aboutsummaryrefslogtreecommitdiffstats
path: root/vespaclient-java/src/main/java/com/yahoo
Commit message (Collapse)AuthorAgeFilesLines
* Indent two characters for every line in outputHarald Musum2024-03-121-10/+12
|
* Support serializing document remove operation to json formatHarald Musum2024-03-111-11/+24
|
* Minor code health while reading codeHenning Baldersheim2024-03-011-12/+11
|
* Move Jackson util from vespajlib to container-core.Henning Baldersheim2023-11-241-1/+1
|
* jackson 2.16 changes some of its default settings so we consolidate our use ↵Henning Baldersheim2023-11-231-3/+2
| | | | | | of the ObjectMapper. Unless special options are used, use a common instance, or create via factory metod.
* switch to io.airlift:aircompressorArne Juul2023-10-261-1/+1
|
* Update copyrightJon Bratseth2023-10-0942-42/+42
|
* Create crypto tool output streams with RW permissions for owner onlyTor Brede Vekterli2023-05-021-1/+5
|
* Remove common ConditionalFeedOperationHenning Baldersheim2023-04-271-7/+18
|
* Unify passing of all feed operations through the various feed apis.Henning Baldersheim2023-04-271-22/+17
|
* Add a "null-rendering" option to `vespa-visit`Tor Brede Vekterli2023-03-062-1/+28
| | | | | | | | | | This makes it easy to benchmark whether document rendering is a bottleneck when visiting. For instance, large floating point tensor fields are notoriously expensive to render as JSON. This is more accurate than just redirecting the visit output to `/dev/null` as that still requires documents to be rendered before being evicted into the void.
* Backport visit slicing to `vespa-visit` CLI toolTor Brede Vekterli2023-03-011-10/+71
| | | | | | | | | | Allows for efficient parallelization across multiple visitor instances, mirroring the existing support in Document V1. Also clean up some legacy option value parsing code. Note: changing the parsed type for `maxtotalhits` from `int` to `long` is intentional; the internal limit is already a `long` and a cluster may have a lot more than `INT32_MAX` documents.
* Batch `vespa-visit` progress file updatesTor Brede Vekterli2023-02-242-31/+57
| | | | | Avoids writing and syncing to disk for every bucket updated. Instead, write every 10 seconds and at process shutdown.
* Add JSONL output support to `vespa-visit` CLI toolTor Brede Vekterli2023-02-232-60/+100
| | | | | JSONL output is enabled via new `--jsonl` argument. Mutually exclusive with `--jsonoutput` and (deprecated) `--xmloutput`.
* Correct checks for redirected I/O during interactive token resealingTor Brede Vekterli2023-02-141-1/+1
|
* Add missing error count to reportHenning Baldersheim2023-02-031-20/+20
|
* Add an "interactive" token resealing protocol and basic tooling supportTor Brede Vekterli2023-01-312-19/+85
| | | | | | | | | | | | | | Implements a protocol for delegated access to a shared secret key of a token whose private key we do not possess. This builds directly on top of the existing token resealing mechanisms. The primary benefit of the resealing protocol is that none of the data exchanged can reveal anything about the underlying secret. Security note: neither resealing requests nor responses are explicitly authenticated (this is a property inherited from the sealed shared key tokens themselves). It is assumed that an attacker can observe all requests and responses in transit, but cannot modify them.
* Let json be default explicitHenning Baldersheim2023-01-301-2/+2
|
* Deprecate xml methodsHenning Baldersheim2023-01-274-1/+4
|
* Avoid deprecated apache http 5.2 methods, by adding it to the builder.Henning Baldersheim2023-01-261-1/+1
|
* Upgrade apache 5.1 => 5.2 and add deprecation suppressions.Henning Baldersheim2023-01-261-0/+1
|
* Minor code cleanup.Henning Baldersheim2023-01-261-18/+12
|
* Revert apache 5.1 -> 5.2Henning Baldersheim2023-01-261-13/+18
|
* More consistent naming of set/build methodsHenning Baldersheim2023-01-251-1/+1
|
* VespaHttpClientBuilder follow builder pattern and add connect and socket ↵Henning Baldersheim2023-01-251-2/+1
| | | | timeout to builder.
* Bump apache httpclient from 5.1 to 5.2.Henning Baldersheim2023-01-251-17/+13
|
* Support direct tensor renderingJon Bratseth2023-01-146-18/+47
|
* Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based cryptoTor Brede Vekterli2023-01-052-2/+2
| | | | | | | | | | | | | | | | | | | | | This is to get around the limitation where AES GCM can only produce a maximum of 64 GiB of ciphertext for a particular <key, IV> pair before its security properties break down. ChaCha20-Poly1305 does not have any practical limitations here. ChaCha20-Poly1305 uses a 256-bit key whereas the shared key is 128 bits. A HKDF is used to internally expand the key material to 256 bits. To let token based decryption be fully backwards compatible, introduce a token version 2. V1 tokens will be decrypted with AES-GCM 128, while V2 tokens use ChaCha20-Poly1305. As a bonus, cryptographic operations will generally be _faster_ after this cipher change, as we use BouncyCastle ciphers and these do not use any native AES instructions. ChaCha20-Poly1305 is usually considerably faster when running without specialized hardware support. An ad-hoc experiment with a large ciphertext showed a near 70% performance increase over AES-GCM 128.
* Support Zstd (un)compression during crypto CLI encryption and decryptionTor Brede Vekterli2023-01-043-5/+45
| | | | | Simplifies working with compressed plaintext, as it removes the need for piping via `unzstd` or using a temporary file.
