prepare release of v1.3.1

We do provide a module-info already, so we should remove ths artifact
from the Java 8 days.

.drone.yml

@@ -3,7 +3,7 @@ name: default
 
 steps:
   - name: compile
-    image: maven:3-eclipse-temurin-17
+    image: maven:3-eclipse-temurin-21
     commands:
       - mvn -B clean compile
     when:
@@ -14,7 +14,7 @@ steps:
         - fix/*
         - release/*
   - name: unit-tests
-    image: maven:3-eclipse-temurin-17
+    image: maven:3-eclipse-temurin-21
     commands:
       - mvn -B test
     when:
@@ -25,24 +25,23 @@ steps:
   - name: setup-vault
     image: alpine:latest
     environment:
-      VAULT_VERSION: 1.14.0
+      VAULT_VERSION: 1.17.6
     commands:
       - wget -q -O vault_$${VAULT_VERSION}_linux_amd64.zip https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_linux_amd64.zip
       - wget -q -O - https://releases.hashicorp.com/vault/$${VAULT_VERSION}/vault_$${VAULT_VERSION}_SHA256SUMS | grep linux_amd64 | sha256sum -c
-      - unzip vault_$${VAULT_VERSION}_linux_amd64.zip
-      - rm vault_$${VAULT_VERSION}_linux_amd64.zip
       - mkdir -p .bin
-      - mv vault .bin/
+      - unzip vault_$${VAULT_VERSION}_linux_amd64.zip -d .bin
+      - rm vault_$${VAULT_VERSION}_linux_amd64.zip
     when:
       branch:
         - main
         - release/*
   - name: unit-integration-tests
-    image: maven:3-eclipse-temurin-17
+    image: maven:3-eclipse-temurin-21
     environment:
-      VAULT_VERSION: 1.14.0
+      VAULT_VERSION: 1.17.6
     commands:
-      - export PATH=.bin:$${PATH}
+      - export PATH=$${DRONE_WORKSPACE}/.bin:$${PATH}
       - mvn -B -P integration-test verify
     when:
       branch:

.editorconfig

@@ -0,0 +1,14 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+max_line_length = 120
+tab_width = 4
+trim_trailing_whitespace = true
+
+[{*.yaml,*.yml}]
+indent_size = 2

.github/workflows/ci.yml

@@ -5,19 +5,19 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        jdk: [ 11, 17, 20 ]
-        vault: [ '1.2.0', '1.11.12', '1.14.0' ]
+        jdk: [ 11, 17, 21 ]
+        vault: [ '1.2.0', '1.11.12', '1.17.6' ]
         include:
-          - jdk: 17
+          - jdk: 21
             vault: '1.11.12'
             analysis: true
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: ${{ matrix.jdk }}
           distribution: 'temurin'
@@ -28,9 +28,11 @@ jobs:
         run: |
           wget -q "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
           wget -q -O - "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
-          unzip "vault_${{ matrix.vault }}_linux_amd64.zip"
+          tmp="$(mktemp -d)"
+          unzip "vault_${{ matrix.vault }}_linux_amd64.zip" -d "$tmp"
           rm "vault_${{ matrix.vault }}_linux_amd64.zip"
-          sudo mv vault /usr/bin/vault
+          sudo mv "$tmp/vault" /usr/bin/vault
+          rm -rf "$tmp"
       - name: Test (Unit & Integration)
         if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
         env:

CHANGELOG.md

@@ -1,8 +1,61 @@
+## 1.3.1 (2024-10-03)
+
+### Dependencies
+* Updated Jackson to 2.18.0 (#80)
+
+### Fix
+* Remove `Automatic-Module-Name` from JAR manifest (#79)
+
+
+## 1.3.0 (2024-06-29)
+
+### Improvements
+* Simplify JSON parsing in error handler
+* Add new fields from Vault 1.16 and 1.17 to `HealthResponse`
+  * `echo_duration_ms`
+  * `clock_skew_ms`
+  * `replication_primary_canary_age_ms`
+  * `enterprise`
+* Add missing `num_uses` field to `AuthData`
+* Add `mount_type` attribute to common response model
+* Add `auth` attribute to common response model
+* Add `custom_metadata`, `cas_required` and `delete_version_after` fields for KVv2 metadata
+* Generate and attach CycloneDX SBOM
+
+### Fix
+* Rename `enable_local_secret_id` to `local_secret_ids` in `AppRole` model
+
+### Dependencies
+* Updated Jackson to 2.17.1
+
+### Test
+* Tested against Vault 1.2 to 1.17
+
+
+## 1.2.0 (2023-12-11)
+
+### Deprecations
+* `get...TimeString()` methods on various model classes are now deprecated
+
+### Improvements
+* Parse timestamps as `ZonedDateTime` instead of `String` representation
+* Remove redundant `java.base` requirement from _module-info.java_ (#69)
+* Close Java HTTP Client when running on Java 21 or later (#70)
+* Add MFA requirements tu `AuthResponse` (#71)
+* Extend `AuthMethod` data model (#72)
+
+### Dependencies
+* Updated Jackson to 2.16.0
+
+
 ## 1.1.5 (2023-08-19)
 
 ### Fix
 * Fixed JSON type conversion in `SecretResponse#get(String, Class)` (#67)
 
+### Test
+* Tested against Vault 1.2 to 1.15
+
 
 ## 1.1.4 (2023-06-15)
 
@@ -171,7 +224,7 @@ Old builders will be removed in 1.0
 * Added `entity_id`, `token_policies`, `token_type` and `orphan` flags to auth response
 * Added `entity_id`, `expire_time`, `explicit_max_ttl`, `issue_time`, `renewable` and `type` flags to token data
 * Added `explicit_max_ttl`, `period` and `entity_alias` flags to _Token_ model (#41)
-* Added `enable_local_secret_ids`, `token_bound_cidrs`, `token_explicit_max_ttl`, `token_no_default_policy`, 
+* Added `enable_local_secret_ids`, `token_bound_cidrs`, `token_explicit_max_ttl`, `token_no_default_policy`,
   `token_num_uses`, `token_period` and `token_type` flags to _AppRole_ model
 * Minor dependency updates
 
@@ -191,14 +244,14 @@ Old builders will be removed in 1.0
 ## 0.8.2 (2019-10-20)
 
 ### Fixes
-* Fixed token lookup (#31) 
+* Fixed token lookup (#31)
 
 ### Improvements
 * Updated dependencies
 
 ## 0.8.1 (2019-08-16)
 ### Fixes
-* Removed compile dependency to JUnit library (#30) 
+* Removed compile dependency to JUnit library (#30)
 
 ### Improvements
 * Updated dependencies
@@ -290,7 +343,7 @@ Old builders will be removed in 1.0
 ### Fixes
 * `SecretResponse` does not throw NPE on `get(key)` and `getData()`
 
-### Test 
+### Test
 * Tested against Vault 0.7.2
 
 

README.md

@@ -1,9 +1,9 @@
-# Java Vault Connector 
+# Java Vault Connector
 
-[![CI Status](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml/badge.svg)](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml)
-[![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=de.stklcode.jvault%3Ajvault-connector&metric=alert_status)](https://sonarcloud.io/dashboard?id=de.stklcode.jvault%3Ajvault-connector)
-[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/main/LICENSE.txt) 
-[![Maven Central](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22de.stklcode.jvault%22%20AND%20a%3A%22jvault-connector%22)
+[![CI](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml/badge.svg)](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=de.stklcode.jvault%3Ajvault-connector&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=de.stklcode.jvault%3Ajvault-connector)
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/main/LICENSE.txt)
+[![Maven Central Version](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector)](https://central.sonatype.com/artifact/de.stklcode.jvault/jvault-connector)
 
 ![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/main/assets/logo.png)
 
@@ -32,7 +32,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
     * SQL secret handling
     * KV v1 and v2 support
 * Connector Factory with builder pattern
-* Tested against Vault 1.2 to 1.14
+* Tested against Vault 1.2 to 1.17
 
