aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils
Commit message (Collapse)AuthorAgeFilesLines
* Remove TlsAwareHttpClientBuilderBjørn Christian Seime2019-04-084-310/+0
|
* Remove VespaHttpClientBuilder from security-utilsBjørn Christian Seime2019-04-083-158/+0
|
* Revert "Bjorncs/http utils"Håkon Hallingstad2019-04-083-0/+158
|
* Remove VespaHttpClientBuilder from security-utilsBjørn Christian Seime2019-04-053-158/+0
|
* Revert "Remove TlsAwareHttpClientBuilder"Bjørn Christian Seime2019-04-054-0/+310
| | | | This reverts commit e962344ba28b9f84028a129a24c92b40fdc076b8.
* Apache httpclient must be included in compile scopeBjørn Christian Seime2019-04-041-6/+10
| | | | | | The apache http libraries are not osgi bundles. Including them as provided scope does not work as the required import-package statements are not added to the jar manifest.
* Export package 'com.yahoo.security.tls.https'Bjørn Christian Seime2019-04-041-0/+8
|
* Use URIBuilderBjørn Christian Seime2019-04-031-1/+2
|
* Remove TlsAwareHttpClientBuilderBjørn Christian Seime2019-04-035-318/+0
|
* Add VespaHttpClientBuilder based on apache httpclientBjørn Christian Seime2019-04-033-0/+153
|
* Stop reload task when there are no external references to the managersBjørn Christian Seime2019-03-012-18/+126
| | | | | The reload task will shut down the executor service when the GC has determined that there are no other references to the key/trust manager.
* Add utility method to construct http clientBjørn Christian Seime2019-02-251-0/+9
|
* Add withCertificateEntries() to KeyStoreBuilderBjørn Christian Seime2019-02-254-19/+17
|
* Add utility method to construct tls contextBjørn Christian Seime2019-02-251-0/+5
|
* Add constructor without tls context parameterBjørn Christian Seime2019-02-251-3/+7
|
* User agent must be specifiedBjørn Christian Seime2019-02-251-4/+0
|
* Merge pull request #8572 from vespa-engine/bjorncs/jdisc-mixed-modeBjørn Christian Seime2019-02-254-29/+42
|\ | | | | Bjorncs/jdisc mixed mode
| * Override default hostname verification in PeerAuthorizerTrustManagerBjørn Christian Seime2019-02-224-29/+42
| | | | | | | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present.
* | Introduce http client that follows Vespa TLS configBjørn Christian Seime2019-02-214-0/+309
|/
* Stop using Bouncycastle for PKCS12 keystoreBjørn Christian Seime2019-02-201-1/+1
|
* Fix spelling errorsBjørn Christian Seime2019-02-192-2/+2
|
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-193-49/+147
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Add withKeyManagerFactory() to specify custom key managerBjørn Christian Seime2019-02-193-59/+37
| | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers.
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-191-0/+1
|
* Add mutable x509 trust managerBjørn Christian Seime2019-02-192-0/+129
| | | | Add a x509 trust manager where certificates can be updated while the manager is in use.
* Add x509 key manager that regularly updates cert chain from PEM filesBjørn Christian Seime2019-02-193-0/+239
|
* Add mutable x509 key managerBjørn Christian Seime2019-02-192-0/+171
| | | | | Add a x509 key manager where certificates can be updated while the manager is in use.
* Add utility classes for constructing default x509 trust/key managerBjørn Christian Seime2019-02-192-0/+99
|
* Revert "Bjorncs/jdisc mixed mode preparations"Arnstein Ressem2019-02-1815-822/+107
|
* Fix spelling errorsBjørn Christian Seime2019-02-182-2/+2
|
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-143-49/+147
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Add withKeyManagerFactory() to specify custom key managerBjørn Christian Seime2019-02-143-59/+37
| | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers.
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-141-0/+1
|
* Add mutable x509 trust managerBjørn Christian Seime2019-02-142-0/+129
| | | | Add a x509 trust manager where certificates can be updated while the manager is in use.
* Add x509 key manager that regularly updates cert chain from PEM filesBjørn Christian Seime2019-02-143-0/+239
|
* Add mutable x509 key managerBjørn Christian Seime2019-02-142-0/+171
| | | | | Add a x509 key manager where certificates can be updated while the manager is in use.
* Add utility classes for constructing default x509 trust/key managerBjørn Christian Seime2019-02-142-0/+99
|
* Fix typoBjørn Christian Seime2019-02-011-1/+1
|
* Remove throw declaration of unused exceptionBjørn Christian Seime2019-02-011-2/+1
|
* Restrict enabled protocolsBjørn Christian Seime2019-02-012-1/+21
|
* Nonfunctional changes onlyJon Bratseth2019-01-312-0/+2
|
* Use 'prime256v1' curve for EC keysBjørn Christian Seime2019-01-233-7/+18
| | | | | This allows the TLS test in jrt to use elliptic curves crypto in unit tests (fixes issue where JSSE cannot find matching cipher).
* Allow configuration of accepted ciphersBjørn Christian Seime2019-01-238-12/+49
|
* Add TLSv1.3 cipher suites to whitelistBjørn Christian Seime2019-01-231-1/+4
|
* Fix accidental import of java.sql.DateBjørn Christian Seime2019-01-211-1/+1
|
* 6-SNAPSHOT -> 7-SNAPSHOT.Arnstein Ressem2019-01-211-2/+2
|
* Revert "Bratseth/disallow dash "Jon Bratseth2019-01-162-2/+0
|
* Change access modifier to 'public' for 'fromConfigValue()'Bjørn Christian Seime2019-01-152-2/+2
|
* Return default values when env vars are not presentBjørn Christian Seime2019-01-151-10/+6
|
* Define default value for tls authorization modeBjørn Christian Seime2019-01-151-0/+8
|