fix(decryption rules): fixing path to multiple ssl certificates

PaloAltoNetworks · Feb 16, 2023 · fb075e7 · fb075e7
1 parent 0555fc1
commit fb075e7
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/poli/decryption/entry.go b/poli/decryption/entry.go
@@ -725,7 +725,7 @@ type entry_v5 struct {
 type dType_v2 struct {
 	SslForwardProxy *string          `xml:"ssl-forward-proxy"`
 	SshProxy        *string          `xml:"ssh-proxy"`
-	SslCertificates *util.MemberType `xml:"ssl-inbound-inspection"`
+	SslCertificates *util.MemberType `xml:"ssl-inbound-inspection>certificates"`
 }
 
 func (e *entry_v5) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {

diff --git a/poli/decryption/fw_test.go b/poli/decryption/fw_test.go
@@ -2,9 +2,11 @@ package decryption
 
 import (
 	"reflect"
+	"strings"
 	"testing"
 
 	"github.com/PaloAltoNetworks/pango/testdata"
+	"github.com/PaloAltoNetworks/pango/version"
 )
 
 func TestFwNormalization(t *testing.T) {
@@ -33,3 +35,30 @@ func TestFwNormalization(t *testing.T) {
 		})
 	}
 }
+
+func TestNotPresent(t *testing.T) {
+	mc := &testdata.MockClient{}
+	ns := FirewallNamespace(mc)
+
+	mc.Version = version.Number{10, 2, 0, ""}
+	mc.AddResp("")
+
+	elm := Entry{
+		Name:                   "rule1",
+		Uuid:                   "uuid123",
+		GroupTag:               "tag123",
+		Description:            "blah",
+		DestinationHips:        []string{"dst2", "dst1"},
+		LogFailedTlsHandshakes: true,
+		LogSetting:             "my log setting",
+	}
+
+	err := ns.Set("vsys1", elm)
+	if err != nil {
+		t.Fatalf("Failed set: %s", err)
+	}
+
+	if strings.Contains(mc.Elm, "ssl-inbound-inspection") {
+		t.Fatalf("Contains ssl-inbound-inspection")
+	}
+}