 
 ## Maven Artifact
@@ -40,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
 <dependency>
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>jvault-connector</artifactId>
-    <version>1.1.5</version>
+    <version>1.3.1</version>
 </dependency>
 ```
 
@@ -61,7 +61,7 @@ VaultConnector vault = HTTPVaultConnector.builder("https://example.com:8200/v1/"
  .withTrustedCA(Paths.get("/path/to/CA.pem"))
  .build();
 
-// Initialization from environment variables 
+// Initialization from environment variables
 VaultConnector vault = HTTPVaultConnector.builder()
  .fromEnv()
  .build();

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>jvault-connector</artifactId>
-    <version>1.1.5</version>
+    <version>1.3.1</version>
 
     <packaging>jar</packaging>
 
@@ -49,19 +49,24 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.15.2</version>
+            <version>2.18.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.18.0</version>
         </dependency>
 
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>5.10.0</version>
+            <version>5.11.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>5.4.0</version>
+            <version>5.14.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -71,27 +76,27 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.github.tomakehurst</groupId>
-            <artifactId>wiremock-jre8</artifactId>
-            <version>2.35.0</version>
+            <groupId>org.wiremock</groupId>
+            <artifactId>wiremock</artifactId>
+            <version>3.9.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.13.0</version>
+            <version>2.17.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>nl.jqno.equalsverifier</groupId>
             <artifactId>equalsverifier</artifactId>
-            <version>3.15.1</version>
+            <version>3.17.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.awaitility</groupId>
             <artifactId>awaitility</artifactId>
-            <version>4.2.0</version>
+            <version>4.2.2</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -102,7 +107,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.11.0</version>
+                    <version>3.13.0</version>
                     <configuration>
                         <source>11</source>
                         <target>11</target>
@@ -111,17 +116,17 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-clean-plugin</artifactId>
-                    <version>3.3.1</version>
+                    <version>3.4.0</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-deploy-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.1.3</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-failsafe-plugin</artifactId>
-                    <version>3.1.2</version>
+                    <version>3.5.0</version>
                     <configuration>
                         <argLine>
                             @{argLine}
@@ -132,19 +137,12 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-install-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.1.3</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-jar-plugin</artifactId>
-                    <version>3.3.0</version>
-                    <configuration>
-                        <archive>
-                            <manifestEntries>
-                                <Automatic-Module-Name>de.stklcode.jvault.connector</Automatic-Module-Name>
-                            </manifestEntries>
-                        </archive>
-                    </configuration>
+                    <version>3.4.2</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
@@ -154,12 +152,12 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-source-plugin</artifactId>
-                    <version>3.3.0</version>
+                    <version>3.3.1</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.1.2</version>
+                    <version>3.5.0</version>
                     <configuration>
                         <argLine>
                             @{argLine}
@@ -170,18 +168,24 @@
                             --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
                             --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
                             --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
+                            --add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.datatype.jsr310
                         </argLine>
                     </configuration>
                 </plugin>
+                <plugin>
+                    <groupId>org.cyclonedx</groupId>
+                    <artifactId>cyclonedx-maven-plugin</artifactId>
+                    <version>2.8.2</version>
+                </plugin>
                 <plugin>
                     <groupId>org.jacoco</groupId>
                     <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.10</version>
+                    <version>0.8.12</version>
                 </plugin>
                 <plugin>
                     <groupId>org.sonarsource.scanner.maven</groupId>
                     <artifactId>sonar-maven-plugin</artifactId>
-                    <version>3.9.1.2184</version>
+                    <version>4.0.0.4121</version>
                 </plugin>
             </plugins>
         </pluginManagement>
@@ -221,7 +225,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.5.0</version>
+                        <version>3.10.0</version>
                         <configuration>
                             <source>11</source>
                         </configuration>
@@ -238,6 +242,26 @@
             </build>
         </profile>
 
+        <profile>
+            <id>sbom</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.cyclonedx</groupId>
+                        <artifactId>cyclonedx-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>makeBom</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
         <profile>
             <id>sign</id>
             <build>
@@ -245,7 +269,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.1.0</version>
+                        <version>3.2.7</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>
@@ -316,7 +340,11 @@
                     <plugin>
                         <groupId>org.owasp</groupId>
                         <artifactId>dependency-check-maven</artifactId>
-                        <version>8.3.1</version>
+                        <version>10.0.4</version>
+                        <configuration>
+                            <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
+                            <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
+                        </configuration>
                         <executions>
                             <execution>
                                 <goals>

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -496,7 +496,7 @@ public class HTTPVaultConnector implements VaultConnector {
             throw new InvalidRequestException("Secret path must not be empty.");
         }
 
-        // By default data is directly passed as payload.
+        // By default, data is directly passed as payload.
         Object payload = data;
 
         // If options are given, split payload in two parts.

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -293,7 +293,7 @@ public final class HTTPVaultConnectorBuilder {
     }
 
     /**
-     * Build connector based on the {@code }VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
+     * Build connector based on the {@code VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
      *
      * @return self
      * @throws VaultConnectorException if Vault address from environment variables is malformed

src/main/java/de/stklcode/jvault/connector/VaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,4 +23,5 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class AuthorizationRequiredException extends VaultConnectorException {
+    private static final long serialVersionUID = 2629577936657393880L;
 }

src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class ConnectionException extends VaultConnectorException {
+    private static final long serialVersionUID = 3005430116002990418L;
+
     /**
      * Constructs a new empty exception.
      */

src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class InvalidRequestException extends VaultConnectorException {
+    private static final long serialVersionUID = -6712239648281809159L;
+
     /**
      * Constructs a new empty exception.
      */

src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,8 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public final class InvalidResponseException extends VaultConnectorException {
+    private static final long serialVersionUID = 2003151038614163479L;
+
     private final Integer statusCode;
     private final String response;
 

src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public class PermissionDeniedException extends VaultConnectorException {
+    private static final long serialVersionUID = -7149134015090750776L;
+
     /**
      * Constructs a new empty exception.
      */

src/main/java/de/stklcode/jvault/connector/exception/TlsException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.4.0
  */
 public class TlsException extends VaultConnectorException {
+    private static final long serialVersionUID = -5139276834988258086L;
+
     /**
      * Constructs a new empty exception.
      */

src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,8 @@ package de.stklcode.jvault.connector.exception;
  * @since 0.1
  */
 public abstract class VaultConnectorException extends Exception {
+    private static final long serialVersionUID = -2612477894310906036L;
+
     /**
      * Constructs a new empty exception.
      */

src/main/java/de/stklcode/jvault/connector/exception/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/internal/Error.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java

@@ -1,7 +1,10 @@
 package de.stklcode.jvault.connector.internal;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.*;
 import de.stklcode.jvault.connector.model.response.ErrorResponse;
 
@@ -62,7 +65,10 @@ public final class RequestHelper implements Serializable {
         this.timeout = timeout;
         this.tlsVersion = tlsVersion;
         this.trustedCaCert = trustedCaCert;
-        this.jsonMapper = new ObjectMapper();
+        this.jsonMapper = new ObjectMapper()
+                .registerModule(new JavaTimeModule())
+                .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
     }
 
     /**
@@ -357,6 +363,15 @@ public final class RequestHelper implements Serializable {
             }
         } catch (CompletionException e) {
             throw new ConnectionException(Error.CONNECTION, e.getCause());
+        } finally {
+            if (client instanceof AutoCloseable) {
+                // Close the client, which is supported since JDK21.
+                try {
+                    ((AutoCloseable) client).close();
+                } catch (Exception ignored) {
+                    // Ignore
+                }
+            }
         }
     }
 
@@ -416,18 +431,19 @@ public final class RequestHelper implements Serializable {
      * @throws VaultConnectorException Expected exception with details to throw
      */
     private void handleError(final HttpResponse<InputStream> response) throws VaultConnectorException {
-        if (response.body() != null) {
-            try (var reader = new BufferedReader(new InputStreamReader(response.body(), UTF_8))) {
-                var responseString = reader.lines().collect(Collectors.joining("\n"));
-                ErrorResponse er = jsonMapper.readValue(responseString, ErrorResponse.class);
-                /* Check for "permission denied" response */
-                if (!er.getErrors().isEmpty() && er.getErrors().get(0).equals("permission denied")) {
-                    throw new PermissionDeniedException();
+        try (var body = response.body()) {
+            if (body != null) {
+                try (var reader = new BufferedReader(new InputStreamReader(body, UTF_8))) {
+                    ErrorResponse er = jsonMapper.readValue(reader, ErrorResponse.class);
+                    /* Check for "permission denied" response */
+                    if (!er.getErrors().isEmpty() && er.getErrors().get(0).equals("permission denied")) {
+                        throw new PermissionDeniedException();
+                    }
+                    throw new InvalidResponseException(Error.RESPONSE_CODE, response.statusCode(), er.toString());
                 }
-                throw new InvalidResponseException(Error.RESPONSE_CODE, response.statusCode(), er.toString());
-            } catch (IOException ignored) {
-                // Exception ignored.
             }
+        } catch (IOException ignored) {
+            // Exception ignored.
         }
     }
 }

src/main/java/de/stklcode/jvault/connector/model/AppRole.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRole implements Serializable {
-    private static final long serialVersionUID = -6248529625864573990L;
+    private static final long serialVersionUID = 693228837510483448L;
 
     @JsonProperty("role_name")
     private String name;
@@ -55,9 +55,9 @@ public final class AppRole implements Serializable {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Integer secretIdTtl;
 
-    @JsonProperty("enable_local_secret_ids")
+    @JsonProperty("local_secret_ids")
     @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Boolean enableLocalSecretIds;
+    private Boolean localSecretIds;
 
     @JsonProperty("token_ttl")
     @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -111,7 +111,7 @@ public final class AppRole implements Serializable {
         this.secretIdBoundCidrs = builder.secretIdBoundCidrs;
         this.secretIdNumUses = builder.secretIdNumUses;
