diff --git a/src/main/java/io/github/jopenlibs/vault/VaultConfig.java b/src/main/java/io/github/jopenlibs/vault/VaultConfig.java index d932fe4a..107aca38 100644 --- a/src/main/java/io/github/jopenlibs/vault/VaultConfig.java +++ b/src/main/java/io/github/jopenlibs/vault/VaultConfig.java @@ -34,7 +34,7 @@ public class VaultConfig implements Serializable { private Map secretsEnginePathMap = new ConcurrentHashMap<>(); private String address; - private String token; + private char[] token; private SslConfig sslConfig; private Integer openTimeout; private Integer readTimeout; @@ -143,8 +143,16 @@ public VaultConfig address(final String address) { * @return This object, with token populated, ready for additional builder-pattern method calls * or else finalization with the build() method */ - public VaultConfig token(final String token) { - this.token = token; + public VaultConfig token(final CharSequence token) { + if (token != null) { + char[] arr = new char[token.length()]; + for (int i = 0; i < arr.length; i++) { + arr[i] = token.charAt(i); + } + this.token = arr; + } else { + this.token = null; + } return this; } @@ -354,8 +362,9 @@ public VaultConfig build() throws VaultException { throw new VaultException("No address is set"); } } - if (this.token == null && environmentLoader.loadVariable(VAULT_TOKEN) != null) { - this.token = environmentLoader.loadVariable(VAULT_TOKEN); + String envVaultToken = environmentLoader.loadVariable(VAULT_TOKEN); + if (this.token == null && envVaultToken != null) { + this.token = envVaultToken.toCharArray(); } if (this.openTimeout == null && environmentLoader.loadVariable(VAULT_OPEN_TIMEOUT) != null) { @@ -393,7 +402,7 @@ public String getAddress() { return address; } - public String getToken() { + public char[] getToken() { return token; } diff --git a/src/main/java/io/github/jopenlibs/vault/VaultImpl.java b/src/main/java/io/github/jopenlibs/vault/VaultImpl.java index 4e57e50d..1b1b9f16 100644 --- a/src/main/java/io/github/jopenlibs/vault/VaultImpl.java +++ b/src/main/java/io/github/jopenlibs/vault/VaultImpl.java @@ -309,7 +309,7 @@ private Map collectSecretEngineVersions() { try { final RestResponse restResponse = new Rest()//NOPMD .url(vaultConfig.getAddress() + "/v1/sys/mounts") - .header("X-Vault-Token", vaultConfig.getToken()) + .token(vaultConfig.getToken()) .header("X-Vault-Namespace", this.vaultConfig.getNameSpace()) .header("X-Vault-Request", "true") .connectTimeoutSeconds(vaultConfig.getOpenTimeout()) diff --git a/src/main/java/io/github/jopenlibs/vault/api/Auth.java b/src/main/java/io/github/jopenlibs/vault/api/Auth.java index bddf27c4..150fc8c8 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/Auth.java +++ b/src/main/java/io/github/jopenlibs/vault/api/Auth.java @@ -377,7 +377,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to // HTTP request to Vault final RestResponse restResponse = getRest()//NOPMD .url(url) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) @@ -1252,7 +1252,7 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount) final String requestJson = Json.object().add("increment", increment).toString(); final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/auth/" + mount + "/renew-self") - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8)) @@ -1308,7 +1308,7 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept // HTTP request to Vault final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/auth/" + mount + "/lookup-self") - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -1344,19 +1344,19 @@ public LogicalResponse lookupWrap() throws VaultException { } /** - * @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(String) + * @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(char[]) * @deprecated This method is deprecated and in future it will be removed */ - public LogicalResponse lookupWrap(final String wrappedToken) throws VaultException { + public LogicalResponse lookupWrap(final char[] wrappedToken) throws VaultException { Sys sys = new Sys(this.config); return sys.wrapping().lookupWrap(wrappedToken, true); } /** - * @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(String, boolean) + * @see io.github.jopenlibs.vault.api.sys.Wrapping#lookupWrap(char[], boolean) * @deprecated This method is deprecated and in future it will be removed */ - public LogicalResponse lookupWrap(final String wrappedToken, boolean inBody) + public