Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add NTokenGenerator | Håkon Hallingstad | 2022-03-16 | 1 | -0/+8 |
| | |||||
* | Avoid hamcrest/deprecated assertThat. | Henning Baldersheim | 2021-12-20 | 3 | -20/+15 |
| | |||||
* | Disable '?' as single char wildcard for URI matching | Bjørn Christian Seime | 2021-12-09 | 5 | -7/+9 |
| | |||||
* | Fix copyright and trailing new line | Bjørn Christian Seime | 2021-12-03 | 2 | -4/+5 |
| | |||||
* | Support glob pattern for URIs with '/' as boundary | Bjørn Christian Seime | 2021-12-02 | 4 | -19/+49 |
| | |||||
* | Add glob pattern helper that handles multiple alternative boundaries | Bjørn Christian Seime | 2021-12-02 | 3 | -35/+195 |
| | |||||
* | Ensure consistent iteration ordering | Bjørn Christian Seime | 2021-12-02 | 1 | -2/+2 |
| | |||||
* | Disable ciphers that are only supported by some JDK-11 versions | Bjørn Christian Seime | 2021-11-09 | 1 | -4/+5 |
| | |||||
* | Update 2020 Oath copyrights. | gjoranv | 2021-10-27 | 1 | -1/+1 |
| | |||||
* | Update 2019 Oath copyrights. | gjoranv | 2021-10-27 | 13 | -13/+13 |
| | |||||
* | Update Verizon Media copyright notices. | gjoranv | 2021-10-07 | 3 | -3/+3 |
| | |||||
* | Update 2018 copyright notices. | gjoranv | 2021-10-07 | 53 | -53/+53 |
| | |||||
* | Read certificate fingerprint | Morten Tokle | 2021-09-22 | 1 | -0/+15 |
| | |||||
* | Revert "Revert mortent/cfg operator cert" | Morten Tokle | 2021-05-28 | 1 | -0/+17 |
| | |||||
* | Revert "Add top-level object, simplify tests" | Morten Tokle | 2021-05-25 | 1 | -17/+0 |
| | | | | This reverts commit d97430f1bb633fc9eb541f2fb057a41a012d088f. | ||||
* | Add top-level object, simplify tests | Morten Tokle | 2021-05-25 | 1 | -0/+17 |
| | |||||
* | Remove com.yahoo.vespa.jdk8compat | Bjørn Christian Seime | 2021-03-10 | 15 | -104/+31 |
| | | | | These types are often accidentally imported, and the JDK8 replacement is typically a one-liner. | ||||
* | Make TLS protocol version configurable in TLS config file | Bjørn Christian Seime | 2021-02-24 | 8 | -11/+49 |
| | | | | | Only protocols listed in allowlist can be configured. TLSv1.2 is the only supported version at the moment, but TLSv1.3 will most likely be included in the future. | ||||
* | Disable TLSV1.3 | Bjørn Christian Seime | 2021-02-24 | 1 | -1/+2 |
| | |||||
* | Allow TLSv1.3 | Bjørn Christian Seime | 2021-02-18 | 1 | -1/+1 |
| | |||||
* | Use singleton already present. | Henning Baldersheim | 2021-01-28 | 1 | -4/+0 |
| | |||||
* | Use a single, shared TlsContext instance | Bjørn Christian Seime | 2021-01-14 | 2 | -18/+31 |
| | | | | | The configuration is based on environment variables, which are effectively fixed through the life of the JVM instance. This simplifaction removes the need for complex cleanup logic based on manual reference counting and weak references. | ||||
* | Revert "Use a single reloader per tls config file, and not one per instance." | Bjørn Christian Seime | 2021-01-14 | 2 | -162/+135 |
| | | | | This reverts commit c58415566e23dcac5f0daa352f39f567a4d7b44f. | ||||
* | Revert "Use reference counting to avoid relying on GC to drop threads." | Bjørn Christian Seime | 2021-01-14 | 2 | -36/+8 |
| | | | | This reverts commit 1c6c89eb52ac80c583c0cd90efdd0784344af434. | ||||
* | Test that certificate with non-matching SAN URI is rejected | Bjørn Christian Seime | 2020-11-26 | 1 | -0/+2 |
| | |||||
