@@ -15,6 +15,9 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.*;
|
||||
import static org.springframework.vault.authentication.AuthenticationUtil.*;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@@ -43,9 +46,6 @@ import org.springframework.web.client.HttpStatusCodeException;
|
||||
import org.springframework.web.client.RestClientException;
|
||||
import org.springframework.web.client.RestOperations;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.*;
|
||||
import static org.springframework.vault.authentication.AuthenticationUtil.*;
|
||||
|
||||
/**
|
||||
* AppRole implementation of {@link ClientAuthentication}. RoleId and SecretId (optional)
|
||||
* are sent in the login request to Vault to obtain a {@link VaultToken}.
|
||||
@@ -217,8 +217,8 @@ public class AppRoleAuthentication implements ClientAuthentication, Authenticati
|
||||
return (String) entity.getBody().getRequiredData().get("role_id");
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
throw new VaultLoginException(String.format("Cannot get Role id using AppRole: %s",
|
||||
VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
throw new VaultLoginException("Cannot get Role id using AppRole: %s"
|
||||
.formatted(VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -236,8 +236,8 @@ public class AppRoleAuthentication implements ClientAuthentication, Authenticati
|
||||
return (String) response.getRequiredData().get("role_id");
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
throw new VaultLoginException(String.format("Cannot unwrap Role id using AppRole: %s",
|
||||
VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
throw new VaultLoginException("Cannot unwrap Role id using AppRole: %s"
|
||||
.formatted(VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -260,8 +260,8 @@ public class AppRoleAuthentication implements ClientAuthentication, Authenticati
|
||||
return (String) response.getRequiredData().get("secret_id");
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
throw new VaultLoginException(String.format("Cannot get Secret id using AppRole: %s",
|
||||
VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
throw new VaultLoginException("Cannot get Secret id using AppRole: %s"
|
||||
.formatted(VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -280,8 +280,8 @@ public class AppRoleAuthentication implements ClientAuthentication, Authenticati
|
||||
return (String) response.getRequiredData().get("secret_id");
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
throw new VaultLoginException(String.format("Cannot unwrap Role id using AppRole: %s",
|
||||
VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
throw new VaultLoginException("Cannot unwrap Role id using AppRole: %s"
|
||||
.formatted(VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -331,11 +331,11 @@ public class AppRoleAuthentication implements ClientAuthentication, Authenticati
|
||||
}
|
||||
|
||||
private static String getSecretIdPath(AppRoleAuthenticationOptions options) {
|
||||
return String.format("auth/%s/role/%s/secret-id", options.getPath(), options.getAppRole());
|
||||
return "auth/%s/role/%s/secret-id".formatted(options.getPath(), options.getAppRole());
|
||||
}
|
||||
|
||||
private static String getRoleIdIdPath(AppRoleAuthenticationOptions options) {
|
||||
return String.format("auth/%s/role/%s/role-id", options.getPath(), options.getAppRole());
|
||||
return "auth/%s/role/%s/role-id".formatted(options.getPath(), options.getAppRole());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -446,7 +446,7 @@ public class AuthenticationSteps {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("%s %s AS %s", getMethod(), getUri() != null ? getUri() : getUriTemplate(),
|
||||
return "%s %s AS %s".formatted(getMethod(), getUri() != null ? getUri() : getUriTemplate(),
|
||||
getResponseType());
|
||||
}
|
||||
|
||||
@@ -508,9 +508,8 @@ public class AuthenticationSteps {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof HttpRequestNode))
|
||||
if (!(o instanceof HttpRequestNode<?> that))
|
||||
return false;
|
||||
HttpRequestNode<?> that = (HttpRequestNode<?>) o;
|
||||
return this.definition.equals(that.definition) && this.previous.equals(that.previous);
|
||||
}
|
||||
|
||||
@@ -553,9 +552,8 @@ public class AuthenticationSteps {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof MapStep))
|
||||
if (!(o instanceof MapStep<?, ?> mapStep))
|
||||
return false;
|
||||
MapStep<?, ?> mapStep = (MapStep<?, ?>) o;
|
||||
return this.mapper.equals(mapStep.mapper) && this.previous.equals(mapStep.previous);
|
||||
}
|
||||
|
||||
@@ -599,9 +597,8 @@ public class AuthenticationSteps {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof ZipStep))
|
||||
if (!(o instanceof ZipStep<?, ?> zipStep))
|
||||
return false;
|
||||
ZipStep<?, ?> zipStep = (ZipStep<?, ?>) o;
|
||||
return this.left.equals(zipStep.left) && this.right.equals(zipStep.right);
|
||||
}
|
||||
|
||||
@@ -645,9 +642,8 @@ public class AuthenticationSteps {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof OnNextStep))
|
||||
if (!(o instanceof OnNextStep<?> that))
|
||||
return false;
|
||||
OnNextStep<?> that = (OnNextStep<?>) o;
|
||||
return this.consumer.equals(that.consumer) && this.previous.equals(that.previous);
|
||||
}
|
||||
|
||||
@@ -686,9 +682,8 @@ public class AuthenticationSteps {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof ScalarValueStep))
|
||||
if (!(o instanceof ScalarValueStep<?> that))
|
||||
return false;
|
||||
ScalarValueStep<?> that = (ScalarValueStep<?>) o;
|
||||
return this.value.equals(that.value) && this.previous.equals(that.previous);
|
||||
}
|
||||
|
||||
@@ -731,9 +726,8 @@ public class AuthenticationSteps {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof SupplierStep))
|
||||
if (!(o instanceof SupplierStep<?> that))
|
||||
return false;
|
||||
SupplierStep<?> that = (SupplierStep<?>) o;
|
||||
return this.supplier.equals(that.supplier) && this.previous.equals(that.previous);
|
||||
}
|
||||
|
||||
@@ -798,9 +792,8 @@ public class AuthenticationSteps {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Pair))
|
||||
if (!(o instanceof Pair<?, ?> pair))
|
||||
return false;
|
||||
Pair<?, ?> pair = (Pair<?, ?>) o;
|
||||
return this.left.equals(pair.left) && this.right.equals(pair.right);
|
||||
}
|
||||
|
||||
|
||||
@@ -81,15 +81,14 @@ public class AuthenticationStepsExecutor implements ClientAuthentication {
|
||||
return (VaultToken) state;
|
||||
}
|
||||
|
||||
if (state instanceof VaultResponse) {
|
||||
if (state instanceof VaultResponse response) {
|
||||
|
||||
VaultResponse response = (VaultResponse) state;
|
||||
Assert.state(response.getAuth() != null, "Auth field must not be null");
|
||||
return LoginTokenUtil.from(response.getAuth());
|
||||
}
|
||||
|
||||
throw new IllegalStateException(
|
||||
String.format("Cannot retrieve VaultToken from authentication chain. Got instead %s", state));
|
||||
"Cannot retrieve VaultToken from authentication chain. Got instead %s".formatted(state));
|
||||
}
|
||||
|
||||
@SuppressWarnings({ "unchecked", "ConstantConditions" })
|
||||
@@ -100,7 +99,7 @@ public class AuthenticationStepsExecutor implements ClientAuthentication {
|
||||
for (Node<?> o : steps) {
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Executing %s with current state %s", o, state));
|
||||
logger.debug("Executing %s with current state %s".formatted(o, state));
|
||||
}
|
||||
|
||||
try {
|
||||
@@ -129,17 +128,15 @@ public class AuthenticationStepsExecutor implements ClientAuthentication {
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Executed %s with current state %s", o, state));
|
||||
logger.debug("Executed %s with current state %s".formatted(o, state));
|
||||
}
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
throw new VaultLoginException(
|
||||
String.format("HTTP request %s in state %s failed with Status %s and body %s", o, state,
|
||||
e.getStatusCode().value(), VaultResponses.getError(e.getResponseBodyAsString())),
|
||||
e);
|
||||
throw new VaultLoginException("HTTP request %s in state %s failed with Status %s and body %s".formatted(
|
||||
o, state, e.getStatusCode().value(), VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
}
|
||||
catch (RuntimeException e) {
|
||||
throw new VaultLoginException(String.format("Authentication execution failed in %s", o), e);
|
||||
throw new VaultLoginException("Authentication execution failed in %s".formatted(o), e);
|
||||
}
|
||||
}
|
||||
return state;
|
||||
|
||||
@@ -101,9 +101,7 @@ public class AuthenticationStepsOperator implements VaultTokenSupplier {
|
||||
return (VaultToken) stateObject;
|
||||
}
|
||||
|
||||
if (stateObject instanceof VaultResponse) {
|
||||
|
||||
VaultResponse response = (VaultResponse) stateObject;
|
||||
if (stateObject instanceof VaultResponse response) {
|
||||
|
||||
Assert.state(response.getAuth() != null, "Auth field must not be null");
|
||||
|
||||
@@ -111,7 +109,7 @@ public class AuthenticationStepsOperator implements VaultTokenSupplier {
|
||||
}
|
||||
|
||||
throw new IllegalStateException(
|
||||
String.format("Cannot retrieve VaultToken from authentication chain. Got instead %s", stateObject));
|
||||
"Cannot retrieve VaultToken from authentication chain. Got instead %s".formatted(stateObject));
|
||||
}).onErrorMap(t -> new VaultLoginException("Cannot retrieve VaultToken from authentication chain", t));
|
||||
}
|
||||
|
||||
@@ -123,7 +121,7 @@ public class AuthenticationStepsOperator implements VaultTokenSupplier {
|
||||
for (Node<?> o : steps) {
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Executing %s with current state %s", o, state));
|
||||
logger.debug("Executing %s with current state %s".formatted(o, state));
|
||||
}
|
||||
|
||||
if (o instanceof HttpRequestNode) {
|
||||
@@ -152,7 +150,7 @@ public class AuthenticationStepsOperator implements VaultTokenSupplier {
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Executed %s with current state %s", o, state));
|
||||
logger.debug("Executed %s with current state %s".formatted(o, state));
|
||||
}
|
||||
}
|
||||
return state;
|
||||
@@ -217,12 +215,10 @@ public class AuthenticationStepsOperator implements VaultTokenSupplier {
|
||||
|
||||
Supplier<?> supplier = supplierStep.getSupplier();
|
||||
|
||||
if (!(supplier instanceof ResourceCredentialSupplier)) {
|
||||
if (!(supplier instanceof ResourceCredentialSupplier resourceSupplier)) {
|
||||
return Mono.fromSupplier(supplierStep.getSupplier()).subscribeOn(Schedulers.boundedElastic());
|
||||
}
|
||||
|
||||
ResourceCredentialSupplier resourceSupplier = (ResourceCredentialSupplier) supplier;
|
||||
|
||||
return DataBufferUtils.join(DataBufferUtils.read(resourceSupplier.getResource(), this.factory, 4096))
|
||||
.map(dataBuffer -> {
|
||||
String result = dataBuffer.toString(ResourceCredentialSupplier.CHARSET);
|
||||
@@ -230,7 +226,7 @@ public class AuthenticationStepsOperator implements VaultTokenSupplier {
|
||||
return (Object) result;
|
||||
})
|
||||
.onErrorMap(IOException.class, e -> new VaultException(
|
||||
String.format("Credential retrieval from %s failed", resourceSupplier.getResource()), e));
|
||||
"Credential retrieval from %s failed".formatted(resourceSupplier.getResource()), e));
|
||||
}
|
||||
|
||||
enum Undefinded {
|
||||
|
||||
@@ -13,7 +13,7 @@ abstract class AuthenticationUtil {
|
||||
* @return
|
||||
*/
|
||||
static String getLoginPath(String authMount) {
|
||||
return String.format("auth/%s/login", authMount);
|
||||
return "auth/%s/login".formatted(authMount);
|
||||
}
|
||||
|
||||
private AuthenticationUtil() {
|
||||
|
||||
@@ -157,8 +157,8 @@ public class AwsEc2Authentication implements ClientAuthentication, Authenticatio
|
||||
|
||||
if (response.getAuth().get("metadata") instanceof Map) {
|
||||
Map<Object, Object> metadata = (Map<Object, Object>) response.getAuth().get("metadata");
|
||||
logger.debug(String.format("Login successful using AWS-EC2 authentication for instance %s, AMI %s",
|
||||
metadata.get("instance_id"), metadata.get("instance_id")));
|
||||
logger.debug("Login successful using AWS-EC2 authentication for instance %s, AMI %s"
|
||||
.formatted(metadata.get("instance_id"), metadata.get("instance_id")));
|
||||
}
|
||||
else {
|
||||
logger.debug("Login successful using AWS-EC2 authentication");
|
||||
@@ -197,7 +197,7 @@ public class AwsEc2Authentication implements ClientAuthentication, Authenticatio
|
||||
}
|
||||
catch (RestClientException e) {
|
||||
throw new VaultLoginException(
|
||||
String.format("Cannot obtain Identity Document from %s", this.options.getIdentityDocumentUri()), e);
|
||||
"Cannot obtain Identity Document from %s".formatted(this.options.getIdentityDocumentUri()), e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -156,8 +156,8 @@ public class AwsIamAuthentication implements ClientAuthentication, Authenticatio
|
||||
|
||||
if (response.getAuth().get("metadata") instanceof Map) {
|
||||
Map<Object, Object> metadata = (Map<Object, Object>) response.getAuth().get("metadata");
|
||||
logger.debug(String.format("Login successful using AWS-IAM authentication for user id %s, ARN %s",
|
||||
metadata.get("client_user_id"), metadata.get("canonical_arn")));
|
||||
logger.debug("Login successful using AWS-IAM authentication for user id %s, ARN %s"
|
||||
.formatted(metadata.get("client_user_id"), metadata.get("canonical_arn")));
|
||||
}
|
||||
else {
|
||||
logger.debug("Login successful using AWS-IAM authentication");
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.*;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
@@ -33,8 +35,6 @@ import org.springframework.vault.support.VaultToken;
|
||||
import org.springframework.web.client.RestClientException;
|
||||
import org.springframework.web.client.RestOperations;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.method;
|
||||
|
||||
/**
|
||||
* Cubbyhole {@link ClientAuthentication} implementation.
