Skip to content

feat: z/OSMF JWT Preflight Check#4531

Open
hrishikesh-nalawade wants to merge 12 commits intov3.x.xfrom
hrishikesh-nalawade/GH4526/jwt-pre-flight-check
Open

feat: z/OSMF JWT Preflight Check#4531
hrishikesh-nalawade wants to merge 12 commits intov3.x.xfrom
hrishikesh-nalawade/GH4526/jwt-pre-flight-check

Conversation

@hrishikesh-nalawade
Copy link
Copy Markdown
Member

@hrishikesh-nalawade hrishikesh-nalawade commented Mar 27, 2026
edited
Loading

Description

A Java utility that verifies connectivity to the z/OSMF JWK endpoint before/after starting the Zowe API Mediation Layer. This tool helps diagnose configuration issues early such as incorrect hostnames, unreachable ports, missing certificates, or misconfigured z/OSMF by performing a lightweight HTTP(S) call to the z/OSMF JWK endpoint at /jwt/ibm/api/zOSMFBuilder/jwk

Linked to #4526

Type of change

  • feat: New feature (non-breaking change which adds functionality)

Checklist:

  • My code follows the style guidelines of this project
  • PR title conforms to commit message guideline ## Commit Message Structure Guideline
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

@hrishikesh-nalawade
JWT pre-flight check code
3318922 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
handling verifyCertificate Scenarios
2fafc3c 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
config change for publishing SDK
33a4b1e 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
Martin-Zeithaml
Martin-Zeithaml reviewed Mar 30, 2026
View reviewed changes
Comment thread gradle/publish.gradle Outdated
'apiml-security-common',
'apiml-tomcat-common',
'certificate-analyser',
'pre-flight-check',
Copy link
Copy Markdown
Contributor

@Martin-Zeithaml Martin-Zeithaml Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we rename this? There are already some pre-flight checks and some in progress. This name is too general.

For example:
zosmf-jwt-check
jwt-check

Copy link
Copy Markdown
Member Author

@hrishikesh-nalawade hrishikesh-nalawade Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes sure, going with zosmf-jwt-check. Thank You for the suggestion.

@hrishikesh-nalawade
adding Java Doc
41f8345 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
renaming pre-flight-check to zosmf-jwt-check
138c47d 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade hrishikesh-nalawade changed the title feat: JWT Preflight Check feat: z/OSMF JWT Preflight Check Apr 1, 2026
@EvaJavornicka EvaJavornicka moved this from New to In Progress in API Mediation Layer Backlog Management Apr 1, 2026
@hrishikesh-nalawade
Added verbose mode (-v) support
0b1f196 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@1000TurquoisePogs 1000TurquoisePogs mentioned this pull request Apr 1, 2026
Draft
hrishikesh-nalawade and others added 3 commits April 1, 2026 19:57
@hrishikesh-nalawade
empty response body handling
5b2d30c 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
updating --truststore to --truststore-file
074a84f 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
ccf7788 
…check
hrishikesh-nalawade and others added 3 commits April 20, 2026 23:13
@hrishikesh-nalawade
Merge branch 'v3.x.x' into hrishikesh-nalawade/GH4526/jwt-pre-flight-…
9dff1a0 
…check
@hrishikesh-nalawade
safkeyring truststore bug fix
4bb3b8e 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
@hrishikesh-nalawade
safkeyring truststore bug fix
e2d0058 
Signed-off-by: hrishikesh-nalawade <hrishikesh.nalawade.17@gmail.com>
balhar-jakub
balhar-jakub reviewed May 4, 2026
View reviewed changes
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/Stores.java
* or z/OS SAF keyrings. Supports PKCS12, JKS, and {@code safkeyring://} URIs.
*/
@SuppressWarnings("squid:S106")
public class Stores {
Copy link
Copy Markdown
Member

@balhar-jakub balhar-jakub May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this class more or less the same as for the certificate analyzer?

Would it be possible to extract it to some of the libraries?

balhar-jakub
balhar-jakub reviewed May 4, 2026
View reviewed changes
Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/StoresNotInitializeException.java
* Thrown when keystore or truststore initialization fails
* (e.g. missing file, wrong password, invalid keyring format).
*/
public class StoresNotInitializeException extends RuntimeException {
Copy link
Copy Markdown
Member

@balhar-jakub balhar-jakub May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It also lives in certificate-analyzer, if it is used in both it probably should go to some common module.

Comment thread zosmf-jwt-check/src/main/java/org/zowe/apiml/SSLContextFactory.java
* </ul>
*/
@SuppressWarnings("squid:S106")
public class SSLContextFactory {
Copy link
Copy Markdown
Member

@balhar-jakub balhar-jakub May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as Stores and StoresNotInitializeException, does it make sense to duplicate the code instead of having it in a shared library?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@balhar-jakub balhar-jakub balhar-jakub left review comments

@Martin-Zeithaml Martin-Zeithaml Martin-Zeithaml left review comments

@Joe-Winchester Joe-Winchester Awaiting requested review from Joe-Winchester

@achmelo achmelo Awaiting requested review from achmelo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XXL

Projects

API Mediation Layer Backlog Management
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hrishikesh-nalawade @balhar-jakub @Martin-Zeithaml @EvaJavornicka