LogicalResponse lookupWrap(final char[] wrappedToken, boolean inBody) throws VaultException { Sys sys = new Sys(this.config); return sys.wrapping().lookupWrap(wrappedToken, inBody); @@ -1385,7 +1385,7 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException { // HTTP request to Vault final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/auth/" + mount + "/revoke-self") - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -1417,19 +1417,19 @@ public UnwrapResponse unwrap() throws VaultException { } /** - * @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(String) + * @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(char[]) * @deprecated This method is deprecated and in future it will be removed */ - public UnwrapResponse unwrap(final String wrappedToken) throws VaultException { + public UnwrapResponse unwrap(final char[] wrappedToken) throws VaultException { Sys sys = new Sys(this.config); return sys.wrapping().unwrap(wrappedToken, true); } /** - * @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(String, boolean) + * @see io.github.jopenlibs.vault.api.sys.Wrapping#unwrap(char[], boolean) * @deprecated This method is deprecated and in future it will be removed */ - public UnwrapResponse unwrap(final String wrappedToken, boolean inBody) throws VaultException { + public UnwrapResponse unwrap(final char[] wrappedToken, boolean inBody) throws VaultException { Sys sys = new Sys(this.config); return sys.wrapping().unwrap(wrappedToken, inBody); } @@ -1444,10 +1444,10 @@ public WrapResponse wrap(final JsonObject jsonObject, int ttlInSec) throws Vault } /** - * @see io.github.jopenlibs.vault.api.sys.Wrapping#rewrap(String) + * @see io.github.jopenlibs.vault.api.sys.Wrapping#rewrap(char[]) * @deprecated This method is deprecated and in future it will be removed */ - public WrapResponse rewrap(final String wrappedToken) throws VaultException { + public WrapResponse rewrap(final char[] wrappedToken) throws VaultException { Sys sys = new Sys(this.config); return sys.wrapping().rewrap(wrappedToken); } diff --git a/src/main/java/io/github/jopenlibs/vault/api/Debug.java b/src/main/java/io/github/jopenlibs/vault/api/Debug.java index 7d6c51ff..115aa26e 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/Debug.java +++ b/src/main/java/io/github/jopenlibs/vault/api/Debug.java @@ -108,7 +108,7 @@ public HealthResponse health( // Build an HTTP request for Vault final Rest rest = getRest()//NOPMD .url(config.getAddress() + "/v1/" + path) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) diff --git a/src/main/java/io/github/jopenlibs/vault/api/Logical.java b/src/main/java/io/github/jopenlibs/vault/api/Logical.java index 8499ec09..6fe3e06f 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/Logical.java +++ b/src/main/java/io/github/jopenlibs/vault/api/Logical.java @@ -89,7 +89,7 @@ private LogicalResponse read(final String path, final logicalOperations operatio final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), operation)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -148,7 +148,7 @@ public LogicalResponse read(final String path, Boolean shouldRetry, final Intege .url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite( path, config.getPrefixPathDepth(), logicalOperations.readV2)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .parameter("version", version.toString()) @@ -288,7 +288,7 @@ private LogicalResponse write(final String path, final Map nameV config.getPrefixPathDepth(), operation)) .body(jsonObjectToWriteFromEngineVersion(operation, dataJson, optionsJson) .toString().getBytes(StandardCharsets.UTF_8)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .header("X-Vault-Wrap-TTL", wrapTTL != null ? wrapTTL.toString() : null) @@ -380,7 +380,7 @@ private LogicalResponse delete(final String path, final Logical.logicalOperation final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/" + adjustPathForDelete(path, config.getPrefixPathDepth(), operation)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -430,7 +430,7 @@ public LogicalResponse delete(final String path, final int[] versions) throws Va final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/" + adjustPathForVersionDelete(path, config.getPrefixPathDepth())) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -490,7 +490,7 @@ public LogicalResponse unDelete(final String path, final int[] versions) throws final RestResponse