* | Support SAN URI based rules in authorization policies | Bjørn Christian Seime | 2020-11-26 | 8 | -19/+121 |
| | |||||
* | Add convenience method for adding SAN | Bjørn Christian Seime | 2020-11-25 | 1 | -0/+5 |
| | |||||
* | Encapsulate pattern implementation in RequiredPeerCredential | Bjørn Christian Seime | 2020-11-25 | 7 | -16/+33 |
| | |||||
* | Revert "Revert "Bjorncs/health check proxy https"" | Bjørn Christian Seime | 2020-10-15 | 1 | -0/+27 |
| | |||||
* | Revert "Bjorncs/health check proxy https" | Arnstein Ressem | 2020-10-15 | 1 | -27/+0 |
| | |||||
* | Add trust manager that accepts any server certificate | Bjørn Christian Seime | 2020-10-14 | 1 | -0/+27 |
| | |||||
* | Revert "Revert "Expose underlying certificate and private key from ↵ | Bjørn Christian Seime | 2020-06-02 | 2 | -1/+42 |
| | | | | SiaIdentityProvider "" | ||||
* | Revert "Expose underlying certificate and private key from SiaIdentityProvider " | Harald Musum | 2020-05-28 | 2 | -42/+1 |
| | |||||
* | Merge pull request #13257 from ↵ | Bjørn Christian Seime | 2020-05-28 | 2 | -1/+42 |
|\ | | | | | | | | | vespa-engine/bjorncs/service-identity-provider-improvements Expose underlying certificate and private key from SiaIdentityProvider | ||||
| * | Expose underlying certificate and private key from SiaIdentityProvider | Bjørn Christian Seime | 2020-05-18 | 2 | -1/+42 |
| | | | | | | | | | | | | Extend ServiceIdentityProvider interface with new methods. Add class that bundles certificate with private key. Use Path instead of File for better compatibility with mocked file system in unit tests. | ||||
* | | Ignore unknown fields in subclasses as well | Bjørn Christian Seime | 2020-05-18 | 1 | -0/+3 |
|/ | |||||
* | Support construction of PeerPolicy with description | Bjørn Christian Seime | 2020-05-13 | 4 | -3/+17 |
| | |||||
* | Use reference counting to avoid relying on GC to drop threads. | Henning Baldersheim | 2020-04-23 | 2 | -8/+36 |
| | |||||
* | Use a single reloader per tls config file, and not one per instance. | Henning Baldersheim | 2020-04-23 | 2 | -135/+162 |
| | |||||
* | Override hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2020-02-17 | 5 | -29/+59 |
| | | | | | Override hostname verification on client-side. Remove overriding of hostname verification for server-side. | ||||
* | Use 'withTrustManager' in ConfigFileBasedTlsContext | Bjørn Christian Seime | 2020-02-17 | 1 | -5/+5 |
| | |||||
* | Allow specifying custom trust manager instance to SslContextBuilder | Bjørn Christian Seime | 2020-02-17 | 1 | -3/+14 |
| | |||||
* | Introduce 'disable-hostname-validation' to TLS json format | Bjørn Christian Seime | 2020-02-13 | 7 | -5/+53 |
| | |||||
* | Allow SSLContext implementation that supports TLSv1.3+ | Bjørn Christian Seime | 2020-01-31 | 1 | -1/+1 |
| | |||||
* | Revert "Revert "accept and store json endpoint cert metadata on deploy"" | Andreas Eriksen | 2020-01-21 | 2 | -0/+37 |
| | |||||
* | Revert "accept and store json endpoint cert metadata on deploy" | Jon Marius Venstad | 2020-01-20 | 2 | -37/+0 |
| | |||||
* | verify public key matches private key | andreer | 2020-01-20 | 2 | -0/+37 |
| | |||||
* | Non-functional changes | Jon Bratseth | 2020-01-06 | 2 | -0/+7 |
| | |||||
* | Revert "Allow SSLContext implementation that supports TLSv1.3+" | Valerij Fredriksen | 2019-12-09 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' into bjorncs/sslcontext-version | Bjørn Christian Seime | 2019-12-03 | 17 | -28/+109 |
|\ |