diff --git a/lib/apiml.js b/lib/apiml.js index 85e87b73..9de98792 100644 --- a/lib/apiml.js +++ b/lib/apiml.js @@ -79,9 +79,11 @@ const MEDIATION_LAYER_INSTANCE_DEFAULTS = (zluxProto, zluxHostname, zluxPort) => }}; function ApimlConnector({ hostName, port, discoveryUrls, - discoveryPort, tlsOptions, eurekaOverrides, isClientAttls }) { + discoveryPort, tlsOptions, eurekaOverrides, + isClientAttls, isGatewayClientAttls }) { Object.assign(this, { hostName, port, discoveryUrls, - discoveryPort, tlsOptions, eurekaOverrides, isClientAttls }); + discoveryPort, tlsOptions, eurekaOverrides, + isClientAttls, isGatewayClientAttls }); this.vipAddress = hostName; } @@ -168,8 +170,14 @@ ApimlConnector.prototype = { // If the HTTP port is set to 0 then the API ML doesn't load zlux httpPort: Number(this.port), httpsPort: Number(this.port), - httpEnabled: false, - httpsEnabled: true + // TODO while the server should always be HTTPS for security, + // When AT-TLS is used, programs need to know when AT-TLS will add TLS to their traffic + // To align with the correct amount of TLS (Avoid no TLS and double TLS) + // It seems the gateway wants to be told app-server is 'http' when client TLS is set on it + // So this eureka object will be based upon that setting. + // This may change in the future, revisit. + httpEnabled: this.isGatewayClientAttls, + httpsEnabled: !this.isGatewayClientAttls }; log.debug("ZWED0141I", 'https', this.port); //"Protocol:", proto, "Port", port); diff --git a/lib/index.js b/lib/index.js index 23076726..5d9e6ec5 100755 --- a/lib/index.js +++ b/lib/index.js @@ -221,7 +221,8 @@ Server.prototype = { discoveryUrls: apimlConfig.server.discoveryUrls || [`https://${apimlConfig.server.hostname}:${apimlConfig.server.port}/eureka/`], tlsOptions: this.tlsOptions, eurekaOverrides: apimlConfig.eureka, - isClientAttls: util.isClientAttls(this.zoweConfig) + isClientAttls: util.isClientAttls(this.zoweConfig), + isGatewayClientAttls: util.isComponentClientAttls(this.zoweConfig, 'gateway') }); yield this.apiml.setBestIpFromConfig(this.componentConfig.node); yield this.apiml.registerMainServerInstance(); diff --git a/lib/util.js b/lib/util.js index 162d56aa..c88a8562 100644 --- a/lib/util.js +++ b/lib/util.js @@ -507,16 +507,21 @@ module.exports.isServerHttps = function(zoweConfig) { return Number.isInteger(zoweConfig.components['app-server'].node.https?.port); } -function isClientAttls(zoweConfig) { +function isComponentClientAttls(zoweConfig, componentName) { let clientGlobalAttls = zoweConfig.zowe.network?.client?.tls?.attls; - let clientLocalAttls = zoweConfig.components['app-server'].zowe?.network?.client?.tls?.attls; + let clientLocalAttls = zoweConfig.components[componentName].zowe?.network?.client?.tls?.attls; let clientAttls = clientGlobalAttls || clientLocalAttls; if ((clientGlobalAttls !== false) && (clientLocalAttls !== false) && (!clientAttls)) { // If client attls not explicitly false OR truthy, have client follow server attls variable. it simplifies common case in which users want both. - return zoweConfig.zowe.network?.server?.tls?.attls || zoweConfig.components['app-server'].zowe?.network?.server?.tls?.attls; + return zoweConfig.zowe.network?.server?.tls?.attls || zoweConfig.components[componentName].zowe?.network?.server?.tls?.attls; } else { return clientAttls; - } + } +} +module.exports.isComponentClient = isComponentClientAttls; + +function isClientAttls(zoweConfig) { + return isComponentClientAttls(zoweConfig, 'app-server'); } module.exports.isClientAttls = isClientAttls;