From f29d93198d9cdfd04616c1e380319cf0f70fa1a9 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Mon, 2 Sep 2024 09:16:13 +0200 Subject: [PATCH] System: Trust: Certificates - map derivative field cert_type to expose purpose to the userinterface. closes https://github.com/opnsense/core/issues/7835 --- src/opnsense/mvc/app/library/OPNsense/Trust/Store.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php b/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php index 970f498f5..bd0e41637 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php +++ b/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php @@ -459,7 +459,7 @@ class Store } } - // rfc3280 purpose definitions + // rfc3280 purpose definitions (+ cert_type derivative field) $result['rfc3280_purpose'] = ''; if ( in_array('TLS Web Server Authentication', $purpose['extendedKeyUsage']) && @@ -469,18 +469,21 @@ class Store ) ) { $result['rfc3280_purpose'] = 'id-kp-serverAuth'; + $both = in_array('TLS Web Client Authentication', $purpose['extendedKeyUsage']); + $result['cert_type'] = $both ? 'combined_server_client' : 'server_cert'; } elseif ( in_array('TLS Web Client Authentication', $purpose['extendedKeyUsage']) && in_array('Digital Signature', $purpose['keyUsage']) ) { $result['rfc3280_purpose'] = 'id-kp-clientAuth'; + $result['cert_type'] = 'usr_cert'; } elseif ( in_array('OCSP Signing', $purpose['extendedKeyUsage']) && in_array('Digital Signature', $purpose['keyUsage']) ) { $result['rfc3280_purpose'] = 'id-kp-OCSPSigning'; } - // + return $result; } return false;