* We have relied on dynamic throttling for 12 years or so.Henning Baldersheim2023-01-031-1/+0
| | | | Time to let the old one go.
* Allow trailing dots in decryption tool key IDTor Brede Vekterli2022-12-091-1/+1
| | | | Makes it easier to include an explicit key version as part of the ID.
* Rename short tensor output CLI optionTor Brede Vekterli2022-12-052-9/+8
| | | | | `tensor-short-form` -> `shorttensors` to be in line with existing option formatting.
* Add tensor short form output option to vespa-getTor Brede Vekterli2022-12-054-4/+23
|
* Add tensor short form output option to vespa-visit toolTor Brede Vekterli2022-12-052-5/+30
| | | | | | Specified with `--tensor-short-form`. No single-char option alias, as short form output will be the default on Vespa 9 and we're running out of usable option characters for this tool anyway.
* Move vespa-status-filedistribution to where the other clients are and use a ↵Henning Baldersheim2022-12-021-0/+249
| | | | common jar file.
* Collapse the vespa_feed_perf into the other feed clients.Henning Baldersheim2022-11-292-0/+723
|
* No need to bring in container dependencies in the feeder client.Henning Baldersheim2022-11-283-40/+5
|
* Support interactive private key entry when not using stdio redirectionTor Brede Vekterli2022-11-187-11/+61
| | | | | | Avoids having to use a file indirection for inputting a private key. Only available when the JVM is running under an interactive console and none of the input/output files use standard streams.
* Support auto-resolving private key files based on token key IDTor Brede Vekterli2022-11-175-17/+109
| | | | | | | | Lets a user specify a private key directory either with a command line argument or via an environment variable. If a directory is provided, the private key to use will be attempted auto-resolved based on the key ID stored in the token. This only applies if the key ID is comprised of exclusively path-safe characters.
* Use BouncyCastle AES GCM cipher and I/O streams instead of JCATor Brede Vekterli2022-11-161-5/+5
| | | | | | | | | | | | | | | | | | This resolves two issues: * `javax.crypto.OutputCipherStream` swallows MAC tag mismatch exceptions when the stream is closed, which means that corruptions (intentional or not) are not caught. This is documented behavior, but still very surprising and a rather questionable default. BC's interchangeable `CipherOutputStream` throws as expected. To avoid regressions, add an explicit test that both ciphertext and MAC tag corruptions are propagated. * The default-provided `AES/GCM/NoPadding` `Cipher` instance will not emit decrypted plaintext per `update()` chunk, but buffer everything until `doFinal()` is invoked when the stream is closed. This means that decrypting very large ciphertexts can blow up memory usage since internal output buffers are reallocated and increased per iteration...! Instead use an explicit BC `GCMBlockCipher` which has the expected behavior (and actually lets cipher streams, well, _stream_). Add an `AeadCipher` abstraction to avoid leaking BC APIs outside the security module.
* Add support for token resealingTor Brede Vekterli2022-11-115-24/+146
| | | | | | | | | Adds underlying support--and tooling--for resealing a token for another recipient. This allows for delegating decryption to another party without having to reveal the private key of the original recipient (or having to send the raw underlying secret key over a potentially insecure channel). Key ID can/should change as part of this operation.
* Use Base62 for tokens and Base58 for keysTor Brede Vekterli2022-11-093-12/+7
| | | | | | | | * Base62 minimizes extra size overhead relative to Base64. * Base58 removes ambiguous characters from key encodings. Common for both bases is that they do not emit any characters that interfer with easily selecting them on web pages or in the CLI.
* Add a simple base conversion toolTor Brede Vekterli2022-11-082-1/+101
| | | | | | | | Currently supports converting from and to any combination of base {16, 58, 62, 64}. Input is read from STDIN and is intentionally limited in length due to the algorithmic complexity of base conversions that are not a power of two. Converted value is written to STDOUT.
* Encapsulate key identifier in own objectTor Brede Vekterli2022-11-023-4/+6
| | | | Enforces invariants and avoids having to pass raw byte arrays around.
* Add simple token info dumping toolTor Brede Vekterli2022-11-013-3/+67
| | | | Dumps key version, ID and HPKE components
* Let token key IDs be UTF-8 byte strings instead of just an integerTor Brede Vekterli2022-11-012-6/+14
| | | | | | | | | | | | | | This makes key IDs vastly more expressive. Max size is 255 bytes, and UTF-8 form is enforced by checking that the byte sequence can be identity-transformed to and from a string with UTF-8 encoding. In addition, we now protect the integrity of the key ID by supplying it as the AAD parameter to the key sealing and opening operations. Reduce v1 token max length of `enc` part to 255, since this is always an X25519 public key, which is never bigger than 32 bytes (but may be _less_ if the random `BigInteger` is small enough, so we still have to encode the length).
* Don't use legacy file existence checking APITor Brede Vekterli2022-11-011-1/+1
|
* Support standard IO streams for several encryption tool commandsTor Brede Vekterli2022-10-316-32/+63
| | | | | | | | | | | | Useful for avoiding the need for intermediate files, such as when piping the output of decryption to a Zstd decompressor. Adds stdio support to: * Encryption input * Decryption input * Decryption output Specified by substituting the file name with a single `-` character.
* Add basic tooling for public key encryption and decryptionTor Brede Vekterli2022-10-2710-0/+601
| | | | | | | Adds support for: * X25519 key pair generation * HPKE stream encryption with public key and token generation * HPKE stream decryption with private key
* Return X-Vespa-Ignored-Fields if fields were ignoredJon Bratseth2022-10-061-1/+2
|