restResponse = getRest() //NOPMD .url(config.getAddress() + "/v1/" + adjustPathForVersionUnDelete(path, config.getPrefixPathDepth())) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -537,7 +537,7 @@ public LogicalResponse destroy(final String path, final int[] versions) throws V final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/" + adjustPathForVersionDestroy(path, config.getPrefixPathDepth())) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -574,7 +574,7 @@ public LogicalResponse upgrade(final String kvPath) throws VaultException { final RestResponse restResponse = getRest()//NOPMD .url(config.getAddress() + "/v1/sys/mounts/" + (kvPath.replaceAll("/", "") + "/tune")) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) diff --git a/src/main/java/io/github/jopenlibs/vault/api/database/Database.java b/src/main/java/io/github/jopenlibs/vault/api/database/Database.java index 6f6ee569..20c6ef5d 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/database/Database.java +++ b/src/main/java/io/github/jopenlibs/vault/api/database/Database.java @@ -93,7 +93,7 @@ public DatabaseResponse createOrUpdateRole(final String roleName, final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) @@ -139,7 +139,7 @@ public DatabaseResponse getRole(final String roleName) throws VaultException { final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -191,7 +191,7 @@ public DatabaseResponse revoke(final String serialNumber) throws VaultException final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/revoke", config.getAddress(), this.mountPath)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -237,7 +237,7 @@ public DatabaseResponse deleteRole(final String roleName) throws VaultException final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -284,7 +284,7 @@ public DatabaseResponse creds(final String roleName) throws VaultException { final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/creds/%s", config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) diff --git a/src/main/java/io/github/jopenlibs/vault/api/pki/Pki.java b/src/main/java/io/github/jopenlibs/vault/api/pki/Pki.java index 7660f86a..83a555d0 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/pki/Pki.java +++ b/src/main/java/io/github/jopenlibs/vault/api/pki/Pki.java @@ -119,7 +119,7 @@ public PkiResponse createOrUpdateRole(final String roleName, final RoleOptions o final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) @@ -167,7 +167,7 @@ public PkiResponse getRole(final String roleName) throws VaultException { final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -187,7 +187,7 @@ public PkiResponse getRole(final String roleName) throws VaultException { } /** - *

Operation to revike a certificate in the vault using the PKI backend. + *

Operation to revoke a certificate in the vault using the PKI backend. * Relies on an authentication token being present in the VaultConfig * instance.

* @@ -218,7 +218,7 @@ public PkiResponse revoke(final String serialNumber) throws VaultException { final String requestJson = jsonObject.toString(); final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/revoke", config.getAddress(), this.mountPath)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -264,7 +264,7 @@ public PkiResponse deleteRole(final String roleName) throws VaultException { final RestResponse restResponse = getRest()//NOPMD .url(String.format("%s/v1/%s/roles/%s", config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -541,7 +541,7 @@ public PkiResponse issue( final RestResponse restResponse = getRest()//NOPMD .url(String.format(endpoint, config.getAddress(), this.mountPath, roleName)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) diff --git a/src/main/java/io/github/jopenlibs/vault/api/sys/Leases.java b/src/main/java/io/github/jopenlibs/vault/api/sys/Leases.java index 30aa71d8..cb58afe3 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/sys/Leases.java +++ b/src/main/java/io/github/jopenlibs/vault/api/sys/Leases.java @@ -56,7 +56,7 @@ public VaultResponse revoke(final String leaseId) throws VaultException { final String requestJson = Json.object().add("lease_id", leaseId).toString(); final RestResponse restResponse = new Rest()//NOPMD .url(config.getAddress() + "/v1/sys/leases/revoke") - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) @@ -97,7 +97,7 @@ public VaultResponse revokePrefix(final String