summaryrefslogtreecommitdiffstats
path: root/athenz-identity-provider-service/src
Commit message (Collapse)AuthorAgeFilesLines
* Use KeyStoreBuilder in AthenzSslTrustStoreConfigurator and ↵Bjørn Christian Seime2018-03-122-41/+30
| | | | AthenzSslKeyStoreConfigurator
* Tune hostname-commonname mismatch messageHåkon Hallingstad2018-03-082-4/+5
|
* Merge pull request #5239 from vespa-engine/bjorncs/configserver-tls-on-awsHarald Musum2018-03-085-56/+25
|\ | | | | Bjorncs/configserver tls on aws
| * Don't unwrap parameters as separate fieldsBjørn Christian Seime2018-03-071-15/+6
| |
| * ZTS server endpoint is zone specificBjørn Christian Seime2018-03-075-8/+5
| |
| * Rewrite server TLS init to use bootstrap identity and allow AWSBjørn Christian Seime2018-03-075-38/+19
| |
* | Respond with HTTP-400 when source IP does not match common nameValerij Fredriksen2018-03-071-0/+4
|/
* Revert "Rewrite server TLS init to use bootstrap identity and allow AWS"Håkon Hallingstad2018-03-035-19/+38
|
* Rewrite server TLS init to use bootstrap identity and allow AWSBjørn Christian Seime2018-03-025-38/+19
|
* Don't fail on keystore on disk read/writeBjørn Christian Seime2018-03-012-9/+10
| | | | Also rename getKeystoreExpiry to getCertificateExpiry
* Cache Athenz certificate to disk. Prefer disk on load.Bjørn Christian Seime2018-03-013-32/+83
| | | | | Do not include expiry to Athenz request as they are default 30 days anyways.
* Revert "Rewrite server TLS init to use bootstrap identity and allow AWS"Harald Musum2018-02-285-32/+52
|
* Rewrite server TLS init to use bootstrap identity and allow AWSBjørn Christian Seime2018-02-285-52/+32
|
* Use Ckms instead of SecretStore in athenz-identity-provider-serviceBjørn Christian Seime2018-02-221-9/+10
|
* move identityprovider package to vespa-athenzMorten Tokle2018-02-2213-1077/+0
|
* Revert "Merge pull request #5072 from vespa-engine/revert-4984-mortent/ckms"Morten Tokle2018-02-2113-0/+1077
| | | | | This reverts commit 6d7b65adfcd1e918da8173dab25bf701074f3cdc, reversing changes made to 2ecdfefd5616743f62691f64a517ab787d6f0c10.
* Revert "Refactor identityprovider. Add SiaIdentityProvider"Morten Tokle2018-02-2013-1077/+0
|
* Revert "Merge pull request #5072 from vespa-engine/revert-4984-mortent/ckms"Morten Tokle2018-02-2013-0/+1077
| | | | | This reverts commit 6d7b65adfcd1e918da8173dab25bf701074f3cdc, reversing changes made to 2ecdfefd5616743f62691f64a517ab787d6f0c10.
* Revert "Refactor identityprovider. Add SiaIdentityProvider"Morten Tokle2018-02-2013-1077/+0
|
* Merge branch 'master' into mortent/ckmsMorten Tokle2018-02-201-1/+2
|\
* | Move identity provider to athenz-identity-provider-service moduleMorten Tokle2018-02-1613-0/+1076
|/
* Report config server cert expiry metricsValerij Fredriksen2018-02-063-9/+99
|
* Implement /refresh endpoint for indetity providerValerij Fredriksen2018-01-311-1/+1
|
* Add copyright headersJon Bratseth2018-01-255-0/+5
|
* Revert "Use hostname if loadBalancerAddress is not set"Valerij Fredriksen2018-01-221-4/+1
|
* Use hostname if loadBalancerAddress is not setBjørn Christian Seime2018-01-161-1/+4
|
* Use ContentSigner with BouncyCastle providerBjørn Christian Seime2018-01-161-1/+3
|
* Manually resolve remoteValerij Fredriksen2018-01-041-1/+10
|
* Remove unnecessary use of AtomicReferenceBjørn Christian Seime2017-12-061-4/+4
|
* Retrieve initial certificate in constructor for fail-fast semanticsBjørn Christian Seime2017-12-061-19/+41
|
* Don't warn when actual expiry is longer than expectedBjørn Christian Seime2017-12-061-7/+5
|
* Match issuer name defined in self-signed cert in trust storeBjørn Christian Seime2017-12-061-5/+8
|
* Merge pull request #4354 from vespa-engine/bjorncs/athenz-ca-in-truststoreBjørn Christian Seime2017-12-053-3/+9
|\ | | | | Load Athenz CA certificates to JDisc truststore
| * Load Athenz CA certificates to JDisc truststoreBjørn Christian Seime2017-12-053-3/+9
| |
* | Enable Athenz TLS certificate for mainBjørn Christian Seime2017-12-051-7/+0
|/
* Add trust store configurator with config server's CA certBjørn Christian Seime2017-12-053-1/+115
|
* Revert "Add trust store configurator with config server's CA cert"Arnstein Ressem2017-12-053-115/+1
|
* Use Extension.basicConstraints instead of cryptic string idBjørn Christian Seime2017-12-041-2/+1
|
* Add trust store configurator with config server's CA certBjørn Christian Seime2017-12-043-1/+116
|
* Add unit test for CsrSerializedPayload deserializationBjørn Christian Seime2017-11-221-0/+32
|
* Move model types to same package as certificate signer resourceBjørn Christian Seime2017-11-223-4/+2
|
* Don't inject config instances into jax-rs resourcesBjørn Christian Seime2017-11-217-43/+31
| | | | | Injection of config instances is not suppored for jax-rs resources. All dependencies of resources must be components.
* Fix typoBjørn Christian Seime2017-11-172-2/+2
|
* Cleanup logging in IdentityDocumentResourceBjørn Christian Seime2017-11-171-2/+1
|
* Remove fixed TODOBjørn Christian Seime2017-11-171-1/+0
|
* Move classes to separate directory based on web service resourceBjørn Christian Seime2017-11-1710-30/+25
|
* Make KeyProvider an injectable componentBjørn Christian Seime2017-11-1711-30/+28
|
* Remove unused parameters in config definitionBjørn Christian Seime2017-11-172-11/+1
|
* Remove CertificateClient interfaceBjørn Christian Seime2017-11-172-16/+1
|
* Remove AthenzInstanceProviderService and related classesBjørn Christian Seime2017-11-178-493/+82
|