ab#52646

Keyfactor · Jun 5, 2024 · 0adb97a · 0adb97a
1 parent 9eae5ea
commit 0adb97a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/F5WafOrchestrator/CA/Management.cs b/F5WafOrchestrator/CA/Management.cs
@@ -70,8 +70,10 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
     private void PerformCaCertAddition(ManagementJobConfiguration config)
     {
         _logger.MethodEntry(LogLevel.Debug);
-
-        if (F5Client.CertificateExistsInF5(config.CertificateStoreDetails.StorePath, config.JobCertificate.Alias) && !config.Overwrite)
+
+        bool certificateExists = F5Client.CertificateExistsInF5(config.CertificateStoreDetails.StorePath, config.JobCertificate.Alias, false);
+
+        if (certificateExists && !config.Overwrite)
         {
             string message =
                 $"Certificate with alias \"{config.JobCertificate.Alias}\" already exists in F5, and job was not configured to overwrite.";
@@ -80,8 +82,7 @@ private void PerformCaCertAddition(ManagementJobConfiguration config)
         }
 
         F5WafClient.CaPostRoot reqBody = F5Client.FormatCaCertificateRequest(config.JobCertificate);
-        if (F5Client.CertificateExistsInF5(config.CertificateStoreDetails.StorePath, config.JobCertificate.Alias) &&
-            config.Overwrite)
+        if (certificateExists && config.Overwrite)
         {
             _logger.LogDebug("Overwrite is enabled, replacing certificate in F5 called \"{0}\"",
                 config.JobCertificate.Alias);

diff --git a/F5WafOrchestrator/F5WafClient.cs b/F5WafOrchestrator/F5WafClient.cs
@@ -344,7 +344,7 @@ internal void AddCaOrTlsCertificate(string f5Namespace, PostRoot? tlsReqBody, Ca
             jsonReqBody = JsonSerializer.Serialize(tlsReqBody);
         }
 
-        HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, $"{HostName}/api/config/namespaces/{f5Namespace}/{isTLSCertificate}");
+        HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, $"{HostName}/api/config/namespaces/{f5Namespace}/{certType}");
 
         var stringReqBody = new StringContent(jsonReqBody, Encoding.UTF8, "application/json");
         request.Content = stringReqBody;
@@ -478,17 +478,17 @@ internal void RemoveCaOrTlsCertificate(string f5Namespace, string certName, bool
         _logger.MethodEntry(LogLevel.Debug);
 
         string certType = isTLSCertificate ? "certificates" : "trusted_ca_lists";
-        HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Delete, $"{HostName}/api/config/namespaces/{f5Namespace}/{isTLSCertificate}");
+        HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Delete, $"{HostName}/api/config/namespaces/{f5Namespace}/{certType}");
         string result = SubmitRequest(request);
 
         _logger.MethodExit(LogLevel.Debug);
     }
 
-    internal bool CertificateExistsInF5(string f5Namespace, string alias)
+    internal bool CertificateExistsInF5(string f5Namespace, string alias, bool isTLSCertificate)
     {
         _logger.MethodEntry(LogLevel.Debug);
 
-        var certsJson = GetTlsCertificatesFromF5(f5Namespace);
+        var certsJson = isTLSCertificate ? GetTlsCertificatesFromF5(f5Namespace) : GetCaCertificatesFromF5(f5Namespace);
         var certs = JsonDocument.Parse(certsJson);
 
         _logger.MethodExit(LogLevel.Debug);

diff --git a/F5WafOrchestrator/TLS/Management.cs b/F5WafOrchestrator/TLS/Management.cs
@@ -87,18 +87,17 @@ private void PerformTlsCertAddition(ManagementJobConfiguration config)
     {
         _logger.MethodEntry(LogLevel.Debug);
 
-        if (F5Client.CertificateExistsInF5(config.CertificateStoreDetails.StorePath, config.JobCertificate.Alias) &&
-            !config.Overwrite)
+        bool certificateExists = F5Client.CertificateExistsInF5(config.CertificateStoreDetails.StorePath, config.JobCertificate.Alias, true);
+
+        if (certificateExists && !config.Overwrite)
         {
             string message =
                 $"Certificate with alias \"{config.JobCertificate.Alias}\" already exists in F5, and job was not configured to overwrite.";
             throw new Exception(message);
         }
 
         F5WafClient.PostRoot reqBody = F5Client.FormatTlsCertificateRequest(config.JobCertificate); 
-        if (F5Client.CertificateExistsInF5(config.CertificateStoreDetails.StorePath,
-                config.JobCertificate.Alias) &&
-            config.Overwrite)
+        if (certificateExists && config.Overwrite)
         {
             _logger.LogDebug("Overwrite is enabled, replacing certificate in F5 called \"{0}\"",
                 config.JobCertificate.Alias);