|
||||
* <p>
|
||||
@@ -225,9 +225,7 @@ public class CubbyholeAuthentication implements ClientAuthentication, Authentica
|
||||
return false;
|
||||
}
|
||||
|
||||
if (token instanceof LoginToken) {
|
||||
|
||||
LoginToken loginToken = (LoginToken) token;
|
||||
if (token instanceof LoginToken loginToken) {
|
||||
|
||||
if (loginToken.getLeaseDuration().isZero()) {
|
||||
return false;
|
||||
@@ -273,8 +271,8 @@ public class CubbyholeAuthentication implements ClientAuthentication, Authentica
|
||||
Map<String, Object> data = response.getData();
|
||||
if (data == null || data.isEmpty()) {
|
||||
throw new VaultLoginException(
|
||||
String.format("Cannot retrieve Token from Cubbyhole: Response at %s does not contain a token",
|
||||
options.getPath()));
|
||||
"Cannot retrieve Token from Cubbyhole: Response at %s does not contain a token"
|
||||
.formatted(options.getPath()));
|
||||
}
|
||||
|
||||
if (data.size() == 1) {
|
||||
@@ -282,8 +280,8 @@ public class CubbyholeAuthentication implements ClientAuthentication, Authentica
|
||||
return VaultToken.of(token);
|
||||
}
|
||||
|
||||
throw new VaultLoginException(String
|
||||
.format("Cannot retrieve Token from Cubbyhole: Response at %s does not contain an unique token", url));
|
||||
throw new VaultLoginException(
|
||||
"Cannot retrieve Token from Cubbyhole: Response at %s does not contain an unique token".formatted(url));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.*;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@@ -29,8 +31,6 @@ import org.springframework.vault.support.VaultToken;
|
||||
import org.springframework.web.client.HttpStatusCodeException;
|
||||
import org.springframework.web.client.RestOperations;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.get;
|
||||
|
||||
/**
|
||||
* GCP GCE (Google Compute Engine)-based login implementation using GCE's metadata service
|
||||
* to create signed JSON Web Token.
|
||||
@@ -157,7 +157,7 @@ public class GcpComputeAuthentication extends GcpJwtAuthenticationSupport
|
||||
}
|
||||
|
||||
private static String getAudience(String role) {
|
||||
return String.format("https://localhost:8200/vault/%s", role);
|
||||
return "https://localhost:8200/vault/%s".formatted(role);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -134,7 +134,7 @@ public class GcpIamAuthentication extends GcpJwtAuthenticationSupport implements
|
||||
|
||||
SignJwt signJwt = iam.projects()
|
||||
.serviceAccounts()
|
||||
.signJwt(String.format("projects/%s/serviceAccounts/%s", projectId, serviceAccount), request);
|
||||
.signJwt("projects/%s/serviceAccounts/%s".formatted(projectId, serviceAccount), request);
|
||||
|
||||
SignJwtResponse response = signJwt.execute();
|
||||
|
||||
|
||||
@@ -70,8 +70,8 @@ public abstract class GcpJwtAuthenticationSupport {
|
||||
if (response.getAuth().get("metadata") instanceof Map) {
|
||||
|
||||
Map<Object, Object> metadata = (Map<Object, Object>) response.getAuth().get("metadata");
|
||||
logger.debug(String.format("Login successful using %s authentication for user id %s",
|
||||
authenticationName, metadata.get("service_account_email")));
|
||||
logger.debug("Login successful using %s authentication for user id %s".formatted(authenticationName,
|
||||
metadata.get("service_account_email")));
|
||||
}
|
||||
else {
|
||||
logger.debug("Login successful using " + authenticationName + " authentication");
|
||||
|
||||
@@ -46,9 +46,10 @@ class GoogleJsonUtil {
|
||||
}
|
||||
}
|
||||
catch (ClassNotFoundException e) {
|
||||
throw new IllegalStateException(String.format(
|
||||
"No com.google.api.client.json.JsonFactory implementation available. Make sure to include either %s or %s on your classpath.",
|
||||
JACKSON, GSON), e);
|
||||
throw new IllegalStateException(
|
||||
"No com.google.api.client.json.JsonFactory implementation available. Make sure to include either %s or %s on your classpath."
|
||||
.formatted(JACKSON, GSON),
|
||||
e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -26,7 +26,18 @@ import org.springframework.scheduling.TaskScheduler;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.vault.VaultException;
|
||||
import org.springframework.vault.authentication.event.*;
|
||||
import org.springframework.vault.authentication.event.AfterLoginEvent;
|
||||
import org.springframework.vault.authentication.event.AfterLoginTokenRenewedEvent;
|
||||
import org.springframework.vault.authentication.event.AfterLoginTokenRevocationEvent;
|
||||
import org.springframework.vault.authentication.event.AuthenticationErrorEvent;
|
||||
import org.springframework.vault.authentication.event.AuthenticationErrorListener;
|
||||
import org.springframework.vault.authentication.event.AuthenticationListener;
|
||||
import org.springframework.vault.authentication.event.BeforeLoginTokenRenewedEvent;
|
||||
import org.springframework.vault.authentication.event.BeforeLoginTokenRevocationEvent;
|
||||
import org.springframework.vault.authentication.event.LoginFailedEvent;
|
||||
import org.springframework.vault.authentication.event.LoginTokenExpiredEvent;
|
||||
import org.springframework.vault.authentication.event.LoginTokenRenewalFailedEvent;
|
||||
import org.springframework.vault.authentication.event.LoginTokenRevocationFailedEvent;
|
||||
import org.springframework.vault.client.VaultHttpHeaders;
|
||||
import org.springframework.vault.client.VaultResponses;
|
||||
import org.springframework.vault.support.VaultResponse;
|
||||
@@ -177,8 +188,7 @@ public class LifecycleAwareSessionManager extends LifecycleAwareSessionManagerSu
|
||||
catch (RuntimeException e) {
|
||||
if (LoginToken.hasAccessor(token)) {
|
||||
this.logger.warn(
|
||||
String.format("Cannot revoke VaultToken with accessor: %s", ((LoginToken) token).getAccessor()),
|
||||
e);
|
||||
"Cannot revoke VaultToken with accessor: %s".formatted(((LoginToken) token).getAccessor()), e);
|
||||
}
|
||||
else {
|
||||
this.logger.warn("Cannot revoke VaultToken", e);
|
||||
@@ -246,8 +256,8 @@ public class LifecycleAwareSessionManager extends LifecycleAwareSessionManagerSu
|
||||
|
||||
if (this.logger.isDebugEnabled()) {
|
||||
Duration validTtlThreshold = getRefreshTrigger().getValidTtlThreshold(renewed);
|
||||
this.logger.info(String.format("Token TTL (%s) exceeded validity TTL threshold (%s). Dropping token.",
|
||||
renewed.getLeaseDuration(), validTtlThreshold));
|
||||
this.logger.info("Token TTL (%s) exceeded validity TTL threshold (%s). Dropping token."
|
||||
.formatted(renewed.getLeaseDuration(), validTtlThreshold));
|
||||
}
|
||||
else {
|
||||
this.logger.info("Token TTL exceeded validity TTL threshold. Dropping token.");
|
||||
@@ -304,7 +314,7 @@ public class LifecycleAwareSessionManager extends LifecycleAwareSessionManagerSu
|
||||
wrapper = new TokenWrapper(token, false);
|
||||
}
|
||||
catch (VaultTokenLookupException e) {
|
||||
this.logger.warn(String.format("Cannot enhance VaultToken to a LoginToken: %s", e.getMessage()));
|
||||
this.logger.warn("Cannot enhance VaultToken to a LoginToken: %s".formatted(e.getMessage()));
|
||||
multicastEvent(new AuthenticationErrorEvent(token, e));
|
||||
}
|
||||
}
|
||||
@@ -371,10 +381,9 @@ public class LifecycleAwareSessionManager extends LifecycleAwareSessionManagerSu
|
||||
|
||||
private static String format(String message, RuntimeException e) {
|
||||
|
||||
if (e instanceof HttpStatusCodeException) {
|
||||
if (e instanceof HttpStatusCodeException hsce) {
|
||||
|
||||
HttpStatusCodeException hsce = (HttpStatusCodeException) e;
|
||||
return String.format("%s: Status %s %s %s", message, hsce.getStatusCode().value(), hsce.getStatusText(),
|
||||
return "%s: Status %s %s %s".formatted(message, hsce.getStatusCode().value(), hsce.getStatusText(),
|
||||
VaultResponses.getError(hsce.getResponseBodyAsString()));
|
||||
}
|
||||
|
||||
|
||||
@@ -89,7 +89,7 @@ public class LoginTokenAdapter implements ClientAuthentication {
|
||||
return entity.getBody().getData();
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
throw new VaultTokenLookupException(String.format("Token self-lookup failed: %s %s", e.getStatusCode(),
|
||||
throw new VaultTokenLookupException("Token self-lookup failed: %s %s".formatted(e.getStatusCode(),
|
||||
VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
}
|
||||
catch (RestClientException e) {
|
||||
|
||||
@@ -100,8 +100,8 @@ public class MacAddressUserId implements AppIdUserIdMechanism {
|
||||
if (!networkInterface.isPresent()) {
|
||||
|
||||
if (StringUtils.hasText(this.networkInterfaceHint)) {
|
||||
this.logger.warn(String.format("Did not find a NetworkInterface applying hint %s",
|
||||
this.networkInterfaceHint));
|
||||
this.logger
|
||||
.warn("Did not find a NetworkInterface applying hint %s".formatted(this.networkInterfaceHint));
|
||||
}
|
||||
|
||||
InetAddress localHost = InetAddress.getLocalHost();
|
||||
@@ -159,7 +159,7 @@ public class MacAddressUserId implements AppIdUserIdMechanism {
|
||||
return Optional.ofNullable(it.getHardwareAddress());
|
||||
}
|
||||
catch (SocketException e) {
|
||||
throw new IllegalStateException(String.format("Cannot determine hardware address for %s", it.getName()));
|
||||
throw new IllegalStateException("Cannot determine hardware address for %s".formatted(it.getName()));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -167,7 +167,7 @@ public class MacAddressUserId implements AppIdUserIdMechanism {
|
||||
|
||||
return getNetworkAddress(it) //
|
||||
.orElseThrow(() -> new IllegalStateException(
|
||||
String.format("Network interface %s has no hardware address", it.getName())));
|
||||
"Network interface %s has no hardware address".formatted(it.getName())));
|
||||
}
|
||||
|
||||
private static boolean hasNetworkAddress(NetworkInterface it) {
|
||||
|
||||
@@ -21,7 +21,6 @@ import java.util.function.Supplier;
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* Authentication options for {@link PcfAuthentication}.
