stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 34 Wiki Activity

Compare commits

base: stklcode:v0.1.1
Branches Tags
stklcode:main stklcode:develop stklcode:experimental/jackson3
stklcode:v1.5.1 stklcode:v1.5.0 stklcode:v1.4.0 stklcode:v1.3.1 stklcode:v1.3.0 stklcode:v1.2.0 stklcode:v1.1.5 stklcode:v1.1.4 stklcode:v1.1.3 stklcode:v1.1.2 stklcode:v1.1.1 stklcode:v1.1.0 stklcode:v1.0.1 stklcode:v1.0.0 stklcode:v0.9.5 stklcode:v0.9.4 stklcode:v0.9.3 stklcode:v0.9.2 stklcode:v0.9.1 stklcode:v0.9.0 stklcode:v0.8.2 stklcode:v0.8.1 stklcode:v0.8.0 stklcode:v0.7.1 stklcode:v0.7.0 stklcode:v0.6.2 stklcode:v0.6.1 stklcode:v0.6.0 stklcode:v0.5.0 stklcode:v0.4.1 stklcode:v0.4.0 stklcode:v0.3.0 stklcode:v0.2.0 stklcode:v0.1.1 stklcode:v0.1
..
compare: stklcode:v0.3.0
Branches Tags
stklcode:develop stklcode:main stklcode:experimental/jackson3
stklcode:v1.5.1 stklcode:v1.5.0 stklcode:v1.4.0 stklcode:v1.3.1 stklcode:v1.3.0 stklcode:v1.2.0 stklcode:v1.1.5 stklcode:v1.1.4 stklcode:v1.1.3 stklcode:v1.1.2 stklcode:v1.1.1 stklcode:v1.1.0 stklcode:v1.0.1 stklcode:v1.0.0 stklcode:v0.9.5 stklcode:v0.9.4 stklcode:v0.9.3 stklcode:v0.9.2 stklcode:v0.9.1 stklcode:v0.9.0 stklcode:v0.8.2 stklcode:v0.8.1 stklcode:v0.8.0 stklcode:v0.7.1 stklcode:v0.7.0 stklcode:v0.6.2 stklcode:v0.6.1 stklcode:v0.6.0 stklcode:v0.5.0 stklcode:v0.4.1 stklcode:v0.4.0 stklcode:v0.3.0 stklcode:v0.2.0 stklcode:v0.1.1 stklcode:v0.1

12 Commits
v0.1.1 ... v0.3.0

Author SHA1 Message Date
Stefan Kalscheuer
7069eabbff Merge branch 'develop' 2016-10-07 17:03:48 +02:00
Stefan Kalscheuer
ffd97a696a Preparation for v0.3.0 2016-10-07 17:02:47 +02:00
Stefan Kalscheuer
ca529027f7 Tested against Vault 0.6.2; changelog added to repo 2016-10-06 20:18:07 +02:00
Stefan Kalscheuer
40f60cee03 v0.3.0-SNAPSHOT 2016-09-27 21:17:00 +02:00
Stefan Kalscheuer
aacbed836a #1 Retrieval of JSON objects 2016-09-27 21:13:29 +02:00
Stefan Kalscheuer
351ea1fc62 Merge branch 'develop' for version 0.2.0 2016-09-01 20:30:39 +02:00
Stefan Kalscheuer
847cce7bfb Fixed AuthMethodResponse for Vault 0.6.1 compatibility 2016-09-01 20:26:14 +02:00
Stefan Kalscheuer
4c68e74a38 Minor dependency updates 2016-09-01 18:45:24 +02:00
Stefan Kalscheuer
a8afae70cc Removed Commons IO dependency 
Replaced deprecated HttpClient methods
 2016-08-13 18:43:41 +02:00
Stefan Kalscheuer
ee5b112704 LeaseDuration checked for authorization status 2016-08-13 18:00:44 +02:00
Stefan Kalscheuer
27eb1a1e8a Javadoc warnings removed 2016-08-12 19:35:51 +02:00
Stefan Kalscheuer
96fc669b38 Updated dependencies 2016-08-12 17:49:53 +02:00
15 changed files with 213 additions and 103 deletions
Expand all files Collapse all files

15
CHANGELOG.md Normal file
View File

@ -0,0 +1,15 @@
## 0.3.0 [2016-10-07]
* [feature] Retrieval of JSON objects (#1)
* [test] Tested against Vault 0.6.2
## 0.2.0 [2016-09-01]
* Dependecies updated and CommonsIO removed
* [fix] Fixed auth backend detection for Vault 0.6.1
* [test] Tested against Vault 0.6.1
## 0.1.1 [2016-06-20]
* [fix] Check for "permission denied" without status code 400 instead of 403
* [test] Tested against Vault 0.6.0
## 0.1.0 [2016-03-29]
* First release

4
README.md
View File

@ -14,7 +14,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
* Write secrets
* List secrets
* Connector Factory with builder pattern
* Tested against Vault 0.6.0
* Tested against Vault 0.6.2
**Usage Example**
@ -38,7 +38,7 @@ String secret = vault.readSecret("some/secret/key").getValue();
<dependency>
<groupId>de.stklcode.jvault</groupId>
<artifactId>connector</artifactId>
<version>0.1.1</version>
<version>0.3.0</version>
</dependency>
```

23
pom.xml
View File

@ -6,14 +6,18 @@
<groupId>de.stklcode.jvault</groupId>
<artifactId>connector</artifactId>
<version>0.1.1</version>
<version>0.3.0</version>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<version>3.5.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
@ -24,36 +28,31 @@
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.0.1</version>
<version>4.4.5</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.0.2</version>
<version>4.5.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.7.2</version>
<version>2.8.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.7.2</version>
<version>2.8.3</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>

