aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src/main
Commit message (Expand)AuthorAgeFilesLines
* Ignore calls to SystemTlsContext.close()Bjørn Christian Seime2022-08-301-2/+1
* Force caller to handle failed capability verification checkBjørn Christian Seime2022-07-212-14/+28
* Improve error messageBjørn Christian Seime2022-07-211-1/+1
* Move logic for capability checking/logging to ConnectionAuthContextBjørn Christian Seime2022-07-213-9/+63
* Use getSubjectCommonName()Bjørn Christian Seime2022-07-211-7/+1
* Get ConnectionAuthContext from SSL session after handshake is completeBjørn Christian Seime2022-07-213-28/+67
* Include client certificate chain even when authorization is disabledBjørn Christian Seime2022-07-203-4/+11
* Implement RequireCapabilitiesFilter in jrt + miscBjørn Christian Seime2022-07-203-8/+9
* Add to-string helper to ConnectionAuthContextBjørn Christian Seime2022-07-201-1/+38
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-204-17/+17
* Add 'X509CertificateUtils.getSubjectCommonName()'Bjørn Christian Seime2022-07-201-1/+7
* Move generic crypto helpers from 'c.y.s.tls' to 'c.y.s'Bjørn Christian Seime2022-07-209-20/+10
* Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'Bjørn Christian Seime2022-07-2019-66/+20
* Remove empty packageBjørn Christian Seime2022-07-201-8/+0
* Add 'CapabilitySet.has()' methodsBjørn Christian Seime2022-07-201-0/+3
* Add environment variable for capabilities enforcement modeBjørn Christian Seime2022-07-202-0/+33
* Rename method/variable names to match new class nameBjørn Christian Seime2022-07-191-1/+1
* Include mode in log messageBjørn Christian Seime2022-07-151-3/+4
* Rename 'toCapabilityNames()' to 'toNames()'Bjørn Christian Seime2022-07-152-2/+2
* Always run PeerAutorizerBjørn Christian Seime2022-07-159-45/+44
* Rename 'hasAllCapabilities()' => 'hasAll()'Bjørn Christian Seime2022-07-152-2/+2
* Change type from SortedSet to SetBjørn Christian Seime2022-07-152-7/+4
* Rename 'succeeded' => 'authorized'Bjørn Christian Seime2022-07-152-2/+2
* Include full certificate chain in auth contextBjørn Christian Seime2022-07-153-15/+26
* Return granted capabilities from PeerAuthorizerBjørn Christian Seime2022-07-155-53/+46
* Add Capability and CapabilitySet including JSON serializationBjørn Christian Seime2022-07-135-4/+147
* Convert POJOs to recordBjørn Christian Seime2022-07-132-79/+9
* Remove 'role' concept from 'authorized-peers'Bjørn Christian Seime2022-07-116-86/+9
* Add NTokenGeneratorHåkon Hallingstad2022-03-161-0/+8
* Disable '?' as single char wildcard for URI matchingBjørn Christian Seime2021-12-093-6/+6
* Support glob pattern for URIs with '/' as boundaryBjørn Christian Seime2021-12-022-15/+11
* Add glob pattern helper that handles multiple alternative boundariesBjørn Christian Seime2021-12-022-35/+89
* Disable ciphers that are only supported by some JDK-11 versionsBjørn Christian Seime2021-11-091-4/+5
* Update 2020 Oath copyrights.gjoranv2021-10-271-1/+1
* Update 2019 Oath copyrights.gjoranv2021-10-279-9/+9
* Update Verizon Media copyright notices.gjoranv2021-10-073-3/+3
* Update 2018 copyright notices.gjoranv2021-10-0738-38/+38
* Read certificate fingerprintMorten Tokle2021-09-221-0/+15
* Revert "Revert mortent/cfg operator cert"Morten Tokle2021-05-281-0/+17
* Revert "Add top-level object, simplify tests"Morten Tokle2021-05-251-17/+0
* Add top-level object, simplify testsMorten Tokle2021-05-251-0/+17
* Remove com.yahoo.vespa.jdk8compatBjørn Christian Seime2021-03-1011-96/+21
* Make TLS protocol version configurable in TLS config fileBjørn Christian Seime2021-02-245-10/+44
* Disable TLSV1.3Bjørn Christian Seime2021-02-241-1/+2
* Allow TLSv1.3Bjørn Christian Seime2021-02-181-1/+1
* Use singleton already present.Henning Baldersheim2021-01-281-4/+0
* Use a single, shared TlsContext instanceBjørn Christian Seime2021-01-142-18/+31
* Revert "Use a single reloader per tls config file, and not one per instance."Bjørn Christian Seime2021-01-142-162/+135
* Revert "Use reference counting to avoid relying on GC to drop threads."Bjørn Christian Seime2021-01-142-36/+8
* Support SAN URI based rules in authorization policiesBjørn Christian Seime2020-11-265-3/+55