|
||||
@@ -241,7 +240,7 @@ public class PcfAuthenticationOptions {
|
||||
String value = System.getenv(name);
|
||||
|
||||
if (ObjectUtils.isEmpty(value)) {
|
||||
throw new IllegalStateException(String.format("Environment variable %s not set", name));
|
||||
throw new IllegalStateException("Environment variable %s not set".formatted(name));
|
||||
}
|
||||
|
||||
return value;
|
||||
|
||||
@@ -27,7 +27,18 @@ import org.springframework.scheduling.TaskScheduler;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.vault.VaultException;
|
||||
import org.springframework.vault.authentication.event.*;
|
||||
import org.springframework.vault.authentication.event.AfterLoginEvent;
|
||||
import org.springframework.vault.authentication.event.AfterLoginTokenRenewedEvent;
|
||||
import org.springframework.vault.authentication.event.AfterLoginTokenRevocationEvent;
|
||||
import org.springframework.vault.authentication.event.AuthenticationErrorEvent;
|
||||
import org.springframework.vault.authentication.event.AuthenticationErrorListener;
|
||||
import org.springframework.vault.authentication.event.AuthenticationListener;
|
||||
import org.springframework.vault.authentication.event.BeforeLoginTokenRenewedEvent;
|
||||
import org.springframework.vault.authentication.event.BeforeLoginTokenRevocationEvent;
|
||||
import org.springframework.vault.authentication.event.LoginFailedEvent;
|
||||
import org.springframework.vault.authentication.event.LoginTokenExpiredEvent;
|
||||
import org.springframework.vault.authentication.event.LoginTokenRenewalFailedEvent;
|
||||
import org.springframework.vault.authentication.event.LoginTokenRevocationFailedEvent;
|
||||
import org.springframework.vault.client.VaultHttpHeaders;
|
||||
import org.springframework.vault.client.VaultResponses;
|
||||
import org.springframework.vault.support.VaultResponse;
|
||||
@@ -195,8 +206,8 @@ public class ReactiveLifecycleAwareSessionManager extends LifecycleAwareSessionM
|
||||
private Mono<String> onRevokeFailed(VaultToken token, Throwable e) {
|
||||
|
||||
if (LoginToken.hasAccessor(token)) {
|
||||
this.logger.warn(
|
||||
String.format("Cannot revoke VaultToken with accessor: %s", ((LoginToken) token).getAccessor()), e);
|
||||
this.logger.warn("Cannot revoke VaultToken with accessor: %s".formatted(((LoginToken) token).getAccessor()),
|
||||
e);
|
||||
}
|
||||
else {
|
||||
this.logger.warn("Cannot revoke VaultToken", e);
|
||||
@@ -279,9 +290,8 @@ public class ReactiveLifecycleAwareSessionManager extends LifecycleAwareSessionM
|
||||
if (this.logger.isDebugEnabled()) {
|
||||
|
||||
Duration validTtlThreshold = getRefreshTrigger().getValidTtlThreshold(renewed);
|
||||
this.logger
|
||||
.info(String.format("Token TTL (%s) exceeded validity TTL threshold (%s). Dropping token.",
|
||||
renewed.getLeaseDuration(), validTtlThreshold));
|
||||
this.logger.info("Token TTL (%s) exceeded validity TTL threshold (%s). Dropping token."
|
||||
.formatted(renewed.getLeaseDuration(), validTtlThreshold));
|
||||
}
|
||||
else {
|
||||
this.logger.info("Token TTL exceeded validity TTL threshold. Dropping token.");
|
||||
@@ -339,7 +349,7 @@ public class ReactiveLifecycleAwareSessionManager extends LifecycleAwareSessionM
|
||||
|
||||
return loginTokenMono.onErrorResume(e -> {
|
||||
|
||||
this.logger.warn(String.format("Cannot enhance VaultToken to a LoginToken: %s", e.getMessage()));
|
||||
this.logger.warn("Cannot enhance VaultToken to a LoginToken: %s".formatted(e.getMessage()));
|
||||
multicastEvent(new AuthenticationErrorEvent(token, e));
|
||||
return Mono.just(token);
|
||||
}).map(it -> new TokenWrapper(it, false));
|
||||
@@ -424,10 +434,9 @@ public class ReactiveLifecycleAwareSessionManager extends LifecycleAwareSessionM
|
||||
|
||||
private static String format(String message, RuntimeException e) {
|
||||
|
||||
if (e instanceof WebClientResponseException) {
|
||||
if (e instanceof WebClientResponseException wce) {
|
||||
|
||||
WebClientResponseException wce = (WebClientResponseException) e;
|
||||
return String.format("%s: Status %s %s %s", message, wce.getStatusCode().value(), wce.getStatusText(),
|
||||
return "%s: Status %s %s %s".formatted(message, wce.getStatusCode().value(), wce.getStatusText(),
|
||||
VaultResponses.getError(wce.getResponseBodyAsString()));
|
||||
}
|
||||
|
||||
|
||||
@@ -68,7 +68,7 @@ public class ResourceCredentialSupplier implements CredentialSupplier {
|
||||
*/
|
||||
public ResourceCredentialSupplier(Resource resource) {
|
||||
|
||||
Assert.isTrue(resource.exists(), () -> String.format("Resource %s does not exist", resource));
|
||||
Assert.isTrue(resource.exists(), () -> "Resource %s does not exist".formatted(resource));
|
||||
|
||||
this.resource = resource;
|
||||
}
|
||||
@@ -80,7 +80,7 @@ public class ResourceCredentialSupplier implements CredentialSupplier {
|
||||
return new String(readToken(this.resource), CHARSET);
|
||||
}
|
||||
catch (IOException e) {
|
||||
throw new VaultException(String.format("Credential retrieval from %s failed", this.resource), e);
|
||||
throw new VaultException("Credential retrieval from %s failed".formatted(this.resource), e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -66,7 +66,7 @@ class Sha256 {
|
||||
StringBuilder sb = new StringBuilder(bytes.length * 2);
|
||||
|
||||
for (byte b : bytes) {
|
||||
sb.append(String.format("%X", b));
|
||||
sb.append("%X".formatted(b));
|
||||
}
|
||||
|
||||
return sb.toString();
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationUtil.*;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@@ -29,8 +31,6 @@ import org.springframework.vault.support.VaultToken;
|
||||
import org.springframework.web.client.HttpStatusCodeException;
|
||||
import org.springframework.web.client.RestOperations;
|
||||
|
||||
import static org.springframework.vault.authentication.AuthenticationUtil.*;
|
||||
|
||||
/**
|
||||
* Username and password implementation of {@link ClientAuthentication}. Can be used for
|
||||
* {@code userpass}, {@code ldap}, {@code okta}, and {@code radius} authentication
|
||||
@@ -77,7 +77,7 @@ public class UsernamePasswordAuthentication implements ClientAuthentication, Aut
|
||||
Map<String, Object> body = createLoginBody(options);
|
||||
|
||||
return AuthenticationSteps.fromSupplier(() -> body)
|
||||
.login(String.format("%s/%s", getLoginPath(options.getPath()), options.getUsername()));
|
||||
.login("%s/%s".formatted(getLoginPath(options.getPath()), options.getUsername()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -94,16 +94,16 @@ public class UsernamePasswordAuthentication implements ClientAuthentication, Aut
|
||||
|
||||
try {
|
||||
VaultResponse response = restOperations.postForObject(
|
||||
String.format("%s/%s", getLoginPath(options.getPath()), options.getUsername()),
|
||||
createLoginBody(options), VaultResponse.class);
|
||||
"%s/%s".formatted(getLoginPath(options.getPath()), options.getUsername()), createLoginBody(options),
|
||||
VaultResponse.class);
|
||||
|
||||
logger.debug("Login successful using username and password credentials");
|
||||
|
||||
return LoginTokenUtil.from(response.getAuth());
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
throw new VaultException(String.format("Cannot login using username and password: %s",
|
||||
VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
throw new VaultException("Cannot login using username and password: %s"
|
||||
.formatted(VaultResponses.getError(e.getResponseBodyAsString())), e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -58,10 +58,10 @@ public class VaultLoginException extends VaultException {
|
||||
|
||||
String response = ((RestClientResponseException) cause).getResponseBodyAsString();
|
||||
return new VaultLoginException(
|
||||
String.format("Cannot login using %s: %s", authMethod, VaultResponses.getError(response)), cause);
|
||||
"Cannot login using %s: %s".formatted(authMethod, VaultResponses.getError(response)), cause);
|
||||
}
|
||||
|
||||
return new VaultLoginException(String.format("Cannot login using %s", cause), cause);
|
||||
return new VaultLoginException("Cannot login using %s".formatted(cause), cause);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class AfterLoginEvent extends AuthenticationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class AfterLoginTokenRenewedEvent extends AuthenticationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class AfterLoginTokenRevocationEvent extends AuthenticationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
|
||||
/**
|
||||
@@ -30,6 +32,7 @@ import org.springframework.context.ApplicationEvent;
|
||||
*/
|
||||
public class AuthenticationErrorEvent extends ApplicationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private final Throwable exception;
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public abstract class AuthenticationEvent extends ApplicationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class BeforeLoginTokenRenewedEvent extends AuthenticationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class BeforeLoginTokenRevocationEvent extends AuthenticationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.authentication.ClientAuthentication;
|
||||
import org.springframework.vault.authentication.VaultTokenSupplier;
|
||||
@@ -32,6 +34,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class LoginFailedEvent extends AuthenticationErrorEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class LoginTokenExpiredEvent extends AuthenticationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class LoginTokenRenewalFailedEvent extends AuthenticationErrorEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.support.VaultToken;
|
||||
*/
|
||||
public class LoginTokenRevocationFailedEvent extends AuthenticationErrorEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -63,7 +63,6 @@ import org.springframework.http.client.ClientHttpRequestFactory;
|
||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||
import org.springframework.http.client.OkHttp3ClientHttpRequestFactory;
|
||||
import org.springframework.http.client.SimpleClientHttpRequestFactory;
|
||||
import org.springframework.http.client.reactive.JdkClientHttpConnector;
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ClassUtils;
|
||||
@@ -216,7 +215,7 @@ public class ClientHttpRequestFactoryFactory {
|
||||
throws IOException, GeneralSecurityException {
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Loading keystore from %s", keyStoreConfiguration.getResource()));
|
||||
logger.debug("Loading keystore from %s".formatted(keyStoreConfiguration.getResource()));
|
||||
}
|
||||
|
||||
InputStream inputStream = null;
|
||||
@@ -233,7 +232,7 @@ public class ClientHttpRequestFactoryFactory {
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Keystore loaded with %d entries", keyStore.size()));
|
||||
logger.debug("Keystore loaded with %d entries".formatted(keyStore.size()));
|
||||
}
|
||||
}
|
||||
finally {
|
||||
@@ -253,7 +252,7 @@ public class ClientHttpRequestFactoryFactory {
|
||||
String alias = cert.getSubjectX500Principal().getName();
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Adding certificate with alias %s", alias));
