stklcode/jvaultconnector
stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 33 Wiki Activity

Compare commits

base: stklcode:v1.4.0
Branches Tags
stklcode:main
stklcode:develop
stklcode:experimental/jackson3
stklcode:v1.5.0
stklcode:v1.4.0
stklcode:v1.3.1
stklcode:v1.3.0
stklcode:v1.2.0
stklcode:v1.1.5
stklcode:v1.1.4
stklcode:v1.1.3
stklcode:v1.1.2
stklcode:v1.1.1
stklcode:v1.1.0
stklcode:v1.0.1
stklcode:v1.0.0
stklcode:v0.9.5
stklcode:v0.9.4
stklcode:v0.9.3
stklcode:v0.9.2
stklcode:v0.9.1
stklcode:v0.9.0
stklcode:v0.8.2
stklcode:v0.8.1
stklcode:v0.8.0
stklcode:v0.7.1
stklcode:v0.7.0
stklcode:v0.6.2
stklcode:v0.6.1
stklcode:v0.6.0
stklcode:v0.5.0
stklcode:v0.4.1
stklcode:v0.4.0
stklcode:v0.3.0
stklcode:v0.2.0
stklcode:v0.1.1
stklcode:v0.1
...
compare: stklcode:main
Branches Tags
stklcode:develop
stklcode:main
stklcode:experimental/jackson3
stklcode:v1.5.0
stklcode:v1.4.0
stklcode:v1.3.1
stklcode:v1.3.0
stklcode:v1.2.0
stklcode:v1.1.5
stklcode:v1.1.4
stklcode:v1.1.3
stklcode:v1.1.2
stklcode:v1.1.1
stklcode:v1.1.0
stklcode:v1.0.1
stklcode:v1.0.0
stklcode:v0.9.5
stklcode:v0.9.4
stklcode:v0.9.3
stklcode:v0.9.2
stklcode:v0.9.1
stklcode:v0.9.0
stklcode:v0.8.2
stklcode:v0.8.1
stklcode:v0.8.0
stklcode:v0.7.1
stklcode:v0.7.0
stklcode:v0.6.2
stklcode:v0.6.1
stklcode:v0.6.0
stklcode:v0.5.0
stklcode:v0.4.1
stklcode:v0.4.0
stklcode:v0.3.0
stklcode:v0.2.0
stklcode:v0.1.1
stklcode:v0.1

28 Commits
v1.4.0 ... main

Author SHA1 Message Date
Stefan Kalscheuer
80abbda46f
docs: update version and features in README
All checks were successful
CI / build (11) (push) Successful in 39s
Details
CI / build (17) (push) Successful in 39s
Details
CI / build (true, 21) (push) Successful in 34s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 55s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 1m2s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 1m0s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 59s
Details
2025-04-24 18:36:36 +02:00
Stefan Kalscheuer
a8e85b88d1
test: use WireMockTest annotation 2025-04-24 18:30:32 +02:00
Stefan Kalscheuer
91baed4fe5
test: update wiremock to 3.13.0 2025-04-24 18:30:04 +02:00
Stefan Kalscheuer
2ea261d36a
prepare for next development iteration
All checks were successful
CI / build (11) (push) Successful in 36s
Details
CI / build (17) (push) Successful in 36s
Details
CI / build (true, 21) (push) Successful in 28s
Details
2025-04-13 12:25:18 +02:00
Stefan Kalscheuer
43da0f5109
prepare release v1.5.0
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 59s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 49s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
Details
2025-04-13 11:25:49 +02:00
Stefan Kalscheuer
cc5ca13aeb
refactor: use builder to instantiate ObjectMapper (#95)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 58s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 54s
Details 
Instead of applying configuration to a new ObjectMapper instance we use
the JsonMapper builder pattern to create our mapper.

The resulting mappers are not yet fully immutable, but the old way will
be removed in Jackson 3.0.
 2025-04-13 10:49:42 +02:00
Stefan Kalscheuer
71842eb758
deps: update test dependencies
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 58s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 51s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 1m1s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 58s
Details
2025-04-13 10:31:58 +02:00
Stefan Kalscheuer
e9aeda9a55
style: trim multiline indentation to 4 spaces
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 51s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 49s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 51s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 57s
Details
2025-04-11 17:20:24 +02:00
Stefan Kalscheuer
d51af06e29
build: update jacoco-maven-plugin to 0.8.13
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 49s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 49s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 45s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 51s
Details
2025-04-03 11:04:23 +02:00
Stefan Kalscheuer
7b2b137d53
build: update surefire and failsafe plugin to 3.5.3 2025-04-03 11:03:50 +02:00
Stefan Kalscheuer
ee2543e3ad
reuse builder methods when initializing from environment
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 51s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 54s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 51s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 46s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 48s
Details 
We can just pass the environment variable to other pre-existing methods
instead of parsing the URL twice. This also fixes URLs without explicit
ports where we should not store "-1" in this case.
 2025-03-29 11:50:29 +01:00
Stefan Kalscheuer
dad35023eb
replace deprecated java.net.URL usage with java.net.URI (#94) 
Deprecated in Java 20. Migrate URL parsing to backward compatible URI.
 2025-03-28 18:30:37 +01:00
Stefan Kalscheuer
0127cf30be
feat: introduce methods for transit API interaction (#89)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 50s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 56s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 54s
Details 
Support hashing and de-/encryption using Vault's transit API.
 2025-03-02 18:24:16 +01:00
Stefan Kalscheuer
90f8bb7f20
build: update sonar-maven-plugin to 5.1.0.4751
All checks were successful
CI / build-with-it (17, 1.2.0) (push) Successful in 51s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 46s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 58s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 46s
Details
2025-03-28 18:03:27 +01:00
Stefan Kalscheuer
ff6d2140cf
feat: support PEM certificate string from VAULT_CACERT env var (#93)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 53s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 1m0s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 48s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 54s
Details 
Vault CLI and the connector up to 1.4 support providing a path to a CA
certificate file. Introduce support for providing PEM encoded content
directly which might be convenient in container environments to provide
a certificate e.g. from secrets without mounting it to some path.
 2025-03-23 12:10:15 +01:00
Stefan Kalscheuer
076cd8b607
replace trim/isEmpty with isBlank
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 53s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 1m1s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 53s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 48s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 49s
Details
2025-03-22 18:39:39 +01:00
Stefan Kalscheuer
2e0d092cae
deps: update test dependencies 2025-03-22 18:36:41 +01:00
Stefan Kalscheuer
d329af2c67
deprecate default methods to read specific database credentials (#92)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 1m3s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 1m4s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 1m2s
Details 
The interface has some methods to read database credentials from
specific mountpoints like "mysql". While ann database mounts share
the same credential endpoints, the mount point itself can have any
name. Let's clean up some methods of low benefit and deprecate the
convenience methods.

Trivial replacement is `getDbCredentials()` with explicit mount point,
if it's actually mounted on that path.