         this.secretIdTtl = builder.secretIdTtl;
-        this.enableLocalSecretIds = builder.enableLocalSecretIds;
+        this.localSecretIds = builder.localSecretIds;
         this.tokenTtl = builder.tokenTtl;
         this.tokenMaxTtl = builder.tokenMaxTtl;
         this.tokenPolicies = builder.tokenPolicies;
@@ -262,9 +262,10 @@ public final class AppRole implements Serializable {
     /**
      * @return Enable local secret IDs?
      * @since 0.9
+     * @since 1.3 renamed to {@code getLocalSecretIds()}
      */
-    public Boolean getEnableLocalSecretIds() {
-        return enableLocalSecretIds;
+    public Boolean getLocalSecretIds() {
+        return localSecretIds;
     }
 
     /**
@@ -335,7 +336,7 @@ public final class AppRole implements Serializable {
                 Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
                 Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
                 Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
-                Objects.equals(enableLocalSecretIds, appRole.enableLocalSecretIds) &&
+                Objects.equals(localSecretIds, appRole.localSecretIds) &&
                 Objects.equals(tokenTtl, appRole.tokenTtl) &&
                 Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
                 Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
@@ -350,7 +351,7 @@ public final class AppRole implements Serializable {
     @Override
     public int hashCode() {
         return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
-                enableLocalSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
+                localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
                 tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
     }
 
@@ -370,7 +371,7 @@ public final class AppRole implements Serializable {
         private List<String> tokenPolicies;
         private Integer secretIdNumUses;
         private Integer secretIdTtl;
-        private Boolean enableLocalSecretIds;
+        private Boolean localSecretIds;
         private Integer tokenTtl;
         private Integer tokenMaxTtl;
         private List<String> tokenBoundCidrs;
@@ -527,12 +528,13 @@ public final class AppRole implements Serializable {
         /**
          * Enable or disable local secret IDs.
          *
-         * @param enableLocalSecretIds Enable local secret IDs?
+         * @param localSecretIds Enable local secret IDs?
          * @return self
          * @since 0.9
+         * @since 1.3 renamed to {@code withLocalSecretIds()}
          */
-        public Builder withEnableLocalSecretIds(final Boolean enableLocalSecretIds) {
-            this.enableLocalSecretIds = enableLocalSecretIds;
+        public Builder withLocalSecretIds(final Boolean localSecretIds) {
+            this.localSecretIds = localSecretIds;
             return this;
         }
 

src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/Token.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/TokenRole.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,11 +17,8 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 
-import java.util.Objects;
-
 /**
  * Vault response for authentication providing auth info in {@link AuthData} field.
  *
@@ -31,30 +28,4 @@ import java.util.Objects;
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthResponse extends VaultDataResponse {
     private static final long serialVersionUID = 1628851361067456715L;
-
-    @JsonProperty("auth")
-    private AuthData auth;
-
-    /**
-     * @return Authentication data
-     */
-    public AuthData getAuth() {
-        return auth;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) {
-            return true;
-        } else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
-            return false;
-        }
-        AuthResponse that = (AuthResponse) o;
-        return Objects.equals(auth, that.auth);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(super.hashCode(), auth);
-    }
 }

src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class HealthResponse implements VaultResponse {
-    private static final long serialVersionUID = 6483840078694294401L;
+    private static final long serialVersionUID = 8675155916902904516L;
 
     @JsonProperty("cluster_id")
     private String clusterID;
@@ -61,6 +61,18 @@ public final class HealthResponse implements VaultResponse {
     @JsonProperty("performance_standby")
     private Boolean performanceStandby;
 
+    @JsonProperty("echo_duration_ms")
+    private Long echoDurationMs;
+
+    @JsonProperty("clock_skew_ms")
+    private Long clockSkewMs;
+
+    @JsonProperty("replication_primary_canary_age_ms")
+    private Long replicationPrimaryCanaryAgeMs;
+
+    @JsonProperty("enterprise")
+    private Boolean enterprise;
+
     /**
      * @return The Cluster ID.
      */
@@ -134,6 +146,38 @@ public final class HealthResponse implements VaultResponse {
         return performanceStandby;
     }
 
+    /**
+     * @return Heartbeat echo duration in milliseconds (since Vault 1.16)
+     * @since 1.3
+     */
+    public Long getEchoDurationMs() {
+        return echoDurationMs;
+    }
+
+    /**
+     * @return Clock skew in milliseconds (since Vault 1.16)
+     * @since 1.3
+     */
+    public Long getClockSkewMs() {
+        return clockSkewMs;
+    }
+
+    /**
+     * @return Replication primary canary age in milliseconds (since Vault 1.17)
+     * @since 1.3
+     */
+    public Long getReplicationPrimaryCanaryAgeMs() {
+        return replicationPrimaryCanaryAgeMs;
+    }
+
+    /**
+     * @return Enterprise instance? (since Vault 1.17)
+     * @since 1.3
+     */
+    public Boolean isEnterprise() {
+        return enterprise;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -151,12 +195,17 @@ public final class HealthResponse implements VaultResponse {
                 Objects.equals(initialized, that.initialized) &&
                 Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
                 Objects.equals(replicationDrMode, that.replicationDrMode) &&
-                Objects.equals(performanceStandby, that.performanceStandby);
+                Objects.equals(performanceStandby, that.performanceStandby) &&
+                Objects.equals(echoDurationMs, that.echoDurationMs) &&
+                Objects.equals(clockSkewMs, that.clockSkewMs) &&
+                Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
+                Objects.equals(enterprise, that.enterprise);
     }
 
     @Override
     public int hashCode() {
         return Objects.hash(clusterID, clusterName, version, serverTimeUTC, standby, sealed, initialized,
-                replicationPerfMode, replicationDrMode, performanceStandby);
+            replicationPerfMode, replicationDrMode, performanceStandby, echoDurationMs, clockSkewMs,
+            replicationPrimaryCanaryAgeMs, enterprise);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.time.ZonedDateTime;
 import java.util.Objects;
 
 /**
@@ -29,7 +30,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class SealResponse implements VaultResponse {
-    private static final long serialVersionUID = -3661916639367542617L;
+    private static final long serialVersionUID = -6000309255473305787L;
 
     @JsonProperty("type")
     private String type;
@@ -52,6 +53,9 @@ public final class SealResponse implements VaultResponse {
     @JsonProperty("version")
     private String version;
 
+    @JsonProperty("build_date")
+    private ZonedDateTime buildDate;
+
     @JsonProperty("nonce")
     private String nonce;
 
@@ -122,6 +126,14 @@ public final class SealResponse implements VaultResponse {
         return version;
     }
 
+    /**
+     * @return Vault build date.
+     * @since 1.2
+     */
+    public ZonedDateTime getBuildDate() {
+        return buildDate;
+    }
+
     /**
      * @return A random nonce.
      * @since 0.8
@@ -185,6 +197,7 @@ public final class SealResponse implements VaultResponse {
                 Objects.equals(numberOfShares, that.numberOfShares) &&
                 Objects.equals(progress, that.progress) &&
                 Objects.equals(version, that.version) &&
+                Objects.equals(buildDate, that.buildDate) &&
                 Objects.equals(nonce, that.nonce) &&
                 Objects.equals(clusterName, that.clusterName) &&
                 Objects.equals(clusterId, that.clusterId) &&
@@ -195,7 +208,7 @@ public final class SealResponse implements VaultResponse {
 
     @Override
     public int hashCode() {
-        return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, nonce,
+        return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
                 clusterName, clusterId, migration, recoverySeal, storageType);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,10 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
 
@@ -82,7 +85,11 @@ public abstract class SecretResponse extends VaultDataResponse {
             } else if (type.isInstance(rawValue)) {
                 return type.cast(rawValue);
             } else {
-                var om = new ObjectMapper();
+                var om = new ObjectMapper()
+                        .registerModule(new JavaTimeModule())
+                        .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                        .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
+
                 if (rawValue instanceof String) {
                     return om.readValue((String) rawValue, type);
                 } else {

src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,14 +30,11 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenResponse extends VaultDataResponse {
-    private static final long serialVersionUID = -4053126653764241197L;
+    private static final long serialVersionUID = -4341114947980033457L;
 
     @JsonProperty("data")
     private TokenData data;
 
-    @JsonProperty("auth")
-    private Boolean auth;
-
     /**
      * @return Token data
      */
@@ -45,12 +42,6 @@ public final class TokenResponse extends VaultDataResponse {
         return data;
     }
 
-    /**
-     * @return Auth data
-     */
-    public Boolean getAuth() {
-        return auth;
-    }
 
     @Override
     public boolean equals(Object o) {
@@ -60,11 +51,11 @@ public final class TokenResponse extends VaultDataResponse {
             return false;
         }
         TokenResponse that = (TokenResponse) o;
-        return Objects.equals(data, that.data) && Objects.equals(auth, that.auth);
+        return Objects.equals(data, that.data);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(super.hashCode(), data, auth);
+        return Objects.hash(super.hashCode(), data);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import de.stklcode.jvault.connector.model.response.embedded.AuthData;
 import de.stklcode.jvault.connector.model.response.embedded.WrapInfo;
 
 import java.util.List;
@@ -29,7 +30,7 @@ import java.util.Objects;
  * @since 0.1
  */
 public abstract class VaultDataResponse implements VaultResponse {
-    private static final long serialVersionUID = 7486270767477652184L;
+    private static final long serialVersionUID = 4787715235558510045L;
 
     @JsonProperty("request_id")
     private String requestId;
@@ -49,6 +50,12 @@ public abstract class VaultDataResponse implements VaultResponse {
     @JsonProperty("wrap_info")
     private WrapInfo wrapInfo;
 
+    @JsonProperty("auth")
+    private AuthData auth;
+
+    @JsonProperty("mount_type")
+    private String mountType;
+
     /**
      * @return Request ID
      * @since 1.1
@@ -93,6 +100,21 @@ public abstract class VaultDataResponse implements VaultResponse {
         return wrapInfo;
     }
 
+    /**
+     * @return Authentication information for this response
+     * @since 1.3
+     */
+    public final AuthData getAuth() {
+        return auth;
+    }
+
+    /**
+     * @return Information about the type of mount this secret is from (since Vault 1.17)
+     * @since 1.3
+     */
+    public final String getMountType() {
+        return mountType;
+    }
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -106,11 +128,13 @@ public abstract class VaultDataResponse implements VaultResponse {
                 Objects.equals(leaseId, that.leaseId) &&
                 Objects.equals(leaseDuration, that.leaseDuration) &&
                 Objects.equals(warnings, that.warnings) &&
-                Objects.equals(wrapInfo, that.wrapInfo);
+                Objects.equals(wrapInfo, that.wrapInfo) &&
+                Objects.equals(auth, that.auth) &&
+                Objects.equals(mountType, that.mountType);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(requestId, leaseId, renewable, leaseDuration, warnings, wrapInfo);
+        return Objects.hash(requestId, leaseId, renewable, leaseDuration, warnings, wrapInfo, auth, mountType);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthData implements Serializable {
-    private static final long serialVersionUID = -6962244199229885869L;
+    private static final long serialVersionUID = 5969334512309655317L;
 
     @JsonProperty("client_token")
     private String clientToken;
@@ -65,6 +65,12 @@ public final class AuthData implements Serializable {
     @JsonProperty("orphan")
     private boolean orphan;
 
+    @JsonProperty("num_uses")
+    private Integer numUses;
+
+    @JsonProperty("mfa_requirement")
+    private MfaRequirement mfaRequirement;
+
     /**
      * @return Client token
      */
@@ -131,6 +137,14 @@ public final class AuthData implements Serializable {
         return accessor;
     }
 
+    /**
+     * @return allowed number of uses for the issued token
+     * @since 1.3
+     */
+    public Integer getNumUses() {
+        return numUses;
+    }
+
     /**
      * @return Token is orphan
      * @since 0.9
@@ -139,6 +153,14 @@ public final class AuthData implements Serializable {
         return orphan;
