Stephen D Marshall
committed by
GitHub Enterprise
GitHub Enterprise
parent
49b4660360
commit
6d69355ab9
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
© Copyright IBM Corporation 2018, 2019
|
© Copyright IBM Corporation 2018, 2020
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
you may not use this file except in compliance with the License.
|
you may not use this file except in compliance with the License.
|
||||||
@@ -83,7 +83,7 @@ func startWebServer(webKeystore, webkeystorePW, webTruststoreRef string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
|
func configureSSO(p12TrustStore tls.KeyStoreData, webKeystore string) (string, error) {
|
||||||
// Ensure all required environment variables are set for SSO
|
// Ensure all required environment variables are set for SSO
|
||||||
requiredEnvVars := []string{
|
requiredEnvVars := []string{
|
||||||
"MQ_OIDC_CLIENT_ID",
|
"MQ_OIDC_CLIENT_ID",
|
||||||
@@ -118,7 +118,7 @@ func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Configure SSO TLS
|
// Configure SSO TLS
|
||||||
return tls.ConfigureWebKeystore(p12TrustStore)
|
return tls.ConfigureWebKeystore(p12TrustStore, webKeystore)
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureWebServer(keyLabel string, p12Truststore tls.KeyStoreData) (string, error) {
|
func configureWebServer(keyLabel string, p12Truststore tls.KeyStoreData) (string, error) {
|
||||||
@@ -136,12 +136,12 @@ func configureWebServer(keyLabel string, p12Truststore tls.KeyStoreData) (string
|
|||||||
// Configure Single-Sign-On for the web server (if enabled)
|
// Configure Single-Sign-On for the web server (if enabled)
|
||||||
enableSSO := os.Getenv("MQ_BETA_ENABLE_SSO")
|
enableSSO := os.Getenv("MQ_BETA_ENABLE_SSO")
|
||||||
if enableSSO == "true" || enableSSO == "1" {
|
if enableSSO == "true" || enableSSO == "1" {
|
||||||
webKeystore, err = configureSSO(p12Truststore)
|
webKeystore, err = configureSSO(p12Truststore, webKeystore)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
} else if keyLabel == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") != "" {
|
} else if keyLabel == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") != "" {
|
||||||
webKeystore, err = tls.ConfigureWebKeystore(p12Truststore)
|
webKeystore, err = tls.ConfigureWebKeystore(p12Truststore, webKeystore)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
© Copyright IBM Corporation 2019
|
© Copyright IBM Corporation 2019, 2020
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
you may not use this file except in compliance with the License.
|
you may not use this file except in compliance with the License.
|
||||||
@@ -24,8 +24,8 @@ import (
|
|||||||
"github.com/ibm-messaging/mq-container/internal/keystore"
|
"github.com/ibm-messaging/mq-container/internal/keystore"
|
||||||
)
|
)
|
||||||
|
|
||||||
// webServerKeystoreName is the name of the web server Keystore
|
// webKeystoreDefault is the name of the default web server Keystore
|
||||||
const webServerKeystoreName = "default.p12"
|
const webKeystoreDefault = "default.p12"
|
||||||
|
|
||||||
// ConfigureWebTLS configures TLS for the web server
|
// ConfigureWebTLS configures TLS for the web server
|
||||||
func ConfigureWebTLS(keyLabel string) error {
|
func ConfigureWebTLS(keyLabel string) error {
|
||||||
@@ -64,31 +64,35 @@ func ConfigureWebTLS(keyLabel string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ConfigureWebKeyStore configures the Web Keystore
|
// ConfigureWebKeyStore configures the Web Keystore
|
||||||
func ConfigureWebKeystore(p12Truststore KeyStoreData) (string, error) {
|
func ConfigureWebKeystore(p12Truststore KeyStoreData, webKeystore string) (string, error) {
|
||||||
webKeystore := filepath.Join(keystoreDir, webServerKeystoreName)
|
|
||||||
|
if webKeystore == "" {
|
||||||
|
webKeystore = webKeystoreDefault
|
||||||
|
}
|
||||||
|
webKeystoreFile := filepath.Join(keystoreDir, webKeystore)
|
||||||
|
|
||||||
// Check if a new self-signed certificate should be generated
|
// Check if a new self-signed certificate should be generated
|
||||||
genHostName := os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME")
|
genHostName := os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME")
|
||||||
if genHostName != "" {
|
if genHostName != "" {
|
||||||
|
|
||||||
// Create the Web Keystore
|
// Create the Web Keystore
|
||||||
newWebKeystore := keystore.NewPKCS12KeyStore(webKeystore, p12Truststore.Password)
|
newWebKeystore := keystore.NewPKCS12KeyStore(webKeystoreFile, p12Truststore.Password)
|
||||||
err := newWebKeystore.Create()
|
err := newWebKeystore.Create()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("Failed to create Web Keystore %s: %v", webKeystore, err)
|
return "", fmt.Errorf("Failed to create Web Keystore %s: %v", webKeystoreFile, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate a new self-signed certificate in the Web Keystore
|
// Generate a new self-signed certificate in the Web Keystore
|
||||||
err = newWebKeystore.CreateSelfSignedCertificate("default", fmt.Sprintf("CN=%s", genHostName), genHostName)
|
err = newWebKeystore.CreateSelfSignedCertificate("default", fmt.Sprintf("CN=%s", genHostName), genHostName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("Failed to generate certificate in Web Keystore %s with DN of 'CN=%s': %v", webKeystore, genHostName, err)
|
return "", fmt.Errorf("Failed to generate certificate in Web Keystore %s with DN of 'CN=%s': %v", webKeystoreFile, genHostName, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// Check Web Keystore already exists
|
// Check Web Keystore already exists
|
||||||
_, err := os.Stat(webKeystore)
|
_, err := os.Stat(webKeystoreFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("Failed to find existing Web Keystore %s: %v", webKeystore, err)
|
return "", fmt.Errorf("Failed to find existing Web Keystore %s: %v", webKeystoreFile, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -98,5 +102,5 @@ func ConfigureWebKeystore(p12Truststore KeyStoreData) (string, error) {
|
|||||||
return "", fmt.Errorf("Failed to find existing Web Truststore %s: %v", p12Truststore.Keystore.Filename, err)
|
return "", fmt.Errorf("Failed to find existing Web Truststore %s: %v", p12Truststore.Keystore.Filename, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return webServerKeystoreName, nil
|
return webKeystore, nil
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user