use curl instead of wget for Drone CI builds

prepare 0.8.1 release
Set correct test scope for JUnit migration support lib (fix #30 )
2019-08-16 20:16:23 +02:00 · 2019-08-16 20:01:48 +02:00 · 2019-08-16 19:59:09 +02:00 · 2019-08-16 19:54:46 +02:00 · 2019-08-16 19:51:37 +02:00 · 2019-07-30 21:11:13 +02:00
163 changed files with 7637 additions and 1593 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,26 @@
 kind: pipeline
 name: default
 steps:
  - name: test-online
    image: maven:3-jdk-11
    environment:
      VAULT_VERSION: 1.2.2
    commands:
      - curl -o vault_1.2.2_linux_amd64.zip https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip
      - curl -s https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_SHA256SUMS | grep linux_amd64 | sha256sum -c
      - unzip vault_1.2.2_linux_amd64.zip
      - rm vault_1.2.2_linux_amd64.zip
      - mv vault /bin/
      - mvn clean test
    when:
      branch:
        - master
  - name: test-offline
    image: maven:3-jdk-11
    commands:
      - mvn clean test -P offline-tests
    when:
      branch:
        - develop
        - feature/*
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,5 @@
 /target/
 /*.iml
 /.idea/
 /*.project
 *~
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,33 @@
 language: java
 jdk:
  - openjdk11
 install: true
 addons:
  sonarcloud:
    organization: "stklcode-github"
    token:
      secure: "sM9OfX5jW764pn9cb2LSXArnXucKMws+eGeg5NnZxHRcGYt4hpBKLSregBSsBNzUoWVj0zNzPCpnh+UQvgxQzUerOqwEdjTBpy3SNPaxSn7UpoSg+Wz3aUmL9ugmx01b51/wMG4UCHEwTZt2tpgTPVtw8K6uSO78e0dSICCBHDnRcdQwOjMEQHIJJ/qHVRwuy/MzLCAP3W1JPZlsphZg9QsFyhB4hW97dE90joZezfocQIv2xI/r6k+BLz0pY6MxYCul0RiDumaiaej0CPvEJI/uSu//BAQjUdHw+mQgnKUYIbrn2ONOviwNfwdr94JyoZEN2B6zASUmNLjPf4AbIojDeyS+CrpQpm17EVm/Qk/Ds+Xra4PPPIcsZhiWzV0KoDUz9xLfXuRJ526VT5tDPiaeI7oETf0+8l+JIS1b399FyqHi7smzjpvC6GuKflQrbuHK4MuKzDh7WTHiqokGG4SS0wOQIaaHB3dfdwwQzPh6IM24e8CETxh3DjMeqUTU4DWmv5po55jZ934TtxVQvVN78bTG9O0zS9u+JmRY04OZ+OaXuFam6MfMUFQi0EPZzdGul/oWSibGUu3bNfVEBp60CnJwYNM/dKG6U7pJthLHvSwiQFOdKzHZ+l1jZJ4gPaXaIGqpwqVGr28ntqA/El1rytPixr2driE6bYMt5jw="
 env:
  - PATH=$PATH:. VAULT_VERSION=1.2.2
 before_script:
  - |
    if [ "$TRAVIS_BRANCH" = "master" ]; then
      wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip
      wget -q -O - https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS | grep linux_amd64 | sha256sum -c
      unzip vault_${VAULT_VERSION}_linux_amd64.zip
      rm vault_${VAULT_VERSION}_linux_amd64.zip
    fi
 cache:
  directories:
    - '$HOME/.m2/repository'
    - '$HOME/.sonar/cache'
 script:
  - |
    if [ "$TRAVIS_BRANCH" = "master" ]; then
      mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent package sonar:sonar
    else
      mvn clean test -P offline-tests
    fi
 notifications:
  slack:
    secure: "YyE5GePOLkCVTtCy8j507BRmQrtrWhtvmUt4kY0Z2/ptf0LzfuDEJQ4ZbCxO5ri5IDJrrvyPAedjft818+bMzdFfxvi1oviIL+LZNhyev8gfeIBF/U2pvSLGKCRX4g4aZ6NKN3Untjdm8lmiVTltOyZ59JizQVwXzAl3LiOpnJugyBqbhOx4EIqBzwW3gaYAofMqY2LczW5W/M+99HJCst8Mb8H06GstCPEHCizAq7VRaUS68PstlxQMV0Q6bsSYMLFbLWmhuXs96WHqOrT+nNsl07ikr3N8c4HafhFutt2Jyc1+8gXO417+eSvVM0iBpHGwTmfGFfCqx/4Pf62DTJuvh8dR4fLgLDiqEeDrBEcRRDOs9cvXVOO22NN1HuBBJY8VRiFcwNAvuVMXCtnC+1RJRAZB2zubsANiFe+ygk/ywj37cVXY+NpqlBwcSph6jPHo2hD6cIl2rTWn1EnZH519Rh38xTSv6MRzAO9kWNVrAlX+UtvYS8Sk7Owrc0tET9Lc4zj6aI5tsA1wYbN3Jk6EbMhsF6K/XF2npt2qg09pxkj8wmxoUoR6/rGuSv55aSxTdLDmH+en4ahEm3uc4h1lYoVCk0yrZoTAas3zS4WpBCKnl+mweuKNxaejyy0Wv6NR9ZCTaS3yFgibNOjvDpxZxTAPdNBL7hn+k4LwgN4="
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,28 +1,164 @@
 ## 0.8.1 (2019-08-16)
 ### Fixes
 * Removed compile dependency to JUnit library (#30) 
 ### Improvements
 * Updated ependencies
 ### Test
 * Tested against Vault 1.2.2
 ## 0.8.0 (2019-03-24)
 ### Breaking
 * Moved Maven artifact to `de.stklcode.jvault:jvault-connector` (#28)
 * Removed support for `HTTPVaultConnectorFactory#withSslContext()` in favor of `#withTrustedCA()` due to
 ### Features
 * Support for KV version 2 secret engine (#16)
 * Ability to pass custom mount point to KV v2 read/write methods (#25)
 ### Improvements
 * refactoring of the internal SSL handling (#17)
 * `VaultConnector` extends `java.io.Serializable` (#19)
 * Added missing flags to `SealResponse` (#20)
 * Added replication flags to `HealthResponse` (#21)
 * Enforce TLS 1.2 by default with option to override (#22)
 * Build environment and tests now compatible with Java 10
 * Updated dependencies to fix vulnerabilities (i.e. CVE-2018-7489)
 * New static method `Token.builder()` to get token builder instance
 * New static method `AppRole.builder()` to get AppRole builder instance
 ### Deprecation
 * `VaultConnectorFactory` is deprecated in favor of `VaultConnectorBuilder` with identical API (#18)
 * `AppRoleBuilder#withBoundCidrList(List)` is deprecated in favor of `AppRoleBuilder#withSecretIdBoundCidrs(List)` (#24)
 ## 0.7.1 (2018-03-17)
 ### Improvements
 * Added automatic module name for JPMS compatibility
 * Minor dependency updates
 ### Test
 * Tested against Vault 0.9.5
 ## 0.7.0 (2017-10-03)
 ### Features
 * Retrieval of health status via `getHealth()` (#15)
 ### Improvements
 * `seal()`, `unseal()` are now `void` and throw Exception on error (#12)
 * Adaptation to Vault 0.8 endpoints for `renew` and `revoke`, **breaking** 0.7 compatibility (#11)
 ### Removed
 * Removed deprecated `listAppRoleSecretss()` (use `listAppRoleSecrets()`) (#14)
 ### Test
 * Tested against Vault 0.8.3
 ## 0.6.2 [2017-08-19]
 ### Fixes
 * Prevent potential NPE on SecretResponse getter
 * Removed stack traces on PUT request and response deserialization (#13)
 ### Improvements
 * Fields of InvalidResposneException made final
 ### Deprecation
 * `listAppRoleSecretss()` in favor of `listAppRoleSecrets()` (#14)
 ### Test
 * Tested against Vault 0.8.1, increased coverage
 ## 0.6.1 (2017-08-02)
 ### Fixes
 * `TokenModel.getPassword()` returned username instead of password
 * `TokenModel.getUsername()` and `getPassword()` could produce NPE in multithreaded environments
 * `TokenData.getCreatinTtl()` renamed to `getCreationTtl()` (typo fix)
 ### Test
 * Tested against Vault 0.7.3
 ## 0.6.0 (2017-05-12)
 ### Features
 * Initialization from environment variables using `fromEnv()` in factory (#8)
 * Automatic authentication with `buildAndAuth()`
 * Custom timeout and number of retries (#9)
 * Connector implements `AutoCloseable`
 ### Fixes
 * `SecretResponse` does not throw NPE on `get(key)` and `getData()`
 ### Test 
 * Tested against Vault 0.7.2
 ## 0.5.0 (2017-03-18)
 ### Features
 * Convenience methods for DB credentials (#7)
 ### Fixes
 * Minor bugfix in TokenBuilder
 ### Deprecation
 * `SecretResponse.getValue()` deprecated
 ### Test
 * Tested against Vault 0.7.0
 ## 0.4.1 [2016-12-24]
-* [fix] Factory Null-tolerant for trusted certificate (#6)
+### Fixes
-* [test] StackTraces testet for secret leaks
+* Factory Null-tolerant for trusted certificate (#6)
 * [test] Tested against Vault 0.6.4
-## 0.4.0 [2016-11-06]
+### Test
-* [feature] Option to provide a trusted CA certificate (#2)
+* StackTraces tested for secret leaks
-* [feature] Deletion, revocation and renewal of secrets (#3)
+* Tested against Vault 0.6.4
 * [feature] Token creation (#4)
 * [feature] AppRole auth backend supported (#5)
 * [improvement] Support for complex secrets
 * [deprecation] App-ID backend marked as deprecated
 ## 0.3.0 [2016-10-07]
 * [feature] Retrieval of JSON objects (#1)
 * [test] Tested against Vault 0.6.2
-## 0.2.0 [2016-09-01]
+## 0.4.0 (2016-11-06)
 ### Features
 * Option to provide a trusted CA certificate (#2)
 * Deletion, revocation and renewal of secrets (#3)
 * Token creation (#4)
 * AppRole auth backend supported (#5)
 ### Improvements
 * Support for complex secrets
 ### Deprecation
 * App-ID backend marked as deprecated
 ## 0.3.0 (2016-10-07)
 ### Features
 * Retrieval of JSON objects (#1)
 ### Test
 * Tested against Vault 0.6.2
 ## 0.2.0 (2016-09-01)
 ### Improvements
 * Dependecies updated and CommonsIO removed
 * [fix] Fixed auth backend detection for Vault 0.6.1
 * [test] Tested against Vault 0.6.1
-## 0.1.1 [2016-06-20]
+### Fixes
-* [fix] Check for "permission denied" without status code 400 instead of 403
+* Fixed auth backend detection for Vault 0.6.1
 * [test] Tested against Vault 0.6.0
-## 0.1.0 [2016-03-29]
+### Test
-* First release
+* Tested against Vault 0.6.1
 ## 0.1.1 (2016-06-20)
 ### Fixes
 * Check for "permission denied" without status code 400 instead of 403
 ### Test
 * Tested against Vault 0.6.0
 ## 0.1.0 (2016-03-29)
 * First release
--- a/README.md
+++ b/README.md
@ -1,16 +1,24 @@
-Java Vault Connector
+# Java Vault Connector 
-=========
+
 [![Build Status](https://travis-ci.org/stklcode/jvaultconnector.svg?branch=master)](https://travis-ci.org/stklcode/jvaultconnector)
 [![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=de.stklcode.jvault%3Ajvault-connector&metric=alert_status)](https://sonarcloud.io/dashboard?id=de.stklcode.jvault%3Aconnector)
 [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/master/LICENSE.txt) 
 [![Maven Central](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22de.stklcode.jvault%22%20AND%20a%3A%22jvault-connector%22)
 ![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/master/assets/logo.png)
 Java Vault Connector is a connector library for [Vault](https://www.vaultproject.io) by [Hashicorp](https://www.hashicorp.com) written in Java. The connector allows simple usage of Vault's secret store in own applications.
-**Current available features:**
+## Features:
 * HTTP(S) backend connector
    *  Ability to provide or enforce custom CA certificate
-* Authorization methods:
+    * Optional initialization from environment variables
 * Authorization methods
    * Token
    * Username/Password
    * AppID (register and authenticate) [_deprecated_]
    * AppRole (register and authenticate)
    * AppID (register and authenticate) [_deprecated_]
 * Tokens
    * Creation and lookup of tokens
    * TokenBuilder for speaking creation of complex configuraitons
@ -21,46 +29,101 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
    * Delete secrets
    * Renew/revoke leases
    * Raw secret content or JSON decoding
    * SQL secret handling
    * KV v1 and v2 support
 * Connector Factory with builder pattern
-* Tested against Vault 0.6.4
+* Tested against Vault 1.2.2
-**Usage Example**
+
 ## Maven Artifact
 ```xml
 <dependency>
    <groupId>de.stklcode.jvault</groupId>
    <artifactId>jvault-connector</artifactId>
    <version>0.8.1</version>
 </dependency>
 ```
 ## Usage Examples
 ### Initialization
 ```java
-// Instanciate using builder pattern style factory
+// Instantiate using builder pattern style factory (TLS enabled by default)
-VaultConnector vault = VaultConnectorFactory.httpFactory()
+VaultConnector vault = VaultConnectorBuilder.http()
 .withHost("127.0.0.1")
 .withPort(8200)
 .withTLS()
 .build();
-//authenticate with token
+// Instantiate with custom SSL context
 VaultConnector vault = VaultConnectorBuilder.http()
 .withHost("example.com")
 .withPort(8200)
 .withTrustedCA(Paths.get("/path/to/CA.pem"))
 .build();
 // Initialization from environment variables 
 VaultConnector vault = VaultConnectorBuilder.http()
 .fromEnv()
 .build();
 ```
 ### Authentication
 ```java
 // Authenticate with token.
 vault.authToken("01234567-89ab-cdef-0123-456789abcdef");
-// retrieve secret
+// Authenticate with username and password.
-String secret = vault.readSecret("some/secret/key").getValue();
+vault.authUserPass("username", "p4ssw0rd");
 // Authenticate with AppRole (secret - 2nd argument - is optional).
 vault.authAppRole("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");
 ```
-**Maven Artifact**
+### Secret read & write
-```
+
-<dependency>
+```java
-    <groupId>de.stklcode.jvault</groupId>
+// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
-    <artifactId>connector</artifactId>
+String secret = vault.readSecret("some/secret/key").get("value", String.class);
-    <version>0.4.1</version>
+
-</dependency>
+// Complex secret.
 Map<String, Object> secretData = vault.readSecret("another/secret/key").getData();
 // Write simple secret.
 vault.writeSecret("new/secret/key", "secret value");
 // Write complex data to arbitraty path.
 Map<String, Object> map = ...;
 vault.write("any/path/to/write", map);
 // Delete secret.
 vault.delete("any/path/to/write");
 ```
-**Links**
+### Token and role creation
 ```java
 // Create token using TokenBuilder
 Token token = Token.builder()
                   .withId("token id")
                   .withDisplayName("new test token")
                   .withPolicies("pol1", "pol2")
                   .build();
 vault.createToken(token);
 // Create AppRole credentials
 vault.createAppRole("testrole", policyList);
 AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");
 ```
 ## Links
 [Project Page](http://jvault.stklcode.de)
 [JavaDoc API](http://jvault.stklcode.de/apidocs/)
-**Planned features:**
+## License
 * Creation and modification of policies
 * Implement more authentication methods
 **License**
 The project is licensed under [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0).
--- a/assets/logo.png
+++ b/assets/logo.png
--- a/assets/logo.svg
+++ b/assets/logo.svg
@ -0,0 +1,12 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg xmlns="http://www.w3.org/2000/svg" width="128" height="128">
    <path d="M4,12 l60,104 l60,-104 z" stroke="none" fill="#000000" />
    <rect x="74" y="20" width="8" height="8" stroke="none" fill="#00abe0" />
    <rect x="74" y="34" width="8" height="8" stroke="none" fill="#00abe0" />
    <rect x="74" y="48" width="8" height="8" stroke="none" fill="#00abe0" />
    <rect x="74" y="62" width="8" height="8" stroke="none" fill="#00abe0" />
    <rect x="68" y="74" width="8" height="8" stroke="none" fill="#00abe0" />
    <rect x="54" y="74" width="8" height="8" stroke="none" fill="#00abe0" />
    <rect x="48" y="62" width="8" height="8" stroke="none" fill="#00abe0" />
 </svg>
--- a/pom.xml
+++ b/pom.xml
@ -2,57 +2,133 @@
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <name>jVaultConnector</name>
    <groupId>de.stklcode.jvault</groupId>
-    <artifactId>connector</artifactId>
+    <artifactId>jvault-connector</artifactId>
-    <version>0.4.1</version>
+    <version>0.8.1</version>
    <packaging>jar</packaging>
    <name>jVaultConnector</name>
    <description>Connector artifact for Hashicorp's Vault secret management</description>
    <url>https://jvault.stklcode.de</url>
    <inceptionYear>2016</inceptionYear>
    <licenses>
        <license>
            <name>Apache License 2.0</name>
            <url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
            <distribution>repo</distribution>
        </license>
    </licenses>
    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>
    <developers>
        <developer>
            <name>Stefan Kalscheuer</name>
            <email>stefan@stklcode.de</email>
            <timezone>+1</timezone>
        </developer>
    </developers>
    <scm>
        <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
        <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
        <url>https://github.com/stklcode/jvaultconnector</url>
    </scm>
    <issueManagement>
        <system>GitHub Issues</system>
        <url>https://github.com/stklcode/jvaultconnector/issues</url>
    </issueManagement>
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.6.0</version>
+                <version>3.8.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                </configuration>
            </plugin>
        </plugins>
        <pluginManagement>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-clean-plugin</artifactId>
                    <version>3.1.0</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-resources-plugin</artifactId>
                    <version>3.1.0</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-jar-plugin</artifactId>
                    <version>3.1.2</version>
                    <configuration>
                        <archive>
                            <manifestEntries>
                                <Automatic-Module-Name>de.stklcode.jvault.connector</Automatic-Module-Name>
                            </manifestEntries>
                        </archive>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-install-plugin</artifactId>
                    <version>2.5.2</version>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-surefire-plugin</artifactId>
                    <version>2.22.2</version>
                    <configuration>
                        <reuseForks>false</reuseForks>
                    </configuration>
                </plugin>
            </plugins>
        </pluginManagement>
    </build>
    <packaging>jar</packaging>
    <dependencies>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
-            <version>4.4.5</version>
+            <version>4.4.11</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
-            <version>4.5.2</version>
+            <version>4.5.9</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-core</artifactId>
-            <version>2.8.5</version>
+            <version>2.9.9</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
-            <version>2.8.5</version>
+            <version>2.9.9.3</version>
        </dependency>
        <dependency>
-            <groupId>junit</groupId>
+            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit</artifactId>
+            <artifactId>junit-jupiter</artifactId>
-            <version>4.12</version>
+            <version>5.5.1</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter-migrationsupport</artifactId>
            <version>5.5.1</version>
            <scope>test</scope>
        </dependency>
        <dependency>
@ -61,5 +137,100 @@
            <version>2.0.0.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.github.stefanbirkner</groupId>
            <artifactId>system-rules</artifactId>
            <version>1.17.2</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
            <version>3.0.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-inline</artifactId>
            <version>3.0.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
            <version>2.6</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <profiles>
        <profile>
            <id>sources</id>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-source-plugin</artifactId>
                        <version>3.1.0</version>
                        <executions>
                            <execution>
                                <id>attach-sources</id>
                                <goals>
                                    <goal>jar-no-fork</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>
        <profile>
            <id>javadoc</id>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-javadoc-plugin</artifactId>
                        <version>3.1.1</version>
                        <configuration>
                            <source>1.8</source>
                        </configuration>
                        <executions>
                            <execution>
                                <id>attach-javadocs</id>
                                <goals>
                                    <goal>jar</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>
        <profile>
            <id>offline-tests</id>
            <build>
                <pluginManagement>
                    <plugins>
                        <plugin>
                            <groupId>org.apache.maven.plugins</groupId>
                            <artifactId>maven-surefire-plugin</artifactId>
                            <configuration>
                                <excludedGroups>online</excludedGroups>
                            </configuration>
                        </plugin>
                    </plugins>
                </pluginManagement>
            </build>
        </profile>
    </profiles>
 </project>
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,13 +16,16 @@
 package de.stklcode.jvault.connector;
-import de.stklcode.jvault.connector.exception.AuthorizationRequiredException;
+import de.stklcode.jvault.connector.exception.InvalidRequestException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import de.stklcode.jvault.connector.model.*;
 import de.stklcode.jvault.connector.model.response.*;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 /**
 * Vault Connector interface.
@ -31,7 +34,12 @@ import java.util.List;
 * @author Stefan Kalscheuer
 * @since 0.1
 */
-public interface VaultConnector {
+public interface VaultConnector extends AutoCloseable, Serializable {
    /**
     * Default sub-path for Vault secrets.
     */
    String PATH_SECRET = "secret";
    /**
     * Reset authorization information.
     */
@ -41,35 +49,47 @@ public interface VaultConnector {
     * Retrieve status of vault seal.
     *
     * @return Seal status
     * @throws VaultConnectorException on error
     */
-    SealResponse sealStatus();
+    SealResponse sealStatus() throws VaultConnectorException;
    /**
     * Seal vault.
     *
-     * @return TRUE on success
+     * @throws VaultConnectorException on error
     */
-    boolean seal();
+    void seal() throws VaultConnectorException;
    /**
     * Unseal vault.
     *
     * @param key   A single master share key
     * @param reset Discard previously provided keys (optional)
-     * @return TRUE on success
+     * @return Response with seal status
     * @throws VaultConnectorException on error
     */
-    SealResponse unseal(final String key, final Boolean reset);
+    SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;
    /**
     * Unseal vault.
     *
     * @param key A single master share key
-     * @return TRUE on success
+     * @return Response with seal status
     * @throws VaultConnectorException on error
     */
-    default SealResponse unseal(final String key) {
+    default SealResponse unseal(final String key) throws VaultConnectorException {
        return unseal(key, null);
    }
    /**
     * Query server health information.
     *
     * @return Health information.
     * @throws VaultConnectorException on error
     * @since 0.7.0
     */
    HealthResponse getHealth() throws VaultConnectorException;
    /**
     * Get all availale authentication backends.
     *
@ -102,7 +122,7 @@ public interface VaultConnector {
     *
     * @param appID  The App ID
     * @param userID The User ID
-     * @return TRUE on success
+     * @return The {@link AuthResponse}
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #authAppRole} instead.
     */
@ -113,7 +133,7 @@ public interface VaultConnector {
     * Authorize to Vault using AppRole method without secret ID.
     *
     * @param roleID The role ID
-     * @return TRUE on success
+     * @return The {@link AuthResponse}
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
@ -126,7 +146,7 @@ public interface VaultConnector {
     *
     * @param roleID   The role ID
     * @param secretID The secret ID
-     * @return TRUE on success
+     * @return The {@link AuthResponse}
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
@ -138,18 +158,19 @@ public interface VaultConnector {
     * @param appID       The unique App-ID
     * @param policy      The policy to associate with
     * @param displayName Arbitrary name to display
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #createAppRole} instead.
     */
    @Deprecated
-    boolean registerAppId(final String appID, final String policy, final String displayName) throws VaultConnectorException;
+    boolean registerAppId(final String appID, final String policy, final String displayName)
            throws VaultConnectorException;
    /**
     * Register a new AppRole role from given metamodel.
     *
     * @param role The role
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
@ -159,7 +180,7 @@ public interface VaultConnector {
     * Register new AppRole role with default policy.
     *
     * @param roleName The role name
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
@ -172,7 +193,7 @@ public interface VaultConnector {
     *
     * @param roleName The role name
     * @param policies The policies to associate with
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
@ -185,7 +206,7 @@ public interface VaultConnector {
     *
     * @param roleName The role name
     * @param roleID   A custom role ID
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
@ -199,11 +220,12 @@ public interface VaultConnector {
     * @param roleName The role name
     * @param policies The policies to associate with
     * @param roleID   A custom role ID
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
-    default boolean createAppRole(final String roleName, final List<String> policies, final String roleID) throws VaultConnectorException {
+    default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
            throws VaultConnectorException {
        return createAppRole(new AppRoleBuilder(roleName).withPolicies(policies).withId(roleID).build());
    }
@ -211,7 +233,7 @@ public interface VaultConnector {
     * Delete AppRole role from Vault.
     *
     * @param roleName The role anme
-     * @return TRUE on succevss
+     * @return {@code true} on succevss
     * @throws VaultConnectorException on error
     */
    boolean deleteAppRole(final String roleName) throws VaultConnectorException;
@ -241,7 +263,7 @@ public interface VaultConnector {
     *
     * @param roleName The role name
     * @param roleID   The role ID
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
@ -268,7 +290,8 @@ public interface VaultConnector {
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
-    default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException {
+    default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
            throws VaultConnectorException {
        return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
    }
@ -281,7 +304,8 @@ public interface VaultConnector {
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
-    AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) throws VaultConnectorException;
+    AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
            throws VaultConnectorException;
    /**
     * Lookup an AppRole secret.
@ -292,7 +316,8 @@ public interface VaultConnector {
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
-    AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException;
+    AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
            throws VaultConnectorException;
    /**
     * Destroy an AppRole secret.
@ -320,16 +345,17 @@ public interface VaultConnector {
     * @return List of roles
     * @throws VaultConnectorException on error
     */
-    List<String> listAppRoleSecretss(final String roleName) throws VaultConnectorException;
+    List<String> listAppRoleSecrets(final String roleName) throws VaultConnectorException;
    /**
-     * Register User-ID with App-ID
+     * Register User-ID with App-ID.
     *
     * @param appID  The App-ID
     * @param userID The User-ID
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
-     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #createAppRoleSecret} instead.
+     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
     * Consider using {@link #createAppRoleSecret} instead.
     */
    @Deprecated
    boolean registerUserId(final String appID, final String userID) throws VaultConnectorException;
@ -341,56 +367,459 @@ public interface VaultConnector {
     * @param policy      The policy to associate with
     * @param displayName Arbitrary name to display
     * @param userID      The User-ID
-     * @return TRUE on success
+     * @return {@code true} on success
     * @throws VaultConnectorException on error
     * @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
     */
    @Deprecated
-    default boolean registerAppUserId(final String appID, final String policy, final String displayName, final String userID) throws VaultConnectorException {
+    default boolean registerAppUserId(final String appID,
                                      final String policy,
                                      final String displayName,
                                      final String userID) throws VaultConnectorException {
        return registerAppId(appID, policy, userID) && registerUserId(appID, userID);
    }
    /**
-     * Get authorization status
+     * Get authorization status.
     *
     * @return TRUE, if successfully authorized
     */
    boolean isAuthorized();
    /**
-     * Retrieve secret form Vault.
+     * Retrieve any nodes content from Vault.
     *
     * @param key Secret identifier
     * @return Secret response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    SecretResponse read(final String key) throws VaultConnectorException;
    /**
     * Retrieve secret from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to key.
     *
     * @param key Secret identifier
     * @return Secret response
     * @throws VaultConnectorException on error
     */
-    SecretResponse readSecret(final String key) throws VaultConnectorException;
+    default SecretResponse readSecret(final String key) throws VaultConnectorException {
        return read(PATH_SECRET + "/" + key);
    }
    /**
     * Retrieve the latest secret data for specific version from Vault.
     * <br>
     * Prefix "secret/data" is automatically added to key.
     * Only available for KV v2 secrets.
     *
     * @param key Secret identifier
     * @return Secret response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretResponse readSecretData(final String key) throws VaultConnectorException {
        return readSecretVersion(key, null);
    }
    /**
     * Retrieve the latest secret data for specific version from Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mountpoint (without leading or trailing slash).
     * @param key   Secret identifier
     * @return Secret response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretResponse readSecretData(final String mount, final String key) throws VaultConnectorException {
        return readSecretVersion(mount, key, null);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     * Only available for KV v2 secrets.
     *
     * @param key Secret identifier.
