Compare commits
28 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
80abbda46f
|
|||
|
a8e85b88d1
|
|||
|
91baed4fe5
|
|||
|
2ea261d36a
|
|||
|
43da0f5109
|
|||
|
cc5ca13aeb
|
|||
|
71842eb758
|
|||
|
e9aeda9a55
|
|||
|
d51af06e29
|
|||
|
7b2b137d53
|
|||
|
ee2543e3ad
|
|||
|
dad35023eb
|
|||
|
0127cf30be
|
|||
|
90f8bb7f20
|
|||
|
ff6d2140cf
|
|||
|
076cd8b607
|
|||
|
2e0d092cae
|
|||
|
d329af2c67
|
|||
|
f50f5c5de7
|
|||
|
c8a6015f3f
|
|||
|
835372eb3b
|
|||
|
11ece9974f
|
|||
|
0d0fbb5461
|
|||
|
6c9a1fc10e
|
|||
|
7e05f4937d
|
|||
|
fd9045d7cd
|
|||
|
e938f81954
|
|||
|
e5dd207c8c
|
4
.github/workflows/ci-it.yml
vendored
4
.github/workflows/ci-it.yml
vendored
@ -15,10 +15,10 @@ jobs:
|
||||
strategy:
|
||||
matrix:
|
||||
jdk: [ 11, 17, 21 ]
|
||||
vault: [ '1.2.0', '1.18.2' ]
|
||||
vault: [ '1.2.0', '1.19.0' ]
|
||||
include:
|
||||
- jdk: 21
|
||||
vault: '1.18.2'
|
||||
vault: '1.19.0'
|
||||
analysis: true
|
||||
steps:
|
||||
- name: Checkout
|
||||
|
||||
22
CHANGELOG.md
22
CHANGELOG.md
@ -1,3 +1,25 @@
|
||||
## 1.5.0 (2025-04-13)
|
||||
|
||||
### Deprecations
|
||||
* `read...Credentials()` methods for specific database mounts (#92)
|
||||
|
||||
### Features
|
||||
* Support Vault transit API (#89)
|
||||
* Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
|
||||
|
||||
### Improvements
|
||||
* Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
|
||||
|
||||
### Fix
|
||||
* Fix initialization from environment without explicit port
|
||||
|
||||
### Dependencies
|
||||
* Updated Jackson to 2.18.3 (#90)
|
||||
|
||||
### Test
|
||||
* Tested against Vault 1.2 to 1.19
|
||||
|
||||
|
||||
## 1.4.0 (2024-12-07)
|
||||
|
||||
### Removal
|
||||
|
||||
@ -28,10 +28,11 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
|
||||
* Delete secrets
|
||||
* Renew/revoke leases
|
||||
* Raw secret content or JSON decoding
|
||||
* SQL secret handling
|
||||
* KV v1 and v2 support
|
||||
* Database secret handling
|
||||
* Transit API support
|
||||
* Connector Factory with builder pattern
|
||||
* Tested against Vault 1.2 to 1.18
|
||||
* Tested against Vault 1.2 to 1.19
|
||||
|
||||
|
||||
## Maven Artifact
|
||||
@ -39,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
|
||||
<dependency>
|
||||
<groupId>de.stklcode.jvault</groupId>
|
||||
<artifactId>jvault-connector</artifactId>
|
||||
<version>1.4.0</version>
|
||||
<version>1.5.0</version>
|
||||
</dependency>
|
||||
```
|
||||
|
||||
|
||||
67
pom.xml
67
pom.xml
@ -4,7 +4,7 @@
|
||||
|
||||
<groupId>de.stklcode.jvault</groupId>
|
||||
<artifactId>jvault-connector</artifactId>
|
||||
<version>1.4.0</version>
|
||||
<version>1.5.1-SNAPSHOT</version>
|
||||
|
||||
<packaging>jar</packaging>
|
||||
|
||||
@ -33,6 +33,7 @@
|
||||
<connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
|
||||
<developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
|
||||
<url>https://github.com/stklcode/jvaultconnector</url>
|
||||
<tag>HEAD</tag>
|
||||
</scm>
|
||||
|
||||
<issueManagement>
|
||||
@ -49,24 +50,24 @@
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.core</groupId>
|
||||
<artifactId>jackson-databind</artifactId>
|
||||
<version>2.18.2</version>
|
||||
<version>2.18.3</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.datatype</groupId>
|
||||
<artifactId>jackson-datatype-jsr310</artifactId>
|
||||
<version>2.18.2</version>
|
||||
<version>2.18.3</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.junit.jupiter</groupId>
|
||||
<artifactId>junit-jupiter</artifactId>
|
||||
<version>5.11.3</version>
|
||||
<version>5.12.1</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>5.14.2</version>
|
||||
<version>5.17.0</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@ -78,25 +79,25 @@
|
||||
<dependency>
|
||||
<groupId>org.wiremock</groupId>
|
||||
<artifactId>wiremock</artifactId>
|
||||
<version>3.10.0</version>
|
||||
<version>3.13.0</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-io</groupId>
|
||||
<artifactId>commons-io</artifactId>
|
||||
<version>2.18.0</version>
|
||||
<version>2.19.0</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>nl.jqno.equalsverifier</groupId>
|
||||
<artifactId>equalsverifier</artifactId>
|
||||
<version>3.17.5</version>
|
||||
<version>3.19.3</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.awaitility</groupId>
|
||||
<artifactId>awaitility</artifactId>
|
||||
<version>4.2.2</version>
|
||||
<version>4.3.0</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
@ -107,7 +108,7 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<version>3.13.0</version>
|
||||
<version>3.14.0</version>
|
||||
<configuration>
|
||||
<release>11</release>
|
||||
</configuration>
|
||||
@ -115,17 +116,17 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-clean-plugin</artifactId>
|
||||
<version>3.4.0</version>
|
||||
<version>3.4.1</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-deploy-plugin</artifactId>
|
||||
<version>3.1.3</version>
|
||||
<version>3.1.4</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-failsafe-plugin</artifactId>
|
||||
<version>3.5.2</version>
|
||||
<version>3.5.3</version>
|
||||
<configuration>
|
||||
<argLine>
|
||||
@{argLine}
|
||||
@ -136,7 +137,7 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-install-plugin</artifactId>
|
||||
<version>3.1.3</version>
|
||||
<version>3.1.4</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
@ -156,7 +157,7 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<version>3.5.2</version>
|
||||
<version>3.5.3</version>
|
||||
<configuration>
|
||||
<argLine>
|
||||
@{argLine}
|
||||
@ -179,15 +180,41 @@
|
||||
<plugin>
|
||||
<groupId>org.jacoco</groupId>
|
||||
<artifactId>jacoco-maven-plugin</artifactId>
|
||||
<version>0.8.12</version>
|
||||
<version>0.8.13</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.sonarsource.scanner.maven</groupId>
|
||||
<artifactId>sonar-maven-plugin</artifactId>
|
||||
<version>5.0.0.4389</version>
|
||||
<version>5.1.0.4751</version>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-enforcer-plugin</artifactId>
|
||||
<version>3.5.0</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>enforce-versions</id>
|
||||
<goals>
|
||||
<goal>enforce</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<rules>
|
||||
<requireMavenVersion>
|
||||
<version>[3.6.3,)</version>
|
||||
</requireMavenVersion>
|
||||
<requireJavaVersion>
|
||||
<version>[11,)</version>
|
||||
</requireJavaVersion>
|
||||
</rules>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
<profiles>
|
||||
@ -224,7 +251,7 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-javadoc-plugin</artifactId>
|
||||
<version>3.11.1</version>
|
||||
<version>3.11.2</version>
|
||||
<configuration>
|
||||
<source>11</source>
|
||||
</configuration>
|
||||
@ -342,7 +369,7 @@
|
||||
<plugin>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-maven</artifactId>
|
||||
<version>11.1.1</version>
|
||||
<version>12.1.1</version>
|
||||
<configuration>
|
||||
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
|
||||
<nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
|
||||
@ -366,7 +393,7 @@
|
||||
<plugin>
|
||||
<groupId>org.sonatype.central</groupId>
|
||||
<artifactId>central-publishing-maven-plugin</artifactId>
|
||||
<version>0.6.0</version>
|
||||
<version>0.7.0</version>
|
||||
<extensions>true</extensions>
|
||||
<configuration>
|
||||
<publishingServerId>central</publishingServerId>
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -68,6 +68,11 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
private static final String PATH_UNDELETE = "/undelete/";
|
||||
private static final String PATH_DESTROY = "/destroy/";
|
||||
|
||||
private static final String PATH_TRANSIT = "transit";
|
||||
private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
|
||||
private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
|
||||
private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
|
||||
|
||||
private final RequestHelper request;
|
||||
|
||||
private boolean authorized = false; // Authorization status.
|
||||
@ -81,14 +86,14 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
*/
|
||||
HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
|
||||
this.request = new RequestHelper(
|
||||
((builder.isWithTLS()) ? "https" : "http") + "://" +
|
||||
builder.getHost() +
|
||||
((builder.getPort() != null) ? ":" + builder.getPort() : "") +
|
||||
builder.getPrefix(),
|
||||
builder.getNumberOfRetries(),
|
||||
builder.getTimeout(),
|
||||
builder.getTlsVersion(),
|
||||
builder.getTrustedCA()
|
||||
((builder.isWithTLS()) ? "https" : "http") + "://" +
|
||||
builder.getHost() +
|
||||
((builder.getPort() != null) ? ":" + builder.getPort() : "") +
|
||||
builder.getPrefix(),
|
||||
builder.getNumberOfRetries(),
|
||||
builder.getTimeout(),
|
||||
builder.getTlsVersion(),
|
||||
builder.getTrustedCA()
|
||||
);
|
||||
}
|
||||
|
||||
@ -145,8 +150,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
@Override
|
||||
public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
|
||||
Map<String, String> param = mapOfStrings(
|
||||
"key", key,
|
||||
"reset", reset
|
||||
"key", key,
|
||||
"reset", reset
|
||||
);
|
||||
|
||||
return request.put(PATH_UNSEAL, param, token, SealResponse.class);
|
||||
@ -156,15 +161,15 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
public HealthResponse getHealth() throws VaultConnectorException {
|
||||
|
||||
return request.get(
|
||||
PATH_HEALTH,
|
||||
// Force status code to be 200, so we don't need to modify the request sequence.
|
||||
Map.of(
|
||||
"standbycode", "200", // Default: 429.
|
||||
"sealedcode", "200", // Default: 503.
|
||||
"uninitcode", "200" // Default: 501.
|
||||
),
|
||||
token,
|
||||
HealthResponse.class
|
||||
PATH_HEALTH,
|
||||
// Force status code to be 200, so we don't need to modify the request sequence.
|
||||
Map.of(
|
||||
"standbycode", "200", // Default: 429.
|
||||
"sealedcode", "200", // Default: 503.
|
||||
"uninitcode", "200" // Default: 501.
|
||||
),
|
||||
token,
|
||||
HealthResponse.class
|
||||
);
|
||||
}
|
||||
|
||||
@ -194,7 +199,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
@Override
|
||||
public final AuthResponse authUserPass(final String username, final String password)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
final Map<String, String> payload = singletonMap("password", password);
|
||||
return queryAuth(PATH_AUTH_USERPASS + username, payload);
|
||||
}
|
||||
@ -202,8 +207,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
@Override
|
||||
public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
|
||||
final Map<String, String> payload = mapOfStrings(
|
||||
"role_id", roleID,
|
||||
"secret_id", secretID
|
||||
"role_id", roleID,
|
||||
"secret_id", secretID
|
||||
);
|
||||
return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
|
||||
}
|
||||
@ -217,7 +222,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
* @throws VaultConnectorException on errors
|
||||
*/
|
||||
private AuthResponse queryAuth(final String path, final Map<String, String> payload)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
/* Issue request and parse response */
|
||||
AuthResponse auth = request.post(path, payload, token, AuthResponse.class);
|
||||
/* verify response */
|
||||
@ -244,10 +249,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
requireAuth();
|
||||
/* Request HTTP response and parse Secret */
|
||||
return request.get(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
|
||||
emptyMap(),
|
||||
token,
|
||||
AppRoleResponse.class
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
|
||||
emptyMap(),
|
||||
token,
|
||||
AppRoleResponse.class
|
||||
);
|
||||
}
|
||||
|
||||
@ -266,10 +271,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
requireAuth();
|
||||
/* Issue request, parse response and extract Role ID */
|
||||
return request.get(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
||||
emptyMap(),
|
||||
token,
|
||||
RawDataResponse.class
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
||||
emptyMap(),
|
||||
token,
|
||||
RawDataResponse.class
|
||||
).getData().get("role_id").toString();
|
||||
}
|
||||
|
||||
@ -279,9 +284,9 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
/* Issue request and expect code 204 with empty response */
|
||||
request.postWithoutResponse(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
||||
singletonMap("role_id", roleID),
|
||||
token
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
||||
singletonMap("role_id", roleID),
|
||||
token
|
||||
);
|
||||
|
||||
return true;
|
||||
@ -289,49 +294,49 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
@Override
|
||||
public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
|
||||
if (secret.getId() != null && !secret.getId().isEmpty()) {
|
||||
return request.post(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
|
||||
secret,
|
||||
token,
|
||||
AppRoleSecretResponse.class
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
|
||||
secret,
|
||||
token,
|
||||
AppRoleSecretResponse.class
|
||||
);
|
||||
} else {
|
||||
return request.post(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
|
||||
secret, token,
|
||||
AppRoleSecretResponse.class
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
|
||||
secret, token,
|
||||
AppRoleSecretResponse.class
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
|
||||
/* Issue request and parse secret response */
|
||||
return request.post(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
|
||||
new AppRoleSecret(secretID),
|
||||
token,
|
||||
AppRoleSecretResponse.class
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
|
||||
new AppRoleSecret(secretID),
|
||||
token,
|
||||
AppRoleSecretResponse.class
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public final boolean destroyAppRoleSecret(final String roleName, final String secretID)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
|
||||
/* Issue request and expect code 204 with empty response */
|
||||
request.postWithoutResponse(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
|
||||
new AppRoleSecret(secretID),
|
||||
token);
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
|
||||
new AppRoleSecret(secretID),
|
||||
token);
|
||||
|
||||
return true;
|
||||
}
|
||||
@ -341,10 +346,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
requireAuth();
|
||||
|
||||
SecretListResponse secrets = request.get(
|
||||
PATH_AUTH_APPROLE + "/role?list=true",
|
||||
emptyMap(),
|
||||
token,
|
||||
SecretListResponse.class
|
||||
PATH_AUTH_APPROLE + "/role?list=true",
|
||||
emptyMap(),
|
||||
token,
|
||||
SecretListResponse.class
|
||||
);
|
||||
|
||||
return secrets.getKeys();
|
||||
@ -355,10 +360,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
requireAuth();
|
||||
|
||||
SecretListResponse secrets = request.get(
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
|
||||
emptyMap(),
|
||||
token,
|
||||
SecretListResponse.class
|
||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
|
||||
emptyMap(),
|
||||
token,
|
||||
SecretListResponse.class
|
||||
);
|
||||
|
||||
return secrets.getKeys();
|
||||
@ -373,7 +378,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
@Override
|
||||
public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
/* Request HTTP response and parse secret metadata */
|
||||
Map<String, String> args = mapOfStrings("version", version);
|
||||
@ -383,7 +388,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
@Override
|
||||
public final MetadataResponse readSecretMetadata(final String mount, final String key)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
|
||||
/* Request HTTP response and parse secret metadata */
|
||||
@ -398,8 +403,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
requireAuth();
|
||||
|
||||
Map<String, Object> payload = mapOf(
|
||||
"max_versions", maxVersions,
|
||||
"cas_required", casRequired
|
||||
"max_versions", maxVersions,
|
||||
"cas_required", casRequired
|
||||
);
|
||||
|
||||
write(mount + PATH_METADATA + key, payload);
|
||||
@ -421,13 +426,13 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
/* Issue request and parse metadata response */
|
||||
return request.post(
|
||||
mount + PATH_DATA + key,
|
||||
Map.of(
|
||||
"data", data,
|
||||
"options", options
|
||||
),
|
||||
token,
|
||||
SecretVersionResponse.class
|
||||
mount + PATH_DATA + key,
|
||||
Map.of(
|
||||
"data", data,
|
||||
"options", options
|
||||
),
|
||||
token,
|
||||
SecretVersionResponse.class
|
||||
);
|
||||
}
|
||||
|
||||
@ -442,7 +447,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
@Override
|
||||
public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
|
||||
if (key == null || key.isEmpty()) {
|
||||
@ -455,8 +460,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
// If options are given, split payload in two parts.
|
||||
if (options != null) {
|
||||
payload = Map.of(
|
||||
"data", data,
|
||||
"options", options
|
||||
"data", data,
|
||||
"options", options
|
||||
);
|
||||
}
|
||||
|
||||
@ -484,19 +489,19 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
@Override
|
||||
public final void deleteSecretVersions(final String mount, final String key, final int... versions)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
handleSecretVersions(mount, PATH_DELETE, key, versions);
|
||||
}
|
||||
|
||||
@Override
|
||||
public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
handleSecretVersions(mount, PATH_UNDELETE, key, versions);
|
||||
}
|
||||
|
||||
@Override
|
||||
public final void destroySecretVersions(final String mount, final String key, final int... versions)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
handleSecretVersions(mount, PATH_DESTROY, key, versions);
|
||||
}
|
||||
|
||||
@ -536,8 +541,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
requireAuth();
|
||||
|
||||
Map<String, String> payload = mapOfStrings(
|
||||
"lease_id", leaseID,
|
||||
"increment", increment
|
||||
"lease_id", leaseID,
|
||||
"increment", increment
|
||||
);
|
||||
|
||||
/* Issue request and parse secret response */
|
||||
@ -594,10 +599,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
|
||||
/* Request HTTP response and parse Secret */
|
||||
return request.get(
|
||||
PATH_AUTH_TOKEN + PATH_LOOKUP,
|
||||
singletonMap("token", token),
|
||||
token,
|
||||
TokenResponse.class
|
||||
PATH_AUTH_TOKEN + PATH_LOOKUP,
|
||||
singletonMap("token", token),
|
||||
token,
|
||||
TokenResponse.class
|
||||
);
|
||||
}
|
||||
|
||||
@ -646,6 +651,47 @@ public class HTTPVaultConnector implements VaultConnector {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public final TransitResponse transitEncrypt(final String keyName, final String plaintext)
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
|
||||
Map<String, Object> payload = mapOf(
|
||||
"plaintext", plaintext
|
||||
);
|
||||
|
||||
return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public final TransitResponse transitDecrypt(final String keyName, final String ciphertext)
|
||||
throws VaultConnectorException {
|
||||
requireAuth();
|
||||
|
||||
Map<String, Object> payload = mapOf(
|
||||
"ciphertext", ciphertext
|
||||
);
|
||||
|
||||
return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public final TransitResponse transitHash(final String algorithm, final String input, final String format)
|
||||
throws VaultConnectorException {
|
||||
if (format != null && !"hex".equals(format) && !"base64".equals(format)) {
|
||||
throw new IllegalArgumentException("Unsupported format " + format);
|
||||
}
|
||||
|
||||
requireAuth();
|
||||
|
||||
Map<String, Object> payload = mapOf(
|
||||
"input", input,
|
||||
"format", format
|
||||
);
|
||||
|
||||
return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check for required authorization.
|
||||
*
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -20,18 +20,17 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
|
||||
import de.stklcode.jvault.connector.exception.TlsException;
|
||||
import de.stklcode.jvault.connector.exception.VaultConnectorException;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.URL;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* Vault Connector Builder implementation for HTTP Vault connectors.
|
||||
@ -96,10 +95,14 @@ public final class HTTPVaultConnectorBuilder {
|
||||
* @since 1.0
|
||||
*/
|
||||
public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
|
||||
return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), ""))))
|
||||
.withHost(baseURL.getHost())
|
||||
.withPort(baseURL.getPort())
|
||||
.withPrefix(baseURL.getPath());
|
||||
String path = baseURL.getPath();
|
||||
if (path == null || path.isBlank()) {
|
||||
path = DEFAULT_PREFIX;
|
||||
}
|
||||
return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
|
||||
.withHost(baseURL.getHost())
|
||||
.withPort(baseURL.getPort())
|
||||
.withPrefix(path);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -301,13 +304,10 @@ public final class HTTPVaultConnectorBuilder {
|
||||
*/
|
||||
public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
|
||||
/* Parse URL from environment variable */
|
||||
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
|
||||
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
|
||||
try {
|
||||
var url = new URL(System.getenv(ENV_VAULT_ADDR));
|
||||
this.host = url.getHost();
|
||||
this.port = url.getPort();
|
||||
this.tls = url.getProtocol().equals("https");
|
||||
} catch (MalformedURLException e) {
|
||||
withBaseURL(System.getenv(ENV_VAULT_ADDR));
|
||||
} catch (URISyntaxException e) {
|
||||
throw new ConnectionException("URL provided in environment variable malformed", e);
|
||||
}
|
||||
}
|
||||
@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
|
||||
/* Read number of retries */
|
||||
if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
|
||||
try {
|
||||
numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
|
||||
withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
|
||||
} catch (NumberFormatException ignored) {
|
||||
/* Ignore malformed values. */
|
||||
}
|
||||
@ -325,8 +325,12 @@ public final class HTTPVaultConnectorBuilder {
|
||||
token = System.getenv(ENV_VAULT_TOKEN);
|
||||
|
||||
/* Parse certificate, if set */
|
||||
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
|
||||
return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
|
||||
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
|
||||
X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
|
||||
if (cert == null) {
|
||||
cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
|
||||
}
|
||||
return withTrustedCA(cert);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
@ -398,6 +402,28 @@ public final class HTTPVaultConnectorBuilder {
|
||||
return con;
|
||||
}
|
||||
|
||||
/**
|
||||
* Read given certificate file to X.509 certificate.
|
||||
*
|
||||
* @param cert Certificate string (optionally PEM)
|
||||
* @return X.509 Certificate object if parseable, else {@code null}
|
||||
* @throws TlsException on error
|
||||
* @since 1.5.0
|
||||
*/
|
||||
private X509Certificate certificateFromString(final String cert) throws TlsException {
|
||||
// Check if PEM header is present in given string
|
||||
if (cert.contains("-BEGIN ") && cert.contains("-END")) {
|
||||
try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
|
||||
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
|
||||
} catch (IOException | CertificateException e) {
|
||||
throw new TlsException("Unable to read certificate.", e);
|
||||
}
|
||||
}
|
||||
|
||||
// Not am PEM string, skip
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Read given certificate file to X.509 certificate.
|
||||
*
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -21,10 +21,7 @@ import de.stklcode.jvault.connector.model.*;
|
||||
import de.stklcode.jvault.connector.model.response.*;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* Vault Connector interface.
|
||||
@ -194,7 +191,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.4.0
|
||||
*/
|
||||
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
|
||||
}
|
||||
|
||||
@ -260,7 +257,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.4.0
|
||||
*/
|
||||
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
|
||||
}
|
||||
|
||||
@ -274,7 +271,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.4.0
|
||||
*/
|
||||
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
|
||||
throws VaultConnectorException;
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Lookup an AppRole secret.
|
||||
@ -286,7 +283,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.4.0
|
||||
*/
|
||||
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
|
||||
throws VaultConnectorException;
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Destroy an AppRole secret.
|
||||
@ -401,7 +398,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
|
||||
throws VaultConnectorException;
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Retrieve secret metadata from Vault.
|
||||
@ -479,7 +476,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.8 {@code options} parameter added
|
||||
*/
|
||||
void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
|
||||
throws VaultConnectorException;
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Delete key from Vault.
|
||||
@ -527,7 +524,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
void deleteSecretVersions(final String mount, final String key, final int... versions)
|
||||
throws VaultConnectorException;
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Undelete (restore) secret versions from Vault.
|
||||
@ -540,7 +537,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
void undeleteSecretVersions(final String mount, final String key, final int... versions)
|
||||
throws VaultConnectorException;
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Destroy secret versions from Vault.
|
||||
@ -553,7 +550,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
void destroySecretVersions(final String mount, final String key, final int... versions)
|
||||
throws VaultConnectorException;
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Revoke given lease immediately.
|
||||
@ -674,6 +671,82 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
*/
|
||||
boolean deleteTokenRole(final String name) throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Encrypt plaintext via transit engine from Vault.
|
||||
*
|
||||
* @param keyName Transit key name
|
||||
* @param plaintext Text to encrypt (Base64 encoded)
|
||||
* @return Transit response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 1.5.0
|
||||
*/
|
||||
TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Encrypt plaintext via transit engine from Vault.
|
||||
*
|
||||
* @param keyName Transit key name
|
||||
* @param plaintext Binary data to encrypt
|
||||
* @return Transit response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 1.5.0
|
||||
*/
|
||||
default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
|
||||
throws VaultConnectorException {
|
||||
return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt ciphertext via transit engine from Vault.
|
||||
*
|
||||
* @param keyName Transit key name
|
||||
* @param ciphertext Text to decrypt
|
||||
* @return Transit response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 1.5.0
|
||||
*/
|
||||
TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Hash data in hex format via transit engine from Vault.
|
||||
*
|
||||
* @param algorithm Specifies the hash algorithm to use
|
||||
* @param input Data to hash
|
||||
* @return Transit response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 1.5.0
|
||||
*/
|
||||
default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
|
||||
return transitHash(algorithm, input, "hex");
|
||||
}
|
||||
|
||||
/**
|
||||
* Hash data via transit engine from Vault.
|
||||
*
|
||||
* @param algorithm Specifies the hash algorithm to use
|
||||
* @param input Data to hash (Base64 encoded)
|
||||
* @param format Specifies the output encoding (hex/base64)
|
||||
* @return Transit response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 1.5.0
|
||||
*/
|
||||
TransitResponse transitHash(final String algorithm, final String input, final String format)
|
||||
throws VaultConnectorException;
|
||||
|
||||
/**
|
||||
* Hash data via transit engine from Vault.
|
||||
*
|
||||
* @param algorithm Specifies the hash algorithm to use
|
||||
* @param input Data to hash
|
||||
* @return Transit response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 1.5.0
|
||||
*/
|
||||
default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
|
||||
throws VaultConnectorException {
|
||||
return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
|
||||
}
|
||||
|
||||
/**
|
||||
* Read credentials for MySQL backend at default mount point.
|
||||
*
|
||||
@ -681,7 +754,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @return the credentials response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 0.5.0
|
||||
* @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
|
||||
*/
|
||||
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||
default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
|
||||
return readDbCredentials(role, "mysql");
|
||||
}
|
||||
@ -693,7 +768,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @return the credentials response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 0.5.0
|
||||
* @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
|
||||
*/
|
||||
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||
default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
|
||||
return readDbCredentials(role, "postgresql");
|
||||
}
|
||||
@ -705,34 +782,38 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
||||
* @return the credentials response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 0.5.0
|
||||
* @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
|
||||
*/
|
||||
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||
default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
|
||||
return readDbCredentials(role, "mssql");
|
||||
}
|
||||
|
||||
/**
|
||||
* Read credentials for MSSQL backend at default mount point.
|
||||
* Read credentials for MongoDB backend at default mount point.
|
||||
*
|
||||
* @param role the role name
|
||||
* @return the credentials response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 0.5.0
|
||||
* @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
|
||||
*/
|
||||
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||
default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
|
||||
return readDbCredentials(role, "mongodb");
|
||||
}
|
||||
|
||||
/**
|
||||
* Read credentials for SQL backends.
|
||||
* Read credentials for database backends.
|
||||
*
|
||||
* @param role the role name
|
||||
* @param mount mount point of the SQL backend
|
||||
* @param mount mount point of the database backend
|
||||
* @return the credentials response
|
||||
* @throws VaultConnectorException on error
|
||||
* @since 0.5.0
|
||||
*/
|
||||
default CredentialsResponse readDbCredentials(final String role, final String mount)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
return (CredentialsResponse) read(mount + "/creds/" + role);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
import com.fasterxml.jackson.databind.json.JsonMapper;
|
||||
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
||||
import de.stklcode.jvault.connector.exception.*;
|
||||
import de.stklcode.jvault.connector.model.response.ErrorResponse;
|
||||
@ -44,7 +44,7 @@ public final class RequestHelper implements Serializable {
|
||||
private final int retries; // Number of retries on 5xx errors.
|
||||
private final String tlsVersion; // TLS version (#22).
|
||||
private final X509Certificate trustedCaCert; // Trusted CA certificate.
|
||||
private final ObjectMapper jsonMapper;
|
||||
private final JsonMapper jsonMapper;
|
||||
|
||||
/**
|
||||
* Constructor of the request helper.
|
||||
@ -65,10 +65,11 @@ public final class RequestHelper implements Serializable {
|
||||
this.timeout = timeout;
|
||||
this.tlsVersion = tlsVersion;
|
||||
this.trustedCaCert = trustedCaCert;
|
||||
this.jsonMapper = new ObjectMapper()
|
||||
.registerModule(new JavaTimeModule())
|
||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
|
||||
this.jsonMapper = JsonMapper.builder()
|
||||
.addModule(new JavaTimeModule())
|
||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
|
||||
.build();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -115,7 +116,7 @@ public final class RequestHelper implements Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
try {
|
||||
String response = post(path, payload, token);
|
||||
return jsonMapper.readValue(response, target);
|
||||
@ -134,7 +135,7 @@ public final class RequestHelper implements Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
public void postWithoutResponse(final String path, final Object payload, final String token)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
if (!post(path, payload, token).isEmpty()) {
|
||||
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
|
||||
}
|
||||
@ -151,7 +152,7 @@ public final class RequestHelper implements Serializable {
|
||||
* @since 0.8 Added {@code token} parameter.
|
||||
*/
|
||||
public String put(final String path, final Map<String, String> payload, final String token)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
// Initialize PUT.
|
||||
var req = HttpRequest.newBuilder(URI.create(baseURL + path));
|
||||
|
||||
@ -185,7 +186,7 @@ public final class RequestHelper implements Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
try {
|
||||
String response = put(path, payload, token);
|
||||
return jsonMapper.readValue(response, target);
|
||||
@ -204,7 +205,7 @@ public final class RequestHelper implements Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
if (!put(path, payload, token).isEmpty()) {
|
||||
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
|
||||
}
|
||||
@ -256,15 +257,15 @@ public final class RequestHelper implements Serializable {
|
||||
* @since 0.8 Added {@code token} parameter.
|
||||
*/
|
||||
public String get(final String path, final Map<String, String> payload, final String token)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
// Add parameters to URI.
|
||||
var uriBuilder = new StringBuilder(baseURL + path);
|
||||
|
||||
if (!payload.isEmpty()) {
|
||||
uriBuilder.append("?").append(
|
||||
payload.entrySet().stream().map(par ->
|
||||
URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
|
||||
).collect(Collectors.joining("&"))
|
||||
payload.entrySet().stream().map(par ->
|
||||
URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
|
||||
).collect(Collectors.joining("&"))
|
||||
);
|
||||
}
|
||||
|
||||
@ -297,7 +298,7 @@ public final class RequestHelper implements Serializable {
|
||||
* @since 0.8
|
||||
*/
|
||||
public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
|
||||
throws VaultConnectorException {
|
||||
throws VaultConnectorException {
|
||||
try {
|
||||
String response = get(path, payload, token);
|
||||
return jsonMapper.readValue(response, target);
|
||||
@ -333,8 +334,8 @@ public final class RequestHelper implements Serializable {
|
||||
// Execute request.
|
||||
try {
|
||||
HttpResponse<InputStream> response = client.sendAsync(
|
||||
requestBuilder.build(),
|
||||
HttpResponse.BodyHandlers.ofInputStream()
|
||||
requestBuilder.build(),
|
||||
HttpResponse.BodyHandlers.ofInputStream()
|
||||
).join();
|
||||
|
||||
/* Check if response is valid */
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -331,28 +331,28 @@ public final class AppRole implements Serializable {
|
||||
}
|
||||
AppRole appRole = (AppRole) o;
|
||||
return Objects.equals(name, appRole.name) &&
|
||||
Objects.equals(id, appRole.id) &&
|
||||
Objects.equals(bindSecretId, appRole.bindSecretId) &&
|
||||
Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
|
||||
Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
|
||||
Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
|
||||
Objects.equals(localSecretIds, appRole.localSecretIds) &&
|
||||
Objects.equals(tokenTtl, appRole.tokenTtl) &&
|
||||
Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
|
||||
Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
|
||||
Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
|
||||
Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
|
||||
Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
|
||||
Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
|
||||
Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
|
||||
Objects.equals(tokenType, appRole.tokenType);
|
||||
Objects.equals(id, appRole.id) &&
|
||||
Objects.equals(bindSecretId, appRole.bindSecretId) &&
|
||||
Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
|
||||
Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
|
||||
Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
|
||||
Objects.equals(localSecretIds, appRole.localSecretIds) &&
|
||||
Objects.equals(tokenTtl, appRole.tokenTtl) &&
|
||||
Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
|
||||
Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
|
||||
Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
|
||||
Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
|
||||
Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
|
||||
Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
|
||||
Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
|
||||
Objects.equals(tokenType, appRole.tokenType);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
|
||||
localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
|
||||
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
||||
localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
|
||||
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -181,19 +181,19 @@ public final class AppRoleSecret implements Serializable {
|
||||
}
|
||||
AppRoleSecret that = (AppRoleSecret) o;
|
||||
return Objects.equals(id, that.id) &&
|
||||
Objects.equals(accessor, that.accessor) &&
|
||||
Objects.equals(metadata, that.metadata) &&
|
||||
Objects.equals(cidrList, that.cidrList) &&
|
||||
Objects.equals(creationTime, that.creationTime) &&
|
||||
Objects.equals(expirationTime, that.expirationTime) &&
|
||||
Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
|
||||
Objects.equals(numUses, that.numUses) &&
|
||||
Objects.equals(ttl, that.ttl);
|
||||
Objects.equals(accessor, that.accessor) &&
|
||||
Objects.equals(metadata, that.metadata) &&
|
||||
Objects.equals(cidrList, that.cidrList) &&
|
||||
Objects.equals(creationTime, that.creationTime) &&
|
||||
Objects.equals(expirationTime, that.expirationTime) &&
|
||||
Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
|
||||
Objects.equals(numUses, that.numUses) &&
|
||||
Objects.equals(ttl, that.ttl);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
|
||||
ttl);
|
||||
ttl);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -227,24 +227,24 @@ public final class Token implements Serializable {
|
||||
}
|
||||
Token token = (Token) o;
|
||||
return Objects.equals(id, token.id) &&
|
||||
Objects.equals(type, token.type) &&
|
||||
Objects.equals(displayName, token.displayName) &&
|
||||
Objects.equals(noParent, token.noParent) &&
|
||||
Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
|
||||
Objects.equals(ttl, token.ttl) &&
|
||||
Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
|
||||
Objects.equals(numUses, token.numUses) &&
|
||||
Objects.equals(policies, token.policies) &&
|
||||
Objects.equals(meta, token.meta) &&
|
||||
Objects.equals(renewable, token.renewable) &&
|
||||
Objects.equals(period, token.period) &&
|
||||
Objects.equals(entityAlias, token.entityAlias);
|
||||
Objects.equals(type, token.type) &&
|
||||
Objects.equals(displayName, token.displayName) &&
|
||||
Objects.equals(noParent, token.noParent) &&
|
||||
Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
|
||||
Objects.equals(ttl, token.ttl) &&
|
||||
Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
|
||||
Objects.equals(numUses, token.numUses) &&
|
||||
Objects.equals(policies, token.policies) &&
|
||||
Objects.equals(meta, token.meta) &&
|
||||
Objects.equals(renewable, token.renewable) &&
|
||||
Objects.equals(period, token.period) &&
|
||||
Objects.equals(entityAlias, token.entityAlias);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies,
|
||||
meta, renewable, period, entityAlias);
|
||||
meta, renewable, period, entityAlias);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -245,27 +245,27 @@ public final class TokenRole implements Serializable {
|
||||
}
|
||||
TokenRole tokenRole = (TokenRole) o;
|
||||
return Objects.equals(name, tokenRole.name) &&
|
||||
Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
|
||||
Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
|
||||
Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
|
||||
Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
|
||||
Objects.equals(orphan, tokenRole.orphan) &&
|
||||
Objects.equals(renewable, tokenRole.renewable) &&
|
||||
Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
|
||||
Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
|
||||
Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
|
||||
Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
|
||||
Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
|
||||
Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
|
||||
Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
|
||||
Objects.equals(tokenType, tokenRole.tokenType);
|
||||
Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
|
||||
Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
|
||||
Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
|
||||
Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
|
||||
Objects.equals(orphan, tokenRole.orphan) &&
|
||||
Objects.equals(renewable, tokenRole.renewable) &&
|
||||
Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
|
||||
Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
|
||||
Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
|
||||
Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
|
||||
Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
|
||||
Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
|
||||
Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
|
||||
Objects.equals(tokenType, tokenRole.tokenType);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
|
||||
orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
|
||||
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
||||
orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
|
||||
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -187,19 +187,19 @@ public final class HealthResponse implements VaultResponse {
|
||||
}
|
||||
HealthResponse that = (HealthResponse) o;
|
||||
return Objects.equals(clusterID, that.clusterID) &&
|
||||
Objects.equals(clusterName, that.clusterName) &&
|
||||
Objects.equals(version, that.version) &&
|
||||
Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
|
||||
Objects.equals(standby, that.standby) &&
|
||||
Objects.equals(sealed, that.sealed) &&
|
||||
Objects.equals(initialized, that.initialized) &&
|
||||
Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
|
||||
Objects.equals(replicationDrMode, that.replicationDrMode) &&
|
||||
Objects.equals(performanceStandby, that.performanceStandby) &&
|
||||
Objects.equals(echoDurationMs, that.echoDurationMs) &&
|
||||
Objects.equals(clockSkewMs, that.clockSkewMs) &&
|
||||
Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
|
||||
Objects.equals(enterprise, that.enterprise);
|
||||
Objects.equals(clusterName, that.clusterName) &&
|
||||
Objects.equals(version, that.version) &&
|
||||
Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
|
||||
Objects.equals(standby, that.standby) &&
|
||||
Objects.equals(sealed, that.sealed) &&
|
||||
Objects.equals(initialized, that.initialized) &&
|
||||
Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
|
||||
Objects.equals(replicationDrMode, that.replicationDrMode) &&
|
||||
Objects.equals(performanceStandby, that.performanceStandby) &&
|
||||
Objects.equals(echoDurationMs, that.echoDurationMs) &&
|
||||
Objects.equals(clockSkewMs, that.clockSkewMs) &&
|
||||
Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
|
||||
Objects.equals(enterprise, that.enterprise);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2021 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2021 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -191,24 +191,24 @@ public final class SealResponse implements VaultResponse {
|
||||
}
|
||||
SealResponse that = (SealResponse) o;
|
||||
return sealed == that.sealed &&
|
||||
initialized == that.initialized &&
|
||||
Objects.equals(type, that.type) &&
|
||||
Objects.equals(threshold, that.threshold) &&
|
||||
Objects.equals(numberOfShares, that.numberOfShares) &&
|
||||
Objects.equals(progress, that.progress) &&
|
||||
Objects.equals(version, that.version) &&
|
||||
Objects.equals(buildDate, that.buildDate) &&
|
||||
Objects.equals(nonce, that.nonce) &&
|
||||
Objects.equals(clusterName, that.clusterName) &&
|
||||
Objects.equals(clusterId, that.clusterId) &&
|
||||
Objects.equals(migration, that.migration) &&
|
||||
Objects.equals(recoverySeal, that.recoverySeal) &&
|
||||
Objects.equals(storageType, that.storageType);
|
||||
initialized == that.initialized &&
|
||||
Objects.equals(type, that.type) &&
|
||||
Objects.equals(threshold, that.threshold) &&
|
||||
Objects.equals(numberOfShares, that.numberOfShares) &&
|
||||
Objects.equals(progress, that.progress) &&
|
||||
Objects.equals(version, that.version) &&
|
||||
Objects.equals(buildDate, that.buildDate) &&
|
||||
Objects.equals(nonce, that.nonce) &&
|
||||
Objects.equals(clusterName, that.clusterName) &&
|
||||
Objects.equals(clusterId, that.clusterId) &&
|
||||
Objects.equals(migration, that.migration) &&
|
||||
Objects.equals(recoverySeal, that.recoverySeal) &&
|
||||
Objects.equals(storageType, that.storageType);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
|
||||
clusterName, clusterId, migration, recoverySeal, storageType);
|
||||
clusterName, clusterId, migration, recoverySeal, storageType);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -18,8 +18,8 @@ package de.stklcode.jvault.connector.model.response;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
import com.fasterxml.jackson.databind.json.JsonMapper;
|
||||
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
||||
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
||||
import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
|
||||
@ -85,10 +85,11 @@ public abstract class SecretResponse extends VaultDataResponse {
|
||||
} else if (type.isInstance(rawValue)) {
|
||||
return type.cast(rawValue);
|
||||
} else {
|
||||
var om = new ObjectMapper()
|
||||
.registerModule(new JavaTimeModule())
|
||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
|
||||
var om = JsonMapper.builder()
|
||||
.addModule(new JavaTimeModule())
|
||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
|
||||
.build();
|
||||
|
||||
if (rawValue instanceof String) {
|
||||
return om.readValue((String) rawValue, type);
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -0,0 +1,92 @@
|
||||
/*
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package de.stklcode.jvault.connector.model.response;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonSetter;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* Response entity for transit operations.
|
||||
*
|
||||
* @author Stefan Kalscheuer
|
||||
* @since 1.5.0
|
||||
*/
|
||||
public class TransitResponse extends VaultDataResponse {
|
||||
|
||||
private static final long serialVersionUID = 6873804240772242771L;
|
||||
|
||||
private String ciphertext;
|
||||
private String plaintext;
|
||||
private String sum;
|
||||
|
||||
@JsonSetter("data")
|
||||
private void setData(Map<String, String> data) {
|
||||
ciphertext = data.get("ciphertext");
|
||||
plaintext = data.get("plaintext");
|
||||
sum = data.get("sum");
|
||||
}
|
||||
|
||||
/**
|
||||
* Get ciphertext.
|
||||
* Populated after encryption.
|
||||
*
|
||||
* @return Ciphertext
|
||||
*/
|
||||
public String getCiphertext() {
|
||||
return ciphertext;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get plaintext.
|
||||
* Base64 encoded, populated after decryption.
|
||||
*
|
||||
* @return Plaintext
|
||||
*/
|
||||
public String getPlaintext() {
|
||||
return plaintext;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get hash sum.
|
||||
* Hex or Base64 string. Populated after hashing.
|
||||
*
|
||||
* @return Hash sum
|
||||
*/
|
||||
public String getSum() {
|
||||
return sum;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
} else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
TransitResponse that = (TransitResponse) o;
|
||||
return Objects.equals(ciphertext, that.ciphertext) &&
|
||||
Objects.equals(plaintext, that.plaintext) &&
|
||||
Objects.equals(sum, that.sum);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -115,6 +115,7 @@ public abstract class VaultDataResponse implements VaultResponse {
|
||||
public final String getMountType() {
|
||||
return mountType;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) {
|
||||
@ -124,13 +125,13 @@ public abstract class VaultDataResponse implements VaultResponse {
|
||||
}
|
||||
VaultDataResponse that = (VaultDataResponse) o;
|
||||
return renewable == that.renewable &&
|
||||
Objects.equals(requestId, that.requestId) &&
|
||||
Objects.equals(leaseId, that.leaseId) &&
|
||||
Objects.equals(leaseDuration, that.leaseDuration) &&
|
||||
Objects.equals(warnings, that.warnings) &&
|
||||
Objects.equals(wrapInfo, that.wrapInfo) &&
|
||||
Objects.equals(auth, that.auth) &&
|
||||
Objects.equals(mountType, that.mountType);
|
||||
Objects.equals(requestId, that.requestId) &&
|
||||
Objects.equals(leaseId, that.leaseId) &&
|
||||
Objects.equals(leaseDuration, that.leaseDuration) &&
|
||||
Objects.equals(warnings, that.warnings) &&
|
||||
Objects.equals(wrapInfo, that.wrapInfo) &&
|
||||
Objects.equals(auth, that.auth) &&
|
||||
Objects.equals(mountType, that.mountType);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -171,22 +171,22 @@ public final class AuthData implements Serializable {
|
||||
}
|
||||
AuthData authData = (AuthData) o;
|
||||
return renewable == authData.renewable &&
|
||||
orphan == authData.orphan &&
|
||||
Objects.equals(clientToken, authData.clientToken) &&
|
||||
Objects.equals(accessor, authData.accessor) &&
|
||||
Objects.equals(policies, authData.policies) &&
|
||||
Objects.equals(tokenPolicies, authData.tokenPolicies) &&
|
||||
Objects.equals(metadata, authData.metadata) &&
|
||||
Objects.equals(leaseDuration, authData.leaseDuration) &&
|
||||
Objects.equals(entityId, authData.entityId) &&
|
||||
Objects.equals(tokenType, authData.tokenType) &&
|
||||
Objects.equals(numUses, authData.numUses) &&
|
||||
Objects.equals(mfaRequirement, authData.mfaRequirement);
|
||||
orphan == authData.orphan &&
|
||||
Objects.equals(clientToken, authData.clientToken) &&
|
||||
Objects.equals(accessor, authData.accessor) &&
|
||||
Objects.equals(policies, authData.policies) &&
|
||||
Objects.equals(tokenPolicies, authData.tokenPolicies) &&
|
||||
Objects.equals(metadata, authData.metadata) &&
|
||||
Objects.equals(leaseDuration, authData.leaseDuration) &&
|
||||
Objects.equals(entityId, authData.entityId) &&
|
||||
Objects.equals(tokenType, authData.tokenType) &&
|
||||
Objects.equals(numUses, authData.numUses) &&
|
||||
Objects.equals(mfaRequirement, authData.mfaRequirement);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
|
||||
entityId, tokenType, orphan, numUses, mfaRequirement);
|
||||
entityId, tokenType, orphan, numUses, mfaRequirement);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -202,19 +202,19 @@ public final class AuthMethod implements Serializable {
|
||||
}
|
||||
AuthMethod that = (AuthMethod) o;
|
||||
return local == that.local &&
|
||||
type == that.type &&
|
||||
externalEntropyAccess == that.externalEntropyAccess &&
|
||||
sealWrap == that.sealWrap &&
|
||||
Objects.equals(rawType, that.rawType) &&
|
||||
Objects.equals(accessor, that.accessor) &&
|
||||
Objects.equals(deprecationStatus, that.deprecationStatus) &&
|
||||
Objects.equals(description, that.description) &&
|
||||
Objects.equals(config, that.config) &&
|
||||
Objects.equals(options, that.options) &&
|
||||
Objects.equals(pluginVersion, that.pluginVersion) &&
|
||||
Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
|
||||
Objects.equals(runningSha256, that.runningSha256) &&
|
||||
Objects.equals(uuid, that.uuid);
|
||||
type == that.type &&
|
||||
externalEntropyAccess == that.externalEntropyAccess &&
|
||||
sealWrap == that.sealWrap &&
|
||||
Objects.equals(rawType, that.rawType) &&
|
||||
Objects.equals(accessor, that.accessor) &&
|
||||
Objects.equals(deprecationStatus, that.deprecationStatus) &&
|
||||
Objects.equals(description, that.description) &&
|
||||
Objects.equals(config, that.config) &&
|
||||
Objects.equals(options, that.options) &&
|
||||
Objects.equals(pluginVersion, that.pluginVersion) &&
|
||||
Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
|
||||
Objects.equals(runningSha256, that.runningSha256) &&
|
||||
Objects.equals(uuid, that.uuid);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -138,14 +138,14 @@ public final class SecretMetadata implements Serializable {
|
||||
}
|
||||
SecretMetadata that = (SecretMetadata) o;
|
||||
return Objects.equals(createdTime, that.createdTime) &&
|
||||
Objects.equals(currentVersion, that.currentVersion) &&
|
||||
Objects.equals(maxVersions, that.maxVersions) &&
|
||||
Objects.equals(oldestVersion, that.oldestVersion) &&
|
||||
Objects.equals(updatedTime, that.updatedTime) &&
|
||||
Objects.equals(versions, that.versions) &&
|
||||
Objects.equals(casRequired, that.casRequired) &&
|
||||
Objects.equals(customMetadata, that.customMetadata) &&
|
||||
Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
|
||||
Objects.equals(currentVersion, that.currentVersion) &&
|
||||
Objects.equals(maxVersions, that.maxVersions) &&
|
||||
Objects.equals(oldestVersion, that.oldestVersion) &&
|
||||
Objects.equals(updatedTime, that.updatedTime) &&
|
||||
Objects.equals(versions, that.versions) &&
|
||||
Objects.equals(casRequired, that.casRequired) &&
|
||||
Objects.equals(customMetadata, that.customMetadata) &&
|
||||
Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -222,27 +222,27 @@ public final class TokenData implements Serializable {
|
||||
}
|
||||
TokenData tokenData = (TokenData) o;
|
||||
return orphan == tokenData.orphan &&
|
||||
renewable == tokenData.renewable &&
|
||||
Objects.equals(accessor, tokenData.accessor) &&
|
||||
Objects.equals(creationTime, tokenData.creationTime) &&
|
||||
Objects.equals(creationTtl, tokenData.creationTtl) &&
|
||||
Objects.equals(name, tokenData.name) &&
|
||||
Objects.equals(entityId, tokenData.entityId) &&
|
||||
Objects.equals(expireTime, tokenData.expireTime) &&
|
||||
Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
|
||||
Objects.equals(id, tokenData.id) &&
|
||||
Objects.equals(issueTime, tokenData.issueTime) &&
|
||||
Objects.equals(meta, tokenData.meta) &&
|
||||
Objects.equals(numUses, tokenData.numUses) &&
|
||||
Objects.equals(path, tokenData.path) &&
|
||||
Objects.equals(policies, tokenData.policies) &&
|
||||
Objects.equals(ttl, tokenData.ttl) &&
|
||||
Objects.equals(type, tokenData.type);
|
||||
renewable == tokenData.renewable &&
|
||||
Objects.equals(accessor, tokenData.accessor) &&
|
||||
Objects.equals(creationTime, tokenData.creationTime) &&
|
||||
Objects.equals(creationTtl, tokenData.creationTtl) &&
|
||||
Objects.equals(name, tokenData.name) &&
|
||||
Objects.equals(entityId, tokenData.entityId) &&
|
||||
Objects.equals(expireTime, tokenData.expireTime) &&
|
||||
Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
|
||||
Objects.equals(id, tokenData.id) &&
|
||||
Objects.equals(issueTime, tokenData.issueTime) &&
|
||||
Objects.equals(meta, tokenData.meta) &&
|
||||
Objects.equals(numUses, tokenData.numUses) &&
|
||||
Objects.equals(path, tokenData.path) &&
|
||||
Objects.equals(policies, tokenData.policies) &&
|
||||
Objects.equals(ttl, tokenData.ttl) &&
|
||||
Objects.equals(type, tokenData.type);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id,
|
||||
issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
|
||||
issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -96,10 +96,10 @@ public final class VersionMetadata implements Serializable {
|
||||
}
|
||||
VersionMetadata that = (VersionMetadata) o;
|
||||
return destroyed == that.destroyed &&
|
||||
Objects.equals(createdTime, that.createdTime) &&
|
||||
Objects.equals(deletionTime, that.deletionTime) &&
|
||||
Objects.equals(version, that.version) &&
|
||||
Objects.equals(customMetadata, that.customMetadata);
|
||||
Objects.equals(createdTime, that.createdTime) &&
|
||||
Objects.equals(deletionTime, that.deletionTime) &&
|
||||
Objects.equals(version, that.version) &&
|
||||
Objects.equals(customMetadata, that.customMetadata);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -80,9 +80,9 @@ public class WrapInfo implements Serializable {
|
||||
}
|
||||
WrapInfo that = (WrapInfo) o;
|
||||
return Objects.equals(token, that.token) &&
|
||||
Objects.equals(ttl, that.ttl) &&
|
||||
Objects.equals(creationTime, that.creationTime) &&
|
||||
Objects.equals(creationPath, that.creationPath);
|
||||
Objects.equals(ttl, that.ttl) &&
|
||||
Objects.equals(creationTime, that.creationTime) &&
|
||||
Objects.equals(creationPath, that.creationPath);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -25,7 +25,10 @@ import org.junit.jupiter.api.io.TempDir;
|
||||
import java.io.File;
|
||||
import java.lang.reflect.Field;
|
||||
import java.net.URISyntaxException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.NoSuchFileException;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
|
||||
import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
@ -38,6 +41,8 @@ import static org.junit.jupiter.api.Assertions.*;
|
||||
*/
|
||||
class HTTPVaultConnectorBuilderTest {
|
||||
private static final String VAULT_ADDR = "https://localhost:8201";
|
||||
private static final String VAULT_ADDR_2 = "http://localhost";
|
||||
private static final String VAULT_ADDR_3 = "https://localhost/vault/";
|
||||
private static final Integer VAULT_MAX_RETRIES = 13;
|
||||
private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
|
||||
|
||||
@ -112,6 +117,22 @@ class HTTPVaultConnectorBuilderTest {
|
||||
|
||||
return null;
|
||||
});
|
||||
withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
|
||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||
"Factory creation from minimal environment failed"
|
||||
);
|
||||
assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
|
||||
return null;
|
||||
});
|
||||
withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
|
||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||
"Factory creation from minimal environment failed"
|
||||
);
|
||||
assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
|
||||
return null;
|
||||
});
|
||||
|
||||
// Provide address and number of retries.
|
||||
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
|
||||
@ -128,19 +149,6 @@ class HTTPVaultConnectorBuilderTest {
|
||||
return null;
|
||||
});
|
||||
|
||||
// Provide CA certificate.
|
||||
String vaultCacert = tempDir.toString() + "/doesnotexist";
|
||||
withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
|
||||
TlsException e = assertThrows(
|
||||
TlsException.class,
|
||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||
"Creation with unknown cert path failed"
|
||||
);
|
||||
assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
|
||||
|
||||
return null;
|
||||
});
|
||||
|
||||
// Automatic authentication.
