academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove old Integration TLS function

Browse Source
This commit is contained in:
Robert Parker
2019-05-30 13:39:59 +01:00
committed by Arthur Barr
parent 612fe3a9ec
commit 6f677e2a59
2 changed files with 0 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/runmqserver/tls.go
View File

@@ -139,11 +139,5 @@ func configureSSOTLS(p12TrustStore tls.KeyStoreData) (string, error) {
return "", fmt.Errorf("Failed to find existing truststore %s: %v", p12TrustStore.Keystore.Filename, err) return "", fmt.Errorf("Failed to find existing truststore %s: %v", p12TrustStore.Keystore.Filename, err)
} }
// Add OIDC cert to the truststore
err = p12TrustStore.Keystore.Add(os.Getenv("MQ_OIDC_CERTIFICATE"), "OIDC")
if err != nil {
return "", err
}
return webKeyStoreName, nil return webKeyStoreName, nil
} }

51
internal/tls/tls.go
View File

@@ -30,7 +30,6 @@ import (
"crypto/x509" "crypto/x509"
"encoding/pem" "encoding/pem"
"github.com/ibm-messaging/mq-container/internal/copy"
"github.com/ibm-messaging/mq-container/internal/keystore" "github.com/ibm-messaging/mq-container/internal/keystore"
pkcs "software.sslmate.com/src/go-pkcs12" pkcs "software.sslmate.com/src/go-pkcs12"
) )
@@ -399,11 +398,6 @@ func ConfigureTLSKeystores(keyDir, certDir, outputDir string) (string, KeyStoreD
return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
} }
err = handleIntegrationGeneratedCerts(keyDir)
if err != nil {
return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
}
returnLabel, err = expandOldTLSVariable(keyDir, outputDir, &cmsKeyDB, &p12TrustDB) returnLabel, err = expandOldTLSVariable(keyDir, outputDir, &cmsKeyDB, &p12TrustDB)
if err != nil { if err != nil {
return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
@@ -425,51 +419,6 @@ func ConfigureTLSKeystores(keyDir, certDir, outputDir string) (string, KeyStoreD
return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
} }
// This function supports an old mechanism of importing certificates
func handleIntegrationGeneratedCerts(keyDir string) error {
dir := "/mnt/tls"
outputdir := filepath.Join(keyDir, IntegrationDefaultLabel)
keyfile := "tls.key"
crtfile := "tls.crt"
// check that the files exist, if not just quietly leave as there's nothing to import
_, err := os.Stat(filepath.Join(dir, keyfile))
if err != nil {
return nil
}
_, err = os.Stat(filepath.Join(dir, crtfile))
if err != nil {
return nil
}
// Check the destination directory DOES not exist ahead of time
_, err = os.Stat(outputdir)
if err == nil {
return fmt.Errorf("Found CIP certificates to import but a TLS secret called %s is already present", IntegrationDefaultLabel)
} else if !os.IsNotExist(err) {
return fmt.Errorf("Failed to check that %s does not exist: %v", outputdir, err)
}
err = os.MkdirAll(outputdir, 0775)
if err != nil {
return fmt.Errorf("Could not create %s: %v", outputdir, err)
}
err = copy.CopyFileMode(filepath.Join(dir, keyfile), filepath.Join(outputdir, keyfile), 0644)
if err != nil {
return fmt.Errorf("Could not copy %s: %v", keyfile, err)
}
err = copy.CopyFileMode(filepath.Join(dir, crtfile), filepath.Join(outputdir, crtfile), 0644)
if err != nil {
return fmt.Errorf("Could not copy %s: %v", keyfile, err)
}
// With certificates copied into place the rest of the TLS handling code will import them into the correct place
return nil
}
// This function supports the old mechanism of importing certificates supplied by the MQ_TLS_KEYSTORE envvar // This function supports the old mechanism of importing certificates supplied by the MQ_TLS_KEYSTORE envvar
func expandOldTLSVariable(keyDir, outputDir string, cmsKeyDB, p12TrustDB *KeyStoreData) (string, error) { func expandOldTLSVariable(keyDir, outputDir string, cmsKeyDB, p12TrustDB *KeyStoreData) (string, error) {
// TODO: Change this or find a way to set it // TODO: Change this or find a way to set it