prefix) throws VaultException { return retry(attempt -> { final RestResponse restResponse = new Rest()//NOPMD .url(config.getAddress() + "/v1/sys/leases/revoke-prefix/" + prefix) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -139,7 +139,7 @@ public VaultResponse revokeForce(final String prefix) throws VaultException { return retry(attempt -> { final RestResponse restResponse = new Rest()//NOPMD .url(config.getAddress() + "/v1/sys/leases/revoke-force/" + prefix) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) @@ -187,7 +187,7 @@ public VaultResponse renew(final String leaseId, final long increment) throws Va final String requestJson = Json.object().add("increment", increment).toString(); final RestResponse restResponse = new Rest()//NOPMD .url(config.getAddress() + "/v1/sys/leases/renew/" + leaseId) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8)) diff --git a/src/main/java/io/github/jopenlibs/vault/api/sys/Seal.java b/src/main/java/io/github/jopenlibs/vault/api/sys/Seal.java index 0f4d92e5..06e13a45 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/sys/Seal.java +++ b/src/main/java/io/github/jopenlibs/vault/api/sys/Seal.java @@ -47,7 +47,7 @@ public SealResponse seal() throws VaultException { // HTTP request to Vault final RestResponse restResponse = new Rest()//NOPMD .url(config.getAddress() + "/v1/sys/seal") - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) diff --git a/src/main/java/io/github/jopenlibs/vault/api/sys/Wrapping.java b/src/main/java/io/github/jopenlibs/vault/api/sys/Wrapping.java index 08ff1fd9..4808a9ac 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/sys/Wrapping.java +++ b/src/main/java/io/github/jopenlibs/vault/api/sys/Wrapping.java @@ -77,7 +77,7 @@ public LogicalResponse lookupWrap() throws VaultException { * @return The response information returned from Vault * @throws VaultException If any error occurs, or unexpected response received from Vault */ - public LogicalResponse lookupWrap(final String wrappedToken) throws VaultException { + public LogicalResponse lookupWrap(final char[] wrappedToken) throws VaultException { return lookupWrap(wrappedToken, true); } @@ -104,10 +104,10 @@ public LogicalResponse lookupWrap(final String wrappedToken) throws VaultExcepti * @return The response information returned from Vault * @throws VaultException If any error occurs, or unexpected response received from Vault */ - public LogicalResponse lookupWrap(final String wrappedToken, boolean inBody) + public LogicalResponse lookupWrap(final char[] wrappedToken, boolean inBody) throws VaultException { final String requestJson = - inBody ? Json.object().add("token", wrappedToken).toString() : null; + inBody ? Json.object().add("token", new String(wrappedToken)).toString() : null; return retry(attempt -> { // HTTP request to Vault @@ -122,10 +122,10 @@ public LogicalResponse lookupWrap(final String wrappedToken, boolean inBody) if (inBody) { rest = rest - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .body(requestJson.getBytes(StandardCharsets.UTF_8)); } else { - rest = rest.header("X-Vault-Token", wrappedToken); + rest = rest.token(wrappedToken); } final RestResponse restResponse = rest.post(); @@ -201,7 +201,7 @@ public LogicalResponse lookupWrap(final String wrappedToken, boolean inBody) * @param ttlInSec Wrap TTL in seconds * @return The response information returned from Vault * @throws VaultException If any error occurs, or unexpected response received from Vault - * @see #unwrap(String) + * @see #unwrap(char[]) */ public WrapResponse wrap(final JsonObject jsonObject, int ttlInSec) throws VaultException { Objects.requireNonNull(jsonObject); @@ -214,7 +214,7 @@ public WrapResponse wrap(final JsonObject jsonObject, int ttlInSec) throws Vault // HTTP request to Vault final RestResponse restResponse = new Rest() .url(url) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Wrap-TTL", Integer.toString(ttlInSec)) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") @@ -247,7 +247,7 @@ public WrapResponse wrap(final JsonObject jsonObject, int ttlInSec) throws Vault /** *

Returns the original response inside the wrapped auth token. This method is useful if you - * need to unwrap a token without being authenticated. See {@link #unwrap(String)} if you need + * need to unwrap a token without being authenticated. See {@link #unwrap(char[])} if you need * to do that authenticated.

