From 6f677e2a590afca562077d42a9a7ffa02976717a Mon Sep 17 00:00:00 2001 From: Robert Parker Date: Thu, 30 May 2019 13:39:59 +0100 Subject: [PATCH] Remove old Integration TLS function --- cmd/runmqserver/tls.go | 6 ----- internal/tls/tls.go | 51 ------------------------------------------ 2 files changed, 57 deletions(-) diff --git a/cmd/runmqserver/tls.go b/cmd/runmqserver/tls.go index cb09e2e..85c1ce4 100644 --- a/cmd/runmqserver/tls.go +++ b/cmd/runmqserver/tls.go @@ -139,11 +139,5 @@ func configureSSOTLS(p12TrustStore tls.KeyStoreData) (string, error) { return "", fmt.Errorf("Failed to find existing truststore %s: %v", p12TrustStore.Keystore.Filename, err) } - // Add OIDC cert to the truststore - err = p12TrustStore.Keystore.Add(os.Getenv("MQ_OIDC_CERTIFICATE"), "OIDC") - if err != nil { - return "", err - } - return webKeyStoreName, nil } diff --git a/internal/tls/tls.go b/internal/tls/tls.go index a60b0f2..856d692 100644 --- a/internal/tls/tls.go +++ b/internal/tls/tls.go @@ -30,7 +30,6 @@ import ( "crypto/x509" "encoding/pem" - "github.com/ibm-messaging/mq-container/internal/copy" "github.com/ibm-messaging/mq-container/internal/keystore" pkcs "software.sslmate.com/src/go-pkcs12" ) @@ -399,11 +398,6 @@ func ConfigureTLSKeystores(keyDir, certDir, outputDir string) (string, KeyStoreD return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err } - err = handleIntegrationGeneratedCerts(keyDir) - if err != nil { - return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err - } - returnLabel, err = expandOldTLSVariable(keyDir, outputDir, &cmsKeyDB, &p12TrustDB) if err != nil { return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err @@ -425,51 +419,6 @@ func ConfigureTLSKeystores(keyDir, certDir, outputDir string) (string, KeyStoreD return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err } -// This function supports an old mechanism of importing certificates -func handleIntegrationGeneratedCerts(keyDir string) error { - dir := "/mnt/tls" - outputdir := filepath.Join(keyDir, IntegrationDefaultLabel) - keyfile := "tls.key" - crtfile := "tls.crt" - - // check that the files exist, if not just quietly leave as there's nothing to import - _, err := os.Stat(filepath.Join(dir, keyfile)) - if err != nil { - return nil - } - - _, err = os.Stat(filepath.Join(dir, crtfile)) - if err != nil { - return nil - } - - // Check the destination directory DOES not exist ahead of time - _, err = os.Stat(outputdir) - if err == nil { - return fmt.Errorf("Found CIP certificates to import but a TLS secret called %s is already present", IntegrationDefaultLabel) - } else if !os.IsNotExist(err) { - return fmt.Errorf("Failed to check that %s does not exist: %v", outputdir, err) - } - - err = os.MkdirAll(outputdir, 0775) - if err != nil { - return fmt.Errorf("Could not create %s: %v", outputdir, err) - } - - err = copy.CopyFileMode(filepath.Join(dir, keyfile), filepath.Join(outputdir, keyfile), 0644) - if err != nil { - return fmt.Errorf("Could not copy %s: %v", keyfile, err) - } - - err = copy.CopyFileMode(filepath.Join(dir, crtfile), filepath.Join(outputdir, crtfile), 0644) - if err != nil { - return fmt.Errorf("Could not copy %s: %v", keyfile, err) - } - - // With certificates copied into place the rest of the TLS handling code will import them into the correct place - return nil -} - // This function supports the old mechanism of importing certificates supplied by the MQ_TLS_KEYSTORE envvar func expandOldTLSVariable(keyDir, outputDir string, cmsKeyDB, p12TrustDB *KeyStoreData) (string, error) { // TODO: Change this or find a way to set it