diff --git a/pom.xml b/pom.xml
index 1127189..956892c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
de.stklcode.jvault
jvault-connector
- 1.4.1-SNAPSHOT
+ 1.5.0-SNAPSHOT
jar
diff --git a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
index 788af95..2f1c299 100644
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
@@ -68,6 +68,11 @@ public class HTTPVaultConnector implements VaultConnector {
private static final String PATH_UNDELETE = "/undelete/";
private static final String PATH_DESTROY = "/destroy/";
+ private static final String PATH_TRANSIT = "transit";
+ private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
+ private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
+ private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
+
private final RequestHelper request;
private boolean authorized = false; // Authorization status.
@@ -646,6 +651,45 @@ public class HTTPVaultConnector implements VaultConnector {
return true;
}
+ @Override
+ public final TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException {
+ requireAuth();
+
+ Map payload = mapOf(
+ "plaintext", plaintext
+ );
+
+ return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
+ }
+
+ @Override
+ public final TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException {
+ requireAuth();
+
+ Map payload = mapOf(
+ "ciphertext", ciphertext
+ );
+
+ return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
+ }
+
+ @Override
+ public final TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
+ return transitHash(algorithm, input, "hex");
+ }
+
+ @Override
+ public final TransitResponse transitHash(final String algorithm, final String input, final String format) throws VaultConnectorException {
+ requireAuth();
+
+ Map payload = mapOf(
+ "input", input,
+ "format", format
+ );
+
+ return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
+ }
+
/**
* Check for required authorization.
*
diff --git a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
index 3d82ba1..394a565 100644
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@@ -674,6 +674,51 @@ public interface VaultConnector extends AutoCloseable, Serializable {
*/
boolean deleteTokenRole(final String name) throws VaultConnectorException;
+ /**
+ * encrypt plaintext via transit engine from Vault.
+ *
+ * @param name Transit key name
+ * @param plaintext Text to encrypt
+ * @return Transit response
+ * @throws VaultConnectorException on error
+ * @since 1.4.1
+ */
+ TransitResponse transitEncrypt(final String name, final String plaintext) throws VaultConnectorException;
+
+ /**
+ * decrypt ciphertext via transit engine from Vault.
+ *
+ * @param name Transit key name
+ * @param ciphertext Text to decrypt
+ * @return Transit response
+ * @throws VaultConnectorException on error
+ * @since 1.4.1
+ */
+ TransitResponse transitDecrypt(final String name, final String ciphertext) throws VaultConnectorException;
+
+ /**
+ * hash data in hex format via transit engine from Vault.
+ *
+ * @param algorithm Specifies the hash algorithm to use
+ * @param input Data to hash
+ * @return Transit response
+ * @throws VaultConnectorException on error
+ * @since 1.4.1
+ */
+ TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException;
+
+ /**
+ * hash data via transit engine from Vault.
+ *
+ * @param algorithm Specifies the hash algorithm to use
+ * @param input Data to hash
+ * @param format Specifies the output encoding (hex/base64)
+ * @return Transit response
+ * @throws VaultConnectorException on error
+ * @since 1.4.1
+ */
+ TransitResponse transitHash(final String algorithm, final String input, final String format) throws VaultConnectorException;
+
/**
* Read credentials for MySQL backend at default mount point.
*
diff --git a/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java b/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
new file mode 100644
index 0000000..ee9b7be
--- /dev/null
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
@@ -0,0 +1,36 @@
+package de.stklcode.jvault.connector.model.response;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Objects;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class TransitResponse extends VaultDataResponse {
+ private static final long serialVersionUID = -4823865538268326557L;
+
+ @JsonProperty("data")
+ private Map data;
+
+ //@Override
+ public final Map getData() {
+ return Objects.requireNonNullElseGet(data, Collections::emptyMap);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
+ return false;
+ }
+ TransitResponse that = (TransitResponse) o;
+ return Objects.equals(data, that.data);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(super.hashCode(), data);
+ }
+}