0004165: Security panel for managing TLS/SSL certificate

JumpMind · Nov 26, 2019 · cca52ae · cca52ae
1 parent 1af553d
commit cca52ae
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 2 deletions.
diff --git a/symmetric-assemble/src/asciidoc/manage.ad b/symmetric-assemble/src/asciidoc/manage.ad
@@ -80,5 +80,9 @@ endif::pro[]
 
 include::manage/monitors.ad[]
 
+ifdef::pro[]
+include::manage/security.ad[]
+endif::pro[]
+
 include::manage/logging.ad[]
 
diff --git a/symmetric-assemble/src/asciidoc/manage/security.ad b/symmetric-assemble/src/asciidoc/manage/security.ad
@@ -0,0 +1,9 @@
+
+=== Security
+
+The Security panel manages the SSL/TLS certificate for encrypting the HTTPS transport of data.
+
+Import certificate from file:: Upload a file containing the certificate, which can then be imported.  If the file is a keystore with multiple entries, the user is prompted to select one from the list.  If the file is a protected keystore, the user is prompted for the password.  File types supported include PEM and PKCS12 (P12, PFX).
+Export certificate to file:: Export the current certificate and private key to a PEM-encoded text file.
+Generate self-signed certificate:: Generate a new key pair and self-signed certificate, which can then be be imported.  The signature cannot be verified by clients using a third-party Certifying Authority, but data will be encrypted. 
+
diff --git a/symmetric-core/src/main/resources/symmetric-default.properties b/symmetric-core/src/main/resources/symmetric-default.properties
@@ -1956,9 +1956,9 @@ data.id.increment.by=1
 outgoing.batches.max.to.select=50000
 
 # The class name for the Security Service to use for encrypting and
-# decrypting database passwords
+# decrypting database passwords.  Leave blank for default service.
 # Tags: database
-security.service.class.name=org.jumpmind.security.SecurityService
+security.service.class.name=
 
 # This is a bean shell script that will be used to generate the node id
 # for a registering node.  This script is run on the registration server,

diff --git a/symmetric-util/src/main/java/org/jumpmind/security/KeystoreAliasException.java b/symmetric-util/src/main/java/org/jumpmind/security/KeystoreAliasException.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to JumpMind Inc under one or more contributor
+ * license agreements.  See the NOTICE file distributed
+ * with this work for additional information regarding
+ * copyright ownership.  JumpMind Inc licenses this file
+ * to you under the GNU General Public License, version 3.0 (GPLv3)
+ * (the "License"); you may not use this file except in compliance
+ * with the License.
+ *
+ * You should have received a copy of the GNU General Public License,
+ * version 3.0 (GPLv3) along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jumpmind.security;
+
+import java.util.List;
+
+public class KeystoreAliasException extends RuntimeException {
+
+    private static final long serialVersionUID = 1L;
+
+    private List<String> aliases;
+
+    public KeystoreAliasException(String message) {
+        super(message);
+    }
+
+    public KeystoreAliasException(String message, List<String> aliases) {
+        super(message);
+        this.aliases = aliases;
+    }
+
+    public List<String> getAliases() {
+        return aliases;
+    }
+
+    public void setAliases(List<String> aliases) {
+        this.aliases = aliases;
+    }
+
+}