Srt 1899 fipsmessage (#367)

* Fix FIPS message

* Modify function name

* Update FIPS message

cmd/runmqserver/main.go

@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2022
+© Copyright IBM Corporation 2017, 2023
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -174,13 +174,8 @@ func doMain() error {
 		}
 	}
 
-	// Log a message on the console to indicate FIPS certified
-	// cryptography being used.
-	if fips.IsFIPSEnabled() {
-		log.Println("FIPS cryptography is enabled.")
-	} else {
-		log.Println("FIPS cryptography is not enabled.")
-	}
+	// Post FIPS initialization processing
+	fips.PostInit(log)
 
 	enableTraceCrtmqm := os.Getenv("MQ_ENABLE_TRACE_CRTMQM")
 	if enableTraceCrtmqm == "true" || enableTraceCrtmqm == "1" {

cmd/runmqserver/post_init.go

@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2022
+© Copyright IBM Corporation 2018, 2023
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -38,7 +38,7 @@ func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error {
 		}
 
 		// Enable FIPS for MQ Web Server if asked for.
-		if fips.IsFIPSEnabled() {
+		if len(keyLabel) > 0 && fips.IsFIPSEnabled() {
 			err = configureFIPSWebServer(p12Truststore)
 			if err != nil {
 				return err

internal/fips/fips.go

@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2022
+© Copyright IBM Corporation 2023
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@ import (
 
 var (
 	FIPSEnabledType      int
+	FIPSEnabledComponent int
 )
 
 // FIPS has been turned off either because OS is not FIPS enabled or
@@ -45,6 +46,7 @@ func ProcessFIPSType(logs *logger.Logger) {
 	// Run "sysctl crypto.fips_enabled" command to determine if FIPS has been enabled
 	// on OS.
 	FIPSEnabledType = FIPS_ENABLED_OFF
+
 	out, _, err := command.Run("sysctl", "crypto.fips_enabled")
 	if err == nil {
 		// Check the output of the command for expected output
@@ -76,3 +78,22 @@ func ProcessFIPSType(logs *logger.Logger) {
 func IsFIPSEnabled() bool {
 	return FIPSEnabledType > FIPS_ENABLED_OFF
 }
+
+// Set a flag to indicate FIPS compliance for MQ compoments
+// Queue manager, Native HA, MQ Web Server etc.,
+func SetComponent(componentId int) {
+	FIPSEnabledComponent += componentId
+}
+
+// Log a message on the console to indicate FIPS certified
+// cryptography being used.
+func PostInit(log *logger.Logger) {
+	message := "FIPS cryptography is not enabled."
+	if FIPSEnabledType == FIPS_ENABLED_PLATFORM {
+		message = "FIPS cryptography is enabled. FIPS cryptography setting on the host is 'true'."
+	} else if FIPSEnabledType == FIPS_ENABLED_ENV_VAR {
+		message = "FIPS cryptography is enabled. FIPS cryptography setting on the host is 'false'."
+	}
+
+	log.Println(message)
+}

internal/ha/ha.go

@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2020, 2022
+© Copyright IBM Corporation 2020, 2023
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/tls/tls.go

@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2019, 2022
+© Copyright IBM Corporation 2019, 2023
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.