     * @param data Secret content. Value must be be JSON serializable.
     * @return Metadata for the created/updated secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretVersionResponse writeSecretData(final String key, final Map<String, Object> data) throws VaultConnectorException {
        return writeSecretData(PATH_SECRET, key, data, null);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mountpoint (without leading or trailing slash).
     * @param key Secret identifier
     * @param data Secret content. Value must be be JSON serializable.
     * @return Metadata for the created/updated secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data) throws VaultConnectorException {
        return writeSecretData(mount, key, data, null);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mountpoint (without leading or trailing slash).
     * @param key Secret identifier
     * @param data Secret content. Value must be be JSON serializable.
     * @param cas  Use Check-And-Set operation, i.e. only allow writing if current version matches this value.
     * @return Metadata for the created/updated secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data, final Integer cas) throws VaultConnectorException;
    /**
     * Retrieve secret data from Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param key     Secret identifier
     * @param version Version to read. If {@code null} or zero, the latest version will be returned.
     * @return Secret response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default SecretResponse readSecretVersion(final String key, final Integer version) throws VaultConnectorException {
        return readSecretVersion(PATH_SECRET, key, version);
    }
    /**
     * Retrieve secret data from Vault.
     * <br>
     * Path {@code <mount>/data/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount   Secret store mountpoint (without leading or trailing slash).
     * @param key     Secret identifier
     * @param version Version to read. If {@code null} or zero, the latest version will be returned.
     * @return Secret responsef
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    SecretResponse readSecretVersion(final String mount, final String key, final Integer version) throws VaultConnectorException;
    /**
     * Retrieve secret metadata from Vault.
     * Path {@code secret/metadata/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param key Secret identifier
     * @return Metadata response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default MetadataResponse readSecretMetadata(final String key) throws VaultConnectorException {
        return readSecretMetadata(PATH_SECRET, key);
    }
    /**
     * Update secret metadata.
     * <br>
     * Path {@code secret/metadata/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param key Secret identifier
     * @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
     * @param casRequired Specify if Check-And-Set is required for this secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default void updateSecretMetadata(final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException {
        updateSecretMetadata(PATH_SECRET, key, maxVersions, casRequired);
    }
    /**
     * Retrieve secret metadata from Vault.
     * <br>
     * Path {@code <mount>/metadata/<key>} is read here.
     * Only available for KV v2 secrets.
     *
     * @param mount Secret store mountpoint (without leading or trailing slash).
     * @param key   Secret identifier
     * @return Metadata response
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    MetadataResponse readSecretMetadata(final String mount, final String key) throws VaultConnectorException;
    /**
     * Update secret metadata.
     * <br>
     * Path {@code <mount>/metadata/<key>} is written here.
     * Only available for KV v2 secrets.
     *
     * @param mount       Secret store mountpoint (without leading or trailing slash).
     * @param key         Secret identifier
     * @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
     * @param casRequired Specify if Check-And-Set is required for this secret.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void updateSecretMetadata(final String mount, final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException;
    /**
     * List available nodes from Vault.
     *
     * @param path Root path to search
     * @return List of secret keys
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    List<String> list(final String path) throws VaultConnectorException;
    /**
     * List available secrets from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     *
     * @param path Root path to search
     * @return List of secret keys
     * @throws VaultConnectorException on error
     */
-    List<String> listSecrets(final String path) throws VaultConnectorException;
+    default List<String> listSecrets(final String path) throws VaultConnectorException {
        return list(PATH_SECRET + "/" + path);
    }
    /**
     * Write simple value to Vault.
     *
     * @param key   Secret path
     * @param value Secret value
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default void write(final String key, final String value) throws VaultConnectorException {
        Map<String, Object> param = new HashMap<>();
        param.put("value", value);
        write(key, param);
    }
    /**
     * Write value to Vault.
     *
     * @param key  Secret path
     * @param data Secret content. Value must be be JSON serializable.
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default void write(final String key, final Map<String, Object> data) throws VaultConnectorException {
        write(key, data, null);
    }
    /**
     * Write value to Vault.
     *
     * @param key     Secret path
     * @param data    Secret content. Value must be be JSON serializable.
     * @param options Secret options (optional).
     * @throws VaultConnectorException on error
     * @since 0.8 {@code options} parameter added
     */
    void write(final String key, final Map<String, Object> data, final Map<String, Object> options) throws VaultConnectorException;
    /**
     * Write secret to Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     *
     * @param key   Secret path
     * @param value Secret value
     * @throws VaultConnectorException on error
     */
-    void writeSecret(final String key, final String value) throws VaultConnectorException;
+    default void writeSecret(final String key, final String value) throws VaultConnectorException {
        Map<String, Object> param = new HashMap<>();
        param.put("value", value);
        writeSecret(key, param);
    }
    /**
     * Write secret to Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     *
     * @param key  Secret path
     * @param data Secret content. Value must be be JSON serializable.
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default void writeSecret(final String key, final Map<String, Object> data) throws VaultConnectorException {
        if (key == null || key.isEmpty()) {
            throw new InvalidRequestException("Secret path must not be empty.");
        }
        write(PATH_SECRET + "/" + key, data);
    }
    /**
     * Delete key from Vault.
     *
     * @param key Secret path
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    void delete(final String key) throws VaultConnectorException;
    /**
     * Delete secret from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     *
     * @param key Secret path
     * @throws VaultConnectorException on error
     */
-    void deleteSecret(final String key) throws VaultConnectorException;
+    default void deleteSecret(final String key) throws VaultConnectorException {
        delete(PATH_SECRET + "/" + key);
    }
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path. Only available for KV v2 stores.
     *
     * @param key Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default void deleteLatestSecretVersion(final String key) throws VaultConnectorException {
        deleteLatestSecretVersion(PATH_SECRET, key);
    }
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Only available for KV v2 stores.
     *
     * @param mount Secret store mountpoint (without leading or trailing slash).
     * @param key   Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteLatestSecretVersion(final String mount, final String key) throws VaultConnectorException;
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     * Only available for KV v2 stores.
     *
     * @param key Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default void deleteAllSecretVersions(final String key) throws VaultConnectorException {
        deleteAllSecretVersions(PATH_SECRET, key);
    }
    /**
     * Delete latest version of a secret from Vault.
     * <br>
     * Prefix {@code secret/} is automatically added to path.
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mountpoint (without leading or trailing slash).
     * @param key Secret path.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteAllSecretVersions(final String mount, final String key) throws VaultConnectorException;
    /**
     * Delete secret versions from Vault.
     * <br>
     * Only available for KV v2 stores.
     *
     * @param key      Secret path.
     * @param versions Versions of the secret to delete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default void deleteSecretVersions(final String key, final int... versions) throws VaultConnectorException {
        deleteSecretVersions(PATH_SECRET, key, versions);
    }
    /**
     * Delete secret versions from Vault.
     * <br>
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mountpoint (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to delete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void deleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
    /**
     * Undelete (restore) secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param key      Secret path.
     * @param versions Versions of the secret to undelete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default void undeleteSecretVersions(final String key, final int... versions) throws VaultConnectorException {
        undeleteSecretVersions(PATH_SECRET, key, versions);
    }
    /**
     * Undelete (restore) secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mountpoint (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to undelete.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void undeleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
    /**
     * Destroy secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param key      Secret path.
     * @param versions Versions of the secret to destroy.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    default void destroySecretVersions(final String key, final int... versions) throws VaultConnectorException {
        destroySecretVersions(PATH_SECRET, key, versions);
    }
    /**
     * Destroy secret versions from Vault.
     * Only available for KV v2 stores.
     *
     * @param mount    Secret store mountpoint (without leading or trailing slash).
     * @param key      Secret path.
     * @param versions Versions of the secret to destroy.
     * @throws VaultConnectorException on error
     * @since 0.8
     */
    void destroySecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
    /**
     * Revoke given lease immediately.
@ -403,7 +832,7 @@ public interface VaultConnector {
    /**
     * Renew lease with given ID.
     *
-     * @param leaseID   the lase ID
+     * @param leaseID the lase ID
     * @return Renewed lease
     * @throws VaultConnectorException on error
     */
@ -458,4 +887,68 @@ public interface VaultConnector {
     * @throws VaultConnectorException on error
     */
    TokenResponse lookupToken(final String token) throws VaultConnectorException;
    /**
     * Read credentials for MySQL backend at default mount point.
     *
     * @param role the role name
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mysql");
    }
    /**
     * Read credentials for PostgreSQL backend at default mount point.
     *
     * @param role the role name
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "postgresql");
    }
    /**
     * Read credentials for MSSQL backend at default mount point.
     *
     * @param role the role name
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mssql");
    }
    /**
     * Read credentials for MSSQL backend at default mount point.
     *
     * @param role the role name
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
        return readDbCredentials(role, "mongodb");
    }
    /**
     * Read credentials for SQL backends.
     *
     * @param role  the role name
     * @param mount mount point of the SQL backend
     * @return the credentials response
     * @throws VaultConnectorException on error
     * @since 0.5.0
     */
    default CredentialsResponse readDbCredentials(final String role, final String mount)
            throws VaultConnectorException {
        return (CredentialsResponse) read(mount + "/creds/" + role);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/builder/HTTPVaultConnectorBuilder.java
+++ b/src/main/java/de/stklcode/jvault/connector/builder/HTTPVaultConnectorBuilder.java
@ -0,0 +1,298 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.builder;
 import de.stklcode.jvault.connector.HTTPVaultConnector;
 import de.stklcode.jvault.connector.exception.ConnectionException;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 /**
 * Vault Connector Factory implementation for HTTP Vault connectors.
 *
 * @author Stefan Kalscheuer
 * @since 0.8.0
 */
 public final class HTTPVaultConnectorBuilder implements VaultConnectorBuilder {
    private static final String ENV_VAULT_ADDR = "VAULT_ADDR";
    private static final String ENV_VAULT_CACERT = "VAULT_CACERT";
    private static final String ENV_VAULT_TOKEN = "VAULT_TOKEN";
    private static final String ENV_VAULT_MAX_RETRIES = "VAULT_MAX_RETRIES";
    public static final String DEFAULT_HOST = "127.0.0.1";
    public static final Integer DEFAULT_PORT = 8200;
    public static final boolean DEFAULT_TLS = true;
    public static final String DEFAULT_TLS_VERSION = "TLSv1.2";
    public static final String DEFAULT_PREFIX = "/v1/";
    public static final int DEFAULT_NUMBER_OF_RETRIES = 0;
    private String host;
    private Integer port;
    private boolean tls;
    private String tlsVersion;
    private String prefix;
    private X509Certificate trustedCA;
    private int numberOfRetries;
    private Integer timeout;
    private String token;
    /**
     * Default empty constructor.
     * Initializes factory with default values.
     */
    public HTTPVaultConnectorBuilder() {
        host = DEFAULT_HOST;
        port = DEFAULT_PORT;
        tls = DEFAULT_TLS;
        tlsVersion = DEFAULT_TLS_VERSION;
        prefix = DEFAULT_PREFIX;
        numberOfRetries = DEFAULT_NUMBER_OF_RETRIES;
    }
    /**
     * Set hostname (default: 127.0.0.1).
     *
     * @param host Hostname or IP address
     * @return self
     */
    public HTTPVaultConnectorBuilder withHost(final String host) {
        this.host = host;
        return this;
    }
    /**
     * Set port (default: 8200).
     *
     * @param port Vault TCP port
     * @return self
     */
    public HTTPVaultConnectorBuilder withPort(final Integer port) {
        this.port = port;
        return this;
    }
    /**
     * Set TLS usage (default: TRUE).
     *
     * @param useTLS use TLS or not
     * @return self
     */
    public HTTPVaultConnectorBuilder withTLS(final boolean useTLS) {
        this.tls = useTLS;
        return this;
    }
    /**
     * Set TLS usage (default: TRUE).
     *
     * @param useTLS  Use TLS or not.
     * @param version Supported TLS version ({@code TLSv1.2}, {@code TLSv1.1}, {@code TLSv1.0}, {@code TLS}).
     * @return self
     * @since 0.8 Added version parameter (#22).
     */
    public HTTPVaultConnectorBuilder withTLS(final boolean useTLS, final String version) {
        this.tls = useTLS;
        this.tlsVersion = version;
        return this;
    }
    /**
     * Convenience Method for TLS usage (enabled by default).
     *
     * @param version Supported TLS version ({@code TLSv1.2}, {@code TLSv1.1}, {@code TLSv1.0}, {@code TLS}).
     * @return self
     * @since 0.8 Added version parameter (#22).
     */
    public HTTPVaultConnectorBuilder withTLS(final String version) {
        return withTLS(true, version);
    }
    /**
     * Convenience Method for TLS usage (enabled by default).
     *
     * @return self
     */
    public HTTPVaultConnectorBuilder withTLS() {
        return withTLS(true);
    }
    /**
     * Convenience Method for NOT using TLS.
     *
     * @return self
     */
    public HTTPVaultConnectorBuilder withoutTLS() {
        return withTLS(false);
    }
    /**
     * Set API prefix. Default is "/v1/" and changes should not be necessary for current state of development.
     *
     * @param prefix Vault API prefix (default: "/v1/"
     * @return self
     */
    public HTTPVaultConnectorBuilder withPrefix(final String prefix) {
        this.prefix = prefix;
        return this;
    }
    /**
     * Add a trusted CA certifiate for HTTPS connections.
     *
     * @param cert path to certificate file
     * @return self
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
    public HTTPVaultConnectorBuilder withTrustedCA(final Path cert) throws VaultConnectorException {
        if (cert != null) {
            return withTrustedCA(certificateFromFile(cert));
        } else {
            this.trustedCA = null;
        }
        return this;
    }
    /**
     * Add a trusted CA certifiate for HTTPS connections.
     *
     * @param cert path to certificate file
     * @return self
     * @since 0.8.0
     */
    public HTTPVaultConnectorBuilder withTrustedCA(final X509Certificate cert) {
        this.trustedCA = cert;
        return this;
    }
    /**
     * Set token for automatic authentication, using {@link #buildAndAuth()}.
     *
     * @param token Vault token
     * @return self
     * @since 0.6.0
     */
    public HTTPVaultConnectorBuilder withToken(final String token) {
        this.token = token;
        return this;
    }
    /**
     * Build connector based on the {@code }VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
     *
     * @return self
     * @throws VaultConnectorException if Vault address from environment variables is malformed
     * @since 0.6.0
     */
    public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
        /* Parse URL from environment variable */
        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
            try {
                URL url = new URL(System.getenv(ENV_VAULT_ADDR));
                this.host = url.getHost();
                this.port = url.getPort();
                this.tls = url.getProtocol().equals("https");
            } catch (MalformedURLException e) {
                throw new ConnectionException("URL provided in environment variable malformed", e);
            }
        }
        /* Read number of retries */
        if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
            try {
                numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
            } catch (NumberFormatException ignored) {
                /* Ignore malformed values. */
            }
        }
        /* Read token */
        token = System.getenv(ENV_VAULT_TOKEN);
        /* Parse certificate, if set */
        if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
            return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
        }
        return this;
    }
    /**
     * Define the number of retries to attempt on 5xx errors.
     *
     * @param numberOfRetries The number of retries to attempt on 5xx errors (default: 0)
     * @return self
     * @since 0.6.0
     */
    public HTTPVaultConnectorBuilder withNumberOfRetries(final int numberOfRetries) {
        this.numberOfRetries = numberOfRetries;
        return this;
    }
    /**
     * Define a custom timeout for the HTTP connection.
     *
     * @param milliseconds Timeout value in milliseconds.
     * @return self
     * @since 0.6.0
     */
    public HTTPVaultConnectorBuilder withTimeout(final int milliseconds) {
        this.timeout = milliseconds;
        return this;
    }
    @Override
    public HTTPVaultConnector build() {
        return new HTTPVaultConnector(host, tls, tlsVersion, port, prefix, trustedCA, numberOfRetries, timeout);
    }
    @Override
    public HTTPVaultConnector buildAndAuth() throws VaultConnectorException {
        if (token == null) {
            throw new ConnectionException("No vault token provided, unable to authenticate.");
        }
        HTTPVaultConnector con = build();
        con.authToken(token);
        return con;
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
     * @param certFile Path to certificate file
     * @return X.509 Certificate object
     * @throws TlsException on error
     * @since 0.4.0
     */
    private X509Certificate certificateFromFile(final Path certFile) throws TlsException {
        try (InputStream is = Files.newInputStream(certFile)) {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
        } catch (IOException | CertificateException e) {
            throw new TlsException("Unable to read certificate.", e);
        }
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/builder/VaultConnectorBuilder.java
+++ b/src/main/java/de/stklcode/jvault/connector/builder/VaultConnectorBuilder.java
@ -0,0 +1,54 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.builder;
 import de.stklcode.jvault.connector.VaultConnector;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 /**
 * Abstract Vault Connector Builder interface.
 * Provides builder style for Vault connectors.
 *
 * @author Stefan Kalscheuer
 * @since 0.8.0
 */
 public interface VaultConnectorBuilder {
    /**
     * Get Factory implementation for HTTP Vault Connector.
     *
     * @return HTTP Connector Factory
     */
    static HTTPVaultConnectorBuilder http() {
        return new HTTPVaultConnectorBuilder();
    }
    /**
     * Build command, produces connector after initialization.
     *
     * @return Vault Connector instance.
     */
    VaultConnector build();
    /**
     * Build connector and authenticate with token set in factory or from environment.
     *
     * @return Authenticated Vault connector instance.
     * @throws VaultConnectorException if authentication failed
     * @since 0.6.0
     */
    VaultConnector buildAndAuth() throws VaultConnectorException;
 }
--- a/src/main/java/de/stklcode/jvault/connector/builder/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/builder/package-info.java
@ -0,0 +1,21 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * This package contains the {@link de.stklcode.jvault.connector.builder.VaultConnectorBuilder} to initialize a
 * connector instance.
 */
 package de.stklcode.jvault.connector.builder;
--- a/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -19,22 +19,41 @@ package de.stklcode.jvault.connector.exception;
 /**
 * Exception thrown on problems with connection to Vault backend.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
 public class ConnectionException extends VaultConnectorException {
    /**
     * Constructs a new empty exception.
     */
    public ConnectionException() {
    }
-    public ConnectionException(String message) {
+    /**
     * Constructs a new exception with the specified detail message.
     *
     * @param message the detail message
     */
    public ConnectionException(final String message) {
        super(message);
    }
-    public ConnectionException(Throwable cause) {
+    /**
     * Constructs a new exception with the specified cause.
     *
     * @param cause the cause
     */
    public ConnectionException(final Throwable cause) {
        super(cause);
    }
-    public ConnectionException(String message, Throwable cause) {
+    /**
     * Constructs a new exception with the specified detail message and cause.
     *
     * @param message the detail message
     * @param cause   the cause
     */
    public ConnectionException(final String message, final Throwable cause) {
        super(message, cause);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -23,18 +23,37 @@ package de.stklcode.jvault.connector.exception;
 * @since   0.1
 */
 public class InvalidRequestException extends VaultConnectorException {
    /**
     * Constructs a new empty exception.
     */
    public InvalidRequestException() {
    }
-    public InvalidRequestException(String message) {
+    /**
     * Constructs a new exception with the specified detail message.
     *
     * @param message the detail message
     */
    public InvalidRequestException(final String message) {
        super(message);
    }
-    public InvalidRequestException(Throwable cause) {
+    /**
     * Constructs a new exception with the specified cause.
     *
     * @param cause the cause
     */
    public InvalidRequestException(final Throwable cause) {
        super(cause);
    }
-    public InvalidRequestException(String message, Throwable cause) {
+    /**
     * Constructs a new exception with the specified detail message and cause.
     *
     * @param message the detail message
     * @param cause   the cause
     */
    public InvalidRequestException(final String message, final Throwable cause) {
        super(message, cause);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -20,42 +20,160 @@ package de.stklcode.jvault.connector.exception;
 * Exception thrown when response from vault returned with erroneous status code or payload could not be parsed
 * to entity class.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
-public class InvalidResponseException extends VaultConnectorException {
+public final class InvalidResponseException extends VaultConnectorException {
-    private Integer statusCode;
+    private final Integer statusCode;
-    private String response;
+    private final String response;
    /**
     * Constructs a new empty exception.
     */
    public InvalidResponseException() {
        this.statusCode = null;
        this.response = null;
    }
-    public InvalidResponseException(String message) {
+    /**
     * Constructs a new exception with the specified detail message.
     *
     * @param message The detail message
     */
    public InvalidResponseException(final String message) {
        super(message);
        this.statusCode = null;
        this.response = null;
    }
-    public InvalidResponseException(Throwable cause) {
+    /**
     * Constructs a new exception with the specified cause.
     *
     * @param cause The cause
     */
    public InvalidResponseException(final Throwable cause) {
        super(cause);
        this.statusCode = null;
        this.response = null;
    }
-    public InvalidResponseException(String message, Throwable cause) {
+    /**
     * Constructs a new exception with the specified detail message and cause.
     *
     * @param message The detail message
     * @param cause   The cause
     */
    public InvalidResponseException(final String message, final Throwable cause) {
        super(message, cause);
        this.statusCode = null;
        this.response = null;
    }
-    public InvalidResponseException withStatusCode(Integer statusCode) {
+    /**
     * Constructs a new exception with the specified detail message and status code.
     * <p>
     * The HTTP status code can be retrieved by {@link #getStatusCode()} later.
     *
     * @param message    The detail message
     * @param statusCode Status code of the HTTP response
     * @since 0.6.2
     */
    public InvalidResponseException(final String message, final Integer statusCode) {
        super(message);
        this.statusCode = statusCode;
-        return this;
+        this.response = null;
    }
-    public InvalidResponseException withResponse(String response) {
+    /**
     * Constructs a new exception with the specified detail message, cause and status code.
     * <p>
     * The HTTP status code can be retrieved by {@link #getStatusCode()} later.
     *
     * @param message    The detail message
     * @param statusCode Status code of the HTTP response
     * @param cause      The cause
     * @since 0.6.2
     */
    public InvalidResponseException(final String message, final Integer statusCode, final Throwable cause) {
        this(message, statusCode, null, cause);
    }
    /**
     * Constructs a new exception with the specified detail message, cause and status code.
     * <p>
     * The HTTP status code can be retrieved by {@link #getStatusCode()} later.
     *
     * @param message    The detail message
     * @param statusCode Status code of the HTTP response
     * @param response   HTTP response string
     * @since 0.6.2
     */
    public InvalidResponseException(final String message,
                                    final Integer statusCode,
                                    final String response) {
        super(message);
        this.statusCode = statusCode;
        this.response = response;
        return this;
    }
    /**
     * Constructs a new exception with the specified detail message, cause and status code.
     * <p>
     * The HTTP status code can be retrieved by {@link #getStatusCode()} later.
     *
     * @param message    The detail message
     * @param statusCode Status code of the HTTP response
     * @param response   HTTP response string
     * @param cause      The cause
     * @since 0.6.2
     */
    public InvalidResponseException(final String message,
                                    final Integer statusCode,
                                    final String response,
                                    final Throwable cause) {
        super(message, cause);
        this.statusCode = statusCode;
        this.response = response;
    }
    /**
     * Specify the HTTP status code. Can be retrieved by {@link #getStatusCode()} later.
     *
     * @param statusCode The status code
     * @return self
     * @deprecated as of 0.6.2, use constructor with status code argument instead
     */
    @Deprecated
    public InvalidResponseException withStatusCode(final Integer statusCode) {
        return new InvalidResponseException(getMessage(), statusCode, getResponse(), getCause());
    }
    /**
     * Specify the response string. Can be retrieved by {@link #getResponse()} later.
     *
     * @param response Response text
     * @return self
     * @deprecated use constructor with response argument instead
     */
    @Deprecated
    public InvalidResponseException withResponse(final String response) {
        return new InvalidResponseException(getMessage(), getStatusCode(), response, getCause());
    }
    /**
     * Retrieve the HTTP status code.
     *
     * @return The status code or {@code null} if none specified.
     */
    public Integer getStatusCode() {
        return statusCode;
    }
    /**
     * Retrieve the response text.
     *
     * @return The response text or {@code null} if none specified.
     */
    public String getResponse() {
        return response;
    }
--- a/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -23,19 +23,38 @@ package de.stklcode.jvault.connector.exception;
 * @since   0.1
 */
 public class PermissionDeniedException extends VaultConnectorException {
    /**
     * Constructs a new empty exception.
     */
    public PermissionDeniedException() {
        super("Permission denied");
    }
-    public PermissionDeniedException(String message) {
+    /**
     * Constructs a new exception with the specified detail message.
     *
     * @param message the detail message
     */
    public PermissionDeniedException(final String message) {
        super(message);
    }
-    public PermissionDeniedException(Throwable cause) {
+    /**
     * Constructs a new exception with the specified cause.
     *
     * @param cause the cause
     */
    public PermissionDeniedException(final Throwable cause) {
        super(cause);
    }
-    public PermissionDeniedException(String message, Throwable cause) {
+    /**
     * Constructs a new exception with the specified detail message and cause.
     *
     * @param message the detail message
     * @param cause   the cause
     */
    public PermissionDeniedException(final String message, final Throwable cause) {
        super(message, cause);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -23,29 +23,37 @@ package de.stklcode.jvault.connector.exception;
 * @since   0.4.0
 */
 public class TlsException extends VaultConnectorException {
-    private Integer statusCode;
+    /**
-    private String response;
+     * Constructs a new empty exception.
-
+     */
    public TlsException() {
    }
-    public TlsException(String message) {
+    /**
     * Constructs a new exception with the specified detail message.
     *
     * @param message the detail message
     */
    public TlsException(final String message) {
        super(message);
    }
-    public TlsException(Throwable cause) {
+    /**
     * Constructs a new exception with the specified cause.
     *
     * @param cause the cause
     */
    public TlsException(final Throwable cause) {
        super(cause);
    }
-    public TlsException(String message, Throwable cause) {
+    /**
     * Constructs a new exception with the specified detail message and cause.
     *
     * @param message the detail message
     * @param cause   the cause
     */
    public TlsException(final String message, final Throwable cause) {
        super(message, cause);
    }
    public Integer getStatusCode() {
        return statusCode;
    }
    public String getResponse() {
        return response;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -23,18 +23,37 @@ package de.stklcode.jvault.connector.exception;
 * @since   0.1
 */
 public abstract class VaultConnectorException extends Exception {
    /**
     * Constructs a new empty exception.
     */
    public VaultConnectorException() {
    }
-    public VaultConnectorException(String message) {
+    /**
     * Constructs a new exception with the specified detail message.
     *
     * @param message the detail message
     */
    public VaultConnectorException(final String message) {
        super(message);
    }
-    public VaultConnectorException(Throwable cause) {
+    /**
     * Constructs a new exception with the specified cause.
     *
     * @param cause the cause
     */
    public VaultConnectorException(final Throwable cause) {
        super(cause);
    }
-    public VaultConnectorException(String message, Throwable cause) {
+    /**
     * Constructs a new exception with the specified detail message and cause.
     *
     * @param message the detail message
     * @param cause   the cause
     */
    public VaultConnectorException(final String message, final Throwable cause) {
        super(message, cause);
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/exception/package-info.java
@ -0,0 +1,20 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Some custom exceptions for error handling.
 */
 package de.stklcode.jvault.connector.exception;
--- a/src/main/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactory.java
+++ b/src/main/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactory.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -17,19 +17,11 @@
 package de.stklcode.jvault.connector.factory;
 import de.stklcode.jvault.connector.HTTPVaultConnector;
-import de.stklcode.jvault.connector.exception.TlsException;
+import de.stklcode.jvault.connector.builder.HTTPVaultConnectorBuilder;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.*;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 /**
@ -37,65 +29,56 @@ import java.security.cert.X509Certificate;
 *
 * @author Stefan Kalscheuer
 * @since 0.1
 * @deprecated As of 0.8.0 please refer to {@link de.stklcode.jvault.connector.builder.HTTPVaultConnectorBuilder} with identical API.
