@@ -276,7 +276,7 @@ def createconfig(declaration: ConfigDeclaration, apiversion: str, runfromautosyn
276276 policyVersion ['contents' ] = content
277277
278278 # Check TLS items validity
279- all_tls = {'certificate' : {}, 'key' : {}, 'chain' : {} }
279+ all_tls = {'certificate' : {}, 'key' : {}}
280280
281281 if 'certificates' in d ['output' ]['nms' ]:
282282 certs = d ['output' ]['nms' ]['certificates' ]
@@ -289,15 +289,17 @@ def createconfig(declaration: ConfigDeclaration, apiversion: str, runfromautosyn
289289 for server in d ['declaration' ]['http' ]['servers' ]:
290290 if 'tls' in server ['listen' ]:
291291 if 'mtls' in server ['listen' ]['tls' ]:
292- cert_name = server ['listen' ]['tls' ]['mtls' ]['trusted_ca_certificates' ]
293- if cert_name and cert_name not in all_tls ['certificate' ]:
294- return {"status_code" : 422 ,
295- "message" : {
296- "status_code" : 422 ,
297- "message" : {"code" : 422 ,
298- "content" : "invalid mTLS trusted CA certificate " +
299- cert_name + " for server" + str (server ['names' ])}
300- }}
292+ if 'mtls' in server ['listen' ]['tls' ]:
293+ if 'trusted_ca_certificates' in server ['listen' ]['tls' ]['mtls' ]:
294+ cert_name = server ['listen' ]['tls' ]['mtls' ]['trusted_ca_certificates' ]
295+ if cert_name and cert_name not in all_tls ['certificate' ]:
296+ return {"status_code" : 422 ,
297+ "message" : {
298+ "status_code" : 422 ,
299+ "message" : {"code" : 422 ,
300+ "content" : "invalid mTLS trusted CA certificate " +
301+ cert_name + " for server" + str (server ['names' ])}
302+ }}
301303
302304 if 'certificate' in server ['listen' ]['tls' ]:
303305 cert_name = server ['listen' ]['tls' ]['certificate' ]
@@ -321,18 +323,8 @@ def createconfig(declaration: ConfigDeclaration, apiversion: str, runfromautosyn
321323 server ['names' ])}
322324 }}
323325
324- if 'chain' in server ['listen' ]['tls' ]:
325- cert_chain = server ['listen' ]['tls' ]['chain' ]
326- if cert_chain and cert_chain not in all_tls ['chain' ]:
327- return {"status_code" : 422 ,
328- "message" : {
329- "status_code" : 422 ,
330- "message" : {"code" : 422 , "content" : "invalid TLS chain " + cert_chain + " for server" + str (
331- server ['names' ])}
332- }}
333-
334326 # Adds optional certificates specified under output.nms.certificates
335- extensions_map = {'certificate' : '.crt' , 'key' : '.key' , 'chain' : '.chain' }
327+ extensions_map = {'certificate' : '.crt' , 'key' : '.key' }
336328
337329 if 'certificates' in d ['output' ]['nms' ]:
338330 for c in d ['output' ]['nms' ]['certificates' ]:
@@ -561,7 +553,7 @@ def patch_config(declaration: ConfigDeclaration, configUid: str, apiversion: str
561553 sourceDeclaration = currentDeclaration , patchedNAPPolicies = p )
562554
563555 if 'certificates' in declarationToPatch ['output' ]['nms' ]:
564- # TLS certificate/key/chain updates
556+ # TLS certificate/key updates
565557 for p in declarationToPatch ['output' ]['nms' ]['certificates' ]:
566558 currentDeclaration = Contrib .DeclarationPatcher .patchCertificates (
567559 sourceDeclaration = currentDeclaration , patchedCertificates = p )
0 commit comments