 2025-03-09 11:43:15 +01:00
Stefan Kalscheuer
f50f5c5de7
test: run IT against Vault 1.19.0 (#91)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 59s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (17, 1.19.0) (push) Successful in 1m2s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 50s
Details
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 57s
Details
CI / build-with-it (11, 1.19.0) (push) Successful in 1m4s
Details
2025-03-07 20:30:48 +01:00
Stefan Kalscheuer
c8a6015f3f
deps: update jackson to 2.18.3 (#90)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 55s
Details
CI / build-with-it (11, 1.18.2) (push) Successful in 1m0s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (17, 1.18.2) (push) Successful in 1m0s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 42s
Details
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 49s
Details
2025-03-02 18:40:01 +01:00
Stefan Kalscheuer
835372eb3b
test: swap expected and actual arguments in some assertions
All checks were successful
CI / build (11) (push) Successful in 38s
Details
CI / build (17) (push) Successful in 37s
Details
CI / build (true, 21) (push) Successful in 29s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (11, 1.18.2) (push) Successful in 59s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
Details
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 54s
Details
CI / build-with-it (17, 1.18.2) (push) Successful in 51s
Details
2025-03-02 18:28:20 +01:00
Stefan Kalscheuer
11ece9974f
build: update Maven plugins
All checks were successful
CI / build-with-it (21, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 59s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 58s
Details
CI / build-with-it (11, 1.18.2) (push) Successful in 1m5s
Details
CI / build-with-it (17, 1.18.2) (push) Successful in 1m1s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
Details
CI / build (11) (push) Successful in 40s
Details
CI / build (17) (push) Successful in 41s
Details
CI / build (true, 21) (push) Successful in 31s
Details
2025-02-23 14:00:08 +01:00
Stefan Kalscheuer
0d0fbb5461
deps: update test dependencies 2025-02-23 13:57:57 +01:00
Stefan Kalscheuer
6c9a1fc10e
build: update dependency-check-maven to v12.1.0
All checks were successful
CI / build-with-it (21, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 59s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (11, 1.18.2) (push) Successful in 1m3s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (17, 1.18.2) (push) Successful in 50s
Details
2025-02-23 13:56:01 +01:00
Stefan Kalscheuer
7e05f4937d
build: update dependency-check-maven to v12.0.2 2025-01-31 18:04:47 +01:00
Stefan Kalscheuer
fd9045d7cd
build: add maven-enforcer-plugin
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 1m5s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 1m1s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 59s
Details
CI / build-with-it (17, 1.18.2) (push) Successful in 57s
Details
CI / build-with-it (11, 1.18.2) (push) Successful in 56s
Details
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 1m3s
Details
2025-01-07 17:44:39 +01:00
Stefan Kalscheuer
e938f81954
deps: update test dependencies and maven plugins 
* equalsverifier 3.18
* junit-jupiter 5.11.4
* mockito-core 5.15.2

* maven-javadoc-plugin 3.11.2
 2025-01-07 17:44:20 +01:00
Stefan Kalscheuer
e5dd207c8c
update license headers to 2025 2025-01-07 17:35:54 +01:00
87 changed files with 1032 additions and 468 deletions
Show Stats Expand all files Collapse all files

4
.github/workflows/ci-it.yml vendored
View File

@ -15,10 +15,10 @@ jobs:
strategy: strategy:
matrix: matrix:
jdk: [ 11, 17, 21 ] jdk: [ 11, 17, 21 ]
vault: [ '1.2.0', '1.18.2' ] vault: [ '1.2.0', '1.19.0' ]
include: include:
- jdk: 21 - jdk: 21
vault: '1.18.2' vault: '1.19.0'
analysis: true analysis: true
steps: steps:
- name: Checkout - name: Checkout

22
CHANGELOG.md
View File

@ -1,3 +1,25 @@
## 1.5.0 (2025-04-13)
### Deprecations
* `read...Credentials()` methods for specific database mounts (#92)
### Features
* Support Vault transit API (#89)
* Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
### Improvements
* Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
### Fix
* Fix initialization from environment without explicit port
### Dependencies
* Updated Jackson to 2.18.3 (#90)
### Test
* Tested against Vault 1.2 to 1.19
## 1.4.0 (2024-12-07) ## 1.4.0 (2024-12-07)
### Removal ### Removal

7
README.md
View File

@ -28,10 +28,11 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
* Delete secrets * Delete secrets
* Renew/revoke leases * Renew/revoke leases
* Raw secret content or JSON decoding * Raw secret content or JSON decoding
* SQL secret handling
* KV v1 and v2 support * KV v1 and v2 support
* Database secret handling
* Transit API support
* Connector Factory with builder pattern * Connector Factory with builder pattern
* Tested against Vault 1.2 to 1.18 * Tested against Vault 1.2 to 1.19
## Maven Artifact ## Maven Artifact
@ -39,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
<dependency> <dependency>
<groupId>de.stklcode.jvault</groupId> <groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId> <artifactId>jvault-connector</artifactId>
<version>1.4.0</version> <version>1.5.0</version>
</dependency> </dependency>
``` ```

67
pom.xml
View File

@ -4,7 +4,7 @@
<groupId>de.stklcode.jvault</groupId> <groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId> <artifactId>jvault-connector</artifactId>
<version>1.4.0</version> <version>1.5.1-SNAPSHOT</version>
<packaging>jar</packaging> <packaging>jar</packaging>
@ -33,6 +33,7 @@
<connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection> <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
<developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection> <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
<url>https://github.com/stklcode/jvaultconnector</url> <url>https://github.com/stklcode/jvaultconnector</url>
<tag>HEAD</tag>
</scm> </scm>
<issueManagement> <issueManagement>
@ -49,24 +50,24 @@
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId> <artifactId>jackson-databind</artifactId>
<version>2.18.2</version> <version>2.18.3</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.datatype</groupId> <groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId> <artifactId>jackson-datatype-jsr310</artifactId>
<version>2.18.2</version> <version>2.18.3</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.junit.jupiter</groupId> <groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId> <artifactId>junit-jupiter</artifactId>
<version>5.11.3</version> <version>5.12.1</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.mockito</groupId> <groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId> <artifactId>mockito-core</artifactId>
<version>5.14.2</version> <version>5.17.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
@ -78,25 +79,25 @@
<dependency> <dependency>
<groupId>org.wiremock</groupId> <groupId>org.wiremock</groupId>
<artifactId>wiremock</artifactId> <artifactId>wiremock</artifactId>
<version>3.10.0</version> <version>3.13.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>commons-io</groupId>
<artifactId>commons-io</artifactId> <artifactId>commons-io</artifactId>
<version>2.18.0</version> <version>2.19.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>nl.jqno.equalsverifier</groupId> <groupId>nl.jqno.equalsverifier</groupId>
<artifactId>equalsverifier</artifactId> <artifactId>equalsverifier</artifactId>
<version>3.17.5</version> <version>3.19.3</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.awaitility</groupId> <groupId>org.awaitility</groupId>
<artifactId>awaitility</artifactId> <artifactId>awaitility</artifactId>
<version>4.2.2</version> <version>4.3.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
</dependencies> </dependencies>
@ -107,7 +108,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId> <artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version> <version>3.14.0</version>
<configuration> <configuration>
<release>11</release> <release>11</release>
</configuration> </configuration>
@ -115,17 +116,17 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId> <artifactId>maven-clean-plugin</artifactId>
<version>3.4.0</version> <version>3.4.1</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId> <artifactId>maven-deploy-plugin</artifactId>
<version>3.1.3</version> <version>3.1.4</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId> <artifactId>maven-failsafe-plugin</artifactId>
<version>3.5.2</version> <version>3.5.3</version>
<configuration> <configuration>
<argLine> <argLine>
@{argLine} @{argLine}
@ -136,7 +137,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId> <artifactId>maven-install-plugin</artifactId>
<version>3.1.3</version> <version>3.1.4</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
@ -156,7 +157,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId> <artifactId>maven-surefire-plugin</artifactId>
<version>3.5.2</version> <version>3.5.3</version>
<configuration> <configuration>
<argLine> <argLine>
@{argLine} @{argLine}
@ -179,15 +180,41 @@
<plugin> <plugin>
<groupId>org.jacoco</groupId> <groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId> <artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.12</version> <version>0.8.13</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.sonarsource.scanner.maven</groupId> <groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId> <artifactId>sonar-maven-plugin</artifactId>
<version>5.0.0.4389</version> <version>5.1.0.4751</version>
</plugin> </plugin>
</plugins> </plugins>
</pluginManagement> </pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
<executions>
<execution>
<id>enforce-versions</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireMavenVersion>
<version>[3.6.3,)</version>
</requireMavenVersion>
<requireJavaVersion>
<version>[11,)</version>
</requireJavaVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build> </build>
<profiles> <profiles>
@ -224,7 +251,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId> <artifactId>maven-javadoc-plugin</artifactId>
<version>3.11.1</version> <version>3.11.2</version>
<configuration> <configuration>
<source>11</source> <source>11</source>
</configuration> </configuration>
@ -342,7 +369,7 @@
<plugin> <plugin>
<groupId>org.owasp</groupId> <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId> <artifactId>dependency-check-maven</artifactId>
<version>11.1.1</version> <version>12.1.1</version>
<configuration> <configuration>
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey> <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
<nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl> <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
@ -366,7 +393,7 @@
<plugin> <plugin>
<groupId>org.sonatype.central</groupId> <groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId> <artifactId>central-publishing-maven-plugin</artifactId>
<version>0.6.0</version> <version>0.7.0</version>
<extensions>true</extensions> <extensions>true</extensions>
<configuration> <configuration>
<publishingServerId>central</publishingServerId> <publishingServerId>central</publishingServerId>

212
src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -68,6 +68,11 @@ public class HTTPVaultConnector implements VaultConnector {
private static final String PATH_UNDELETE = "/undelete/"; private static final String PATH_UNDELETE = "/undelete/";
private static final String PATH_DESTROY = "/destroy/"; private static final String PATH_DESTROY = "/destroy/";
private static final String PATH_TRANSIT = "transit";
private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
private final RequestHelper request; private final RequestHelper request;
private boolean authorized = false; // Authorization status. private boolean authorized = false; // Authorization status.
@ -81,14 +86,14 @@ public class HTTPVaultConnector implements VaultConnector {
*/ */
HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) { HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
this.request = new RequestHelper( this.request = new RequestHelper(
((builder.isWithTLS()) ? "https" : "http") + "://" + ((builder.isWithTLS()) ? "https" : "http") + "://" +
builder.getHost() + builder.getHost() +
((builder.getPort() != null) ? ":" + builder.getPort() : "") + ((builder.getPort() != null) ? ":" + builder.getPort() : "") +
builder.getPrefix(), builder.getPrefix(),
builder.getNumberOfRetries(), builder.getNumberOfRetries(),
builder.getTimeout(), builder.getTimeout(),
builder.getTlsVersion(), builder.getTlsVersion(),
builder.getTrustedCA() builder.getTrustedCA()
); );
} }
@ -145,8 +150,8 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException { public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
Map<String, String> param = mapOfStrings( Map<String, String> param = mapOfStrings(
"key", key, "key", key,
"reset", reset "reset", reset
); );
return request.put(PATH_UNSEAL, param, token, SealResponse.class); return request.put(PATH_UNSEAL, param, token, SealResponse.class);
@ -156,15 +161,15 @@ public class HTTPVaultConnector implements VaultConnector {
public HealthResponse getHealth() throws VaultConnectorException { public HealthResponse getHealth() throws VaultConnectorException {
return request.get( return request.get(
PATH_HEALTH, PATH_HEALTH,
// Force status code to be 200, so we don't need to modify the request sequence. // Force status code to be 200, so we don't need to modify the request sequence.