 */
-public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
+@Deprecated
-    public static final String DEFAULT_HOST = "127.0.0.1";
+public final class HTTPVaultConnectorFactory extends VaultConnectorFactory {
    public static final Integer DEFAULT_PORT = 8200;
    public static final boolean DEFAULT_TLS = true;
    public static final String DEFAULT_PREFIX = "/v1/";
-    private String host;
+    private final HTTPVaultConnectorBuilder delegate;
    private Integer port;
    private boolean tls;
    private String prefix;
    private SSLContext sslContext;
    /**
     * Default empty constructor.
     * Initializes factory with default values.
     */
    public HTTPVaultConnectorFactory() {
-        host = DEFAULT_HOST;
+        delegate = new HTTPVaultConnectorBuilder();
        port = DEFAULT_PORT;
        tls = DEFAULT_TLS;
        prefix = DEFAULT_PREFIX;
    }
    /**
-     * Set hostname (default: 127.0.0.1)
+     * Set hostname (default: 127.0.0.1).
     *
     * @param host Hostname or IP address
     * @return self
     */
-    public HTTPVaultConnectorFactory withHost(String host) {
+    public HTTPVaultConnectorFactory withHost(final String host) {
-        this.host = host;
+        delegate.withHost(host);
        return this;
    }
    /**
-     * Set port (default: 8200)
+     * Set port (default: 8200).
     *
     * @param port Vault TCP port
     * @return self
     */
-    public HTTPVaultConnectorFactory withPort(Integer port) {
+    public HTTPVaultConnectorFactory withPort(final Integer port) {
-        this.port = port;
+        delegate.withPort(port);
        return this;
    }
    /**
-     * Set TLS usage (default: TRUE)
+     * Set TLS usage (default: TRUE).
     *
     * @param useTLS use TLS or not
     * @return self
     */
-    public HTTPVaultConnectorFactory withTLS(boolean useTLS) {
+    public HTTPVaultConnectorFactory withTLS(final boolean useTLS) {
-        this.tls = useTLS;
+        delegate.withTLS(useTLS);
        return this;
    }
    /**
-     * Convenience Method for TLS usage (enabled by default)
+     * Convenience Method for TLS usage (enabled by default).
     *
     * @return self
     */
@ -104,7 +87,7 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
    }
    /**
-     * Convenience Method for NOT using TLS
+     * Convenience Method for NOT using TLS.
     *
     * @return self
     */
@ -118,8 +101,8 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
     * @param prefix Vault API prefix (default: "/v1/"
     * @return self
     */
-    public HTTPVaultConnectorFactory withPrefix(String prefix) {
+    public HTTPVaultConnectorFactory withPrefix(final String prefix) {
-        this.prefix = prefix;
+        delegate.withPrefix(prefix);
        return this;
    }
@ -131,9 +114,20 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
     * @throws VaultConnectorException on error
     * @since 0.4.0
     */
-    public HTTPVaultConnectorFactory withTrustedCA(Path cert) throws VaultConnectorException {
+    public HTTPVaultConnectorFactory withTrustedCA(final Path cert) throws VaultConnectorException {
-        if (cert != null)
+        delegate.withTrustedCA(cert);
-            return withSslContext(createSslContext(cert));
+        return this;
    }
    /**
     * Add a trusted CA certifiate for HTTPS connections.
     *
     * @param cert path to certificate file
     * @return self
     * @since 0.8.0
     */
    public HTTPVaultConnectorFactory withTrustedCA(final X509Certificate cert) {
        delegate.withTrustedCA(cert);
        return this;
    }
@ -144,71 +138,67 @@ public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
     * @param sslContext the SSL context
     * @return self
     * @since 0.4.0
     * @deprecated As of 0.8.0 this is no longer supported, please use {@link #withTrustedCA(Path)} or {@link #withTrustedCA(X509Certificate)}.
     */
-    public HTTPVaultConnectorFactory withSslContext(SSLContext sslContext) {
+    public HTTPVaultConnectorFactory withSslContext(final SSLContext sslContext) {
-        this.sslContext = sslContext;
+        throw new UnsupportedOperationException("Use of deprecated method, please switch to withTrustedCA()");
    }
    /**
     * Set token for automatic authentication, using {@link #buildAndAuth()}.
     *
     * @param token Vault token
     * @return self
     * @since 0.6.0
     */
    public HTTPVaultConnectorFactory withToken(final String token) {
        delegate.withToken(token);
        return this;
    }
    /**
     * Build connector based on the {@code }VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
     *
     * @return self
     * @throws VaultConnectorException if Vault address from environment variables is malformed
     * @since 0.6.0
     */
    public HTTPVaultConnectorFactory fromEnv() throws VaultConnectorException {
        delegate.fromEnv();
        return this;
    }
    /**
     * Define the number of retries to attempt on 5xx errors.
     *
     * @param numberOfRetries The number of retries to attempt on 5xx errors (default: 0)
     * @return self
     * @since 0.6.0
     */
    public HTTPVaultConnectorFactory withNumberOfRetries(final int numberOfRetries) {
        delegate.withNumberOfRetries(numberOfRetries);
        return this;
    }
    /**
     * Define a custom timeout for the HTTP connection.
     *
     * @param milliseconds Timeout value in milliseconds.
     * @return self
     * @since 0.6.0
     */
    public HTTPVaultConnectorFactory withTimeout(final int milliseconds) {
        delegate.withTimeout(milliseconds);
        return this;
    }
    @Override
    public HTTPVaultConnector build() {
-        return new HTTPVaultConnector(host, tls, port, prefix, sslContext);
+        return delegate.build();
    }
-    /**
+    @Override
-     * Create SSL Context trusting only provided certificate.
+    public HTTPVaultConnector buildAndAuth() throws VaultConnectorException {
-     *
+        return delegate.buildAndAuth();
     * @param trustedCert Path to trusted CA certificate
     * @return SSL context
     * @throws TlsException on errors
     * @since 0.4.0
     */
    private SSLContext createSslContext(Path trustedCert) throws TlsException {
        try {
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, createTrustManager(trustedCert), new SecureRandom());
            return context;
        } catch (NoSuchAlgorithmException | KeyManagementException e) {
            throw new TlsException("Unable to intialize SSLContext", e);
        }
    }
    /**
     * Create a custom TrustManager for given CA certificate file.
     *
     * @param trustedCert Path to trusted CA certificate
     * @return TrustManger
     * @throws TlsException on error
     * @since 0.4.0
     */
    private TrustManager[] createTrustManager(Path trustedCert) throws TlsException {
        try {
            /* Create Keystore with trusted certificate */
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("trustedCert", certificateFromFile(trustedCert));
            /* Initialize TrustManager */
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(keyStore);
            return tmf.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
            throw new TlsException("Unable to initialize TrustManager", e);
        }
    }
    /**
     * Read given certificate file to X.509 certificate.
     *
     * @param certFile Path to certificate file
     * @return X.509 Certificate object
     * @throws TlsException on error
     * @since 0.4.0
     */
    private X509Certificate certificateFromFile(Path certFile) throws TlsException {
        try (InputStream is = Files.newInputStream(certFile)) {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
        } catch (IOException | CertificateException e) {
            throw new TlsException("Unable to read certificate.", e);
        }
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/factory/VaultConnectorFactory.java
+++ b/src/main/java/de/stklcode/jvault/connector/factory/VaultConnectorFactory.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,28 +16,27 @@
 package de.stklcode.jvault.connector.factory;
-import de.stklcode.jvault.connector.VaultConnector;
+import de.stklcode.jvault.connector.builder.VaultConnectorBuilder;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 /**
 * Abstract Vault Connector Factory interface.
 * Provides builder pattern style factory for Vault connectors.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 * @deprecated As of 0.8.0 please refer to {@link VaultConnectorBuilder} with identical API.
 */
-public abstract class VaultConnectorFactory {
+@Deprecated
 public abstract class VaultConnectorFactory implements VaultConnectorBuilder {
    /**
-     * Get Factory implementation for HTTP Vault Connector
+     * Get Factory implementation for HTTP Vault Connector.
-     * @return  HTTP Connector Factory
+     *
     * @return HTTP Connector Factory
     * @deprecated As of 0.8.0 please refer to {@link VaultConnectorBuilder#http()}.
     */
    @Deprecated
    public static HTTPVaultConnectorFactory httpFactory() {
        return new HTTPVaultConnectorFactory();
    }
    /**
     * Build command, produces connector after initialization.
     * @return  Vault Connector instance.
     */
    public abstract VaultConnector build();
 }
--- a/src/main/java/de/stklcode/jvault/connector/factory/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/factory/package-info.java
@ -0,0 +1,23 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * This package contains the {@link de.stklcode.jvault.connector.factory.VaultConnectorFactory} to initialize a
 * connector instance.
 *
 * @deprecated As of v0.8.0 please refer to {@link de.stklcode.jvault.connector.builder}.
 */
 package de.stklcode.jvault.connector.factory;
--- a/src/main/java/de/stklcode/jvault/connector/internal/Error.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/Error.java
@ -0,0 +1,38 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.internal;
 /**
 * Utility class to bundle common error messages.
 *
 * @author Stefan Kalscheuer
 * @since 0.8 Extracted from static inner class.
 */
 final class Error {
    static final String READ_RESPONSE = "Unable to read response";
    static final String PARSE_RESPONSE = "Unable to parse response";
    static final String UNEXPECTED_RESPONSE = "Received response where none was expected";
    static final String URI_FORMAT = "Invalid URI format";
    static final String RESPONSE_CODE = "Invalid response code";
    static final String INIT_SSL_CONTEXT = "Unable to intialize SSLContext";
    /**
     * Constructor hidden, this class should not be instantiated.
     */
    private Error() {
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
+++ b/src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
@ -0,0 +1,433 @@
 package de.stklcode.jvault.connector.internal;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.*;
 import de.stklcode.jvault.connector.model.response.ErrorResponse;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.*;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.util.EntityUtils;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
 import java.io.*;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.security.*;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Map;
 import java.util.stream.Collectors;
 /**
 * Helper class to bundle Vault HTTP requests.
 *
 * @author Stefan Kalscheuer
 * @since 0.8 Extracted methods from {@link de.stklcode.jvault.connector.HTTPVaultConnector}.
 */
 public final class RequestHelper implements Serializable {
    private static final String HEADER_VAULT_TOKEN = "X-Vault-Token";
    private final String baseURL;                   // Base URL of Vault.
    private final Integer timeout;                  // Timeout in milliseconds.
    private final int retries;                      // Number of retries on 5xx errors.
    private final String tlsVersion;                // TLS version (#22).
    private final X509Certificate trustedCaCert;    // Trusted CA certificate.
    private final ObjectMapper jsonMapper;
    /**
     * Constructor of the request helper.
     *
     * @param baseURL       The URL
     * @param retries       Number of retries on 5xx errors
     * @param timeout       Timeout for HTTP requests (milliseconds)
     * @param tlsVersion    TLS Version.
     * @param trustedCaCert Trusted CA certificate
     */
    public RequestHelper(final String baseURL,
                         final int retries,
                         final Integer timeout,
                         final String tlsVersion,
                         final X509Certificate trustedCaCert) {
        this.baseURL = baseURL;
        this.retries = retries;
        this.timeout = timeout;
        this.tlsVersion = tlsVersion;
        this.trustedCaCert = trustedCaCert;
        this.jsonMapper = new ObjectMapper();
    }
    /**
     * Execute HTTP request using POST method.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     * @since 0.8 Added {@code token} parameter.
     */
    public String post(final String path, final Object payload, final String token) throws VaultConnectorException {
        /* Initialize post */
        HttpPost post = new HttpPost(baseURL + path);
        /* generate JSON from payload */
        StringEntity input;
        try {
            input = new StringEntity(jsonMapper.writeValueAsString(payload), StandardCharsets.UTF_8);
        } catch (JsonProcessingException e) {
            throw new InvalidRequestException(Error.PARSE_RESPONSE, e);
        }
        input.setContentEncoding("UTF-8");
        input.setContentType("application/json");
        post.setEntity(input);
        /* Set X-Vault-Token header */
        if (token != null) {
            post.addHeader(HEADER_VAULT_TOKEN, token);
        }
        return request(post, retries);
    }
    /**
     * Execute HTTP request using POST method and parse JSON result.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @param target  Target class.
     * @param <T>     Target type.
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     * @since 0.8
     */
    public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
            throws VaultConnectorException {
        try {
            String response = post(path, payload, token);
            return jsonMapper.readValue(response, target);
        } catch (IOException e) {
            throw new InvalidResponseException(Error.PARSE_RESPONSE, e);
        }
    }
    /**
     * Execute HTTP request using POST method and expect empty (204) response.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @throws VaultConnectorException on connection error
     * @since 0.8
     */
    public void postWithoutResponse(final String path, final Object payload, final String token) throws VaultConnectorException {
        if (!post(path, payload, token).isEmpty()) {
            throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
        }
    }
    /**
     * Execute HTTP request using PUT method.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     * @since 0.8 Added {@code token} parameter.
     */
    public String put(final String path, final Map<String, String> payload, final String token) throws VaultConnectorException {
        /* Initialize put */
        HttpPut put = new HttpPut(baseURL + path);
        /* generate JSON from payload */
        StringEntity entity = null;
        try {
            entity = new StringEntity(jsonMapper.writeValueAsString(payload));
        } catch (UnsupportedEncodingException | JsonProcessingException e) {
            throw new InvalidRequestException("Payload serialization failed", e);
        }
        /* Parse parameters */
        put.setEntity(entity);
        /* Set X-Vault-Token header */
        if (token != null) {
            put.addHeader(HEADER_VAULT_TOKEN, token);
        }
        return request(put, retries);
    }
    /**
     * Execute HTTP request using PUT method and parse JSON result.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @param target  Target class.
     * @param <T>     Target type.
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     * @since 0.8
     */
    public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
            throws VaultConnectorException {
        try {
            String response = put(path, payload, token);
            return jsonMapper.readValue(response, target);
        } catch (IOException e) {
            throw new InvalidResponseException(Error.PARSE_RESPONSE, e);
        }
    }
    /**
     * Execute HTTP request using PUT method and expect empty (204) response.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @throws VaultConnectorException on connection error
     * @since 0.8
     */
    public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
            throws VaultConnectorException {
        if (!put(path, payload, token).isEmpty()) {
            throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
        }
    }
    /**
     * Execute HTTP request using DELETE method.
     *
     * @param path  URL path (relative to base).
     * @param token Vault token (may be {@code null}).
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     * @since 0.8 Added {@code token} parameter.
     */
    public String delete(final String path, final String token) throws VaultConnectorException {
        /* Initialize delete */
        HttpDelete delete = new HttpDelete(baseURL + path);
        /* Set X-Vault-Token header */
        if (token != null) {
            delete.addHeader(HEADER_VAULT_TOKEN, token);
        }
        return request(delete, retries);
    }
    /**
     * Execute HTTP request using DELETE method and expect empty (204) response.
     *
     * @param path  URL path (relative to base).
     * @param token Vault token (may be {@code null}).
     * @throws VaultConnectorException on connection error
     * @since 0.8
     */
    public void deleteWithoutResponse(final String path, final String token) throws VaultConnectorException {
        if (!delete(path, token).isEmpty()) {
            throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
        }
    }
    /**
     * Execute HTTP request using GET method.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     * @since 0.8 Added {@code token} parameter.
     */
    public String get(final String path, final Map<String, String> payload, final String token)
            throws VaultConnectorException {
        HttpGet get;
        try {
            /* Add parameters to URI */
            URIBuilder uriBuilder = new URIBuilder(baseURL + path);
            payload.forEach(uriBuilder::addParameter);
            /* Initialize request */
            get = new HttpGet(uriBuilder.build());
        } catch (URISyntaxException e) {
            /* this should never occur and may leak sensible information */
            throw new InvalidRequestException(Error.URI_FORMAT);
        }
        /* Set X-Vault-Token header */
        if (token != null) {
            get.addHeader(HEADER_VAULT_TOKEN, token);
        }
        return request(get, retries);
    }
    /**
     * Execute HTTP request using GET method and parse JSON result to target class.
     *
     * @param path    URL path (relative to base).
     * @param payload Map of payload values (will be converted to JSON).
     * @param token   Vault token (may be {@code null}).
     * @param target  Target class.
     * @param <T>     Target type.
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     * @since 0.8
     */
    public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
            throws VaultConnectorException {
        try {
            String response = get(path, payload, token);
            return jsonMapper.readValue(response, target);
        } catch (IOException e) {
            throw new InvalidResponseException(Error.PARSE_RESPONSE, e);
        }
    }
    /**
     * Execute prepared HTTP request and return result.
     *
     * @param base    Prepares Request
     * @param retries number of retries
     * @return HTTP response
     * @throws VaultConnectorException on connection error
     */
    private String request(final HttpRequestBase base, final int retries) throws VaultConnectorException {
        /* Set JSON Header */
        base.addHeader("accept", "application/json");
        CloseableHttpResponse response = null;
        try (CloseableHttpClient httpClient = HttpClientBuilder.create()
                .setSSLSocketFactory(createSSLSocketFactory())
                .build()) {
            /* Set custom timeout, if defined */
            if (this.timeout != null) {
                base.setConfig(RequestConfig.copy(RequestConfig.DEFAULT).setConnectTimeout(timeout).build());
            }
            /* Execute request */
            response = httpClient.execute(base);
            /* Check if response is valid */
            if (response == null) {
                throw new InvalidResponseException("Response unavailable");
            }
            switch (response.getStatusLine().getStatusCode()) {
                case 200:
                    return handleResult(response);
                case 204:
                    return "";
                case 403:
                    throw new PermissionDeniedException();
                default:
                    if (response.getStatusLine().getStatusCode() >= 500
                            && response.getStatusLine().getStatusCode() < 600 && retries > 0) {
                        /* Retry on 5xx errors */
                        return request(base, retries - 1);
                    } else {
                        /* Fail on different error code and/or no retries left */
                        handleError(response);
                        /* Throw exception withoud details, if response entity is empty. */
                        throw new InvalidResponseException(Error.RESPONSE_CODE,
                                response.getStatusLine().getStatusCode());
                    }
            }
        } catch (IOException e) {
            throw new InvalidResponseException(Error.READ_RESPONSE, e);
        } finally {
            if (response != null && response.getEntity() != null) {
                try {
                    EntityUtils.consume(response.getEntity());
                } catch (IOException ignored) {
                    // Exception ignored.
                }
            }
        }
    }
    /**
     * Create a custom socket factory from trusted CA certificate.
     *
     * @return The factory.
     * @throws TlsException An error occured during initialization of the SSL context.
     * @since 0.8.0
     */
    private SSLConnectionSocketFactory createSSLSocketFactory() throws TlsException {
        try {
            // Create Keystore with trusted certificate.
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("trustedCert", trustedCaCert);
            // Initialize TrustManager.
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(keyStore);
            // Create context usint this TrustManager.
            SSLContext context = SSLContext.getInstance(tlsVersion);
            context.init(null, tmf.getTrustManagers(), new SecureRandom());
            return new SSLConnectionSocketFactory(
                    context,
                    null,
                    null,
                    SSLConnectionSocketFactory.getDefaultHostnameVerifier()
            );
        } catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException | KeyManagementException e) {
            throw new TlsException(Error.INIT_SSL_CONTEXT, e);
        }
    }
    /**
     * Handle successful result.
     *
     * @param response The raw HTTP response (assuming status code 200)
     * @return Complete response body as String
     * @throws InvalidResponseException on reading errors
     */
    private String handleResult(final HttpResponse response) throws InvalidResponseException {
        try (BufferedReader br = new BufferedReader(
                new InputStreamReader(response.getEntity().getContent()))) {
            return br.lines().collect(Collectors.joining("\n"));
        } catch (IOException ignored) {
            throw new InvalidResponseException(Error.READ_RESPONSE, 200);
        }
    }
    /**
     * Handle unsuccessful response. Throw detailed exception if possible.
     *
     * @param response The raw HTTP response (assuming status code 5xx)
     * @throws VaultConnectorException Expected exception with details to throw
     */
    private void handleError(final HttpResponse response) throws VaultConnectorException {
        if (response.getEntity() != null) {
            try (BufferedReader br = new BufferedReader(
                    new InputStreamReader(response.getEntity().getContent()))) {
                String responseString = br.lines().collect(Collectors.joining("\n"));
                ErrorResponse er = jsonMapper.readValue(responseString, ErrorResponse.class);
                /* Check for "permission denied" response */
                if (!er.getErrors().isEmpty() && er.getErrors().get(0).equals("permission denied")) {
                    throw new PermissionDeniedException();
                }
                throw new InvalidResponseException(Error.RESPONSE_CODE,
                        response.getStatusLine().getStatusCode(), er.toString());
            } catch (IOException ignored) {
                // Exception ignored.
            }
        }
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRole.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.annotation.*;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import java.util.List;
@ -28,7 +27,18 @@ import java.util.List;
 * @since 0.4.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRole {
+public final class AppRole {
    /**
     * Get {@link AppRoleBuilder} instance.
     *
     * @param name Role name.
     * @return AppRole Builder.
     * @since 0.8
     */
    public static AppRoleBuilder builder(final String name) {
        return new AppRoleBuilder(name);
    }
    @JsonProperty("role_name")
    private String name;
@ -42,6 +52,8 @@ public class AppRole {
    private List<String> boundCidrList;
    private List<String> secretIdBoundCidrs;
    private List<String> policies;
    @JsonProperty("secret_id_num_uses")
@ -64,15 +76,34 @@ public class AppRole {
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private Integer period;
    /**
     * Construct empty {@link AppRole} object.
     */
    public AppRole() {
    }
-    public AppRole(String name, String id, Boolean bindSecretId, List<String> boundCidrList, List<String> policies, Integer secretIdNumUses, Integer secretIdTtl, Integer tokenTtl, Integer tokenMaxTtl, Integer period) {
+    /**
     * Construct complete {@link AppRole} object.
     *
     * @param name               Role name (required)
     * @param id                 Role ID (optional)
     * @param bindSecretId       Bind secret ID (optional)
     * @param secretIdBoundCidrs Whitelist of subnets in CIDR notation (optional)
     * @param policies           List of policies (optional)
     * @param secretIdNumUses    Maximum number of uses per secret (optional)
     * @param secretIdTtl        Maximum TTL in seconds for secrets (optional)
     * @param tokenTtl           Token TTL in seconds (optional)
     * @param tokenMaxTtl        Maximum token TTL in seconds, including renewals (optional)
     * @param period             Duration in seconds, if set the token is a periodic token (optional)
     */
    public AppRole(final String name, final String id, final Boolean bindSecretId, final List<String> secretIdBoundCidrs,
                   final List<String> policies, final Integer secretIdNumUses, final Integer secretIdTtl,
                   final Integer tokenTtl, final Integer tokenMaxTtl, final Integer period) {
        this.name = name;
        this.id = id;
        this.bindSecretId = bindSecretId;
-        this.boundCidrList = boundCidrList;
+        this.secretIdBoundCidrs = secretIdBoundCidrs;
        this.policies = policies;
        this.secretIdNumUses = secretIdNumUses;
        this.secretIdTtl = secretIdTtl;
@ -81,68 +112,181 @@ public class AppRole {
        this.period = period;
    }
    /**
     * Construct complete {@link AppRole} object.
     * <p>
     * This constructor is used for transition from {@code bound_cidr_list} to {@code secret_id_bound_cidrs} only.
     *
     * @param name               Role name (required)
     * @param id                 Role ID (optional)
     * @param bindSecretId       Bind secret ID (optional)
     * @param boundCidrList      Whitelist of subnets in CIDR notation (optional)
     * @param secretIdBoundCidrs Whitelist of subnets in CIDR notation (optional)
     * @param policies           List of policies (optional)
     * @param secretIdNumUses    Maximum number of uses per secret (optional)
     * @param secretIdTtl        Maximum TTL in seconds for secrets (optional)
     * @param tokenTtl           Token TTL in seconds (optional)
     * @param tokenMaxTtl        Maximum token TTL in seconds, including renewals (optional)
     * @param period             Duration in seconds, if set the token is a periodic token (optional)
     */
    AppRole(final String name, final String id, final Boolean bindSecretId, final List<String> boundCidrList,
            final List<String> secretIdBoundCidrs, final List<String> policies, final Integer secretIdNumUses,
            final Integer secretIdTtl, final Integer tokenTtl, final Integer tokenMaxTtl, final Integer period) {
        this.name = name;
        this.id = id;
        this.bindSecretId = bindSecretId;
        this.boundCidrList = boundCidrList;
        this.secretIdBoundCidrs = secretIdBoundCidrs;
        this.policies = policies;
        this.secretIdNumUses = secretIdNumUses;
        this.secretIdTtl = secretIdTtl;
        this.tokenTtl = tokenTtl;
        this.tokenMaxTtl = tokenMaxTtl;
        this.period = period;
    }
    /**
     * @return the role name
     */
    public String getName() {
        return name;
    }
    /**
     * @return the role ID
     */
    public String getId() {
        return id;
    }
    /**
     * @return bind secret ID
     */
    public Boolean getBindSecretId() {
        return bindSecretId;
    }
    /**
     * @return list of bound CIDR subnets
     * @deprecated Use {@link #getSecretIdBoundCidrs()} instead, as this parameter is deprecated in Vault.
     */
    @Deprecated
    public List<String> getBoundCidrList() {
        return boundCidrList;
    }
    /**
     * @param boundCidrList list of subnets in CIDR notation to bind role to
     * @deprecated Use {@link #setSecretIdBoundCidrs(List)} instead, as this parameter is deprecated in Vault.
     */
    @Deprecated
    @JsonSetter("bound_cidr_list")
-    public void setBoundCidrList(List<String> boundCidrList) {
+    public void setBoundCidrList(final List<String> boundCidrList) {
        this.boundCidrList = boundCidrList;
    }
    /**
     * @return list of subnets in CIDR notation as comma-separated {@link String}
     * @deprecated Use {@link #getSecretIdBoundCidrsString()} instead, as this parameter is deprecated in Vault.
     */
    @Deprecated
    @JsonGetter("bound_cidr_list")
    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    public String getBoundCidrListString() {
-        if (boundCidrList == null || boundCidrList.isEmpty())
+        if (boundCidrList == null || boundCidrList.isEmpty()) {
            return "";
        }
        return String.join(",", boundCidrList);
    }
    /**
     * @return list of bound CIDR subnets
     * @since 0.8 replaces {@link #getBoundCidrList()}
     */
    public List<String> getSecretIdBoundCidrs() {
        return secretIdBoundCidrs;
    }
    /**
     * @param secretIdBoundCidrs List of subnets in CIDR notation to bind secrets of this role to.
     * @since 0.8 replaces {@link #setBoundCidrList(List)}
     */
    @JsonSetter("secret_id_bound_cidrs")
    public void setSecretIdBoundCidrs(final List<String> secretIdBoundCidrs) {
        this.secretIdBoundCidrs = secretIdBoundCidrs;
    }
    /**
     * @return List of subnets in CIDR notation as comma-separated {@link String}
     * @since 0.8 replaces {@link #getBoundCidrListString()} ()}
     */
    @JsonGetter("secret_id_bound_cidrs")
    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    public String getSecretIdBoundCidrsString() {
        if (secretIdBoundCidrs == null || secretIdBoundCidrs.isEmpty()) {
            return "";
        }
        return String.join(",", secretIdBoundCidrs);
    }
    /**
     * @return list of policies
     */
    public List<String> getPolicies() {
        return policies;
    }
    /**
     * @param policies list of policies
     */
    @JsonSetter("policies")
-    public void setPolicies(List<String> policies) {
+    public void setPolicies(final List<String> policies) {
        this.policies = policies;
    }
    /**
     * @return list of policies as comma-separated {@link String}
     */
    @JsonGetter("policies")
    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    public String getPoliciesString() {
-        if (policies == null || policies.isEmpty())
+        if (policies == null || policies.isEmpty()) {
            return "";
        }
        return String.join(",", policies);
    }
    /**
     * @return maximum number of uses per secret
     */
    public Integer getSecretIdNumUses() {
        return secretIdNumUses;
    }
    /**
     * @return maximum TTL in seconds for secrets
     */
    public Integer getSecretIdTtl() {
        return secretIdTtl;
    }
    /**
     * @return token TTL in seconds
     */
    public Integer getTokenTtl() {
        return tokenTtl;
    }
    /**
     * @return maximum token TTL in seconds, including renewals
     */
    public Integer getTokenMaxTtl() {
        return tokenMaxTtl;
    }
    /**
     * @return duration in seconds, if specified
     */
    public Integer getPeriod() {
        return period;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRoleBuilder.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRoleBuilder.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -25,11 +25,12 @@ import java.util.List;
 * @author Stefan Kalscheuer
 * @since 0.4.0
 */
-public class AppRoleBuilder {
+public final class AppRoleBuilder {
    private String name;
    private String id;
    private Boolean bindSecretId;
    private List<String> boundCidrList;
    private List<String> secretIdBoundCidrs;
    private List<String> policies;
    private Integer secretIdNumUses;
    private Integer secretIdTtl;
@ -37,12 +38,17 @@ public class AppRoleBuilder {
    private Integer tokenMaxTtl;
    private Integer period;
-    public AppRoleBuilder(String name) {
+    /**
     * Construct {@link AppRoleBuilder} with only the role name set.
