feat: introduce methods for transit API interaction

2025-02-25 18:00:11 +01:00 · 2025-02-25 18:00:11 +01:00 · 6ce9749946
commit 6ce9749946
parent 11ece9974f
4 changed files with 126 additions and 1 deletions
--- a/pom.xml
+++ b/pom.xml
@ -4,7 +4,7 @@

    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
-    <version>1.4.1-SNAPSHOT</version>
+    <version>1.5.0-SNAPSHOT</version>

    <packaging>jar</packaging>

--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
@ -68,6 +68,11 @@ public class HTTPVaultConnector implements VaultConnector {
    private static final String PATH_UNDELETE = "/undelete/";
    private static final String PATH_DESTROY = "/destroy/";

+    private static final String PATH_TRANSIT = "transit";
+    private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
+    private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
+    private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
+
    private final RequestHelper request;

    private boolean authorized = false;     // Authorization status.
@ -646,6 +651,45 @@ public class HTTPVaultConnector implements VaultConnector {
        return true;
    }

+    @Override
+    public final TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException {
+        requireAuth();
+
+        Map<String, Object> payload = mapOf(
+            "plaintext", plaintext
+        );
+
+        return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
+    }
+
+    @Override
+    public final TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException {
+        requireAuth();
+
+        Map<String, Object> payload = mapOf(
+            "ciphertext", ciphertext
+        );
+
+        return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
+    }
+
+    @Override
+    public final TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
+        return transitHash(algorithm, input, "hex");
+    }
+
+    @Override
+    public final TransitResponse transitHash(final String algorithm, final String input, final String format) throws VaultConnectorException {
+        requireAuth();
+
+        Map<String, Object> payload = mapOf(
+            "input", input,
+            "format", format
+        );
+
+        return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
+    }
+
    /**
     * Check for required authorization.
     *
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@ -674,6 +674,51 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    boolean deleteTokenRole(final String name) throws VaultConnectorException;

+    /**
+     * encrypt plaintext via transit engine from Vault.
+     *
+     * @param name Transit key name
+     * @param plaintext Text to encrypt
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.4.1
+     */
+    TransitResponse transitEncrypt(final String name, final String plaintext) throws VaultConnectorException;
+
+    /**
+     * decrypt ciphertext via transit engine from Vault.
+     *
+     * @param name Transit key name
+     * @param ciphertext Text to decrypt
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.4.1
+     */
+    TransitResponse transitDecrypt(final String name, final String ciphertext) throws VaultConnectorException;
+
+    /**
+     * hash data in hex format via transit engine from Vault.
+     *
+     * @param algorithm Specifies the hash algorithm to use
+     * @param input Data to hash
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.4.1
+     */
+    TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException;
+
+    /**
+     * hash data via transit engine from Vault.
+     *
+     * @param algorithm Specifies the hash algorithm to use
+     * @param input Data to hash
+     * @param format Specifies the output encoding (hex/base64)
+     * @return Transit response
+     * @throws VaultConnectorException on error
+     * @since 1.4.1
+     */
+    TransitResponse transitHash(final String algorithm, final String input, final String format) throws VaultConnectorException;
+
    /**
     * Read credentials for MySQL backend at default mount point.
     *
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java
@ -0,0 +1,36 @@
+package de.stklcode.jvault.connector.model.response;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Objects;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class TransitResponse extends VaultDataResponse {
+        private static final long serialVersionUID = -4823865538268326557L;
+
+    @JsonProperty("data")
+    private Map<String, Serializable> data;
+
+    //@Override
+    public final Map<String, Serializable> getData() {
+        return Objects.requireNonNullElseGet(data, Collections::emptyMap);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
+            return false;
+        }
+        TransitResponse that = (TransitResponse) o;
+        return Objects.equals(data, that.data);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(super.hashCode(), data);
+    }
+}