fix: ensure carefs are relinked after cert imports #605

jaredhendrickson13 · jaredhendrickson13 · commit f2c529f0ad8a · 2024-12-15T12:33:36.000-07:00
diff --git a/pfSense-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Models/Certificate.inc b/pfSense-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Models/Certificate.inc
@@ -17,6 +17,7 @@ use RESTAPI\Validators\X509Validator;
 class Certificate extends Model {
     public StringField $descr;
     public UIDField $refid;
+    public StringField $caref;
     public StringField $type;
     public Base64Field $csr;
     public Base64Field $crt;
@@ -37,6 +38,13 @@ class Certificate extends Model {
             help_text: 'The unique ID assigned to this certificate for internal system use. This value is generated ' .
                 'by this system and cannot be changed.',
         );
+        $this->caref = new StringField(
+            default: null,
+            allow_null: true,
+            read_only: true,
+            help_text: 'The unique ID of the existing pfSense Certificate Authority that signed this certificate.' .
+                'This value is assigned by this system and cannot be changed.',
+        );
         $this->type = new StringField(
             default: 'server',
             choices: ['server', 'user'],
@@ -83,6 +91,19 @@ class Certificate extends Model {
         return $prv;
     }
 
+    /**
+     * Extends the default _create() method to ensure the certificate is fully imported before creating it.
+     */
+    public function _create(): void {
+        # Import the cert first using pfSense's cert_import function and relink CAs (if necessary)
+        $config_data = $this->to_internal();
+        cert_import($config_data, $this->crt->value, $this->prv->value);
+        $this->caref->value = $config_data['caref'] ?? null;
+
+        # Create the Certificate object
+        parent::_create();
+    }
+
     /**
      * Extends the default _update() method to ensure any `csr` value is removed before updating a Certificate.
      */