     *
     * @param name Role name
     */
    public AppRoleBuilder(final String name) {
        this.name = name;
    }
    /**
-     * Add custom role ID (optional)
+     * Add custom role ID. (optional)
     *
     * @param id the ID
     * @return self
@ -53,7 +59,7 @@ public class AppRoleBuilder {
    }
    /**
-     * Set if role is bound to secret ID
+     * Set if role is bound to secret ID.
     *
     * @param bindSecretId the display name
     * @return self
@ -88,12 +94,26 @@ public class AppRoleBuilder {
     *
     * @param boundCidrList List of CIDR blocks which can perform login
     * @return self
     * @deprecated Use {@link #withSecretIdBoundCidrs(List)} instead, as this parameter is deprecated in Vault.
     */
    @Deprecated
    public AppRoleBuilder withBoundCidrList(final List<String> boundCidrList) {
        this.boundCidrList = boundCidrList;
        return this;
    }
    /**
     * Set bound CIDR blocks.
     *
     * @param secretIdBoundCidrs List of CIDR blocks which can perform login
     * @return self
     * @since 0.8 replaces {@link #withBoundCidrList(List)}
     */
    public AppRoleBuilder withSecretIdBoundCidrs(final List<String> secretIdBoundCidrs) {
        this.secretIdBoundCidrs = secretIdBoundCidrs;
        return this;
    }
    /**
     * Add a CIDR block to list of bound blocks.
     *
@ -101,21 +121,28 @@ public class AppRoleBuilder {
     * @return self
     */
    public AppRoleBuilder withCidrBlock(final String cidrBlock) {
-        if (boundCidrList == null)
+        if (boundCidrList == null) {
            boundCidrList = new ArrayList<>();
        }
        boundCidrList.add(cidrBlock);
        if (secretIdBoundCidrs == null) {
            secretIdBoundCidrs = new ArrayList<>();
        }
        secretIdBoundCidrs.add(cidrBlock);
        return this;
    }
    /**
-     * Add given policies
+     * Add given policies.
     *
     * @param policies the policies
     * @return self
     */
    public AppRoleBuilder withPolicies(final List<String> policies) {
-        if (this.policies == null)
+        if (this.policies == null) {
            this.policies = new ArrayList<>();
        }
        this.policies.addAll(policies);
        return this;
    }
@ -127,8 +154,9 @@ public class AppRoleBuilder {
     * @return self
     */
    public AppRoleBuilder withPolicy(final String policy) {
-        if (this.policies == null)
+        if (this.policies == null) {
            this.policies = new ArrayList<>();
        }
        policies.add(policy);
        return this;
    }
@ -199,6 +227,7 @@ public class AppRoleBuilder {
                id,
                bindSecretId,
                boundCidrList,
                secretIdBoundCidrs,
                policies,
                secretIdNumUses,
                secretIdTtl,
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -28,7 +28,7 @@ import java.util.Map;
 * @since 0.4.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRoleSecret {
+public final class AppRoleSecret {
    @JsonProperty("secret_id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private String id;
@ -57,64 +57,112 @@ public class AppRoleSecret {
    @JsonProperty(value = "secret_id_ttl", access = JsonProperty.Access.WRITE_ONLY)
    private Integer ttl;
    /**
     * Construct empty {@link AppRoleSecret} object.
     */
    public AppRoleSecret() {
    }
-    public AppRoleSecret(String id) {
+    /**
     * Construct {@link AppRoleSecret} with secret ID.
     *
     * @param id Secret ID
     */
    public AppRoleSecret(final String id) {
        this.id = id;
    }
-    public AppRoleSecret(String id, Map<String, Object> metadata, List<String> cidrList) {
+    /**
     * Construct {@link AppRoleSecret} with ID and metadata.
     *
     * @param id       Secret ID
     * @param metadata Secret metadata
     * @param cidrList List of subnets in CIDR notation, the role is bound to
     */
    public AppRoleSecret(final String id, final Map<String, Object> metadata, final List<String> cidrList) {
        this.id = id;
        this.metadata = metadata;
        this.cidrList = cidrList;
    }
    /**
     * @return Secret ID
     */
    public String getId() {
        return id;
    }
    /**
     * @return Secret accessor
     */
    public String getAccessor() {
        return accessor;
    }
    /**
     * @return Secret metadata
     */
    public Map<String, Object> getMetadata() {
        return metadata;
    }
    /**
     * @return List of bound subnets in CIDR notation
     */
    public List<String> getCidrList() {
        return cidrList;
    }
    /**
     * @param cidrList List of subnets in CIDR notation
     */
    @JsonSetter("cidr_list")
-    public void setCidrList(List<String> cidrList) {
+    public void setCidrList(final List<String> cidrList) {
        this.cidrList = cidrList;
    }
    /**
     * @return List of bound subnets in CIDR notation as comma-separated {@link String}
     */
    @JsonGetter("cidr_list")
    public String getCidrListString() {
-        if (cidrList == null || cidrList.isEmpty())
+        if (cidrList == null || cidrList.isEmpty()) {
            return "";
        }
        return String.join(",", cidrList);
    }
    /**
     * @return Creation time
     */
    public String getCreationTime() {
        return creationTime;
    }
    /**
     * @return Expiration time
     */
    public String getExpirationTime() {
        return expirationTime;
    }
    /**
     * @return Time of last update
     */
    public String getLastUpdatedTime() {
        return lastUpdatedTime;
    }
    /**
     * @return Number of uses
     */
    public Integer getNumUses() {
        return numUses;
    }
    /**
     * @return Time-to-live
     */
    public Integer getTtl() {
        return ttl;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -19,26 +19,40 @@ package de.stklcode.jvault.connector.model;
 /**
 * Currently supported authentication backends.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
 public enum AuthBackend {
    TOKEN("token"),
    APPID("app-id"),
    APPROLE("approle"),
    USERPASS("userpass"),
    GITHUB("github"),   // Not supported yet.
    UNKNOWN("");
    private final String type;
-    AuthBackend(String type) {
+    /**
     * Construct {@link AuthBackend} of given type.
     *
     * @param type Backend type
     */
    AuthBackend(final String type) {
        this.type = type;
    }
-    public static AuthBackend forType(String type) {
+    /**
-        for (AuthBackend v : values())
+     * Retrieve {@link AuthBackend} value for given type string.
-            if (v.type.equalsIgnoreCase(type))
+     *
     * @param type Type string
     * @return Auth backend value
     */
    public static AuthBackend forType(final String type) {
        for (AuthBackend v : values()) {
            if (v.type.equalsIgnoreCase(type)) {
                return v;
            }
        }
        return UNKNOWN;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/Token.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/Token.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -30,7 +30,17 @@ import java.util.Map;
 * @since 0.4.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class Token {
+public final class Token {
    /**
     * Get {@link TokenBuilder} instance.
     *
     * @return Token Builder.
     * @since 0.8
     */
    public static TokenBuilder builder() {
        return new TokenBuilder();
    }
    @JsonProperty("id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private String id;
@ -67,7 +77,28 @@ public class Token {
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private Boolean renewable;
-    public Token(String id, String displayName, Boolean noParent, Boolean noDefaultPolicy, Integer ttl, Integer numUses, List<String> policies, Map<String, String> meta, Boolean renewable) {
+    /**
     * Construct complete {@link Token} object.
     *
     * @param id              Token ID (optional)
     * @param displayName     Token display name (optional)
     * @param noParent        Token has no parent (optional)
     * @param noDefaultPolicy Do not add default policy (optional)
     * @param ttl             Token TTL in seconds (optional)
     * @param numUses         Number of uses (optional)
     * @param policies        List of policies (optional)
     * @param meta            Metadata (optional)
     * @param renewable       Is the token renewable (optional)
     */
    public Token(final String id,
                 final String displayName,
                 final Boolean noParent,
                 final Boolean noDefaultPolicy,
                 final Integer ttl,
                 final Integer numUses,
                 final List<String> policies,
                 final Map<String, String> meta,
                 final Boolean renewable) {
        this.id = id;
        this.displayName = displayName;
        this.ttl = ttl;
@ -79,38 +110,65 @@ public class Token {
        this.renewable = renewable;
    }
    /**
     * @return Token ID
     */
    public String getId() {
        return id;
    }
    /**
     * @return Token display name
     */
    public String getDisplayName() {
        return displayName;
    }
    /**
     * @return Token has no parent
     */
    public Boolean getNoParent() {
        return noParent;
    }
    /**
     * @return Token has no default policy
     */
    public Boolean getNoDefaultPolicy() {
        return noDefaultPolicy;
    }
    /**
     * @return Time-to-live in seconds
     */
    public Integer getTtl() {
        return ttl;
    }
    /**
     * @return Number of uses
     */
    public Integer getNumUses() {
        return numUses;
    }
    /**
     * @return List of policies
     */
    public List<String> getPolicies() {
        return policies;
    }
    /**
     * @return Metadata
     */
    public Map<String, String> getMeta() {
        return meta;
    }
    /**
     * @return Token is renewable
     */
    public Boolean isRenewable() {
        return renewable;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/TokenBuilder.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/TokenBuilder.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,20 +16,15 @@
 package de.stklcode.jvault.connector.model;
-import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.*;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 /**
 * A builder for vault tokens.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
 * @since 0.4.0
 */
-public class TokenBuilder {
+public final class TokenBuilder {
    private String id;
    private String displayName;
    private Boolean noParent;
@ -41,7 +36,7 @@ public class TokenBuilder {
    private Boolean renewable;
    /**
-     * Add token ID (optional)
+     * Add token ID. (optional)
     *
     * @param id the ID
     * @return self
@ -52,7 +47,7 @@ public class TokenBuilder {
    }
    /**
-     * Add display name
+     * Add display name.
     *
     * @param displayName the display name
     * @return self
@ -64,6 +59,7 @@ public class TokenBuilder {
    /**
     * Set desired time to live.
     *
     * @param ttl the ttl
     * @return self
     */
@ -74,6 +70,7 @@ public class TokenBuilder {
    /**
     * Set desired number of uses.
     *
     * @param numUses the number of uses
     * @return self
     */
@ -83,7 +80,7 @@ public class TokenBuilder {
    }
    /**
-     * Set TRUE if the token should be created without parent
+     * Set TRUE if the token should be created without parent.
     *
     * @param noParent if TRUE, token is created as orphan
     * @return self
@ -145,14 +142,26 @@ public class TokenBuilder {
    }
    /**
-     * Add given policies
+     * Add given policies.
     *
     * @param policies the policies
     * @return self
     * @since 0.5.0
     */
    public TokenBuilder withPolicies(final String... policies) {
        return withPolicies(Arrays.asList(policies));
    }
    /**
     * Add given policies.
     *
     * @param policies the policies
     * @return self
     */
    public TokenBuilder withPolicies(final List<String> policies) {
-        if (this.policies == null)
+        if (this.policies == null) {
            this.policies = new ArrayList<>();
        }
        this.policies.addAll(policies);
        return this;
    }
@ -164,8 +173,9 @@ public class TokenBuilder {
     * @return self
     */
    public TokenBuilder withPolicy(final String policy) {
-        if (this.policies == null)
+        if (this.policies == null) {
            this.policies = new ArrayList<>();
        }
        policies.add(policy);
        return this;
    }
@ -177,8 +187,9 @@ public class TokenBuilder {
     * @return self
     */
    public TokenBuilder withMeta(final Map<String, String> meta) {
-        if (this.meta == null)
+        if (this.meta == null) {
            this.meta = new HashMap<>();
        }
        this.meta.putAll(meta);
        return this;
    }
@ -191,8 +202,9 @@ public class TokenBuilder {
     * @return self
     */
    public TokenBuilder withMeta(final String key, final String value) {
-        if (this.meta == null)
+        if (this.meta == null) {
            this.meta = new HashMap<>();
        }
        this.meta.put(key, value);
        return this;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/package-info.java
@ -0,0 +1,20 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Model classes for communication with the Vault API.
 */
 package de.stklcode.jvault.connector.model;
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -24,33 +24,38 @@ import de.stklcode.jvault.connector.model.AppRole;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
 /**
 * Vault response for AppRole lookup.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.4.0
+ * @since 0.4.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRoleResponse extends VaultDataResponse {
+public final class AppRoleResponse extends VaultDataResponse {
    private AppRole role;
    @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
        ObjectMapper mapper = new ObjectMapper();
        try {
            /* null empty strings on list objects */
            Map<String, Object> filteredData = new HashMap<>();
-            data.forEach((k,v) -> { if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k,v); });
+            data.forEach((k, v) -> {
                if (!(v instanceof String && ((String) v).isEmpty())) {
                    filteredData.put(k, v);
                }
            });
            this.role = mapper.readValue(mapper.writeValueAsString(filteredData), AppRole.class);
        } catch (IOException e) {
-            e.printStackTrace();
+            throw new InvalidResponseException("Failed deserializing response", e);
            throw new InvalidResponseException();
        }
    }
    /**
     * @return The role
     */
    public AppRole getRole() {
        return role;
    }
-}
+}
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -19,7 +19,6 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AppRole;
 import de.stklcode.jvault.connector.model.AppRoleSecret;
 import java.io.IOException;
@ -29,28 +28,34 @@ import java.util.Map;
 /**
 * Vault response for AppRole lookup.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.4.0
+ * @since 0.4.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class AppRoleSecretResponse extends VaultDataResponse {
+public final class AppRoleSecretResponse extends VaultDataResponse {
    private AppRoleSecret secret;
    @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
        ObjectMapper mapper = new ObjectMapper();
        try {
            /* null empty strings on list objects */
            Map<String, Object> filteredData = new HashMap<>();
-            data.forEach((k,v) -> { if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k,v); });
+            data.forEach((k, v) -> {
                if (!(v instanceof String && ((String) v).isEmpty())) {
                    filteredData.put(k, v);
                }
            });
            this.secret = mapper.readValue(mapper.writeValueAsString(filteredData), AppRoleSecret.class);
        } catch (IOException e) {
-            e.printStackTrace();
+            throw new InvalidResponseException("Failed deserializing response", e);
            throw new InvalidResponseException();
        }
    }
    /**
     * @return The secret
     */
    public AppRoleSecret getSecret() {
        return secret;
    }
-}
+}
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -32,25 +32,32 @@ import java.util.Map;
 * @since   0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class AuthMethodsResponse extends VaultDataResponse {
+public final class AuthMethodsResponse extends VaultDataResponse {
    private Map<String, AuthMethod> supportedMethods;
    /**
     * Construct empty {@link AuthMethodsResponse} object.
     */
    public AuthMethodsResponse() {
        this.supportedMethods = new HashMap<>();
    }
    @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
        ObjectMapper mapper = new ObjectMapper();
-        for (String path : data.keySet()) {
+        for (Map.Entry<String, Object> entry : data.entrySet()) {
            try {
-                this.supportedMethods.put(path, mapper.readValue(mapper.writeValueAsString(data.get(path)), AuthMethod.class));
+                this.supportedMethods.put(entry.getKey(),
                        mapper.readValue(mapper.writeValueAsString(entry.getValue()), AuthMethod.class));
            } catch (IOException e) {
                throw new InvalidResponseException();
            }
        }
    }
    /**
     * @return Supported authentication methods
     */
    public Map<String, AuthMethod> getSupportedMethods() {
        return supportedMethods;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -28,35 +28,46 @@ import java.util.Map;
 /**
 * Vault response for authentication providing auth info in {@link AuthData} field.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class AuthResponse extends VaultDataResponse {
+public final class AuthResponse extends VaultDataResponse {
    private Map<String, Object> data;
    private AuthData auth;
    /**
     * Set authentication data. The input will be mapped to the {@link AuthData} model.
     *
     * @param auth Raw authentication data
     * @throws InvalidResponseException on mapping errors
     */
    @JsonProperty("auth")
-    public void setAuth(Map<String, Object> auth) throws InvalidResponseException {
+    public void setAuth(final Map<String, Object> auth) throws InvalidResponseException {
        ObjectMapper mapper = new ObjectMapper();
        try {
            this.auth = mapper.readValue(mapper.writeValueAsString(auth), AuthData.class);
        } catch (IOException e) {
-            e.printStackTrace();
+            throw new InvalidResponseException("Failed deserializing response", e);
            throw new InvalidResponseException();
        }
    }
    @Override
-    public void setData(Map<String, Object> data) {
+    public void setData(final Map<String, Object> data) {
        this.data = data;
    }
    /**
     * @return Raw data
     */
    public Map<String, Object> getData() {
        return data;
    }
    /**
     * @return Authentication data
     */
    public AuthData getAuth() {
        return auth;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
@ -0,0 +1,51 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 /**
 * Vault response from credentials lookup. Simple wrapper for data objects containing username and password fields.
 *
 * @author  Stefan Kalscheuer
 * @since   0.5.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class CredentialsResponse extends SecretResponse {
    /**
     * @return Username
     */
    public String getUsername() {
        Object username = get("username");
        if (username != null) {
            return username.toString();
        }
        return null;
    }
    /**
     * @return Password
     */
    public String getPassword() {
        Object password = get("password");
        if (password != null) {
            return password.toString();
        }
        return null;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -28,11 +28,23 @@ import java.util.List;
 * @since   0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class ErrorResponse implements VaultResponse {
+public final class ErrorResponse implements VaultResponse {
    @JsonProperty("errors")
    private List<String> errors;
-    public List<String > getErrors() {
+    /**
     * @return List of errors
     */
    public List<String> getErrors() {
        return errors;
    }
-}
+
    @Override
    public String toString() {
        if (errors == null || errors.isEmpty()) {
            return "error response";
        } else {
            return errors.get(0);
        }
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
@ -0,0 +1,132 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 /**
 * Vault response for health query.
 *
 * @author  Stefan Kalscheuer
 * @since   0.7.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class HealthResponse implements VaultResponse {
    @JsonProperty("cluster_id")
    private String clusterID;
    @JsonProperty("cluster_name")
    private String clusterName;
    @JsonProperty("version")
    private String version;
    @JsonProperty("server_time_utc")
    private Long serverTimeUTC;
    @JsonProperty("standby")
    private Boolean standby;
    @JsonProperty("sealed")
    private Boolean sealed;
    @JsonProperty("initialized")
    private Boolean initialized;
    @JsonProperty("replication_perf_mode")
    private String replicationPerfMode;
    @JsonProperty("replication_dr_mode")
    private String replicationDrMode;
    @JsonProperty("performance_standby")
    private Boolean performanceStandby;
    /**
     * @return The Cluster ID.
     */
    public String getClusterID() {
        return clusterID;
    }
    /**
     * @return The Cluster name.
     */
    public String getClusterName() {
        return clusterName;
    }
    /**
     * @return Vault version.
     */
    public String getVersion() {
        return version;
    }
    /**
     * @return Server time UTC (timestamp).
     */
    public Long getServerTimeUTC() {
        return serverTimeUTC;
    }
    /**
     * @return Server standby status.
     */
    public Boolean isStandby() {
        return standby;
    }
    /**
     * @return Server seal status.
     */
    public Boolean isSealed() {
        return sealed;
    }
    /**
     * @return Server initialization status.
     */
    public Boolean isInitialized() {
        return initialized;
    }
    /**
     * @return Replication performance mode of the active node (since Vault 0.9.2).
     * @since 0.8 (#21)
     */
    public String getReplicationPerfMode() {
        return replicationPerfMode;
    }
    /**
     * @return Replication DR mode of the active node (since Vault 0.9.2).
     * @since 0.8 (#21)
     */
    public String getReplicationDrMode() {
        return replicationDrMode;
    }
    /**
     * @return Performance standby status.
     * @since 0.8 (#21)
     */
    public Boolean isPerformanceStandby() {
        return performanceStandby;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,11 +26,14 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 * @since   0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class HelpResponse implements VaultResponse {
+public final class HelpResponse implements VaultResponse {
    @JsonProperty("help")
    private String help;
    /**
     * @return Help text
     */
    public String getHelp() {
        return help;
    }
-}
+}
--- a/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
@ -0,0 +1,56 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.SecretMetadata;
 import java.io.IOException;
 import java.util.Map;
 /**
 * Vault response for secret metadata (KV v2).
 *
 * @author Stefan Kalscheuer
 * @since 0.8
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public class MetadataResponse extends VaultDataResponse {
    private SecretMetadata metadata;
    @Override
    public final void setData(final Map<String, Object> data) throws InvalidResponseException {
        ObjectMapper mapper = new ObjectMapper();
        try {
            this.metadata = mapper.readValue(mapper.writeValueAsString(data), SecretMetadata.class);
        } catch (IOException e) {
            throw new InvalidResponseException("Failed deserializing response", e);
        }
    }
    /**
     * Get the actual metadata.
     *
     * @return Metadata.
     */
    public SecretMetadata getMetadata() {
        return metadata;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -27,14 +27,17 @@ import java.util.Map;
 * @since   0.4.0
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class RawDataResponse extends VaultDataResponse {
+public final class RawDataResponse extends VaultDataResponse {
    private Map<String, Object> data;
    @Override
-    public void setData(Map<String, Object> data) {
+    public void setData(final Map<String, Object> data) {
        this.data = data;
    }
    /**
     * @return Raw data {@link Map}
     */
    public Map<String, Object> getData() {
        return data;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -22,14 +22,20 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 /**
 * Vault response for seal status or unseal request.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class SealResponse implements VaultResponse {
+public final class SealResponse implements VaultResponse {
    @JsonProperty("type")
    private String type;
    @JsonProperty("sealed")
    private boolean sealed;
    @JsonProperty("initialized")
    private boolean initialized;
    @JsonProperty("t")
    private Integer threshold;
@ -39,19 +45,91 @@ public class SealResponse implements VaultResponse {
    @JsonProperty("progress")
    private Integer progress;
    @JsonProperty("version")
    private String version;
    @JsonProperty("nonce")
    private String nonce;
    @JsonProperty("cluster_name")
    private String clusterName;
    @JsonProperty("cluster_id")
    private String clusterId;
    /**
     * @return Seal type.
     * @since 0.8
     */
    public String getType() {
        return type;
    }
    /**
     * @return Seal status
     */
    public boolean isSealed() {
        return sealed;
    }
    /**
     * @return Vault initialization status (since Vault 0.11.2).
     * @since 0.8
     */
    public boolean isInitialized() {
        return initialized;
    }
    /**
     * @return Required threshold of secret shares
     */
    public Integer getThreshold() {
        return threshold;
    }
    /**
     * @return Number of secret shares
     */
    public Integer getNumberOfShares() {
        return numberOfShares;
    }
    /**
     * @return Current unseal progress (remaining required shares)
     */
    public Integer getProgress() {
        return progress;
    }
    /**
     * @return Vault version.
     * @since 0.8
     */
    public String getVersion() {
        return version;
    }
    /**
     * @return A random nonce.
     * @since 0.8
     */
    public String getNonce() {
        return nonce;
    }
    /**
     * @return Vault cluster name (only if unsealed).
     * @since 0.8
     */
    public String getClusterName() {
        return clusterName;
    }
    /**
     * @return Vault cluster ID (only if unsealed).
     * @since 0.8
     */
    public String getClusterId() {
        return clusterId;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,23 +26,31 @@ import java.util.Map;
 /**
 * Vault response for secret list request.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class SecretListResponse extends VaultDataResponse {
+public final class SecretListResponse extends VaultDataResponse {
    private List<String> keys;
    /**
     * Set data. Extracts list of keys from raw response data.
     *
     * @param data Raw data
     * @throws InvalidResponseException on parsing errors
     */
    @JsonProperty("data")
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
        try {
-            this.keys = (List<String>)data.get("keys");
+            this.keys = (List<String>) data.get("keys");
-        }
+        } catch (ClassCastException e) {
        catch (ClassCastException e) {
            throw new InvalidResponseException("Keys could not be parsed from data.", e);
        }
    }
    /**
     * @return List of secret keys
     */
    public List<String> getKeys() {
        return keys;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -19,8 +19,10 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 /**
@ -31,11 +33,29 @@ import java.util.Map;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public class SecretResponse extends VaultDataResponse {
    private static final String KEY_DATA = "data";
    private static final String KEY_METADATA = "metadata";
    private Map<String, Object> data;
    private VersionMetadata metadata;
    @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public final void setData(final Map<String, Object> data) throws InvalidResponseException {
-        this.data = data;
+        if (data.size() == 2
                && data.containsKey(KEY_DATA) && data.get(KEY_DATA) instanceof Map
                && data.containsKey(KEY_METADATA) && data.get(KEY_METADATA) instanceof Map) {
            ObjectMapper mapper = new ObjectMapper();
            try {
                // This is apparently a KV v2 value.
                this.data = (Map<String, Object>) data.get(KEY_DATA);
                this.metadata = mapper.readValue(mapper.writeValueAsString(data.get(KEY_METADATA)), VersionMetadata.class);
            } catch (ClassCastException | IOException e) {
                throw new InvalidResponseException("Failed deserializing response", e);
            }
        } else {
            // For KV v1 without metadata just store the data map.
            this.data = data;
        }
    }
    /**
@ -44,19 +64,35 @@ public class SecretResponse extends VaultDataResponse {
     * @return data map
     * @since 0.4.0
     */
-    public Map<String, Object> getData() {
+    public final Map<String, Object> getData() {
        if (data == null) {
            return new HashMap<>();
        }
        return data;
    }
    /**
     * Get secret metadata. This is only available for KV v2 secrets.
     *
     * @return Metadata of the secret.
     * @since 0.8
     */
    public final VersionMetadata getMetadata() {
        return metadata;
    }
    /**
     * Get a single value for given key.
     *
     * @param key the key
-     * @return the value or NULL if absent
+     * @return the value or {@code null} if absent
     * @since 0.4.0
     */
-    public Object get(String key) {
+    public final Object get(final String key) {
-        return data.get(key);
+        if (data == null) {
            return null;
        }
        return getData().get(key);
    }
    /**
@ -64,41 +100,51 @@ public class SecretResponse extends VaultDataResponse {
     * Method for backwards compatibility in case of simple secrets.
     *
     * @return the value
     * @deprecated Deprecated artifact, will be removed at latest at v1.0.0
     */
-    public String getValue() {
+    @Deprecated
-        if (data.get("value") == null)
+    public final String getValue() {
        Object value = get("value");
        if (value == null) {
            return null;
-        return data.get("value").toString();
+        }
        return value.toString();
    }
    /**
-     * Get response parsed as JSON
+     * Get response parsed as JSON.
     *
     * @param type Class to parse response
     * @param <T>  Class to parse response
     * @return Parsed object
     * @throws InvalidResponseException on parsing error
     * @since 0.3
     * @deprecated Deprecated artifact, will be removed at latest at v1.0.0
     */
-    public <T> T getValue(Class<T> type) throws InvalidResponseException {
+    @Deprecated
    public final <T> T getValue(final Class<T> type) throws InvalidResponseException {
        return get("value", type);
    }
    /**
-     * Get response parsed as JSON
+     * Get response parsed as JSON.
