Skip to content

feat: z/OSMF JWT Preflight Check#4531

Draft
hrishikesh-nalawade wants to merge 32 commits into
v3.x.xfrom
hrishikesh-nalawade/GH4526/jwt-pre-flight-check
Draft

feat: z/OSMF JWT Preflight Check#4531
hrishikesh-nalawade wants to merge 32 commits into
v3.x.xfrom
hrishikesh-nalawade/GH4526/jwt-pre-flight-check

Conversation

@hrishikesh-nalawade
Copy link
Copy Markdown
Member

@hrishikesh-nalawade hrishikesh-nalawade commented Mar 27, 2026
edited
Loading

Description

A Java utility that verifies connectivity to the z/OSMF JWK endpoint before/after starting the Zowe API Mediation Layer. This tool helps diagnose configuration issues early such as incorrect hostnames, unreachable ports, missing certificates, or misconfigured z/OSMF by performing a lightweight HTTP(S) call to the z/OSMF JWK endpoint at /jwt/ibm/api/zOSMFBuilder/jwk

Linked to #4526

Type of change

  • feat: New feature (non-breaking change which adds functionality)

Checklist:

  • My code follows the style guidelines of this project
  • PR title conforms to commit message guideline ## Commit Message Structure Guideline
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

@hrishikesh-nalawade
JWT pre-flight check code
3318922 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
handling verifyCertificate Scenarios
2fafc3c 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
config change for publishing SDK
33a4b1e 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Martin-Zeithaml
Martin-Zeithaml reviewed Mar 30, 2026
View reviewed changes
Comment thread gradle/publish.gradle Outdated
@hrishikesh-nalawade
adding Java Doc
41f8345 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
renaming pre-flight-check to zosmf-jwt-check
138c47d 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade hrishikesh-nalawade changed the title feat: JWT Preflight Check feat: z/OSMF JWT Preflight Check Apr 1, 2026
@EvaJavornicka EvaJavornicka moved this from New to In Progress in API Mediation Layer Backlog Management Apr 1, 2026
@hrishikesh-nalawade
Added verbose mode (-v) support
0b1f196 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@1000TurquoisePogs 1000TurquoisePogs mentioned this pull request Apr 1, 2026
Draft
hrishikesh-nalawade and others added 3 commits April 1, 2026 19:57
@hrishikesh-nalawade
empty response body handling
5b2d30c 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
updating --truststore to --truststore-file
074a84f 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
ccf7788 
…check
hrishikesh-nalawade and others added 3 commits April 20, 2026 23:13
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
9dff1a0 
…check
@hrishikesh-nalawade
safkeyring truststore bug fix
4bb3b8e 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
safkeyring truststore bug fix
e2d0058 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
balhar-jakub
balhar-jakub reviewed May 4, 2026
View reviewed changes
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/Stores.java Outdated
* or z/OS SAF keyrings. Supports PKCS12, JKS, and {@code safkeyring://} URIs.
*/
@SuppressWarnings("squid:S106")
public class Stores {
Copy link
Copy Markdown
Member

@balhar-jakub balhar-jakub May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this class more or less the same as for the certificate analyzer?

Would it be possible to extract it to some of the libraries?

balhar-jakub
balhar-jakub reviewed May 4, 2026
View reviewed changes
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/StoresNotInitializeException.java
* Thrown when keystore or truststore initialization fails
* (e.g. missing file, wrong password, invalid keyring format).
*/
public class StoresNotInitializeException extends RuntimeException {
Copy link
Copy Markdown
Member

@balhar-jakub balhar-jakub May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It also lives in certificate-analyzer, if it is used in both it probably should go to some common module.

Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/SSLContextFactory.java
* </ul>
*/
@SuppressWarnings("squid:S106")
public class SSLContextFactory {
Copy link
Copy Markdown
Member

@balhar-jakub balhar-jakub May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as Stores and StoresNotInitializeException, does it make sense to duplicate the code instead of having it in a shared library?

hrishikesh-nalawade and others added 2 commits May 13, 2026 17:08
@hrishikesh-nalawade
Debug Logs
2088e48 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
577aa54 
…check
@balhar-jakub balhar-jakub marked this pull request as draft May 13, 2026 12:39
@balhar-jakub
Copy link
Copy Markdown
Member

balhar-jakub commented May 13, 2026

Will be replaced by another PR

@hrishikesh-nalawade
further fix
fc8c14f 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Merge remote-tracking branch 'origin/hrishikesh-nalawade/GH4526/jwt-p…
83b8c8f 
…re-flight-check' into hrishikesh-nalawade/GH4526/jwt-pre-flight-check
hrishikesh-nalawade and others added 12 commits May 14, 2026 02:23
@hrishikesh-nalawade
further fix
2b566bd 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Revert "further fix"
06dfd59 
This reverts commit 2b566bd.
@hrishikesh-nalawade
Revert "further fix"
2e9ed3a 
This reverts commit fc8c14f.
@hrishikesh-nalawade
Revert "Debug Logs"
b7947a1 
This reverts commit 2088e48.
@hrishikesh-nalawade
Revert "safkeyring truststore bug fix"
df3f10f 
This reverts commit e2d0058.
@hrishikesh-nalawade
debug logs for safkeyring issue
4ed5b49 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
new protocol handler code
ab021b3 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
reverting fallback fixes and debug logs
75ad634 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
cb106d8 
…check
@hrishikesh-nalawade
fallback with diagnostics
246af1a 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Fix after testing fallbacks
5538f73 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
1fe7ac7 
…check
@hrishikesh-nalawade hrishikesh-nalawade self-assigned this May 28, 2026
@hrishikesh-nalawade
Single Preflight check JAR code
f1a5b2d 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems May 28, 2026
View reviewed changes
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/SSLContextFactory.java Fixed
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/SSLContextFactory.java Fixed
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/ZosmfJwtCheck.java Fixed
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/ZosmfJwtCheck.java Fixed
hrishikesh-nalawade and others added 3 commits May 29, 2026 02:43
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
28c83a1 
…check
@hrishikesh-nalawade
refinements
3a513f3 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Merge remote-tracking branch 'origin/hrishikesh-nalawade/GH4526/jwt-p…
78c8473 
…re-flight-check' into hrishikesh-nalawade/GH4526/jwt-pre-flight-check
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 2, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
2.3% Coverage on New Code (required ≥ 80%)
6.9% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@balhar-jakub balhar-jakub balhar-jakub left review comments

@Martin-Zeithaml Martin-Zeithaml Martin-Zeithaml left review comments

@Joe-Winchester Joe-Winchester Awaiting requested review from Joe-Winchester

@achmelo achmelo Awaiting requested review from achmelo

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@hrishikesh-nalawade hrishikesh-nalawade

Labels

size/XXL

Projects

API Mediation Layer Backlog Management
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hrishikesh-nalawade @balhar-jakub @github-advanced-security @Martin-Zeithaml @EvaJavornicka