Map.of( Map.of(
"standbycode", "200", // Default: 429. "standbycode", "200", // Default: 429.
"sealedcode", "200", // Default: 503. "sealedcode", "200", // Default: 503.
"uninitcode", "200" // Default: 501. "uninitcode", "200" // Default: 501.
), ),
token, token,
HealthResponse.class HealthResponse.class
); );
} }
@ -194,7 +199,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final AuthResponse authUserPass(final String username, final String password) public final AuthResponse authUserPass(final String username, final String password)
throws VaultConnectorException { throws VaultConnectorException {
final Map<String, String> payload = singletonMap("password", password); final Map<String, String> payload = singletonMap("password", password);
return queryAuth(PATH_AUTH_USERPASS + username, payload); return queryAuth(PATH_AUTH_USERPASS + username, payload);
} }
@ -202,8 +207,8 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException { public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
final Map<String, String> payload = mapOfStrings( final Map<String, String> payload = mapOfStrings(
"role_id", roleID, "role_id", roleID,
"secret_id", secretID "secret_id", secretID
); );
return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload); return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
} }
@ -217,7 +222,7 @@ public class HTTPVaultConnector implements VaultConnector {
* @throws VaultConnectorException on errors * @throws VaultConnectorException on errors
*/ */
private AuthResponse queryAuth(final String path, final Map<String, String> payload) private AuthResponse queryAuth(final String path, final Map<String, String> payload)
throws VaultConnectorException { throws VaultConnectorException {
/* Issue request and parse response */ /* Issue request and parse response */
AuthResponse auth = request.post(path, payload, token, AuthResponse.class); AuthResponse auth = request.post(path, payload, token, AuthResponse.class);
/* verify response */ /* verify response */
@ -244,10 +249,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
/* Request HTTP response and parse Secret */ /* Request HTTP response and parse Secret */
return request.get( return request.get(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""), String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
emptyMap(), emptyMap(),
token, token,
AppRoleResponse.class AppRoleResponse.class
); );
} }
@ -266,10 +271,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
/* Issue request, parse response and extract Role ID */ /* Issue request, parse response and extract Role ID */
return request.get( return request.get(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
emptyMap(), emptyMap(),
token, token,
RawDataResponse.class RawDataResponse.class
).getData().get("role_id").toString(); ).getData().get("role_id").toString();
} }
@ -279,9 +284,9 @@ public class HTTPVaultConnector implements VaultConnector {
/* Issue request and expect code 204 with empty response */ /* Issue request and expect code 204 with empty response */
request.postWithoutResponse( request.postWithoutResponse(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
singletonMap("role_id", roleID), singletonMap("role_id", roleID),
token token
); );
return true; return true;
@ -289,49 +294,49 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
if (secret.getId() != null && !secret.getId().isEmpty()) { if (secret.getId() != null && !secret.getId().isEmpty()) {
return request.post( return request.post(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
secret, secret,
token, token,
AppRoleSecretResponse.class AppRoleSecretResponse.class
); );
} else { } else {
return request.post( return request.post(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
secret, token, secret, token,
AppRoleSecretResponse.class AppRoleSecretResponse.class
); );
} }
} }
@Override @Override
public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Issue request and parse secret response */ /* Issue request and parse secret response */
return request.post( return request.post(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
new AppRoleSecret(secretID), new AppRoleSecret(secretID),
token, token,
AppRoleSecretResponse.class AppRoleSecretResponse.class
); );
} }
@Override @Override
public final boolean destroyAppRoleSecret(final String roleName, final String secretID) public final boolean destroyAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Issue request and expect code 204 with empty response */ /* Issue request and expect code 204 with empty response */
request.postWithoutResponse( request.postWithoutResponse(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
new AppRoleSecret(secretID), new AppRoleSecret(secretID),
token); token);
return true; return true;
} }
@ -341,10 +346,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
SecretListResponse secrets = request.get( SecretListResponse secrets = request.get(
PATH_AUTH_APPROLE + "/role?list=true", PATH_AUTH_APPROLE + "/role?list=true",
emptyMap(), emptyMap(),
token, token,
SecretListResponse.class SecretListResponse.class
); );
return secrets.getKeys(); return secrets.getKeys();
@ -355,10 +360,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
SecretListResponse secrets = request.get( SecretListResponse secrets = request.get(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
emptyMap(), emptyMap(),
token, token,
SecretListResponse.class SecretListResponse.class
); );
return secrets.getKeys(); return secrets.getKeys();
@ -373,7 +378,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version) public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Request HTTP response and parse secret metadata */ /* Request HTTP response and parse secret metadata */
Map<String, String> args = mapOfStrings("version", version); Map<String, String> args = mapOfStrings("version", version);
@ -383,7 +388,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final MetadataResponse readSecretMetadata(final String mount, final String key) public final MetadataResponse readSecretMetadata(final String mount, final String key)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Request HTTP response and parse secret metadata */ /* Request HTTP response and parse secret metadata */
@ -398,8 +403,8 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
Map<String, Object> payload = mapOf( Map<String, Object> payload = mapOf(
"max_versions", maxVersions, "max_versions", maxVersions,
"cas_required", casRequired "cas_required", casRequired
); );
write(mount + PATH_METADATA + key, payload); write(mount + PATH_METADATA + key, payload);
@ -421,13 +426,13 @@ public class HTTPVaultConnector implements VaultConnector {
/* Issue request and parse metadata response */ /* Issue request and parse metadata response */
return request.post( return request.post(
mount + PATH_DATA + key, mount + PATH_DATA + key,
Map.of( Map.of(
"data", data, "data", data,
"options", options "options", options
), ),
token, token,
SecretVersionResponse.class SecretVersionResponse.class
); );
} }
@ -442,7 +447,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options) public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
if (key == null || key.isEmpty()) { if (key == null || key.isEmpty()) {
@ -455,8 +460,8 @@ public class HTTPVaultConnector implements VaultConnector {
// If options are given, split payload in two parts. // If options are given, split payload in two parts.
if (options != null) { if (options != null) {
payload = Map.of( payload = Map.of(
"data", data, "data", data,
"options", options "options", options
); );
} }
@ -484,19 +489,19 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final void deleteSecretVersions(final String mount, final String key, final int... versions) public final void deleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException { throws VaultConnectorException {
handleSecretVersions(mount, PATH_DELETE, key, versions); handleSecretVersions(mount, PATH_DELETE, key, versions);
} }
@Override @Override
public final void undeleteSecretVersions(final String mount, final String key, final int... versions) public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException { throws VaultConnectorException {
handleSecretVersions(mount, PATH_UNDELETE, key, versions); handleSecretVersions(mount, PATH_UNDELETE, key, versions);
} }
@Override @Override
public final void destroySecretVersions(final String mount, final String key, final int... versions) public final void destroySecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException { throws VaultConnectorException {
handleSecretVersions(mount, PATH_DESTROY, key, versions); handleSecretVersions(mount, PATH_DESTROY, key, versions);
} }
@ -536,8 +541,8 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
Map<String, String> payload = mapOfStrings( Map<String, String> payload = mapOfStrings(
"lease_id", leaseID, "lease_id", leaseID,
"increment", increment "increment", increment
); );
/* Issue request and parse secret response */ /* Issue request and parse secret response */
@ -594,10 +599,10 @@ public class HTTPVaultConnector implements VaultConnector {
/* Request HTTP response and parse Secret */ /* Request HTTP response and parse Secret */
return request.get( return request.get(
PATH_AUTH_TOKEN + PATH_LOOKUP, PATH_AUTH_TOKEN + PATH_LOOKUP,
singletonMap("token", token), singletonMap("token", token),
token, token,
TokenResponse.class TokenResponse.class
); );
} }
@ -646,6 +651,47 @@ public class HTTPVaultConnector implements VaultConnector {
return true; return true;
} }
@Override
public final TransitResponse transitEncrypt(final String keyName, final String plaintext)
throws VaultConnectorException {
requireAuth();
Map<String, Object> payload = mapOf(
"plaintext", plaintext
);
return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
}
@Override
public final TransitResponse transitDecrypt(final String keyName, final String ciphertext)
throws VaultConnectorException {
requireAuth();
Map<String, Object> payload = mapOf(
"ciphertext", ciphertext
);
return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
}
@Override
public final TransitResponse transitHash(final String algorithm, final String input, final String format)
throws VaultConnectorException {
if (format != null && !"hex".equals(format) && !"base64".equals(format)) {
throw new IllegalArgumentException("Unsupported format " + format);
}
requireAuth();
Map<String, Object> payload = mapOf(
"input", input,
"format", format
);
return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
}
/** /**
* Check for required authorization. * Check for required authorization.