     *
-     * @param key the key
+     * @param key  the key
     * @param type Class to parse response
     * @param <T>  Class to parse response
-     * @return Parsed object
+     * @return Parsed object or {@code null} if absent
     * @throws InvalidResponseException on parsing error
     * @since 0.4.0
     */
-    public <T> T get(String key, Class<T> type) throws InvalidResponseException {
+    public final <T> T get(final String key, final Class<T> type) throws InvalidResponseException {
        try {
-            return new ObjectMapper().readValue(get(key).toString(), type);
+            Object rawValue = get(key);
            if (rawValue == null) {
                return null;
            }
            return new ObjectMapper().readValue(rawValue.toString(), type);
        } catch (IOException e) {
            throw new InvalidResponseException("Unable to parse response payload: " + e.getMessage());
        }
    }
-}
+}
--- a/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
@ -0,0 +1,56 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 import java.io.IOException;
 import java.util.Map;
 /**
 * Vault response for a single secret version metatada, i.e. after update (KV v2).
 *
 * @author Stefan Kalscheuer
 * @since 0.8
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public class SecretVersionResponse extends VaultDataResponse {
    private VersionMetadata metadata;
    @Override
    public final void setData(final Map<String, Object> data) throws InvalidResponseException {
        ObjectMapper mapper = new ObjectMapper();
        try {
            this.metadata = mapper.readValue(mapper.writeValueAsString(data), VersionMetadata.class);
        } catch (IOException e) {
            throw new InvalidResponseException("Failed deserializing response", e);
        }
    }
    /**
     * Get the actual metadata.
     *
     * @return Metadata.
     */
    public VersionMetadata getMetadata() {
        return metadata;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -28,27 +28,35 @@ import java.util.Map;
 /**
 * Vault response from token lookup providing Token information in {@link TokenData} field.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class TokenResponse extends VaultDataResponse {
+public final class TokenResponse extends VaultDataResponse {
    private TokenData data;
    @JsonProperty("auth")
    private Boolean auth;
    /**
     * Set data. Parses response data map to {@link TokenData}.
     *
     * @param data Raw response data
     * @throws InvalidResponseException on parsing errors
     */
    @Override
-    public void setData(Map<String, Object> data) throws InvalidResponseException {
+    public void setData(final Map<String, Object> data) throws InvalidResponseException {
        ObjectMapper mapper = new ObjectMapper();
        try {
            this.data = mapper.readValue(mapper.writeValueAsString(data), TokenData.class);
        } catch (IOException e) {
-            e.printStackTrace();
+            throw new InvalidResponseException("Failed deserializing response", e);
            throw new InvalidResponseException();
        }
    }
    /**
     * @return Token data
     */
    public TokenData getData() {
        return data;
    }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -25,8 +25,8 @@ import java.util.Map;
 /**
 * Abstract Vault response with default payload fields.
 *
- * @author  Stefan Kalscheuer
+ * @author Stefan Kalscheuer
- * @since   0.1
+ * @since 0.1
 */
 public abstract class VaultDataResponse implements VaultResponse {
    @JsonProperty("lease_id")
@ -41,22 +41,40 @@ public abstract class VaultDataResponse implements VaultResponse {
    @JsonProperty("warnings")
    private List<String> warnings;
    /**
     * Set data. To be implemented in the specific subclasses, as data can be of arbitrary structure.
     *
     * @param data Raw response data
     * @throws InvalidResponseException on parsing errors
     */
    @JsonProperty("data")
-    public abstract void setData(Map<String, Object> data) throws InvalidResponseException;
+    public abstract void setData(final Map<String, Object> data) throws InvalidResponseException;
-    public String getLeaseId() {
+    /**
     * @return Lease ID
     */
    public final String getLeaseId() {
        return leaseId;
    }
-    public boolean isRenewable() {
+    /**
     * @return Lease is renewable
     */
    public final boolean isRenewable() {
        return renewable;
    }
-    public Integer getLeaseDuration() {
+    /**
     * @return Lease duration
     */
    public final Integer getLeaseDuration() {
        return leaseDuration;
    }
-    public List<String> getWarnings() {
+    /**
     * @return List of warnings
     */
    public final List<String> getWarnings() {
        return warnings;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -29,7 +29,7 @@ import java.util.Map;
 * @since   0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class AuthData {
+public final class AuthData {
    @JsonProperty("client_token")
    private String clientToken;
@ -48,27 +48,45 @@ public class AuthData {
    @JsonProperty("renewable")
    private boolean renewable;
    /**
     * @return Client token
     */
    public String getClientToken() {
        return clientToken;
    }
    /**
     * @return Token accessor
     */
    public String getAccessor() {
        return accessor;
    }
    /**
     * @return List of policies
     */
    public List<String> getPolicies() {
        return policies;
    }
    /**
     * @return Metadata
     */
    public Map<String, Object> getMetadata() {
        return metadata;
    }
    /**
     * @return Lease duration
     */
    public Integer getLeaseDuration() {
        return leaseDuration;
    }
    /**
     * @return Lease is renewable
     */
    public boolean isRenewable() {
        return renewable;
    }
-}
+}
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
 package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonSetter;
 import de.stklcode.jvault.connector.model.AuthBackend;
@ -28,7 +29,8 @@ import java.util.Map;
 * @author  Stefan Kalscheuer
 * @since   0.1
 */
-public class AuthMethod {
+@JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthMethod {
    private AuthBackend type;
    private String rawType;
@ -38,25 +40,50 @@ public class AuthMethod {
    @JsonProperty("config")
    private Map<String, String> config;
    @JsonProperty("local")
    private boolean local;
    /**
     * @param type Backend type, passed to {@link AuthBackend#forType(String)}
     */
    @JsonSetter("type")
-    public void setType(String type) {
+    public void setType(final String type) {
        this.rawType = type;
        this.type = AuthBackend.forType(type);
    }
    /**
     * @return Backend type
     */
    public AuthBackend getType() {
        return type;
    }
    /**
     * @return Raw backend type string
     */
    public String getRawType() {
        return rawType;
    }
    /**
     * @return Description
     */
    public String getDescription() {
        return description;
    }
    /**
     * @return Configuration data
     */
    public Map<String, String> getConfig() {
        return config;
    }
    /**
     * @return Is local backend
     */
    public boolean isLocal() {
        return local;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
@ -0,0 +1,127 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.time.format.DateTimeParseException;
 import java.util.Map;
 /**
 * Embedded metadata for Key-Value v2 secrets.
 *
 * @author  Stefan Kalscheuer
 * @since   0.8
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class SecretMetadata {
    private static final DateTimeFormatter TIME_FORMAT = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSX");
    @JsonProperty("created_time")
    private String createdTimeString;
    @JsonProperty("current_version")
    private Integer currentVersion;
    @JsonProperty("max_versions")
    private Integer maxVersions;
    @JsonProperty("oldest_version")
    private Integer oldestVersion;
    @JsonProperty("updated_time")
    private String updatedTime;
    @JsonProperty("versions")
    private Map<Integer, VersionMetadata> versions;
    /**
     * @return Time of secret creation as raw string representation.
     */
    public String getCreatedTimeString() {
        return createdTimeString;
    }
    /**
     * @return Time of secret creation.
     */
    public ZonedDateTime getCreatedTime() {
        if (createdTimeString != null && !createdTimeString.isEmpty()) {
            try {
                return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
            } catch (DateTimeParseException e) {
                // Ignore.
            }
        }
        return null;
    }
    /**
     * @return Current version number.
     */
    public Integer getCurrentVersion() {
        return currentVersion;
    }
    /**
     * @return Maximum number of versions.
     */
    public Integer getMaxVersions() {
        return maxVersions;
    }
    /**
     * @return Oldest available version number.
     */
    public Integer getOldestVersion() {
        return oldestVersion;
    }
    /**
     * @return Time of secret update as raw string representation.
     */
    public String getUpdatedTimeString() {
        return updatedTime;
    }
    /**
     * @return Time of secret update..
     */
    public ZonedDateTime getUpdatedTime() {
        if (updatedTime != null && !updatedTime.isEmpty()) {
            try {
                return ZonedDateTime.parse(updatedTime, TIME_FORMAT);
            } catch (DateTimeParseException e) {
                // Ignore.
            }
        }
        return null;
    }
    /**
     * @return Version of the entry.
     */
    public Map<Integer, VersionMetadata> getVersions() {
        return versions;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 * @since   0.1
 */
@JsonIgnoreProperties(ignoreUnknown = true)
-public class TokenData {
+public final class TokenData {
    @JsonProperty("accessor")
    private String accessor;
@ -34,7 +34,7 @@ public class TokenData {
    private Integer creationTime;
    @JsonProperty("creation_ttl")
-    private Integer creatinTtl;
+    private Integer creationTtl;
    @JsonProperty("display_name")
    private String name;
@ -60,47 +60,80 @@ public class TokenData {
    @JsonProperty("ttl")
    private Integer ttl;
    /**
     * @return Token accessor
     */
    public String getAccessor() {
        return accessor;
    }
    /**
     * @return Creation time
     */
    public Integer getCreationTime() {
        return creationTime;
    }
-    public Integer getCreatinTtl() {
+    /**
-        return creatinTtl;
+     * @return Creation TTL (in seconds)
     */
    public Integer getCreationTtl() {
        return creationTtl;
    }
    /**
     * @return Token name
     */
    public String getName() {
        return name;
    }
    /**
     * @return Token ID
     */
    public String getId() {
        return id;
    }
    /**
     * @return Number of uses
     */
    public Integer getNumUses() {
        return numUses;
    }
    /**
     * @return Token is orphan
     */
    public boolean isOrphan() {
        return orphan;
    }
    /**
     * @return Token path
     */
    public String getPath() {
        return path;
    }
    /**
     * @return Token role
     */
    public String getRole() {
        return role;
    }
    /**
     * @return Token TTL (in seconds)
     */
    public Integer getTtl() {
        return ttl;
    }
    /**
     * @return Metadata
     */
    public String getMeta() {
        return meta;
    }
-}
+}
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
@ -0,0 +1,106 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.time.format.DateTimeParseException;
 /**
 * Embedded metadata for a single Key-Value v2 version.
 *
 * @author  Stefan Kalscheuer
 * @since   0.8
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class VersionMetadata {
    private static final DateTimeFormatter TIME_FORMAT = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSX");
    @JsonProperty("created_time")
    private String createdTimeString;
    @JsonProperty("deletion_time")
    private String deletionTimeString;
    @JsonProperty("destroyed")
    private boolean destroyed;
    @JsonProperty("version")
    private Integer version;
    /**
     * @return Time of secret creation as raw string representation.
     */
    public String getCreatedTimeString() {
        return createdTimeString;
    }
    /**
     * @return Time of secret creation.
     */
    public ZonedDateTime getCreatedTime() {
        if (createdTimeString != null && !createdTimeString.isEmpty()) {
            try {
                return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
            } catch (DateTimeParseException e) {
                // Ignore.
            }
        }
        return null;
    }
    /**
     * @return Time for secret deletion as raw string representation.
     */
    public String getDeletionTimeString() {
        return deletionTimeString;
    }
    /**
     * @return Time for secret deletion.
     */
    public ZonedDateTime getDeletionTime() {
        if (deletionTimeString != null && !deletionTimeString.isEmpty()) {
            try {
                return ZonedDateTime.parse(deletionTimeString, TIME_FORMAT);
            } catch (DateTimeParseException e) {
                // Ignore.
            }
        }
        return null;
    }
    /**
     * @return Whether the secret is destroyed.
     */
    public boolean isDestroyed() {
        return destroyed;
    }
    /**
     * @return Version of the entry.
     */
    public Integer getVersion() {
        return version;
    }
 }
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
@ -0,0 +1,20 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Embedded data classes for responses from the Vault API.
 */
 package de.stklcode.jvault.connector.model.response.embedded;
--- a/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
@ -0,0 +1,20 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Model classes for responses from the Vault API.
 */
 package de.stklcode.jvault.connector.model.response;
--- a/src/main/java/de/stklcode/jvault/connector/package-info.java
+++ b/src/main/java/de/stklcode/jvault/connector/package-info.java
@ -0,0 +1,21 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Java Vault Connector base package - contains {@link de.stklcode.jvault.connector.VaultConnector} interface and
 * default implementation.
 */
 package de.stklcode.jvault.connector;
--- a/src/main/javadoc/overview.html
+++ b/src/main/javadoc/overview.html
@ -0,0 +1,13 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <title>API Overview</title>
 </head>
 <body>
 <p>Java Vault Connector is a connector library for Vault by Hashicorp written in Java.</p>
 <p>The connector allows simple usage of Vault's secret store in own applications.</p>
 <p>It features a default implementation for the HTTP(S) interface and supports various authorization methods including
    AppRole, token and secret handling.</p>
 </body>
 </html>
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorOfflineTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorOfflineTest.java
@ -0,0 +1,504 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector;
 import de.stklcode.jvault.connector.exception.InvalidRequestException;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.exception.PermissionDeniedException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import net.bytebuddy.ByteBuddy;
 import net.bytebuddy.agent.ByteBuddyAgent;
 import net.bytebuddy.dynamic.loading.ClassReloadingStrategy;
 import org.apache.http.ProtocolVersion;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.message.BasicStatusLine;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Field;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 import static net.bytebuddy.implementation.MethodDelegation.to;
 import static net.bytebuddy.matcher.ElementMatchers.named;
 import static org.hamcrest.CoreMatchers.instanceOf;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.core.Is.is;
 import static org.junit.jupiter.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.*;
 /**
 * JUnit test for HTTP Vault connector.
 * This test suite contains tests that do not require connection to an actual Vault instance.
 *
 * @author Stefan Kalscheuer
 * @since 0.7.0
 */
 public class HTTPVaultConnectorOfflineTest {
    private static final String INVALID_URL = "foo:/\\1nv4l1d_UrL";
    private static CloseableHttpClient httpMock = mock(CloseableHttpClient.class);
    private CloseableHttpResponse responseMock = mock(CloseableHttpResponse.class);
    @BeforeAll
    public static void initByteBuddy() {
        // Install ByteBuddy Agent.
        ByteBuddyAgent.install();
    }
    /**
     * Helper method for redefinition of {@link HttpClientBuilder#create()} from {@link #initHttpMock()}.
     *
     * @return Mocked HTTP client builder.
     */
    public static HttpClientBuilder create() {
        return new MockedHttpClientBuilder();
    }
    @BeforeEach
    public void initHttpMock() {
        // Redefine static method to return Mock on HttpClientBuilder creation.
        new ByteBuddy().redefine(HttpClientBuilder.class)
                .method(named("create"))
                .intercept(to(HTTPVaultConnectorOfflineTest.class))
                .make()
                .load(HttpClientBuilder.class.getClassLoader(), ClassReloadingStrategy.fromInstalledAgent());
        // Re-initialize HTTP mock to ensure fresh (empty) results.
        httpMock = mock(CloseableHttpClient.class);
    }
    /**
     * Test exceptions thrown during request.
     */
    @Test
    public void requestExceptionTest() throws IOException {
        HTTPVaultConnector connector = new HTTPVaultConnector("http://127.0.0.1", null, 0, 250);
        // Test invalid response code.
        final int responseCode = 400;
        mockResponse(responseCode, "", ContentType.APPLICATION_JSON);
        try {
            connector.getHealth();
            fail("Querying health status succeeded on invalid instance");
        } catch (Exception e) {
            assertThat("Unexpected type of exception", e, instanceOf(InvalidResponseException.class));
            assertThat("Unexpected exception message", e.getMessage(), is("Invalid response code"));
            assertThat("Unexpected status code in exception", ((InvalidResponseException) e).getStatusCode(), is(responseCode));
            assertThat("Response message where none was expected", ((InvalidResponseException) e).getResponse(), is(nullValue()));
        }
        // Simulate permission denied response.
        mockResponse(responseCode, "{\"errors\":[\"permission denied\"]}", ContentType.APPLICATION_JSON);
        try {
            connector.getHealth();
            fail("Querying health status succeeded on invalid instance");
        } catch (Exception e) {
            assertThat("Unexpected type of exception", e, instanceOf(PermissionDeniedException.class));
        }
        // Test exception thrown during request.
        when(httpMock.execute(any())).thenThrow(new IOException("Test Exception"));
        try {
            connector.getHealth();
            fail("Querying health status succeeded on invalid instance");
        } catch (Exception e) {
            assertThat("Unexpected type of exception", e, instanceOf(InvalidResponseException.class));
            assertThat("Unexpected exception message", e.getMessage(), is("Unable to read response"));
            assertThat("Unexpected cause", e.getCause(), instanceOf(IOException.class));
        }
        // Now simulate a failing request that succeeds on second try.
        connector = new HTTPVaultConnector("https://127.0.0.1", null, 1, 250);
        doReturn(responseMock).doReturn(responseMock).when(httpMock).execute(any());
        doReturn(new BasicStatusLine(new ProtocolVersion("HTTP", 1, 1), 500, ""))
                .doReturn(new BasicStatusLine(new ProtocolVersion("HTTP", 1, 1), 500, ""))
                .doReturn(new BasicStatusLine(new ProtocolVersion("HTTP", 1, 1), 500, ""))
                .doReturn(new BasicStatusLine(new ProtocolVersion("HTTP", 1, 1), 200, ""))
                .when(responseMock).getStatusLine();
        when(responseMock.getEntity()).thenReturn(new StringEntity("{}", ContentType.APPLICATION_JSON));
        try {
            connector.getHealth();
        } catch (Exception e) {
            fail("Request failed unexpectedly: " + e.getMessage());
        }
    }
    /**
     * Test constductors of the {@link HTTPVaultConnector} class.
     */
    @Test
    public void constructorTest() throws IOException, CertificateException {
        final String url = "https://vault.example.net/test/";
        final String hostname = "vault.example.com";
        final Integer port = 1337;
        final String prefix = "/custom/prefix/";
        final int retries = 42;
        final String expectedNoTls = "http://" + hostname + "/v1/";
        final String expectedCustomPort = "https://" + hostname + ":" + port + "/v1/";
        final String expectedCustomPrefix = "https://" + hostname + ":" + port + prefix;
        X509Certificate trustedCaCert;
        try (InputStream is = getClass().getResourceAsStream("/tls/ca.pem")) {
            trustedCaCert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
        }
        // Most basic constructor expects complete URL.
        HTTPVaultConnector connector = new HTTPVaultConnector(url);
        assertThat("Unexpected base URL", getRequestHelperPrivate(connector, "baseURL"), is(url));
        // Now override TLS usage.
        connector = new HTTPVaultConnector(hostname, false);
        assertThat("Unexpected base URL with TLS disabled", getRequestHelperPrivate(connector, "baseURL"), is(expectedNoTls));
        // Specify custom port.
        connector = new HTTPVaultConnector(hostname, true, port);
        assertThat("Unexpected base URL with custom port", getRequestHelperPrivate(connector, "baseURL"), is(expectedCustomPort));
        // Specify custom prefix.
        connector = new HTTPVaultConnector(hostname, true, port, prefix);
        assertThat("Unexpected base URL with custom prefix", getRequestHelperPrivate(connector, "baseURL"), is(expectedCustomPrefix));
        assertThat("Trusted CA cert set, but not specified", getRequestHelperPrivate(connector, "trustedCaCert"), is(nullValue()));
        // Provide custom SSL context.
        connector = new HTTPVaultConnector(hostname, true, port, prefix, trustedCaCert);
        assertThat("Unexpected base URL with custom prefix", getRequestHelperPrivate(connector, "baseURL"), is(expectedCustomPrefix));
        assertThat("Trusted CA cert not filled correctly", getRequestHelperPrivate(connector, "trustedCaCert"), is(trustedCaCert));
        // Specify number of retries.
        connector = new HTTPVaultConnector(url, trustedCaCert, retries);
        assertThat("Number of retries not set correctly", getRequestHelperPrivate(connector, "retries"), is(retries));
        // Test TLS version (#22).
        assertThat("TLS version should be 1.2 if not specified", getRequestHelperPrivate(connector, "tlsVersion"), is("TLSv1.2"));
        // Now override.
        connector = new HTTPVaultConnector(url, trustedCaCert, retries, null, "TLSv1.1");
        assertThat("Overridden TLS version 1.1 not correct", getRequestHelperPrivate(connector, "tlsVersion"), is("TLSv1.1"));
    }
    /**
     * This test is designed to test exceptions caught and thrown by seal-methods if Vault is not reachable.
     */
    @Test
    public void sealExceptionTest() throws IOException {
        HTTPVaultConnector connector = new HTTPVaultConnector(INVALID_URL);
        try {
            connector.sealStatus();
            fail("Querying seal status succeeded on invalid URL");
        } catch (Exception e) {
            assertThat("Unexpected type of exception", e, instanceOf(InvalidRequestException.class));
            assertThat("Unexpected exception message", e.getMessage(), is("Invalid URI format"));
        }
        connector = new HTTPVaultConnector("https://127.0.0.1", null, 0, 250);
        // Simulate NULL response (mock not supplied with data).
        try {
            connector.sealStatus();
            fail("Querying seal status succeeded on invalid instance");
        } catch (Exception e) {
            assertThat("Unexpected type of exception", e, instanceOf(InvalidResponseException.class));
            assertThat("Unexpected exception message", e.getMessage(), is("Response unavailable"));
        }
    }
    /**
     * This test is designed to test exceptions caught and thrown by seal-methods if Vault is not reachable.
     */
    @Test
    public void healthExceptionTest() throws IOException {
        HTTPVaultConnector connector = new HTTPVaultConnector(INVALID_URL);
        try {
            connector.getHealth();
            fail("Querying health status succeeded on invalid URL");
        } catch (Exception e) {
            assertThat("Unexpected type of exception", e, instanceOf(InvalidRequestException.class));
            assertThat("Unexpected exception message", e.getMessage(), is("Invalid URI format"));
        }
        connector = new HTTPVaultConnector("https://127.0.0.1", null, 0, 250);
        // Simulate NULL response (mock not supplied with data).
        try {
            connector.getHealth();
            fail("Querying health status succeeded on invalid instance");
        } catch (Exception e) {
            assertThat("Unexpected type of exception", e, instanceOf(InvalidResponseException.class));
            assertThat("Unexpected exception message", e.getMessage(), is("Response unavailable"));
        }
    }
    /**
     * Test behavior on unparsable responses.
     */
    @Test
    public void parseExceptionTest() throws IOException {
        HTTPVaultConnector connector = new HTTPVaultConnector("https://127.0.0.1", null, 0, 250);
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
        mockResponse(200, "invalid", ContentType.APPLICATION_JSON);
        // Now test the methods.
        try {
            connector.sealStatus();
            fail("sealStatus() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.unseal("key");
            fail("unseal() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.getHealth();
            fail("getHealth() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.getAuthBackends();
            fail("getAuthBackends() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.authToken("token");
            fail("authToken() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.lookupAppRole("roleName");
            fail("lookupAppRole() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.getAppRoleID("roleName");
            fail("getAppRoleID() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.createAppRoleSecret("roleName");
            fail("createAppRoleSecret() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.lookupAppRoleSecret("roleName", "secretID");
            fail("lookupAppRoleSecret() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.listAppRoles();
            fail("listAppRoles() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.listAppRoleSecrets("roleName");
            fail("listAppRoleSecrets() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.read("key");
            fail("read() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.list("path");
            fail("list() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.renew("leaseID");
            fail("renew() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
        try {
            connector.lookupToken("token");
            fail("lookupToken() succeeded on invalid instance");
        } catch (Exception e) {
            assertParseError(e);
        }
    }
    private void assertParseError(Exception e) {
        assertThat("Unexpected type of exception", e, instanceOf(InvalidResponseException.class));
        assertThat("Unexpected exception message", e.getMessage(), is("Unable to parse response"));
    }
    /**
     * Test requests that expect an empty response with code 204, but receive a 200 body.
     */
    @Test
    public void nonEmpty204ResponseTest() throws IOException {
        HTTPVaultConnector connector = new HTTPVaultConnector("https://127.0.0.1", null, 0, 250);
        // Mock authorization.
        setPrivate(connector, "authorized", true);
        // Mock response.
        mockResponse(200, "{}", ContentType.APPLICATION_JSON);
        // Now test the methods expecting a 204.
        try {
            connector.registerAppId("appID", "policy", "displayName");
            fail("registerAppId() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.registerUserId("appID", "userID");
            fail("registerUserId() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.createAppRole("appID", Collections.singletonList("policy"));
            fail("createAppRole() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.deleteAppRole("roleName");
            fail("deleteAppRole() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.setAppRoleID("roleName", "roleID");
            fail("setAppRoleID() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.destroyAppRoleSecret("roleName", "secretID");
            fail("destroyAppRoleSecret() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.destroyAppRoleSecret("roleName", "secretUD");
            fail("destroyAppRoleSecret() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.delete("key");
            fail("delete() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        try {
            connector.revoke("leaseID");
            fail("destroyAppRoleSecret() with 200 response succeeded");
        } catch (VaultConnectorException e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
    }
    private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName)  {
        try {
            return getPrivate(getPrivate(connector, "request"), fieldName);
        } catch (NoSuchFieldException | IllegalAccessException e) {
            return null;
        }
    }
    private Object getPrivate(Object target, String fieldName) throws NoSuchFieldException, IllegalAccessException {
        Field field = target.getClass().getDeclaredField(fieldName);
        if (field.isAccessible()) {
            return field.get(target);
        }
        field.setAccessible(true);
        Object value = field.get(target);
        field.setAccessible(false);
        return value;
    }
    private void setPrivate(Object target, String fieldName, Object value) {
        try {
            Field field = target.getClass().getDeclaredField(fieldName);
            boolean accessible = field.isAccessible();
            field.setAccessible(true);
            field.set(target, value);
            field.setAccessible(accessible);
        } catch (NoSuchFieldException | IllegalAccessException e) {
            // Should not occur, to be taken care of in test code.
        }
    }
    private void mockResponse(int status, String body, ContentType type) throws IOException {
        when(httpMock.execute(any())).thenReturn(responseMock);
        when(responseMock.getStatusLine()).thenReturn(new BasicStatusLine(new ProtocolVersion("HTTP", 1, 1), status, ""));
        when(responseMock.getEntity()).thenReturn(new StringEntity(body, type));
    }
    /**
     * Mocked {@link HttpClientBuilder} that always returns the mocked client.