* *

In the example below, you cannot use twice the {@code VaultConfig}, since @@ -266,7 +266,7 @@ public WrapResponse wrap(final JsonObject jsonObject, int ttlInSec) throws Vault * * @return The response information returned from Vault * @throws VaultException If any error occurs, or unexpected response received from Vault - * @see #unwrap(String) + * @see #unwrap(char[]) */ public UnwrapResponse unwrap() throws VaultException { return unwrap(config.getToken(), false); @@ -321,7 +321,7 @@ public UnwrapResponse unwrap() throws VaultException { * @see #wrap(JsonObject, int) * @see #unwrap() */ - public UnwrapResponse unwrap(final String wrappedToken) throws VaultException { + public UnwrapResponse unwrap(final char[] wrappedToken) throws VaultException { return unwrap(wrappedToken, true); } @@ -377,7 +377,7 @@ public UnwrapResponse unwrap(final String wrappedToken) throws VaultException { * @see #wrap(JsonObject, int) * @see #unwrap() */ - public UnwrapResponse unwrap(final String wrappedToken, boolean inBody) throws VaultException { + public UnwrapResponse unwrap(final char[] wrappedToken, boolean inBody) throws VaultException { Objects.requireNonNull(wrappedToken, "Wrapped token is null"); return retry(attempt -> { @@ -394,13 +394,13 @@ public UnwrapResponse unwrap(final String wrappedToken, boolean inBody) throws V .sslContext(config.getSslConfig().getSslContext()); if (inBody) { - final String requestJson = Json.object().add("token", wrappedToken).toString(); + final String requestJson = Json.object().add("token", new String(wrappedToken)).toString(); rest = rest - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .body(requestJson.getBytes(StandardCharsets.UTF_8)); } else { rest = rest - .header("X-Vault-Token", wrappedToken); + .token(wrappedToken); } RestResponse restResponse = rest.post(); @@ -462,18 +462,18 @@ public UnwrapResponse unwrap(final String wrappedToken, boolean inBody) throws V * @throws VaultException If any error occurs, or unexpected response received from Vault * @see #wrap(JsonObject, int) */ - public WrapResponse rewrap(final String wrappedToken) throws VaultException { + public WrapResponse rewrap(final char[] wrappedToken) throws VaultException { Objects.requireNonNull(wrappedToken); return retry(attempt -> { // Parse parameters to JSON - final String requestJson = Json.object().add("token", wrappedToken).toString(); + final String requestJson = Json.object().add("token", new String(wrappedToken)).toString(); final String url = config.getAddress() + "/v1/sys/wrapping/rewrap"; // HTTP request to Vault final RestResponse restResponse = new Rest() .url(url) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Namespace", this.nameSpace) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) diff --git a/src/main/java/io/github/jopenlibs/vault/api/sys/mounts/Mounts.java b/src/main/java/io/github/jopenlibs/vault/api/sys/mounts/Mounts.java index d34822e0..fcdfb365 100644 --- a/src/main/java/io/github/jopenlibs/vault/api/sys/mounts/Mounts.java +++ b/src/main/java/io/github/jopenlibs/vault/api/sys/mounts/Mounts.java @@ -47,7 +47,7 @@ public MountResponse list() throws VaultException { return retry(attempt -> { final RestResponse restResponse = new Rest()//NOPMD .url(String.format("%s/v1/sys/mounts", config.getAddress())) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) .readTimeoutSeconds(config.getReadTimeout()) @@ -116,7 +116,7 @@ public MountResponse enable(final String path, final MountType type, final Mount final RestResponse restResponse = new Rest()//NOPMD .url(String.format("%s/v1/sys/mounts/%s", config.getAddress(), path)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) .connectTimeoutSeconds(config.getOpenTimeout()) @@ -165,7 +165,7 @@ public MountResponse disable(final String path) throws VaultException { return retry(attempt -> { final RestResponse restResponse = new Rest()//NOPMD .url(String.format("%s/v1/sys/mounts/%s", config.getAddress(), path)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) .readTimeoutSeconds(config.getReadTimeout()) @@ -213,7 +213,7 @@ public MountResponse read(final String path) throws VaultException { return retry(attempt -> { final RestResponse restResponse = new Rest()//NOPMD .url(String.format("%s/v1/sys/mounts/%s/tune", config.getAddress(), path)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Request", "true") .connectTimeoutSeconds(config.getOpenTimeout()) .readTimeoutSeconds(config.getReadTimeout()) @@ -276,7 +276,7 @@ public MountResponse tune(final String path, final MountPayload payload) throws final RestResponse restResponse = new Rest()//NOPMD .url(String.format("%s/v1/sys/mounts/%s/tune", config.getAddress(), path)) - .header("X-Vault-Token", config.getToken()) + .token(config.getToken()) .header("X-Vault-Request", "true") .body(requestJson.getBytes(StandardCharsets.UTF_8)) .connectTimeoutSeconds(config.getOpenTimeout()) diff --git a/src/main/java/io/github/jopenlibs/vault/response/WrapResponse.java b/src/main/java/io/github/jopenlibs/vault/response/WrapResponse.java index be261cd3..1507fc2f 100644 --- a/src/main/java/io/github/jopenlibs/vault/response/WrapResponse.java +++ b/src/main/java/io/github/jopenlibs/vault/response/WrapResponse.java @@ -14,7 +14,7 @@ public class WrapResponse extends VaultResponse { private Boolean renewable; - private String token; + private char[] token; private String accessor; private int ttl; private String creationTime; @@ -35,7 +35,7 @@ public WrapResponse(final RestResponse restResponse, final int retries) { JsonValue wrapInfoJsonVal = jsonResponse.get("wrap_info"); if (wrapInfoJsonVal != null && !wrapInfoJsonVal.isNull()) { final JsonObject wrapInfoJsonObject = wrapInfoJsonVal.asObject(); - token = wrapInfoJsonObject.getString("token", null); + token = wrapInfoJsonObject.getString("token", null).toCharArray(); accessor = wrapInfoJsonObject.getString("accessor", null); ttl = wrapInfoJsonObject.getInt("ttl", 0); creationTime = wrapInfoJsonObject.getString("creation_time", null); @@ -57,7 +57,7 @@ public Boolean getRenewable() { * * @return response-wrapped token. */ - public String getToken() { + public char[] getToken() { return token; } diff --git a/src/main/java/io/github/jopenlibs/vault/rest/Rest.java b/src/main/java/io/github/jopenlibs/vault/rest/Rest.java index 9478171e..b2bb464f 100644 --- a/src/main/java/io/github/jopenlibs/vault/rest/Rest.java +++ b/src/main/java/io/github/jopenlibs/vault/rest/Rest.java @@ -205,6 +205,22 @@ public Rest parameter(final String name, final String value) throws RestExceptio return this; } + /** + *

Adds the "X-Vault-Token" header to be sent with the HTTP request.

+ * * + *

This method may be chained together repeatedly

+ * + * @param value The vault token value as a {@code char[]} + * @return This object, with a vault token added, ready for other builder-pattern config methods or + * an HTTP verb method + */ + public Rest token(final char[] value) { + if (value != null && value.length > 0) { + return header("X-Vault-Token", new String(value)); + } + return this; + } + /** *

Adds a header to be sent with the HTTP request.