     }
 
+    /**
+     * @return multi-factor requirement
+     * @since 1.2
+     */
+    public MfaRequirement getMfaRequirement() {
+        return mfaRequirement;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -157,12 +179,14 @@ public final class AuthData implements Serializable {
                 Objects.equals(metadata, authData.metadata) &&
                 Objects.equals(leaseDuration, authData.leaseDuration) &&
                 Objects.equals(entityId, authData.entityId) &&
-                Objects.equals(tokenType, authData.tokenType);
+                Objects.equals(tokenType, authData.tokenType) &&
+                Objects.equals(numUses, authData.numUses) &&
+                Objects.equals(mfaRequirement, authData.mfaRequirement);
     }
 
     @Override
     public int hashCode() {
         return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
-                entityId, tokenType, orphan);
+                entityId, tokenType, orphan, numUses, mfaRequirement);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class AuthMethod implements Serializable {
-    private static final long serialVersionUID = -2718660627880077335L;
+    private static final long serialVersionUID = -439987082190917691L;
 
     private AuthBackend type;
     private String rawType;
@@ -42,11 +42,14 @@ public final class AuthMethod implements Serializable {
     @JsonProperty("accessor")
     private String accessor;
 
+    @JsonProperty("deprecation_status")
+    private String deprecationStatus;
+
     @JsonProperty("description")
     private String description;
 
     @JsonProperty("config")
-    private Map<String, String> config;
+    private MountConfig config;
 
     @JsonProperty("external_entropy_access")
     private boolean externalEntropyAccess;
@@ -54,6 +57,18 @@ public final class AuthMethod implements Serializable {
     @JsonProperty("local")
     private boolean local;
 
+    @JsonProperty("options")
+    private Map<String, String> options;
+
+    @JsonProperty("plugin_version")
+    private String pluginVersion;
+
+    @JsonProperty("running_plugin_version")
+    private String runningPluginVersion;
+
+    @JsonProperty("running_sha256")
+    private String runningSha256;
+
     @JsonProperty("seal_wrap")
     private boolean sealWrap;
 
@@ -91,6 +106,14 @@ public final class AuthMethod implements Serializable {
         return accessor;
     }
 
+    /**
+     * @return Deprecation status
+     * @since 1.2
+     */
+    public String getDeprecationStatus() {
+        return deprecationStatus;
+    }
+
     /**
      * @return Description
      */
@@ -100,8 +123,10 @@ public final class AuthMethod implements Serializable {
 
     /**
      * @return Configuration data
+     * @since 0.2
+     * @since 1.2 Returns {@link MountConfig} instead of {@link Map}
      */
-    public Map<String, String> getConfig() {
+    public MountConfig getConfig() {
         return config;
     }
 
@@ -120,6 +145,38 @@ public final class AuthMethod implements Serializable {
         return local;
     }
 
+    /**
+     * @return Options
+     * @since 1.2
+     */
+    public Map<String, String> getOptions() {
+        return options;
+    }
+
+    /**
+     * @return Plugin version
+     * @since 1.2
+     */
+    public String getPluginVersion() {
+        return pluginVersion;
+    }
+
+    /**
+     * @return Running plugin version
+     * @since 1.2
+     */
+    public String getRunningPluginVersion() {
+        return runningPluginVersion;
+    }
+
+    /**
+     * @return Running SHA256
+     * @since 1.2
+     */
+    public String getRunningSha256() {
+        return runningSha256;
+    }
+
     /**
      * @return Seal wrapping enabled
      * @since 1.1
@@ -150,13 +207,19 @@ public final class AuthMethod implements Serializable {
                 sealWrap == that.sealWrap &&
                 Objects.equals(rawType, that.rawType) &&
                 Objects.equals(accessor, that.accessor) &&
+                Objects.equals(deprecationStatus, that.deprecationStatus) &&
                 Objects.equals(description, that.description) &&
                 Objects.equals(config, that.config) &&
+                Objects.equals(options, that.options) &&
+                Objects.equals(pluginVersion, that.pluginVersion) &&
+                Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
+                Objects.equals(runningSha256, that.runningSha256) &&
                 Objects.equals(uuid, that.uuid);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(type, rawType, accessor, description, config, externalEntropyAccess, local, sealWrap, uuid);
+        return Objects.hash(type, rawType, accessor, deprecationStatus, description, config, externalEntropyAccess,
+            local, options, pluginVersion, runningPluginVersion, runningSha256, sealWrap, uuid);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2016-2024 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Embedded multi-factor-authentication (MFA) constraint "any".
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MfaConstraintAny implements Serializable {
+    private static final long serialVersionUID = 1226126781813149627L;
+
+    @JsonProperty("any")
+    private List<MfaMethodId> any;
+
+    /**
+     * @return List of "any" MFA methods
+     */
+    public List<MfaMethodId> getAny() {
+        return any;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MfaConstraintAny mfaRequirement = (MfaConstraintAny) o;
+        return Objects.equals(any, mfaRequirement.any);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(any);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java

@@ -0,0 +1,94 @@
+/*
+ * Copyright 2016-2024 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.Objects;
+
+/**
+ * Embedded multi-factor-authentication (MFA) requirement.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MfaMethodId implements Serializable {
+    private static final long serialVersionUID = 691298070242998814L;
+
+    @JsonProperty("type")
+    private String type;
+
+    @JsonProperty("id")
+    private String id;
+
+    @JsonProperty("uses_passcode")
+    private Boolean usesPasscode;
+
+    @JsonProperty("name")
+    private String name;
+
+    /**
+     * @return MFA method type
+     */
+    public String getType() {
+        return type;
+    }
+
+    /**
+     * @return MFA method id
+     */
+    public String getId() {
+        return id;
+    }
+
+    /**
+     * @return MFA uses passcode id
+     */
+    public Boolean getUsesPasscode() {
+        return usesPasscode;
+    }
+
+    /**
+     * @return MFA method name
+     */
+    public String getName() {
+        return name;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MfaMethodId mfaMethodId = (MfaMethodId) o;
+        return Objects.equals(type, mfaMethodId.type) &&
+            Objects.equals(id, mfaMethodId.id) &&
+            Objects.equals(usesPasscode, mfaMethodId.usesPasscode) &&
+            Objects.equals(name, mfaMethodId.name);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(type, id, usesPasscode, name);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2016-2024 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Embedded multi-factor-authentication (MFA) requirement.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MfaRequirement implements Serializable {
+    private static final long serialVersionUID = -2516941512455319638L;
+
+    @JsonProperty("mfa_request_id")
+    private String mfaRequestId;
+
+    @JsonProperty("mfa_constraints")
+    private Map<String, MfaConstraintAny> mfaConstraints;
+
+    /**
+     * @return MFA request ID
+     */
+    public String getMfaRequestId() {
+        return mfaRequestId;
+    }
+
+    /**
+     * @return MFA constraints
+     */
+    public Map<String, MfaConstraintAny> getMfaConstraints() {
+        return mfaConstraints;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MfaRequirement mfaRequirement = (MfaRequirement) o;
+        return Objects.equals(mfaRequestId, mfaRequirement.mfaRequestId) &&
+            Objects.equals(mfaConstraints, mfaRequirement.mfaConstraints);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(mfaRequestId, mfaConstraints);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java

@@ -0,0 +1,168 @@
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Embedded mount config output.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class MountConfig implements Serializable {
+    private static final long serialVersionUID = -8653909672663717792L;
+
+    @JsonProperty("default_lease_ttl")
+    private Integer defaultLeaseTtl;
+
+    @JsonProperty("max_lease_ttl")
+    private Integer maxLeaseTtl;
+
+    @JsonProperty("force_no_cache")
+    private Boolean forceNoCache;
+
+    @JsonProperty("token_type")
+    private String tokenType;
+
+    @JsonProperty("audit_non_hmac_request_keys")
+    private List<String> auditNonHmacRequestKeys;
+
+    @JsonProperty("audit_non_hmac_response_keys")
+    private List<String> auditNonHmacResponseKeys;
+
+    @JsonProperty("listing_visibility")
+    private String listingVisibility;
+
+    @JsonProperty("passthrough_request_headers")
+    private List<String> passthroughRequestHeaders;
+
+    @JsonProperty("allowed_response_headers")
+    private List<String> allowedResponseHeaders;
+
+    @JsonProperty("allowed_managed_keys")
+    private List<String> allowedManagedKeys;
+
+    @JsonProperty("delegated_auth_accessors")
+    private List<String> delegatedAuthAccessors;
+
+    @JsonProperty("user_lockout_config")
+    private UserLockoutConfig userLockoutConfig;
+
+    /**
+     * @return Default lease TTL
+     */
+    public Integer getDefaultLeaseTtl() {
+        return defaultLeaseTtl;
+    }
+
+    /**
+     * @return Maximum lease TTL
+     */
+    public Integer getMaxLeaseTtl() {
+        return maxLeaseTtl;
+    }
+
+    /**
+     * @return Force no cache?
+     */
+    public Boolean getForceNoCache() {
+        return forceNoCache;
+    }
+
+    /**
+     * @return Token type
+     */
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    /**
+     * @return Audit non HMAC request keys
+     */
+    public List<String> getAuditNonHmacRequestKeys() {
+        return auditNonHmacRequestKeys;
+    }
+
+    /**
+     * @return Audit non HMAC response keys
+     */
+    public List<String> getAuditNonHmacResponseKeys() {
+        return auditNonHmacResponseKeys;
+    }
+
+    /**
+     * @return Listing visibility
+     */
+    public String getListingVisibility() {
+        return listingVisibility;
+    }
+
+    /**
+     * @return Passthrough request headers
+     */
+    public List<String> getPassthroughRequestHeaders() {
+        return passthroughRequestHeaders;
+    }
+
+    /**
+     * @return Allowed response headers
+     */
+    public List<String> getAllowedResponseHeaders() {
+        return allowedResponseHeaders;
+    }
+
+    /**
+     * @return Allowed managed keys
+     */
+    public List<String> getAllowedManagedKeys() {
+        return allowedManagedKeys;
+    }
+
+    /**
+     * @return Delegated auth accessors
+     */
+    public List<String> getDelegatedAuthAccessors() {
+        return delegatedAuthAccessors;
+    }
+
+    /**
+     * @return User lockout config
+     */
+    public UserLockoutConfig getUserLockoutConfig() {
+        return userLockoutConfig;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        } else if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        MountConfig that = (MountConfig) o;
+        return Objects.equals(defaultLeaseTtl, that.defaultLeaseTtl) &&
+            Objects.equals(maxLeaseTtl, that.maxLeaseTtl) &&
+            Objects.equals(forceNoCache, that.forceNoCache) &&
+            Objects.equals(tokenType, that.tokenType) &&
+            Objects.equals(auditNonHmacRequestKeys, that.auditNonHmacRequestKeys) &&
+            Objects.equals(auditNonHmacResponseKeys, that.auditNonHmacResponseKeys) &&
+            Objects.equals(listingVisibility, that.listingVisibility) &&
+            Objects.equals(passthroughRequestHeaders, that.passthroughRequestHeaders) &&
+            Objects.equals(allowedResponseHeaders, that.allowedResponseHeaders) &&
+            Objects.equals(allowedManagedKeys, that.allowedManagedKeys) &&
+            Objects.equals(delegatedAuthAccessors, that.delegatedAuthAccessors) &&
+            Objects.equals(userLockoutConfig, that.userLockoutConfig);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(defaultLeaseTtl, maxLeaseTtl, forceNoCache, tokenType, auditNonHmacRequestKeys,
+            auditNonHmacResponseKeys, listingVisibility, passthroughRequestHeaders, allowedResponseHeaders,
+            allowedManagedKeys, delegatedAuthAccessors, userLockoutConfig);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
-import java.time.format.DateTimeParseException;
+import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
 
@@ -35,13 +35,13 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class SecretMetadata implements Serializable {
-    private static final long serialVersionUID = 1684891108903409038L;
+    private static final long serialVersionUID = -905059942871916214L;
 
     private static final DateTimeFormatter TIME_FORMAT =
             DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
 
     @JsonProperty("created_time")
-    private String createdTimeString;
+    private ZonedDateTime createdTime;
 
     @JsonProperty("current_version")
     private Integer currentVersion;
@@ -53,31 +53,38 @@ public final class SecretMetadata implements Serializable {
     private Integer oldestVersion;
 
     @JsonProperty("updated_time")
-    private String updatedTime;
+    private ZonedDateTime updatedTime;
 
     @JsonProperty("versions")
     private Map<Integer, VersionMetadata> versions;
 
+    @JsonProperty("cas_required")
+    private Boolean casRequired;
+
+    @JsonProperty("custom_metadata")
