aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src
Commit message (Collapse)AuthorAgeFilesLines
* Add NTokenGeneratorHåkon Hallingstad2022-03-161-0/+8
|
* Avoid hamcrest/deprecated assertThat.Henning Baldersheim2021-12-203-20/+15
|
* Disable '?' as single char wildcard for URI matchingBjørn Christian Seime2021-12-095-7/+9
|
* Fix copyright and trailing new lineBjørn Christian Seime2021-12-032-4/+5
|
* Support glob pattern for URIs with '/' as boundaryBjørn Christian Seime2021-12-024-19/+49
|
* Add glob pattern helper that handles multiple alternative boundariesBjørn Christian Seime2021-12-023-35/+195
|
* Ensure consistent iteration orderingBjørn Christian Seime2021-12-021-2/+2
|
* Disable ciphers that are only supported by some JDK-11 versionsBjørn Christian Seime2021-11-091-4/+5
|
* Update 2020 Oath copyrights.gjoranv2021-10-271-1/+1
|
* Update 2019 Oath copyrights.gjoranv2021-10-2713-13/+13
|
* Update Verizon Media copyright notices.gjoranv2021-10-073-3/+3
|
* Update 2018 copyright notices.gjoranv2021-10-0753-53/+53
|
* Read certificate fingerprintMorten Tokle2021-09-221-0/+15
|
* Revert "Revert mortent/cfg operator cert"Morten Tokle2021-05-281-0/+17
|
* Revert "Add top-level object, simplify tests"Morten Tokle2021-05-251-17/+0
| | | | This reverts commit d97430f1bb633fc9eb541f2fb057a41a012d088f.
* Add top-level object, simplify testsMorten Tokle2021-05-251-0/+17
|
* Remove com.yahoo.vespa.jdk8compatBjørn Christian Seime2021-03-1015-104/+31
| | | | These types are often accidentally imported, and the JDK8 replacement is typically a one-liner.
* Make TLS protocol version configurable in TLS config fileBjørn Christian Seime2021-02-248-11/+49
| | | | | Only protocols listed in allowlist can be configured. TLSv1.2 is the only supported version at the moment, but TLSv1.3 will most likely be included in the future.
* Disable TLSV1.3Bjørn Christian Seime2021-02-241-1/+2
|
* Allow TLSv1.3Bjørn Christian Seime2021-02-181-1/+1
|
* Use singleton already present.Henning Baldersheim2021-01-281-4/+0
|
* Use a single, shared TlsContext instanceBjørn Christian Seime2021-01-142-18/+31
| | | | | The configuration is based on environment variables, which are effectively fixed through the life of the JVM instance. This simplifaction removes the need for complex cleanup logic based on manual reference counting and weak references.
* Revert "Use a single reloader per tls config file, and not one per instance."Bjørn Christian Seime2021-01-142-162/+135
| | | | This reverts commit c58415566e23dcac5f0daa352f39f567a4d7b44f.
* Revert "Use reference counting to avoid relying on GC to drop threads."Bjørn Christian Seime2021-01-142-36/+8
| | | | This reverts commit 1c6c89eb52ac80c583c0cd90efdd0784344af434.
* Test that certificate with non-matching SAN URI is rejectedBjørn Christian Seime2020-11-261-0/+2
|
* Support SAN URI based rules in authorization policiesBjørn Christian Seime2020-11-268-19/+121
|
* Add convenience method for adding SANBjørn Christian Seime2020-11-251-0/+5
|
* Encapsulate pattern implementation in RequiredPeerCredentialBjørn Christian Seime2020-11-257-16/+33
|
* Revert "Revert "Bjorncs/health check proxy https""Bjørn Christian Seime2020-10-151-0/+27
|
* Revert "Bjorncs/health check proxy https"Arnstein Ressem2020-10-151-27/+0
|
* Add trust manager that accepts any server certificateBjørn Christian Seime2020-10-141-0/+27
|
* Revert "Revert "Expose underlying certificate and private key from ↵Bjørn Christian Seime2020-06-022-1/+42
| | | | SiaIdentityProvider ""
* Revert "Expose underlying certificate and private key from SiaIdentityProvider "Harald Musum2020-05-282-42/+1
|
* Merge pull request #13257 from ↵Bjørn Christian Seime2020-05-282-1/+42
|\ | | | | | | | | vespa-engine/bjorncs/service-identity-provider-improvements Expose underlying certificate and private key from SiaIdentityProvider
| * Expose underlying certificate and private key from SiaIdentityProviderBjørn Christian Seime2020-05-182-1/+42
| | | | | | | | | | | | Extend ServiceIdentityProvider interface with new methods. Add class that bundles certificate with private key. Use Path instead of File for better compatibility with mocked file system in unit tests.
* | Ignore unknown fields in subclasses as wellBjørn Christian Seime2020-05-181-0/+3
|/
* Support construction of PeerPolicy with descriptionBjørn Christian Seime2020-05-134-3/+17
|
* Use reference counting to avoid relying on GC to drop threads.Henning Baldersheim2020-04-232-8/+36
|
* Use a single reloader per tls config file, and not one per instance.Henning Baldersheim2020-04-232-135/+162
|
* Override hostname verification in PeerAuthorizerTrustManagerBjørn Christian Seime2020-02-175-29/+59
| | | | | Override hostname verification on client-side. Remove overriding of hostname verification for server-side.
* Use 'withTrustManager' in ConfigFileBasedTlsContextBjørn Christian Seime2020-02-171-5/+5
|
* Allow specifying custom trust manager instance to SslContextBuilderBjørn Christian Seime2020-02-171-3/+14
|
* Introduce 'disable-hostname-validation' to TLS json formatBjørn Christian Seime2020-02-137-5/+53
|
* Allow SSLContext implementation that supports TLSv1.3+Bjørn Christian Seime2020-01-311-1/+1
|
* Revert "Revert "accept and store json endpoint cert metadata on deploy""Andreas Eriksen2020-01-212-0/+37
|
* Revert "accept and store json endpoint cert metadata on deploy"Jon Marius Venstad2020-01-202-37/+0
|
* verify public key matches private keyandreer2020-01-202-0/+37
|
* Non-functional changesJon Bratseth2020-01-062-0/+7
|
* Revert "Allow SSLContext implementation that supports TLSv1.3+"Valerij Fredriksen2019-12-091-1/+1
|
* Merge branch 'master' into bjorncs/sslcontext-versionBjørn Christian Seime2019-12-0317-28/+109
|\