     */
    private static class MockedHttpClientBuilder extends HttpClientBuilder {
        @Override
        public CloseableHttpClient build() {
            return httpMock;
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
--- a/src/test/java/de/stklcode/jvault/connector/builder/HTTPVaultConnectorBuilderTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/builder/HTTPVaultConnectorBuilderTest.java
@ -0,0 +1,135 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.builder;
 import de.stklcode.jvault.connector.HTTPVaultConnector;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import org.junit.Rule;
 import org.junit.contrib.java.lang.system.EnvironmentVariables;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 import org.junit.jupiter.migrationsupport.rules.EnableRuleMigrationSupport;
 import java.io.File;
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.nio.file.NoSuchFileException;
 import static org.hamcrest.CoreMatchers.*;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit test for HTTP Vault connector factory
 *
 * @author Stefan Kalscheuer
 * @since 0.8.0
 */
@EnableRuleMigrationSupport
 public class HTTPVaultConnectorBuilderTest {
    private static final String VAULT_ADDR = "https://localhost:8201";
    private static final Integer VAULT_MAX_RETRIES = 13;
    private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
    @TempDir
    File tempDir;
    @Rule
    public final EnvironmentVariables environment = new EnvironmentVariables();
    /**
     * Test building from environment variables
     */
    @Test
    void testFromEnv() throws NoSuchFieldException, IllegalAccessException, IOException {
        /* Provide address only should be enough */
        setenv(VAULT_ADDR, null, null, null);
        HTTPVaultConnectorBuilder factory = null;
        HTTPVaultConnector connector;
        try {
            factory = VaultConnectorBuilder.http().fromEnv();
        } catch (VaultConnectorException e) {
            fail("Factory creation from minimal environment failed");
        }
        connector = factory.build();
        assertThat("URL nor set correctly", getRequestHelperPrivate(connector, "baseURL"), is(equalTo(VAULT_ADDR + "/v1/")));
        assertThat("Trusted CA cert set when no cert provided", getRequestHelperPrivate(connector, "trustedCaCert"), is(nullValue()));
        assertThat("Non-default number of retries, when none set", getRequestHelperPrivate(connector, "retries"), is(0));
        /* Provide address and number of retries */
        setenv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null);
        try {
            factory = VaultConnectorBuilder.http().fromEnv();
        } catch (VaultConnectorException e) {
            fail("Factory creation from environment failed");
        }
        connector = factory.build();
        assertThat("URL nor set correctly", getRequestHelperPrivate(connector, "baseURL"), is(equalTo(VAULT_ADDR + "/v1/")));
        assertThat("Trusted CA cert set when no cert provided", getRequestHelperPrivate(connector, "trustedCaCert"), is(nullValue()));
        assertThat("Number of retries not set correctly", getRequestHelperPrivate(connector, "retries"), is(VAULT_MAX_RETRIES));
        /* Provide CA certificate */
        String VAULT_CACERT = tempDir.toString() + "/doesnotexist";
        setenv(VAULT_ADDR, VAULT_CACERT, VAULT_MAX_RETRIES.toString(), null);
        try {
            VaultConnectorBuilder.http().fromEnv();
            fail("Creation with unknown cert path failed.");
        } catch (VaultConnectorException e) {
            assertThat(e, is(instanceOf(TlsException.class)));
            assertThat(e.getCause(), is(instanceOf(NoSuchFileException.class)));
            assertThat(((NoSuchFileException) e.getCause()).getFile(), is(VAULT_CACERT));
        }
        /* Automatic authentication */
        setenv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN);
        try {
            factory = VaultConnectorBuilder.http().fromEnv();
        } catch (VaultConnectorException e) {
            fail("Factory creation from minimal environment failed");
        }
        assertThat("Token nor set correctly", getPrivate(factory, "token"), is(equalTo(VAULT_TOKEN)));
    }
    private void setenv(String vault_addr, String vault_cacert, String vault_max_retries, String vault_token) {
        environment.set("VAULT_ADDR", vault_addr);
        environment.set("VAULT_CACERT", vault_cacert);
        environment.set("VAULT_MAX_RETRIES", vault_max_retries);
        environment.set("VAULT_TOKEN", vault_token);
    }
    private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {
        return getPrivate(getPrivate(connector, "request"), fieldName);
    }
    private Object getPrivate(Object target, String fieldName) throws NoSuchFieldException, IllegalAccessException {
        Field field = target.getClass().getDeclaredField(fieldName);
        if (field.isAccessible()) {
            return field.get(target);
        }
        field.setAccessible(true);
        Object value = field.get(target);
        field.setAccessible(false);
        return value;
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
@ -0,0 +1,160 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.exception;
 import org.junit.jupiter.api.Test;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.nullValue;
 import static org.hamcrest.core.Is.is;
 /**
 * Common JUnit test for Exceptions extending {@link VaultConnectorException}.
 *
 * @author Stefan Kalscheuer
 * @since 0.6.2
 */
 public class VaultConnectorExceptionTest {
    private static final String MSG = "This is a test exception!";
    private static final Throwable CAUSE = new Exception("Test-Cause");
    private static final Integer STATUS_CODE = 1337;
    private static final String RESPONSE = "Dummy response";
    @Test
    public void authorizationRequiredExceptionTest() {
        assertEmptyConstructor(new AuthorizationRequiredException());
    }
    @Test
    public void connectionExceptionTest() {
        assertEmptyConstructor(new ConnectionException());
        assertMsgConstructor(new ConnectionException(MSG));
        assertCauseConstructor(new ConnectionException(CAUSE));
        assertMsgCauseConstructor(new ConnectionException(MSG, CAUSE));
    }
    @Test
    public void invalidRequestExceptionTest() {
        assertEmptyConstructor(new InvalidRequestException());
        assertMsgConstructor(new InvalidRequestException(MSG));
        assertCauseConstructor(new InvalidRequestException(CAUSE));
        assertMsgCauseConstructor(new InvalidRequestException(MSG, CAUSE));
    }
    @Test
    public void invalidResponseExceptionTest() {
        assertEmptyConstructor(new InvalidResponseException());
        assertMsgConstructor(new InvalidResponseException(MSG));
        assertCauseConstructor(new InvalidResponseException(CAUSE));
        assertMsgCauseConstructor(new InvalidResponseException(MSG, CAUSE));
        // Constructor with message and status code.
        InvalidResponseException e = new InvalidResponseException(MSG, STATUS_CODE);
        assertThat(e.getMessage(), is(MSG));
        assertThat(e.getCause(), is(nullValue()));
        assertThat(e.getStatusCode(), is(STATUS_CODE));
        assertThat(e.getResponse(), is(nullValue()));
        // Constructor with message, status code and cause.
        e = new InvalidResponseException(MSG, STATUS_CODE, CAUSE);
        assertThat(e.getMessage(), is(MSG));
        assertThat(e.getCause(), is(CAUSE));
        assertThat(e.getStatusCode(), is(STATUS_CODE));
        assertThat(e.getResponse(), is(nullValue()));
        // Constructor with message, status code and response.
        e = new InvalidResponseException(MSG, STATUS_CODE, RESPONSE);
        assertThat(e.getMessage(), is(MSG));
        assertThat(e.getCause(), is(nullValue()));
        assertThat(e.getStatusCode(), is(STATUS_CODE));
        assertThat(e.getResponse(), is(RESPONSE));
        // Constructor with message, status code, response and cause.
        e = new InvalidResponseException(MSG, STATUS_CODE, RESPONSE, CAUSE);
        assertThat(e.getMessage(), is(MSG));
        assertThat(e.getCause(), is(CAUSE));
        assertThat(e.getStatusCode(), is(STATUS_CODE));
        assertThat(e.getResponse(), is(RESPONSE));
    }
    @Test
    public void permissionDeniedExceptionTest() {
        // Default message overwritten.
        PermissionDeniedException e = new PermissionDeniedException();
        assertThat(e, is(instanceOf(VaultConnectorException.class)));
        assertThat(e, is(instanceOf(Exception.class)));
        assertThat(e, is(instanceOf(Throwable.class)));
        assertThat(e.getMessage(), is("Permission denied"));
        assertThat(e.getCause(), is(nullValue()));
        assertMsgConstructor(new PermissionDeniedException(MSG));
        assertCauseConstructor(new PermissionDeniedException(CAUSE));
        assertMsgCauseConstructor(new PermissionDeniedException(MSG, CAUSE));
    }
    @Test
    public void tlsExceptionTest() {
        assertEmptyConstructor(new TlsException());
        assertMsgConstructor(new TlsException(MSG));
        assertCauseConstructor(new TlsException(CAUSE));
        assertMsgCauseConstructor(new TlsException(MSG, CAUSE));
    }
    /**
     * Assertions for empty constructor.
     *
     * @param e the exception
     */
    private void assertEmptyConstructor(VaultConnectorException e) {
        assertThat(e, is(instanceOf(VaultConnectorException.class)));
        assertThat(e, is(instanceOf(Exception.class)));
        assertThat(e, is(instanceOf(Throwable.class)));
        assertThat(e.getMessage(), is(nullValue()));
        assertThat(e.getCause(), is(nullValue()));
    }
    /**
     * Assertions for constructor with message.
     *
     * @param e the exception
     */
    private void assertMsgConstructor(VaultConnectorException e) {
        assertThat(e.getMessage(), is(MSG));
        assertThat(e.getCause(), is(nullValue()));
    }
    /**
     * Assertions for constructor with cause.
     *
     * @param e the exception
     */
    private void assertCauseConstructor(VaultConnectorException e) {
        assertThat(e.getMessage(), is(CAUSE.toString()));
        assertThat(e.getCause(), is(CAUSE));
    }
    /**
     * Assertions for constructor with message and cause.
     *
     * @param e the exception
     */
    private void assertMsgCauseConstructor(VaultConnectorException e) {
        assertThat(e.getMessage(), is(MSG));
        assertThat(e.getCause(), is(CAUSE));
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactoryTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactoryTest.java
@ -0,0 +1,135 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.factory;
 import de.stklcode.jvault.connector.HTTPVaultConnector;
 import de.stklcode.jvault.connector.exception.TlsException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import org.junit.Rule;
 import org.junit.contrib.java.lang.system.EnvironmentVariables;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 import org.junit.jupiter.migrationsupport.rules.EnableRuleMigrationSupport;
 import java.io.File;
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.nio.file.NoSuchFileException;
 import static org.hamcrest.CoreMatchers.*;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit test for HTTP Vault connector factory
 *
 * @author Stefan Kalscheuer
 * @since 0.6.0
 */
@EnableRuleMigrationSupport
 public class HTTPVaultConnectorFactoryTest {
    private static String VAULT_ADDR = "https://localhost:8201";
    private static Integer VAULT_MAX_RETRIES = 13;
    private static String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
    @TempDir
    File tempDir;
    @Rule
    public final EnvironmentVariables environment = new EnvironmentVariables();
    /**
     * Test building from environment variables
     */
    @Test
    public void testFromEnv() throws NoSuchFieldException, IllegalAccessException, IOException {
        /* Provide address only should be enough */
        setenv(VAULT_ADDR, null, null, null);
        HTTPVaultConnectorFactory factory = null;
        HTTPVaultConnector connector;
        try {
            factory = VaultConnectorFactory.httpFactory().fromEnv();
        } catch (VaultConnectorException e) {
            fail("Factory creation from minimal environment failed");
        }
        connector = factory.build();
        assertThat("URL nor set correctly", getRequestHelperPrivate(connector, "baseURL"), is(equalTo(VAULT_ADDR + "/v1/")));
        assertThat("Trusted CA cert set when no cert provided", getRequestHelperPrivate(connector, "trustedCaCert"), is(nullValue()));
        assertThat("Non-default number of retries, when none set", getRequestHelperPrivate(connector, "retries"), is(0));
        /* Provide address and number of retries */
        setenv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null);
        try {
            factory = VaultConnectorFactory.httpFactory().fromEnv();
        } catch (VaultConnectorException e) {
            fail("Factory creation from environment failed");
        }
        connector = factory.build();
        assertThat("URL nor set correctly", getRequestHelperPrivate(connector, "baseURL"), is(equalTo(VAULT_ADDR + "/v1/")));
        assertThat("Trusted CA cert set when no cert provided", getRequestHelperPrivate(connector, "trustedCaCert"), is(nullValue()));
        assertThat("Number of retries not set correctly", getRequestHelperPrivate(connector, "retries"), is(VAULT_MAX_RETRIES));
        /* Provide CA certificate */
        String VAULT_CACERT = tempDir.toString() + "/doesnotexist";
        setenv(VAULT_ADDR, VAULT_CACERT, VAULT_MAX_RETRIES.toString(), null);
        try {
            VaultConnectorFactory.httpFactory().fromEnv();
            fail("Creation with unknown cert path failed.");
        } catch (VaultConnectorException e) {
            assertThat(e, is(instanceOf(TlsException.class)));
            assertThat(e.getCause(), is(instanceOf(NoSuchFileException.class)));
            assertThat(((NoSuchFileException) e.getCause()).getFile(), is(VAULT_CACERT));
        }
        /* Automatic authentication */
        setenv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN);
        try {
            factory = VaultConnectorFactory.httpFactory().fromEnv();
        } catch (VaultConnectorException e) {
            fail("Factory creation from minimal environment failed");
        }
        assertThat("Token nor set correctly", getPrivate(getPrivate(factory, "delegate"), "token"), is(equalTo(VAULT_TOKEN)));
    }
    private void setenv(String vault_addr, String vault_cacert, String vault_max_retries, String vault_token) {
        environment.set("VAULT_ADDR", vault_addr);
        environment.set("VAULT_CACERT", vault_cacert);
        environment.set("VAULT_MAX_RETRIES", vault_max_retries);
        environment.set("VAULT_TOKEN", vault_token);
    }
    private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {
        return getPrivate(getPrivate(connector, "request"), fieldName);
    }
    private Object getPrivate(Object target, String fieldName) throws NoSuchFieldException, IllegalAccessException {
        Field field = target.getClass().getDeclaredField(fieldName);
        if (field.isAccessible()) {
            return field.get(target);
        }
        field.setAccessible(true);
        Object value = field.get(target);
        field.setAccessible(false);
        return value;
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleBuilderTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleBuilderTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -18,13 +18,14 @@ package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.junit.BeforeClass;
+import org.junit.jupiter.api.BeforeAll;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
-import java.util.*;
+import java.util.ArrayList;
 import java.util.List;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.assertThat;
 /**
 * JUnit Test for AppRole Builder.
@ -50,10 +51,10 @@ public class AppRoleBuilderTest {
    private static final Integer TOKEN_MAX_TTL = 9600;
    private static final Integer PERIOD = 1234;
    private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
-    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"bound_cidr_list\":\"%s\",\"policies\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"token_ttl\":%d,\"token_max_ttl\":%d,\"period\":%d}",
+    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"bound_cidr_list\":\"%s\",\"secret_id_bound_cidrs\":\"%s\",\"policies\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"token_ttl\":%d,\"token_max_ttl\":%d,\"period\":%d}",
-            NAME, ID, BIND_SECRET_ID, CIDR_1, POLICY, SECRET_ID_NUM_USES, SECRET_ID_TTL, TOKEN_TTL, TOKEN_MAX_TTL, PERIOD);
+            NAME, ID, BIND_SECRET_ID, CIDR_1, CIDR_1, POLICY, SECRET_ID_NUM_USES, SECRET_ID_TTL, TOKEN_TTL, TOKEN_MAX_TTL, PERIOD);
-    @BeforeClass
+    @BeforeAll
    public static void init() {
        BOUND_CIDR_LIST.add(CIDR_1);
        POLICIES.add(POLICY);
@ -68,6 +69,7 @@ public class AppRoleBuilderTest {
        assertThat(role.getId(), is(nullValue()));
        assertThat(role.getBindSecretId(), is(nullValue()));
        assertThat(role.getBoundCidrList(), is(nullValue()));
        assertThat(role.getSecretIdBoundCidrs(), is(nullValue()));
        assertThat(role.getPolicies(), is(nullValue()));
        assertThat(role.getSecretIdNumUses(), is(nullValue()));
        assertThat(role.getSecretIdTtl(), is(nullValue()));
@ -88,6 +90,7 @@ public class AppRoleBuilderTest {
                .withId(ID)
                .withBindSecretID(BIND_SECRET_ID)
                .withBoundCidrList(BOUND_CIDR_LIST)
                .withSecretIdBoundCidrs(BOUND_CIDR_LIST)
                .withPolicies(POLICIES)
                .withSecretIdNumUses(SECRET_ID_NUM_USES)
                .withSecretIdTtl(SECRET_ID_TTL)
@ -99,6 +102,7 @@ public class AppRoleBuilderTest {
        assertThat(role.getId(), is(ID));
        assertThat(role.getBindSecretId(), is(BIND_SECRET_ID));
        assertThat(role.getBoundCidrList(), is(BOUND_CIDR_LIST));
        assertThat(role.getSecretIdBoundCidrs(), is(BOUND_CIDR_LIST));
        assertThat(role.getPolicies(), is(POLICIES));
        assertThat(role.getSecretIdNumUses(), is(SECRET_ID_NUM_USES));
        assertThat(role.getSecretIdTtl(), is(SECRET_ID_TTL));
@ -127,12 +131,16 @@ public class AppRoleBuilderTest {
        role = new AppRoleBuilder(NAME).withCidrBlock(CIDR_2).build();
        assertThat(role.getBoundCidrList(), hasSize(1));
        assertThat(role.getBoundCidrList(), contains(CIDR_2));
        assertThat(role.getSecretIdBoundCidrs(), hasSize(1));
        assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_2));
        role = new AppRoleBuilder(NAME)
-                .withBoundCidrList(BOUND_CIDR_LIST)
+                .withSecretIdBoundCidrs(BOUND_CIDR_LIST)
                .withCidrBlock(CIDR_2)
                .build();
-        assertThat(role.getBoundCidrList(), hasSize(2));
+        assertThat(role.getBoundCidrList(), hasSize(1));
-        assertThat(role.getBoundCidrList(), contains(CIDR_1, CIDR_2));
+        assertThat(role.getBoundCidrList(), contains(CIDR_2));
        assertThat(role.getSecretIdBoundCidrs(), hasSize(2));
        assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_1, CIDR_2));
        /* Add single policy */
        role = new AppRoleBuilder(NAME).withPolicy(POLICY_2).build();
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
@ -0,0 +1,212 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.hamcrest.junit.MatcherAssume.assumeThat;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for AppRoleSecret model.
 *
 * @author Stefan Kalscheuer
 * @since 0.5.0
 */
 public class AppRoleSecretTest {
    private static final String TEST_ID = "abc123";
    private static final Map<String, Object> TEST_META = new HashMap<>();
    private static final List<String> TEST_CIDR = Arrays.asList("203.0.113.0/24", "198.51.100.0/24");
    static {
        TEST_META.put("foo", "bar");
        TEST_META.put("number", 1337);
    }
    /**
     * Test constructors.
     */
    @Test
    public void constructorTest() {
        /* Empty constructor */
        AppRoleSecret secret = new AppRoleSecret();
        assertThat(secret.getId(), is(nullValue()));
        assertThat(secret.getAccessor(), is(nullValue()));
        assertThat(secret.getMetadata(), is(nullValue()));
        assertThat(secret.getCidrList(), is(nullValue()));
        assertThat(secret.getCidrListString(), is(emptyString()));
        assertThat(secret.getCreationTime(), is(nullValue()));
        assertThat(secret.getExpirationTime(), is(nullValue()));
        assertThat(secret.getLastUpdatedTime(), is(nullValue()));
        assertThat(secret.getNumUses(), is(nullValue()));
        assertThat(secret.getTtl(), is(nullValue()));
        /* Constructor with ID */
        secret = new AppRoleSecret(TEST_ID);
        assertThat(secret.getId(), is(TEST_ID));
        assertThat(secret.getAccessor(), is(nullValue()));
        assertThat(secret.getMetadata(), is(nullValue()));
        assertThat(secret.getCidrList(), is(nullValue()));
        assertThat(secret.getCidrListString(), is(emptyString()));
        assertThat(secret.getCreationTime(), is(nullValue()));
        assertThat(secret.getExpirationTime(), is(nullValue()));
        assertThat(secret.getLastUpdatedTime(), is(nullValue()));
        assertThat(secret.getNumUses(), is(nullValue()));
        assertThat(secret.getTtl(), is(nullValue()));
        /* Constructor with Metadata and CIDR bindings */
        secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
        assertThat(secret.getId(), is(TEST_ID));
        assertThat(secret.getAccessor(), is(nullValue()));
        assertThat(secret.getMetadata(), is(TEST_META));
        assertThat(secret.getCidrList(), is(TEST_CIDR));
        assertThat(secret.getCidrListString(), is(String.join(",", TEST_CIDR)));
        assertThat(secret.getCreationTime(), is(nullValue()));
        assertThat(secret.getExpirationTime(), is(nullValue()));
        assertThat(secret.getLastUpdatedTime(), is(nullValue()));
        assertThat(secret.getNumUses(), is(nullValue()));
        assertThat(secret.getTtl(), is(nullValue()));
    }
    /**
     * Test setter.
     */
    @Test
    public void setterTest() {
        AppRoleSecret secret = new AppRoleSecret(TEST_ID);
        assertThat(secret.getCidrList(), is(nullValue()));
        assertThat(secret.getCidrListString(), is(emptyString()));
        secret.setCidrList(TEST_CIDR);
        assertThat(secret.getCidrList(), is(TEST_CIDR));
        assertThat(secret.getCidrListString(), is(String.join(",", TEST_CIDR)));
        secret.setCidrList(null);
        assertThat(secret.getCidrList(), is(nullValue()));
        assertThat(secret.getCidrListString(), is(emptyString()));
    }
    /**
     * Test JSON (de)serialization.
     */
    @Test
    public void jsonTest() throws NoSuchFieldException, IllegalAccessException {
        ObjectMapper mapper = new ObjectMapper();
        /* A simple roundtrip first. All set fields should be present afterwards. */
        AppRoleSecret secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
        String secretJson = "";
        try {
            secretJson = mapper.writeValueAsString(secret);
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            fail("Serialization failed");
        }
        /* CIDR list is comma-separated when used as input, but List otherwise, hence convert string to list */
        secretJson = commaSeparatedToList(secretJson);
        AppRoleSecret secret2;
        try {
            secret2 = mapper.readValue(secretJson, AppRoleSecret.class);
            assertThat(secret.getId(), is(secret2.getId()));
            assertThat(secret.getMetadata(), is(secret2.getMetadata()));
            assertThat(secret.getCidrList(), is(secret2.getCidrList()));
        } catch (IOException e) {
            e.printStackTrace();
            fail("Deserialization failed");
        }
        /* Test fields, that should not be written to JSON */
        setPrivateField(secret, "accessor", "TEST_ACCESSOR");
        assumeThat(secret.getAccessor(), is("TEST_ACCESSOR"));
        setPrivateField(secret, "creationTime", "TEST_CREATION");
        assumeThat(secret.getCreationTime(), is("TEST_CREATION"));
        setPrivateField(secret, "expirationTime", "TEST_EXPIRATION");
        assumeThat(secret.getExpirationTime(), is("TEST_EXPIRATION"));
        setPrivateField(secret, "lastUpdatedTime", "TEST_UPDATETIME");
        assumeThat(secret.getLastUpdatedTime(), is("TEST_UPDATETIME"));
        setPrivateField(secret, "numUses", 678);
        assumeThat(secret.getNumUses(), is(678));
        setPrivateField(secret, "ttl", 12345);
        assumeThat(secret.getTtl(), is(12345));
        try {
            secretJson = mapper.writeValueAsString(secret);
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            fail("Serialization failed");
        }
        try {
            secret2 = mapper.readValue(commaSeparatedToList(secretJson), AppRoleSecret.class);
            assertThat(secret.getId(), is(secret2.getId()));
            assertThat(secret.getMetadata(), is(secret2.getMetadata()));
            assertThat(secret.getCidrList(), is(secret2.getCidrList()));
            assertThat(secret2.getAccessor(), is(nullValue()));
            assertThat(secret2.getCreationTime(), is(nullValue()));
            assertThat(secret2.getExpirationTime(), is(nullValue()));
            assertThat(secret2.getLastUpdatedTime(), is(nullValue()));
            assertThat(secret2.getNumUses(), is(nullValue()));
            assertThat(secret2.getTtl(), is(nullValue()));
        } catch (IOException e) {
            e.printStackTrace();
            fail("Deserialization failed");
        }
        /* Those fields should be deserialized from JSON though */
        secretJson = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
                "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
                "\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
                "\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
        try {
            secret2 = mapper.readValue(secretJson, AppRoleSecret.class);
            assertThat(secret2.getAccessor(), is("TEST_ACCESSOR"));
            assertThat(secret2.getCreationTime(), is("TEST_CREATION"));
            assertThat(secret2.getExpirationTime(), is("TEST_EXPIRATION"));
            assertThat(secret2.getLastUpdatedTime(), is("TEST_LASTUPDATE"));
            assertThat(secret2.getNumUses(), is(678));
            assertThat(secret2.getTtl(), is(12345));
        } catch (IOException e) {
            e.printStackTrace();
            fail("Deserialization failed");
        }
    }
    private static void setPrivateField(Object object, String fieldName, Object value) throws NoSuchFieldException, IllegalAccessException {
        Field field = object.getClass().getDeclaredField(fieldName);
        boolean accessible = field.isAccessible();
        field.setAccessible(true);
        field.set(object, value);
        field.setAccessible(accessible);
    }
    private static String commaSeparatedToList(String json) {
        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":\\[$1\\]")
                .replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,10 +16,10 @@
 package de.stklcode.jvault.connector.model;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
-import static org.hamcrest.Matchers.*;
+import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.Assert.assertThat;
+import static org.hamcrest.Matchers.is;
 /**
 * JUnit Test for AuthBackend model.
@ -37,6 +37,7 @@ public class AuthBackendTest {
        assertThat(AuthBackend.forType("token"), is(AuthBackend.TOKEN));
        assertThat(AuthBackend.forType("app-id"), is(AuthBackend.APPID));
        assertThat(AuthBackend.forType("userpass"), is(AuthBackend.USERPASS));
        assertThat(AuthBackend.forType("github"), is(AuthBackend.GITHUB));
        assertThat(AuthBackend.forType(""), is(AuthBackend.UNKNOWN));
        assertThat(AuthBackend.forType("foobar"), is(AuthBackend.UNKNOWN));
    }
--- a/src/test/java/de/stklcode/jvault/connector/model/TokenBuilderTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/TokenBuilderTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -18,16 +18,16 @@ package de.stklcode.jvault.connector.model;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.junit.BeforeClass;
+import org.junit.jupiter.api.BeforeAll;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.assertThat;
 /**
 * JUnit Test for Token Builder.
@ -45,7 +45,8 @@ public class TokenBuilderTest {
    private static final Integer NUM_USES = 4;
    private static final List<String> POLICIES = new ArrayList<>();
    private static final String POLICY = "policy";
-    private static final String POLICY_2 = "policy";
+    private static final String POLICY_2 = "policy2";
    private static final String POLICY_3 = "policy3";
    private static final Map<String, String> META = new HashMap<>();
    private static final String META_KEY = "key";
    private static final String META_VALUE = "value";
@ -54,7 +55,7 @@ public class TokenBuilderTest {
    private static final Boolean RENEWABLE = true;
    private static final String JSON_FULL = "{\"id\":\"test-id\",\"display_name\":\"display-name\",\"no_parent\":false,\"no_default_policy\":false,\"ttl\":123,\"num_uses\":4,\"policies\":[\"policy\"],\"meta\":{\"key\":\"value\"},\"renewable\":true}";
-    @BeforeClass
+    @BeforeAll
    public static void init() {
        POLICIES.add(POLICY);
        META.put(META_KEY, META_VALUE);
@ -138,11 +139,11 @@ public class TokenBuilderTest {
        assertThat(token.getPolicies(), hasSize(1));
        assertThat(token.getPolicies(), contains(POLICY_2));
        token = new TokenBuilder()
-                .withPolicies(POLICIES)
+                .withPolicies(POLICY, POLICY_2)
-                .withPolicy(POLICY_2)
+                .withPolicy(POLICY_3)
                .build();
-        assertThat(token.getPolicies(), hasSize(2));
+        assertThat(token.getPolicies(), hasSize(3));
-        assertThat(token.getPolicies(), contains(POLICY, POLICY_2));
+        assertThat(token.getPolicies(), contains(POLICY, POLICY_2, POLICY_3));
        /* Add single metadata */
        token = new TokenBuilder().withMeta(META_KEY_2, META_VALUE_2).build();
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
@ -0,0 +1,117 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AppRole;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link AppRoleResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.6.2
 */
 public class AppRoleResponseTest {
    private static final Integer ROLE_TOKEN_TTL = 1200;
    private static final Integer ROLE_TOKEN_MAX_TTL = 1800;
    private static final Integer ROLE_SECRET_TTL = 600;
    private static final Integer ROLE_SECRET_NUM_USES = 40;
    private static final String ROLE_POLICY = "default";
    private static final Integer ROLE_PERIOD = 0;
    private static final Boolean ROLE_BIND_SECRET = true;
    private static final String RES_JSON = "{\n" +
            "  \"auth\": null,\n" +
            "  \"warnings\": null,\n" +
            "  \"wrap_info\": null,\n" +
            "  \"data\": {\n" +
            "    \"token_ttl\": " + ROLE_TOKEN_TTL + ",\n" +
            "    \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" +
            "    \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" +
            "    \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" +
            "    \"policies\": [\n" +
            "      \"" + ROLE_POLICY + "\"\n" +
            "    ],\n" +
            "    \"period\": " + ROLE_PERIOD + ",\n" +
            "    \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" +
            "    \"bound_cidr_list\": \"\"\n" +
            "  },\n" +
            "  \"lease_duration\": 0,\n" +
            "  \"renewable\": false,\n" +
            "  \"lease_id\": \"\"\n" +
            "}";
    private static final Map<String, Object> INVALID_DATA = new HashMap<>();
    static {
        INVALID_DATA.put("policies", "fancy-policy");
    }
    /**
     * Test getter, setter and get-methods for response data.
     */
    @Test
    public void getDataRoundtrip() {
        // Create empty Object.
        AppRoleResponse res = new AppRoleResponse();
        assertThat("Initial data should be empty", res.getRole(), is(nullValue()));
        // Parsing invalid auth data map should fail.
        try {
            res.setData(INVALID_DATA);
            fail("Parsing invalid data succeeded");
        } catch (Exception e) {
            assertThat(e, is(instanceOf(InvalidResponseException.class)));
        }
    }
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            AppRoleResponse res = new ObjectMapper().readValue(RES_JSON, AppRoleResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            // Extract role data.
