PR for FIPS implemenation (#351)
* Part 1 of FIPS Compliance * MQ Web Server FIPSs changes * Remove function param * Updates to FIPS MQ WebServer * Fix build error * Merge latest code from private-master * Rename fips variable * Fix build break * Fix build break * Fix build break * Add new docker tests * First cut of fips metrics * First cut of fips metrics * Second part of metrics fips * Second part of metrics fips * Added NativeHA FIPS * Updated test * Add Native HA tests * Optimze FIPS handling * Update comments * Apply changes from private-master * Undo metrics changes * Merge latest changes * Pull in changes from master * Update copyright year * Resolve merge conflicts
This commit is contained in:
SHASHIKANTH THAMBRAHALLI
committed by
GitHub Enterprise
GitHub Enterprise
parent
1ead807326
commit
794d1ed2b2
@@ -118,18 +118,25 @@ func ConfigureTLS(keyLabel string, cmsKeystore KeyStoreData, devMode bool, log *
|
||||
const mqsc string = "/etc/mqm/15-tls.mqsc"
|
||||
const mqscTemplate string = mqsc + ".tpl"
|
||||
sslKeyRing := ""
|
||||
var fipsEnabled = "NO"
|
||||
|
||||
// Don't set SSLKEYR if no keys or crts are not supplied
|
||||
// Key label will be blank if no certs were added during processing keys and certs.
|
||||
if cmsKeystore.Keystore != nil {
|
||||
// Key label will be blank if no private keys were added during processing keys and certs.
|
||||
if cmsKeystore.Keystore != nil && len(keyLabel) > 0 {
|
||||
certList, _ := cmsKeystore.Keystore.ListAllCertificates()
|
||||
if len(certList) > 0 {
|
||||
sslKeyRing = strings.TrimSuffix(cmsKeystore.Keystore.Filename, ".kdb")
|
||||
}
|
||||
|
||||
if cmsKeystore.Keystore.IsFIPSEnabled() {
|
||||
fipsEnabled = "YES"
|
||||
}
|
||||
}
|
||||
|
||||
err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
|
||||
"SSLKeyR": sslKeyRing,
|
||||
"CertificateLabel": keyLabel,
|
||||
"SSLFips": fipsEnabled,
|
||||
}, log)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -631,7 +638,7 @@ func haveKeysAndCerts(keyDir string) bool {
|
||||
// Do a listing of the subdirectory and then search for .key and .cert files
|
||||
keys, _ := ioutil.ReadDir(filepath.Join(keyDir, fileInfo.Name()))
|
||||
for _, key := range keys {
|
||||
if strings.Contains(key.Name(), ".key") || strings.Contains(key.Name(), ".crt") {
|
||||
if strings.HasSuffix(key.Name(), ".key") || strings.HasSuffix(key.Name(), ".crt") {
|
||||
// We found at least one key/crt file.
|
||||
return true
|
||||
}
|
||||
|
||||
@@ -77,7 +77,6 @@ func ConfigureWebKeystore(p12Truststore KeyStoreData, webKeystore string) (strin
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Failed to generate certificate in Web Keystore %s with DN of 'CN=%s': %v", webKeystoreFile, genHostName, err)
|
||||
}
|
||||
|
||||
} else {
|
||||
// Check Web Keystore already exists
|
||||
_, err := os.Stat(webKeystoreFile)
|
||||
|
||||
Reference in New Issue
Block a user