aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils
Commit message (Collapse)AuthorAgeFilesLines
* Add overloads taking envvar map as parameterBjørn Christian Seime2019-05-311-7/+28
|
* Allow 'null' as alias to getCertificateChain/getPrivateKeyBjørn Christian Seime2019-05-281-0/+2
|
* Add readmeBjørn Christian Seime2019-05-281-0/+3
|
* Add getSubjectOrganizationalUnits() to X509CertificateUtilsBjørn Christian Seime2019-05-131-6/+12
|
* Add toPem(PublicKey)Bjørn Christian Seime2019-05-032-36/+28
|
* Ensure parsed keys uses 'EC' as algorithmBjørn Christian Seime2019-05-032-8/+26
| | | | Remove use of JcaPEMKeyConverter as it generated keys with 'ECDSA' as algorithm.
* Refactor into createKeyFactory() methodBjørn Christian Seime2019-05-031-3/+8
|
* Move Signature factories to separate classBjørn Christian Seime2019-05-032-37/+37
|
* Comments explaining how EC keys were obtainedJon Marius Venstad2019-04-301-0/+2
|
* BCP for Signature, to handle ECDSA keysJon Marius Venstad2019-04-302-3/+38
|
* Add support for parsing public keys to KeyUtilsJon Marius Venstad2019-04-302-1/+65
|
* Remove TlsAwareHttpClientBuilderBjørn Christian Seime2019-04-084-310/+0
|
* Remove VespaHttpClientBuilder from security-utilsBjørn Christian Seime2019-04-083-158/+0
|
* Revert "Bjorncs/http utils"Håkon Hallingstad2019-04-083-0/+158
|
* Remove VespaHttpClientBuilder from security-utilsBjørn Christian Seime2019-04-053-158/+0
|
* Revert "Remove TlsAwareHttpClientBuilder"Bjørn Christian Seime2019-04-054-0/+310
| | | | This reverts commit e962344ba28b9f84028a129a24c92b40fdc076b8.
* Apache httpclient must be included in compile scopeBjørn Christian Seime2019-04-041-6/+10
| | | | | | The apache http libraries are not osgi bundles. Including them as provided scope does not work as the required import-package statements are not added to the jar manifest.
* Export package 'com.yahoo.security.tls.https'Bjørn Christian Seime2019-04-041-0/+8
|
* Use URIBuilderBjørn Christian Seime2019-04-031-1/+2
|
* Remove TlsAwareHttpClientBuilderBjørn Christian Seime2019-04-035-318/+0
|
* Add VespaHttpClientBuilder based on apache httpclientBjørn Christian Seime2019-04-033-0/+153
|
* Stop reload task when there are no external references to the managersBjørn Christian Seime2019-03-012-18/+126
| | | | | The reload task will shut down the executor service when the GC has determined that there are no other references to the key/trust manager.
* Add utility method to construct http clientBjørn Christian Seime2019-02-251-0/+9
|
* Add withCertificateEntries() to KeyStoreBuilderBjørn Christian Seime2019-02-254-19/+17
|
* Add utility method to construct tls contextBjørn Christian Seime2019-02-251-0/+5
|
* Add constructor without tls context parameterBjørn Christian Seime2019-02-251-3/+7
|
* User agent must be specifiedBjørn Christian Seime2019-02-251-4/+0
|
* Merge pull request #8572 from vespa-engine/bjorncs/jdisc-mixed-modeBjørn Christian Seime2019-02-254-29/+42
|\ | | | | Bjorncs/jdisc mixed mode
| * Override default hostname verification in PeerAuthorizerTrustManagerBjørn Christian Seime2019-02-224-29/+42
| | | | | | | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present.
* | Introduce http client that follows Vespa TLS configBjørn Christian Seime2019-02-214-0/+309
|/
* Stop using Bouncycastle for PKCS12 keystoreBjørn Christian Seime2019-02-201-1/+1
|
* Fix spelling errorsBjørn Christian Seime2019-02-192-2/+2
|
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-193-49/+147
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Add withKeyManagerFactory() to specify custom key managerBjørn Christian Seime2019-02-193-59/+37
| | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers.
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-191-0/+1
|
* Add mutable x509 trust managerBjørn Christian Seime2019-02-192-0/+129
| | | | Add a x509 trust manager where certificates can be updated while the manager is in use.
* Add x509 key manager that regularly updates cert chain from PEM filesBjørn Christian Seime2019-02-193-0/+239
|
* Add mutable x509 key managerBjørn Christian Seime2019-02-192-0/+171
| | | | | Add a x509 key manager where certificates can be updated while the manager is in use.
* Add utility classes for constructing default x509 trust/key managerBjørn Christian Seime2019-02-192-0/+99
|
* Revert "Bjorncs/jdisc mixed mode preparations"Arnstein Ressem2019-02-1815-822/+107
|
* Fix spelling errorsBjørn Christian Seime2019-02-182-2/+2
|
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-143-49/+147
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Add withKeyManagerFactory() to specify custom key managerBjørn Christian Seime2019-02-143-59/+37
| | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers.
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-141-0/+1
|
* Add mutable x509 trust managerBjørn Christian Seime2019-02-142-0/+129
| | | | Add a x509 trust manager where certificates can be updated while the manager is in use.
* Add x509 key manager that regularly updates cert chain from PEM filesBjørn Christian Seime2019-02-143-0/+239
|
* Add mutable x509 key managerBjørn Christian Seime2019-02-142-0/+171
| | | | | Add a x509 key manager where certificates can be updated while the manager is in use.
* Add utility classes for constructing default x509 trust/key managerBjørn Christian Seime2019-02-142-0/+99
|
* Fix typoBjørn Christian Seime2019-02-011-1/+1
|
* Remove throw declaration of unused exceptionBjørn Christian Seime2019-02-011-2/+1
|