summaryrefslogtreecommitdiffstats
path: root/security-utils
Commit message (Collapse)AuthorAgeFilesLines
* Convert security-utils to junit5Bjørn Christian Seime2022-07-2719-159/+153
|
* Force caller to handle failed capability verification checkBjørn Christian Seime2022-07-213-18/+35
|
* Improve error messageBjørn Christian Seime2022-07-212-2/+2
|
* Move logic for capability checking/logging to ConnectionAuthContextBjørn Christian Seime2022-07-214-9/+122
|
* Use getSubjectCommonName()Bjørn Christian Seime2022-07-211-7/+1
|
* Get ConnectionAuthContext from SSL session after handshake is completeBjørn Christian Seime2022-07-213-28/+67
| | | | | Bound key-value pairs from SSL handshake session are now copied to the final SSL session object. This simplifies the dataflow - not need to retrieve the instance right after our custom trust manager is invoked.
* Include client certificate chain even when authorization is disabledBjørn Christian Seime2022-07-203-4/+11
|
* Implement RequireCapabilitiesFilter in jrt + miscBjørn Christian Seime2022-07-203-8/+9
| | | | | Add peerSpec to Target/Connection. Always provide ConnectionAuthContext. Add helper for creating default, all-granting ConnectionAuthContext.
* Add to-string helper to ConnectionAuthContextBjørn Christian Seime2022-07-201-1/+38
|
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-207-24/+24
|
* Add 'X509CertificateUtils.getSubjectCommonName()'Bjørn Christian Seime2022-07-201-1/+7
|
* Move generic crypto helpers from 'c.y.s.tls' to 'c.y.s'Bjørn Christian Seime2022-07-2012-30/+16
|
* Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'Bjørn Christian Seime2022-07-2027-95/+37
| | | | Facilitate improved encapsulation of Vespa mTLS related classes
* Remove empty packageBjørn Christian Seime2022-07-201-8/+0
|
* Add 'CapabilitySet.has()' methodsBjørn Christian Seime2022-07-201-0/+3
|
* Add environment variable for capabilities enforcement modeBjørn Christian Seime2022-07-202-0/+33
|
* Rename method/variable names to match new class nameBjørn Christian Seime2022-07-191-1/+1
|
* Include mode in log messageBjørn Christian Seime2022-07-151-3/+4
|
* Rename 'toCapabilityNames()' to 'toNames()'Bjørn Christian Seime2022-07-153-3/+3
|
* Always run PeerAutorizerBjørn Christian Seime2022-07-159-45/+44
| | | | | Interpret empty AuthorizedPeers as granting all capabilities unconditionally. Assume AuthorizedPeers as always present.
* Rename 'hasAllCapabilities()' => 'hasAll()'Bjørn Christian Seime2022-07-152-2/+2
|
* Change type from SortedSet to SetBjørn Christian Seime2022-07-152-7/+4
|
* Rename 'succeeded' => 'authorized'Bjørn Christian Seime2022-07-153-4/+4
|
* Include full certificate chain in auth contextBjørn Christian Seime2022-07-153-15/+26
|
* Return granted capabilities from PeerAuthorizerBjørn Christian Seime2022-07-156-59/+79
| | | | Introduce new ConnectionAuthContext as replacement for AuthorizationResult/SecurityContext.
* Add Capability and CapabilitySet including JSON serializationBjørn Christian Seime2022-07-138-6/+182
|
* Convert POJOs to recordBjørn Christian Seime2022-07-132-79/+9
|
* Modules are no longer dependency of JDK8 based clientsBjørn Christian Seime2022-07-121-5/+4
|
* Revert "Modules are no longer dependency of JDK8 based clients"Harald Musum2022-07-121-10/+29
|
* Modules are no longer dependency of JDK8 based clientsBjørn Christian Seime2022-07-121-29/+10
|
* Remove 'role' concept from 'authorized-peers'Bjørn Christian Seime2022-07-1111-122/+25
|
* Set project version to 8-SNAPSHOTgjoranv2022-06-081-2/+2
|
* install_jar CMake functionHåkon Hallingstad2022-05-201-1/+1
|
* Use parsedVersion. It was accidentally removed earlier on.Henning Baldersheim2022-04-281-1/+1
|
* Add mallinfo2 implementation.Henning Baldersheim2022-04-261-1/+1
|
* Add NTokenGeneratorHåkon Hallingstad2022-03-161-0/+8
|
* Revert "Revert "Balder/default disk bloat at 25 percent""Henning Baldersheim2022-01-101-1/+1
|
* Revert "Balder/default disk bloat at 25 percent"Harald Musum2022-01-101-1/+1
|
* Revert unintended changeHenning Baldersheim2022-01-101-1/+1
|
* Reduce default TLS size from 7% to 4%Henning Baldersheim2022-01-101-1/+1
|
* unify java warningsArne H Juul2022-01-061-5/+0
| | | | | * these were stricter than in parent, but to simplify we can just use compiler args from parent
* Avoid hamcrest/deprecated assertThat.Henning Baldersheim2021-12-204-25/+15
|
* Disable '?' as single char wildcard for URI matchingBjørn Christian Seime2021-12-095-7/+9
|
* Fix copyright and trailing new lineBjørn Christian Seime2021-12-032-4/+5
|
* Support glob pattern for URIs with '/' as boundaryBjørn Christian Seime2021-12-024-19/+49
|
* Add glob pattern helper that handles multiple alternative boundariesBjørn Christian Seime2021-12-024-35/+205
|
* Ensure consistent iteration orderingBjørn Christian Seime2021-12-021-2/+2
|
* Use a custom property for setting relase version for clients.gjoranv2021-11-151-11/+1
| | | | | | | | | - Always set release version via maven-compiler-plugin, instead of maven property which is overridden by compiler-plugin config. - Using a custom property with self-explanatory name makes comments redundant. - Remove explicit jdkToolchain config, as these modules no longer compile with jdk pre 9, due to the --release flag.
* Disable ciphers that are only supported by some JDK-11 versionsBjørn Christian Seime2021-11-091-4/+5
|
* Update 2020 Oath copyrights.gjoranv2021-10-272-2/+2
|