summaryrefslogtreecommitdiffstats
path: root/security-utils
Commit message (Collapse)AuthorAgeFilesLines
* Use current certificate manager to find certificate expiryBjørn Christian Seime2019-07-041-1/+6
|
* Merge pull request #9951 from vespa-engine/bjorncs/fix-for-race-conditionAndreas Eriksen2019-07-041-13/+26
|\ | | | | Make access to hashmap and current manager synchronized
| * Make access to hashmap and current manager synchronizedBjørn Christian Seime2019-07-031-13/+26
| |
* | Fix typo in class nameBjørn Christian Seime2019-07-043-6/+6
| |
* | Make alias a constantBjørn Christian Seime2019-07-031-1/+3
| |
* | Use withKeyManager instead of withKeyManagerFactoryBjørn Christian Seime2019-07-031-1/+1
| |
* | Allow configuration of x509 key manager instance to SslContextBuilderBjørn Christian Seime2019-07-031-1/+14
| |
* | Make peer authentication in TlsContext configurableBjørn Christian Seime2019-07-034-8/+34
| |
* | Rename 'ReloadingTlsContext' -> 'ConfigFiledBasedTlsContext'Bjørn Christian Seime2019-07-033-7/+8
| |
* | Remove ciphers from DefaultTlsContext public constructorsBjørn Christian Seime2019-07-033-9/+12
| |
* | Change type of constants from list to setBjørn Christian Seime2019-07-034-10/+10
| |
* | Move constants from DefaultTlsContext to TlsContextBjørn Christian Seime2019-07-034-15/+17
|/
* Add overloads taking envvar map as parameterBjørn Christian Seime2019-05-311-7/+28
|
* Allow 'null' as alias to getCertificateChain/getPrivateKeyBjørn Christian Seime2019-05-281-0/+2
|
* Add readmeBjørn Christian Seime2019-05-281-0/+3
|
* Add getSubjectOrganizationalUnits() to X509CertificateUtilsBjørn Christian Seime2019-05-131-6/+12
|
* Add toPem(PublicKey)Bjørn Christian Seime2019-05-032-36/+28
|
* Ensure parsed keys uses 'EC' as algorithmBjørn Christian Seime2019-05-032-8/+26
| | | | Remove use of JcaPEMKeyConverter as it generated keys with 'ECDSA' as algorithm.
* Refactor into createKeyFactory() methodBjørn Christian Seime2019-05-031-3/+8
|
* Move Signature factories to separate classBjørn Christian Seime2019-05-032-37/+37
|
* Comments explaining how EC keys were obtainedJon Marius Venstad2019-04-301-0/+2
|
* BCP for Signature, to handle ECDSA keysJon Marius Venstad2019-04-302-3/+38
|
* Add support for parsing public keys to KeyUtilsJon Marius Venstad2019-04-302-1/+65
|
* Remove TlsAwareHttpClientBuilderBjørn Christian Seime2019-04-084-310/+0
|
* Remove VespaHttpClientBuilder from security-utilsBjørn Christian Seime2019-04-083-158/+0
|
* Revert "Bjorncs/http utils"Håkon Hallingstad2019-04-083-0/+158
|
* Remove VespaHttpClientBuilder from security-utilsBjørn Christian Seime2019-04-053-158/+0
|
* Revert "Remove TlsAwareHttpClientBuilder"Bjørn Christian Seime2019-04-054-0/+310
| | | | This reverts commit e962344ba28b9f84028a129a24c92b40fdc076b8.
* Apache httpclient must be included in compile scopeBjørn Christian Seime2019-04-041-6/+10
| | | | | | The apache http libraries are not osgi bundles. Including them as provided scope does not work as the required import-package statements are not added to the jar manifest.
* Export package 'com.yahoo.security.tls.https'Bjørn Christian Seime2019-04-041-0/+8
|
* Use URIBuilderBjørn Christian Seime2019-04-031-1/+2
|
* Remove TlsAwareHttpClientBuilderBjørn Christian Seime2019-04-035-318/+0
|
* Add VespaHttpClientBuilder based on apache httpclientBjørn Christian Seime2019-04-033-0/+153
|
* Stop reload task when there are no external references to the managersBjørn Christian Seime2019-03-012-18/+126
| | | | | The reload task will shut down the executor service when the GC has determined that there are no other references to the key/trust manager.
* Add utility method to construct http clientBjørn Christian Seime2019-02-251-0/+9
|
* Add withCertificateEntries() to KeyStoreBuilderBjørn Christian Seime2019-02-254-19/+17
|
* Add utility method to construct tls contextBjørn Christian Seime2019-02-251-0/+5
|
* Add constructor without tls context parameterBjørn Christian Seime2019-02-251-3/+7
|
* User agent must be specifiedBjørn Christian Seime2019-02-251-4/+0
|
* Merge pull request #8572 from vespa-engine/bjorncs/jdisc-mixed-modeBjørn Christian Seime2019-02-254-29/+42
|\ | | | | Bjorncs/jdisc mixed mode
| * Override default hostname verification in PeerAuthorizerTrustManagerBjørn Christian Seime2019-02-224-29/+42
| | | | | | | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present.
* | Introduce http client that follows Vespa TLS configBjørn Christian Seime2019-02-214-0/+309
|/
* Stop using Bouncycastle for PKCS12 keystoreBjørn Christian Seime2019-02-201-1/+1
|
* Fix spelling errorsBjørn Christian Seime2019-02-192-2/+2
|
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-193-49/+147
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Add withKeyManagerFactory() to specify custom key managerBjørn Christian Seime2019-02-193-59/+37
| | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers.
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-191-0/+1
|
* Add mutable x509 trust managerBjørn Christian Seime2019-02-192-0/+129
| | | | Add a x509 trust manager where certificates can be updated while the manager is in use.
* Add x509 key manager that regularly updates cert chain from PEM filesBjørn Christian Seime2019-02-193-0/+239
|
* Add mutable x509 key managerBjørn Christian Seime2019-02-192-0/+171
| | | | | Add a x509 key manager where certificates can be updated while the manager is in use.