* * diff --git a/src/test/java/io/github/jopenlibs/vault/VaultConfigTests.java b/src/test/java/io/github/jopenlibs/vault/VaultConfigTests.java index e6e9c49a..987e0fb3 100644 --- a/src/test/java/io/github/jopenlibs/vault/VaultConfigTests.java +++ b/src/test/java/io/github/jopenlibs/vault/VaultConfigTests.java @@ -94,7 +94,7 @@ public String loadVariable(final String name) { public void testConfigConstructor() throws VaultException { final VaultConfig config = new VaultConfig().address("address").token("token").build(); assertEquals("address", config.getAddress()); - assertEquals("token", config.getToken()); + assertEquals("token", new String(config.getToken())); } /** @@ -133,7 +133,7 @@ public void testConfigBuilder() throws VaultException { .secretsEnginePathMap(testMap) .build(); assertEquals("address", config.getAddress()); - assertEquals("token", config.getToken()); + assertEquals("token", new String(config.getToken())); assertEquals("1", config.getGlobalEngineVersion().toString()); assertEquals("bar", config.getSecretsEnginePathMap().get("foo")); } @@ -159,7 +159,7 @@ public void testConfigBuilder_LoadFromEnv() throws VaultException { .environmentLoader(mock) .build(); assertEquals("http://127.0.0.1:8200", config.getAddress()); - assertEquals("c24e2469-298a-6c64-6a71-5b47c9ba459a", config.getToken()); + assertEquals("c24e2469-298a-6c64-6a71-5b47c9ba459a", new String(config.getToken())); assertTrue(config.getSslConfig().isVerify()); assertTrue(30 == config.getOpenTimeout()); assertTrue(30 == config.getReadTimeout()); @@ -240,7 +240,7 @@ public void testConfigBuilder_LoadTokenFromHomedir() throws IOException, VaultEx .environmentLoader(mock) .build(); assertEquals("http://127.0.0.1:8200", config.getAddress()); - assertEquals("d24e2469-298a-6c64-6a71-5b47c9ba459a", config.getToken()); + assertEquals("d24e2469-298a-6c64-6a71-5b47c9ba459a", new String(config.getToken())); assertTrue(config.getSslConfig().isVerify()); assertEquals(30, (int) config.getOpenTimeout()); assertEquals(30, (int) config.getReadTimeout()); diff --git a/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapTest.java b/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapTest.java index 13773c0f..c5a55ac0 100644 --- a/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapTest.java +++ b/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapTest.java @@ -61,7 +61,7 @@ public void should_unwrap_param_sends_token_and_return_unwrapped_token() throws VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999") .token("authToken").build(); Vault vault = Vault.create(vaultConfig); - AuthResponse response = vault.sys().wrapping().unwrap("wrappedToken"); + AuthResponse response = vault.sys().wrapping().unwrap("wrappedToken".toCharArray()); assertEquals(200, response.getRestResponse().getStatus()); diff --git a/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapWithoutAuthResponseTest.java b/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapWithoutAuthResponseTest.java index 9b08dd21..58e514ae 100644 --- a/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapWithoutAuthResponseTest.java +++ b/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingUnwrapWithoutAuthResponseTest.java @@ -38,7 +38,7 @@ public void unwrap_response_without_auth() throws Exception { VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999") .token("wrappedToken").build(); Vault vault = Vault.create(vaultConfig); - UnwrapResponse response = vault.sys().wrapping().unwrap("wrappedToken"); + UnwrapResponse response = vault.sys().wrapping().unwrap("wrappedToken".toCharArray()); assertEquals(200, response.getRestResponse().getStatus()); @@ -64,7 +64,7 @@ public void unwrap_response_without_implicit_null_auth() throws Exception { VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999") .token("wrappedToken").build(); Vault vault = Vault.create(vaultConfig); - UnwrapResponse response = vault.sys().wrapping().unwrap("wrappedToken"); + UnwrapResponse response = vault.sys().wrapping().unwrap("wrappedToken".toCharArray()); assertEquals(200, response.getRestResponse().getStatus()); diff --git a/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingWrapTest.java b/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingWrapTest.java index d6c4c3b0..de44c53f 100644 --- a/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingWrapTest.java +++ b/src/test/java/io/github/jopenlibs/vault/api/sys/WrappingWrapTest.java @@ -60,7 +60,7 @@ public void check_wrap_request_response() throws Exception { assertEquals("wrappedToken", vaultServer.getRequestHeaders().get("X-Vault-Token")); // Assert response should have the unwrapped token in the client_token key - assertEquals("wrappedToken", response.getToken()); + assertEquals("wrappedToken", new String(response.getToken())); assertEquals("accessor_value", response.getAccessor()); assertEquals(60, response.getTtl()); assertEquals("2022-10-09T12:38:27.217414477Z", response.getCreationTime());