* *

60
src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -20,18 +20,17 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.TlsException; import de.stklcode.jvault.connector.exception.TlsException;
import de.stklcode.jvault.connector.exception.VaultConnectorException; import de.stklcode.jvault.connector.exception.VaultConnectorException;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.net.URL; import java.nio.charset.StandardCharsets;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Objects;
/** /**
* Vault Connector Builder implementation for HTTP Vault connectors. * Vault Connector Builder implementation for HTTP Vault connectors.
@ -96,10 +95,14 @@ public final class HTTPVaultConnectorBuilder {
* @since 1.0 * @since 1.0
*/ */
public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) { public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), "")))) String path = baseURL.getPath();
.withHost(baseURL.getHost()) if (path == null || path.isBlank()) {
.withPort(baseURL.getPort()) path = DEFAULT_PREFIX;
.withPrefix(baseURL.getPath()); }
return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
.withHost(baseURL.getHost())
.withPort(baseURL.getPort())
.withPrefix(path);
} }
/** /**
@ -301,13 +304,10 @@ public final class HTTPVaultConnectorBuilder {
*/ */
public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException { public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
/* Parse URL from environment variable */ /* Parse URL from environment variable */
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) { if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
try { try {
var url = new URL(System.getenv(ENV_VAULT_ADDR)); withBaseURL(System.getenv(ENV_VAULT_ADDR));
this.host = url.getHost(); } catch (URISyntaxException e) {
this.port = url.getPort();
this.tls = url.getProtocol().equals("https");
} catch (MalformedURLException e) {
throw new ConnectionException("URL provided in environment variable malformed", e); throw new ConnectionException("URL provided in environment variable malformed", e);
} }
} }
@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
/* Read number of retries */ /* Read number of retries */
if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) { if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
try { try {
numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)); withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
} catch (NumberFormatException ignored) { } catch (NumberFormatException ignored) {
/* Ignore malformed values. */ /* Ignore malformed values. */
} }
@ -325,8 +325,12 @@ public final class HTTPVaultConnectorBuilder {
token = System.getenv(ENV_VAULT_TOKEN); token = System.getenv(ENV_VAULT_TOKEN);
/* Parse certificate, if set */ /* Parse certificate, if set */
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) { if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT))); X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
if (cert == null) {
cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
}
return withTrustedCA(cert);
} }
return this; return this;
} }
@ -398,6 +402,28 @@ public final class HTTPVaultConnectorBuilder {
return con; return con;
} }
/**
* Read given certificate file to X.509 certificate.
*
* @param cert Certificate string (optionally PEM)
* @return X.509 Certificate object if parseable, else {@code null}
* @throws TlsException on error
* @since 1.5.0
*/
private X509Certificate certificateFromString(final String cert) throws TlsException {
// Check if PEM header is present in given string
if (cert.contains("-BEGIN ") && cert.contains("-END")) {
try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
} catch (IOException | CertificateException e) {
throw new TlsException("Unable to read certificate.", e);
}
}
// Not am PEM string, skip
return null;
}
/** /**
* Read given certificate file to X.509 certificate. * Read given certificate file to X.509 certificate.
* *

117
src/main/java/de/stklcode/jvault/connector/VaultConnector.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -21,10 +21,7 @@ import de.stklcode.jvault.connector.model.*;
import de.stklcode.jvault.connector.model.response.*; import de.stklcode.jvault.connector.model.response.*;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.*;
import java.util.Collections;
import java.util.List;
import java.util.Map;
/** /**
* Vault Connector interface. * Vault Connector interface.
@ -194,7 +191,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID) default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
throws VaultConnectorException { throws VaultConnectorException {
return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build()); return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
} }
@ -260,7 +257,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID) default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException { throws VaultConnectorException {
return createAppRoleSecret(roleName, new AppRoleSecret(secretID)); return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
} }
@ -274,7 +271,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Lookup an AppRole secret. * Lookup an AppRole secret.
@ -286,7 +283,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Destroy an AppRole secret. * Destroy an AppRole secret.
@ -401,7 +398,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
SecretResponse readSecretVersion(final String mount, final String key, final Integer version) SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Retrieve secret metadata from Vault. * Retrieve secret metadata from Vault.
@ -479,7 +476,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 {@code options} parameter added * @since 0.8 {@code options} parameter added
*/ */
void write(final String key, final Map<String, Object> data, final Map<String, Object> options) void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Delete key from Vault. * Delete key from Vault.
@ -527,7 +524,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
void deleteSecretVersions(final String mount, final String key, final int... versions) void deleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Undelete (restore) secret versions from Vault. * Undelete (restore) secret versions from Vault.
@ -540,7 +537,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
void undeleteSecretVersions(final String mount, final String key, final int... versions) void undeleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Destroy secret versions from Vault. * Destroy secret versions from Vault.
@ -553,7 +550,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
void destroySecretVersions(final String mount, final String key, final int... versions) void destroySecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Revoke given lease immediately. * Revoke given lease immediately.
@ -674,6 +671,82 @@ public interface VaultConnector extends AutoCloseable, Serializable {
*/ */
boolean deleteTokenRole(final String name) throws VaultConnectorException; boolean deleteTokenRole(final String name) throws VaultConnectorException;
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Text to encrypt (Base64 encoded)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Binary data to encrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
throws VaultConnectorException {
return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
}
/**
* Decrypt ciphertext via transit engine from Vault.
*
* @param keyName Transit key name
* @param ciphertext Text to decrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
/**
* Hash data in hex format via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
return transitHash(algorithm, input, "hex");
}
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash (Base64 encoded)
* @param format Specifies the output encoding (hex/base64)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitHash(final String algorithm, final String input, final String format)
throws VaultConnectorException;
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
throws VaultConnectorException {
return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
}
/** /**
* Read credentials for MySQL backend at default mount point. * Read credentials for MySQL backend at default mount point.
* *
@ -681,7 +754,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "mysql"); return readDbCredentials(role, "mysql");
} }
@ -693,7 +768,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "postgresql"); return readDbCredentials(role, "postgresql");
} }
@ -705,34 +782,38 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "mssql"); return readDbCredentials(role, "mssql");
} }
/** /**
* Read credentials for MSSQL backend at default mount point. * Read credentials for MongoDB backend at default mount point.
* *
* @param role the role name * @param role the role name
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "mongodb"); return readDbCredentials(role, "mongodb");
} }
/** /**
* Read credentials for SQL backends. * Read credentials for database backends.
* *
* @param role the role name * @param role the role name
* @param mount mount point of the SQL backend * @param mount mount point of the database backend
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
*/ */
default CredentialsResponse readDbCredentials(final String role, final String mount) default CredentialsResponse readDbCredentials(final String role, final String mount)
throws VaultConnectorException { throws VaultConnectorException {
return (CredentialsResponse) read(mount + "/creds/" + role); return (CredentialsResponse) read(mount + "/creds/" + role);
} }
} }

2
src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/exception/package-info.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/internal/Error.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

37
src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
View File

@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import de.stklcode.jvault.connector.exception.*; import de.stklcode.jvault.connector.exception.*;
import de.stklcode.jvault.connector.model.response.ErrorResponse; import de.stklcode.jvault.connector.model.response.ErrorResponse;
@ -44,7 +44,7 @@ public final class RequestHelper implements Serializable {
private final int retries; // Number of retries on 5xx errors. private final int retries; // Number of retries on 5xx errors.
private final String tlsVersion; // TLS version (#22). private final String tlsVersion; // TLS version (#22).
private final X509Certificate trustedCaCert; // Trusted CA certificate. private final X509Certificate trustedCaCert; // Trusted CA certificate.
private final ObjectMapper jsonMapper; private final JsonMapper jsonMapper;
/** /**
* Constructor of the request helper. * Constructor of the request helper.
@ -65,10 +65,11 @@ public final class RequestHelper implements Serializable {
this.timeout = timeout; this.timeout = timeout;
this.tlsVersion = tlsVersion; this.tlsVersion = tlsVersion;
this.trustedCaCert = trustedCaCert; this.trustedCaCert = trustedCaCert;
this.jsonMapper = new ObjectMapper() this.jsonMapper = JsonMapper.builder()
.registerModule(new JavaTimeModule()) .addModule(new JavaTimeModule())
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE); .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
.build();
} }
/** /**
@ -115,7 +116,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public <T> T post(final String path, final Object payload, final String token, final Class<T> target) public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
throws VaultConnectorException { throws VaultConnectorException {
try { try {
String response = post(path, payload, token); String response = post(path, payload, token);
return jsonMapper.readValue(response, target); return jsonMapper.readValue(response, target);
@ -134,7 +135,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public void postWithoutResponse(final String path, final Object payload, final String token) public void postWithoutResponse(final String path, final Object payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
if (!post(path, payload, token).isEmpty()) { if (!post(path, payload, token).isEmpty()) {
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE); throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
} }
@ -151,7 +152,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 Added {@code token} parameter. * @since 0.8 Added {@code token} parameter.
