Skip to content

zwe validate certificate #4554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: feature/v3/validate-bind
Choose a base branch
from
Draft

zwe validate certificate #4554

wants to merge 5 commits into from

Conversation

@1000TurquoisePogs
Copy link
Member

This PR utilizes apiml's certificate-analyser.jar to check zowe's keystore/truststore and report action items for specific situations.

It's run at startup of zowe, but also via the command zwe validate certificate.

This command can be run with argument -e STRICT to change the lEvel of verification to STRICT, for example. This allows users to see what would happen with different levels of strictness.

The command might not run well when run standalone, because often keyrings aren't readable by the user who runs zwe. But, it will have the right conditions to be a startup check.

This command can be disabled with zowe.launchScript.startupChecks.certificate: false.

This command does not verify ICSF certificates, or at least it's very likely not to. It seems java 11+ doesnt ship with the right security config that 8 had, so when you request to read these, it just tells you JCECCARACFKS isn't available. It then becomes some administrative task to customize the java 11+ config? Not a problem I can solve.

This PR is based upon #4447 and #4276

Do not merge it into 4447 - I am pointing to that for the sake of easy diff reading.
I wish to merge this and review this independently as certificate error checking is a big topic.

@1000TurquoisePogs
Initial commit of validate certificate
8485d4a 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@1000TurquoisePogs
Fix tsc compile errors
ad4b6c0 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@github-actions
Copy link

github-actions bot commented Oct 16, 2025
edited
Loading

build 8975 SUCCEEDED.
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18562031764

@1000TurquoisePogs
Change what RC is returned
3ccaf43 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@github-actions
Copy link

github-actions bot commented Oct 16, 2025
edited
Loading

build 8976 SUCCEEDED.
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18562143804

@github-actions
Copy link

github-actions bot commented Oct 16, 2025
edited
Loading

Test workflow 7654 is started.
Running install test: Convenience Pax
The zowe artifact being used by this test workflow: libs-snapshot-local/org/zowe/3.4.0-PR-4554/zowe-3.4.0-pr-4554-8975-20251016130506.pax
Running on machine: zzow10
Result: SUCCESS
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18562252607

@github-actions
Copy link

github-actions bot commented Oct 16, 2025
edited
Loading

Test workflow 7655 is started.
Running install test: Convenience Pax
The zowe artifact being used by this test workflow: libs-snapshot-local/org/zowe/3.4.0-PR-4554/zowe-3.4.0-pr-4554-8976-20251016130652.pax
Running on machine: zzow09
Result: SUCCESS
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18562299368

@Martin-Zeithaml
Minor formatting changes
c652c0d 
Signed-off-by: Martin Zeithaml <[email protected]>
@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

build 8980 SUCCEEDED.
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18586307965

@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

Test workflow 7659 is started.
Running install test: Convenience Pax
The zowe artifact being used by this test workflow: libs-snapshot-local/org/zowe/3.4.0-PR-4554/zowe-3.4.0-pr-4554-8980-20251017080155.pax
Running on machine: zzow09
Result: SUCCESS
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18586456253

@1000TurquoisePogs
Fix warn about pkcs12
76af465 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

build 8981 SUCCEEDED.
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18593357719

@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

Test workflow 7660 is started.
Running install test: Convenience Pax
The zowe artifact being used by this test workflow: libs-snapshot-local/org/zowe/3.4.0-PR-4554/zowe-3.4.0-pr-4554-8981-20251017130328.pax
Running on machine: zzow10
Result: SUCCESS
Link to workflow run: https://github.com/zowe/zowe-install-packaging/actions/runs/18593564624

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarkAckert MarkAckert Awaiting requested review from MarkAckert

@pavel-jares-bcm pavel-jares-bcm Awaiting requested review from pavel-jares-bcm

@Martin-Zeithaml Martin-Zeithaml Awaiting requested review from Martin-Zeithaml

Assignees

No one assigned

Labels

None yet

Projects

zOS Squad Board
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@1000TurquoisePogs @zowe-robot @Martin-Zeithaml