+    private HashMap<String, String> customMetadata;
+
+    @JsonProperty("delete_version_after")
+    private String deleteVersionAfter;
+
     /**
      * @return Time of secret creation as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getCreatedTimeString() {
-        return createdTimeString;
+        if (createdTime != null) {
+            return TIME_FORMAT.format(createdTime);
+        }
+
+        return null;
     }
 
     /**
      * @return Time of secret creation.
      */
     public ZonedDateTime getCreatedTime() {
-        if (createdTimeString != null && !createdTimeString.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
-        }
-
-        return null;
+        return createdTime;
     }
 
     /**
@@ -103,26 +110,24 @@ public final class SecretMetadata implements Serializable {
 
     /**
      * @return Time of secret update as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getUpdatedTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getUpdatedTimeString() {
-        return updatedTime;
-    }
-
-    /**
-     * @return Time of secret update..
-     */
-    public ZonedDateTime getUpdatedTime() {
-        if (updatedTime != null && !updatedTime.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(updatedTime, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
+        if (updatedTime != null) {
+            return TIME_FORMAT.format(updatedTime);
         }
 
         return null;
     }
 
+    /**
+     * @return Time of secret update.
+     */
+    public ZonedDateTime getUpdatedTime() {
+        return updatedTime;
+    }
+
     /**
      * @return Version of the entry.
      */
@@ -130,6 +135,30 @@ public final class SecretMetadata implements Serializable {
         return versions;
     }
 
+    /**
+     * @return CAS required?
+     * @since 1.3
+     */
+    public Boolean isCasRequired() {
+        return casRequired;
+    }
+
+    /**
+     * @return Custom metadata.
+     * @since 1.3
+     */
+    public Map<String, String> getCustomMetadata() {
+        return customMetadata;
+    }
+
+    /**
+     * @return time duration to delete version
+     * @since 1.3
+     */
+    public String getDeleteVersionAfter() {
+        return deleteVersionAfter;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -138,16 +167,20 @@ public final class SecretMetadata implements Serializable {
             return false;
         }
         SecretMetadata that = (SecretMetadata) o;
-        return Objects.equals(createdTimeString, that.createdTimeString) &&
+        return Objects.equals(createdTime, that.createdTime) &&
                 Objects.equals(currentVersion, that.currentVersion) &&
                 Objects.equals(maxVersions, that.maxVersions) &&
                 Objects.equals(oldestVersion, that.oldestVersion) &&
                 Objects.equals(updatedTime, that.updatedTime) &&
-                Objects.equals(versions, that.versions);
+                Objects.equals(versions, that.versions) &&
+                Objects.equals(casRequired, that.casRequired) &&
+                Objects.equals(customMetadata, that.customMetadata) &&
+                Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(createdTimeString, currentVersion, maxVersions, oldestVersion, updatedTime, versions);
+        return Objects.hash(createdTime, currentVersion, maxVersions, oldestVersion, updatedTime, versions, casRequired,
+            customMetadata, deleteVersionAfter);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 
 import java.io.Serializable;
 import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -34,7 +35,10 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenData implements Serializable {
-    private static final long serialVersionUID = 2915180734313753649L;
+    private static final long serialVersionUID = -5749716740973138916L;
+
+    private static final DateTimeFormatter TIME_FORMAT =
+            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
 
     @JsonProperty("accessor")
     private String accessor;
@@ -52,7 +56,7 @@ public final class TokenData implements Serializable {
     private String entityId;
 
     @JsonProperty("expire_time")
-    private String expireTime;
+    private ZonedDateTime expireTime;
 
     @JsonProperty("explicit_max_ttl")
     private Integer explicitMaxTtl;
@@ -61,7 +65,7 @@ public final class TokenData implements Serializable {
     private String id;
 
     @JsonProperty("issue_time")
-    private String issueTime;
+    private ZonedDateTime issueTime;
 
     @JsonProperty("meta")
     private Map<String, Object> meta;
@@ -126,9 +130,15 @@ public final class TokenData implements Serializable {
     /**
      * @return Expire time as raw string value
      * @since 0.9
+     * @deprecated Method left for backwards compatibility only. Use {@link #getExpireTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getExpireTimeString() {
-        return expireTime;
+        if (expireTime != null) {
+            return TIME_FORMAT.format(expireTime);
+        }
+
+        return null;
     }
 
     /**
@@ -136,11 +146,7 @@ public final class TokenData implements Serializable {
      * @since 0.9
      */
     public ZonedDateTime getExpireTime() {
-        if (expireTime == null) {
-            return null;
-        } else {
-            return ZonedDateTime.parse(expireTime);
-        }
+        return expireTime;
     }
 
     /**
@@ -161,9 +167,15 @@ public final class TokenData implements Serializable {
     /**
      * @return Issue time as raw string value
      * @since 0.9
+     * @deprecated Method left for backwards compatibility only. Use {@link #getIssueTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getIssueTimeString() {
-        return issueTime;
+        if (issueTime != null) {
+            return TIME_FORMAT.format(issueTime);
+        }
+
+        return null;
     }
 
     /**
@@ -171,11 +183,7 @@ public final class TokenData implements Serializable {
      * @since 0.9
      */
     public ZonedDateTime getIssueTime() {
-        if (issueTime == null) {
-            return null;
-        } else {
-            return ZonedDateTime.parse(issueTime);
-        }
+        return issueTime;
     }
 
     /**

src/main/java/de/stklcode/jvault/connector/model/response/embedded/UserLockoutConfig.java

@@ -0,0 +1,77 @@
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+import java.util.Objects;
+
+/**
+ * Embedded user lockout config output.
+ *
+ * @author Stefan Kalscheuer
+ * @since 1.2
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class UserLockoutConfig implements Serializable {
+    private static final long serialVersionUID = -8051060041593140550L;
+
+    @JsonProperty("lockout_threshold")
+    private Integer lockoutThreshold;
+
+    @JsonProperty("lockout_duration")
+    private Integer lockoutDuration;
+
+    @JsonProperty("lockout_counter_reset_duration")
+    private Integer lockoutCounterResetDuration;
+
+    @JsonProperty("lockout_disable")
+    private Boolean lockoutDisable;
+
+    /**
+     * @return Lockout threshold
+     */
+    public Integer getLockoutThreshold() {
+        return lockoutThreshold;
+    }
+
+    /**
+     * @return Lockout duration
+     */
+    public Integer getLockoutDuration() {
+        return lockoutDuration;
+    }
+
+    /**
+     * @return Lockout counter reset duration
+     */
+    public Integer getLockoutCounterResetDuration() {
+        return lockoutCounterResetDuration;
+    }
+
+    /**
+     * @return Lockout disabled?
+     */
+    public Boolean getLockoutDisable() {
+        return lockoutDisable;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        } else if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        UserLockoutConfig that = (UserLockoutConfig) o;
+        return Objects.equals(lockoutThreshold, that.lockoutThreshold) &&
+            Objects.equals(lockoutDuration, that.lockoutDuration) &&
+            Objects.equals(lockoutCounterResetDuration, that.lockoutCounterResetDuration) &&
+            Objects.equals(lockoutDisable, that.lockoutDisable);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(lockoutThreshold, lockoutDuration, lockoutCounterResetDuration, lockoutDisable);
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,8 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
-import java.time.format.DateTimeParseException;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Objects;
 
 /**
@@ -34,16 +35,16 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class VersionMetadata implements Serializable {
-    private static final long serialVersionUID = -5286693953873839611L;
+    private static final long serialVersionUID = 8495687554714216478L;
 
     private static final DateTimeFormatter TIME_FORMAT =
             DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX");
 
     @JsonProperty("created_time")
-    private String createdTimeString;
+    private ZonedDateTime createdTime;
 
     @JsonProperty("deletion_time")
-    private String deletionTimeString;
+    private ZonedDateTime deletionTime;
 
     @JsonProperty("destroyed")
     private boolean destroyed;
@@ -51,48 +52,47 @@ public final class VersionMetadata implements Serializable {
     @JsonProperty("version")
     private Integer version;
 
+    @JsonProperty("custom_metadata")
+    private HashMap<String, String> customMetadata;
+
     /**
      * @return Time of secret creation as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getCreatedTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getCreatedTimeString() {
-        return createdTimeString;
+        if (createdTime != null) {
+            return TIME_FORMAT.format(createdTime);
+        }
+
+        return null;
     }
 
     /**
      * @return Time of secret creation.
      */
     public ZonedDateTime getCreatedTime() {
-        if (createdTimeString != null && !createdTimeString.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
-        }
-
-        return null;
+        return createdTime;
     }
 
     /**
      * @return Time for secret deletion as raw string representation.
+     * @deprecated Method left for backwards compatibility only. Use {@link #getDeletionTime()} instead.
      */
+    @Deprecated(since = "1.2", forRemoval = true)
     public String getDeletionTimeString() {
-        return deletionTimeString;
+        if (deletionTime != null) {
+            return TIME_FORMAT.format(deletionTime);
+        }
+
+        return null;
     }
 
     /**
      * @return Time for secret deletion.
      */
     public ZonedDateTime getDeletionTime() {
-        if (deletionTimeString != null && !deletionTimeString.isEmpty()) {
-            try {
-                return ZonedDateTime.parse(deletionTimeString, TIME_FORMAT);
-            } catch (DateTimeParseException e) {
-                // Ignore.
-            }
-        }
-
-        return null;
+        return deletionTime;
     }
 
     /**
@@ -109,6 +109,14 @@ public final class VersionMetadata implements Serializable {
         return version;
     }
 
+    /**
+     * @return Custom metadata.
+     * @since 1.3
+     */
+    public Map<String, String> getCustomMetadata() {
+        return customMetadata;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -118,13 +126,14 @@ public final class VersionMetadata implements Serializable {
         }
         VersionMetadata that = (VersionMetadata) o;
         return destroyed == that.destroyed &&
-                Objects.equals(createdTimeString, that.createdTimeString) &&
-                Objects.equals(deletionTimeString, that.deletionTimeString) &&
-                Objects.equals(version, that.version);
+                Objects.equals(createdTime, that.createdTime) &&
+                Objects.equals(deletionTime, that.deletionTime) &&
+                Objects.equals(version, that.version) &&
+                Objects.equals(customMetadata, that.customMetadata);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(createdTimeString, deletionTimeString, destroyed, version);
+        return Objects.hash(createdTime, deletionTime, destroyed, version, customMetadata);
     }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 import java.io.Serializable;
+import java.time.ZonedDateTime;
 import java.util.Objects;
 
 /**
@@ -28,7 +29,7 @@ import java.util.Objects;
  * @since 1.1
  */
 public class WrapInfo implements Serializable {
-    private static final long serialVersionUID = -7764500642913116581L;
+    private static final long serialVersionUID = 4864973237090355607L;
 
     @JsonProperty("token")
     private String token;
@@ -37,7 +38,7 @@ public class WrapInfo implements Serializable {
     private Integer ttl;
 
     @JsonProperty("creation_time")
-    private String creationTime;
+    private ZonedDateTime creationTime;
 
     @JsonProperty("creation_path")
     private String creationPath;
@@ -59,7 +60,7 @@ public class WrapInfo implements Serializable {
     /**
      * @return Creation time
      */
-    public String getCreationTime() {
+    public ZonedDateTime getCreationTime() {
         return creationTime;
     }
 

src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/module-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,7 +30,7 @@ module de.stklcode.jvault.connector {
     opens de.stklcode.jvault.connector.model.response to com.fasterxml.jackson.databind;
     opens de.stklcode.jvault.connector.model.response.embedded to com.fasterxml.jackson.databind;
 
-    requires java.base;
     requires java.net.http;
     requires com.fasterxml.jackson.databind;
+    requires com.fasterxml.jackson.datatype.jsr310;
 }

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -129,15 +129,14 @@ class HTTPVaultConnectorBuilderTest {
         });
 
         // Provide CA certificate.
-        String VAULT_CACERT = tempDir.toString() + "/doesnotexist";
-        withVaultEnv(VAULT_ADDR, VAULT_CACERT, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
