summaryrefslogtreecommitdiffstats
path: root/vespaclient-java
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #25115 from vespa-engine/balder/gc-unused-security-toolsHenning Baldersheim2022-12-052-0/+110
|\ | | | | GC unused security-tools
| * GC unused security-toolsHenning Baldersheim2022-12-052-0/+110
| |
* | Rename short tensor output CLI optionTor Brede Vekterli2022-12-054-11/+10
| | | | | | | | | | `tensor-short-form` -> `shorttensors` to be in line with existing option formatting.
* | Add tensor short form output option to vespa-getTor Brede Vekterli2022-12-056-5/+27
| |
* | Add tensor short form output option to vespa-visit toolTor Brede Vekterli2022-12-054-9/+94
|/ | | | | | Specified with `--tensor-short-form`. No single-char option alias, as short form output will be the default on Vespa 9 and we're running out of usable option characters for this tool anyway.
* Use latest junitHenning Baldersheim2022-12-021-2/+3
|
* Move vespa-status-filedistribution to where the other clients are and use a ↵Henning Baldersheim2022-12-025-0/+412
| | | | common jar file.
* Use larger heap and simple throughput GC algorithmHenning Baldersheim2022-12-011-5/+1
|
* Use latest junit.Henning Baldersheim2022-11-293-16/+16
|
* Collapse the vespa_feed_perf into the other feed clients.Henning Baldersheim2022-11-298-0/+1443
|
* Add predicate-search-core as explicit dependency as some of its dependencies ↵Henning Baldersheim2022-11-291-0/+5
| | | | are explicitly excluded by container-dev
* Add vespajlib as explicit comile dependency, as container-dev does alot of ↵Henning Baldersheim2022-11-291-0/+5
| | | | excludes...
* And non-obvious dependency on container-dev due to ↵Henning Baldersheim2022-11-291-0/+16
| | | | com.yahoo.search.query.profile.DumpTool:wq.
* No need to bring in container dependencies in the feeder client.Henning Baldersheim2022-11-285-74/+12
|
* Cleanup after we no longer use commons-collectionsHenning Baldersheim2022-11-261-6/+0
|
* Add standalone runner script for vespa-crypto-cliTor Brede Vekterli2022-11-211-0/+18
| | | | | | Useful when the script is run in a context where `VESPA_HOME` is not set. Should work both if the script is invoked directly or through a symbolic link.
* Support interactive private key entry when not using stdio redirectionTor Brede Vekterli2022-11-1811-14/+93
| | | | | | Avoids having to use a file indirection for inputting a private key. Only available when the JVM is running under an interactive console and none of the input/output files use standard streams.
* Support auto-resolving private key files based on token key IDTor Brede Vekterli2022-11-178-26/+240
| | | | | | | | Lets a user specify a private key directory either with a command line argument or via an environment variable. If a directory is provided, the private key to use will be attempted auto-resolved based on the key ID stored in the token. This only applies if the key ID is comprised of exclusively path-safe characters.
* Use BouncyCastle AES GCM cipher and I/O streams instead of JCATor Brede Vekterli2022-11-161-5/+5
| | | | | | | | | | | | | | | | | | This resolves two issues: * `javax.crypto.OutputCipherStream` swallows MAC tag mismatch exceptions when the stream is closed, which means that corruptions (intentional or not) are not caught. This is documented behavior, but still very surprising and a rather questionable default. BC's interchangeable `CipherOutputStream` throws as expected. To avoid regressions, add an explicit test that both ciphertext and MAC tag corruptions are propagated. * The default-provided `AES/GCM/NoPadding` `Cipher` instance will not emit decrypted plaintext per `update()` chunk, but buffer everything until `doFinal()` is invoked when the stream is closed. This means that decrypting very large ciphertexts can blow up memory usage since internal output buffers are reallocated and increased per iteration...! Instead use an explicit BC `GCMBlockCipher` which has the expected behavior (and actually lets cipher streams, well, _stream_). Add an `AeadCipher` abstraction to avoid leaking BC APIs outside the security module.
* Add support for token resealingTor Brede Vekterli2022-11-1110-61/+232
| | | | | | | | | Adds underlying support--and tooling--for resealing a token for another recipient. This allows for delegating decryption to another party without having to reveal the private key of the original recipient (or having to send the raw underlying secret key over a potentially insecure channel). Key ID can/should change as part of this operation.
* Add `vespa-crypto-cli` wrapper script for crypto toolingTor Brede Vekterli2022-11-102-0/+89
|
* Use Base62 for tokens and Base58 for keysTor Brede Vekterli2022-11-097-19/+15
| | | | | | | | * Base62 minimizes extra size overhead relative to Base64. * Base58 removes ambiguous characters from key encodings. Common for both bases is that they do not emit any characters that interfer with easily selecting them on web pages or in the CLI.
* Add a simple base conversion toolTor Brede Vekterli2022-11-085-2/+143
| | | | | | | | Currently supports converting from and to any combination of base {16, 58, 62, 64}. Input is read from STDIN and is intentionally limited in length due to the algorithmic complexity of base conversions that are not a power of two. Converted value is written to STDOUT.