*/ */
public String put(final String path, final Map<String, String> payload, final String token) public String put(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
// Initialize PUT. // Initialize PUT.
var req = HttpRequest.newBuilder(URI.create(baseURL + path)); var req = HttpRequest.newBuilder(URI.create(baseURL + path));
@ -185,7 +186,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target) public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
throws VaultConnectorException { throws VaultConnectorException {
try { try {
String response = put(path, payload, token); String response = put(path, payload, token);
return jsonMapper.readValue(response, target); return jsonMapper.readValue(response, target);
@ -204,7 +205,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public void putWithoutResponse(final String path, final Map<String, String> payload, final String token) public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
if (!put(path, payload, token).isEmpty()) { if (!put(path, payload, token).isEmpty()) {
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE); throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
} }
@ -256,15 +257,15 @@ public final class RequestHelper implements Serializable {
* @since 0.8 Added {@code token} parameter. * @since 0.8 Added {@code token} parameter.
*/ */
public String get(final String path, final Map<String, String> payload, final String token) public String get(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
// Add parameters to URI. // Add parameters to URI.
var uriBuilder = new StringBuilder(baseURL + path); var uriBuilder = new StringBuilder(baseURL + path);
if (!payload.isEmpty()) { if (!payload.isEmpty()) {
uriBuilder.append("?").append( uriBuilder.append("?").append(
payload.entrySet().stream().map(par -> payload.entrySet().stream().map(par ->
URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8) URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
).collect(Collectors.joining("&")) ).collect(Collectors.joining("&"))
); );
} }
@ -297,7 +298,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target) public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
throws VaultConnectorException { throws VaultConnectorException {
try { try {
String response = get(path, payload, token); String response = get(path, payload, token);
return jsonMapper.readValue(response, target); return jsonMapper.readValue(response, target);
@ -333,8 +334,8 @@ public final class RequestHelper implements Serializable {
// Execute request. // Execute request.
try { try {
HttpResponse<InputStream> response = client.sendAsync( HttpResponse<InputStream> response = client.sendAsync(
requestBuilder.build(), requestBuilder.build(),
HttpResponse.BodyHandlers.ofInputStream() HttpResponse.BodyHandlers.ofInputStream()
).join(); ).join();
/* Check if response is valid */ /* Check if response is valid */

36
src/main/java/de/stklcode/jvault/connector/model/AppRole.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -331,28 +331,28 @@ public final class AppRole implements Serializable {
} }
AppRole appRole = (AppRole) o; AppRole appRole = (AppRole) o;
return Objects.equals(name, appRole.name) && return Objects.equals(name, appRole.name) &&
Objects.equals(id, appRole.id) && Objects.equals(id, appRole.id) &&
Objects.equals(bindSecretId, appRole.bindSecretId) && Objects.equals(bindSecretId, appRole.bindSecretId) &&
Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) && Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
Objects.equals(secretIdNumUses, appRole.secretIdNumUses) && Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
Objects.equals(secretIdTtl, appRole.secretIdTtl) && Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
Objects.equals(localSecretIds, appRole.localSecretIds) && Objects.equals(localSecretIds, appRole.localSecretIds) &&
Objects.equals(tokenTtl, appRole.tokenTtl) && Objects.equals(tokenTtl, appRole.tokenTtl) &&
Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) && Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
Objects.equals(tokenPolicies, appRole.tokenPolicies) && Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) && Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) && Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) && Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
Objects.equals(tokenNumUses, appRole.tokenNumUses) && Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
Objects.equals(tokenPeriod, appRole.tokenPeriod) && Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
Objects.equals(tokenType, appRole.tokenType); Objects.equals(tokenType, appRole.tokenType);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl, return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl, localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType); tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
} }

20
src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -181,19 +181,19 @@ public final class AppRoleSecret implements Serializable {
} }
AppRoleSecret that = (AppRoleSecret) o; AppRoleSecret that = (AppRoleSecret) o;
return Objects.equals(id, that.id) && return Objects.equals(id, that.id) &&
Objects.equals(accessor, that.accessor) && Objects.equals(accessor, that.accessor) &&
Objects.equals(metadata, that.metadata) && Objects.equals(metadata, that.metadata) &&
Objects.equals(cidrList, that.cidrList) && Objects.equals(cidrList, that.cidrList) &&
Objects.equals(creationTime, that.creationTime) && Objects.equals(creationTime, that.creationTime) &&
Objects.equals(expirationTime, that.expirationTime) && Objects.equals(expirationTime, that.expirationTime) &&
Objects.equals(lastUpdatedTime, that.lastUpdatedTime) && Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
Objects.equals(numUses, that.numUses) && Objects.equals(numUses, that.numUses) &&
Objects.equals(ttl, that.ttl); Objects.equals(ttl, that.ttl);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses, return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
ttl); ttl);
} }
} }

2
src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

28
src/main/java/de/stklcode/jvault/connector/model/Token.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -227,24 +227,24 @@ public final class Token implements Serializable {
} }
Token token = (Token) o; Token token = (Token) o;
return Objects.equals(id, token.id) && return Objects.equals(id, token.id) &&
Objects.equals(type, token.type) && Objects.equals(type, token.type) &&
Objects.equals(displayName, token.displayName) && Objects.equals(displayName, token.displayName) &&
Objects.equals(noParent, token.noParent) && Objects.equals(noParent, token.noParent) &&
Objects.equals(noDefaultPolicy, token.noDefaultPolicy) && Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
Objects.equals(ttl, token.ttl) && Objects.equals(ttl, token.ttl) &&
Objects.equals(explicitMaxTtl, token.explicitMaxTtl) && Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
Objects.equals(numUses, token.numUses) && Objects.equals(numUses, token.numUses) &&
Objects.equals(policies, token.policies) && Objects.equals(policies, token.policies) &&
Objects.equals(meta, token.meta) && Objects.equals(meta, token.meta) &&
Objects.equals(renewable, token.renewable) && Objects.equals(renewable, token.renewable) &&
Objects.equals(period, token.period) && Objects.equals(period, token.period) &&
Objects.equals(entityAlias, token.entityAlias); Objects.equals(entityAlias, token.entityAlias);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies, return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies,
meta, renewable, period, entityAlias); meta, renewable, period, entityAlias);
} }
/** /**

34
src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -245,27 +245,27 @@ public final class TokenRole implements Serializable {
} }
TokenRole tokenRole = (TokenRole) o; TokenRole tokenRole = (TokenRole) o;
return Objects.equals(name, tokenRole.name) && return Objects.equals(name, tokenRole.name) &&
Objects.equals(allowedPolicies, tokenRole.allowedPolicies) && Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) && Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) && Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) && Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
Objects.equals(orphan, tokenRole.orphan) && Objects.equals(orphan, tokenRole.orphan) &&
Objects.equals(renewable, tokenRole.renewable) && Objects.equals(renewable, tokenRole.renewable) &&
Objects.equals(pathSuffix, tokenRole.pathSuffix) && Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) && Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) && Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) && Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) && Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
Objects.equals(tokenNumUses, tokenRole.tokenNumUses) && Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
Objects.equals(tokenPeriod, tokenRole.tokenPeriod) && Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
Objects.equals(tokenType, tokenRole.tokenType); Objects.equals(tokenType, tokenRole.tokenType);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob, return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl, orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType); tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
} }
/** /**

2
src/main/java/de/stklcode/jvault/connector/model/package-info.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

28
src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -187,19 +187,19 @@ public final class HealthResponse implements VaultResponse {
} }
HealthResponse that = (HealthResponse) o; HealthResponse that = (HealthResponse) o;
return Objects.equals(clusterID, that.clusterID) && return Objects.equals(clusterID, that.clusterID) &&
Objects.equals(clusterName, that.clusterName) && Objects.equals(clusterName, that.clusterName) &&
Objects.equals(version, that.version) && Objects.equals(version, that.version) &&
Objects.equals(serverTimeUTC, that.serverTimeUTC) && Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
Objects.equals(standby, that.standby) && Objects.equals(standby, that.standby) &&
Objects.equals(sealed, that.sealed) && Objects.equals(sealed, that.sealed) &&
Objects.equals(initialized, that.initialized) && Objects.equals(initialized, that.initialized) &&
Objects.equals(replicationPerfMode, that.replicationPerfMode) && Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
Objects.equals(replicationDrMode, that.replicationDrMode) && Objects.equals(replicationDrMode, that.replicationDrMode) &&
Objects.equals(performanceStandby, that.performanceStandby) && Objects.equals(performanceStandby, that.performanceStandby) &&
Objects.equals(echoDurationMs, that.echoDurationMs) && Objects.equals(echoDurationMs, that.echoDurationMs) &&
Objects.equals(clockSkewMs, that.clockSkewMs) && Objects.equals(clockSkewMs, that.clockSkewMs) &&
Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) && Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
Objects.equals(enterprise, that.enterprise); Objects.equals(enterprise, that.enterprise);
} }
@Override @Override

2
src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/MetaSecretResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/PlainSecretResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

30
src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -191,24 +191,24 @@ public final class SealResponse implements VaultResponse {
} }
SealResponse that = (SealResponse) o; SealResponse that = (SealResponse) o;
return sealed == that.sealed && return sealed == that.sealed &&
initialized == that.initialized && initialized == that.initialized &&
Objects.equals(type, that.type) && Objects.equals(type, that.type) &&
Objects.equals(threshold, that.threshold) && Objects.equals(threshold, that.threshold) &&
Objects.equals(numberOfShares, that.numberOfShares) && Objects.equals(numberOfShares, that.numberOfShares) &&
Objects.equals(progress, that.progress) && Objects.equals(progress, that.progress) &&
Objects.equals(version, that.version) && Objects.equals(version, that.version) &&
Objects.equals(buildDate, that.buildDate) && Objects.equals(buildDate, that.buildDate) &&
Objects.equals(nonce, that.nonce) && Objects.equals(nonce, that.nonce) &&
Objects.equals(clusterName, that.clusterName) && Objects.equals(clusterName, that.clusterName) &&
Objects.equals(clusterId, that.clusterId) && Objects.equals(clusterId, that.clusterId) &&
Objects.equals(migration, that.migration) && Objects.equals(migration, that.migration) &&
Objects.equals(recoverySeal, that.recoverySeal) && Objects.equals(recoverySeal, that.recoverySeal) &&
Objects.equals(storageType, that.storageType); Objects.equals(storageType, that.storageType);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce, return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
clusterName, clusterId, migration, recoverySeal, storageType); clusterName, clusterId, migration, recoverySeal, storageType);
} }
} }

2
src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

13
src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,8 +18,8 @@ package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import de.stklcode.jvault.connector.exception.InvalidResponseException; import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata; import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
@ -85,10 +85,11 @@ public abstract class SecretResponse extends VaultDataResponse {
} else if (type.isInstance(rawValue)) { } else if (type.isInstance(rawValue)) {
return type.cast(rawValue); return type.cast(rawValue);
} else { } else {
var om = new ObjectMapper() var om = JsonMapper.builder()
.registerModule(new JavaTimeModule()) .addModule(new JavaTimeModule())
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE); .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
.build();
if (rawValue instanceof String) { if (rawValue instanceof String) {
return om.readValue((String) rawValue, type); return om.readValue((String) rawValue, type);

2
src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

92
src/main/java/de/stklcode/jvault/connector/model/response/TransitResponse.java Normal file
View File

@ -0,0 +1,92 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonSetter;
import java.util.Map;
import java.util.Objects;
/**
* Response entity for transit operations.
