z/TPF - Group home

Secure z/TPF REST connections to Linux on IBM Z (PJ46903)

  

The use of unsecure protocols is becoming increasingly difficult, if not impossible, to justify.

Secure z/TPF REST connections to Linux® on IBM Z® provides Transport Layer Security (TLS) from the z/TPF system to Linux on IBM Z for the processing of automatic source lookup, remote debug information and the remote formatting of code coverage. When you are using remote formatting code coverage or the z/TPF debugger, REST calls are made from the z/TPF system to Linux on IBM Z and vice versa. This APAR supports the use of secure connections for these REST calls.

A pictorial representation of  all the code coverage and debugger related REST calls between  TPF Toolkit on a workstation, the z/TPF system, and Linux on IBM Z:

  1. TPF Toolkit makes a CONNECT request to confirm a successful connection to the TPF Toolkit Services web application, which is running on the Apache Tomcat server on Linux on IBM Z.
  2. TPF Toolkit makes a code coverage START request to register and start a code coverage session on the z/TPF system.
  3. TPF Toolkit makes a code coverage STOP request to stop the code coverage collection on the z/TPF system.
  4. As part of the STOP service, the z/TPF system makes a code coverage CONVERT request to inform the TPF Toolkit Services web application to get the code coverage results file from the z/TPF system and convert the results file to the requested format.
  5. TPF Toolkit Services web application makes a GET request to get the code coverage results file from the z/TPF system.
  6. TPF Toolkit Services web application makes a DELETE request to delete the code coverage results file on the z/TPF system.

In addition to the above REST calls used for remote formatting of code coverage, the z/TPF debugger also makes REST calls from the z/TPF system to Linux on IBM Z for the processing of automatic source lookup and remote debug information.

To use secure connections for these calls, complete the following steps:

  1. Set up the enhanced HTTP client configuration file for TLS on the z/TPF system (https://www.ibm.com/docs/en/ztpf/2022?topic=ssl-enhanced-http-client-configuration-file-tls).

  2. Install and configure SSL/TLS support on Apache Tomcat on Linux on IBM Z (https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html).

  3. Update the z/TPF debugger and code coverage configuration file (tpf_debugger.cfg.json) as follows:

    1. Change the "version" value to "4".

    2. Add a new "secure" element with a value of "true".

    3. Update the port with the secure port. This is the same port that was used when Apache Tomcat was configured to support SSL/TLS.

  4. Update the web application configuration file <tomcat_home>/webapps/TPFToolkitServices/WEB-INF/classes/config.properties with information about the secure connection.

  5. Import the z/TPF server certificate into the truststore file provided in the config.properties file.

For more information about this support, see the APEDIT for APAR PJ46903 and the documentation on Secure z/TPF REST connections to Linux on IBM Z