From 0d68ccb7a2ac8d2bae3350b082aad385d8423b85 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sat, 9 Dec 2023 01:50:19 +0000
Subject: [PATCH] Add 'email' and 'kdc' to create_x509_type()

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 687acca39..f4cbbe042 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -5395,6 +5395,38 @@ create_x509_type() {
 		keyUsage = digitalSignature
 		X509_CODE_SIGNING
 	;;
+	email)
+		cat <<- "X509_EMAIL"
+		basicConstraints = CA:FALSE
+		subjectKeyIdentifier = hash
+		authorityKeyIdentifier = keyid,issuer:always
+		extendedKeyUsage = emailProtection
+		keyUsage = digitalSignature,keyEncipherment,nonRepudiation
+		X509_EMAIL
+	;;
+	kdc)
+		cat <<- "X509_KDC"
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = 1.3.6.1.5.2.3.5
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+issuerAltName = issuer:copy
+subjectAltName = otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
+
+[kdc_princ_name]
+realm = EXP:0,GeneralString:${ENV::EASYRSA_KDC_REALM}
+principal_name = EXP:1,SEQUENCE:kdc_principal_seq
+
+[kdc_principal_seq]
+name_type = EXP:0,INTEGER:1
+name_string = EXP:1,SEQUENCE:kdc_principals
+
+[kdc_principals]
+princ1 = GeneralString:krbtgt
+princ2 = GeneralString:${ENV::EASYRSA_KDC_REALM}
+		X509_KDC
+	;;
 	*)
 		return 1
 	esac