103
src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
View File

@ -6,21 +6,23 @@ import de.stklcode.jvault.connector.exception.*;
import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.response.*;
import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpParams;
import org.apache.http.protocol.HTTP;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.*;
import java.util.stream.Collectors;
@ -45,11 +47,11 @@ public class HTTPVaultConnector implements VaultConnector {
private final ObjectMapper jsonMapper;
private final HttpClient httpClient; /* HTTP client for connection */
private final String baseURL; /* Base URL of Vault */
private boolean authorized = false; /* authorization status */
private String token; /* current token */
private long tokenTTL = 0; /* expiration time for current token */
/**
* Create connector using hostname and schema.
@ -90,13 +92,13 @@ public class HTTPVaultConnector implements VaultConnector {
*/
public HTTPVaultConnector(String baseURL) {
this.baseURL = baseURL;
this.httpClient = new DefaultHttpClient();
this.jsonMapper = new ObjectMapper();
}
@Override
public void resetAuth() {
token = null;
tokenTTL = 0;
authorized = false;
}
@ -108,6 +110,9 @@ public class HTTPVaultConnector implements VaultConnector {
} catch (VaultConnectorException | IOException e) {
e.printStackTrace();
return null;
} catch (URISyntaxException ignored) {
/* this should never occur and may leak sensible information */
return null;
}
}
@ -124,10 +129,10 @@ public class HTTPVaultConnector implements VaultConnector {
@Override
public SealResponse unseal(final String key, final Boolean reset) {
Map<String, Object> param = new HashMap<>();
Map<String, String> param = new HashMap<>();
param.put("key", key);
if (reset != null)
param.put("reset", reset);
param.put("reset", reset.toString());
try {
String response = requestPut(PATH_UNSEAL, param);
return jsonMapper.readValue(response, SealResponse.class);
@ -139,7 +144,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override
public boolean isAuthorized() {
return authorized;
return authorized && (tokenTTL == 0 || tokenTTL >= System.currentTimeMillis());
}
@Override
@ -154,9 +159,12 @@ public class HTTPVaultConnector implements VaultConnector {
String response = requestGet(PATH_AUTH, new HashMap<>());
/* Parse response */
AuthMethodsResponse amr = jsonMapper.readValue(response, AuthMethodsResponse.class);
return amr.getSupportedMethods().stream().map(AuthMethod::getType).collect(Collectors.toList());
return amr.getSupportedMethods().values().stream().map(AuthMethod::getType).collect(Collectors.toList());
} catch (IOException e) {
throw new InvalidResponseException("Unable to parse response", e);
} catch (URISyntaxException ignored) {
/* this should never occur and may leak sensible information */
throw new InvalidRequestException("Invalid URI format.");
}
}
@ -164,6 +172,7 @@ public class HTTPVaultConnector implements VaultConnector {
public TokenResponse authToken(final String token) throws VaultConnectorException {
/* set token */
this.token = token;
this.tokenTTL = 0;
try {
String response = requestPost(PATH_TOKEN_LOOKUP, new HashMap<>());
TokenResponse res = jsonMapper.readValue(response, TokenResponse.class);
@ -185,6 +194,7 @@ public class HTTPVaultConnector implements VaultConnector {
AuthResponse upr = jsonMapper.readValue(response, AuthResponse.class);
/* verify response */
this.token = upr.getAuth().getClientToken();
this.tokenTTL = System.currentTimeMillis() + upr.getAuth().getLeaseDuration() * 1000L;
this.authorized = true;
return upr;
} catch (IOException e) {
@ -204,6 +214,7 @@ public class HTTPVaultConnector implements VaultConnector {
AuthResponse auth = jsonMapper.readValue(response, AuthResponse.class);
/* verify response */
this.token = auth.getAuth().getClientToken();
this.tokenTTL = System.currentTimeMillis() + auth.getAuth().getLeaseDuration() * 1000L;
this.authorized = true;
return auth;
} catch (IOException e) {
@ -250,6 +261,9 @@ public class HTTPVaultConnector implements VaultConnector {
return jsonMapper.readValue(response, SecretResponse.class);
} catch (IOException e) {
throw new InvalidResponseException("Unable to parse response", e);
} catch (URISyntaxException ignored) {
/* this should never occur and may leak sensible information */
