summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com
Commit message (Expand)AuthorAgeFilesLines
* Add X25519 private to public key extraction and use for HPKE openingTor Brede Vekterli2022-10-194-16/+18
* Minimal implementation of RFC 9180 Hybrid Public Key Encryption (HPKE)Tor Brede Vekterli2022-10-1813-1/+1040
* Add some utilities for comparing arrays without data-dependent branchesTor Brede Vekterli2022-10-171-0/+54
* Implement RFC-5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF)Tor Brede Vekterli2022-10-131-0/+221
* Enforce SHA-256 and AES-CBC for ECIES key wrappingTor Brede Vekterli2022-10-132-18/+35
* Merge pull request #24403 from vespa-engine/bjorncs/upgrade-bcBjørn Christian Seime2022-10-121-2/+2
|\
| * Upgrade BouncyCastle to 1.72Bjørn Christian Seime2022-10-121-2/+2
* | Address PR commentsTor Brede Vekterli2022-10-121-3/+5
* | Add utilities for secure one-way single-use key exchange tokens using ECIESTor Brede Vekterli2022-10-113-0/+207
|/
* Ignore calls to SystemTlsContext.close()Bjørn Christian Seime2022-08-301-2/+1
* Force caller to handle failed capability verification checkBjørn Christian Seime2022-07-212-14/+28
* Improve error messageBjørn Christian Seime2022-07-211-1/+1
* Move logic for capability checking/logging to ConnectionAuthContextBjørn Christian Seime2022-07-213-9/+63
* Use getSubjectCommonName()Bjørn Christian Seime2022-07-211-7/+1
* Get ConnectionAuthContext from SSL session after handshake is completeBjørn Christian Seime2022-07-213-28/+67
* Include client certificate chain even when authorization is disabledBjørn Christian Seime2022-07-203-4/+11
* Implement RequireCapabilitiesFilter in jrt + miscBjørn Christian Seime2022-07-203-8/+9
* Add to-string helper to ConnectionAuthContextBjørn Christian Seime2022-07-201-1/+38
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-204-17/+17
* Add 'X509CertificateUtils.getSubjectCommonName()'Bjørn Christian Seime2022-07-201-1/+7
* Move generic crypto helpers from 'c.y.s.tls' to 'c.y.s'Bjørn Christian Seime2022-07-209-20/+10
* Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'Bjørn Christian Seime2022-07-2019-66/+20
* Remove empty packageBjørn Christian Seime2022-07-201-8/+0
* Add 'CapabilitySet.has()' methodsBjørn Christian Seime2022-07-201-0/+3
* Add environment variable for capabilities enforcement modeBjørn Christian Seime2022-07-202-0/+33
* Rename method/variable names to match new class nameBjørn Christian Seime2022-07-191-1/+1
* Include mode in log messageBjørn Christian Seime2022-07-151-3/+4
* Rename 'toCapabilityNames()' to 'toNames()'Bjørn Christian Seime2022-07-152-2/+2
* Always run PeerAutorizerBjørn Christian Seime2022-07-159-45/+44
* Rename 'hasAllCapabilities()' => 'hasAll()'Bjørn Christian Seime2022-07-152-2/+2
* Change type from SortedSet to SetBjørn Christian Seime2022-07-152-7/+4
* Rename 'succeeded' => 'authorized'Bjørn Christian Seime2022-07-152-2/+2
* Include full certificate chain in auth contextBjørn Christian Seime2022-07-153-15/+26
* Return granted capabilities from PeerAuthorizerBjørn Christian Seime2022-07-155-53/+46
* Add Capability and CapabilitySet including JSON serializationBjørn Christian Seime2022-07-135-4/+147
* Convert POJOs to recordBjørn Christian Seime2022-07-132-79/+9
* Remove 'role' concept from 'authorized-peers'Bjørn Christian Seime2022-07-116-86/+9
* Add NTokenGeneratorHåkon Hallingstad2022-03-161-0/+8
* Disable '?' as single char wildcard for URI matchingBjørn Christian Seime2021-12-093-6/+6
* Support glob pattern for URIs with '/' as boundaryBjørn Christian Seime2021-12-022-15/+11
* Add glob pattern helper that handles multiple alternative boundariesBjørn Christian Seime2021-12-022-35/+89
* Disable ciphers that are only supported by some JDK-11 versionsBjørn Christian Seime2021-11-091-4/+5
* Update 2020 Oath copyrights.gjoranv2021-10-271-1/+1
* Update 2019 Oath copyrights.gjoranv2021-10-279-9/+9
* Update Verizon Media copyright notices.gjoranv2021-10-073-3/+3
* Update 2018 copyright notices.gjoranv2021-10-0738-38/+38
* Read certificate fingerprintMorten Tokle2021-09-221-0/+15
* Revert "Revert mortent/cfg operator cert"Morten Tokle2021-05-281-0/+17
* Revert "Add top-level object, simplify tests"Morten Tokle2021-05-251-17/+0
* Add top-level object, simplify testsMorten Tokle2021-05-251-0/+17