summaryrefslogtreecommitdiffstats
path: root/security-utils
Commit message (Collapse)AuthorAgeFilesLines
...
* Add utility classes for constructing default x509 trust/key managerBjørn Christian Seime2019-02-192-0/+99
|
* Revert "Bjorncs/jdisc mixed mode preparations"Arnstein Ressem2019-02-1815-822/+107
|
* Fix spelling errorsBjørn Christian Seime2019-02-182-2/+2
|
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-143-49/+147
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Add withKeyManagerFactory() to specify custom key managerBjørn Christian Seime2019-02-143-59/+37
| | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers.
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-141-0/+1
|
* Add mutable x509 trust managerBjørn Christian Seime2019-02-142-0/+129
| | | | Add a x509 trust manager where certificates can be updated while the manager is in use.
* Add x509 key manager that regularly updates cert chain from PEM filesBjørn Christian Seime2019-02-143-0/+239
|
* Add mutable x509 key managerBjørn Christian Seime2019-02-142-0/+171
| | | | | Add a x509 key manager where certificates can be updated while the manager is in use.
* Add utility classes for constructing default x509 trust/key managerBjørn Christian Seime2019-02-142-0/+99
|
* Fix typoBjørn Christian Seime2019-02-011-1/+1
|
* Remove throw declaration of unused exceptionBjørn Christian Seime2019-02-011-2/+1
|
* Restrict enabled protocolsBjørn Christian Seime2019-02-012-1/+21
|
* Nonfunctional changes onlyJon Bratseth2019-01-312-0/+2
|
* Use 'prime256v1' curve for EC keysBjørn Christian Seime2019-01-233-7/+18
| | | | | This allows the TLS test in jrt to use elliptic curves crypto in unit tests (fixes issue where JSSE cannot find matching cipher).
* Allow configuration of accepted ciphersBjørn Christian Seime2019-01-238-12/+49
|
* Add TLSv1.3 cipher suites to whitelistBjørn Christian Seime2019-01-231-1/+4
|
* Fix accidental import of java.sql.DateBjørn Christian Seime2019-01-211-1/+1
|
* 6-SNAPSHOT -> 7-SNAPSHOT.Arnstein Ressem2019-01-211-2/+2
|
* Revert "Bratseth/disallow dash "Jon Bratseth2019-01-162-2/+0
|
* Change access modifier to 'public' for 'fromConfigValue()'Bjørn Christian Seime2019-01-152-2/+2
|
* Return default values when env vars are not presentBjørn Christian Seime2019-01-151-10/+6
|
* Define default value for tls authorization modeBjørn Christian Seime2019-01-151-0/+8
|
* Add 'tls_client_tls_server' as tls mixed mode optionBjørn Christian Seime2019-01-151-1/+9
| | | | Also introduce default value for mixed mode.
* Nonfunctional changes onlyJon Bratseth2019-01-102-0/+2
|
* Store authorization result in TlsCryptoSocketBjørn Christian Seime2019-01-081-0/+9
|
* Change LOG_ONLY config value from 'log-only' to 'log_only'Bjørn Christian Seime2018-12-101-1/+1
|
* Fix spelling error ('suits' -> 'suites')Bjørn Christian Seime2018-12-052-8/+8
|
* Remove whitelisting of AES-CBC ciphersBjørn Christian Seime2018-12-051-5/+1
|
* Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManagerBjørn Christian Seime2018-12-056-28/+30
|
* Add AutorizationModeBjørn Christian Seime2018-12-051-0/+30
|
* Move MixedMode to separate classBjørn Christian Seime2018-12-052-23/+29
|
* Split ConfigFileManagedTlsContext into ReloadingTlsContext and DefaultTlsContextBjørn Christian Seime2018-12-053-49/+169
|
* Specify keystore with certificate chainBjørn Christian Seime2018-12-051-1/+5
|
* Only allowed whitelisted cipher suitsBjørn Christian Seime2018-12-051-1/+27
|
* Add TlsContext interface with a implementation based on tls optionsBjørn Christian Seime2018-11-282-0/+105
|
* Always log warning when authorization failsBjørn Christian Seime2018-11-271-1/+1
|
* Propagate authz result through ssl handshake session objectBjørn Christian Seime2018-11-271-8/+12
|
* Add a X509ExtendedTrustManager based on PeerAuthorizerBjørn Christian Seime2018-11-272-0/+151
|
* Allow specifying trust manager factory in SslContextBuilderBjørn Christian Seime2018-11-271-4/+22
|
* Add debug logging to PeerAuthorizerBjørn Christian Seime2018-11-271-0/+5
|
* Use AssertJ to improve assertionsBjørn Christian Seime2018-11-272-17/+20
|
* Add PeerAuthorizerBjørn Christian Seime2018-11-264-0/+278
|
* Escape '!' which is also a regex meta characterBjørn Christian Seime2018-11-262-6/+6
|
* Allow empty 'required-credentials'Bjørn Christian Seime2018-11-262-3/+3
|
* Make 'roles' field optionalBjørn Christian Seime2018-11-262-5/+7
|
* Disallow empty 'authorized-peers' fieldBjørn Christian Seime2018-11-264-5/+47
| | | | | - Fail deserializing if 'authorized-peers' is an empty list - Only serialize 'authorized-peers' field when necessary
* Add glob pattern matching for host expressionsBjørn Christian Seime2018-11-262-0/+101
|
* Add missing ExportPackage annotation for security-utils packagesBjørn Christian Seime2018-11-232-0/+16
|
* Add missing copyright header on unit testsBjørn Christian Seime2018-11-222-1/+3
|