throw new InvalidRequestException("Invalid URI format.");
}
}
@ -258,12 +272,15 @@ public class HTTPVaultConnector implements VaultConnector {
if (!isAuthorized())
throw new AuthorizationRequiredException();
String response = requestGet(PATH_SECRET + "/" + path + "/?list=true", new HashMap<>());
try {
String response = requestGet(PATH_SECRET + "/" + path + "/?list=true", new HashMap<>());
SecretListResponse secrets = jsonMapper.readValue(response, SecretListResponse.class);
return secrets.getKeys();
} catch (IOException e) {
throw new InvalidResponseException("Unable to parse response", e);
} catch (URISyntaxException ignored) {
/* this should never occur and may leak sensible information */
throw new InvalidRequestException("Invalid URI format.");
}
}
@ -284,7 +301,7 @@ public class HTTPVaultConnector implements VaultConnector {
* @param path URL path (relative to base)
* @param payload Map of payload values (will be converted to JSON)
* @return HTTP response
* @throws VaultConnectorException
* @throws VaultConnectorException on connection error
*/
private String requestPost(final String path, final Map payload) throws VaultConnectorException {
/* Initialize post */
@ -292,8 +309,8 @@ public class HTTPVaultConnector implements VaultConnector {
/* generate JSON from payload */
StringEntity input;
try {
input = new StringEntity(jsonMapper.writeValueAsString(payload), HTTP.UTF_8);
} catch (UnsupportedEncodingException | JsonProcessingException e) {
input = new StringEntity(jsonMapper.writeValueAsString(payload), StandardCharsets.UTF_8);
} catch (JsonProcessingException e) {
throw new InvalidRequestException("Unable to parse response", e);
}
input.setContentEncoding("UTF-8");
@ -311,9 +328,9 @@ public class HTTPVaultConnector implements VaultConnector {
* @param path URL path (relative to base)
* @param payload Map of payload values (will be converted to JSON)
* @return HTTP response
* @throws VaultConnectorException
* @throws VaultConnectorException on connection error
*/
private String requestPut(final String path, final Map<String, Object> payload) throws VaultConnectorException {
private String requestPut(final String path, final Map<String, String> payload) throws VaultConnectorException {
/* Initialize post */
HttpPut put = new HttpPut(baseURL + path);
/* generate JSON from payload */
@ -337,15 +354,15 @@ public class HTTPVaultConnector implements VaultConnector {
* @param path URL path (relative to base)
* @param payload Map of payload values (will be converted to JSON)
* @return HTTP response
* @throws VaultConnectorException
* @throws VaultConnectorException on connection error
*/
private String requestGet(final String path, final Map<String, Object> payload) throws VaultConnectorException {
/* Initialize post */
HttpGet get = new HttpGet(baseURL + path);
/* Parse parameters */
HttpParams params = new BasicHttpParams();
payload.forEach(params::setParameter);
get.setParams(params);
private String requestGet(final String path, final Map<String, String> payload) throws VaultConnectorException, URISyntaxException {
/* Add parameters to URI */
URIBuilder uriBuilder = new URIBuilder(baseURL + path);
payload.forEach(uriBuilder::addParameter);
/* Initialize request */
HttpGet get = new HttpGet(uriBuilder.build());
/* Set X-Vault-Token header */
if (token != null)
@ -358,21 +375,24 @@ public class HTTPVaultConnector implements VaultConnector {
* Execute prepared HTTP request and return result
* @param base Prepares Request
* @return HTTP response
* @throws VaultConnectorException
* @throws VaultConnectorException on connection error
*/
private String request(HttpRequestBase base) throws VaultConnectorException {
/* Set JSON Header */
base.addHeader("accept", "application/json");
HttpResponse response = null;
try {
try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
response = httpClient.execute(base);
/* Check if response is valid */
if (response == null)
throw new InvalidResponseException("Response unavailable");
switch (response.getStatusLine().getStatusCode()) {
case 200:
return IOUtils.toString(response.getEntity().getContent());
try(BufferedReader br = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))) {
return br.lines().collect(Collectors.joining("\n"));
} catch (IOException ignored) { }
