Tidy-up FIPS changes for consistency
This commit is contained in:
Stephen Marshall
committed by
Stephen Marshall
Stephen Marshall
parent
9518a6d3ed
commit
d3a197e0f2
@@ -26,6 +26,15 @@ import (
|
|||||||
func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error {
|
func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error {
|
||||||
enableWebServer := os.Getenv("MQ_ENABLE_EMBEDDED_WEB_SERVER")
|
enableWebServer := os.Getenv("MQ_ENABLE_EMBEDDED_WEB_SERVER")
|
||||||
if enableWebServer == "true" || enableWebServer == "1" {
|
if enableWebServer == "true" || enableWebServer == "1" {
|
||||||
|
|
||||||
|
// Enable FIPS for MQ Web Server if asked for.
|
||||||
|
if fips.IsFIPSEnabled() {
|
||||||
|
err := configureFIPSWebServer(p12Truststore)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Configure the web server (if enabled)
|
// Configure the web server (if enabled)
|
||||||
webKeystore, err := configureWebServer(keyLabel, p12Truststore)
|
webKeystore, err := configureWebServer(keyLabel, p12Truststore)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -37,14 +46,6 @@ func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error {
|
|||||||
webTruststoreRef = "MQWebKeyStore"
|
webTruststoreRef = "MQWebKeyStore"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Enable FIPS for MQ Web Server if asked for.
|
|
||||||
if len(keyLabel) > 0 && fips.IsFIPSEnabled() {
|
|
||||||
err = configureFIPSWebServer(p12Truststore)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Start the web server, in the background (if installed)
|
// Start the web server, in the background (if installed)
|
||||||
// WARNING: No error handling or health checking available for the web server
|
// WARNING: No error handling or health checking available for the web server
|
||||||
go func() {
|
go func() {
|
||||||
|
|||||||
@@ -202,10 +202,10 @@ func configureWebServer(keyLabel string, p12Truststore tls.KeyStoreData) (string
|
|||||||
func configureFIPSWebServer(p12TrustStore tls.KeyStoreData) error {
|
func configureFIPSWebServer(p12TrustStore tls.KeyStoreData) error {
|
||||||
var errOut error
|
var errOut error
|
||||||
// Need to update jvm.options file of MQ Web Server. We don't update the jvm.options file
|
// Need to update jvm.options file of MQ Web Server. We don't update the jvm.options file
|
||||||
// in /var/mqm/web/installations/Installation1/servers/mqweb directory. Instead we update
|
// in /etc/mqm/web/installations/Installation1/servers/mqweb directory. Instead we update
|
||||||
// the one in /var/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults.
|
// the one in /etc/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults.
|
||||||
// During runtime MQ Web Server merges the data from two files.
|
// During runtime MQ Web Server merges the data from two files.
|
||||||
mqwebJvmOptsDir := "/var/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults"
|
mqwebJvmOptsDir := "/etc/mqm/web/installations/Installation1/servers/mqweb/configDropins/defaults"
|
||||||
_, errOut = os.Stat(mqwebJvmOptsDir)
|
_, errOut = os.Stat(mqwebJvmOptsDir)
|
||||||
if errOut == nil {
|
if errOut == nil {
|
||||||
// Update the jvm.options file using the data from template file. Tell the MQ Web Server
|
// Update the jvm.options file using the data from template file. Tell the MQ Web Server
|
||||||
|
|||||||
@@ -24,8 +24,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
FIPSEnabledType int
|
FIPSEnabledType int
|
||||||
FIPSEnabledComponent int
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// FIPS has been turned off either because OS is not FIPS enabled or
|
// FIPS has been turned off either because OS is not FIPS enabled or
|
||||||
@@ -79,12 +78,6 @@ func IsFIPSEnabled() bool {
|
|||||||
return FIPSEnabledType > FIPS_ENABLED_OFF
|
return FIPSEnabledType > FIPS_ENABLED_OFF
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set a flag to indicate FIPS compliance for MQ compoments
|
|
||||||
// Queue manager, Native HA, MQ Web Server etc.,
|
|
||||||
func SetComponent(componentId int) {
|
|
||||||
FIPSEnabledComponent += componentId
|
|
||||||
}
|
|
||||||
|
|
||||||
// Log a message on the console to indicate FIPS certified
|
// Log a message on the console to indicate FIPS certified
|
||||||
// cryptography being used.
|
// cryptography being used.
|
||||||
func PostInit(log *logger.Logger) {
|
func PostInit(log *logger.Logger) {
|
||||||
|
|||||||
Reference in New Issue
Block a user