From 493d060922f638d81dd5d4a81ffdf19e16943e3e Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Thu, 31 Aug 2023 00:11:59 +0200
Subject: eapol: T4782: Support multiple CA chains

---
 src/conf_mode/interfaces-ethernet.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'src/conf_mode/interfaces-ethernet.py')

diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index b015bba88..f3e65ad5e 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -186,14 +186,15 @@ def generate(ethernet):
 
         if 'ca_certificate' in ethernet['eapol']:
             ca_cert_file_path = os.path.join(cfg_dir, f'{ifname}_ca.pem')
-            ca_cert_name = ethernet['eapol']['ca_certificate']
-            pki_ca_cert = ethernet['pki']['ca'][ca_cert_name]
+            ca_chains = []
 
-            loaded_ca_cert = load_certificate(pki_ca_cert['certificate'])
-            ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs)
+            for ca_cert_name in ethernet['eapol']['ca_certificate']:
+                pki_ca_cert = ethernet['pki']['ca'][ca_cert_name]
+                loaded_ca_cert = load_certificate(pki_ca_cert['certificate'])
+                ca_full_chain = find_chain(loaded_ca_cert, loaded_ca_certs)
+                ca_chains.append('\n'.join(encode_certificate(c) for c in ca_full_chain))
 
-            write_file(ca_cert_file_path,
-                       '\n'.join(encode_certificate(c) for c in ca_full_chain))
+            write_file(ca_cert_file_path, '\n'.join(ca_chains))
 
     return None
 
-- 
cgit v1.2.3