aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils
Commit message (Expand)AuthorAgeFilesLines
...
* Move definition of predefined capability set to parent classBjørn Christian Seime2023-02-094-30/+46
* Add 'vespa.none' capabilityBjørn Christian Seime2023-02-061-0/+1
* Add an "interactive" token resealing protocol and basic tooling supportTor Brede Vekterli2023-01-314-10/+197
* Add y64 encoderBjørn Christian Seime2023-01-302-0/+65
* Unify on Streams.toListHenning Baldersheim2023-01-175-10/+5
* Ensure that HTTPS clients only use allowed ciphers and protocol versionsBjørn Christian Seime2023-01-092-2/+25
* Revert "Ensure that HTTPS clients only use allowed ciphers and protocol versi...Andreas Eriksen2023-01-062-25/+2
* Ensure that HTTPS clients only use allowed ciphers and protocol versionsBjørn Christian Seime2023-01-062-2/+25
* Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based cryptoTor Brede Vekterli2023-01-055-24/+228
* Correct class name to reflect actual cipher name orderTor Brede Vekterli2022-12-015-8/+8
* Use correct encoding base in testTor Brede Vekterli2022-11-281-2/+2
* Use BouncyCastle AES GCM cipher and I/O streams instead of JCATor Brede Vekterli2022-11-163-25/+90
* Add support for token resealingTor Brede Vekterli2022-11-112-4/+28
* Use Base62 for tokens and Base58 for keysTor Brede Vekterli2022-11-094-11/+55
* Add a codec that enables conversion to and from a base N representationTor Brede Vekterli2022-11-084-0/+316
* Array clone() -> Arrays.copyOf()Tor Brede Vekterli2022-11-022-2/+2
* Encapsulate key identifier in own objectTor Brede Vekterli2022-11-025-60/+205
* Let token key IDs be UTF-8 byte strings instead of just an integerTor Brede Vekterli2022-11-013-37/+119
* Add basic tooling for public key encryption and decryptionTor Brede Vekterli2022-10-271-0/+1
* Use JDK17's own hex utilities instead of BouncyCastle'sTor Brede Vekterli2022-10-254-73/+66
* Use HPKE instead of ECIES for shared single-use keysTor Brede Vekterli2022-10-203-88/+65
* Add X25519 private to public key extraction and use for HPKE openingTor Brede Vekterli2022-10-196-25/+49
* Minimal implementation of RFC 9180 Hybrid Public Key Encryption (HPKE)Tor Brede Vekterli2022-10-1815-1/+1237
* Add some utilities for comparing arrays without data-dependent branchesTor Brede Vekterli2022-10-172-0/+92
* Test some specific HKDF vectors from Google's Wycheproof crypto test suiteTor Brede Vekterli2022-10-141-22/+106
* Implement RFC-5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF)Tor Brede Vekterli2022-10-132-0/+435
* Enforce SHA-256 and AES-CBC for ECIES key wrappingTor Brede Vekterli2022-10-133-23/+41
* Merge pull request #24403 from vespa-engine/bjorncs/upgrade-bcBjørn Christian Seime2022-10-122-3/+3
|\
| * Upgrade BouncyCastle to 1.72Bjørn Christian Seime2022-10-122-3/+3
* | Address PR commentsTor Brede Vekterli2022-10-122-6/+8
* | Add utilities for secure one-way single-use key exchange tokens using ECIESTor Brede Vekterli2022-10-114-0/+342
|/
* Ignore calls to SystemTlsContext.close()Bjørn Christian Seime2022-08-301-2/+1
* Convert security-utils to junit5Bjørn Christian Seime2022-07-2719-159/+153
* Force caller to handle failed capability verification checkBjørn Christian Seime2022-07-213-18/+35
* Improve error messageBjørn Christian Seime2022-07-212-2/+2
* Move logic for capability checking/logging to ConnectionAuthContextBjørn Christian Seime2022-07-214-9/+122
* Use getSubjectCommonName()Bjørn Christian Seime2022-07-211-7/+1
* Get ConnectionAuthContext from SSL session after handshake is completeBjørn Christian Seime2022-07-213-28/+67
* Include client certificate chain even when authorization is disabledBjørn Christian Seime2022-07-203-4/+11
* Implement RequireCapabilitiesFilter in jrt + miscBjørn Christian Seime2022-07-203-8/+9
* Add to-string helper to ConnectionAuthContextBjørn Christian Seime2022-07-201-1/+38
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-207-24/+24
* Add 'X509CertificateUtils.getSubjectCommonName()'Bjørn Christian Seime2022-07-201-1/+7
* Move generic crypto helpers from 'c.y.s.tls' to 'c.y.s'Bjørn Christian Seime2022-07-2012-30/+16
* Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'Bjørn Christian Seime2022-07-2027-95/+37
* Remove empty packageBjørn Christian Seime2022-07-201-8/+0
* Add 'CapabilitySet.has()' methodsBjørn Christian Seime2022-07-201-0/+3
* Add environment variable for capabilities enforcement modeBjørn Christian Seime2022-07-202-0/+33
* Rename method/variable names to match new class nameBjørn Christian Seime2022-07-191-1/+1
* Include mode in log messageBjørn Christian Seime2022-07-151-3/+4