|
||||
logger.debug("Adding certificate with alias %s".formatted(alias));
|
||||
}
|
||||
|
||||
keyStore.setCertificateEntry(alias, cert);
|
||||
|
||||
@@ -189,7 +189,7 @@ public class VaultClients {
|
||||
|
||||
private static String toBaseUri(VaultEndpoint endpoint) {
|
||||
|
||||
return String.format("%s://%s:%s/%s", endpoint.getScheme(), endpoint.getHost(), endpoint.getPort(),
|
||||
return "%s://%s:%s/%s".formatted(endpoint.getScheme(), endpoint.getHost(), endpoint.getPort(),
|
||||
endpoint.getPath());
|
||||
}
|
||||
|
||||
|
||||
@@ -106,7 +106,7 @@ public class VaultEndpoint implements Serializable {
|
||||
vaultEndpoint.setPort(uri.getPort() == -1 ? uri.toURL().getDefaultPort() : uri.getPort());
|
||||
}
|
||||
catch (MalformedURLException e) {
|
||||
throw new IllegalArgumentException(String.format("Can't retrieve default port from %s", uri), e);
|
||||
throw new IllegalArgumentException("Can't retrieve default port from %s".formatted(uri), e);
|
||||
}
|
||||
vaultEndpoint.setScheme(uri.getScheme());
|
||||
|
||||
@@ -191,7 +191,7 @@ public class VaultEndpoint implements Serializable {
|
||||
public void setPath(String path) {
|
||||
|
||||
Assert.hasText(path, "Path must not be null or empty");
|
||||
Assert.isTrue(!path.startsWith("/"), () -> String.format("Path %s must not start with a leading slash", path));
|
||||
Assert.isTrue(!path.startsWith("/"), () -> "Path %s must not start with a leading slash".formatted(path));
|
||||
|
||||
this.path = path;
|
||||
}
|
||||
@@ -214,16 +214,15 @@ public class VaultEndpoint implements Serializable {
|
||||
|
||||
Assert.hasText(path, "Path must not be empty");
|
||||
|
||||
return String.format("%s://%s:%s/%s/%s", getScheme(), getHost(), getPort(), getPath(), path);
|
||||
return "%s://%s:%s/%s/%s".formatted(getScheme(), getHost(), getPort(), getPath(), path);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultEndpoint))
|
||||
if (!(o instanceof VaultEndpoint that))
|
||||
return false;
|
||||
VaultEndpoint that = (VaultEndpoint) o;
|
||||
return this.port == that.port && this.host.equals(that.host) && this.scheme.equals(that.scheme)
|
||||
&& this.path.equals(that.path);
|
||||
}
|
||||
@@ -235,7 +234,7 @@ public class VaultEndpoint implements Serializable {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("%s://%s:%d", this.scheme, this.host, this.port);
|
||||
return "%s://%s:%d".formatted(this.scheme, this.host, this.port);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -61,10 +61,10 @@ public abstract class VaultResponses {
|
||||
|
||||
if (StringUtils.hasText(message)) {
|
||||
return new VaultException(
|
||||
String.format("Status %s %s: %s", renderStatus(e.getStatusCode()), e.getStatusText(), message), e);
|
||||
"Status %s %s: %s".formatted(renderStatus(e.getStatusCode()), e.getStatusText(), message), e);
|
||||
}
|
||||
|
||||
return new VaultException(String.format("Status %s %s", renderStatus(e.getStatusCode()), e.getStatusText()), e);
|
||||
return new VaultException("Status %s %s".formatted(renderStatus(e.getStatusCode()), e.getStatusText()), e);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -81,21 +81,21 @@ public abstract class VaultResponses {
|
||||
String message = VaultResponses.getError(e.getResponseBodyAsString());
|
||||
|
||||
if (StringUtils.hasText(message)) {
|
||||
return new VaultException(String.format("Status %s %s [%s]: %s", renderStatus(e.getStatusCode()),
|
||||
return new VaultException("Status %s %s [%s]: %s".formatted(renderStatus(e.getStatusCode()),
|
||||
e.getStatusText(), path, message), e);
|
||||
}
|
||||
|
||||
return new VaultException(
|
||||
String.format("Status %s %s [%s]", renderStatus(e.getStatusCode()), e.getStatusText(), path), e);
|
||||
"Status %s %s [%s]".formatted(renderStatus(e.getStatusCode()), e.getStatusText(), path), e);
|
||||
}
|
||||
|
||||
public static VaultException buildException(HttpStatusCode statusCode, String path, String message) {
|
||||
|
||||
if (StringUtils.hasText(message)) {
|
||||
return new VaultException(String.format("Status %s [%s]: %s", renderStatus(statusCode), path, message));
|
||||
return new VaultException("Status %s [%s]: %s".formatted(renderStatus(statusCode), path, message));
|
||||
}
|
||||
|
||||
return new VaultException(String.format("Status %s [%s]", renderStatus(statusCode), path));
|
||||
return new VaultException("Status %s [%s]".formatted(renderStatus(statusCode), path));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -192,15 +192,12 @@ public abstract class AbstractReactiveVaultConfiguration extends AbstractVaultCo
|
||||
|
||||
Assert.notNull(clientAuthentication, "ClientAuthentication must not be null");
|
||||
|
||||
if (clientAuthentication instanceof TokenAuthentication) {
|
||||
if (clientAuthentication instanceof TokenAuthentication authentication) {
|
||||
|
||||
TokenAuthentication authentication = (TokenAuthentication) clientAuthentication;
|
||||
return () -> Mono.just(authentication.login());
|
||||
}
|
||||
|
||||
if (clientAuthentication instanceof AuthenticationStepsFactory) {
|
||||
|
||||
AuthenticationStepsFactory factory = (AuthenticationStepsFactory) clientAuthentication;
|
||||
if (clientAuthentication instanceof AuthenticationStepsFactory factory) {
|
||||
|
||||
WebClient webClient = getWebClientFactory().create();
|
||||
AuthenticationStepsOperator stepsOperator = new AuthenticationStepsOperator(
|
||||
@@ -209,10 +206,9 @@ public abstract class AbstractReactiveVaultConfiguration extends AbstractVaultCo
|
||||
return CachingVaultTokenSupplier.of(stepsOperator);
|
||||
}
|
||||
|
||||
throw new IllegalStateException(String.format(
|
||||
"Cannot construct VaultTokenSupplier from %s. "
|
||||
+ "ClientAuthentication must implement AuthenticationStepsFactory or be TokenAuthentication",
|
||||
clientAuthentication));
|
||||
throw new IllegalStateException("Cannot construct VaultTokenSupplier from %s. "
|
||||
+ "ClientAuthentication must implement AuthenticationStepsFactory or be TokenAuthentication"
|
||||
.formatted(clientAuthentication));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -33,15 +33,37 @@ import org.springframework.core.io.Resource;
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.vault.authentication.*;
|
||||
import org.springframework.vault.authentication.AppIdAuthentication;
|
||||
import org.springframework.vault.authentication.AppIdAuthenticationOptions;
|
||||
import org.springframework.vault.authentication.AppIdAuthenticationOptions.AppIdAuthenticationOptionsBuilder;
|
||||
import org.springframework.vault.authentication.AppIdUserIdMechanism;
|
||||
import org.springframework.vault.authentication.AppRoleAuthentication;
|
||||
import org.springframework.vault.authentication.AppRoleAuthenticationOptions;
|
||||
import org.springframework.vault.authentication.AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder;
|
||||
import org.springframework.vault.authentication.AppRoleAuthenticationOptions.RoleId;
|
||||
import org.springframework.vault.authentication.AppRoleAuthenticationOptions.SecretId;
|
||||
import org.springframework.vault.authentication.AwsEc2Authentication;
|
||||
import org.springframework.vault.authentication.AwsEc2AuthenticationOptions;
|
||||
import org.springframework.vault.authentication.AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder;
|
||||
import org.springframework.vault.authentication.AwsIamAuthentication;
|
||||
import org.springframework.vault.authentication.AwsIamAuthenticationOptions;
|
||||
import org.springframework.vault.authentication.AzureMsiAuthentication;
|
||||
import org.springframework.vault.authentication.AzureMsiAuthenticationOptions;
|
||||
import org.springframework.vault.authentication.AzureMsiAuthenticationOptions.AzureMsiAuthenticationOptionsBuilder;
|
||||
import org.springframework.vault.authentication.ClientAuthentication;
|
||||
import org.springframework.vault.authentication.ClientCertificateAuthentication;
|
||||
import org.springframework.vault.authentication.CubbyholeAuthentication;
|
||||
import org.springframework.vault.authentication.CubbyholeAuthenticationOptions;
|
||||
import org.springframework.vault.authentication.CubbyholeAuthenticationOptions.CubbyholeAuthenticationOptionsBuilder;
|
||||
import org.springframework.vault.authentication.IpAddressUserId;
|
||||
import org.springframework.vault.authentication.KubernetesAuthentication;
|
||||
import org.springframework.vault.authentication.KubernetesAuthenticationOptions;
|
||||
import org.springframework.vault.authentication.KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder;
|
||||
import org.springframework.vault.authentication.KubernetesJwtSupplier;
|
||||
import org.springframework.vault.authentication.KubernetesServiceAccountTokenFile;
|
||||
import org.springframework.vault.authentication.MacAddressUserId;
|
||||
import org.springframework.vault.authentication.StaticUserId;
|
||||
import org.springframework.vault.authentication.TokenAuthentication;
|
||||
import org.springframework.vault.client.VaultEndpoint;
|
||||
import org.springframework.vault.support.SslConfiguration;
|
||||
import org.springframework.vault.support.SslConfiguration.KeyStoreConfiguration;
|
||||
@@ -261,30 +283,19 @@ public class EnvironmentVaultConfiguration extends AbstractVaultConfiguration im
|
||||
|
||||
AuthenticationMethod authenticationMethod = AuthenticationMethod.valueOf(authentication);
|
||||
|
||||
switch (authenticationMethod) {
|
||||
|
||||
case TOKEN:
|
||||
return tokenAuthentication();
|
||||
case APPID:
|
||||
return appIdAuthentication();
|
||||
case APPROLE:
|
||||
return appRoleAuthentication();
|
||||
case AWS_EC2:
|
||||
return awsEc2Authentication();
|
||||
case AWS_IAM:
|
||||
return awsIamAuthentication();
|
||||
case AZURE:
|
||||
return azureMsiAuthentication();
|
||||
case CERT:
|
||||
return new ClientCertificateAuthentication(restOperations());
|
||||
case CUBBYHOLE:
|
||||
return cubbyholeAuthentication();
|
||||
case KUBERNETES:
|
||||
return kubeAuthentication();
|
||||
default:
|
||||
throw new IllegalStateException(String.format("Vault authentication method %s is not supported with %s",
|
||||
authenticationMethod, getClass().getSimpleName()));
|
||||
}
|
||||
return switch (authenticationMethod) {
|
||||
case TOKEN -> tokenAuthentication();
|
||||
case APPID -> appIdAuthentication();
|
||||
case APPROLE -> appRoleAuthentication();
|
||||
case AWS_EC2 -> awsEc2Authentication();
|
||||
case AWS_IAM -> awsIamAuthentication();
|
||||
case AZURE -> azureMsiAuthentication();
|
||||
case CERT -> new ClientCertificateAuthentication(restOperations());
|
||||
case CUBBYHOLE -> cubbyholeAuthentication();
|
||||
case KUBERNETES -> kubeAuthentication();
|
||||
default -> throw new IllegalStateException("Vault authentication method %s is not supported with %s"
|
||||
.formatted(authenticationMethod, getClass().getSimpleName()));
|
||||
};
|
||||
}
|
||||
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
@@ -331,13 +331,7 @@ class PropertyMapper {
|
||||
/**
|
||||
* Supplier that will catch and ignore any {@link NullPointerException}.
