summaryrefslogtreecommitdiffstats
path: root/security-utils/src
Commit message (Collapse)AuthorAgeFilesLines
* Use 'prime256v1' curve for EC keysBjørn Christian Seime2019-01-233-7/+18
| | | | | This allows the TLS test in jrt to use elliptic curves crypto in unit tests (fixes issue where JSSE cannot find matching cipher).
* Allow configuration of accepted ciphersBjørn Christian Seime2019-01-238-12/+49
|
* Add TLSv1.3 cipher suites to whitelistBjørn Christian Seime2019-01-231-1/+4
|
* Fix accidental import of java.sql.DateBjørn Christian Seime2019-01-211-1/+1
|
* Revert "Bratseth/disallow dash "Jon Bratseth2019-01-162-2/+0
|
* Change access modifier to 'public' for 'fromConfigValue()'Bjørn Christian Seime2019-01-152-2/+2
|
* Return default values when env vars are not presentBjørn Christian Seime2019-01-151-10/+6
|
* Define default value for tls authorization modeBjørn Christian Seime2019-01-151-0/+8
|
* Add 'tls_client_tls_server' as tls mixed mode optionBjørn Christian Seime2019-01-151-1/+9
| | | | Also introduce default value for mixed mode.
* Nonfunctional changes onlyJon Bratseth2019-01-102-0/+2
|
* Store authorization result in TlsCryptoSocketBjørn Christian Seime2019-01-081-0/+9
|
* Change LOG_ONLY config value from 'log-only' to 'log_only'Bjørn Christian Seime2018-12-101-1/+1
|
* Fix spelling error ('suits' -> 'suites')Bjørn Christian Seime2018-12-052-8/+8
|
* Remove whitelisting of AES-CBC ciphersBjørn Christian Seime2018-12-051-5/+1
|
* Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManagerBjørn Christian Seime2018-12-056-28/+30
|
* Add AutorizationModeBjørn Christian Seime2018-12-051-0/+30
|
* Move MixedMode to separate classBjørn Christian Seime2018-12-052-23/+29
|
* Split ConfigFileManagedTlsContext into ReloadingTlsContext and DefaultTlsContextBjørn Christian Seime2018-12-053-49/+169
|
* Specify keystore with certificate chainBjørn Christian Seime2018-12-051-1/+5
|
* Only allowed whitelisted cipher suitsBjørn Christian Seime2018-12-051-1/+27
|
* Add TlsContext interface with a implementation based on tls optionsBjørn Christian Seime2018-11-282-0/+105
|
* Always log warning when authorization failsBjørn Christian Seime2018-11-271-1/+1
|
* Propagate authz result through ssl handshake session objectBjørn Christian Seime2018-11-271-8/+12
|
* Add a X509ExtendedTrustManager based on PeerAuthorizerBjørn Christian Seime2018-11-272-0/+151
|
* Allow specifying trust manager factory in SslContextBuilderBjørn Christian Seime2018-11-271-4/+22
|
* Add debug logging to PeerAuthorizerBjørn Christian Seime2018-11-271-0/+5
|
* Use AssertJ to improve assertionsBjørn Christian Seime2018-11-271-17/+15
|
* Add PeerAuthorizerBjørn Christian Seime2018-11-264-0/+278
|
* Escape '!' which is also a regex meta characterBjørn Christian Seime2018-11-262-6/+6
|
* Allow empty 'required-credentials'Bjørn Christian Seime2018-11-262-3/+3
|
* Make 'roles' field optionalBjørn Christian Seime2018-11-262-5/+7
|
* Disallow empty 'authorized-peers' fieldBjørn Christian Seime2018-11-263-5/+41
| | | | | - Fail deserializing if 'authorized-peers' is an empty list - Only serialize 'authorized-peers' field when necessary
* Add glob pattern matching for host expressionsBjørn Christian Seime2018-11-262-0/+101
|
* Add missing ExportPackage annotation for security-utils packagesBjørn Christian Seime2018-11-232-0/+16
|
* Add missing copyright header on unit testsBjørn Christian Seime2018-11-222-1/+3
|
* Rename peerName->policyName, add assumed roles to PeerPolicyBjørn Christian Seime2018-11-227-13/+113
|
* Fix NPE bug - use Optional.ofNullableBjørn Christian Seime2018-11-211-4/+4
|
* Add getter for configValueBjørn Christian Seime2018-11-211-0/+4
|
* Rename 'allowed-peers' to 'authorized-peers'Bjørn Christian Seime2018-11-211-1/+1
|
* Misc minor code improvementsBjørn Christian Seime2018-11-214-14/+13
| | | | | | | - Improve naming of some methods and parameters - Add missing trailing newline - Use missingFieldException(String) - Remove dead code
* Rewrite JSON serialization of TransportSecurityOptionsBjørn Christian Seime2018-11-195-37/+301
| | | | | | - Use Jackson data bindings on TransportSecurityOptionsEntity - Add serialization to JSON - Add AuthorizedPeers to TransportSecurityOptions
* Add data model for AuthorizedPeersBjørn Christian Seime2018-11-194-0/+182
|
* Revert "Bjorncs/accepted ciphers"Harald Musum2018-11-073-51/+12
|
* Fix structure of transport-security-options.json test fileBjørn Christian Seime2018-11-061-3/+3
|
* Include 'acceptedCiphers' in toString/hashCode/equalsBjørn Christian Seime2018-11-061-2/+4
|
* Add 'accepted-ciphers' to transport security optionsBjørn Christian Seime2018-11-063-10/+47
|
* Skip non-key objects (e.g. ec params) when parsing private key from pemBjørn Christian Seime2018-10-301-11/+18
|
* Add TransportSecurityOptions.fromJson(String)Bjørn Christian Seime2018-10-302-6/+28
|
* Move classes in com.yahoo.security to security-utilsBjørn Christian Seime2018-10-1931-0/+1872
|
* Revert "Move classes in com.yahoo.security to security-utils"Harald Musum2018-10-1931-1872/+0
|