Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add helper method for extracting DNS names from CSR | Martin Polden | 2024-02-05 | 1 | -0/+11 |
| | |||||
* | jackson 2.16 changes some of its default settings so we consolidate our use ↵ | Henning Baldersheim | 2023-11-23 | 1 | -13/+13 |
| | | | | | | of the ObjectMapper. Unless special options are used, use a common instance, or create via factory metod. | ||||
* | Change 'TlsContext' interface to return `X509SslContext' | Bjørn Christian Seime | 2023-11-23 | 3 | -50/+59 |
| | |||||
* | Add build method returning `X509SslContext` | Bjørn Christian Seime | 2023-11-23 | 1 | -2/+5 |
| | |||||
* | Add wrapper holding both the context and its manager instances | Bjørn Christian Seime | 2023-11-23 | 1 | -0/+17 |
| | |||||
* | Only add extensions if non-empty | Bjørn Christian Seime | 2023-11-16 | 1 | -1/+2 |
| | |||||
* | Improve error message when passing private key | Martin Polden | 2023-10-18 | 1 | -5/+9 |
| | |||||
* | Update copyright | Jon Bratseth | 2023-10-09 | 83 | -85/+86 |
| | |||||
* | - Bring some libraries up to date. | Henning Baldersheim | 2023-08-29 | 1 | -1/+1 |
| | | | | | - Specify versions in dependency-versions module. - Avoid using opentest4j internally. | ||||
* | Enable TLSv1.3 for Vespa mTLS | Bjørn Christian Seime | 2023-07-20 | 1 | -10/+7 |
| | |||||
* | Defer side channel-safe array checks to existing BC utils | Tor Brede Vekterli | 2023-07-19 | 2 | -23/+12 |
| | | | | Use constant-time array compare for TokenCheckHash equality checks. | ||||
* | Short-cut re-acquiring ordered locks | jonmv | 2023-06-27 | 1 | -10/+4 |
| | |||||
* | Simplify token API by using fixed context for fingerprints | Tor Brede Vekterli | 2023-06-15 | 2 | -11/+15 |
| | | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere. | ||||
* | Add factory methods accepting hex string | Bjørn Christian Seime | 2023-06-14 | 2 | -0/+8 |
| | |||||
* | Also include domain when printing token | Tor Brede Vekterli | 2023-06-06 | 2 | -1/+8 |
| | |||||
* | Emit fingerprints with delimiters by default | Tor Brede Vekterli | 2023-06-06 | 2 | -2/+10 |
| | | | | Uses standard fingerprint `hex:hex:hex:...` format | ||||
* | Fix some silly typos | Tor Brede Vekterli | 2023-06-06 | 1 | -3/+3 |
| | |||||
* | Add a simple token primitive to security utils | Tor Brede Vekterli | 2023-06-06 | 5 | -0/+273 |
| | | | | | | | A token is an arbitrary, opaque (secret) string from which a fingerprint and audience-specific access-check hashes can be derived. A CSPRNG-backed token generator that returns random Base62-encoded tokens (with an optional prefix) is included. | ||||
* | Build with jdk20 | Jon Bratseth | 2023-04-17 | 1 | -1/+1 |
| | |||||
* | Revert "Enable TLSv1.3 for Vespa mTLS" | Henning Baldersheim | 2023-03-25 | 1 | -7/+10 |
| | |||||
* | Enable TLSv1.3 for Vespa mTLS | Bjørn Christian Seime | 2023-03-24 | 1 | -10/+7 |
| | |||||
* | Implement RFC 9180 HPKE sender asymmetric key authentication mode | Tor Brede Vekterli | 2023-03-23 | 3 | -5/+132 |
| | | | | | | | | We already have support for the `base` unauthenticated mode, so this just adds the `auth` mode where the sender's key pair is added to the ECDH shared key derivation mix. This ensures that a message may only be successfully opened if the sender was in possession of the private key (`skS`) corresponding to the expected public key (`pkS`). | ||||
* | Merge pull request #26168 from ↵ | Tor Brede Vekterli | 2023-02-24 | 2 | -2/+4 |
|\ | | | | | | | | | vespa-engine/revert-26152-revert-26139-vekterli/add-content-state-api-capability Reapply: add `vespa.content.state_api` capability" | ||||
| * | Revert "Revert "Add `vespa.content.state_api` capability" MERGEOK" | Tor Brede Vekterli | 2023-02-23 | 2 | -2/+4 |