case 204:
return "";
case 403:
@ -380,19 +400,18 @@ public class HTTPVaultConnector implements VaultConnector {
default:
InvalidResponseException ex = new InvalidResponseException("Invalid response code")
.withStatusCode(response.getStatusLine().getStatusCode());
try {
/* Try to parse error response */
ErrorResponse er = jsonMapper.readValue(IOUtils.toString(response.getEntity().getContent()),
ErrorResponse.class);
/* Check for "permission denied" response */
if (er.getErrors().size() > 0 && er.getErrors().get(0).equals("permission denied"))
throw new PermissionDeniedException();
throw ex.withResponse(er.toString());
}
catch (IOException e) {
throw ex;
if (response.getEntity() != null) {
try (BufferedReader br = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))) {
String responseString = br.lines().collect(Collectors.joining("\n"));
ErrorResponse er = jsonMapper.readValue(responseString, ErrorResponse.class);
/* Check for "permission denied" response */
if (er.getErrors().size() > 0 && er.getErrors().get(0).equals("permission denied"))
throw new PermissionDeniedException();
throw ex.withResponse(er.toString());
} catch (IOException ignored) {
}
}
throw ex;
}
} catch (IOException e) {
throw new InvalidResponseException("Unable to read response", e);
@ -400,7 +419,7 @@ public class HTTPVaultConnector implements VaultConnector {
finally {
if (response != null && response.getEntity() != null)
try {
response.getEntity().consumeContent();
EntityUtils.consume(response.getEntity());
} catch (IOException ignored) {
}
}

19
src/main/java/de/stklcode/jvault/connector/VaultConnector.java
View File

@ -2,10 +2,7 @@ package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.response.SealResponse;
import de.stklcode.jvault.connector.model.response.SecretResponse;
import de.stklcode.jvault.connector.model.response.TokenResponse;
import de.stklcode.jvault.connector.model.response.AuthResponse;
import de.stklcode.jvault.connector.model.response.*;
import java.util.List;
@ -60,6 +57,7 @@ public interface VaultConnector {
/**
* Get all availale authentication backends.
* @return List of backends
* @throws VaultConnectorException on error
*/
List<AuthBackend> getAuthBackends() throws VaultConnectorException;
@ -67,6 +65,7 @@ public interface VaultConnector {
* Authorize to Vault using token.
* @param token The token
* @return Token response
* @throws VaultConnectorException on error
*/
TokenResponse authToken(final String token) throws VaultConnectorException;
@ -75,7 +74,7 @@ public interface VaultConnector {
* @param username The username
* @param password The password
* @return Authorization result
* @throws VaultConnectorException
* @throws VaultConnectorException on error
*/
AuthResponse authUserPass(final String username, final String password) throws VaultConnectorException;
@ -84,6 +83,7 @@ public interface VaultConnector {
* @param appID The App ID
* @param userID The User ID
* @return TRUE on success
* @throws VaultConnectorException on error
*/
AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException;
@ -93,7 +93,7 @@ public interface VaultConnector {
* @param policy The policy to associate with
* @param displayName Arbitrary name to display
* @return TRUE on success
* @throws VaultConnectorException
* @throws VaultConnectorException on error
*/
boolean registerAppId(final String appID, final String policy, final String displayName) throws VaultConnectorException;
@ -102,7 +102,7 @@ public interface VaultConnector {
* @param appID The App-ID
* @param userID The User-ID
* @return TRUE on success
* @throws VaultConnectorException
* @throws VaultConnectorException on error
*/
boolean registerUserId(final String appID, final String userID) throws VaultConnectorException;
@ -113,7 +113,7 @@ public interface VaultConnector {
* @param displayName Arbitrary name to display
* @param userID The User-ID
* @return TRUE on success
* @throws VaultConnectorException
* @throws VaultConnectorException on error
*/
default boolean registerAppUserId(final String appID, final String policy, final String displayName, final String userID) throws VaultConnectorException {
return registerAppId(appID, policy, userID) && registerUserId(appID, userID);
@ -129,6 +129,7 @@ public interface VaultConnector {
* Retrieve secret form Vault.
