Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Convert security-utils to junit5 | Bjørn Christian Seime | 2022-07-27 | 19 | -159/+153 |
| | |||||
* | Force caller to handle failed capability verification check | Bjørn Christian Seime | 2022-07-21 | 3 | -18/+35 |
| | |||||
* | Improve error message | Bjørn Christian Seime | 2022-07-21 | 2 | -2/+2 |
| | |||||
* | Move logic for capability checking/logging to ConnectionAuthContext | Bjørn Christian Seime | 2022-07-21 | 4 | -9/+122 |
| | |||||
* | Use getSubjectCommonName() | Bjørn Christian Seime | 2022-07-21 | 1 | -7/+1 |
| | |||||
* | Get ConnectionAuthContext from SSL session after handshake is complete | Bjørn Christian Seime | 2022-07-21 | 3 | -28/+67 |
| | | | | | Bound key-value pairs from SSL handshake session are now copied to the final SSL session object. This simplifies the dataflow - not need to retrieve the instance right after our custom trust manager is invoked. | ||||
* | Include client certificate chain even when authorization is disabled | Bjørn Christian Seime | 2022-07-20 | 3 | -4/+11 |
| | |||||
* | Implement RequireCapabilitiesFilter in jrt + misc | Bjørn Christian Seime | 2022-07-20 | 3 | -8/+9 |
| | | | | | Add peerSpec to Target/Connection. Always provide ConnectionAuthContext. Add helper for creating default, all-granting ConnectionAuthContext. | ||||
* | Add to-string helper to ConnectionAuthContext | Bjørn Christian Seime | 2022-07-20 | 1 | -1/+38 |
| | |||||
* | Simplify type definition for subject alternative names | Bjørn Christian Seime | 2022-07-20 | 7 | -24/+24 |
| | |||||
* | Add 'X509CertificateUtils.getSubjectCommonName()' | Bjørn Christian Seime | 2022-07-20 | 1 | -1/+7 |
| | |||||
* | Move generic crypto helpers from 'c.y.s.tls' to 'c.y.s' | Bjørn Christian Seime | 2022-07-20 | 12 | -30/+16 |
| | |||||
* | Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls' | Bjørn Christian Seime | 2022-07-20 | 27 | -95/+37 |
| | | | | Facilitate improved encapsulation of Vespa mTLS related classes | ||||
* | Remove empty package | Bjørn Christian Seime | 2022-07-20 | 1 | -8/+0 |
| | |||||
* | Add 'CapabilitySet.has()' methods | Bjørn Christian Seime | 2022-07-20 | 1 | -0/+3 |
| | |||||
* | Add environment variable for capabilities enforcement mode | Bjørn Christian Seime | 2022-07-20 | 2 | -0/+33 |
| | |||||
* | Rename method/variable names to match new class name | Bjørn Christian Seime | 2022-07-19 | 1 | -1/+1 |
| | |||||
* | Include mode in log message | Bjørn Christian Seime | 2022-07-15 | 1 | -3/+4 |
| | |||||
* | Rename 'toCapabilityNames()' to 'toNames()' | Bjørn Christian Seime | 2022-07-15 | 3 | -3/+3 |
| | |||||
* | Always run PeerAutorizer | Bjørn Christian Seime | 2022-07-15 | 9 | -45/+44 |
| | | | | | Interpret empty AuthorizedPeers as granting all capabilities unconditionally. Assume AuthorizedPeers as always present. | ||||
* | Rename 'hasAllCapabilities()' => 'hasAll()' | Bjørn Christian Seime | 2022-07-15 | 2 | -2/+2 |
| | |||||
* | Change type from SortedSet to Set | Bjørn Christian Seime | 2022-07-15 | 2 | -7/+4 |
| | |||||
* | Rename 'succeeded' => 'authorized' | Bjørn Christian Seime | 2022-07-15 | 3 | -4/+4 |
| | |||||
* | Include full certificate chain in auth context | Bjørn Christian Seime | 2022-07-15 | 3 | -15/+26 |
| | |||||