|
||||
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
|
||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||
@ -164,6 +172,59 @@ class HTTPVaultConnectorBuilderTest {
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Test CA certificate handling from environment variables
|
||||
*/
|
||||
@Test
|
||||
void testCertificateFromEnv() throws Exception {
|
||||
// From direct PEM content
|
||||
String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
|
||||
AtomicReference<Object> certFromPem = new AtomicReference<>();
|
||||
withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
|
||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||
"Builder with PEM certificate from environment failed"
|
||||
);
|
||||
HTTPVaultConnector connector = builder.build();
|
||||
|
||||
certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
|
||||
assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
|
||||
|
||||
return null;
|
||||
});
|
||||
|
||||
// From file path
|
||||
String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
|
||||
AtomicReference<Object> certFromFile = new AtomicReference<>();
|
||||
withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
|
||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||
"Builder with certificate path from environment failed"
|
||||
);
|
||||
HTTPVaultConnector connector = builder.build();
|
||||
|
||||
certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
|
||||
assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
|
||||
|
||||
return null;
|
||||
});
|
||||
|
||||
assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
|
||||
|
||||
// Non-existing path CA certificate path
|
||||
String doesNotExist = tempDir.toString() + "/doesnotexist";
|
||||
withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
|
||||
TlsException e = assertThrows(
|
||||
TlsException.class,
|
||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||
"Creation with unknown cert path failed"
|
||||
);
|
||||
assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
|
||||
|
||||
return null;
|
||||
});
|
||||
}
|
||||
|
||||
private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
|
||||
return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
|
||||
.and("VAULT_CACERT", vaultCacert)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -52,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||
* @since 0.1
|
||||
*/
|
||||
class HTTPVaultConnectorIT {
|
||||
private static String VAULT_VERSION = "1.18.2"; // The vault version this test is supposed to run against.
|
||||
private static String VAULT_VERSION = "1.19.0"; // The vault version this test is supposed to run against.
|
||||
private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
|
||||
private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
|
||||
private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
|
||||
@ -989,6 +989,75 @@ class HTTPVaultConnectorIT {
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
@DisplayName("Transit Tests")
|
||||
class TransitTests {
|
||||
|
||||
@Test
|
||||
@DisplayName("Transit encryption")
|
||||
void transitEncryptTest() {
|
||||
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
|
||||
assumeTrue(connector.isAuthorized());
|
||||
|
||||
TransitResponse transitResponse = assertDoesNotThrow(
|
||||
() -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="),
|
||||
"Failed to encrypt via transit"
|
||||
);
|
||||
assertNotNull(transitResponse.getCiphertext());
|
||||
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
|
||||
|
||||
transitResponse = assertDoesNotThrow(
|
||||
() -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)),
|
||||
"Failed to encrypt binary data via transit"
|
||||
);
|
||||
assertNotNull(transitResponse.getCiphertext());
|
||||
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("Transit decryption")
|
||||
void transitDecryptTest() {
|
||||
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
|
||||
assumeTrue(connector.isAuthorized());
|
||||
|
||||
TransitResponse transitResponse = assertDoesNotThrow(
|
||||
() -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
|
||||
"Failed to decrypt via transit"
|
||||
);
|
||||
|
||||
assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("Transit hash")
|
||||
void transitHashText() {
|
||||
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
|
||||
assumeTrue(connector.isAuthorized());
|
||||
|
||||
TransitResponse transitResponse = assertDoesNotThrow(
|
||||
() -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="),
|
||||
"Failed to hash via transit"
|
||||
);
|
||||
|
||||
assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
|
||||
|
||||
TransitResponse transitResponseBase64 = assertDoesNotThrow(
|
||||
() -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"),
|
||||
"Failed to hash via transit with base64 output"
|
||||
);
|
||||
|
||||
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
|
||||
|
||||
transitResponseBase64 = assertDoesNotThrow(
|
||||
() -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"),
|
||||
"Failed to hash binary data via transit"
|
||||
);
|
||||
|
||||
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
@DisplayName("Misc Tests")
|
||||
class MiscTests {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -17,13 +17,13 @@
|
||||
package de.stklcode.jvault.connector;
|
||||
|
||||
import com.github.tomakehurst.wiremock.client.WireMock;
|
||||
import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
|
||||
import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
|
||||
import com.github.tomakehurst.wiremock.junit5.WireMockTest;
|
||||
import de.stklcode.jvault.connector.exception.ConnectionException;
|
||||
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
||||
import de.stklcode.jvault.connector.exception.PermissionDeniedException;
|
||||
import de.stklcode.jvault.connector.exception.VaultConnectorException;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.RegisterExtension;
|
||||
import org.junit.jupiter.api.function.Executable;
|
||||
|
||||
import java.io.IOException;
|
||||
@ -36,9 +36,7 @@ import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Collections;
|
||||
|
||||
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
|
||||
import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
|
||||
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
|
||||
import static com.github.tomakehurst.wiremock.client.WireMock.*;
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
|
||||
/**
|
||||
@ -48,26 +46,23 @@ import static org.junit.jupiter.api.Assertions.*;
|
||||
* @author Stefan Kalscheuer
|
||||
* @since 0.7.0
|
||||
*/
|
||||
@WireMockTest
|
||||
class HTTPVaultConnectorTest {
|
||||
@RegisterExtension
|
||||
static WireMockExtension wireMock = WireMockExtension.newInstance()
|
||||
.options(wireMockConfig().dynamicPort())
|
||||
.build();
|
||||
|
||||
/**
|
||||
* Test exceptions thrown during request.
|
||||
*/
|
||||
@Test
|
||||
void requestExceptionTest() throws IOException, URISyntaxException {
|
||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
|
||||
void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
|
||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
|
||||
|
||||
// Test invalid response code.
|
||||
final int responseCode = 400;
|
||||
mockHttpResponse(responseCode, "", "application/json");
|
||||
VaultConnectorException e = assertThrows(
|
||||
InvalidResponseException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
InvalidResponseException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
);
|
||||
assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
|
||||
assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception");
|
||||
@ -76,9 +71,9 @@ class HTTPVaultConnectorTest {
|
||||
// Simulate permission denied response.
|
||||
mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
|
||||
assertThrows(
|
||||
PermissionDeniedException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
PermissionDeniedException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
);
|
||||
|
||||
// Test exception thrown during request.
|
||||
@ -86,22 +81,22 @@ class HTTPVaultConnectorTest {
|
||||
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build();
|
||||
}
|
||||
e = assertThrows(
|
||||
ConnectionException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
ConnectionException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
);
|
||||
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
||||
assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
|
||||
|
||||
// Now simulate a failing request that succeeds on second try.
|
||||
connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build();
|
||||
connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build();
|
||||
|
||||
wireMock.stubFor(
|
||||
WireMock.any(anyUrl())
|
||||
.willReturn(aResponse().withStatus(500))
|
||||
.willReturn(aResponse().withStatus(500))
|
||||
.willReturn(aResponse().withStatus(500))
|
||||
.willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
|
||||
stubFor(
|
||||
WireMock.any(anyUrl())
|
||||
.willReturn(aResponse().withStatus(500))
|
||||
.willReturn(aResponse().withStatus(500))
|
||||
.willReturn(aResponse().withStatus(500))
|
||||
.willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
|
||||
);
|
||||
assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly");
|
||||
}
|
||||
@ -164,9 +159,9 @@ class HTTPVaultConnectorTest {
|
||||
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build();
|
||||
}
|
||||
ConnectionException e = assertThrows(
|
||||
ConnectionException.class,
|
||||
connector::sealStatus,
|
||||
"Querying seal status succeeded on invalid instance"
|
||||
ConnectionException.class,
|
||||
connector::sealStatus,
|
||||
"Querying seal status succeeded on invalid instance"
|
||||
);
|
||||
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
||||
}
|
||||
@ -182,9 +177,9 @@ class HTTPVaultConnectorTest {
|
||||
connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build();
|
||||
}
|
||||
ConnectionException e = assertThrows(
|
||||
ConnectionException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
ConnectionException.class,
|
||||
connector::getHealth,
|
||||
"Querying health status succeeded on invalid instance"
|
||||
);
|
||||
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
||||
}
|
||||
@ -193,8 +188,8 @@ class HTTPVaultConnectorTest {
|
||||
* Test behavior on unparsable responses.
|
||||
*/
|
||||
@Test
|
||||
void parseExceptionTest() throws URISyntaxException {
|
||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
|
||||
void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
|
||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
|
||||
// Mock authorization.
|
||||
setPrivate(connector, "authorized", true);
|
||||
// Mock response.
|
||||
@ -227,8 +222,8 @@ class HTTPVaultConnectorTest {
|
||||
* Test requests that expect an empty response with code 204, but receive a 200 body.
|
||||
*/
|
||||
@Test
|
||||
void nonEmpty204ResponseTest() throws URISyntaxException {
|
||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
|
||||
void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
|
||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
|
||||
// Mock authorization.
|
||||
setPrivate(connector, "authorized", true);
|
||||
// Mock response.
|
||||
@ -236,45 +231,45 @@ class HTTPVaultConnectorTest {
|
||||
|
||||
// Now test the methods expecting a 204.