* @param key Secret identifier
* @return Secret response
* @throws VaultConnectorException on error
*/
SecretResponse readSecret(final String key) throws VaultConnectorException;
@ -136,6 +137,7 @@ public interface VaultConnector {
* List available secrets from Vault.
* @param path Root path to search
* @return List of secret keys
* @throws VaultConnectorException on error
*/
List<String> listSecrets(final String path) throws VaultConnectorException;
@ -144,6 +146,7 @@ public interface VaultConnector {
* @param key Secret path
* @param value Secret value
* @return TRUE on success
* @throws VaultConnectorException on error
*/
boolean writeSecret(final String key, final String value) throws VaultConnectorException;
}

35
src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
View File

@ -1,11 +1,12 @@
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonAnySetter;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
import java.util.ArrayList;
import java.util.List;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
@ -14,19 +15,27 @@ import java.util.Map;
* @author Stefan Kalscheuer
* @since 0.1
*/
public class AuthMethodsResponse implements VaultResponse {
@JsonIgnoreProperties(ignoreUnknown = true)
public class AuthMethodsResponse extends VaultDataResponse {
private Map<String, AuthMethod> supportedMethods;
private List<AuthMethod> supportedMethods;
@JsonAnySetter
public void setMethod(String path, Map<String, String> data) throws InvalidResponseException {
if (supportedMethods == null)
supportedMethods = new ArrayList<>();
supportedMethods.add(new AuthMethod(path, data.get("description"), data.get("type")));
public AuthMethodsResponse() {
this.supportedMethods = new HashMap<>();
}
public List<AuthMethod> getSupportedMethods() {
@Override
public void setData(Map<String, Object> data) throws InvalidResponseException {
ObjectMapper mapper = new ObjectMapper();
for (String path : data.keySet()) {
try {
this.supportedMethods.put(path, mapper.readValue(mapper.writeValueAsString(data.get(path)), AuthMethod.class));
} catch (IOException e) {
throw new InvalidResponseException();
}
}
}
public Map<String, AuthMethod> getSupportedMethods() {
return supportedMethods;
}
}

18
src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
View File

@ -1,8 +1,10 @@
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import java.io.IOException;
import java.util.Map;
/**
@ -27,4 +29,20 @@ public class SecretResponse extends VaultDataResponse {
public String getValue() {
return value;
}
/**
* Get response parsed as JSON
* @param type Class to parse response
* @param <T> Class to parse response
* @return Parsed object
* @throws InvalidResponseException on parsing error
* @since 0.3
*/
public <T> T getValue(Class<T> type) throws InvalidResponseException {
try {
return new ObjectMapper().readValue(getValue(), type);
} catch (IOException e) {
throw new InvalidResponseException("Unable to parse response payload: " + e.getMessage());
}
}
}

24
src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
View File

@ -1,8 +1,11 @@
package de.stklcode.jvault.connector.model.response.embedded;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonSetter;
import de.stklcode.jvault.connector.model.AuthBackend;
import java.util.Map;
/**
* Embedded authentication method response.