            AppRole role = res.getRole();
            assertThat("Role data is NULL", role, is(notNullValue()));
            assertThat("Incorrect token TTL", role.getTokenTtl(), is(ROLE_TOKEN_TTL));
            assertThat("Incorrect token max TTL", role.getTokenMaxTtl(), is(ROLE_TOKEN_MAX_TTL));
            assertThat("Incorrect secret ID TTL", role.getSecretIdTtl(), is(ROLE_SECRET_TTL));
            assertThat("Incorrect secret ID umber of uses", role.getSecretIdNumUses(), is(ROLE_SECRET_NUM_USES));
            assertThat("Incorrect number of policies", role.getPolicies(), hasSize(1));
            assertThat("Incorrect role policies", role.getPolicies(), contains(ROLE_POLICY));
            assertThat("Incorrect role period", role.getPeriod(), is(ROLE_PERIOD));
            assertThat("Incorrect role bind secret ID flag", role.getBindSecretId(), is(ROLE_BIND_SECRET));
            assertThat("Incorrect biund CIDR list", role.getBoundCidrList(), is(nullValue()));
            assertThat("Incorrect biund CIDR list string", role.getBoundCidrListString(), is(emptyString()));
        } catch (IOException e) {
            fail("AuthResponse deserialization failed: " + e.getMessage());
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
@ -0,0 +1,128 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AuthBackend;
 import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link AuthMethodsResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.6.2
 */
 public class AuthMethodsResponseTest {
    private static final String GH_PATH = "github/";
    private static final String GH_TYPE = "github";
    private static final String GH_DESCR = "GitHub auth";
    private static final String TK_PATH = "token/";
    private static final String TK_TYPE = "token";
    private static final String TK_DESCR = "token based credentials";
    private static final Integer TK_LEASE_TTL = 0;
    private static final Integer TK_MAX_LEASE_TTL = 0;
    private static final String RES_JSON = "{\n" +
            "  \"data\": {" +
            "    \"" + GH_PATH + "\": {\n" +
            "      \"type\": \"" + GH_TYPE + "\",\n" +
            "      \"description\": \"" + GH_DESCR + "\"\n" +
            "    },\n" +
            "    \"" + TK_PATH + "\": {\n" +
            "      \"config\": {\n" +
            "        \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" +
            "        \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + "\n" +
            "      },\n" +
            "      \"description\": \"" + TK_DESCR + "\",\n" +
            "      \"type\": \"" + TK_TYPE + "\"\n" +
            "    }\n" +
            "  }\n" +
            "}";
    private static final Map<String, Object> INVALID_DATA = new HashMap<>();
    static {
        INVALID_DATA.put("dummy/", new Dummy());
    }
    /**
     * Test getter, setter and get-methods for response data.
     */
    @Test
    public void getDataRoundtrip() {
        // Create empty Object.
        AuthMethodsResponse res = new AuthMethodsResponse();
        assertThat("Initial method map should be empty", res.getSupportedMethods(), is(anEmptyMap()));
        // Parsing invalid data map should fail.
        try {
            res.setData(INVALID_DATA);
            fail("Parsing invalid data succeeded");
        } catch (Exception e) {
            assertThat(e, is(instanceOf(InvalidResponseException.class)));
        }
    }
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            AuthMethodsResponse res = new ObjectMapper().readValue(RES_JSON, AuthMethodsResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            // Extract auth data.
            Map<String, AuthMethod> supported = res.getSupportedMethods();
            assertThat("Auth data is NULL", supported, is(notNullValue()));
            assertThat("Incorrect number of supported methods", supported.entrySet(), hasSize(2));
            assertThat("Incorrect method paths", supported.keySet(), containsInAnyOrder(GH_PATH, TK_PATH));
            // Verify first method.
            AuthMethod method = supported.get(GH_PATH);
            assertThat("Incorrect raw type for GitHub", method.getRawType(), is(GH_TYPE));
            assertThat("Incorrect parsed type for GitHub", method.getType(), is(AuthBackend.GITHUB));
            assertThat("Incorrect description for GitHub", method.getDescription(), is(GH_DESCR));
            assertThat("Unexpected config for GitHub", method.getConfig(), is(nullValue()));
            // Verify first method.
            method = supported.get(TK_PATH);
            assertThat("Incorrect raw type for Token", method.getRawType(), is(TK_TYPE));
            assertThat("Incorrect parsed type for Token", method.getType(), is(AuthBackend.TOKEN));
            assertThat("Incorrect description for Token", method.getDescription(), is(TK_DESCR));
            assertThat("Missing config for Token", method.getConfig(), is(notNullValue()));
            assertThat("Unexpected config size for Token", method.getConfig().keySet(), hasSize(2));
            assertThat("Incorrect lease TTL config", method.getConfig().get("default_lease_ttl"), is(TK_LEASE_TTL.toString()));
            assertThat("Incorrect max lease TTL config", method.getConfig().get("max_lease_ttl"), is(TK_MAX_LEASE_TTL.toString()));
        } catch (IOException e) {
            fail("AuthResponse deserialization failed: " + e.getMessage());
        }
    }
    private static class Dummy {
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
@ -0,0 +1,113 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link AuthResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.6.2
 */
 public class AuthResponseTest {
    private static final String AUTH_ACCESSOR = "2c84f488-2133-4ced-87b0-570f93a76830";
    private static final String AUTH_CLIENT_TOKEN = "ABCD";
    private static final String AUTH_POLICY_1 = "web";
    private static final String AUTH_POLICY_2 = "stage";
    private static final String AUTH_META_KEY = "user";
    private static final String AUTH_META_VALUE = "armon";
    private static final Integer AUTH_LEASE_DURATION = 3600;
    private static final Boolean AUTH_RENEWABLE = true;
    private static final String RES_JSON = "{\n" +
            "  \"auth\": {\n" +
            "    \"accessor\": \"" + AUTH_ACCESSOR + "\",\n" +
            "    \"client_token\": \"" + AUTH_CLIENT_TOKEN + "\",\n" +
            "    \"policies\": [\n" +
            "      \"" + AUTH_POLICY_1 + "\", \n" +
            "      \"" + AUTH_POLICY_2 + "\"\n" +
            "    ],\n" +
            "    \"metadata\": {\n" +
            "      \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" +
            "    },\n" +
            "    \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" +
            "    \"renewable\": " + AUTH_RENEWABLE + "\n" +
            "  }\n" +
            "}";
    private static final Map<String, Object> INVALID_AUTH_DATA = new HashMap<>();
    static {
        INVALID_AUTH_DATA.put("policies", "fancy-policy");
    }
    /**
     * Test getter, setter and get-methods for response data.
     */
    @Test
    public void getDataRoundtrip() {
        // Create empty Object.
        AuthResponse res = new AuthResponse();
        assertThat("Initial data should be empty", res.getData(), is(nullValue()));
        // Parsing invalid auth data map should fail.
        try {
            res.setAuth(INVALID_AUTH_DATA);
            fail("Parsing invalid auth data succeeded");
        } catch (Exception e) {
            assertThat(e, is(instanceOf(InvalidResponseException.class)));
        }
        // Data method should be agnostic.
        res.setData(INVALID_AUTH_DATA);
        assertThat("Data not passed through", res.getData(), is(INVALID_AUTH_DATA));
    }
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            AuthResponse res = new ObjectMapper().readValue(RES_JSON, AuthResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            // Extract auth data.
            AuthData data = res.getAuth();
            assertThat("Auth data is NULL", data, is(notNullValue()));
            assertThat("Incorrect auth accessor", data.getAccessor(), is(AUTH_ACCESSOR));
            assertThat("Incorrect auth client token", data.getClientToken(), is(AUTH_CLIENT_TOKEN));
            assertThat("Incorrect auth lease duration", data.getLeaseDuration(), is(AUTH_LEASE_DURATION));
            assertThat("Incorrect auth renewable flag", data.isRenewable(), is(AUTH_RENEWABLE));
            assertThat("Incorrect number of policies", data.getPolicies(), hasSize(2));
            assertThat("Incorrect auth policies", data.getPolicies(), containsInAnyOrder(AUTH_POLICY_1, AUTH_POLICY_2));
        } catch (IOException e) {
            fail("AuthResponse deserialization failed: " + e.getMessage());
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
@ -0,0 +1,66 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link CredentialsResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.8
 */
 public class CredentialsResponseTest {
    private static final Map<String, Object> DATA = new HashMap<>();
    private static final String VAL_USER = "testUserName";
    private static final String VAL_PASS = "5up3r5ecr3tP455";
    static {
        DATA.put("username", VAL_USER);
        DATA.put("password", VAL_PASS);
    }
    /**
     * Test getter, setter and get-methods for response data.
     *
     * @throws InvalidResponseException Should not occur
     */
    @Test
    @SuppressWarnings("unchecked")
    public void getCredentialsTest() throws InvalidResponseException {
        // Create empty Object.
        CredentialsResponse res = new CredentialsResponse();
        assertThat("Username not present in data map should not return anything", res.getUsername(), is(nullValue()));
        assertThat("Password not present in data map should not return anything", res.getPassword(), is(nullValue()));
        // Fill data map.
        res.setData(DATA);
        assertThat("Incorrect username", res.getUsername(), is(VAL_USER));
        assertThat("Incorrect password", res.getPassword(), is(VAL_PASS));
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
@ -0,0 +1,81 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link AuthResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.7.0
 */
 public class HealthResponseTest {
    private static final String CLUSTER_ID = "c9abceea-4f46-4dab-a688-5ce55f89e228";
    private static final String CLUSTER_NAME = "vault-cluster-5515c810";
    private static final String VERSION = "0.9.2";
    private static final Long SERVER_TIME_UTC = 1469555798L;
    private static final Boolean STANDBY = false;
    private static final Boolean SEALED = false;
    private static final Boolean INITIALIZED = true;
    private static final Boolean PERF_STANDBY = false;
    private static final String REPL_PERF_MODE = "disabled";
    private static final String REPL_DR_MODE = "disabled";
    private static final String RES_JSON = "{\n" +
            "  \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
            "  \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
            "  \"version\": \"" + VERSION + "\",\n" +
            "  \"server_time_utc\": " + SERVER_TIME_UTC + ",\n" +
            "  \"standby\": " + STANDBY + ",\n" +
            "  \"sealed\": " + SEALED + ",\n" +
            "  \"initialized\": " + INITIALIZED + ",\n" +
            "  \"replication_perf_mode\": \"" + REPL_PERF_MODE + "\",\n" +
            "  \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" +
            "  \"performance_standby\": " + PERF_STANDBY + "\n" +
            "}";
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            HealthResponse res = new ObjectMapper().readValue(RES_JSON, HealthResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            assertThat("Incorrect cluster ID", res.getClusterID(), is(CLUSTER_ID));
            assertThat("Incorrect cluster name", res.getClusterName(), is(CLUSTER_NAME));
            assertThat("Incorrect version", res.getVersion(), is(VERSION));
            assertThat("Incorrect server time", res.getServerTimeUTC(), is(SERVER_TIME_UTC));
            assertThat("Incorrect standby state", res.isStandby(), is(STANDBY));
            assertThat("Incorrect seal state", res.isSealed(), is(SEALED));
            assertThat("Incorrect initialization state", res.isInitialized(), is(INITIALIZED));
            assertThat("Incorrect performance standby state", res.isPerformanceStandby(), is(PERF_STANDBY));
            assertThat("Incorrect replication perf mode", res.getReplicationPerfMode(), is(REPL_PERF_MODE));
            assertThat("Incorrect replication DR mode", res.getReplicationDrMode(), is(REPL_DR_MODE));
        } catch (IOException e) {
            fail("Health deserialization failed: " + e.getMessage());
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
@ -0,0 +1,100 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link MetadataResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.8
 */
 public class MetadataResponseTest {
    private static final String V1_TIME = "2018-03-22T02:24:06.945319214Z";
    private static final String V3_TIME = "2018-03-22T02:36:43.986212308Z";
    private static final String V2_TIME = "2018-03-22T02:36:33.954880664Z";
    private static final Integer CURRENT_VERSION = 3;
    private static final Integer MAX_VERSIONS = 0;
    private static final Integer OLDEST_VERSION = 1;
    private static final String META_JSON = "{\n" +
            "  \"data\": {\n" +
            "    \"created_time\": \"" + V1_TIME + "\",\n" +
            "    \"current_version\": " + CURRENT_VERSION + ",\n" +
            "    \"max_versions\": " + MAX_VERSIONS + ",\n" +
            "    \"oldest_version\": " + OLDEST_VERSION + ",\n" +
            "    \"updated_time\": \"" + V3_TIME + "\",\n" +
            "    \"versions\": {\n" +
            "      \"1\": {\n" +
            "        \"created_time\": \"" + V1_TIME + "\",\n" +
            "        \"deletion_time\": \"" + V2_TIME + "\",\n" +
            "        \"destroyed\": true\n" +
            "      },\n" +
            "      \"2\": {\n" +
            "        \"created_time\": \"" + V2_TIME + "\",\n" +
            "        \"deletion_time\": \"\",\n" +
            "        \"destroyed\": false\n" +
            "      },\n" +
            "      \"3\": {\n" +
            "        \"created_time\": \"" + V3_TIME + "\",\n" +
            "        \"deletion_time\": \"\",\n" +
            "        \"destroyed\": false\n" +
            "      }\n" +
            "    }\n" +
            "  }\n" +
            "}";
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            MetadataResponse res = new ObjectMapper().readValue(META_JSON, MetadataResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            assertThat("Parsed metadatra is NULL", res.getMetadata(), is(notNullValue()));
            assertThat("Incorrect created time", res.getMetadata().getCreatedTimeString(), is(V1_TIME));
            assertThat("Parting created time failed", res.getMetadata().getCreatedTime(), is(notNullValue()));
            assertThat("Incorrect current version", res.getMetadata().getCurrentVersion(), is(CURRENT_VERSION));
            assertThat("Incorrect max versions", res.getMetadata().getMaxVersions(), is(MAX_VERSIONS));
            assertThat("Incorrect oldest version", res.getMetadata().getOldestVersion(), is(OLDEST_VERSION));
            assertThat("Incorrect updated time", res.getMetadata().getUpdatedTimeString(), is(V3_TIME));
            assertThat("Parting updated time failed", res.getMetadata().getUpdatedTime(), is(notNullValue()));
            assertThat("Incorrect number of versions", res.getMetadata().getVersions().size(), is(3));
            assertThat("Incorrect version 1 delete time", res.getMetadata().getVersions().get(1).getDeletionTimeString(), is(V2_TIME));
            assertThat("Parsion version delete time failed", res.getMetadata().getVersions().get(1).getDeletionTime(), is(notNullValue()));
            assertThat("Incorrect version 1 destroyed state", res.getMetadata().getVersions().get(1).isDestroyed(), is(true));
            assertThat("Incorrect version 2 created time", res.getMetadata().getVersions().get(2).getCreatedTimeString(), is(V2_TIME));
            assertThat("Parsion version created failed", res.getMetadata().getVersions().get(2).getCreatedTime(), is(notNullValue()));
            assertThat("Incorrect version 3 destroyed state", res.getMetadata().getVersions().get(3).isDestroyed(), is(false));
        } catch (IOException e) {
            fail("MetadataResoponse deserialization failed: " + e.getMessage());
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
@ -0,0 +1,112 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link SealResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.8
 */
 public class SealResponseTest {
    private static final String TYPE = "shamir";
    private static final Integer THRESHOLD = 3;
    private static final Integer SHARES = 5;
    private static final Integer PROGRESS_SEALED = 2;
    private static final Integer PROGRESS_UNSEALED = 0;
    private static final String VERSION = "0.11.2";
    private static final String CLUSTER_NAME = "vault-cluster-d6ec3c7f";
    private static final String CLUSTER_ID = "3e8b3fec-3749-e056-ba41-b62a63b997e8";
    private static final String NONCE = "ef05d55d-4d2c-c594-a5e8-55bc88604c24";
    private static final String RES_SEALED = "{\n" +
            "  \"type\": \"" + TYPE + "\",\n" +
            "  \"sealed\": true,\n" +
            "  \"initialized\": true,\n" +
            "  \"t\": " + THRESHOLD + ",\n" +
            "  \"n\": " + SHARES + ",\n" +
            "  \"progress\": " + PROGRESS_SEALED + ",\n" +
            "  \"nonce\": \"\",\n" +
            "  \"version\": \"" + VERSION + "\"\n" +
            "}";
    private static final String RES_UNSEALED = "{\n" +
            "  \"type\": \"" + TYPE + "\",\n" +
            "  \"sealed\": false,\n" +
            "  \"initialized\": true,\n" +
            "  \"t\": " + THRESHOLD + ",\n" +
            "  \"n\": " + SHARES + ",\n" +
            "  \"progress\": " + PROGRESS_UNSEALED + ",\n" +
            "  \"version\": \"" + VERSION + "\",\n" +
            "  \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
            "  \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
            "  \"nonce\": \"" + NONCE + "\"\n" +
            "}";
    /**
     * Test creation from JSON value as returned by Vault when sealed (JSON example close to Vault documentation).
     */
    @Test
    public void jsonRoundtripSealed() {
        // First test sealed Vault's response.
        try {
            SealResponse res = new ObjectMapper().readValue(RES_SEALED, SealResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            assertThat("Incorrect seal type", res.getType(), is(TYPE));
            assertThat("Incorrect seal status", res.isSealed(), is(true));
            assertThat("Incorrect initialization status", res.isInitialized(), is(true));
            assertThat("Incorrect threshold", res.getThreshold(), is(THRESHOLD));
            assertThat("Incorrect number of shares", res.getNumberOfShares(), is(SHARES));
            assertThat("Incorrect progress", res.getProgress(), is(PROGRESS_SEALED));
            assertThat("Nonce not empty", res.getNonce(), is(""));
            assertThat("Incorrect version", res.getVersion(), is(VERSION));
            // And the fields, that should not be filled.
            assertThat("Cluster name should not be populated", res.getClusterName(), is(nullValue()));
            assertThat("Cluster ID should not be populated", res.getClusterId(), is(nullValue()));
        } catch (IOException e) {
            fail("TokenResponse deserialization failed: " + e.getMessage());
        }
        // Not test unsealed Vault's response.
        try {
            SealResponse res = new ObjectMapper().readValue(RES_UNSEALED, SealResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            assertThat("Incorrect seal type", res.getType(), is(TYPE));
            assertThat("Incorrect seal status", res.isSealed(), is(false));
            assertThat("Incorrect initialization status", res.isInitialized(), is(true));
            assertThat("Incorrect threshold", res.getThreshold(), is(THRESHOLD));
            assertThat("Incorrect number of shares", res.getNumberOfShares(), is(SHARES));
            assertThat("Incorrect progress", res.getProgress(), is(PROGRESS_UNSEALED));
            assertThat("Incorrect nonce", res.getNonce(), is(NONCE));
            assertThat("Incorrect version", res.getVersion(), is(VERSION));
            assertThat("Incorrect cluster name", res.getClusterName(), is(CLUSTER_NAME));
            assertThat("Incorrect cluster ID", res.getClusterId(), is(CLUSTER_ID));
        } catch (IOException e) {
            fail("TokenResponse deserialization failed: " + e.getMessage());
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
@ -0,0 +1,75 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import org.junit.jupiter.api.Test;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.fail;
 /**
 * JUnit Test for {@link SecretListResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.8
 */
 public class SecretListResponseTest {
    private static final Map<String, Object> DATA = new HashMap<>();
    private static final String KEY1 = "key1";
    private static final String KEY2 = "key-2";
    private static final List<String> KEYS = Arrays.asList(KEY1, KEY2);
    static {
        DATA.put("keys", KEYS);
    }
    /**
     * Test getter, setter and get-methods for response data.
     *
     * @throws InvalidResponseException Should not occur
     */
    @Test
    @SuppressWarnings("unchecked")
    public void getKeysTest() throws InvalidResponseException {
        // Create empty Object.
        SecretListResponse res = new SecretListResponse();
        assertThat("Keys should be null without initialization", res.getKeys(), is(nullValue()));
        // Provoke internal ClassCastException.
        try {
            Map<String, Object> invalidData = new HashMap<>();
            invalidData.put("keys", "some string");
            res.setData(invalidData);
            fail("Setting incorrect class succeeded");
        } catch (Exception e) {
            assertThat("Unexpected exception type", e, instanceOf(InvalidResponseException.class));
        }
        // Fill correct data.
        res.setData(DATA);
        assertThat("Keys should be filled here", res.getKeys(), is(notNullValue()));
        assertThat("Unexpected number of keys", res.getKeys(), hasSize(2));
        assertThat("Unexpected keys", res.getKeys(), contains(KEY1, KEY2));
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretResponseTest.java
@ -0,0 +1,206 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link SecretResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.6.2
 */
 public class SecretResponseTest {
    private static final Map<String, Object> DATA = new HashMap<>();
    private static final String KEY_UNKNOWN = "unknown";
    private static final String KEY_STRING = "test1";
    private static final String VAL_STRING = "testvalue";
    private static final String KEY_INTEGER = "test2";
    private static final Integer VAL_INTEGER = 42;
    private static final String KEY_LIST = "list";
    private static final String VAL_LIST = "[\"first\",\"second\"]";
    private static final String SECRET_REQUEST_ID = "68315073-6658-e3ff-2da7-67939fb91bbd";
    private static final String SECRET_LEASE_ID = "";
    private static final Integer SECRET_LEASE_DURATION = 2764800;
    private static final boolean SECRET_RENEWABLE = false;
    private static final String SECRET_DATA_K1 = "excited";
    private static final String SECRET_DATA_V1 = "yes";
    private static final String SECRET_DATA_K2 = "value";
    private static final String SECRET_DATA_V2 = "world";
    private static final String SECRET_META_CREATED = "2018-03-22T02:24:06.945319214Z";
    private static final String SECRET_META_DELETED = "2018-03-23T03:25:07.056420325Z";
    private static final List<String> SECRET_WARNINGS = null;
    private static final String SECRET_JSON = "{\n" +
            "    \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
            "    \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
            "    \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
            "    \"renewable\": " + SECRET_RENEWABLE + ",\n" +
            "    \"data\": {\n" +
            "        \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
            "        \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
            "    },\n" +
            "    \"warnings\": " + SECRET_WARNINGS + "\n" +
            "}";
    private static final String SECRET_JSON_V2 = "{\n" +
            "    \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
            "    \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
            "    \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
            "    \"renewable\": " + SECRET_RENEWABLE + ",\n" +
            "    \"data\": {\n" +
            "      \"data\": {\n" +
            "          \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
            "          \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
            "      },\n" +
            "      \"metadata\": {\n" +
            "          \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
            "          \"deletion_time\": \"\",\n" +
            "          \"destroyed\": false,\n" +
            "          \"version\": 1\n" +
            "      }\n" +
            "    },\n" +
            "    \"warnings\": " + SECRET_WARNINGS + "\n" +
            "}";
    private static final String SECRET_JSON_V2_2 = "{\n" +
            "    \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
            "    \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
            "    \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
            "    \"renewable\": " + SECRET_RENEWABLE + ",\n" +
            "    \"data\": {\n" +
            "      \"data\": {\n" +
            "          \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
            "          \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
            "      },\n" +
            "      \"metadata\": {\n" +
            "          \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
            "          \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" +
            "          \"destroyed\": true,\n" +
            "          \"version\": 2\n" +
            "      }\n" +
            "    },\n" +
            "    \"warnings\": " + SECRET_WARNINGS + "\n" +
            "}";
    static {
        DATA.put(KEY_STRING, VAL_STRING);
        DATA.put(KEY_INTEGER, VAL_INTEGER);
        DATA.put(KEY_LIST, VAL_LIST);
    }
    /**
     * Test getter, setter and get-methods for response data.
     *
     * @throws InvalidResponseException Should not occur
     */
    @Test
    @SuppressWarnings("unchecked")
    public void getDataRoundtrip() throws InvalidResponseException {
        // Create empty Object.
        SecretResponse res = new SecretResponse();
        assertThat("Initial data should be Map", res.getData(), is(instanceOf(Map.class)));
        assertThat("Initial data should be empty", res.getData().entrySet(), empty());
        assertThat("Getter should return NULL on empty data map", res.get(KEY_STRING), is(nullValue()));
        // Fill data map.
        res.setData(DATA);
        assertThat("Data setter/getter not transparent", res.getData(), is(DATA));
        assertThat("Data size modified", res.getData().keySet(), hasSize(DATA.size()));
        assertThat("Data keys not passed correctly", res.getData().keySet(), containsInAnyOrder(KEY_STRING, KEY_INTEGER, KEY_LIST));
        assertThat("Data values not passed correctly", res.get(KEY_STRING), is(VAL_STRING));
        assertThat("Data values not passed correctly", res.get(KEY_INTEGER), is(VAL_INTEGER));
        assertThat("Non-Null returned on unknown key", res.get(KEY_UNKNOWN), is(nullValue()));
        // Try explicit JSON conversion.
        final List list = res.get(KEY_LIST, List.class);
        assertThat("JSON parsing of list failed", list, is(notNullValue()));
        assertThat("JSON parsing of list returned incorrect size", list.size(), is(2));
        assertThat("JSON parsing of list returned incorrect elements", (List<Object>)list, contains("first", "second"));
        assertThat("Non-Null returned on unknown key", res.get(KEY_UNKNOWN, Object.class), is(nullValue()));
        // Requesting invalid class should result in Exception.
        try {
            res.get(KEY_LIST, Double.class);
            fail("JSON parsing to incorrect type succeeded.");
        } catch (Exception e) {
            assertThat(e, is(instanceOf(InvalidResponseException.class)));
        }
    }
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            assertSecretData(new ObjectMapper().readValue(SECRET_JSON, SecretResponse.class));
        } catch (IOException e) {
            fail("SecretResponse deserialization failed: " + e.getMessage());
        }
        // KV v2 secret.
        try {
            SecretResponse res = new ObjectMapper().readValue(SECRET_JSON_V2, SecretResponse.class);
            assertSecretData(res);
            assertThat("SecretResponse does not contain metadata", res.getMetadata(), is(notNullValue()));
            assertThat("Incorrect creation date string", res.getMetadata().getCreatedTimeString(), is(SECRET_META_CREATED));
            assertThat("Creation date parsing failed", res.getMetadata().getCreatedTime(), is(notNullValue()));
            assertThat("Incorrect deletion date string", res.getMetadata().getDeletionTimeString(), is(emptyString()));
            assertThat("Incorrect deletion date", res.getMetadata().getDeletionTime(), is(nullValue()));
            assertThat("Secret destroyed when not expected", res.getMetadata().isDestroyed(), is(false));
            assertThat("Incorrect secret version", res.getMetadata().getVersion(), is(1));
        } catch (IOException e) {
            fail("SecretResponse deserialization failed: " + e.getMessage());
        }
        // Deleted KV v2 secret.
        try {
            SecretResponse res = new ObjectMapper().readValue(SECRET_JSON_V2_2, SecretResponse.class);
            assertSecretData(res);
            assertThat("SecretResponse does not contain metadata", res.getMetadata(), is(notNullValue()));
            assertThat("Incorrect creation date string", res.getMetadata().getCreatedTimeString(), is(SECRET_META_CREATED));
            assertThat("Creation date parsing failed", res.getMetadata().getCreatedTime(), is(notNullValue()));
            assertThat("Incorrect deletion date string", res.getMetadata().getDeletionTimeString(), is(SECRET_META_DELETED));
            assertThat("Incorrect deletion date", res.getMetadata().getDeletionTime(), is(notNullValue()));
            assertThat("Secret destroyed when not expected", res.getMetadata().isDestroyed(), is(true));
            assertThat("Incorrect secret version", res.getMetadata().getVersion(), is(2));
        } catch (IOException e) {
            fail("SecretResponse deserialization failed: " + e.getMessage());
        }
    }
    private void assertSecretData(SecretResponse res) {
        assertThat("Parsed response is NULL", res, is(notNullValue()));
        assertThat("Incorrect lease ID", res.getLeaseId(), is(SECRET_LEASE_ID));
        assertThat("Incorrect lease duration", res.getLeaseDuration(), is(SECRET_LEASE_DURATION));
        assertThat("Incorrect renewable status", res.isRenewable(), is(SECRET_RENEWABLE));
        assertThat("Incorrect warnings", res.getWarnings(), is(SECRET_WARNINGS));
        assertThat("Response does not contain correct data", res.get(SECRET_DATA_K1), is(SECRET_DATA_V1));
        assertThat("Response does not contain correct data", res.get(SECRET_DATA_K2), is(SECRET_DATA_V2));
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
@ -0,0 +1,66 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link SecretVersionResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.8
 */
 public class SecretVersionResponseTest {
    private static final String CREATION_TIME = "2018-03-22T02:24:06.945319214Z";
    private static final String DELETION_TIME = "2018-03-22T02:36:43.986212308Z";
    private static final Integer VERSION = 42;
    private static final String META_JSON = "{\n" +
            "  \"data\": {\n" +
            "    \"created_time\": \"" + CREATION_TIME + "\",\n" +
            "    \"deletion_time\": \"" + DELETION_TIME + "\",\n" +
            "    \"destroyed\": false,\n" +
            "    \"version\": " + VERSION + "\n" +
            "  }\n" +
            "}";
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            SecretVersionResponse res = new ObjectMapper().readValue(META_JSON, SecretVersionResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            assertThat("Parsed metadatra is NULL", res.getMetadata(), is(notNullValue()));
            assertThat("Incorrect created time", res.getMetadata().getCreatedTimeString(), is(CREATION_TIME));
            assertThat("Incorrect deletion time", res.getMetadata().getDeletionTimeString(), is(DELETION_TIME));
            assertThat("Incorrect destroyed state", res.getMetadata().isDestroyed(), is(false));
            assertThat("Incorrect version", res.getMetadata().getVersion(), is(VERSION));
        } catch (IOException e) {
            fail("SecretVersionResponse deserialization failed: " + e.getMessage());
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
@ -0,0 +1,123 @@
 /*
 * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.TokenData;
 import org.junit.jupiter.api.Test;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.jupiter.api.Assertions.fail;
 /**
 * JUnit Test for {@link TokenResponse} model.