|
||||
*/
|
||||
private static class NullPointerExceptionSafeSupplier<T> implements Supplier<T> {
|
||||
|
||||
private final Supplier<T> supplier;
|
||||
|
||||
NullPointerExceptionSafeSupplier(Supplier<T> supplier) {
|
||||
this.supplier = supplier;
|
||||
}
|
||||
private record NullPointerExceptionSafeSupplier<T>(Supplier<T> supplier) implements Supplier<T> {
|
||||
|
||||
@Override
|
||||
public T get() {
|
||||
|
||||
@@ -109,7 +109,7 @@ class ReactiveVaultKeyValue1Template extends ReactiveVaultKeyValueAccessor imple
|
||||
|
||||
@Override
|
||||
String createDataPath(String path) {
|
||||
return String.format("%s/%s", this.path, path);
|
||||
return "%s/%s".formatted(this.path, path);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -17,12 +17,12 @@ package org.springframework.vault.core;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.vault.core.VaultKeyValueOperationsSupport.KeyValueBackend;
|
||||
import org.springframework.vault.support.VaultResponseSupport;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import reactor.core.publisher.Flux;
|
||||
|
||||
import org.springframework.vault.core.VaultKeyValueOperationsSupport.KeyValueBackend;
|
||||
import org.springframework.vault.support.VaultResponseSupport;
|
||||
|
||||
/**
|
||||
* Support class to build accessor methods for the Vault key-value backend version 2.
|
||||
*
|
||||
@@ -53,7 +53,7 @@ abstract class ReactiveVaultKeyValue2Accessor extends ReactiveVaultKeyValueAcces
|
||||
public Flux<String> list(String path) {
|
||||
|
||||
return doRead(
|
||||
String.format("%s?list=true", createBackendPath("metadata", KeyValueUtilities.normalizeListPath(path))),
|
||||
"%s?list=true".formatted(createBackendPath("metadata", KeyValueUtilities.normalizeListPath(path))),
|
||||
VaultListResponse.class)
|
||||
.flatMapMany(response -> {
|
||||
|
||||
@@ -78,7 +78,7 @@ abstract class ReactiveVaultKeyValue2Accessor extends ReactiveVaultKeyValueAcces
|
||||
}
|
||||
|
||||
String createBackendPath(String segment, String path) {
|
||||
return String.format("%s/%s/%s", this.path, segment, path);
|
||||
return "%s/%s/%s".formatted(this.path, segment, path);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -17,13 +17,14 @@ package org.springframework.vault.core;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.vault.VaultException;
|
||||
import org.springframework.vault.support.VaultResponse;
|
||||
import org.springframework.vault.support.VaultResponseSupport;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
/**
|
||||
* Default implementation of {@link VaultKeyValueOperations} for the key-value backend
|
||||
* version 2.
|
||||
@@ -85,7 +86,7 @@ class ReactiveVaultKeyValue2Template extends ReactiveVaultKeyValue2Accessor impl
|
||||
|
||||
return get(path).filter(it -> it.getData() != null)
|
||||
.switchIfEmpty(Mono.error(new SecretNotFoundException(
|
||||
String.format("No data found at %s; patch only works on existing data", createDataPath(path)),
|
||||
"No data found at %s; patch only works on existing data".formatted(createDataPath(path)),
|
||||
createLogicalPath(path))))
|
||||
.flatMap(readResponse -> {
|
||||
|
||||
@@ -112,7 +113,7 @@ class ReactiveVaultKeyValue2Template extends ReactiveVaultKeyValue2Accessor impl
|
||||
}
|
||||
|
||||
private String createLogicalPath(String path) {
|
||||
return String.format("%s/%s", this.path, path);
|
||||
return "%s/%s".formatted(this.path, path);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -15,7 +15,15 @@
|
||||
*/
|
||||
package org.springframework.vault.core;
|
||||
|
||||
import static org.springframework.web.reactive.function.client.ExchangeFilterFunction.*;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.function.Function;
|
||||
|
||||
import org.reactivestreams.Publisher;
|
||||
import reactor.core.publisher.Flux;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.client.reactive.ClientHttpConnector;
|
||||
@@ -43,14 +51,6 @@ import org.springframework.web.reactive.function.client.WebClient;
|
||||
import org.springframework.web.reactive.function.client.WebClient.RequestBodySpec;
|
||||
import org.springframework.web.reactive.function.client.WebClientException;
|
||||
import org.springframework.web.reactive.function.client.WebClientResponseException;
|
||||
import reactor.core.publisher.Flux;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.function.Function;
|
||||
|
||||
import static org.springframework.web.reactive.function.client.ExchangeFilterFunction.ofRequestProcessor;
|
||||
|
||||
/**
|
||||
* This class encapsulates main Vault interaction. {@link ReactiveVaultTemplate} will log
|
||||
@@ -287,7 +287,7 @@ public class ReactiveVaultTemplate implements ReactiveVaultOperations {
|
||||
|
||||
Assert.hasText(path, "Path must not be empty");
|
||||
|
||||
return doRead(String.format("%s?list=true", path.endsWith("/") ? path : (path + "/")), VaultListResponse.class)
|
||||
return doRead("%s?list=true".formatted(path.endsWith("/") ? path : (path + "/")), VaultListResponse.class)
|
||||
.onErrorResume(WebClientResponseException.NotFound.class, e -> Mono.empty())
|
||||
.filter(response -> response.getData() != null && response.getData().containsKey("keys"))
|
||||
.flatMapIterable(response -> (List<String>) response.getRequiredData().get("keys"));
|
||||
|
||||
@@ -15,8 +15,19 @@
|
||||
*/
|
||||
package org.springframework.vault.core;
|
||||
|
||||
import static org.springframework.vault.core.VaultTransitTemplate.*;
|
||||
|
||||
import java.util.Base64;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import reactor.core.publisher.Flux;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.vault.core.VaultTransitTemplate.VaultTransitKeyImpl;
|
||||
import org.springframework.vault.core.VaultTransitTemplate.*;
|
||||
import org.springframework.vault.support.Ciphertext;
|
||||
import org.springframework.vault.support.Hmac;
|
||||
import org.springframework.vault.support.Plaintext;
|
||||
@@ -35,17 +46,6 @@ import org.springframework.vault.support.VaultTransitContext;
|
||||
import org.springframework.vault.support.VaultTransitKey;
|
||||
import org.springframework.vault.support.VaultTransitKeyConfiguration;
|
||||
import org.springframework.vault.support.VaultTransitKeyCreationRequest;
|
||||
import reactor.core.publisher.Flux;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Base64;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.springframework.vault.core.VaultTransitTemplate.*;
|
||||
|
||||
/**
|
||||
* Default implementation of {@link ReactiveVaultTransitOperations}.
|
||||
@@ -73,7 +73,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/keys/%s", this.path, keyName), null).then();
|
||||
return this.reactiveVaultOperations.write("%s/keys/%s".formatted(this.path, keyName), null).then();
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -82,8 +82,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
Assert.notNull(createKeyRequest, "VaultTransitKeyCreationRequest must not be empty");
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/keys/%s", this.path, keyName), createKeyRequest)
|
||||
.then();
|
||||
return this.reactiveVaultOperations.write("%s/keys/%s".formatted(this.path, keyName), createKeyRequest).then();
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -91,7 +90,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/keys/%s/rotate", this.path, keyName), null).then();
|
||||
return this.reactiveVaultOperations.write("%s/keys/%s/rotate".formatted(this.path, keyName), null).then();
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -104,7 +103,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
request.put("plaintext", Base64.getEncoder().encodeToString(plaintext.getBytes()));
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/encrypt/%s", this.path, keyName), request)
|
||||
return this.reactiveVaultOperations.write("%s/encrypt/%s".formatted(this.path, keyName), request)
|
||||
.map(it -> (String) it.getRequiredData().get("ciphertext"));
|
||||
}
|
||||
|
||||
@@ -114,8 +113,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
Assert.notNull(keyConfiguration, "VaultKeyConfiguration must not be empty");
|
||||
|
||||
return this.reactiveVaultOperations
|
||||
.write(String.format("%s/keys/%s/config", this.path, keyName), keyConfiguration)
|
||||
return this.reactiveVaultOperations.write("%s/keys/%s/config".formatted(this.path, keyName), keyConfiguration)
|
||||
.then();
|
||||
}
|
||||
|
||||
@@ -124,13 +122,13 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
return this.reactiveVaultOperations.delete(String.format("%s/keys/%s", this.path, keyName));
|
||||
return this.reactiveVaultOperations.delete("%s/keys/%s".formatted(this.path, keyName));
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("unchecked")
|
||||
public Flux<String> getKeys() {
|
||||
return this.reactiveVaultOperations.read(String.format("%s/keys?list=true", this.path))
|
||||
return this.reactiveVaultOperations.read("%s/keys?list=true".formatted(this.path))
|
||||
.flatMapIterable(it -> (List<String>) it.getRequiredData().get("keys"));
|
||||
}
|
||||
|
||||
@@ -147,7 +145,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
applyTransitOptions(transitContext, request);
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/encrypt/%s", this.path, keyName), request)
|
||||
return this.reactiveVaultOperations.write("%s/encrypt/%s".formatted(this.path, keyName), request)
|
||||
.map(it -> (String) it.getRequiredData().get("ciphertext"));
|
||||
}
|
||||
|
||||
@@ -171,7 +169,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
request.put("ciphertext", ciphertext);
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/decrypt/%s", this.path, keyName), request)
|
||||
return this.reactiveVaultOperations.write("%s/decrypt/%s".formatted(this.path, keyName), request)
|
||||
.map(it -> (String) it.getRequiredData().get("plaintext"))
|
||||
.map(plaintext -> new String(Base64.getDecoder().decode(plaintext)));
|
||||
}
|
||||
@@ -199,7 +197,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
applyTransitOptions(transitContext, request);
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/decrypt/%s", this.path, keyName), request)
|
||||
return this.reactiveVaultOperations.write("%s/decrypt/%s".formatted(this.path, keyName), request)
|
||||
.map(it -> (String) it.getRequiredData().get("plaintext"))
|
||||
.map(Base64.getDecoder()::decode);
|
||||
}
|
||||
@@ -213,7 +211,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
Map<String, String> request = new LinkedHashMap<>();
|
||||
request.put("ciphertext", ciphertext);
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/rewrap/%s", this.path, keyName), request)
|
||||
return this.reactiveVaultOperations.write("%s/rewrap/%s".formatted(this.path, keyName), request)
|
||||
.map(response -> (String) response.getRequiredData().get("ciphertext"));
|
||||
}
|
||||
|
||||
@@ -228,7 +226,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
applyTransitOptions(transitContext, request);
|
||||
|
||||