* Encapsulate key identifier in own objectTor Brede Vekterli2022-11-023-4/+6
| | | | Enforces invariants and avoids having to pass raw byte arrays around.
* Add simple token info dumping toolTor Brede Vekterli2022-11-017-4/+103
| | | | Dumps key version, ID and HPKE components
* Let token key IDs be UTF-8 byte strings instead of just an integerTor Brede Vekterli2022-11-013-15/+23
| | | | | | | | | | | | | | This makes key IDs vastly more expressive. Max size is 255 bytes, and UTF-8 form is enforced by checking that the byte sequence can be identity-transformed to and from a string with UTF-8 encoding. In addition, we now protect the integrity of the key ID by supplying it as the AAD parameter to the key sealing and opening operations. Reduce v1 token max length of `enc` part to 255, since this is always an X25519 public key, which is never bigger than 32 bytes (but may be _less_ if the random `BigInteger` is small enough, so we still have to encode the length).
* Don't use legacy file existence checking APITor Brede Vekterli2022-11-012-7/+7
|
* Support standard IO streams for several encryption tool commandsTor Brede Vekterli2022-10-319-41/+137
| | | | | | | | | | | | Useful for avoiding the need for intermediate files, such as when piping the output of decryption to a Zstd decompressor. Adds stdio support to: * Encryption input * Decryption input * Decryption output Specified by substituting the file name with a single `-` character.
* Add basic tooling for public key encryption and decryptionTor Brede Vekterli2022-10-2715-0/+943
| | | | | | | Adds support for: * X25519 key pair generation * HPKE stream encryption with public key and token generation * HPKE stream decryption with private key
* * apply new common bootstrapArne Juul2022-10-249-0/+27
| | | | | * remove now-duplicated code * prefer using ${VESPA_HOME} environment variable
* Return X-Vespa-Ignored-Fields if fields were ignoredJon Bratseth2022-10-061-1/+2
|
* Simplify and unify the use of Timers.Henning Baldersheim2022-09-142-24/+10
|
* Add method to use Duration as timeout to make unit explicit, and avoid many ↵Henning Baldersheim2022-08-121-1/+2
| | | | magic conversions.
* Convert vespaclient-java to junit5Bjørn Christian Seime2022-07-2812-227/+240
|
* Remove temporary dependency on 'jetty-http' with test scopeBjørn Christian Seime2022-06-081-7/+0
|
* Set project version to 8-SNAPSHOTgjoranv2022-06-081-2/+2
|
* Bump full removal of priorities to Vespa 9Tor Brede Vekterli2022-06-083-9/+9
| | | | | Streaming search still uses this to ensure low latencies, and we don't have a replacement for priorities for this use case yet.
* Don't provide Jetty bundles from 'container' artifactBjørn Christian Seime2022-06-081-0/+13
| | | | Add dependency on 'jetty-http' with scope test instead of adding false dependencies with 'container-test'.
* Use DocumentOnly-fieldset by defaultTor Brede Vekterli2022-06-082-3/+3
| | | | Also remove deprecated and unsupported header-only visitor parameter
* use [document] not [all]Arne H Juul2022-06-083-7/+7
|
* Remove top-level <clients> element and LoadType conceptTor Brede Vekterli2022-06-087-86/+6
| | | | | | | Load types have not been properly supported for some time, so remove the remaining API surfaces exposing them. Since load type config was the last remaining use of <clients> in services.xml, remove that one as well.
* install_jar CMake functionHåkon Hallingstad2022-05-201-1/+1
|
* Use -Xlog:gc instead of -verbose:gcHarald Musum2022-05-101-1/+1
|
* switch to new-style configArne H Juul2022-04-121-113/+82
|
* Do not create dependency-reduced-pom.xmlgjoranv2022-04-081-0/+1
| | | | | | - From maven-shade-plugin 3.3.0 (needed for JDK 17), the DRP is installed and used instead of the ordinary pom.xml, causing transitive dependencies to disappear for dependent modules.
* Deprecate load types from Java APIsTor Brede Vekterli2022-04-057-11/+22
| | | | | | | | | | | Load types have not been used in practice for years, and supporting them in backend metrics etc. has long since been lacking. Prepare for removing these on Vespa 8. Most callsites are unchanged, aside from presumed safe changes such as constructors used by dependency injection. Have added new overloads without load types where these did not already exist to allow for an orderly transition.
* Deprecate DocumentAPI methods using explicit operation priorityTor Brede Vekterli2022-04-013-4/+8
| | | | | This is functionality that made more sense when we had spinning drives and no async write scheduling in the backend. Going away on Vespa 8.
* add special DocumentOnly fieldset in Java as wellArne H Juul2022-02-152-2/+7
| | | | | | * should have same behavior in Java and C++ * extend unit tests to verify * note various places where we want to change the default on Vespa 8 branch
* Improve maven-shade-plugin filter, and move to parent pom.gjoranv2022-02-031-11/+0
| | | | - Removes 223 build warnings (out of 562 for building non-test code)
* Revert "Exclude META-INF files and module-info.class from uber jars."Harald Musum2022-02-021-2/+4
|