*
@ -12,12 +15,15 @@ import de.stklcode.jvault.connector.model.AuthBackend;
public class AuthMethod {
private AuthBackend type;
private String rawType;
private String path;
@JsonProperty("description")
private String description;
public AuthMethod(String path, String description, String type) {
this.path = path;
this.description = description;
@JsonProperty("config")
private Map<String, String> config;
@JsonSetter("type")
public void setType(String type) {
this.rawType = type;
this.type = AuthBackend.forType(type);
}
@ -30,11 +36,11 @@ public class AuthMethod {
return rawType;
}
public String getPath() {
return path;
}
public String getDescription() {
return description;
}
public Map<String, String> getConfig() {
return config;
}
}

41
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
View File

@ -1,15 +1,14 @@
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.*;
import de.stklcode.jvault.connector.test.Credentials;
import de.stklcode.jvault.connector.test.VaultConfiguration;
import de.stklcode.jvault.connector.exception.InvalidRequestException;
import de.stklcode.jvault.connector.exception.PermissionDeniedException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.factory.VaultConnectorFactory;
import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.response.AuthResponse;
import de.stklcode.jvault.connector.model.response.SealResponse;
import de.stklcode.jvault.connector.model.response.SecretResponse;
import de.stklcode.jvault.connector.model.response.TokenResponse;
import org.junit.*;
import org.junit.rules.TemporaryFolder;
@ -20,9 +19,7 @@ import java.io.IOException;
import java.net.ServerSocket;
import java.util.List;
import static org.hamcrest.CoreMatchers.hasItem;
import static org.hamcrest.CoreMatchers.hasItems;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.*;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.*;
@ -45,6 +42,7 @@ public class HTTPVaultConnectorTest {
private static String USER_ID = "5ADF8218-D7FB-4089-9E38-287465DBF37E";
private static String SECRET_PATH = "userstore";
private static String SECRET_KEY = "foo";
private static String SECRET_KEY_JSON = "json";
private static String SECRET_VALUE = "bar";
private Process vaultProcess;
@ -112,9 +110,9 @@ public class HTTPVaultConnectorTest {
*/
@Test
public void authTokenTest() {
TokenResponse res = null;
TokenResponse res;
try {
res = connector.authToken("52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6");
connector.authToken("52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6");
fail("Logged in with invalid token");
} catch (VaultConnectorException ignored) {
}
@ -211,6 +209,21 @@ public class HTTPVaultConnectorTest {
} catch (VaultConnectorException e) {
fail("Valid secret path could not be read: " + e.getMessage());
}
/* Try to read accessible path with JSON value */
try {
res = connector.readSecret(SECRET_PATH + "/" + SECRET_KEY_JSON);
assertThat("Known secret returned null value.", res.getValue(), notNullValue());
} catch (VaultConnectorException e) {
fail("Valid secret path could not be read: " + e.getMessage());
}
try {
Credentials parsedRes = res.getValue(Credentials.class);
assertThat("JSON response was null", parsedRes, notNullValue());
assertThat("JSON response incorrect", parsedRes.getUsername(), is("user"));
assertThat("JSON response incorrect", parsedRes.getPassword(), is("password"));
} catch (InvalidResponseException e) {
fail("JSON response could not be parsed: " + e.getMessage());
}
}
/**
@ -277,7 +290,7 @@ public class HTTPVaultConnectorTest {
/**
* Initialize Vault with resource datastore and generated configuration.
* @return Vault Configuration
* @throws IllegalStateException
* @throws IllegalStateException on error
*/
private VaultConfiguration initializeVault() throws IllegalStateException {
String dataResource = getClass().getResource("/data_dir").getPath();
@ -291,10 +304,10 @@ public class HTTPVaultConnectorTest {
/* Write configuration file */
BufferedWriter bw = null;
File configFIle = null;
File configFile = null;
try {
configFIle = tmpDir.newFile("vault.conf");
bw = new BufferedWriter(new FileWriter(configFIle));
configFile = tmpDir.newFile("vault.conf");
bw = new BufferedWriter(new FileWriter(configFile));
bw.write(config.toString());
}
catch (IOException e) {
@ -313,7 +326,7 @@ public class HTTPVaultConnectorTest {
/* Start vault process */
try {
vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFIle.toString());
vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFile.toString());
} catch (IOException e) {
e.printStackTrace();
throw new IllegalStateException("Unable to start vault. Make sure vault binary is in your executable path.");

26
src/test/java/de/stklcode/jvault/connector/test/Credentials.java Normal file
View File

@ -0,0 +1,26 @@
package de.stklcode.jvault.connector.test;
import com.fasterxml.jackson.annotation.JsonProperty;
/**
* Simple credentials class for JSON testing.