return this.reactiveVaultOperations.write(String.format("%s/rewrap/%s", this.path, keyName), request)
|
||||
return this.reactiveVaultOperations.write("%s/rewrap/%s".formatted(this.path, keyName), request)
|
||||
.map(response -> (String) response.getRequiredData().get("ciphertext"));
|
||||
}
|
||||
|
||||
@@ -241,7 +239,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
return Flux.fromIterable(batchRequest)
|
||||
.map(VaultTransitTemplate::createRewrapRequest)
|
||||
.collectList()
|
||||
.flatMap(batch -> this.reactiveVaultOperations.write(String.format("%s/rewrap/%s", this.path, keyName),
|
||||
.flatMap(batch -> this.reactiveVaultOperations.write("%s/rewrap/%s".formatted(this.path, keyName),
|
||||
Collections.singletonMap("batch_input", batch)))
|
||||
.flatMapIterable(vaultResponse -> toBatchResults(vaultResponse, batchRequest, Ciphertext::getContext));
|
||||
}
|
||||
@@ -259,7 +257,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
return vaultRequest;
|
||||
})
|
||||
.collectList()
|
||||
.flatMap(batch -> this.reactiveVaultOperations.write(String.format("%s/encrypt/%s", this.path, keyName),
|
||||
.flatMap(batch -> this.reactiveVaultOperations.write("%s/encrypt/%s".formatted(this.path, keyName),
|
||||
Collections.singletonMap("batch_input", batch)))
|
||||
.flatMapIterable(vaultResponse -> toBatchResults(vaultResponse, batchRequest, Plaintext::getContext));
|
||||
}
|
||||
@@ -277,7 +275,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
return vaultRequest;
|
||||
})
|
||||
.collectList()
|
||||
.flatMap(batch -> this.reactiveVaultOperations.write(String.format("%s/decrypt/%s", this.path, keyName),
|
||||
.flatMap(batch -> this.reactiveVaultOperations.write("%s/decrypt/%s".formatted(this.path, keyName),
|
||||
Collections.singletonMap("batch_input", batch)))
|
||||
.flatMapIterable(vaultResponse -> toDecryptionResults(vaultResponse, batchRequest));
|
||||
}
|
||||
@@ -300,7 +298,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
Assert.notNull(hmacRequest, "HMAC request must not be null");
|
||||
|
||||
return this.reactiveVaultOperations
|
||||
.write(String.format("%s/hmac/%s", this.path, keyName), toRequestBody(hmacRequest))
|
||||
.write("%s/hmac/%s".formatted(this.path, keyName), toRequestBody(hmacRequest))
|
||||
.map(vaultResponse -> (String) vaultResponse.getRequiredData().get("hmac"))
|
||||
.map(Hmac::of);
|
||||
}
|
||||
@@ -323,7 +321,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
Assert.notNull(signRequest, "Sign request must not be null");
|
||||
|
||||
return this.reactiveVaultOperations
|
||||
.write(String.format("%s/sign/%s", this.path, keyName), toRequestBody(signRequest))
|
||||
.write("%s/sign/%s".formatted(this.path, keyName), toRequestBody(signRequest))
|
||||
.map(vaultResponse -> (String) vaultResponse.getRequiredData().get("signature"))
|
||||
.map(Signature::of);
|
||||
}
|
||||
@@ -347,7 +345,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
Assert.notNull(verificationRequest, "Signature verification request must not be null");
|
||||
|
||||
return this.reactiveVaultOperations
|
||||
.write(String.format("%s/verify/%s", this.path, keyName), toRequestBody(verificationRequest))
|
||||
.write("%s/verify/%s".formatted(this.path, keyName), toRequestBody(verificationRequest))
|
||||
.map(VaultResponse::getRequiredData)
|
||||
.map(vaultResponse -> {
|
||||
if (vaultResponse.containsKey("valid") && (Boolean) vaultResponse.get("valid")) {
|
||||
@@ -364,8 +362,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
Assert.notNull(type, "Key type must not be null");
|
||||
|
||||
return this.reactiveVaultOperations
|
||||
.read(String.format("%s/export/%s/%s", this.path, type.getValue(), keyName),
|
||||
VaultTransitTemplate.RawTransitKeyImpl.class)
|
||||
.read("%s/export/%s/%s".formatted(this.path, type.getValue(), keyName), RawTransitKeyImpl.class)
|
||||
.flatMap(vaultResponse -> Mono.justOrEmpty(vaultResponse.getRequiredData()));
|
||||
}
|
||||
|
||||
@@ -374,8 +371,7 @@ public class ReactiveVaultTransitTemplate implements ReactiveVaultTransitOperati
|
||||
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
return this.reactiveVaultOperations
|
||||
.read(String.format("%s/keys/%s", this.path, keyName), VaultTransitKeyImpl.class)
|
||||
return this.reactiveVaultOperations.read("%s/keys/%s".formatted(this.path, keyName), VaultTransitKeyImpl.class)
|
||||
.map(VaultResponseSupport::getRequiredData);
|
||||
}
|
||||
|
||||
|
||||
@@ -88,7 +88,7 @@ public class ReactiveVaultVersionedKeyValueTemplate extends ReactiveVaultKeyValu
|
||||
private <T> Mono<Versioned<T>> doRead(String path, Version version, Class<T> responseType) {
|
||||
|
||||
String secretPath = version.isVersioned()
|
||||
? String.format("%s?version=%d", createDataPath(path), version.getVersion()) : createDataPath(path);
|
||||
? "%s?version=%d".formatted(createDataPath(path), version.getVersion()) : createDataPath(path);
|
||||
|
||||
Mono<VersionedResponse> versionedResponseMono = doReadVersioned(secretPath);
|
||||
|
||||
|
||||
@@ -117,7 +117,7 @@ class VaultKeyValue1Template extends VaultKeyValueAccessor implements VaultKeyVa
|
||||
|
||||
@Override
|
||||
String createDataPath(String path) {
|
||||
return String.format("%s/%s", this.path, path);
|
||||
return "%s/%s".formatted(this.path, path);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -55,8 +55,7 @@ abstract class VaultKeyValue2Accessor extends VaultKeyValueAccessor {
|
||||
|
||||
VaultListResponse read = doRead(restOperations -> {
|
||||
return restOperations.exchange(
|
||||
String.format("%s?list=true",
|
||||
createBackendPath("metadata", KeyValueUtilities.normalizeListPath(path))),
|
||||
"%s?list=true".formatted(createBackendPath("metadata", KeyValueUtilities.normalizeListPath(path))),
|
||||
HttpMethod.GET, null, VaultListResponse.class);
|
||||
});
|
||||
|
||||
@@ -83,7 +82,7 @@ abstract class VaultKeyValue2Accessor extends VaultKeyValueAccessor {
|
||||
}
|
||||
|
||||
String createBackendPath(String segment, String path) {
|
||||
return String.format("%s/%s/%s", this.path, segment, path);
|
||||
return "%s/%s/%s".formatted(this.path, segment, path);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -89,8 +89,8 @@ class VaultKeyValue2Template extends VaultKeyValue2Accessor implements VaultKeyV
|
||||
VaultResponse readResponse = get(path);
|
||||
if (readResponse == null || readResponse.getData() == null) {
|
||||
throw new SecretNotFoundException(
|
||||
String.format("No data found at %s; patch only works on existing data", createDataPath(path)),
|
||||
String.format("%s/%s", this.path, path));
|
||||
"No data found at %s; patch only works on existing data".formatted(createDataPath(path)),
|
||||
"%s/%s".formatted(this.path, path));
|
||||
}
|
||||
|
||||
if (readResponse.getMetadata() == null) {
|
||||
|
||||
@@ -16,7 +16,6 @@
|
||||
package org.springframework.vault.core;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.function.BiFunction;
|
||||
import java.util.function.Function;
|
||||
@@ -216,9 +215,7 @@ abstract class VaultKeyValueAccessor implements VaultKeyValueOperationsSupport {
|
||||
|
||||
Optional<ObjectMapper> mapper = vaultOperations.doWithSession(operations -> {
|
||||
|
||||
if (operations instanceof RestTemplate) {
|
||||
|
||||
RestTemplate template = (RestTemplate) operations;
|
||||
if (operations instanceof RestTemplate template) {
|
||||
|
||||
Optional<AbstractJackson2HttpMessageConverter> jackson2Converter = template.getMessageConverters()
|
||||
.stream()
|
||||
|
||||
@@ -23,6 +23,7 @@ import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
@@ -173,7 +174,7 @@ public class VaultPkiTemplate implements VaultPkiOperations {
|
||||
|
||||
return this.vaultOperations.doWithSession(restOperations -> {
|
||||
|
||||
String requestPath = String.format("{path}/issuer/{issuer}/%s", encoding.name().toLowerCase(Locale.ROOT));
|
||||
String requestPath = "{path}/issuer/{issuer}/%s".formatted(encoding.name().toLowerCase(Locale.ROOT));
|
||||
|
||||
try {
|
||||
ResponseEntity<byte[]> response = restOperations.getForEntity(requestPath, byte[].class, this.path,
|
||||
|
||||
@@ -34,12 +34,10 @@ import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.http.HttpEntity;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.vault.VaultException;
|
||||
import org.springframework.vault.client.VaultHttpHeaders;
|
||||
import org.springframework.vault.client.VaultResponses;
|
||||
@@ -169,7 +167,7 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
Assert.hasText(path, "Path must not be empty");
|
||||
Assert.notNull(vaultMount, "VaultMount must not be null");
|
||||
|
||||
this.vaultOperations.write(String.format("sys/mounts/%s", path), vaultMount);
|
||||
this.vaultOperations.write("sys/mounts/%s".formatted(path), vaultMount);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -182,7 +180,7 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
|
||||
Assert.hasText(path, "Path must not be empty");
|
||||
|
||||
this.vaultOperations.delete(String.format("sys/mounts/%s", path));
|
||||
this.vaultOperations.delete("sys/mounts/%s".formatted(path));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -191,7 +189,7 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
Assert.hasText(path, "Path must not be empty");
|
||||
Assert.notNull(vaultMount, "VaultMount must not be null");
|
||||
|
||||
this.vaultOperations.write(String.format("sys/auth/%s", path), vaultMount);
|
||||
this.vaultOperations.write("sys/auth/%s".formatted(path), vaultMount);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -204,7 +202,7 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
|
||||
Assert.hasText(path, "Path must not be empty");
|
||||
|
||||
this.vaultOperations.delete(String.format("sys/auth/%s", path));
|
||||
this.vaultOperations.delete("sys/auth/%s".formatted(path));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -279,7 +277,7 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
|
||||
Assert.hasText(name, "Name must not be null or empty");
|
||||
|
||||
this.vaultOperations.delete(String.format("sys/policy/%s", name));
|
||||
this.vaultOperations.delete("sys/policy/%s".formatted(name));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -313,17 +311,11 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
|
||||
}
|
||||
|
||||
private static class GetMounts implements RestOperationsCallback<Map<String, VaultMount>> {
|
||||
private record GetMounts(String path) implements RestOperationsCallback<Map<String, VaultMount>> {
|
||||
|
||||
private static final ParameterizedTypeReference<VaultMountsResponse> MOUNT_TYPE_REF = new ParameterizedTypeReference<VaultMountsResponse>() {
|
||||
};
|
||||
|
||||
private final String path;
|
||||
|
||||
GetMounts(String path) {
|
||||
this.path = path;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, VaultMount> doWithRestOperations(RestOperations restOperations) {
|
||||
|
||||
@@ -439,9 +431,8 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultInitializationResponseImpl))
|
||||
