feat: z/OSMF JWT Preflight Check#4531
Draft
hrishikesh-nalawade wants to merge 30 commits into
Draft
Conversation
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
github-project-automation
Bot
moved this to New
in API Mediation Layer Backlog Management
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
hrishikesh-nalawade
changed the title
EvaJavornicka
moved this from New
to In Progress
in API Mediation Layer Backlog Management
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
balhar-jakub
reviewed
May 4, 2026
| * or z/OS SAF keyrings. Supports PKCS12, JKS, and {@code safkeyring://} URIs. | ||
| */ | ||
| @SuppressWarnings("squid:S106") | ||
| public class Stores { |
Member
There was a problem hiding this comment.
Isn't this class more or less the same as for the certificate analyzer?
Would it be possible to extract it to some of the libraries?
balhar-jakub
reviewed
May 4, 2026
| * Thrown when keystore or truststore initialization fails | ||
| * (e.g. missing file, wrong password, invalid keyring format). | ||
| */ | ||
| public class StoresNotInitializeException extends RuntimeException { |
Member
There was a problem hiding this comment.
It also lives in certificate-analyzer, if it is used in both it probably should go to some common module.
| * </ul> | ||
| */ | ||
| @SuppressWarnings("squid:S106") | ||
| public class SSLContextFactory { |
Member
There was a problem hiding this comment.
Same as Stores and StoresNotInitializeException, does it make sense to duplicate the code instead of having it in a shared library?
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Member
|
Will be replaced by another PR |
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
…re-flight-check' into hrishikesh-nalawade/GH4526/jwt-pre-flight-check
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
This reverts commit 2b566bd.
This reverts commit fc8c14f.
This reverts commit 2088e48.
This reverts commit e2d0058.
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return new X509Certificate[0]; | ||
| } | ||
|
|
||
| public void checkClientTrusted(X509Certificate[] certs, String authType) { |
| // trust all | ||
| } | ||
|
|
||
| public void checkServerTrusted(X509Certificate[] certs, String authType) { |
|
|
||
| if (VERIFY_DISABLED.equals(verifyMode)) { | ||
| SSLContextFactory sslContextFactory = SSLContextFactory.initTrustAllSSLContext(); | ||
| HostnameVerifier noopVerifier = (hostname, session) -> true; |
|
|
||
| HostnameVerifier hostnameVerifier; | ||
| if (VERIFY_NONSTRICT.equals(verifyMode)) { | ||
| hostnameVerifier = (hostname, session) -> true; |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
A Java utility that verifies connectivity to the z/OSMF JWK endpoint before/after starting the Zowe API Mediation Layer. This tool helps diagnose configuration issues early such as incorrect hostnames, unreachable ports, missing certificates, or misconfigured z/OSMF by performing a lightweight HTTP(S) call to the z/OSMF JWK endpoint at
/jwt/ibm/api/zOSMFBuilder/jwkLinked to #4526
Type of change
Checklist: