Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Replace use of com.yahoo.vespa.athenz.tls with com.yahoo.security | Bjørn Christian Seime | 2018-09-07 | 4 | -5/+5 | |
| | ||||||
* | Replace use of com.yahoo.vespa.athenz.tls with com.yahoo.security | Bjørn Christian Seime | 2018-09-05 | 8 | -48/+43 | |
| | | | | - Use replace RSA with EC in unit tests where possible | |||||
* | Deprecate crypto utilities in com.yahoo.vespa.athenz.tls | Bjørn Christian Seime | 2018-09-05 | 14 | -0/+28 | |
| | ||||||
* | Merge pull request #6593 from ↵ | Bjørn Christian Seime | 2018-08-28 | 4 | -76/+0 | |
|\ | | | | | | | | | vespa-engine/bjorncs/use-ssl-socket-factory-node-admin Bjorncs/use ssl socket factory node admin | |||||
| * | Remove listener interface from ServiceIdentityProvider | Bjørn Christian Seime | 2018-08-15 | 4 | -76/+0 | |
| | | ||||||
* | | Remove workaround for missing identity type | Bjørn Christian Seime | 2018-08-16 | 3 | -39/+7 | |
| | | ||||||
* | | Merge pull request #6542 from ↵ | Bjørn Christian Seime | 2018-08-16 | 7 | -349/+15 | |
|\ \ | |/ |/| | | | | | vespa-engine/bjorncs/remove-wrapped-identity-document Bjorncs/remove wrapped identity document | |||||
| * | Remove 'dnsSuffix' and 'ztsEndpoint' from identity document | Bjørn Christian Seime | 2018-08-15 | 4 | -36/+3 | |
| | | ||||||
| * | Remove wrapped document structure from SignedIdentityDocument | Bjørn Christian Seime | 2018-08-15 | 7 | -317/+16 | |
| | | ||||||
* | | Revert "Remove listener interface from ServiceIdentityProvider" | Bjørn Christian Seime | 2018-08-15 | 4 | -0/+76 | |
| | | | | | | | | This reverts commit 90cdc3376e9a899674264d9ffa2edf3286b248a7. | |||||
* | | Remove listener interface from ServiceIdentityProvider | Bjørn Christian Seime | 2018-08-14 | 4 | -76/+0 | |
| | | ||||||
* | | Remove SiaBackedApacheHttpClient | Bjørn Christian Seime | 2018-08-14 | 1 | -189/+0 | |
| | | ||||||
* | | Use ServiceIdentitySslSocketFactory in DefaultZtsClient | Bjørn Christian Seime | 2018-08-14 | 1 | -4/+6 | |
| | | ||||||
* | | Add SSLSocketFactory backed by ServiceIdentityProvider | Bjørn Christian Seime | 2018-08-14 | 1 | -0/+100 | |
|/ | ||||||
* | Rename 'refer' -> 'acquire' | Bjørn Christian Seime | 2018-08-14 | 1 | -5/+5 | |
| | ||||||
* | Update DefaultZtsClient to use new http client interface | Bjørn Christian Seime | 2018-08-14 | 1 | -8/+21 | |
| | ||||||
* | Make SiaBackedApacheHttpClient a CloseableHttpClient | Bjørn Christian Seime | 2018-08-14 | 1 | -48/+116 | |
| | ||||||
* | Merge pull request #6564 from vespa-engine/bjorncs/sia-backed-http-client | Bjørn Christian Seime | 2018-08-14 | 2 | -94/+146 | |
|\ | | | | | Bjorncs/sia backed http client | |||||
| * | Misc improvements to close() | Bjørn Christian Seime | 2018-08-14 | 1 | -0/+8 | |
| | | | | | | | | | | | | - Make close() idempotent - Disallow execute() after close() - Add redundant guards to refer()/release() | |||||
| * | Fix race conditions by using the global lock | Bjørn Christian Seime | 2018-08-13 | 1 | -21/+17 | |
| | | | | | | | | | | Replace AtomicInteger with int and use clientLock to synchronize all access to refer() and release(). Remove synchronized from constructor. | |||||
| * | Use SiaBackedApacheHttpClient in DefaultZtsClient | Bjørn Christian Seime | 2018-08-13 | 1 | -94/+25 | |
| | | ||||||
| * | Add http client backed by Apache httpclient + ServiceIdentityProvider | Bjørn Christian Seime | 2018-08-13 | 1 | -0/+117 | |
| | | ||||||
* | | Write identity document to temp file, then atomic move | Bjørn Christian Seime | 2018-08-09 | 1 | -1/+6 | |
|/ | ||||||
* | Add getter for role token domain | Bjørn Christian Seime | 2018-08-08 | 1 | -1/+4 | |
| | ||||||
* | Allow signed identity document without wrapped document | Bjørn Christian Seime | 2018-08-07 | 1 | -1/+1 | |
| | ||||||
* | Revert "Bjorncs/remove wrapped identity document" | Morten Tokle | 2018-08-07 | 7 | -15/+349 | |
| | ||||||
* | Merge pull request #6482 from ↵ | Bjørn Christian Seime | 2018-08-06 | 7 | -349/+15 | |
|\ | | | | | | | | | vespa-engine/bjorncs/remove-wrapped-identity-document Bjorncs/remove wrapped identity document | |||||
| * | Remove 'dnsSuffix' and 'ztsEndpoint' from identity document | Bjørn Christian Seime | 2018-07-26 | 4 | -36/+3 | |
| | | ||||||
| * | Remove wrapped document structure from SignedIdentityDocument | Bjørn Christian Seime | 2018-07-26 | 7 | -317/+16 | |
| | | ||||||
* | | Add utility method to find all services from sia directory | Bjørn Christian Seime | 2018-07-26 | 2 | -0/+64 | |
|/ | ||||||
* | Handle zms keys in addition to zts keys | Bjørn Christian Seime | 2018-07-25 | 4 | -23/+42 | |
| | ||||||
* | Move NTokenValidator to vespa-athenz + load pub keys from file | Bjørn Christian Seime | 2018-07-25 | 6 | -49/+232 | |
| | | | | | | | - Move NTokenValidator from controller-server to vespa-athenz - Remodel ZmsKeystore as AthenzTruststore - Use file-backed truststore on controller (replaces download of public keys) - Remove ZmsClient.getPublicKey/getPublicKeys | |||||
* | Write private keys in PKCS#1 | Morten Tokle | 2018-07-25 | 2 | -3/+15 | |
| | ||||||
* | Parse errors from ZTS | Bjørn Christian Seime | 2018-07-10 | 3 | -11/+45 | |
| | ||||||
* | Revert "Move NTokenValidator to vespa-athenz + load pub keys from file" | Harald Musum | 2018-07-09 | 6 | -232/+49 | |
| | ||||||
* | Move NTokenValidator to vespa-athenz + load pub keys from file | Bjørn Christian Seime | 2018-07-09 | 6 | -49/+232 | |
| | | | | | | | - Move NTokenValidator from controller-server to vespa-athenz - Remodel ZmsKeystore as AthenzTruststore - Use file-backed truststore on controller (replaces download of public keys) - Remove ZmsClient.getPublicKey/getPublicKeys | |||||
* | Add getTenantDomains to vespa-athenz ZtsClient | Bjørn Christian Seime | 2018-07-05 | 3 | -0/+54 | |
| | ||||||
* | Rename 'AccessCheckResult' -> 'AuthorizationResult' | Bjørn Christian Seime | 2018-06-21 | 3 | -9/+9 | |
| | ||||||
* | Add new Athenz security filter based on ZPE | Bjørn Christian Seime | 2018-06-20 | 1 | -0/+58 | |
| | | | | | - Allow flexible configuration of filter using a resource mapper - Add helper class to extract role and identity from role certificates | |||||
* | Add roles to AthenzPrincipal | Bjørn Christian Seime | 2018-06-20 | 1 | -3/+19 | |
| | ||||||
* | Remove unused class | Bjørn Christian Seime | 2018-06-20 | 1 | -27/+0 | |
| | ||||||
* | Add wrapper for ZPE | Bjørn Christian Seime | 2018-06-20 | 5 | -0/+128 | |
| | ||||||
* | Add data type for resource name | Bjørn Christian Seime | 2018-06-20 | 2 | -0/+95 | |
| | ||||||
* | Parse role token and add getter for identity | Bjørn Christian Seime | 2018-06-20 | 1 | -6/+24 | |
| | ||||||
* | Add method to ZtsClient to retrieve identity certificate | Bjørn Christian Seime | 2018-06-15 | 18 | -57/+323 | |
| | ||||||
* | Specify scheme and port for configserver endpoint | Bjørn Christian Seime | 2018-06-14 | 1 | -1/+1 | |
| | ||||||
* | Cache tenant certificate and private key to disk | Bjørn Christian Seime | 2018-06-13 | 2 | -25/+71 | |
| | ||||||
* | Add utility methods for reading/writing SIA credentials | Bjørn Christian Seime | 2018-06-13 | 1 | -0/+73 | |
| | ||||||
* | Remove support for ntokens | Bjørn Christian Seime | 2018-06-13 | 3 | -16/+9 | |
| | ||||||
* | Remove deprecated ZtsClient | Bjørn Christian Seime | 2018-06-13 | 5 | -106/+71 | |
| | | | | | | | - Replace use of old ZtsClient with DefaultZtsClient - Add caching of role tokens - Add constructor to AthenzRole taking only strings - Change new ZtsClient interface to use AthenzRole for getRoleToken |