summaryrefslogtreecommitdiffstats
path: root/security-utils
Commit message (Collapse)AuthorAgeFilesLines
* Allow TLSv1.3Bjørn Christian Seime2021-02-181-1/+1
|
* Use singleton already present.Henning Baldersheim2021-01-281-4/+0
|
* Use a single, shared TlsContext instanceBjørn Christian Seime2021-01-142-18/+31
| | | | | The configuration is based on environment variables, which are effectively fixed through the life of the JVM instance. This simplifaction removes the need for complex cleanup logic based on manual reference counting and weak references.
* Revert "Use a single reloader per tls config file, and not one per instance."Bjørn Christian Seime2021-01-142-162/+135
| | | | This reverts commit c58415566e23dcac5f0daa352f39f567a4d7b44f.
* Revert "Use reference counting to avoid relying on GC to drop threads."Bjørn Christian Seime2021-01-142-36/+8
| | | | This reverts commit 1c6c89eb52ac80c583c0cd90efdd0784344af434.
* Test that certificate with non-matching SAN URI is rejectedBjørn Christian Seime2020-11-261-0/+2
|
* Support SAN URI based rules in authorization policiesBjørn Christian Seime2020-11-268-19/+121
|
* Add convenience method for adding SANBjørn Christian Seime2020-11-251-0/+5
|
* Encapsulate pattern implementation in RequiredPeerCredentialBjørn Christian Seime2020-11-257-16/+33
|
* Revert "Revert "Bjorncs/health check proxy https""Bjørn Christian Seime2020-10-151-0/+27
|
* Revert "Bjorncs/health check proxy https"Arnstein Ressem2020-10-151-27/+0
|
* Add trust manager that accepts any server certificateBjørn Christian Seime2020-10-141-0/+27
|
* Revert "Revert "Expose underlying certificate and private key from ↵Bjørn Christian Seime2020-06-022-1/+42
| | | | SiaIdentityProvider ""
* Revert "Expose underlying certificate and private key from SiaIdentityProvider "Harald Musum2020-05-282-42/+1
|
* Merge pull request #13257 from ↵Bjørn Christian Seime2020-05-282-1/+42
|\ | | | | | | | | vespa-engine/bjorncs/service-identity-provider-improvements Expose underlying certificate and private key from SiaIdentityProvider
| * Expose underlying certificate and private key from SiaIdentityProviderBjørn Christian Seime2020-05-182-1/+42
| | | | | | | | | | | | Extend ServiceIdentityProvider interface with new methods. Add class that bundles certificate with private key. Use Path instead of File for better compatibility with mocked file system in unit tests.
* | Ignore unknown fields in subclasses as wellBjørn Christian Seime2020-05-181-0/+3
|/
* Support construction of PeerPolicy with descriptionBjørn Christian Seime2020-05-134-3/+17
|
* Use reference counting to avoid relying on GC to drop threads.Henning Baldersheim2020-04-232-8/+36
|
* Use a single reloader per tls config file, and not one per instance.Henning Baldersheim2020-04-232-135/+162
|
* Override hostname verification in PeerAuthorizerTrustManagerBjørn Christian Seime2020-02-175-29/+59
| | | | | Override hostname verification on client-side. Remove overriding of hostname verification for server-side.
* Use 'withTrustManager' in ConfigFileBasedTlsContextBjørn Christian Seime2020-02-171-5/+5
|
* Allow specifying custom trust manager instance to SslContextBuilderBjørn Christian Seime2020-02-171-3/+14
|
* Introduce 'disable-hostname-validation' to TLS json formatBjørn Christian Seime2020-02-137-5/+53
|
* Allow SSLContext implementation that supports TLSv1.3+Bjørn Christian Seime2020-01-311-1/+1
|
* Revert "Revert "accept and store json endpoint cert metadata on deploy""Andreas Eriksen2020-01-212-0/+37
|
* Revert "accept and store json endpoint cert metadata on deploy"Jon Marius Venstad2020-01-202-37/+0
|
* verify public key matches private keyandreer2020-01-202-0/+37
|
* Non-functional changesJon Bratseth2020-01-062-0/+7
|
* Add/corect copyright headersJon Bratseth2020-01-031-1/+2
|
* Revert "Allow SSLContext implementation that supports TLSv1.3+"Valerij Fredriksen2019-12-091-1/+1
|
* Merge branch 'master' into bjorncs/sslcontext-versionBjørn Christian Seime2019-12-0318-28/+140
|\
| * Use JDK8 as build target for security-utilsBjørn Christian Seime2019-12-0218-28/+140
| |
* | Allow SSLContext implementation that supports TLSv1.3+Bjørn Christian Seime2019-12-031-1/+1
|/
* Add constant for SSLContext versionBjørn Christian Seime2019-11-252-1/+3
|
* Add helper methods in TlsContext to determine allowed ciphers/protocolsBjørn Christian Seime2019-11-252-26/+49
|
* Remove more cipher suites not supported by Java 11 from set configured for ↵Harald Musum2019-11-211-1/+10
| | | | use by ZooKeeper
* Remove cipher suite not supported by JavaHarald Musum2019-11-201-0/+1
|
* Remove unneeded install of java artifact dependencies.Tor Egge2019-11-181-1/+0
|
* Use mockito-core 3.1.0Håkon Hallingstad2019-10-181-2/+2
|
* Merge pull request #10905 from ↵Bjørn Christian Seime2019-10-071-19/+23
|\ | | | | | | | | vespa-engine/hakonhall/order-authorized-peers-in-json-to-stabilize-tests Order authorized peers in JSON to stabilize tests
| * Order authorized peers in JSON to stabilize testsHåkon Hallingstad2019-10-071-19/+23
| |
* | Decode SAN IP address field from CSRMartin Polden2019-10-071-0/+15
|/
* Revert "Bjorncs/jdisc tls13"Bjørn Christian Seime2019-10-044-4/+4
|
* Enable TLSv1.3 for servers/clients based on TlsContextBjørn Christian Seime2019-10-033-3/+3
|
* Create SSLContext that supports all TLS versionsBjørn Christian Seime2019-10-031-1/+1
| | | | | | - Previous value "TLSv1.2" also enabled older SSL/TLS versions - The actual versions enabled must be restricted on the SSLSocket/SSLEngine instance (using a SSLParameters object).
* Read signature algorithm from keyMorten Tokle2019-10-031-0/+23
|
* Implement equals in Pkcs10CsrMartin Polden2019-09-201-0/+14
|
* Add additional constructor for custom peer authentication modeBjørn Christian Seime2019-09-131-3/+12
|
* Refactor private key serialization testsBjørn Christian Seime2019-08-231-28/+14
|