (
                in_array('OCSP Signing', $purpose['extendedKeyUsage']) &&
                in_array('Digital Signature', $purpose['keyUsage'])
            ) {
                $result['rfc3280_purpose'] = 'id-kp-OCSPSigning';
            }
-            //
+
            return $result;
        }
        return false;