+        String vaultCacert = tempDir.toString() + "/doesnotexist";
+        withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
             TlsException e = assertThrows(
                     TlsException.class,
                     () -> HTTPVaultConnector.builder().fromEnv(),
                     "Creation with unknown cert path failed"
             );
-            assertTrue(e.getCause() instanceof NoSuchFileException);
-            assertEquals(VAULT_CACERT, ((NoSuchFileException) e.getCause()).getFile());
+            assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
 
             return null;
         });
@@ -165,11 +164,11 @@ class HTTPVaultConnectorBuilderTest {
         });
     }
 
-    private SystemLambda.WithEnvironmentVariables withVaultEnv(String vault_addr, String vault_cacert, String vault_max_retries, String vault_token) {
-        return withEnvironmentVariable("VAULT_ADDR", vault_addr)
-                .and("VAULT_CACERT", vault_cacert)
-                .and("VAULT_MAX_RETRIES", vault_max_retries)
-                .and("VAULT_TOKEN", vault_token);
+    private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
+        return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
+                .and("VAULT_CACERT", vaultCacert)
+                .and("VAULT_MAX_RETRIES", vaultMaxRetries)
+                .and("VAULT_TOKEN", vaultToken);
     }
 
     private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,11 +31,13 @@ import org.junit.jupiter.api.io.TempDir;
 import java.io.*;
 import java.lang.reflect.Field;
 import java.net.ServerSocket;
+import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Pattern;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.Collections.singletonMap;
 import static org.apache.commons.io.FileUtils.copyDirectory;
 import static org.awaitility.Awaitility.await;
@@ -51,7 +53,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
  * @since 0.1
  */
 class HTTPVaultConnectorIT {
-    private static String VAULT_VERSION = "1.14.0";  // The vault version this test is supposed to run against.
+    private static String VAULT_VERSION = "1.17.6";  // The vault version this test is supposed to run against.
     private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
     private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
     private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@@ -129,13 +131,11 @@ class HTTPVaultConnectorIT {
         @Test
         @Order(10)
         @DisplayName("Read secrets")
-        @SuppressWarnings("deprecation")
         void readSecretTest() {
             authUser();
             assumeTrue(connector.isAuthorized());
 
             // Try to read path user has no permission to read.
-            SecretResponse res = null;
             final String invalidPath = "secret/invalid/path";
 
             VaultConnectorException e = assertThrows(
@@ -151,7 +151,7 @@ class HTTPVaultConnectorIT {
             assertFalse(Pattern.compile("[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}").matcher(stackTrace(e)).find());
 
             // Try to read accessible path with known value.
-            res = assertDoesNotThrow(
+            SecretResponse res = assertDoesNotThrow(
                     () -> connector.read(SECRET_PATH + "/" + SECRET_KEY),
                     "Valid secret path could not be read"
             );
@@ -216,7 +216,6 @@ class HTTPVaultConnectorIT {
         @Test
         @Order(30)
         @DisplayName("Write secrets")
-        @SuppressWarnings("deprecation")
         void writeSecretTest() {
             authUser();
             assumeTrue(connector.isAuthorized());
@@ -610,7 +609,7 @@ class HTTPVaultConnectorIT {
             assumeFalse(connector.isAuthorized());
 
             // Authenticate with created credentials.
-            AuthResponse resp = assertDoesNotThrow(
+            assertDoesNotThrow(
                     () -> connector.authAppId(APP_ID, USER_ID),
                     "Failed to authenticate using App-ID"
             );
@@ -909,7 +908,7 @@ class HTTPVaultConnectorIT {
             assertFalse(res.getAuth().isRenewable(), "Root token should not be renewable");
             assertFalse(res.getAuth().isOrphan(), "Root token should not be orphan");
 
-            // Starting with Vault 1.0 a warning "custom ID uses weaker SHA1.." is given.
+            // Starting with Vault 1.0 a warning "custom ID uses weaker SHA1..." is given.
             // Starting with Vault 1.11 a second warning "Endpoint ignored unrecognized parameters" is given.
             assertFalse(res.getWarnings().isEmpty(), "Token creation did not return expected warning");
 
@@ -1234,15 +1233,17 @@ class HTTPVaultConnectorIT {
 
         // Write configuration file.
         File configFile = new File(dir, "vault.conf");
-        try (BufferedWriter bw = new BufferedWriter(new FileWriter(configFile))) {
-            bw.write(config.toString());
+        try {
+            Files.write(configFile.toPath(), config.toString().getBytes(UTF_8));
         } catch (IOException e) {
             throw new IllegalStateException("Unable to generate config file", e);
         }
 
         // Start vault process.
         try {
-            vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFile);
+            vaultProcess = new ProcessBuilder("vault", "server", "-config", configFile.toString())
+                .directory(dir)
+                .start();
         } catch (IOException e) {
             throw new IllegalStateException("Unable to start vault. Make sure vault binary is in your executable path", e);
         }

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -91,7 +91,7 @@ class HTTPVaultConnectorTest {
                 "Querying health status succeeded on invalid instance"
         );
         assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
-        assertTrue(e.getCause() instanceof IOException, "Unexpected cause");
+        assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
 
         // Now simulate a failing request that succeeds on second try.
         connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build();
@@ -300,7 +300,7 @@ class HTTPVaultConnectorTest {
 
     private Object getPrivate(Object target, String fieldName) throws NoSuchFieldException, IllegalAccessException {
         Field field = target.getClass().getDeclaredField(fieldName);
-        if (field.isAccessible()) {
+        if (field.canAccess(target)) {
             return field.get(target);
         }
         field.setAccessible(true);
@@ -312,7 +312,7 @@ class HTTPVaultConnectorTest {
     private void setPrivate(Object target, String fieldName, Object value) {
         try {
             Field field = target.getClass().getDeclaredField(fieldName);
-            boolean accessible = field.isAccessible();
+            boolean accessible = field.canAccess(target);
             field.setAccessible(true);
             field.set(target, value);
             field.setAccessible(accessible);

src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java

@@ -1,6 +1,9 @@
 package de.stklcode.jvault.connector.model;
 
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
 
@@ -26,7 +29,10 @@ public abstract class AbstractModelTest<T> {
      */
     protected AbstractModelTest(Class<T> modelClass) {
         this.modelClass = modelClass;
-        this.objectMapper = new ObjectMapper();
+        this.objectMapper = new ObjectMapper()
+                .registerModule(new JavaTimeModule())
+                .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+                .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
     }
 
     /**

src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -115,7 +115,7 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
      */
     @Test
     void jsonTest() throws NoSuchFieldException, IllegalAccessException {
-        // A simple roundtrip first. All set fields should be present afterwards..
+        // A simple roundtrip first. All set fields should be present afterward.
         AppRoleSecret secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
         String secretJson = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed");
         // CIDR list is comma-separated when used as input, but List otherwise, hence convert string to list.
@@ -173,14 +173,14 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
 
     private static void setPrivateField(Object object, String fieldName, Object value) throws NoSuchFieldException, IllegalAccessException {
         Field field = object.getClass().getDeclaredField(fieldName);
-        boolean accessible = field.isAccessible();
+        boolean accessible = field.canAccess(object);
         field.setAccessible(true);
         field.set(object, value);
         field.setAccessible(accessible);
     }
 
     private static String commaSeparatedToList(String json) {
-        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":\\[$1\\]")
+        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]")
                 .replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
     }
 }

src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
     private static final String POLICY_2 = "policy2";
     private static final Integer SECRET_ID_NUM_USES = 10;
     private static final Integer SECRET_ID_TTL = 7200;
-    private static final Boolean ENABLE_LOCAL_SECRET_IDS = false;
+    private static final Boolean LOCAL_SECRET_IDS = false;
     private static final Integer TOKEN_TTL = 4800;
     private static final Integer TOKEN_MAX_TTL = 9600;
     private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400;
@@ -52,8 +52,8 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
     private static final Integer TOKEN_PERIOD = 1234;
     private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
     private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
-    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"enable_local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
-            NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, ENABLE_LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
+    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
+            NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
 
     AppRoleTest() {
         super(AppRole.class);
@@ -68,7 +68,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
                 .withTokenPolicies(POLICIES)
                 .withSecretIdNumUses(SECRET_ID_NUM_USES)
                 .withSecretIdTtl(SECRET_ID_TTL)
-                .withEnableLocalSecretIds(ENABLE_LOCAL_SECRET_IDS)
+                .withLocalSecretIds(LOCAL_SECRET_IDS)
                 .withTokenTtl(TOKEN_TTL)
                 .withTokenMaxTtl(TOKEN_MAX_TTL)
                 .withTokenBoundCidrs(BOUND_CIDR_LIST)
@@ -98,7 +98,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
         assertNull(role.getTokenPolicies());
         assertNull(role.getSecretIdNumUses());
         assertNull(role.getSecretIdTtl());
-        assertNull(role.getEnableLocalSecretIds());
+        assertNull(role.getLocalSecretIds());
         assertNull(role.getTokenTtl());
         assertNull(role.getTokenMaxTtl());
         assertNull(role.getTokenBoundCidrs());
@@ -125,7 +125,7 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
         assertEquals(POLICIES, role.getTokenPolicies());
         assertEquals(SECRET_ID_NUM_USES, role.getSecretIdNumUses());
         assertEquals(SECRET_ID_TTL, role.getSecretIdTtl());
-        assertEquals(ENABLE_LOCAL_SECRET_IDS, role.getEnableLocalSecretIds());
+        assertEquals(LOCAL_SECRET_IDS, role.getLocalSecretIds());
         assertEquals(TOKEN_TTL, role.getTokenTtl());
         assertEquals(TOKEN_MAX_TTL, role.getTokenMaxTtl());
         assertEquals(BOUND_CIDR_LIST, role.getTokenBoundCidrs());

src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/TokenTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,7 +46,10 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
     private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
     private static final String TK_DESCR = "token based credentials";
     private static final Integer TK_LEASE_TTL = 0;
+    private static final Boolean TK_FORCE_NO_CACHE = false;
     private static final Integer TK_MAX_LEASE_TTL = 0;
+    private static final String TK_TOKEN_TYPE = "default-service";
+    private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
 
     private static final String RES_JSON = "{\n" +
             "  \"data\": {" +
@@ -62,9 +65,15 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
             "    \"" + TK_PATH + "\": {\n" +
             "      \"config\": {\n" +
             "        \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" +
-            "        \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + "\n" +
+            "        \"force_no_cache\": " + TK_FORCE_NO_CACHE + ",\n" +
+            "        \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + ",\n" +
+            "        \"token_type\": \"" + TK_TOKEN_TYPE + "\"\n" +
             "      },\n" +
             "      \"description\": \"" + TK_DESCR + "\",\n" +
+            "      \"options\": null,\n" +
+            "      \"plugin_version\": \"\",\n" +
+            "      \"running_plugin_version\": \"" + TK_RUNNING_PLUGIN_VERSION + "\",\n" +
+            "      \"running_sha256\": \"\",\n" +
             "      \"type\": \"" + TK_TYPE + "\",\n" +
             "      \"uuid\": \"" + TK_UUID + "\",\n" +
             "      \"accessor\": \"" + TK_ACCESSOR + "\",\n" +
@@ -137,15 +146,16 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
         assertTrue(method.isLocal(), "Unexpected local flag for Token");
         assertFalse(method.isExternalEntropyAccess(), "Unexpected external entropy flag for Token");
