Skip to content

v2.7.4 Fixes & Features #859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jaredhendrickson13 merged 6 commits into from
Mar 23, 2026
+41 −6
Merged

v2.7.4 Fixes & Features #859

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8fa83dc
fix(CertificateAuthority): use ca_in_use instead of cert_in_use #856
jaredhendrickson13 Mar 14, 2026
07bdfa1
fix(CertificateAuthority): set a 409 instead of 403 for bad ca deletions
jaredhendrickson13 Mar 14, 2026
9d924a9
test(CertificateAuthority): ensure CAs can't be deleted while in use …
jaredhendrickson13 Mar 14, 2026
9da348c
style: run prettier on changed files
jaredhendrickson13 Mar 14, 2026
eed8d1b
fix: allow select crl fields to be editable #857
jaredhendrickson13 Mar 22, 2026
3308b44
feat: add ACMECertificateDomain fields for Technitium DNS #846
jaredhendrickson13 Mar 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions pfSense-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Models/ACMECertificateDomain.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,8 @@ class ACMECertificateDomain extends Model {
public StringField $zone_username;
public StringField $zone_key;
public StringField $zilore_key;
public StringField $technitium_server;
public StringField $technitium_token;
public StringField $anydnschallengealias;
public BooleanField $anydnschallengedomain;

Expand Down Expand Up @@ -2524,6 +2526,21 @@ class ACMECertificateDomain extends Model {
conditions: ['method' => 'dns_zilore'],
help_text: 'Zilore API Key',
);
$this->technitium_server = new StringField(
default: '',
allow_empty: true,
internal_name: 'dns_technitiumtechnitium_server',
conditions: ['method' => 'dns_technitium'],
help_text: 'Technitium DNS Server address',
);
$this->technitium_token = new StringField(
default: '',
allow_empty: true,
sensitive: true,
internal_name: 'dns_technitiumtechnitium_token',
conditions: ['method' => 'dns_technitium'],
help_text: 'Technitium DNS Server API Token',
);
$this->anydnschallengealias = new StringField(
default: '',
allow_empty: true,
Expand Down
5 changes: 3 additions & 2 deletions pfSense-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Models/CertificateAuthority.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ use RESTAPI\Fields\BooleanField;
use RESTAPI\Fields\IntegerField;
use RESTAPI\Fields\StringField;
use RESTAPI\Fields\UIDField;
use RESTAPI\Responses\ConflictError;
use RESTAPI\Responses\ForbiddenError;
use RESTAPI\Responses\ValidationError;
use RESTAPI\Validators\RegexValidator;
Expand Down Expand Up @@ -115,8 +116,8 @@ class CertificateAuthority extends Model {
*/
public function _delete(): void {
# Do not allow this CertificateAuthority to be deleted if it is in use
if (cert_in_use($this->refid->value)) {
throw new ForbiddenError(
if (ca_in_use($this->refid->value)) {
throw new ConflictError(
message: 'Certificate authority cannot be deleted because it is in use.',
response_id: 'CERTIFICATE_AUTHORITY_CANNOT_BE_DELETED_WHILE_IN_USE',
);
Expand Down
3 changes: 0 additions & 3 deletions pfSense-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Models/CertificateRevocationList.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@ class CertificateRevocationList extends Model {
$this->descr = new StringField(
required: true,
unique: true,
editable: false,
validators: [new RegexValidator(pattern: "/[\?\>\<\&\/\\\"\']/", invert: true)],
help_text: 'The unique name/description for this CRL.',
);
Expand All @@ -59,15 +58,13 @@ class CertificateRevocationList extends Model {
);
$this->lifetime = new IntegerField(
default: 730,
editable: false,
minimum: 1,
maximum: 8381,
conditions: ['method' => 'internal'],
help_text: 'The lifetime of this CRL in days.',
);
$this->serial = new IntegerField(
default: 0,
editable: false,
conditions: ['method' => 'internal'],
help_text: 'The serial number of the CRL.',
);
Expand Down
22 changes: 21 additions & 1 deletion ...e-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Tests/APIModelsCertificateAuthorityTestCase.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace RESTAPI\Tests;

use RESTAPI\Core\Command;
use RESTAPI\Core\Model;
use RESTAPI\Core\TestCase;
use RESTAPI\Models\CertificateAuthority;

Expand Down Expand Up @@ -127,6 +128,25 @@ R02Pul8ulWQ8Kl3Q3pou8As7W1mMzA2DxQ==
$ca->delete();
}

# TODO: Need test to ensure CA cannot be deleted while in use
/**
* Checks that we cannot delete a CA that is in use.
*/
public function test_cannot_delete_ca_in_use(): void {
# Create a CA to test with
$ca = new CertificateAuthority(descr: 'test', crt: self::EXAMPLE_CRT, prv: self::EXAMPLE_PRV);
$ca->create();

# Mock an OpenVPN server using this CA to be in use
Model::set_config(path: 'openvpn/openvpn-server/0/caref', value: $ca->refid->value);

# Ensure an error is thrown if we try to delete the CA while it's in use
$this->assert_throws_response(
response_id: 'CERTIFICATE_AUTHORITY_CANNOT_BE_DELETED_WHILE_IN_USE',
code: 409,
callable: function () use ($ca) {
$ca->delete();
},
);
}
# TODO: Need test to ensure crt must be CA capable
}