Secure z/TPF REST connections to Linux® on IBM Z® provides Transport Layer Security (TLS) from the z/TPF system to Linux on IBM Z for the processing of automatic source lookup, remote debug information and the remote formatting of code coverage. When you are using remote formatting code coverage or the z/TPF debugger, REST calls are made from the z/TPF system to Linux on IBM Z and vice versa. This APAR supports the use of secure connections for these REST calls.
A pictorial representation of all the code coverage and debugger related REST calls between TPF Toolkit on a workstation, the z/TPF system, and Linux on IBM Z:
- TPF Toolkit makes a CONNECT request to confirm a successful connection to the TPF Toolkit Services web application, which is running on the Apache Tomcat server on Linux on IBM Z.
- TPF Toolkit makes a code coverage START request to register and start a code coverage session on the z/TPF system.
- TPF Toolkit makes a code coverage STOP request to stop the code coverage collection on the z/TPF system.
- As part of the STOP service, the z/TPF system makes a code coverage CONVERT request to inform the TPF Toolkit Services web application to get the code coverage results file from the z/TPF system and convert the results file to the requested format.
- TPF Toolkit Services web application makes a GET request to get the code coverage results file from the z/TPF system.
- TPF Toolkit Services web application makes a DELETE request to delete the code coverage results file on the z/TPF system.
In addition to the above REST calls used for remote formatting of code coverage, the z/TPF debugger also makes REST calls from the z/TPF system to Linux on IBM Z for the processing of automatic source lookup and remote debug information.
To use secure connections for these calls, complete the following steps:
-
Set up the enhanced HTTP client configuration file for TLS on the z/TPF system (https://www.ibm.com/docs/en/ztpf/2022?topic=ssl-enhanced-http-client-configuration-file-tls).
-
Install and configure SSL/TLS support on Apache Tomcat on Linux on IBM Z (https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html).
-
Update the z/TPF debugger and code coverage configuration file (tpf_debugger.cfg.json) as follows:
-
Change the "version" value to "4".
-
Add a new "secure" element with a value of "true".
-
Update the port with the secure port. This is the same port that was used when Apache Tomcat was configured to support SSL/TLS.
-
Update the web application configuration file <tomcat_home>/webapps/TPFToolkitServices/WEB-INF/classes/config.properties with information about the secure connection.
-
Import the z/TPF server certificate into the truststore file provided in the config.properties file.
For more information about this support, see the APEDIT for APAR PJ46903 and the documentation on Secure z/TPF REST connections to Linux on IBM Z