 *
 * @author Stefan Kalscheuer
 * @since 0.6.2
 */
 public class TokenResponseTest {
    private static final Integer TOKEN_CREATION_TIME = 1457533232;
    private static final Integer TOKEN_TTL = 2764800;
    private static final String TOKEN_DISPLAY_NAME = "token";
    private static final Integer TOKEN_NUM_USES = 0;
    private static final Boolean TOKEN_ORPHAN = false;
    private static final String TOKEN_PATH = "auth/token/create";
    private static final String TOKEN_POLICY_1 = "default";
    private static final String TOKEN_POLICY_2 = "web";
    private static final Boolean RES_RENEWABLE = false;
    private static final Integer RES_TTL = 2591976;
    private static final Integer RES_LEASE_DURATION = 0;
    private static final String RES_JSON = "{\n" +
            "  \"lease_id\": \"\",\n" +
            "  \"renewable\": " + RES_RENEWABLE + ",\n" +
            "  \"lease_duration\": " + RES_LEASE_DURATION + ",\n" +
            "  \"data\": {\n" +
            "    \"creation_time\": " + TOKEN_CREATION_TIME + ",\n" +
            "    \"creation_ttl\": " + TOKEN_TTL + ",\n" +
            "    \"display_name\": \"" + TOKEN_DISPLAY_NAME + "\",\n" +
            "    \"meta\": null,\n" +
            "    \"num_uses\": " + TOKEN_NUM_USES + ",\n" +
            "    \"orphan\": " + TOKEN_ORPHAN + ",\n" +
            "    \"path\": \"" + TOKEN_PATH + "\",\n" +
            "    \"policies\": [\n" +
            "      \"" + TOKEN_POLICY_1 + "\", \n" +
            "      \"" + TOKEN_POLICY_2 + "\"\n" +
            "    ],\n" +
            "    \"ttl\": " + RES_TTL + "\n" +
            "  },\n" +
            "  \"warnings\": null,\n" +
            "  \"auth\": null\n" +
            "}";
    private static final Map<String, Object> INVALID_TOKEN_DATA = new HashMap<>();
    static {
        INVALID_TOKEN_DATA.put("num_uses", "fourtytwo");
    }
    /**
     * Test getter, setter and get-methods for response data.
     */
    @Test
    public void getDataRoundtrip() {
        // Create empty Object.
        TokenResponse res = new TokenResponse();
        assertThat("Initial data should be empty", res.getData(), is(nullValue()));
        // Parsing invalid data map should fail.
        try {
            res.setData(INVALID_TOKEN_DATA);
            fail("Parsing invalid token data succeeded");
        } catch (Exception e) {
            assertThat(e, is(instanceOf(InvalidResponseException.class)));
        }
    }
    /**
     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
     */
    @Test
    public void jsonRoundtrip() {
        try {
            TokenResponse res = new ObjectMapper().readValue(RES_JSON, TokenResponse.class);
            assertThat("Parsed response is NULL", res, is(notNullValue()));
            assertThat("Incorrect lease duration", res.getLeaseDuration(), is(RES_LEASE_DURATION));
            assertThat("Incorrect renewable status", res.isRenewable(), is(RES_RENEWABLE));
            // Extract token data.
            TokenData data = res.getData();
            assertThat("Token data is NULL", data, is(notNullValue()));
            assertThat("Incorrect token creation time", data.getCreationTime(), is(TOKEN_CREATION_TIME));
            assertThat("Incorrect token creation TTL", data.getCreationTtl(), is(TOKEN_TTL));
            assertThat("Incorrect token display name", data.getName(), is(TOKEN_DISPLAY_NAME));
            assertThat("Incorrect token number of uses", data.getNumUses(), is(TOKEN_NUM_USES));
            assertThat("Incorrect token orphan flag", data.isOrphan(), is(TOKEN_ORPHAN));
            assertThat("Incorrect token path", data.getPath(), is(TOKEN_PATH));
            assertThat("Incorrect response renewable flag", res.isRenewable(), is(RES_RENEWABLE));
            assertThat("Incorrect response TTL", data.getTtl(), is(RES_TTL));
            assertThat("Incorrect response lease duration", res.getLeaseDuration(), is(RES_LEASE_DURATION));
        } catch (IOException e) {
            fail("TokenResponse deserialization failed: " + e.getMessage());
        }
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/Credentials.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
--- a/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
+++ b/src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2019 Stefan Kalscheuer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -92,7 +92,7 @@ public class VaultConfiguration {
    @Override
    public String toString() {
-        return "backend \"file\" {\n" +
+        return "storage \"file\" {\n" +
                "  path = \"" + dataLocation + "\"\n" +
                "}\n" +
                "listener \"tcp\" {\n" +
--- a/src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/_salt
+++ b/src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/_salt
@ -1 +0,0 @@
 {"Key":"auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/salt","Value":"AAAAAQJUsuXXEpmdNY5aIh5HdzZRTFpOUIgyKLGiw65DBwSXW6yGAYe/zhN/Ow+vyRZxG4temgnTjN7RVGjyzXGG5yLY"}
--- a/src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/app-id/_19d90b9adcec2bf5088304034622a169a148ff43
+++ b/src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/app-id/_19d90b9adcec2bf5088304034622a169a148ff43
@ -1 +0,0 @@
 {"Key":"auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/app-id/19d90b9adcec2bf5088304034622a169a148ff43","Value":"AAAAAQJuuRcCRinyawQ05brruZQY7ypgs1mOsFHI16XLwYB4dzwJob71wW+74RjvK4FVL4qPfgyMPKEtV2uO9+4hr2mC6BrcN///Ksxv+ns8FMVlBOMJpQ=="}
--- a/src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/user-id/_55a852babe045b5980fc8ac4a13af27021dbbfd4
+++ b/src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/user-id/_55a852babe045b5980fc8ac4a13af27021dbbfd4
@ -1 +0,0 @@
 {"Key":"auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/user-id/55a852babe045b5980fc8ac4a13af27021dbbfd4","Value":"AAAAAQICaFIxG2xAq0AuJryVn1XghDulkVdQicXvhEL45K2S48aZcvMEsrDUXm9o427Bp6eMiq0Hw070nosnB9SWSQJEFUfPmM6I7Jhsou6CKmocs/AmocxY3Du4Lg=="}
--- a/src/test/resources/data_dir/auth/243a5842-b58f-24d5-d3b0-24304c57b7cc/user/_validuser
+++ b/src/test/resources/data_dir/auth/243a5842-b58f-24d5-d3b0-24304c57b7cc/user/_validuser
@ -0,0 +1 @@
 {"Value":"AAAAAQINZKQEssY4IzHI/0k27nBtxSvnC6LkivYrqky6CblcjyAmQIg/4/cKQIBCXzmrWEv/SqMQbLw+4Lp63Xu1niF+U0NbyqDmFaPqnD2yfPs7meXvZr21+P9E/0APZMHQaSR7DIEY46zedHRjQ/pkhR2Axcjuy5gdfzBzC2XvUcNqdyR0pQwcDwGhAIdO0gxJfZCeBuvv8ceYS+aPs4gDHtIlA3szi+5qAQ8HvPBTDKQn1lHVYnzTdNbMS7v3mtzCyG8AeMkaUw=="}
--- a/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/_salt
+++ b/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/_salt
@ -0,0 +1 @@
 {"Value":"AAAAAQJiN0bHxM8aNJpY7aHGZ/p3qOhJbd7JIXwFMEI4LtKmO6pP5Oa4P5z+2LK+2qzZhhX/iDeM4u+nR+lxt/GsBPKf"}
--- a/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/accessor/_a9566f93ca05120fa8955f887ee0ca1a1422802df2ad979f2ac2951e95703089
+++ b/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/accessor/_a9566f93ca05120fa8955f887ee0ca1a1422802df2ad979f2ac2951e95703089
@ -0,0 +1 @@
 {"Value":"AAAAAQIZ5rvzLtBcBQvWqwwDoRADwUo6W0ECKgmcvXejbLKiYcbO0hP8fceCqB12J41wxcMViQ8vvWoIgyOX2HwcZS09GGCqQbjvyVfz/w+kyox9dJzr845f26tJjHVYlHX2YFsnxytwe5qCKdCsD5QP9kyz8J0="}
--- a/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole1
+++ b/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole1
@ -0,0 +1 @@
 {"Value":"AAAAAQJIKXgvJ2Prr92Fn7qZK/WZxb+Q+vJsXyjMo44en/+zqbbnLfs5m7uH7hEUOfDM/MjzTrhfkOWxf6qcrC4MR3ocrFJwtbJ6j+QrNLg61gVIiLBUVBkvh8ErqCFnSjNIqhaIMQhuZXWANsgGF9K2+HBGJerWGe26C1rdWRZV4J0M23HnxLBf8aYDlOfkHe24I30rHUqXIk9/BKEuekcnhETw9Tx4Fk7KxxxEdGmHPbg+4G14c27wVj8IrpWHBpyLmt55Qdb/y24i5RzFYv1FQ2kQZIO6TQiYkwAUxJ5cIdCiAsEDNt+rBJ9zX1MvkEfkVj/WvzC9pxB7ad+j5vYIJgCUD1o09t0w2ChjBojGoOAWDSvNAeY8kr5PDKwYk+gBY5M2JHDI6ELvOVu8gsW+sqk9St9V3VisShTfU3+qln7TOWw/LQ+fUzGvYrAWG6UyPVpIEYeNmN0iGCIM8rzjQYvVC3KcQMG96MwK3ZlSQzgPpvTGxNxFm2omTn3ue7QHn7Ni6+c/K6xVy0bbJ+jS4yyfl2wFBm1tF1l3BITLqw3TiP3LEw=="}
--- a/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole2
+++ b/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole2
@ -0,0 +1 @@
 {"Value":"AAAAAQIUt2iYYy9zOwkx1mtNMHt69RjdHbUmcN8zydVQTMGjhv1kjEW+d4AaBv1qE22rPTs0xL3pJ1AjIvkBXXVBAuc/FE63t5dE81Fa+MvSY4tBeMtl6i09ykkAYyQUeeV2HlbjRpMUwPyq2QIslYw3d4lc73yT0S82s5I3MfjodKmDpheWMOgg5hGes/wstBHN5HEZkKV8gOPRZ/BsTM7tMXH1piM/JT8sNfsDh6TAGD1OEsS+N2QlKvS4yImNzcKrH0EgdkXB4sRZ9e/SmMaEVaagB1n0M5LukC+pyExgC7eK4EU8o2Xye3iij3YMWBaGollDzJBJFP5aSO4E5u+NnRc5/ZbLRCbqgfQj8IY86WF9hya31aJxbc8Pg28Yfez8hbGRJZZws/ojIUgEz+VtH3OyaW2Wohnycop7i4fK8xlJ2gYOGvlw43czOH6Y6joTce+QBZWI7KR6ugB0dI8pnK2eFy14OZeww1NEew7r1u7PgD10Obg8okIJSD8cGkxUHu/oOLxvKKOAJBLSPfKnJfKEiKrqYED7EPkmgP/t7okvo4c95qeuWy1BLtKfxw5lkv0="}
--- a/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_4b3d052da8b3d9af8d551a4e515289bc4319f2c21012a70de2c9e9fea6e0f7e0
+++ b/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_4b3d052da8b3d9af8d551a4e515289bc4319f2c21012a70de2c9e9fea6e0f7e0
@ -0,0 +1 @@
 {"Value":"AAAAAQKv0Yr+QFSWxYe8o51TBwGz/yAhNYFmkNHPISEK6EbIVGkpEJMHFYvHWxTXUzF7f2/a"}
--- a/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_c779a2e6599b8e4b6b6a3c68a7690a8e7d31fa0201ad73973dcd24f83e2950de
+++ b/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_c779a2e6599b8e4b6b6a3c68a7690a8e7d31fa0201ad73973dcd24f83e2950de
@ -0,0 +1 @@
 {"Value":"AAAAAQKs2/ICwQPLv6siBGDbBnB52fBVo52BkSKGvm74p4oHrdMEvejJ4cJljOADYyDT2QYa"}
--- a/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/secret_id/c79a3b6ce2e8e8b725c8c0fcdd23521375fadf2190fb5823d459a2fd2cb5a670/_f5954e87c0b1a0eb9c8fa4fc2ed7ab6f4338a8d77341e06460de0870316e7320
+++ b/src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/secret_id/c79a3b6ce2e8e8b725c8c0fcdd23521375fadf2190fb5823d459a2fd2cb5a670/_f5954e87c0b1a0eb9c8fa4fc2ed7ab6f4338a8d77341e06460de0870316e7320
@ -0,0 +1 @@
 {"Value":"AAAAAQIq05o3NmsucipTxPrcRbT1sXpAJ8w2PpiShnof74Kuzf/4kkHj3AZL5AObGFLAkYUvUrv3RRmYBIhw6Jk4FCbgdQyJAjPNVUTwBun/kQVyzP5sQ9hUFgHJwINomtVDiDgPkOc92zk8ydr1hfnMmTAtS71G3xloHDn6CF/1Y9WI1PkHdSkZ8d+yBNxr+qjGyewrV3QVmQvAfpY56uQ6AOztItD9NgiPrtNP+clbCczsieY6Y9Ce2FZawmuKFi9svMcBtnEcMILV/SGt4iCiMgFwkCJ9gQsGEdWPifu6ITPB92LgT4Ccw4gVRO31QVcPl6S+FG6iCeN6lk2yRXYjyhBuU+GklouEZIsA6SoxlIXPZuvauyS1MWwMxtSOQUFVYr3kvtXzCpcpEHDyBOEUdxPaYUZXHNdhGtMr/JuJCN50t0ng5mEAqfhjoJfJ/tBTqAjySj4zmEHuY0RnqYLPmsp203Q="}
--- a/src/test/resources/data_dir/auth/6802ec63-11b0-0ccc-280a-982ad0a90621/user/_validuser
+++ b/src/test/resources/data_dir/auth/6802ec63-11b0-0ccc-280a-982ad0a90621/user/_validuser
@ -1 +0,0 @@
 {"Key":"auth/6802ec63-11b0-0ccc-280a-982ad0a90621/user/validuser","Value":"AAAAAQJwFKMpgopAFjJaftTVY/iiawMw4Yj0S3pPDkzMPAfLxxaM3sCjOJt0q/07ozjTharT52wBv+s2ZEurPpr7VKDDzgy4xTMxFJbJs+0VkG3cjxRYEfW3bOIVAHhjLjmxZwYEATh0UUG7bQRNt56+/622bwR99ifWZ6e9zyRDGEwIn74JFN/3dY44qLQZmqfvDUrRQP5RfqDxqVdzbwse61s692Vy/QvlPsRFVRTkZHlNPqxT+OXd"}
--- a/src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/_salt
+++ b/src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/_salt
@ -0,0 +1 @@
 {"Value":"AAAAAQK5U1GclNj+Tga7D4bQ5wExYfVu2y+djHlAlhiJ/JHOS1gS0G/kDrjR8gCdg/Aw2UunrObAq/mrKw0HEe1wo2qA"}
--- a/src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/struct/map/app-id/_sfbe1922bae1f565115b4b933d76152e1a098ab507118283971184d58528e3411
+++ b/src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/struct/map/app-id/_sfbe1922bae1f565115b4b933d76152e1a098ab507118283971184d58528e3411
@ -0,0 +1 @@
 {"Value":"AAAAAQLbvc+neI458Mqhl2WUUjY5HMC1Ast0KjZ5pslwW+5TtjVHcqdzls4whrrYHGUWv+nTg6wxJaS46j5+FER+4gsgWVJE1S33ZqvGtmmueCVpac5ZM0biBDXOvE/YFQ=="}
--- a/src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/struct/map/user-id/_s595229a9e81315fd0a5fb274f504622359e6024477ade54db93e36ca3b7801cf
+++ b/src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/struct/map/user-id/_s595229a9e81315fd0a5fb274f504622359e6024477ade54db93e36ca3b7801cf
@ -0,0 +1 @@
 {"Value":"AAAAAQIK4FkvUHPiWUfHY7l9lGW1qf+sU2mAIWbjlfSvEIecbg94Mu4KAPxY3E2YLwOs7VyPZtWNZrZAZDMJJJzxM/pLux2o/IctJ5oXGtfPPjTjwNRRJ4U62wpRqBnBGX4="}
--- a/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/_salt
+++ b/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/_salt
@ -1 +0,0 @@
 {"Key":"auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/salt","Value":"AAAAAQKDLmmb/XlhfVJ45oKGyYwneS9s3tcQUenB8bTcxuDmAMUWnwG8oNNJFs0mSCF9Yv1KOq3Twxj4qPp05viFnP0z"}
--- a/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/_da42ddc9a483efd8ddeae4ab38428f73d42ad7f6320705f333555fed8593cbe2
+++ b/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/_da42ddc9a483efd8ddeae4ab38428f73d42ad7f6320705f333555fed8593cbe2
@ -1 +0,0 @@
 {"Key":"auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/da42ddc9a483efd8ddeae4ab38428f73d42ad7f6320705f333555fed8593cbe2","Value":"AAAAAQLCu78fbRRgGWG++5XDCfaO/8NTg7LMAJL7aCsrn6c1WHJ5yrAAmWmSs1euhNd7yKUd0lQ0aknCKdPAZFBlAsqgOdnN8JLFe/H9lISaWdU6lRIfgTH9whEXWT0VK25FcS4r5yVe3Qoxg0DfT8FhjuzOa70="}
--- a/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/_e83aed0dd0b867f09aa1dbc88b965eafba6030458d6555712e82c479cee3d2d7
+++ b/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/_e83aed0dd0b867f09aa1dbc88b965eafba6030458d6555712e82c479cee3d2d7
@ -1 +0,0 @@
 {"Key":"auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/e83aed0dd0b867f09aa1dbc88b965eafba6030458d6555712e82c479cee3d2d7","Value":"AAAAAQL7t56z9Fr92ztubIfZPPkV3X1Aljnn95Y/tDXOxn8vjbjf21Fhyj3UnLwWyzK/9ip/6+x2DJBXikBOvXoCqKLXGegZ4JN9Z9UMiQ88aE9Z978r13E/rNbhIUa/PhT5NGwCbOl6vtK2hL06BHxKb+4+goM="}
--- a/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/_e96c348451147331101ad48e157e8056ca1b039ee63a6aafd2d66446c94bcad8
+++ b/src/test/resources/data_dir/auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/_e96c348451147331101ad48e157e8056ca1b039ee63a6aafd2d66446c94bcad8
@ -1 +0,0 @@
 {"Key":"auth/ac4e0527-a7b2-1b40-1148-dc0dfaf01990/accessor/e96c348451147331101ad48e157e8056ca1b039ee63a6aafd2d66446c94bcad8","Value":"AAAAAQIcvMn5QMtwELRDXZD9nNf7y/8O6z7u0NUZqyJrBb2OYDRvGpSuPS3CIareSxl8y5F4xtadvhyhunCGBUd289H9foMjfGbVVsM1mbM5i6FDTW0sFOPmXX44mQV29PVNMO+fcLuSWb0+qU4erqylpcvdLW8="}
--- a/Show More
+++ b/Show More
		`@ -1 +0,0 @@`
			`{"Key":"auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/salt","Value":"AAAAAQJUsuXXEpmdNY5aIh5HdzZRTFpOUIgyKLGiw65DBwSXW6yGAYe/zhN/Ow+vyRZxG4temgnTjN7RVGjyzXGG5yLY"}`
		`@ -0,0 +1 @@`
							`{"Value":"AAAAAQINZKQEssY4IzHI/0k27nBtxSvnC6LkivYrqky6CblcjyAmQIg/4/cKQIBCXzmrWEv/SqMQbLw+4Lp63Xu1niF+U0NbyqDmFaPqnD2yfPs7meXvZr21+P9E/0APZMHQaSR7DIEY46zedHRjQ/pkhR2Axcjuy5gdfzBzC2XvUcNqdyR0pQwcDwGhAIdO0gxJfZCeBuvv8ceYS+aPs4gDHtIlA3szi+5qAQ8HvPBTDKQn1lHVYnzTdNbMS7v3mtzCyG8AeMkaUw=="}`
		`@ -0,0 +1 @@`
							`{"Value":"AAAAAQJiN0bHxM8aNJpY7aHGZ/p3qOhJbd7JIXwFMEI4LtKmO6pP5Oa4P5z+2LK+2qzZhhX/iDeM4u+nR+lxt/GsBPKf"}`
		`@ -0,0 +1 @@`
							`{"Value":"AAAAAQIZ5rvzLtBcBQvWqwwDoRADwUo6W0ECKgmcvXejbLKiYcbO0hP8fceCqB12J41wxcMViQ8vvWoIgyOX2HwcZS09GGCqQbjvyVfz/w+kyox9dJzr845f26tJjHVYlHX2YFsnxytwe5qCKdCsD5QP9kyz8J0="}`
		`@ -0,0 +1 @@`
							{"Value":"AAAAAQJIKXgvJ2Prr92Fn7qZK/WZxb+Q+vJsXyjMo44en/+zqbbnLfs5m7uH7hEUOfDM/MjzTrhfkOWxf6qcrC4MR3ocrFJwtbJ6j+QrNLg61gVIiLBUVBkvh8ErqCFnSjNIqhaIMQhuZXWANsgGF9K2+HBGJerWGe26C1rdWRZV4J0M23HnxLBf8aYDlOfkHe24I30rHUqXIk9/BKEuekcnhETw9Tx4Fk7KxxxEdGmHPbg+4G14c27wVj8IrpWHBpyLmt55Qdb/y24i5RzFYv1FQ2kQZIO6TQiYkwAUxJ5cIdCiAsEDNt+rBJ9zX1MvkEfkVj/WvzC9pxB7ad+j5vYIJgCUD1o09t0w2ChjBojGoOAWDSvNAeY8kr5PDKwYk+gBY5M2JHDI6ELvOVu8gsW+sqk9St9V3VisShTfU3+qln7TOWw/LQ+fUzGvYrAWG6UyPVpIEYeNmN0iGCIM8rzjQYvVC3KcQMG96MwK3ZlSQzgPpvTGxNxFm2omTn3ue7QHn7Ni6+c/K6xVy0bbJ+jS4yyfl2wFBm1tF1l3BITLqw3TiP3LEw=="}
		`@ -0,0 +1 @@`
							{"Value":"AAAAAQIUt2iYYy9zOwkx1mtNMHt69RjdHbUmcN8zydVQTMGjhv1kjEW+d4AaBv1qE22rPTs0xL3pJ1AjIvkBXXVBAuc/FE63t5dE81Fa+MvSY4tBeMtl6i09ykkAYyQUeeV2HlbjRpMUwPyq2QIslYw3d4lc73yT0S82s5I3MfjodKmDpheWMOgg5hGes/wstBHN5HEZkKV8gOPRZ/BsTM7tMXH1piM/JT8sNfsDh6TAGD1OEsS+N2QlKvS4yImNzcKrH0EgdkXB4sRZ9e/SmMaEVaagB1n0M5LukC+pyExgC7eK4EU8o2Xye3iij3YMWBaGollDzJBJFP5aSO4E5u+NnRc5/ZbLRCbqgfQj8IY86WF9hya31aJxbc8Pg28Yfez8hbGRJZZws/ojIUgEz+VtH3OyaW2Wohnycop7i4fK8xlJ2gYOGvlw43czOH6Y6joTce+QBZWI7KR6ugB0dI8pnK2eFy14OZeww1NEew7r1u7PgD10Obg8okIJSD8cGkxUHu/oOLxvKKOAJBLSPfKnJfKEiKrqYED7EPkmgP/t7okvo4c95qeuWy1BLtKfxw5lkv0="}
		`@ -0,0 +1 @@`
							`{"Value":"AAAAAQKv0Yr+QFSWxYe8o51TBwGz/yAhNYFmkNHPISEK6EbIVGkpEJMHFYvHWxTXUzF7f2/a"}`
		`@ -0,0 +1 @@`
							`{"Value":"AAAAAQKs2/ICwQPLv6siBGDbBnB52fBVo52BkSKGvm74p4oHrdMEvejJ4cJljOADYyDT2QYa"}`
		`@ -0,0 +1 @@`
							`{"Value":"AAAAAQIq05o3NmsucipTxPrcRbT1sXpAJ8w2PpiShnof74Kuzf/4kkHj3AZL5AObGFLAkYUvUrv3RRmYBIhw6Jk4FCbgdQyJAjPNVUTwBun/kQVyzP5sQ9hUFgHJwINomtVDiDgPkOc92zk8ydr1hfnMmTAtS71G3xloHDn6CF/1Y9WI1PkHdSkZ8d+yBNxr+qjGyewrV3QVmQvAfpY56uQ6AOztItD9NgiPrtNP+clbCczsieY6Y9Ce2FZawmuKFi9svMcBtnEcMILV/SGt4iCiMgFwkCJ9gQsGEdWPifu6ITPB92LgT4Ccw4gVRO31QVcPl6S+FG6iCeN6lk2yRXYjyhBuU+GklouEZIsA6SoxlIXPZuvauyS1MWwMxtSOQUFVYr3kvtXzCpcpEHDyBOEUdxPaYUZXHNdhGtMr/JuJCN50t0ng5mEAqfhjoJfJ/tBTqAjySj4zmEHuY0RnqYLPmsp203Q="}`
		`@ -1 +0,0 @@`
			`{"Key":"auth/6802ec63-11b0-0ccc-280a-982ad0a90621/user/validuser","Value":"AAAAAQJwFKMpgopAFjJaftTVY/iiawMw4Yj0S3pPDkzMPAfLxxaM3sCjOJt0q/07ozjTharT52wBv+s2ZEurPpr7VKDDzgy4xTMxFJbJs+0VkG3cjxRYEfW3bOIVAHhjLjmxZwYEATh0UUG7bQRNt56+/622bwR99ifWZ6e9zyRDGEwIn74JFN/3dY44qLQZmqfvDUrRQP5RfqDxqVdzbwse61s692Vy/QvlPsRFVRTkZHlNPqxT+OXd"}`