*
* @author Stefan Kalscheuer
* @since 1.5.0
*/
public class TransitResponse extends VaultDataResponse {
private static final long serialVersionUID = 6873804240772242771L;
private String ciphertext;
private String plaintext;
private String sum;
@JsonSetter("data")
private void setData(Map<String, String> data) {
ciphertext = data.get("ciphertext");
plaintext = data.get("plaintext");
sum = data.get("sum");
}
/**
* Get ciphertext.
* Populated after encryption.
*
* @return Ciphertext
*/
public String getCiphertext() {
return ciphertext;
}
/**
* Get plaintext.
* Base64 encoded, populated after decryption.
*
* @return Plaintext
*/
public String getPlaintext() {
return plaintext;
}
/**
* Get hash sum.
* Hex or Base64 string. Populated after hashing.
*
* @return Hash sum
*/
public String getSum() {
return sum;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
} else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
return false;
}
TransitResponse that = (TransitResponse) o;
return Objects.equals(ciphertext, that.ciphertext) &&
Objects.equals(plaintext, that.plaintext) &&
Objects.equals(sum, that.sum);
}
@Override
public int hashCode() {
return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
}
}

17
src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -115,6 +115,7 @@ public abstract class VaultDataResponse implements VaultResponse {
public final String getMountType() { public final String getMountType() {
return mountType; return mountType;
} }
@Override @Override
public boolean equals(Object o) { public boolean equals(Object o) {
if (this == o) { if (this == o) {
@ -124,13 +125,13 @@ public abstract class VaultDataResponse implements VaultResponse {
} }
VaultDataResponse that = (VaultDataResponse) o; VaultDataResponse that = (VaultDataResponse) o;
return renewable == that.renewable && return renewable == that.renewable &&
Objects.equals(requestId, that.requestId) && Objects.equals(requestId, that.requestId) &&
Objects.equals(leaseId, that.leaseId) && Objects.equals(leaseId, that.leaseId) &&
Objects.equals(leaseDuration, that.leaseDuration) && Objects.equals(leaseDuration, that.leaseDuration) &&
Objects.equals(warnings, that.warnings) && Objects.equals(warnings, that.warnings) &&
Objects.equals(wrapInfo, that.wrapInfo) && Objects.equals(wrapInfo, that.wrapInfo) &&
Objects.equals(auth, that.auth) && Objects.equals(auth, that.auth) &&
Objects.equals(mountType, that.mountType); Objects.equals(mountType, that.mountType);
} }
@Override @Override

2
src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

26
src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -171,22 +171,22 @@ public final class AuthData implements Serializable {
} }
AuthData authData = (AuthData) o; AuthData authData = (AuthData) o;
return renewable == authData.renewable && return renewable == authData.renewable &&
orphan == authData.orphan && orphan == authData.orphan &&
Objects.equals(clientToken, authData.clientToken) && Objects.equals(clientToken, authData.clientToken) &&
Objects.equals(accessor, authData.accessor) && Objects.equals(accessor, authData.accessor) &&
Objects.equals(policies, authData.policies) && Objects.equals(policies, authData.policies) &&
Objects.equals(tokenPolicies, authData.tokenPolicies) && Objects.equals(tokenPolicies, authData.tokenPolicies) &&
Objects.equals(metadata, authData.metadata) && Objects.equals(metadata, authData.metadata) &&
Objects.equals(leaseDuration, authData.leaseDuration) && Objects.equals(leaseDuration, authData.leaseDuration) &&
Objects.equals(entityId, authData.entityId) && Objects.equals(entityId, authData.entityId) &&
Objects.equals(tokenType, authData.tokenType) && Objects.equals(tokenType, authData.tokenType) &&
Objects.equals(numUses, authData.numUses) && Objects.equals(numUses, authData.numUses) &&
Objects.equals(mfaRequirement, authData.mfaRequirement); Objects.equals(mfaRequirement, authData.mfaRequirement);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable, return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
entityId, tokenType, orphan, numUses, mfaRequirement); entityId, tokenType, orphan, numUses, mfaRequirement);
} }
} }

28
src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -202,19 +202,19 @@ public final class AuthMethod implements Serializable {
} }
AuthMethod that = (AuthMethod) o; AuthMethod that = (AuthMethod) o;
return local == that.local && return local == that.local &&
type == that.type && type == that.type &&
externalEntropyAccess == that.externalEntropyAccess && externalEntropyAccess == that.externalEntropyAccess &&
sealWrap == that.sealWrap && sealWrap == that.sealWrap &&
Objects.equals(rawType, that.rawType) && Objects.equals(rawType, that.rawType) &&
Objects.equals(accessor, that.accessor) && Objects.equals(accessor, that.accessor) &&
Objects.equals(deprecationStatus, that.deprecationStatus) && Objects.equals(deprecationStatus, that.deprecationStatus) &&
Objects.equals(description, that.description) && Objects.equals(description, that.description) &&
Objects.equals(config, that.config) && Objects.equals(config, that.config) &&
Objects.equals(options, that.options) && Objects.equals(options, that.options) &&
Objects.equals(pluginVersion, that.pluginVersion) && Objects.equals(pluginVersion, that.pluginVersion) &&
Objects.equals(runningPluginVersion, that.runningPluginVersion) && Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
Objects.equals(runningSha256, that.runningSha256) && Objects.equals(runningSha256, that.runningSha256) &&
Objects.equals(uuid, that.uuid); Objects.equals(uuid, that.uuid);
} }
@Override @Override

2
src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaConstraintAny.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaMethodId.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/embedded/MfaRequirement.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

18
src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -138,14 +138,14 @@ public final class SecretMetadata implements Serializable {
} }
SecretMetadata that = (SecretMetadata) o; SecretMetadata that = (SecretMetadata) o;
return Objects.equals(createdTime, that.createdTime) && return Objects.equals(createdTime, that.createdTime) &&
Objects.equals(currentVersion, that.currentVersion) && Objects.equals(currentVersion, that.currentVersion) &&
Objects.equals(maxVersions, that.maxVersions) && Objects.equals(maxVersions, that.maxVersions) &&
Objects.equals(oldestVersion, that.oldestVersion) && Objects.equals(oldestVersion, that.oldestVersion) &&
Objects.equals(updatedTime, that.updatedTime) && Objects.equals(updatedTime, that.updatedTime) &&
Objects.equals(versions, that.versions) && Objects.equals(versions, that.versions) &&
Objects.equals(casRequired, that.casRequired) && Objects.equals(casRequired, that.casRequired) &&
Objects.equals(customMetadata, that.customMetadata) && Objects.equals(customMetadata, that.customMetadata) &&
Objects.equals(deleteVersionAfter, that.deleteVersionAfter); Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
} }
@Override @Override

36
src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -222,27 +222,27 @@ public final class TokenData implements Serializable {
} }
TokenData tokenData = (TokenData) o; TokenData tokenData = (TokenData) o;
return orphan == tokenData.orphan && return orphan == tokenData.orphan &&
renewable == tokenData.renewable && renewable == tokenData.renewable &&
Objects.equals(accessor, tokenData.accessor) && Objects.equals(accessor, tokenData.accessor) &&
Objects.equals(creationTime, tokenData.creationTime) && Objects.equals(creationTime, tokenData.creationTime) &&
Objects.equals(creationTtl, tokenData.creationTtl) && Objects.equals(creationTtl, tokenData.creationTtl) &&
Objects.equals(name, tokenData.name) && Objects.equals(name, tokenData.name) &&
Objects.equals(entityId, tokenData.entityId) && Objects.equals(entityId, tokenData.entityId) &&
Objects.equals(expireTime, tokenData.expireTime) && Objects.equals(expireTime, tokenData.expireTime) &&
Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) && Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
Objects.equals(id, tokenData.id) && Objects.equals(id, tokenData.id) &&
Objects.equals(issueTime, tokenData.issueTime) && Objects.equals(issueTime, tokenData.issueTime) &&
Objects.equals(meta, tokenData.meta) && Objects.equals(meta, tokenData.meta) &&
Objects.equals(numUses, tokenData.numUses) && Objects.equals(numUses, tokenData.numUses) &&
Objects.equals(path, tokenData.path) && Objects.equals(path, tokenData.path) &&
Objects.equals(policies, tokenData.policies) && Objects.equals(policies, tokenData.policies) &&
Objects.equals(ttl, tokenData.ttl) && Objects.equals(ttl, tokenData.ttl) &&
Objects.equals(type, tokenData.type); Objects.equals(type, tokenData.type);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id, return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id,
issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type); issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
} }
} }

10
src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -96,10 +96,10 @@ public final class VersionMetadata implements Serializable {
} }
VersionMetadata that = (VersionMetadata) o; VersionMetadata that = (VersionMetadata) o;
return destroyed == that.destroyed && return destroyed == that.destroyed &&
Objects.equals(createdTime, that.createdTime) && Objects.equals(createdTime, that.createdTime) &&
Objects.equals(deletionTime, that.deletionTime) && Objects.equals(deletionTime, that.deletionTime) &&
Objects.equals(version, that.version) && Objects.equals(version, that.version) &&
Objects.equals(customMetadata, that.customMetadata); Objects.equals(customMetadata, that.customMetadata);
} }
@Override @Override

8
src/main/java/de/stklcode/jvault/connector/model/response/embedded/WrapInfo.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -80,9 +80,9 @@ public class WrapInfo implements Serializable {
} }
WrapInfo that = (WrapInfo) o; WrapInfo that = (WrapInfo) o;
return Objects.equals(token, that.token) && return Objects.equals(token, that.token) &&
Objects.equals(ttl, that.ttl) && Objects.equals(ttl, that.ttl) &&
Objects.equals(creationTime, that.creationTime) && Objects.equals(creationTime, that.creationTime) &&
Objects.equals(creationPath, that.creationPath); Objects.equals(creationPath, that.creationPath);
} }
@Override @Override

2
src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/model/response/package-info.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/de/stklcode/jvault/connector/package-info.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/main/java/module-info.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

89
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -25,7 +25,10 @@ import org.junit.jupiter.api.io.TempDir;
import java.io.File; import java.io.File;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException; import java.nio.file.NoSuchFileException;
import java.nio.file.Paths;
import java.util.concurrent.atomic.AtomicReference;
import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable; import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
@ -38,6 +41,8 @@ import static org.junit.jupiter.api.Assertions.*;
*/ */
class HTTPVaultConnectorBuilderTest { class HTTPVaultConnectorBuilderTest {
private static final String VAULT_ADDR = "https://localhost:8201"; private static final String VAULT_ADDR = "https://localhost:8201";
private static final String VAULT_ADDR_2 = "http://localhost";
private static final String VAULT_ADDR_3 = "https://localhost/vault/";
private static final Integer VAULT_MAX_RETRIES = 13; private static final Integer VAULT_MAX_RETRIES = 13;
private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777"; private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
@ -112,6 +117,22 @@ class HTTPVaultConnectorBuilderTest {
return null; return null;
}); });
withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed"
);
assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
return null;
});
withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed"
);
assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
return null;
});
// Provide address and number of retries. // Provide address and number of retries.
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> { withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
@ -128,19 +149,6 @@ class HTTPVaultConnectorBuilderTest {
return null; return null;
}); });
// Provide CA certificate.
String vaultCacert = tempDir.toString() + "/doesnotexist";
withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
TlsException e = assertThrows(
TlsException.class,
() -> HTTPVaultConnector.builder().fromEnv(),
"Creation with unknown cert path failed"
);
assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
return null;
});
// Automatic authentication. // Automatic authentication.
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> { withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow( HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
@ -164,6 +172,59 @@ class HTTPVaultConnectorBuilderTest {
}); });
} }
/**
* Test CA certificate handling from environment variables
*/
@Test
void testCertificateFromEnv() throws Exception {
// From direct PEM content
String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
AtomicReference<Object> certFromPem = new AtomicReference<>();
withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Builder with PEM certificate from environment failed"
);
HTTPVaultConnector connector = builder.build();
certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
return null;
});
// From file path
String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
AtomicReference<Object> certFromFile = new AtomicReference<>();
withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Builder with certificate path from environment failed"
);
HTTPVaultConnector connector = builder.build();
certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
return null;
});
assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
// Non-existing path CA certificate path
String doesNotExist = tempDir.toString() + "/doesnotexist";
withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
TlsException e = assertThrows(
TlsException.class,
() -> HTTPVaultConnector.builder().fromEnv(),
"Creation with unknown cert path failed"
);
assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
return null;
});
}
private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) { private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
return withEnvironmentVariable("VAULT_ADDR", vaultAddr) return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
.and("VAULT_CACERT", vaultCacert) .and("VAULT_CACERT", vaultCacert)

73
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -52,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
* @since 0.1 * @since 0.1
*/ */
class HTTPVaultConnectorIT { class HTTPVaultConnectorIT {
private static String VAULT_VERSION = "1.18.2"; // The vault version this test is supposed to run against. private static String VAULT_VERSION = "1.19.0"; // The vault version this test is supposed to run against.
private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho"; private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1"; private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB"; private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@ -989,6 +989,75 @@ class HTTPVaultConnectorIT {
} }
} }
@Nested
@DisplayName("Transit Tests")
class TransitTests {
@Test
@DisplayName("Transit encryption")
void transitEncryptTest() {
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="),
"Failed to encrypt via transit"
);
assertNotNull(transitResponse.getCiphertext());
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
transitResponse = assertDoesNotThrow(
() -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)),
"Failed to encrypt binary data via transit"
);
assertNotNull(transitResponse.getCiphertext());
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
}
@Test
@DisplayName("Transit decryption")
void transitDecryptTest() {
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
"Failed to decrypt via transit"
);
assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
}
@Test
@DisplayName("Transit hash")
void transitHashText() {
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="),
"Failed to hash via transit"
);
assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
TransitResponse transitResponseBase64 = assertDoesNotThrow(
() -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"),
"Failed to hash via transit with base64 output"
);
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
transitResponseBase64 = assertDoesNotThrow(
() -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"),
"Failed to hash binary data via transit"
);
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
}
}
@Nested @Nested
@DisplayName("Misc Tests") @DisplayName("Misc Tests")
class MiscTests { class MiscTests {

121
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -17,13 +17,13 @@
package de.stklcode.jvault.connector; package de.stklcode.jvault.connector;
import com.github.tomakehurst.wiremock.client.WireMock; import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.junit5.WireMockExtension; import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
import com.github.tomakehurst.wiremock.junit5.WireMockTest;
import de.stklcode.jvault.connector.exception.ConnectionException; import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.InvalidResponseException; import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.exception.PermissionDeniedException; import de.stklcode.jvault.connector.exception.PermissionDeniedException;
import de.stklcode.jvault.connector.exception.VaultConnectorException; import de.stklcode.jvault.connector.exception.VaultConnectorException;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.api.function.Executable; import org.junit.jupiter.api.function.Executable;
import java.io.IOException; import java.io.IOException;
@ -36,9 +36,7 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Collections; import java.util.Collections;
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse; import static com.github.tomakehurst.wiremock.client.WireMock.*;
import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
/** /**
@ -48,26 +46,23 @@ import static org.junit.jupiter.api.Assertions.*;
* @author Stefan Kalscheuer * @author Stefan Kalscheuer
* @since 0.7.0 * @since 0.7.0
*/ */
@WireMockTest
class HTTPVaultConnectorTest { class HTTPVaultConnectorTest {
@RegisterExtension
static WireMockExtension wireMock = WireMockExtension.newInstance()
.options(wireMockConfig().dynamicPort())
.build();
/** /**
* Test exceptions thrown during request. * Test exceptions thrown during request.
*/ */
@Test @Test
void requestExceptionTest() throws IOException, URISyntaxException { void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build(); HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
// Test invalid response code. // Test invalid response code.
final int responseCode = 400; final int responseCode = 400;
mockHttpResponse(responseCode, "", "application/json"); mockHttpResponse(responseCode, "", "application/json");
VaultConnectorException e = assertThrows( VaultConnectorException e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message"); assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception"); assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception");
@ -76,9 +71,9 @@ class HTTPVaultConnectorTest {
// Simulate permission denied response. // Simulate permission denied response.
mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json"); mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
assertThrows( assertThrows(
PermissionDeniedException.class, PermissionDeniedException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
// Test exception thrown during request. // Test exception thrown during request.
@ -86,22 +81,22 @@ class HTTPVaultConnectorTest {
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build(); connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build();
} }
e = assertThrows( e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause"); assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
// Now simulate a failing request that succeeds on second try. // Now simulate a failing request that succeeds on second try.
connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build(); connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build();
wireMock.stubFor( stubFor(
WireMock.any(anyUrl()) WireMock.any(anyUrl())
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
.willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json")) .willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
); );
assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly"); assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly");
} }
@ -164,9 +159,9 @@ class HTTPVaultConnectorTest {
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build(); connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build();
} }
ConnectionException e = assertThrows( ConnectionException e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::sealStatus, connector::sealStatus,
"Querying seal status succeeded on invalid instance" "Querying seal status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
} }
@ -182,9 +177,9 @@ class HTTPVaultConnectorTest {
connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build(); connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build();
} }
ConnectionException e = assertThrows( ConnectionException e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
} }
@ -193,8 +188,8 @@ class HTTPVaultConnectorTest {
* Test behavior on unparsable responses. * Test behavior on unparsable responses.
*/ */
@Test @Test
void parseExceptionTest() throws URISyntaxException { void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build(); HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
// Mock authorization. // Mock authorization.
setPrivate(connector, "authorized", true); setPrivate(connector, "authorized", true);
// Mock response. // Mock response.
@ -227,8 +222,8 @@ class HTTPVaultConnectorTest {
* Test requests that expect an empty response with code 204, but receive a 200 body. * Test requests that expect an empty response with code 204, but receive a 200 body.
*/ */
@Test @Test
void nonEmpty204ResponseTest() throws URISyntaxException { void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build(); HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
// Mock authorization. // Mock authorization.
setPrivate(connector, "authorized", true); setPrivate(connector, "authorized", true);
// Mock response. // Mock response.
@ -236,45 +231,45 @@ class HTTPVaultConnectorTest {
// Now test the methods expecting a 204. // Now test the methods expecting a 204.
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.createAppRole("appID", Collections.singletonList("policy")), () -> connector.createAppRole("appID", Collections.singletonList("policy")),
"createAppRole() with 200 response succeeded" "createAppRole() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.deleteAppRole("roleName"), () -> connector.deleteAppRole("roleName"),
"deleteAppRole() with 200 response succeeded" "deleteAppRole() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.setAppRoleID("roleName", "roleID"), () -> connector.setAppRoleID("roleName", "roleID"),
"setAppRoleID() with 200 response succeeded" "setAppRoleID() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.destroyAppRoleSecret("roleName", "secretID"), () -> connector.destroyAppRoleSecret("roleName", "secretID"),
"destroyAppRoleSecret() with 200 response succeeded" "destroyAppRoleSecret() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.destroyAppRoleSecret("roleName", "secretUD"), () -> connector.destroyAppRoleSecret("roleName", "secretUD"),
"destroyAppRoleSecret() with 200 response succeeded" "destroyAppRoleSecret() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.delete("key"), () -> connector.delete("key"),
"delete() with 200 response succeeded" "delete() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.revoke("leaseID"), () -> connector.revoke("leaseID"),
"destroyAppRoleSecret() with 200 response succeeded" "destroyAppRoleSecret() with 200 response succeeded"
); );
} }
@ -310,10 +305,10 @@ class HTTPVaultConnectorTest {
} }
private void mockHttpResponse(int status, String body, String contentType) { private void mockHttpResponse(int status, String body, String contentType) {
wireMock.stubFor( stubFor(
WireMock.any(anyUrl()).willReturn( WireMock.any(anyUrl()).willReturn(
aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType) aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
) )
); );
} }
} }

2
src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

10
src/test/java/de/stklcode/jvault/connector/model/AbstractModelTest.java
View File

@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import nl.jqno.equalsverifier.EqualsVerifier; import nl.jqno.equalsverifier.EqualsVerifier;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -29,10 +30,11 @@ public abstract class AbstractModelTest<T> {
*/ */
protected AbstractModelTest(Class<T> modelClass) { protected AbstractModelTest(Class<T> modelClass) {
this.modelClass = modelClass; this.modelClass = modelClass;
this.objectMapper = new ObjectMapper() this.objectMapper = JsonMapper.builder()
.registerModule(new JavaTimeModule()) .addModule(new JavaTimeModule())
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE); .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
.build();
} }
/** /**

2
src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

4
src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
assertNull(role.getTokenType()); assertNull(role.getTokenType());
// Empty builder should be equal to no-arg construction. // Empty builder should be equal to no-arg construction.
assertEquals(role, new TokenRole()); assertEquals(new TokenRole(), role);
// Optional fields should be ignored, so JSON string should be empty. // Optional fields should be ignored, so JSON string should be empty.
assertEquals("{}", objectMapper.writeValueAsString(role)); assertEquals("{}", objectMapper.writeValueAsString(role));

4
src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
assertEquals("{}", objectMapper.writeValueAsString(token)); assertEquals("{}", objectMapper.writeValueAsString(token));
// Empty builder should be equal to no-arg construction. // Empty builder should be equal to no-arg construction.
assertEquals(token, new Token()); assertEquals(new Token(), token);
} }
/** /**

2
src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

137
src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java Normal file
View File

@ -0,0 +1,137 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link TransitResponse} model.
*
* @author Stefan Kalscheuer
* @since 1.5.0
*/
class TransitResponseTest extends AbstractModelTest<TransitResponse> {
private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
TransitResponseTest() {
super(TransitResponse.class);
}
@Override
protected TransitResponse createFull() {
try {
return objectMapper.readValue(
json(
"\"ciphertext\": \"" + CIPHERTEXT + "\", " +
"\"plaintext\": \"" + PLAINTEXT + "\", " +
"\"sum\": \"" + SUM + "\""
),
TransitResponse.class
);
} catch (JsonProcessingException e) {
fail("Creation of full model failed", e);
return null;
}
}
@Test
void encryptionTest() {
TransitResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(
json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
TransitResponse.class
),
"TransitResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
assertEquals("", res.getLeaseId(), "Unexpected lease id");
assertFalse(res.isRenewable(), "Unexpected renewable flag");
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
assertNull(res.getPlaintext(), "Unexpected plaintext");
assertNull(res.getSum(), "Unexpected sum");
assertNull(res.getWrapInfo(), "Unexpected wrap info");
assertNull(res.getWarnings(), "Unexpected warnings");
assertNull(res.getAuth(), "Unexpected auth");
}
@Test
void decryptionTest() {
TransitResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(
json("\"plaintext\": \"" + PLAINTEXT + "\""),
TransitResponse.class
),
"TransitResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
assertEquals("", res.getLeaseId(), "Unexpected lease id");
assertFalse(res.isRenewable(), "Unexpected renewable flag");
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
assertNull(res.getCiphertext(), "Unexpected ciphertext");
assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
assertNull(res.getSum(), "Unexpected sum");
assertNull(res.getWrapInfo(), "Unexpected wrap info");
assertNull(res.getWarnings(), "Unexpected warnings");
assertNull(res.getAuth(), "Unexpected auth");
}
@Test
void hashTest() {
TransitResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(
json("\"sum\": \"" + SUM + "\""),
TransitResponse.class
),
"TransitResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
assertEquals("", res.getLeaseId(), "Unexpected lease id");
assertFalse(res.isRenewable(), "Unexpected renewable flag");
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
assertNull(res.getCiphertext(), "Unexpected ciphertext");
assertNull(res.getPlaintext(), "Unexpected plaintext");
assertEquals(SUM, res.getSum(), "Incorrect sum");
assertNull(res.getWrapInfo(), "Unexpected wrap info");
assertNull(res.getWarnings(), "Unexpected warnings");
assertNull(res.getAuth(), "Unexpected auth");
}
private static String json(String data) {
return "{\n" +
" \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
" \"lease_id\" : \"\",\n" +
" \"renewable\" : false,\n" +
" \"lease_duration\" : 0,\n" +
" \"data\" : {\n" +
" " + data + "\n" +
" },\n" +
" \"wrap_info\" : null,\n" +
" \"warnings\" : null,\n" +
" \"auth\" : null\n" +
"}";
}
}

2
src/test/java/de/stklcode/jvault/connector/test/Credentials.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

2
src/test/resources/data_dir/core/_mounts
View File

@ -1 +1 @@
{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="} {"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}

1
src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/archive/_my-key Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}

1
src/test/resources/data_dir/logical/c49ee9eb-94d9-928c-c958-95d092130c30/policy/_my-key Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}