* | Return granted capabilities from PeerAuthorizer | Bjørn Christian Seime | 2022-07-15 | 6 | -59/+79 |
| | | | | Introduce new ConnectionAuthContext as replacement for AuthorizationResult/SecurityContext. | ||||
* | Add Capability and CapabilitySet including JSON serialization | Bjørn Christian Seime | 2022-07-13 | 8 | -6/+182 |
| | |||||
* | Convert POJOs to record | Bjørn Christian Seime | 2022-07-13 | 2 | -79/+9 |
| | |||||
* | Modules are no longer dependency of JDK8 based clients | Bjørn Christian Seime | 2022-07-12 | 1 | -5/+4 |
| | |||||
* | Revert "Modules are no longer dependency of JDK8 based clients" | Harald Musum | 2022-07-12 | 1 | -10/+29 |
| | |||||
* | Modules are no longer dependency of JDK8 based clients | Bjørn Christian Seime | 2022-07-12 | 1 | -29/+10 |
| | |||||
* | Remove 'role' concept from 'authorized-peers' | Bjørn Christian Seime | 2022-07-11 | 11 | -122/+25 |
| | |||||
* | Set project version to 8-SNAPSHOT | gjoranv | 2022-06-08 | 1 | -2/+2 |
| | |||||
* | install_jar CMake function | Håkon Hallingstad | 2022-05-20 | 1 | -1/+1 |
| | |||||
* | Use parsedVersion. It was accidentally removed earlier on. | Henning Baldersheim | 2022-04-28 | 1 | -1/+1 |
| | |||||
* | Add mallinfo2 implementation. | Henning Baldersheim | 2022-04-26 | 1 | -1/+1 |
| | |||||
* | Add NTokenGenerator | Håkon Hallingstad | 2022-03-16 | 1 | -0/+8 |
| | |||||
* | Revert "Revert "Balder/default disk bloat at 25 percent"" | Henning Baldersheim | 2022-01-10 | 1 | -1/+1 |
| | |||||
* | Revert "Balder/default disk bloat at 25 percent" | Harald Musum | 2022-01-10 | 1 | -1/+1 |
| | |||||
* | Revert unintended change | Henning Baldersheim | 2022-01-10 | 1 | -1/+1 |
| | |||||
* | Reduce default TLS size from 7% to 4% | Henning Baldersheim | 2022-01-10 | 1 | -1/+1 |
| | |||||
* | unify java warnings | Arne H Juul | 2022-01-06 | 1 | -5/+0 |
| | | | | | * these were stricter than in parent, but to simplify we can just use compiler args from parent | ||||
* | Avoid hamcrest/deprecated assertThat. | Henning Baldersheim | 2021-12-20 | 4 | -25/+15 |
| | |||||
* | Disable '?' as single char wildcard for URI matching | Bjørn Christian Seime | 2021-12-09 | 5 | -7/+9 |
| | |||||
* | Fix copyright and trailing new line | Bjørn Christian Seime | 2021-12-03 | 2 | -4/+5 |
| | |||||
* | Support glob pattern for URIs with '/' as boundary | Bjørn Christian Seime | 2021-12-02 | 4 | -19/+49 |
| | |||||
* | Add glob pattern helper that handles multiple alternative boundaries | Bjørn Christian Seime | 2021-12-02 | 4 | -35/+205 |
| | |||||
* | Ensure consistent iteration ordering | Bjørn Christian Seime | 2021-12-02 | 1 | -2/+2 |
| | |||||
* | Use a custom property for setting relase version for clients. | gjoranv | 2021-11-15 | 1 | -11/+1 |
| | | | | | | | | | - Always set release version via maven-compiler-plugin, instead of maven property which is overridden by compiler-plugin config. - Using a custom property with self-explanatory name makes comments redundant. - Remove explicit jdkToolchain config, as these modules no longer compile with jdk pre 9, due to the --release flag. | ||||
* | Disable ciphers that are only supported by some JDK-11 versions | Bjørn Christian Seime | 2021-11-09 | 1 | -4/+5 |
| | |||||
* | Update 2020 Oath copyrights. | gjoranv | 2021-10-27 | 2 | -2/+2 |
| |