|
||||
assertThrows(
|
||||
InvalidResponseException.class,
|
||||
() -> connector.createAppRole("appID", Collections.singletonList("policy")),
|
||||
"createAppRole() with 200 response succeeded"
|
||||
InvalidResponseException.class,
|
||||
() -> connector.createAppRole("appID", Collections.singletonList("policy")),
|
||||
"createAppRole() with 200 response succeeded"
|
||||
);
|
||||
|
||||
assertThrows(
|
||||
InvalidResponseException.class,
|
||||
() -> connector.deleteAppRole("roleName"),
|
||||
"deleteAppRole() with 200 response succeeded"
|
||||
InvalidResponseException.class,
|
||||
() -> connector.deleteAppRole("roleName"),
|
||||
"deleteAppRole() with 200 response succeeded"
|
||||
);
|
||||
|
||||
assertThrows(
|
||||
InvalidResponseException.class,
|
||||
() -> connector.setAppRoleID("roleName", "roleID"),
|
||||
"setAppRoleID() with 200 response succeeded"
|
||||
InvalidResponseException.class,
|
||||
() -> connector.setAppRoleID("roleName", "roleID"),
|
||||
"setAppRoleID() with 200 response succeeded"
|
||||
);
|
||||
|
||||
assertThrows(
|
||||
InvalidResponseException.class,
|
||||
() -> connector.destroyAppRoleSecret("roleName", "secretID"),
|
||||
"destroyAppRoleSecret() with 200 response succeeded"
|
||||
InvalidResponseException.class,
|
||||
() -> connector.destroyAppRoleSecret("roleName", "secretID"),
|
||||
"destroyAppRoleSecret() with 200 response succeeded"
|
||||
);
|
||||
|
||||
assertThrows(
|
||||
InvalidResponseException.class,
|
||||
() -> connector.destroyAppRoleSecret("roleName", "secretUD"),
|
||||
"destroyAppRoleSecret() with 200 response succeeded"
|
||||
InvalidResponseException.class,
|
||||
() -> connector.destroyAppRoleSecret("roleName", "secretUD"),
|
||||
"destroyAppRoleSecret() with 200 response succeeded"
|
||||
);
|
||||
|
||||
assertThrows(
|
||||
InvalidResponseException.class,
|
||||
() -> connector.delete("key"),
|
||||
"delete() with 200 response succeeded"
|
||||
InvalidResponseException.class,
|
||||
() -> connector.delete("key"),
|
||||
"delete() with 200 response succeeded"
|
||||
);
|
||||
|
||||
assertThrows(
|
||||
InvalidResponseException.class,
|
||||
() -> connector.revoke("leaseID"),
|
||||
"destroyAppRoleSecret() with 200 response succeeded"
|
||||
InvalidResponseException.class,
|
||||
() -> connector.revoke("leaseID"),
|
||||
"destroyAppRoleSecret() with 200 response succeeded"
|
||||
);
|
||||
}
|
||||
|
||||
@ -310,10 +305,10 @@ class HTTPVaultConnectorTest {
|
||||
}
|
||||
|
||||
private void mockHttpResponse(int status, String body, String contentType) {
|
||||
wireMock.stubFor(
|
||||
WireMock.any(anyUrl()).willReturn(
|
||||
aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
|
||||
)
|
||||
stubFor(
|
||||
WireMock.any(anyUrl()).willReturn(
|
||||
aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model;
|
||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
import com.fasterxml.jackson.databind.json.JsonMapper;
|
||||
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
||||
import nl.jqno.equalsverifier.EqualsVerifier;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@ -29,10 +30,11 @@ public abstract class AbstractModelTest<T> {
|
||||
*/
|
||||
protected AbstractModelTest(Class<T> modelClass) {
|
||||
this.modelClass = modelClass;
|
||||
this.objectMapper = new ObjectMapper()
|
||||
.registerModule(new JavaTimeModule())
|
||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
|
||||
this.objectMapper = JsonMapper.builder()
|
||||
.addModule(new JavaTimeModule())
|
||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
|
||||
.build();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
||||
assertNull(role.getTokenType());
|
||||
|
||||
// Empty builder should be equal to no-arg construction.
|
||||
assertEquals(role, new TokenRole());
|
||||
assertEquals(new TokenRole(), role);
|
||||
|
||||
// Optional fields should be ignored, so JSON string should be empty.
|
||||
assertEquals("{}", objectMapper.writeValueAsString(role));
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
|
||||
assertEquals("{}", objectMapper.writeValueAsString(token));
|
||||
|
||||
// Empty builder should be equal to no-arg construction.
|
||||
assertEquals(token, new Token());
|
||||
assertEquals(new Token(), token);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2021 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2021 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2021 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -0,0 +1,137 @@
|
||||
/*
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package de.stklcode.jvault.connector.model.response;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
|
||||
/**
|
||||
* JUnit Test for {@link TransitResponse} model.
|
||||
*
|
||||
* @author Stefan Kalscheuer
|
||||
* @since 1.5.0
|
||||
*/
|
||||
class TransitResponseTest extends AbstractModelTest<TransitResponse> {
|
||||
private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
|
||||
private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
|
||||
private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
|
||||
|
||||
TransitResponseTest() {
|
||||
super(TransitResponse.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected TransitResponse createFull() {
|
||||
try {
|
||||
return objectMapper.readValue(
|
||||
json(
|
||||
"\"ciphertext\": \"" + CIPHERTEXT + "\", " +
|
||||
"\"plaintext\": \"" + PLAINTEXT + "\", " +
|
||||
"\"sum\": \"" + SUM + "\""
|
||||
),
|
||||
TransitResponse.class
|
||||
);
|
||||
} catch (JsonProcessingException e) {
|
||||
fail("Creation of full model failed", e);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void encryptionTest() {
|
||||
TransitResponse res = assertDoesNotThrow(
|
||||
() -> objectMapper.readValue(
|
||||
json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
|
||||
TransitResponse.class
|
||||
),
|
||||
"TransitResponse deserialization failed"
|
||||
);
|
||||
assertNotNull(res, "Parsed response is NULL");
|
||||
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
|
||||
assertEquals("", res.getLeaseId(), "Unexpected lease id");
|
||||
assertFalse(res.isRenewable(), "Unexpected renewable flag");
|
||||
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
|
||||
assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
|
||||
assertNull(res.getPlaintext(), "Unexpected plaintext");
|
||||
assertNull(res.getSum(), "Unexpected sum");
|
||||
assertNull(res.getWrapInfo(), "Unexpected wrap info");
|
||||
assertNull(res.getWarnings(), "Unexpected warnings");
|
||||
assertNull(res.getAuth(), "Unexpected auth");
|
||||
}
|
||||
|
||||
@Test
|
||||
void decryptionTest() {
|
||||
TransitResponse res = assertDoesNotThrow(
|
||||
() -> objectMapper.readValue(
|
||||
json("\"plaintext\": \"" + PLAINTEXT + "\""),
|
||||
TransitResponse.class
|
||||
),
|
||||
"TransitResponse deserialization failed"
|
||||
);
|
||||
assertNotNull(res, "Parsed response is NULL");
|
||||
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
|
||||
assertEquals("", res.getLeaseId(), "Unexpected lease id");
|
||||
assertFalse(res.isRenewable(), "Unexpected renewable flag");
|
||||
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
|
||||
assertNull(res.getCiphertext(), "Unexpected ciphertext");
|
||||
assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
|
||||
assertNull(res.getSum(), "Unexpected sum");
|
||||
assertNull(res.getWrapInfo(), "Unexpected wrap info");
|
||||
assertNull(res.getWarnings(), "Unexpected warnings");
|
||||
assertNull(res.getAuth(), "Unexpected auth");
|
||||
}
|
||||
|
||||
@Test
|
||||
void hashTest() {
|
||||
TransitResponse res = assertDoesNotThrow(
|
||||
() -> objectMapper.readValue(
|
||||
json("\"sum\": \"" + SUM + "\""),
|
||||
TransitResponse.class
|
||||
),
|
||||
"TransitResponse deserialization failed"
|
||||
);
|
||||
assertNotNull(res, "Parsed response is NULL");
|
||||
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
|
||||
assertEquals("", res.getLeaseId(), "Unexpected lease id");
|
||||
assertFalse(res.isRenewable(), "Unexpected renewable flag");
|
||||
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
|
||||
assertNull(res.getCiphertext(), "Unexpected ciphertext");
|
||||
assertNull(res.getPlaintext(), "Unexpected plaintext");
|
||||
assertEquals(SUM, res.getSum(), "Incorrect sum");
|
||||
assertNull(res.getWrapInfo(), "Unexpected wrap info");
|
||||
assertNull(res.getWarnings(), "Unexpected warnings");
|
||||
assertNull(res.getAuth(), "Unexpected auth");
|
||||
}
|
||||
|
||||
private static String json(String data) {
|
||||
return "{\n" +
|
||||
" \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
|
||||
" \"lease_id\" : \"\",\n" +
|
||||
" \"renewable\" : false,\n" +
|
||||
" \"lease_duration\" : 0,\n" +
|
||||
" \"data\" : {\n" +
|
||||
" " + data + "\n" +
|
||||
" },\n" +
|
||||
" \"wrap_info\" : null,\n" +
|
||||
" \"warnings\" : null,\n" +
|
||||
" \"auth\" : null\n" +
|
||||
"}";
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2024 Stefan Kalscheuer
|
||||
* Copyright 2016-2025 Stefan Kalscheuer
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
||||
@ -1 +1 @@
|
||||
{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}
|
||||
{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}
|
||||
|
||||
@ -0,0 +1 @@
|
||||
{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}
|
||||
@ -0,0 +1 @@
|
||||
{"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}
|
||||
Loading…
x
Reference in New Issue
Block a user