         assertFalse(method.isSealWrap(), "Unexpected seal wrap flag for GitHub");
+        assertEquals("", method.getPluginVersion(), "Unexpected plugin version");
+        assertEquals(TK_RUNNING_PLUGIN_VERSION, method.getRunningPluginVersion(), "Unexpected running plugin version");
+        assertEquals("", method.getRunningSha256(), "Unexpected running SHA256");
 
         assertNotNull(method.getConfig(), "Missing config for Token");
-        assertEquals(
-                Map.of(
-                        "default_lease_ttl", TK_LEASE_TTL.toString(),
-                        "max_lease_ttl", TK_MAX_LEASE_TTL.toString()
-                ),
-                method.getConfig(),
-                "Unexpected config for Token"
-        );
+        assertEquals(TK_LEASE_TTL, method.getConfig().getDefaultLeaseTtl(), "Unexpected default TTL");
+        assertEquals(TK_MAX_LEASE_TTL, method.getConfig().getMaxLeaseTtl(), "Unexpected max TTL");
+        assertEquals(TK_FORCE_NO_CACHE, method.getConfig().getForceNoCache(), "Unexpected force no cache flag");
+        assertEquals(TK_TOKEN_TYPE, method.getConfig().getTokenType(), "Unexpected token type");
+
+        assertNull(method.getOptions(), "Unexpected options");
     }
 }

src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,10 @@ package de.stklcode.jvault.connector.model.response;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import de.stklcode.jvault.connector.model.response.embedded.AuthData;
+import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
+import de.stklcode.jvault.connector.model.response.embedded.MfaMethodId;
+import de.stklcode.jvault.connector.model.response.embedded.MfaRequirement;
+import nl.jqno.equalsverifier.EqualsVerifier;
 import org.junit.jupiter.api.Test;
 
 import java.util.Map;
@@ -44,29 +48,52 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
     private static final String AUTH_ENTITY_ID = "";
     private static final String AUTH_TOKEN_TYPE = "service";
     private static final Boolean AUTH_ORPHAN = false;
+    private static final Integer AUTH_NUM_USES = 42;
+    private static final String MFA_REQUEST_ID = "d0c9eec7-6921-8cc0-be62-202b289ef163";
+    private static final String MFA_KEY = "enforcementConfigUserpass";
+    private static final String MFA_METHOD_TYPE = "totp";
+    private static final String MFA_METHOD_ID = "820997b3-110e-c251-7e8b-ff4aa428a6e1";
+    private static final Boolean MFA_METHOD_USES_PASSCODE = true;
+    private static final String MFA_METHOD_NAME = "sample_mfa_method_name";
 
     private static final String RES_JSON = "{\n" +
-            "  \"auth\": {\n" +
-            "    \"accessor\": \"" + AUTH_ACCESSOR + "\",\n" +
-            "    \"client_token\": \"" + AUTH_CLIENT_TOKEN + "\",\n" +
-            "    \"policies\": [\n" +
-            "      \"" + AUTH_POLICY_1 + "\", \n" +
-            "      \"" + AUTH_POLICY_2 + "\"\n" +
-            "    ],\n" +
-            "    \"token_policies\": [\n" +
-            "      \"" + AUTH_POLICY_2 + "\",\n" +
-            "      \"" + AUTH_POLICY_1 + "\" \n" +
-            "    ],\n" +
-            "    \"metadata\": {\n" +
-            "      \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" +
-            "    },\n" +
-            "    \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" +
-            "    \"renewable\": " + AUTH_RENEWABLE + ",\n" +
-            "    \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" +
-            "    \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" +
-            "    \"orphan\": " + AUTH_ORPHAN + "\n" +
-            "  }\n" +
-            "}";
+        "  \"auth\": {\n" +
+        "    \"accessor\": \"" + AUTH_ACCESSOR + "\",\n" +
+        "    \"client_token\": \"" + AUTH_CLIENT_TOKEN + "\",\n" +
+        "    \"policies\": [\n" +
+        "      \"" + AUTH_POLICY_1 + "\", \n" +
+        "      \"" + AUTH_POLICY_2 + "\"\n" +
+        "    ],\n" +
+        "    \"token_policies\": [\n" +
+        "      \"" + AUTH_POLICY_2 + "\",\n" +
+        "      \"" + AUTH_POLICY_1 + "\" \n" +
+        "    ],\n" +
+        "    \"metadata\": {\n" +
+        "      \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" +
+        "    },\n" +
+        "    \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" +
+        "    \"renewable\": " + AUTH_RENEWABLE + ",\n" +
+        "    \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" +
+        "    \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" +
+        "    \"orphan\": " + AUTH_ORPHAN + ",\n" +
+        "    \"num_uses\": " + AUTH_NUM_USES + ",\n" +
+        "    \"mfa_requirement\": {\n" +
+        "      \"mfa_request_id\": \"" + MFA_REQUEST_ID + "\",\n" +
+        "      \"mfa_constraints\": {\n" +
+        "        \"" + MFA_KEY + "\": {\n" +
+        "          \"any\": [\n" +
+        "            {\n" +
+        "              \"type\": \"" + MFA_METHOD_TYPE + "\",\n" +
+        "              \"id\": \"" + MFA_METHOD_ID + "\",\n" +
+        "              \"uses_passcode\": " + MFA_METHOD_USES_PASSCODE + ",\n" +
+        "              \"name\": \"" + MFA_METHOD_NAME + "\"\n" +
+        "            }\n" +
+        "          ]\n" +
+        "        }\n" +
+        "      }\n" +
+        "    }\n" +
+        "  }\n" +
+        "}";
 
     AuthResponseTest() {
         super(AuthResponse.class);
@@ -82,6 +109,13 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
         }
     }
 
+    @Test
+    void testEqualsHashcodeMfa() {
+        EqualsVerifier.simple().forClass(MfaRequirement.class).verify();
+        EqualsVerifier.simple().forClass(MfaConstraintAny.class).verify();
+        EqualsVerifier.simple().forClass(MfaMethodId.class).verify();
+    }
+
     /**
      * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
      */
@@ -102,10 +136,20 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
         assertEquals(AUTH_ORPHAN, data.isOrphan(), "Incorrect auth orphan flag");
         assertEquals(AUTH_TOKEN_TYPE, data.getTokenType(), "Incorrect auth token type");
         assertEquals(AUTH_ENTITY_ID, data.getEntityId(), "Incorrect auth entity id");
+        assertEquals(AUTH_NUM_USES, data.getNumUses(), "Incorrect auth num uses");
         assertEquals(2, data.getPolicies().size(), "Incorrect number of policies");
         assertTrue(data.getPolicies().containsAll(Set.of(AUTH_POLICY_1, AUTH_POLICY_2)));
         assertEquals(2, data.getTokenPolicies().size(), "Incorrect number of token policies");
         assertTrue(data.getTokenPolicies().containsAll(Set.of(AUTH_POLICY_2, AUTH_POLICY_1)), "Incorrect token policies");
         assertEquals(Map.of(AUTH_META_KEY, AUTH_META_VALUE), data.getMetadata(), "Incorrect auth metadata");
+
+        assertEquals(MFA_REQUEST_ID, data.getMfaRequirement().getMfaRequestId(), "Incorrect MFA request ID");
+        assertEquals(Set.of(MFA_KEY), data.getMfaRequirement().getMfaConstraints().keySet(), "Incorrect MFA constraint keys");
+        var mfaConstraint = data.getMfaRequirement().getMfaConstraints().get(MFA_KEY);
+        assertEquals(1, mfaConstraint.getAny().size(), "Incorrect number of any constraints");
+        assertEquals(MFA_METHOD_TYPE, mfaConstraint.getAny().get(0).getType(), "Incorrect MFA method type");
+        assertEquals(MFA_METHOD_ID, mfaConstraint.getAny().get(0).getId(), "Incorrect MFA method type");
+        assertEquals(MFA_METHOD_USES_PASSCODE, mfaConstraint.getAny().get(0).getUsesPasscode(), "Incorrect MFA method uses passcode");
+        assertEquals(MFA_METHOD_NAME, mfaConstraint.getAny().get(0).getName(), "Incorrect MFA method uses passcode");
     }
 }

src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package de.stklcode.jvault.connector.model.response;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import de.stklcode.jvault.connector.exception.InvalidResponseException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
@@ -60,11 +59,9 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
 
     /**
      * Test getter, setter and get-methods for response data.
-     *
-     * @throws InvalidResponseException Should not occur
      */
     @Test
-    void getCredentialsTest() throws InvalidResponseException {
+    void getCredentialsTest() {
         // Create empty Object.
         CredentialsResponse res = new CredentialsResponse();
         assertNull(res.getUsername(), "Username not present in data map should not return anything");

src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@ import static org.junit.jupiter.api.Assertions.*;
 class HealthResponseTest extends AbstractModelTest<HealthResponse> {
     private static final String CLUSTER_ID = "c9abceea-4f46-4dab-a688-5ce55f89e228";
     private static final String CLUSTER_NAME = "vault-cluster-5515c810";
-    private static final String VERSION = "0.9.2";
+    private static final String VERSION = "0.17.0";
     private static final Long SERVER_TIME_UTC = 1469555798L;
     private static final Boolean STANDBY = false;
     private static final Boolean SEALED = false;
@@ -39,6 +39,10 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
     private static final Boolean PERF_STANDBY = false;
     private static final String REPL_PERF_MODE = "disabled";
     private static final String REPL_DR_MODE = "disabled";
+    private static final Long ECHO_DURATION = 1L;
+    private static final Long CLOCK_SKEW = 0L;
+    private static final Long REPL_PRIM_CANARY_AGE = 2L;
+    private static final Boolean ENTERPRISE = false;
 
     private static final String RES_JSON = "{\n" +
             "  \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
@@ -50,7 +54,11 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
             "  \"initialized\": " + INITIALIZED + ",\n" +
             "  \"replication_performance_mode\": \"" + REPL_PERF_MODE + "\",\n" +
             "  \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" +
-            "  \"performance_standby\": " + PERF_STANDBY + "\n" +
+            "  \"performance_standby\": " + PERF_STANDBY + ",\n" +
+            "  \"echo_duration_ms\": " + ECHO_DURATION + ",\n" +
+            "  \"clock_skew_ms\": " + CLOCK_SKEW + ",\n" +
+            "  \"replication_primary_canary_age_ms\": " + REPL_PRIM_CANARY_AGE + ",\n" +
+            "  \"enterprise\": " + ENTERPRISE + "\n" +
             "}";
 
     HealthResponseTest() {
@@ -87,5 +95,9 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
         assertEquals(PERF_STANDBY, res.isPerformanceStandby(), "Incorrect performance standby state");
         assertEquals(REPL_PERF_MODE, res.getReplicationPerfMode(), "Incorrect replication perf mode");
         assertEquals(REPL_DR_MODE, res.getReplicationDrMode(), "Incorrect replication DR mode");
+        assertEquals(ECHO_DURATION, res.getEchoDurationMs(), "Incorrect echo duration");
+        assertEquals(CLOCK_SKEW, res.getClockSkewMs(), "Incorrect clock skew");
+        assertEquals(REPL_PRIM_CANARY_AGE, res.getReplicationPrimaryCanaryAgeMs(), "Incorrect canary age");
+        assertEquals(ENTERPRISE, res.isEnterprise(), "Incorrect enterprise flag");
     }
 }

src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
 import java.util.List;
+import java.util.Map;
 
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -42,6 +43,9 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
     private static final String SECRET_META_CREATED = "2018-03-22T02:24:06.945319214Z";
     private static final String SECRET_META_DELETED = "2018-03-23T03:25:07.056420325Z";
     private static final List<String> SECRET_WARNINGS = null;
+    private static final String CUSTOM_META_KEY = "foo";
+    private static final String CUSTOM_META_VAL = "bar";
+
     private static final String SECRET_JSON_V2 = "{\n" +
             "    \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
             "    \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
@@ -54,6 +58,7 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
             "      },\n" +
             "      \"metadata\": {\n" +
             "          \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
+            "          \"custom_metadata\": null,\n" +
             "          \"deletion_time\": \"\",\n" +
             "          \"destroyed\": false,\n" +
             "          \"version\": 1\n" +
@@ -73,6 +78,9 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
             "      },\n" +
             "      \"metadata\": {\n" +
             "          \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
+            "          \"custom_metadata\": {" +
+            "            \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
+            "          },\n" +
             "          \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" +
             "          \"destroyed\": true,\n" +
             "          \"version\": 2\n" +
@@ -109,10 +117,11 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
         assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
         assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
         assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
-        assertEquals("", res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
+        assertNull(res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
         assertNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
         assertFalse(res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
         assertEquals(1, res.getMetadata().getVersion(), "Incorrect secret version");
+        assertNull(res.getMetadata().getCustomMetadata(), "Incorrect custom metadata");
 
         // Deleted KV v2 secret.
         res = assertDoesNotThrow(
@@ -127,6 +136,7 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
         assertNotNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
         assertTrue(res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