*
* @author Stefan Kalscheuer
* @since 0.1
*/
public class Credentials {
@JsonProperty("username")
private String username;
@JsonProperty("password")
private String password;
public String getUsername() {
return username;
}
public String getPassword() {
return password;
}
}

2
src/test/resources/data_dir/core/_audit
View File

@ -1 +1 @@
{"Key":"core/audit","Value":"AAAAAQJ+0lfxYOKIXzquksd3Il4zfW4ja6BdScu7mCAijGDph63S5yWH92olwI2SQA=="}
{"Key":"core/audit","Value":"AAAAAQI4CkDWnI49wp9iDaEMhEgTyBBtXOuIcrn7m4qifUOwQ6reTf3BKc5IQXuhxN5h51KVeinMklz3Ld0Qgw=="}

2
src/test/resources/data_dir/core/_auth
View File

@ -1 +1 @@
{"Key":"core/auth","Value":"AAAAAQJeg+aK83bfYUPm5KV/+Y1Cf8fVX8Oq7cFiYE3PN4Tcl2j9YD7c+fijkopFzPLxh/EBRVzGTjBBkWBDTLC4EKn2lU8A+NJK6frGOu5Vjc4+WipBUcsGGcfosvxrZk8ZrTt09PRo7CnAFzmH4CgIVuEFv3NZyjXX08EMakxmH6R4S8Ti3cmit5Kr1TKSGnHeMfO6lBnAobAfNlfgNDM90yAxaQUT9gR27TabSKsVvkIY/0oxIcVFQ1RuF7xcdAOJ82wlWkcfT+rMhSS6roGt9Njx9t0PQNjv2eomh/leuhTUzfu4oAbtJJO3IPuC/KkJZpKinjJaGlA5Kx5m7W09DHieyI0GXmjJXH9oCj0z9w6eKDNZmjC1xeFylBvkvnkAKA6QmUmZjoq+m81/UC/C/ShJYxDFxaHwCPgF92qSrT1VTrz5lYAyyjJmrnbyuUXfgG6d4dbDxT/DVddHtIzHbBBT0xxjNM/+WxOSdRYZXKsfm8ovGaFWJr9AyFfEnyS0E9FJvkEXp68eNdacgdM3Ow5Zchm2/I9F4wN577ZwK9oGO2kjkDv4pwKQJ6uDYXeJDZxeMO2rXk/9sY8rAV20loOnqryfO3IE876H97KyE1LEzrky7mVw3YL/CDlZCO5Sf2IHTmwKylTRlsnUO1I5bviFD3a3EdeIGeDuNbWIqiju2fpMQX4l2gUuY4pysBM28AwbTe3zp348PePFpTcGE0/YwsW/aJit3VOc6xNX9WU="}
{"Key":"core/auth","Value":"AAAAAQKA3+V0TsgRYXO8NxjN1y6nBjUL9B2eOJe4Cfi56B3qmzGx1mhyn1SRkyWBbRIjIOp/a8d52P5ukK3AU3FpOC8w8W/aYLZVZONhMn4tnzvN9+FDYp5Kx8FqNBunDgOwygkMsgd0fnrAgxefUU1z4iY5hlXl/45qwWE6HXbrCJ5uBciHZajmKbCZPe9oc/i0Lw0hZXW598kJV6OmzGesWqYmkbyohv5d1vTB1nuDNG5MvxtWoNIcF5u5+x487zg0FQ6womZOyR7xQKxXyIYescIjAmSjJ6Xlr0rj41NSCzMIhP6fkDHI+YiPAcXDHynjMRV4rky9PG5PSJQgp1jYUUjo/3crc1ssBMSPTEecdc9xOyS903o2/fvc9aFm0CBOtlrlbLzzEztIrHPwJAkCoyqgpk/LcJgV6DRM8xmy+MDTNBFnLhzTeKyK2z7c932JYHTNO8YiIzmc8xAOY46YMEofGu0dVi6QTtfxIs3934NoO5p+EM0RcBnLme8FVWr+QsyL64SFJ3sF7t9WuwRccLTpJaQm5r7YsUFSOZSczrMkWAPIyJFprCA678HVgpVUUOeA1vC96am7+IybvOD8n7Hwu8PCKoXUStsJya+WR1gZ3zjd6zN9byibve6MXxMvYpFp4zv4l2whavvPzO5sCM6xookFvhUVZPvcTrQIhxSoTLabJClss4VJKZoV6HK4m4JZcgKXAVuHBf4WHDV+vFPnc5IITneMR1I2GYJPaOlhDlB2MO0WbCBWDc+EhuelmuiUdZFT3u4zshaODpPzvVzWwbWwIQyFfL7dM3ZCiIGS9Bo6pAj6b8zsjg=="}

