Tidy-up FIPS changes for consistency

2023-01-19 16:41:30 +00:00
parent 9518a6d3ed
commit d3a197e0f2
3 changed files with 13 additions and 19 deletions
--- a/cmd/runmqserver/post_init.go
+++ b/cmd/runmqserver/post_init.go
@@ -26,6 +26,15 @@ import (
 func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error {
 	enableWebServer := os.Getenv("MQ_ENABLE_EMBEDDED_WEB_SERVER")
 	if enableWebServer == "true" || enableWebServer == "1" {
+
+		// Enable FIPS for MQ Web Server if asked for.
+		if fips.IsFIPSEnabled() {
+			err := configureFIPSWebServer(p12Truststore)
+			if err != nil {
+				return err
+			}
+		}
+
 		// Configure the web server (if enabled)
 		webKeystore, err := configureWebServer(keyLabel, p12Truststore)
 		if err != nil {
@@ -37,14 +46,6 @@ func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error {
 			webTruststoreRef = "MQWebKeyStore"
 		}

-		// Enable FIPS for MQ Web Server if asked for.
-		if len(keyLabel) > 0 && fips.IsFIPSEnabled() {
-			err = configureFIPSWebServer(p12Truststore)
-			if err != nil {
-				return err
-			}
-		}
-
 		// Start the web server, in the background (if installed)
 		// WARNING: No error handling or health checking available for the web server
 		go func() {
--- a/cmd/runmqserver/webserver.go
+++ b/cmd/runmqserver/webserver.go
@@ -202,10 +202,10 @@ func configureWebServer(keyLabel string, p12Truststore tls.KeyStoreData) (string
 func configureFIPSWebServer(p12TrustStore tls.KeyStoreData) error {
 	var errOut error
 	// Need to update jvm.options file of MQ Web Server. We don't update the jvm.options file
-	// in /var/mqm/web/installations/Installation1/servers/mqweb directory. Instead we update
-	// the one in /var/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults.
+	// in /etc/mqm/web/installations/Installation1/servers/mqweb directory. Instead we update
+	// the one in /etc/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults.
 	// During runtime MQ Web Server merges the data from two files.
-	mqwebJvmOptsDir := "/var/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults"
+	mqwebJvmOptsDir := "/etc/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults"
 	_, errOut = os.Stat(mqwebJvmOptsDir)
 	if errOut == nil {
 		// Update the jvm.options file using the data from template file. Tell the MQ Web Server
--- a/internal/fips/fips.go
+++ b/internal/fips/fips.go
@@ -24,8 +24,7 @@ import (
 )

 var (
-	FIPSEnabledType      int
-	FIPSEnabledComponent int
+	FIPSEnabledType int
 )

 // FIPS has been turned off either because OS is not FIPS enabled or
@@ -79,12 +78,6 @@ func IsFIPSEnabled() bool {
 	return FIPSEnabledType > FIPS_ENABLED_OFF
 }

-// Set a flag to indicate FIPS compliance for MQ compoments
-// Queue manager, Native HA, MQ Web Server etc.,
-func SetComponent(componentId int) {
-	FIPSEnabledComponent += componentId
-}
-
 // Log a message on the console to indicate FIPS certified
 // cryptography being used.
 func PostInit(log *logger.Logger) {