         assertEquals(2, res.getMetadata().getVersion(), "Incorrect secret version");
+        assertEquals(Map.of(CUSTOM_META_KEY, CUSTOM_META_VAL), res.getMetadata().getCustomMetadata(), "Incorrect custom metadata");
     }
 
     private void assertSecretData(SecretResponse res) {

src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,8 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
+import java.util.Map;
+
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
@@ -35,11 +37,20 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
     private static final Integer CURRENT_VERSION = 3;
     private static final Integer MAX_VERSIONS = 0;
     private static final Integer OLDEST_VERSION = 1;
+    private static final Boolean CAS_REQUIRED = false;
+    private static final String CUSTOM_META_KEY = "test";
+    private static final String CUSTOM_META_VAL = "123";
+    private static final String DELETE_VERSION_AFTER = "0s";
 
     private static final String META_JSON = "{\n" +
             "  \"data\": {\n" +
+            "    \"cas_required\": " + CAS_REQUIRED + ",\n" +
             "    \"created_time\": \"" + V1_TIME + "\",\n" +
             "    \"current_version\": " + CURRENT_VERSION + ",\n" +
+            "    \"custom_metadata\": {" +
+            "      \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
+            "    },\n" +
+            "    \"delete_version_after\": \"" + DELETE_VERSION_AFTER + "\"," +
             "    \"max_versions\": " + MAX_VERSIONS + ",\n" +
             "    \"oldest_version\": " + OLDEST_VERSION + ",\n" +
             "    \"updated_time\": \"" + V3_TIME + "\",\n" +
@@ -88,11 +99,14 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
         );
         assertNotNull(res, "Parsed response is NULL");
         assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
+        assertEquals(CAS_REQUIRED, res.getMetadata().isCasRequired(), "Incorrect CAS required flag");
         assertEquals(V1_TIME, res.getMetadata().getCreatedTimeString(), "Incorrect created time");
         assertNotNull(res.getMetadata().getCreatedTime(), "Parting created time failed");
         assertEquals(CURRENT_VERSION, res.getMetadata().getCurrentVersion(), "Incorrect current version");
         assertEquals(MAX_VERSIONS, res.getMetadata().getMaxVersions(), "Incorrect max versions");
         assertEquals(OLDEST_VERSION, res.getMetadata().getOldestVersion(), "Incorrect oldest version");
+        assertEquals(Map.of(CUSTOM_META_KEY, CUSTOM_META_VAL), res.getMetadata().getCustomMetadata(), "Incorrect custom metadata");
+        assertEquals(DELETE_VERSION_AFTER, res.getMetadata().getDeleteVersionAfter(), "Incorrect delete version after");
         assertEquals(V3_TIME, res.getMetadata().getUpdatedTimeString(), "Incorrect updated time");
         assertNotNull(res.getMetadata().getUpdatedTime(), "Parting updated time failed");
         assertEquals(3, res.getMetadata().getVersions().size(), "Incorrect number of versions");

src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,8 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import de.stklcode.jvault.connector.model.AbstractModelTest;
 import org.junit.jupiter.api.Test;
 
+import java.time.ZonedDateTime;
+
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
@@ -34,7 +36,8 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
     private static final Integer SHARES = 5;
     private static final Integer PROGRESS_SEALED = 2;
     private static final Integer PROGRESS_UNSEALED = 0;
-    private static final String VERSION = "1.8.2";
+    private static final String VERSION = "1.15.4";
+    private static final String BUILD_DATE = "2023-11-22T20:59:54Z";
     private static final String CLUSTER_NAME = "vault-cluster-d6ec3c7f";
     private static final String CLUSTER_ID = "3e8b3fec-3749-e056-ba41-b62a63b997e8";
     private static final String NONCE = "ef05d55d-4d2c-c594-a5e8-55bc88604c24";
@@ -51,6 +54,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
             "  \"progress\": " + PROGRESS_SEALED + ",\n" +
             "  \"nonce\": \"\",\n" +
             "  \"version\": \"" + VERSION + "\",\n" +
+            "  \"build_date\": \"" + BUILD_DATE + "\",\n" +
             "  \"migration\": \"" + MIGRATION + "\",\n" +
             "  \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
             "  \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
@@ -64,6 +68,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
             "  \"n\": " + SHARES + ",\n" +
             "  \"progress\": " + PROGRESS_UNSEALED + ",\n" +
             "  \"version\": \"" + VERSION + "\",\n" +
+            "  \"build_date\": \"" + BUILD_DATE + "\",\n" +
             "  \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
             "  \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
             "  \"nonce\": \"" + NONCE + "\",\n" +
@@ -105,6 +110,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
         assertEquals(PROGRESS_SEALED, res.getProgress(), "Incorrect progress");
         assertEquals("", res.getNonce(), "Nonce not empty");
         assertEquals(VERSION, res.getVersion(), "Incorrect version");
+        assertEquals(ZonedDateTime.parse(BUILD_DATE), res.getBuildDate(), "Incorrect build date");
         assertEquals(MIGRATION, res.getMigration(), "Incorrect migration");
         assertEquals(RECOVERY_SEAL, res.getRecoverySeal(), "Incorrect recovery seal");
         assertEquals(STORAGE_TYPE, res.getStorageType(), "Incorrect storage type");
@@ -127,6 +133,7 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
         assertEquals(PROGRESS_UNSEALED, res.getProgress(), "Incorrect progress");
         assertEquals(NONCE, res.getNonce(), "Incorrect nonce");
         assertEquals(VERSION, res.getVersion(), "Incorrect version");
+        assertEquals(ZonedDateTime.parse(BUILD_DATE), res.getBuildDate(), "Incorrect build date");
         assertEquals(CLUSTER_NAME, res.getClusterName(), "Incorrect cluster name");
         assertEquals(CLUSTER_ID, res.getClusterId(), "Incorrect cluster ID");
         assertEquals(MIGRATION, res.getMigration(), "Incorrect migration");

src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -55,6 +55,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
     private static final String TOKEN_ID = "my-token";
     private static final String TOKEN_ISSUE_TIME = "2018-04-17T11:35:54.466476078-04:00";
     private static final String TOKEN_TYPE = "service";
+    private static final String MOUNT_TYPE = "token";
 
     private static final String RES_JSON = "{\n" +
             "  \"lease_id\": \"\",\n" +
@@ -85,7 +86,8 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
             "    \"type\": \"" + TOKEN_TYPE + "\"\n" +
             "  },\n" +
             "  \"warnings\": null,\n" +
-            "  \"auth\": null\n" +
+            "  \"auth\": null,\n" +
+            "  \"mount_type\": \"" + MOUNT_TYPE + "\"\n" +
             "}";
 
     TokenResponseTest() {
@@ -125,6 +127,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
         assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
         assertEquals(RES_RENEWABLE, res.isRenewable(), "Incorrect response renewable flag");
         assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect response lease duration");
+        assertEquals(MOUNT_TYPE, res.getMountType(), "Incorrect mount type");
         // Extract token data.
         TokenData data = res.getData();
         assertNotNull(data, "Token data is NULL");

src/test/java/de/stklcode/jvault/connector/model/response/embedded/MountConfigTest.java

@@ -0,0 +1,103 @@
+package de.stklcode.jvault.connector.model.response.embedded;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import de.stklcode.jvault.connector.model.AbstractModelTest;
+import org.junit.jupiter.api.Test;
+
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * Unit test for {@link MountConfig}.
+ *
+ * @author Stefan Kalscheuer
+ */
+class MountConfigTest extends AbstractModelTest<MountConfig> {
+    private static final Integer DEFAULT_LEASE_TTL = 1800;
+    private static final Integer MAX_LEASE_TTL = 3600;
+    private static final Boolean FORCE_NO_CACHE = false;
+    private static final String TOKEN_TYPE = "default-service";
+    private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
+    private static final String AUDIT_NON_HMAC_REQ_KEYS_2 = "req2";
+    private static final String AUDIT_NON_HMAC_RES_KEYS_1 = "res1";
+    private static final String AUDIT_NON_HMAC_RES_KEYS_2 = "res2";
+    private static final String LISTING_VISIBILITY = "unauth";
+    private static final String PT_REQ_HEADER_1 = "prh1";
+    private static final String PT_REQ_HEADER_2 = "prh2";
+    private static final String ALLOWED_RES_HEADER_1 = "arh1";
+    private static final String ALLOWED_RES_HEADER_2 = "arh2";
+    private static final String ALLOWED_MANAGED_KEY_1 = "amk1";
+    private static final String ALLOWED_MANAGED_KEY_2 = "amk2";
+    private static final String DEL_AUTH_ACCESSOR_1 = "daa1";
+    private static final String DEL_AUTH_ACCESSOR_2 = "daa2";
+    private static final Integer LOCKOUT_THRESH = 7200;
+    private static final Integer LOCKOUT_DURATION = 86400;
+    private static final Integer LOCKOUT_CNT_RESET_DURATION = 43200;
+    private static final Boolean LOCKOUT_DISABLE = false;
+
+    private static final String RES_JSON = "{\n" +
+        "  \"default_lease_ttl\": " + DEFAULT_LEASE_TTL + ",\n" +
+        "  \"force_no_cache\": " + FORCE_NO_CACHE + ",\n" +
+        "  \"max_lease_ttl\": " + MAX_LEASE_TTL + ",\n" +
+        "  \"token_type\": \"" + TOKEN_TYPE + "\",\n" +
+        "  \"audit_non_hmac_request_keys\": [\"" + AUDIT_NON_HMAC_REQ_KEYS_1 + "\", \"" + AUDIT_NON_HMAC_REQ_KEYS_2 + "\"],\n" +
+        "  \"audit_non_hmac_response_keys\": [\"" + AUDIT_NON_HMAC_RES_KEYS_1 + "\", \"" + AUDIT_NON_HMAC_RES_KEYS_2 + "\"],\n" +
+        "  \"listing_visibility\": \"" + LISTING_VISIBILITY + "\",\n" +
+        "  \"passthrough_request_headers\": [\"" + PT_REQ_HEADER_1 + "\", \"" + PT_REQ_HEADER_2 + "\"],\n" +
+        "  \"allowed_response_headers\": [\"" + ALLOWED_RES_HEADER_1 + "\", \"" + ALLOWED_RES_HEADER_2 + "\"],\n" +
+        "  \"allowed_managed_keys\": [\"" + ALLOWED_MANAGED_KEY_1 + "\", \"" + ALLOWED_MANAGED_KEY_2 + "\"],\n" +
+        "  \"delegated_auth_accessors\": [\"" + DEL_AUTH_ACCESSOR_1 + "\", \"" + DEL_AUTH_ACCESSOR_2 + "\"],\n" +
+        "  \"user_lockout_config\": {\n" +
+        "    \"lockout_threshold\": " + LOCKOUT_THRESH + ",\n" +
+        "    \"lockout_duration\": " + LOCKOUT_DURATION + ",\n" +
+        "    \"lockout_counter_reset_duration\": " + LOCKOUT_CNT_RESET_DURATION + ",\n" +
+        "    \"lockout_disable\": " + LOCKOUT_DISABLE + "\n" +
+        "  }\n" +
+        "}";
+
+    MountConfigTest() {
+        super(MountConfig.class);
+    }
+
+    @Override
+    protected MountConfig createFull() {
+        try {
+            return objectMapper.readValue(RES_JSON, MountConfig.class);
+        } catch (JsonProcessingException e) {
+            fail("Creation of full model instance failed", e);
+            return null;
+        }
+    }
+
+    /**
+     * Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
+     */
+    @Test
+    void jsonRoundtrip() {
+        MountConfig mountConfig = assertDoesNotThrow(
+            () -> objectMapper.readValue(RES_JSON, MountConfig.class),
+            "MountConfig deserialization failed"
+        );
+        assertNotNull(mountConfig, "Parsed response is NULL");
+
+        // Verify data.
+        assertEquals(DEFAULT_LEASE_TTL, mountConfig.getDefaultLeaseTtl(), "Unexpected default lease TTL");
+        assertEquals(MAX_LEASE_TTL, mountConfig.getMaxLeaseTtl(), "Unexpected max lease TTL");
+        assertEquals(FORCE_NO_CACHE, mountConfig.getForceNoCache(), "Unexpected force no cache");
+        assertEquals(TOKEN_TYPE, mountConfig.getTokenType(), "Unexpected token type");
+        assertEquals(List.of(AUDIT_NON_HMAC_REQ_KEYS_1, AUDIT_NON_HMAC_REQ_KEYS_2), mountConfig.getAuditNonHmacRequestKeys(), "Unexpected audit no HMAC request keys");
+        assertEquals(List.of(AUDIT_NON_HMAC_RES_KEYS_1, AUDIT_NON_HMAC_RES_KEYS_2), mountConfig.getAuditNonHmacResponseKeys(), "Unexpected audit no HMAC response keys");
+        assertEquals(LISTING_VISIBILITY, mountConfig.getListingVisibility(), "Unexpected listing visibility");
+        assertEquals(List.of(PT_REQ_HEADER_1, PT_REQ_HEADER_2), mountConfig.getPassthroughRequestHeaders(), "Unexpected passthrough request headers");
+        assertEquals(List.of(ALLOWED_RES_HEADER_1, ALLOWED_RES_HEADER_2), mountConfig.getAllowedResponseHeaders(), "Unexpected allowed response headers");
+        assertEquals(List.of(ALLOWED_MANAGED_KEY_1, ALLOWED_MANAGED_KEY_2), mountConfig.getAllowedManagedKeys(), "Unexpected allowed managed keys");
+        assertEquals(List.of(DEL_AUTH_ACCESSOR_1, DEL_AUTH_ACCESSOR_2), mountConfig.getDelegatedAuthAccessors(), "Unexpected delegate auth accessors");
+        assertNotNull(mountConfig.getUserLockoutConfig(), "Missing user lockout config");
+        var ulc = mountConfig.getUserLockoutConfig();
+        assertEquals(LOCKOUT_THRESH, ulc.getLockoutThreshold(), "Unexpected lockout threshold");
+        assertEquals(LOCKOUT_DURATION, ulc.getLockoutDuration(), "Unexpected lockout duration");
+        assertEquals(LOCKOUT_CNT_RESET_DURATION, ulc.getLockoutCounterResetDuration(), "Unexpected lockout counter reset duration");
+        assertEquals(LOCKOUT_DISABLE, ulc.getLockoutDisable(), "Unexpected lockout disable");
+    }
+}

src/test/java/de/stklcode/jvault/connector/test/Credentials.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 Stefan Kalscheuer
+ * Copyright 2016-2024 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -103,4 +103,4 @@ public class VaultConfiguration {
                 "}\n" +
                 ((disableMlock) ? "disable_mlock = true" : "");
     }
-}
+}