if (!(o instanceof VaultInitializationResponseImpl that))
|
||||
return false;
|
||||
VaultInitializationResponseImpl that = (VaultInitializationResponseImpl) o;
|
||||
return this.keys.equals(that.keys) && this.rootToken.equals(that.rootToken);
|
||||
}
|
||||
|
||||
@@ -503,9 +494,8 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultUnsealStatusImpl))
|
||||
if (!(o instanceof VaultUnsealStatusImpl that))
|
||||
return false;
|
||||
VaultUnsealStatusImpl that = (VaultUnsealStatusImpl) o;
|
||||
return this.sealed == that.sealed && this.secretThreshold == that.secretThreshold
|
||||
&& this.secretShares == that.secretShares && this.progress == that.progress;
|
||||
}
|
||||
@@ -584,9 +574,8 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultHealthImpl))
|
||||
if (!(o instanceof VaultHealthImpl that))
|
||||
return false;
|
||||
VaultHealthImpl that = (VaultHealthImpl) o;
|
||||
return this.initialized == that.initialized && this.sealed == that.sealed && this.standby == that.standby
|
||||
&& this.performanceStandby == that.performanceStandby
|
||||
&& this.replicationRecoverySecondary == that.replicationRecoverySecondary
|
||||
|
||||
@@ -22,7 +22,6 @@ import org.springframework.beans.factory.DisposableBean;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.ParameterizedTypeReference;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.http.client.ClientHttpRequestFactory;
|
||||
import org.springframework.http.client.ClientHttpRequestInterceptor;
|
||||
@@ -286,15 +285,10 @@ public class VaultTemplate implements InitializingBean, VaultOperations, Disposa
|
||||
@Override
|
||||
public VaultKeyValueOperations opsForKeyValue(String path, KeyValueBackend apiVersion) {
|
||||
|
||||
switch (apiVersion) {
|
||||
case KV_1:
|
||||
return new VaultKeyValue1Template(this, path);
|
||||
case KV_2:
|
||||
return new VaultKeyValue2Template(this, path);
|
||||
}
|
||||
|
||||
throw new UnsupportedOperationException(
|
||||
String.format("Key/Value backend version %s not supported", apiVersion));
|
||||
return switch (apiVersion) {
|
||||
case KV_1 -> new VaultKeyValue1Template(this, path);
|
||||
case KV_2 -> new VaultKeyValue2Template(this, path);
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
@@ -388,7 +382,7 @@ public class VaultTemplate implements InitializingBean, VaultOperations, Disposa
|
||||
|
||||
Assert.hasText(path, "Path must not be empty");
|
||||
|
||||
VaultListResponse read = doRead(String.format("%s?list=true", path.endsWith("/") ? path : (path + "/")),
|
||||
VaultListResponse read = doRead("%s?list=true".formatted(path.endsWith("/") ? path : (path + "/")),
|
||||
VaultListResponse.class);
|
||||
if (read == null) {
|
||||
return Collections.emptyList();
|
||||
|
||||
@@ -65,7 +65,7 @@ public class VaultTokenTemplate implements VaultTokenOperations {
|
||||
Assert.hasText(role, "Role must not be null or empty");
|
||||
Assert.notNull(request, "VaultTokenRequest must not be null");
|
||||
|
||||
return writeAndReturn(String.format("auth/token/create/%s", role), request, VaultTokenResponse.class);
|
||||
return writeAndReturn("auth/token/create/%s".formatted(role), request, VaultTokenResponse.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -71,7 +71,7 @@ public class VaultTransformTemplate implements VaultTransformOperations {
|
||||
|
||||
request.put("value", plaintext);
|
||||
|
||||
return (String) this.vaultOperations.write(String.format("%s/encode/%s", this.path, roleName), request)
|
||||
return (String) this.vaultOperations.write("%s/encode/%s".formatted(this.path, roleName), request)
|
||||
.getRequiredData()
|
||||
.get("encoded_value");
|
||||
}
|
||||
@@ -88,8 +88,7 @@ public class VaultTransformTemplate implements VaultTransformOperations {
|
||||
|
||||
applyTransformOptions(plaintext.getContext(), request);
|
||||
|
||||
Map<String, Object> data = this.vaultOperations
|
||||
.write(String.format("%s/encode/%s", this.path, roleName), request)
|
||||
Map<String, Object> data = this.vaultOperations.write("%s/encode/%s".formatted(this.path, roleName), request)
|
||||
.getRequiredData();
|
||||
|
||||
return toCiphertext(data, plaintext.getContext());
|
||||
@@ -114,7 +113,7 @@ public class VaultTransformTemplate implements VaultTransformOperations {
|
||||
batch.add(vaultRequest);
|
||||
}
|
||||
|
||||
VaultResponse vaultResponse = this.vaultOperations.write(String.format("%s/encode/%s", this.path, roleName),
|
||||
VaultResponse vaultResponse = this.vaultOperations.write("%s/encode/%s".formatted(this.path, roleName),
|
||||
Collections.singletonMap("batch_input", batch));
|
||||
|
||||
return toEncodedResults(vaultResponse, batchRequest);
|
||||
@@ -144,7 +143,7 @@ public class VaultTransformTemplate implements VaultTransformOperations {
|
||||
|
||||
applyTransformOptions(transformContext, request);
|
||||
|
||||
return (String) this.vaultOperations.write(String.format("%s/decode/%s", this.path, roleName), request)
|
||||
return (String) this.vaultOperations.write("%s/decode/%s".formatted(this.path, roleName), request)
|
||||
.getRequiredData()
|
||||
.get("decoded_value");
|
||||
}
|
||||
@@ -167,7 +166,7 @@ public class VaultTransformTemplate implements VaultTransformOperations {
|
||||
batch.add(vaultRequest);
|
||||
}
|
||||
|
||||
VaultResponse vaultResponse = this.vaultOperations.write(String.format("%s/decode/%s", this.path, roleName),
|
||||
VaultResponse vaultResponse = this.vaultOperations.write("%s/decode/%s".formatted(this.path, roleName),
|
||||
Collections.singletonMap("batch_input", batch));
|
||||
|
||||
return toDecryptionResults(vaultResponse, batchRequest);
|
||||
|
||||
@@ -87,7 +87,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
this.vaultOperations.write(String.format("%s/keys/%s", this.path, keyName), null);
|
||||
this.vaultOperations.write("%s/keys/%s".formatted(this.path, keyName), null);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -96,13 +96,13 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
Assert.notNull(createKeyRequest, "VaultTransitKeyCreationRequest must not be empty");
|
||||
|
||||
this.vaultOperations.write(String.format("%s/keys/%s", this.path, keyName), createKeyRequest);
|
||||
this.vaultOperations.write("%s/keys/%s".formatted(this.path, keyName), createKeyRequest);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getKeys() {
|
||||
|
||||
VaultResponse response = this.vaultOperations.read(String.format("%s/keys?list=true", this.path));
|
||||
VaultResponse response = this.vaultOperations.read("%s/keys?list=true".formatted(this.path));
|
||||
|
||||
return response == null ? Collections.emptyList() : (List) response.getRequiredData().get("keys");
|
||||
}
|
||||
@@ -113,7 +113,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
Assert.notNull(keyConfiguration, "VaultKeyConfiguration must not be empty");
|
||||
|
||||
this.vaultOperations.write(String.format("%s/keys/%s/config", this.path, keyName), keyConfiguration);
|
||||
this.vaultOperations.write("%s/keys/%s/config".formatted(this.path, keyName), keyConfiguration);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -124,7 +124,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
Assert.notNull(type, "Key type must not be null");
|
||||
|
||||
VaultResponseSupport<RawTransitKeyImpl> result = this.vaultOperations
|
||||
.read(String.format("%s/export/%s/%s", this.path, type.getValue(), keyName), RawTransitKeyImpl.class);
|
||||
.read("%s/export/%s/%s".formatted(this.path, type.getValue(), keyName), RawTransitKeyImpl.class);
|
||||
|
||||
return result != null ? result.getRequiredData() : null;
|
||||
}
|
||||
@@ -136,7 +136,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
VaultResponseSupport<VaultTransitKeyImpl> result = this.vaultOperations
|
||||
.read(String.format("%s/keys/%s", this.path, keyName), VaultTransitKeyImpl.class);
|
||||
.read("%s/keys/%s".formatted(this.path, keyName), VaultTransitKeyImpl.class);
|
||||
|
||||
if (result != null) {
|
||||
return result.getRequiredData();
|
||||
@@ -150,7 +150,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
this.vaultOperations.delete(String.format("%s/keys/%s", this.path, keyName));
|
||||
this.vaultOperations.delete("%s/keys/%s".formatted(this.path, keyName));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -158,7 +158,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
Assert.hasText(keyName, "Key name must not be empty");
|
||||
|
||||
this.vaultOperations.write(String.format("%s/keys/%s/rotate", this.path, keyName), null);
|
||||
this.vaultOperations.write("%s/keys/%s/rotate".formatted(this.path, keyName), null);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -171,7 +171,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
request.put("plaintext", Base64.getEncoder().encodeToString(plaintext.getBytes()));
|
||||
|
||||
return (String) this.vaultOperations.write(String.format("%s/encrypt/%s", this.path, keyName), request)
|
||||
return (String) this.vaultOperations.write("%s/encrypt/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("ciphertext");
|
||||
}
|
||||
@@ -200,7 +200,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
applyTransitOptions(transitContext, request);
|
||||
|
||||
return (String) this.vaultOperations.write(String.format("%s/encrypt/%s", this.path, keyName), request)
|
||||
return (String) this.vaultOperations.write("%s/encrypt/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("ciphertext");
|
||||
}
|
||||
@@ -226,7 +226,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
batch.add(vaultRequest);
|
||||
}
|
||||
|
||||
VaultResponse vaultResponse = this.vaultOperations.write(String.format("%s/encrypt/%s", this.path, keyName),
|
||||
VaultResponse vaultResponse = this.vaultOperations.write("%s/encrypt/%s".formatted(this.path, keyName),
|
||||
Collections.singletonMap("batch_input", batch));
|
||||
|
||||
return toBatchResults(vaultResponse, batchRequest, Plaintext::getContext);
|
||||
@@ -242,8 +242,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
request.put("ciphertext", ciphertext);
|
||||
|
||||
String plaintext = (String) this.vaultOperations
|
||||
.write(String.format("%s/decrypt/%s", this.path, keyName), request)
|
||||
String plaintext = (String) this.vaultOperations.write("%s/decrypt/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("plaintext");
|
||||
|
||||
@@ -274,8 +273,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
applyTransitOptions(transitContext, request);
|
||||
|
||||
String plaintext = (String) this.vaultOperations
|
||||
.write(String.format("%s/decrypt/%s", this.path, keyName), request)
|
||||
String plaintext = (String) this.vaultOperations.write("%s/decrypt/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("plaintext");
|
||||
|
||||
@@ -303,7 +301,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
batch.add(vaultRequest);
|
||||
}
|
||||
|
||||
VaultResponse vaultResponse = this.vaultOperations.write(String.format("%s/decrypt/%s", this.path, keyName),
|
||||
VaultResponse vaultResponse = this.vaultOperations.write("%s/decrypt/%s".formatted(this.path, keyName),