2
src/test/resources/data_dir/core/_mounts
View File

@ -1 +1 @@
{"Key":"core/mounts","Value":"AAAAAQLyZ1sJsIcAqhtCBFotH08os+J6UEjDnte1gzUp8md8RNH2LFTBe+8iwqSjgpJCyQPYXxDb7l5S4YG8ypUAk5yZA/CaC5y2idWXBrvzihCdDgOv+xLB17mGRuIJdPSdG2TlPY/HJBkadAPOzzD+qFHJKOeH+YOVwBQQP8GA9uLm3DZNHOSej59Y8wN7R9hJX1aXBnkqFhpLdARXqrlSI8SiWz3TNA2vmm4cCzxGcmKEUF3m6peBr47TTnZtcciGI0vd7yIbMeblF93HcrNMcQnKB4ItR8a+yO4WZHg/Y1iWn0JQB0y0FSYg+OFFolsMQpQDDd+YTUpj8zJ2pmlRZ9n19WBHD2VbkzkCyR214+NzCpOfCUsguYdGR34trwU6/4W5ApxtY/+T35vQ+esztU2HgQqJES6s8708Nn589Kvzg/+etbvhfq/DmWOcwZOtb2X/EQHaDmHWzsWqQ26Ux32WiAjedVwoba6vT23MIgUBjdHIKuTlrV6JqNVeuevfmfpBW8y/EhcAm6e2s8jTkdoaSPvq2NaBT9HF6FWJNXhVxAXQlOp7ibx5nk7l312umi2hbZ0+2Ad2wTGCVsECa26ZqXzBbU3uNni4sNdqbTq0i7unpqEQnyfTGcHkxe1uIbT2sK/AydtaOV8IDN4Z0HUBX9tj2UpQr8LX+JW9wX3MIXxQVfogyi/AmQRiDYuPeJyvvTTininGOHLSQyl/jRO/A3SdrTmppcwyNmTS1tzpwDawCP9yLWcw0/QVYgd8wMgmVjKsGuxJqWtEibnEnP9oU8Epi1Zy0OPXLUAT/06R9xtIMRReS2+VhBrFGmkD6eVL6EX0OOZ3yA6CxIft7cHQNishwIGL"}
{"Key":"core/mounts","Value":"AAAAAQKEEYCeXSTFocHW81rN1uI6MofozgPy2HnyOaonbuLKzaYM90H7UWfCymZ8sJ/3buSfv8/HNGkrjMHXnwyNbwTZrMt1+3LzSySfrNuq8naoLCbZK0Pn3vJElDnJAej44SBoKrmC04RAj7ROjxB5Eiqe4VJmj2KzjX8pnwKo2cFvetgNiW1a1W9zqqDZX4HRxTCfiS4RwLdkWrUjYvwjX4tQB+GYuixUEWWCsUXSAoIhHx/H7AkmJaJVyrHILjHAcSD8fgxCHwFwf7xaMgQhWqj+ofBYwilgtXkPc/vcmT1pZqw8RgHrfMKTl1gGmuXiiL9/tkWeMs4u9H9+nhLFYy6V2EDFDKPc+zvHg/c4lRUvN0AnX1A050ZJKucYDLq8IxRuBQL4ZZ0syyIVxoA2iJYgIy8dZXHg232LQg5Gicc+sqHKMAJxknkEwl2QBPhcAyGobent4UaAx9b+7LGXhg=="}

1
src/test/resources/data_dir/logical/b85d867d-74d1-7d84-7a97-4597d813a5fb/userstore/_json Normal file
View File

@ -0,0 +1 @@
{"Key":"logical/b85d867d-74d1-7d84-7a97-4597d813a5fb/userstore/json","Value":"AAAAAQIow6Rc/bPZhf5PDQ3jK/diX99iQZM01NA62tkT0BaKE4UfmSYuYDVUCIrWUOKsVyvD48phL3hEHfgNrJzVsVIk296Br/y7/es9z5zOxe9VATSSJy3CI54AtA=="}

1
src/test/resources/data_dir/sys/policy/_response-wrapping Normal file
View File

@ -0,0 +1 @@
{"Key":"sys/policy/response-wrapping","Value":"AAAAAQLDl3zy1uKv9o2NhIyl43YAtoxGChOUc4aMa7beod+3e8FkdOsZt9BIirHsqjJ+VoxQyz+HroBaNfKPsyos3WLWvz5IUZ1UHr/jLG2SjrJfCKvco85RsFytkzp3T+Z5JB2vVfm22PpBIbjq2+XpHLKIqARqTWYl7Wnql572JZOvPY0w"}