0006123: Added Unknown Certificate Authority insight

symmetric-assemble/src/asciidoc/configuration/monitors.ad

@@ -89,6 +89,8 @@ be compared to a threshold value.
 
 |strandedOrExpiredData|Number of stranded or expired data rows detected by the <<Purge Outgoing Job>> and recorded in the <<NODE_HOST_STATS>> table within the past 4 hours.|✔
 
+|unknownCa|Number of nodes that have recently experienced a "PKIX path building failed" error due to an unknown certificate authority. The duration in the past during which this insight checks for errors is determined by the purge.log.summary.retention.minutes parameter, which defaults to 60 minutes.|✔
+
 |===
 
 Expression:: An expression used by the monitor to set options specific to the monitor type. For batchError monitors, setting the expression to

symmetric-client/src/main/java/org/jumpmind/symmetric/SymmetricAdmin.java

@@ -65,7 +65,6 @@
 import org.apache.commons.cli.HelpFormatter;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
-import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.filefilter.FileFilterUtils;
 import org.apache.commons.lang3.ArrayUtils;
@@ -100,6 +99,7 @@
 import org.jumpmind.symmetric.util.ModuleManager;
 import org.jumpmind.symmetric.util.PropertiesUtil;
 import org.jumpmind.util.AppUtils;
+import org.jumpmind.util.FormatUtils;
 import org.jumpmind.util.JarBuilder;
 import org.jumpmind.util.ZipBuilder;
 
@@ -1093,7 +1093,7 @@ public X509Certificate[] getAcceptedIssuers() {
         for (Certificate cert : connection.getServerCertificates()) {
             if (cert instanceof X509Certificate) {
                 try {
-                    String certString = convertToPem((X509Certificate) cert);
+                    String certString = FormatUtils.convertToPem((X509Certificate) cert);
                     importCert(certString.getBytes(), null, null, line.hasOption(OPTION_ACCEPT_ALL));
                 } catch (CertificateEncodingException e) {
                 }
@@ -1120,16 +1120,6 @@ private boolean isValidHttpsUrl(String urlString) {
         }
     }
 
-    private String convertToPem(X509Certificate cert) throws CertificateEncodingException {
-        Base64 encoder = new Base64(64);
-        String cert_begin = "-----BEGIN CERTIFICATE-----\n";
-        String end_cert = "-----END CERTIFICATE-----";
-        byte[] derCert = cert.getEncoded();
-        String pemCertPre = new String(encoder.encode(derCert));
-        String pemCert = cert_begin + pemCertPre + end_cert;
-        return pemCert;
-    }
-
     private void importCert(byte[] certData, String alias, String password, boolean acceptAll) {
         try {
             ISecurityService bouncyCastleSecurityService = SecurityServiceFactory.create(SecurityServiceType.SERVER,

symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/DataLoaderService.java

@@ -639,7 +639,7 @@ protected IDataWriter chooseDataWriter(Batch batch) {
                 engine.getDataService().reloadMissingForeignKeyRowsReverse(sourceNode.getNodeId(), ctx.getTable(), ctx.getData(), null,
                         parameterService.is(ParameterConstants.AUTO_RESOLVE_FOREIGN_KEY_VIOLATION_REVERSE_PEERS));
             }
-            logOrRethrow(ex);
+            logOrRethrow(ex, sourceNode.getNodeId());
         } finally {
             transport.close();
             for (ILoadSyncLifecycleListener l : extensionService
@@ -662,7 +662,7 @@ private void awaitTermination(ExecutorService executor) throws InterruptedExcept
         }
     }
 
-    protected void logOrRethrow(Throwable ex) throws IOException {
+    protected void logOrRethrow(Throwable ex, String sourceNodeId) throws IOException {
         // Throwing exception will mean acks are not sent, so only certain exceptions should be thrown
         if (ex instanceof RegistrationRequiredException) {
             throw (RegistrationRequiredException) ex;
@@ -685,13 +685,14 @@ protected void logOrRethrow(Throwable ex) throws IOException {
         } else if (ex instanceof InvalidRetryException) {
             throw (InvalidRetryException) ex;
         } else if (ex instanceof ProtocolException || ex instanceof AuthenticationException || ex instanceof AuthenticationExpiredException) {
-            log.error("Failed to process batch: {}{}", ex.getClass().getSimpleName(), StringUtils.isNotBlank(ex.getMessage()) ? ": " + ex.getMessage() : "");
+            log.error("Failed to process incoming batch from node '{}': {}{}", sourceNodeId, ex.getClass().getSimpleName(),
+                    StringUtils.isNotBlank(ex.getMessage()) ? ": " + ex.getMessage() : "");
         } else if (ex instanceof StagingLowFreeSpace) {
             log.error("Loading is disabled because disk is almost full: {}", ex.getMessage());
         } else if (!(ex instanceof ConflictException) && !(ex instanceof SqlException) && !(ex instanceof CancellationException)) {
-            log.error("Failed to process batch", ex);
+            log.error("Failed to process incoming batch from node '" + sourceNodeId + "'", ex);
         } else {
-            log.debug("Failed to process batch", ex);
+            log.debug("Failed to process incoming batch from node '" + sourceNodeId + "'", ex);
         }
     }
 

symmetric-util/src/main/java/org/jumpmind/util/FormatUtils.java

@@ -20,6 +20,8 @@
  */
 package org.jumpmind.util;
 
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
 import java.sql.Timestamp;
 import java.text.ParsePosition;
 import java.text.SimpleDateFormat;
@@ -38,6 +40,7 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.time.DurationFormatUtils;
 import org.apache.commons.lang3.time.FastDateFormat;
@@ -496,4 +499,14 @@ public static boolean isInteger(String s) {
             return false;
         }
     }
+
+    public static String convertToPem(X509Certificate cert) throws CertificateEncodingException {
+        Base64 encoder = new Base64(64);
+        String cert_begin = "-----BEGIN CERTIFICATE-----\n";
+        String end_cert = "-----END CERTIFICATE-----";
+        byte[] derCert = cert.getEncoded();
+        String pemCertPre = new String(encoder.encode(derCert));
+        String pemCert = cert_begin + pemCertPre + end_cert;
+        return pemCert;
+    }
 }