| | | |||||
* | | Revert "Revert "Store original capability (set) names from JSON config in ↵ | Bjørn Christian Seime | 2023-02-23 | 5 | -20/+69 |
|/ | | | | PeerPolicy" MERGEOK" | ||||
* | Merge pull request #26153 from vespa-engine/revert-26145-bjorncs/capabilities | Bjørn Christian Seime | 2023-02-23 | 5 | -69/+20 |
|\ | | | | | Revert "Store original capability (set) names from JSON config in PeerPolicy" MERGEOK | ||||
| * | Revert "Store original capability (set) names from JSON config in PeerPolicy" | Bjørn Christian Seime | 2023-02-23 | 5 | -69/+20 |
| | | |||||
* | | Revert "Add `vespa.content.state_api` capability" | Bjørn Christian Seime | 2023-02-23 | 2 | -4/+2 |
|/ | |||||
* | Merge pull request #26139 from ↵ | Tor Brede Vekterli | 2023-02-22 | 2 | -2/+4 |
|\ | | | | | | | | | vespa-engine/vekterli/add-content-state-api-capability Add `vespa.content.state_api` capability | ||||
| * | Add `vespa.content.state_api` capability to Java | Tor Brede Vekterli | 2023-02-22 | 2 | -2/+4 |
| | | | | | | | | Add new capability to existing `vespa.telemetry` capability set. | ||||
* | | Store original capability (set) names from JSON config in PeerPolicy | Bjørn Christian Seime | 2023-02-22 | 5 | -20/+69 |
|/ | | | | Add additional helper methods to convert `names <=> capabilities`. | ||||
* | Grant container nodes access to container document api | Bjørn Christian Seime | 2023-02-20 | 1 | -1/+2 |
| | |||||
* | Specify that '/logs' requires logserver capability | Bjørn Christian Seime | 2023-02-17 | 1 | -1/+2 |
| | |||||
* | Warn instead of fail for unknown capability (set) | Bjørn Christian Seime | 2023-02-17 | 2 | -9/+10 |
| | |||||
* | Improve metric names, fix wiring | Bjørn Christian Seime | 2023-02-16 | 1 | -9/+9 |
| | |||||
* | Add capability 'vespa.sentinel.inspect_services' | Bjørn Christian Seime | 2023-02-16 | 1 | -0/+1 |
| | |||||
* | Add metrics for capability checks | Bjørn Christian Seime | 2023-02-16 | 2 | -0/+39 |
| | |||||
* | Add capability 'vespa.content.proton_admin_api' | Bjørn Christian Seime | 2023-02-15 | 1 | -0/+1 |
| | |||||
* | Add slobrok capability to all application nodes | Bjørn Christian Seime | 2023-02-15 | 1 | -2/+2 |
| | |||||
* | Add new capabilities to existing capability sets | Bjørn Christian Seime | 2023-02-15 | 1 | -6/+10 |
| | |||||
* | Use explicit `equals` and `hashCode` to use contents of arrays, not just refs | Tor Brede Vekterli | 2023-02-14 | 1 | -0/+35 |
| | | | | Also add a friendlier `toString()` that hex dumps the enc/ciphertext fields. | ||||
* | Require capabilities for built-in request handlers | Bjørn Christian Seime | 2023-02-14 | 1 | -0/+4 |
| | |||||
* | Revert "Revert "Bjorncs/capabilities"" | Henning Baldersheim | 2023-02-14 | 2 | -14/+28 |
| | |||||
* | Revert "Bjorncs/capabilities" | Henning Baldersheim | 2023-02-14 | 2 | -28/+14 |
| | |||||
* | Add new capabilities in node specific capability sets | Bjørn Christian Seime | 2023-02-13 | 2 | -8/+22 |
| | |||||
* | Rename 'from()' to 'of()' | Bjørn Christian Seime | 2023-02-13 | 2 | -6/+6 |
| | |||||
* | Define required capabilities for existing JRT RPC methods | Bjørn Christian Seime | 2023-02-09 | 1 | -0/+12 |
| | |||||
* | Introduce capbilities for unclassified APIs | Bjørn Christian Seime | 2023-02-09 | 1 | -0/+3 |
| | | | | Require 'vespa.rpc.unclassified' by default for all JRT APIs | ||||
* | Move definition of predefined capability set to parent class | Bjørn Christian Seime | 2023-02-09 | 3 | -29/+45 |
| | | | | Introduce functional interface ToCapabilitySet to simplify construction of second order capability sets. | ||||
* | Add 'vespa.none' capability | Bjørn Christian Seime | 2023-02-06 | 1 | -0/+1 |
| |