|
||||
Collections.singletonMap("batch_input", batch));
|
||||
|
||||
return toDecryptionResults(vaultResponse, batchRequest);
|
||||
@@ -318,7 +316,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
Map<String, String> request = new LinkedHashMap<>();
|
||||
request.put("ciphertext", ciphertext);
|
||||
|
||||
return (String) this.vaultOperations.write(String.format("%s/rewrap/%s", this.path, keyName), request)
|
||||
return (String) this.vaultOperations.write("%s/rewrap/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("ciphertext");
|
||||
}
|
||||
@@ -332,7 +330,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
Map<String, String> request = createRewrapRequest(toCiphertext(ciphertext, transitContext));
|
||||
|
||||
return (String) this.vaultOperations.write(String.format("%s/rewrap/%s", this.path, keyName), request)
|
||||
return (String) this.vaultOperations.write("%s/rewrap/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("ciphertext");
|
||||
}
|
||||
@@ -351,7 +349,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
batch.add(vaultRequest);
|
||||
}
|
||||
|
||||
VaultResponse vaultResponse = this.vaultOperations.write(String.format("%s/rewrap/%s", this.path, keyName),
|
||||
VaultResponse vaultResponse = this.vaultOperations.write("%s/rewrap/%s".formatted(this.path, keyName),
|
||||
Collections.singletonMap("batch_input", batch));
|
||||
|
||||
return toBatchResults(vaultResponse, batchRequest, Ciphertext::getContext);
|
||||
@@ -376,7 +374,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
Map<String, Object> request = toRequestBody(hmacRequest);
|
||||
|
||||
String hmac = (String) this.vaultOperations.write(String.format("%s/hmac/%s", this.path, keyName), request)
|
||||
String hmac = (String) this.vaultOperations.write("%s/hmac/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("hmac");
|
||||
|
||||
@@ -416,7 +414,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
Map<String, Object> request = toRequestBody(signRequest);
|
||||
|
||||
String signature = (String) this.vaultOperations.write(String.format("%s/sign/%s", this.path, keyName), request)
|
||||
String signature = (String) this.vaultOperations.write("%s/sign/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData()
|
||||
.get("signature");
|
||||
|
||||
@@ -457,8 +455,7 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
|
||||
Map<String, Object> request = toRequestBody(verificationRequest);
|
||||
|
||||
Map<String, Object> response = this.vaultOperations
|
||||
.write(String.format("%s/verify/%s", this.path, keyName), request)
|
||||
Map<String, Object> response = this.vaultOperations.write("%s/verify/%s".formatted(this.path, keyName), request)
|
||||
.getRequiredData();
|
||||
|
||||
if (response.containsKey("valid") && Boolean.valueOf("" + response.get("valid"))) {
|
||||
@@ -818,9 +815,8 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultTransitKeyImpl))
|
||||
if (!(o instanceof VaultTransitKeyImpl that))
|
||||
return false;
|
||||
VaultTransitKeyImpl that = (VaultTransitKeyImpl) o;
|
||||
return this.allowPlaintextBackup == that.allowPlaintextBackup
|
||||
&& this.deletionAllowed == that.deletionAllowed && this.derived == that.derived
|
||||
&& this.exportable == that.exportable && this.latestVersion == that.latestVersion
|
||||
@@ -877,9 +873,8 @@ public class VaultTransitTemplate implements VaultTransitOperations {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof RawTransitKeyImpl))
|
||||
if (!(o instanceof RawTransitKeyImpl that))
|
||||
return false;
|
||||
RawTransitKeyImpl that = (RawTransitKeyImpl) o;
|
||||
return this.keys.equals(that.keys) && Objects.equals(this.name, that.name);
|
||||
}
|
||||
|
||||
|
||||
@@ -89,7 +89,7 @@ public class VaultVersionedKeyValueTemplate extends VaultKeyValue2Accessor imple
|
||||
private <T> Versioned<T> doRead(String path, Version version, Class<T> responseType) {
|
||||
|
||||
String secretPath = version.isVersioned()
|
||||
? String.format("%s?version=%d", createDataPath(path), version.getVersion()) : createDataPath(path);
|
||||
? "%s?version=%d".formatted(createDataPath(path), version.getVersion()) : createDataPath(path);
|
||||
|
||||
VersionedResponse response = this.vaultOperations.doWithSession(restOperations -> {
|
||||
|
||||
@@ -130,9 +130,7 @@ public class VaultVersionedKeyValueTemplate extends VaultKeyValue2Accessor imple
|
||||
Map<Object, Object> data = new LinkedHashMap<>();
|
||||
Map<Object, Object> requestOptions = new LinkedHashMap<>();
|
||||
|
||||
if (body instanceof Versioned) {
|
||||
|
||||
Versioned<?> versioned = (Versioned<?>) body;
|
||||
if (body instanceof Versioned<?> versioned) {
|
||||
|
||||
data.put("data", versioned.getData());
|
||||
data.put("options", requestOptions);
|
||||
|
||||
@@ -167,7 +167,7 @@ public class LeaseAwareVaultPropertySource extends EnumerablePropertySource<Vaul
|
||||
private void loadProperties() {
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Requesting secrets from Vault at %s using %s", this.requestedSecret.getPath(),
|
||||
logger.debug("Requesting secrets from Vault at %s using %s".formatted(this.requestedSecret.getPath(),
|
||||
this.requestedSecret.getMode()));
|
||||
}
|
||||
|
||||
@@ -178,11 +178,11 @@ public class LeaseAwareVaultPropertySource extends EnumerablePropertySource<Vaul
|
||||
Exception loadError = this.loadError;
|
||||
if (this.notFound || loadError != null) {
|
||||
|
||||
String msg = String.format("Vault location [%s] not resolvable", this.requestedSecret.getPath());
|
||||
String msg = "Vault location [%s] not resolvable".formatted(this.requestedSecret.getPath());
|
||||
|
||||
if (this.ignoreSecretNotFound) {
|
||||
if (logger.isInfoEnabled()) {
|
||||
logger.info(String.format("%s: %s", msg, loadError != null ? loadError.getMessage() : "Not found"));
|
||||
logger.info("%s: %s".formatted(msg, loadError != null ? loadError.getMessage() : "Not found"));
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -234,9 +234,7 @@ public class LeaseAwareVaultPropertySource extends EnumerablePropertySource<Vaul
|
||||
properties.clear();
|
||||
}
|
||||
|
||||
if (leaseEvent instanceof SecretLeaseCreatedEvent) {
|
||||
|
||||
SecretLeaseCreatedEvent created = (SecretLeaseCreatedEvent) leaseEvent;
|
||||
if (leaseEvent instanceof SecretLeaseCreatedEvent created) {
|
||||
|
||||
Map<String, Object> secrets = doTransformProperties(flattenMap(created.getSecrets()));
|
||||
|
||||
|
||||
@@ -146,7 +146,7 @@ public class VaultPropertySource extends EnumerablePropertySource<VaultOperation
|
||||
|
||||
try {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("Fetching properties from Vault at %s", this.path));
|
||||
logger.debug("Fetching properties from Vault at %s".formatted(this.path));
|
||||
}
|
||||
|
||||
Map<String, Object> properties = null;
|
||||
@@ -161,11 +161,11 @@ public class VaultPropertySource extends EnumerablePropertySource<VaultOperation
|
||||
|
||||
if (properties == null) {
|
||||
|
||||
String msg = String.format("Vault location [%s] not resolvable", this.path);
|
||||
String msg = "Vault location [%s] not resolvable".formatted(this.path);
|
||||
|
||||
if (this.ignoreSecretNotFound) {
|
||||
if (logger.isInfoEnabled()) {
|
||||
logger.info(String.format("%s: %s", msg, error != null ? error.getMessage() : "Not found"));
|
||||
logger.info("%s: %s".formatted(msg, error != null ? error.getMessage() : "Not found"));
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -220,7 +220,7 @@ public class VaultPropertySource extends EnumerablePropertySource<VaultOperation
|
||||
|
||||
if (vaultResponse == null || vaultResponse.getData() == null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("No properties found at %s", path));
|
||||
logger.debug("No properties found at %s".formatted(path));
|
||||
}
|
||||
|
||||
return null;
|
||||
|
||||
@@ -473,8 +473,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
|
||||
ThreadPoolTaskScheduler scheduler = new ThreadPoolTaskScheduler();
|
||||
scheduler.setDaemon(true);
|
||||
scheduler
|
||||
.setThreadNamePrefix(String.format("%s-%d-", getClass().getSimpleName(), poolId.incrementAndGet()));
|
||||
scheduler.setThreadNamePrefix("%s-%d-".formatted(getClass().getSimpleName(), poolId.incrementAndGet()));
|
||||
scheduler.afterPropertiesSet();
|
||||
|
||||
this.taskScheduler = scheduler;
|
||||
@@ -592,7 +591,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
Lease lease = renewalScheduler.getLease();
|
||||
|
||||
if (lease == null) {
|
||||
throw new IllegalStateException(String.format("No lease associated with secret %s", secret));
|
||||
throw new IllegalStateException("No lease associated with secret %s".formatted(secret));
|
||||
}
|
||||
|
||||
if (!renewalScheduler.isLeaseRenewable(lease, secret)) {
|
||||
@@ -617,7 +616,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
Lease lease = renewalScheduler.getLease();
|
||||
|
||||
if (lease == null) {
|
||||
throw new IllegalStateException(String.format("No lease associated with secret %s", secret));
|
||||
throw new IllegalStateException("No lease associated with secret %s".formatted(secret));
|
||||
}
|
||||
|
||||
if (!renewalScheduler.isLeaseRenewable(lease, secret) && !renewalScheduler.isLeaseRotateOnly(lease, secret)) {
|
||||
@@ -670,7 +669,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
LeaseRenewalScheduler renewalScheduler = this.renewals.get(secret);
|
||||
|
||||
if (renewalScheduler == null) {
|
||||
throw new IllegalArgumentException(String.format("No such secret %s", secret));
|
||||
throw new IllegalArgumentException("No such secret %s".formatted(secret));
|
||||
}
|
||||
return renewalScheduler;
|
||||
}
|
||||
@@ -680,12 +679,12 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
if (logger.isDebugEnabled()) {
|
||||
|
||||
if (lease.hasLeaseId()) {
|
||||
logger.debug(String.format("Secret %s with Lease %s qualified for %s", requestedSecret.getPath(),
|
||||
logger.debug("Secret %s with Lease %s qualified for %s".formatted(requestedSecret.getPath(),
|
||||
lease.getLeaseId(), action));
|
||||
}
|
||||
else {
|
||||
logger.debug(String.format("Secret %s with cache hint is qualified for %s", requestedSecret.getPath(),
|
||||
action));
|
||||
logger.debug(
|
||||
"Secret %s with cache hint is qualified for %s".formatted(requestedSecret.getPath(), action));
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -759,7 +758,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
onLeaseExpired(requestedSecret, lease);
|
||||
}
|
||||
|
||||
exceptionToUse = new VaultException(String.format("Cannot renew lease: Status %s %s %s",
|
||||
exceptionToUse = new VaultException("Cannot renew lease: Status %s %s %s".formatted(
|
||||
httpException.getStatusCode().value(), httpException.getStatusText(),
|
||||
VaultResponses.getError(httpException.getResponseBodyAsString())), e);
|
||||
}
|
||||
@@ -812,9 +811,9 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
// prevent races for concurrent renewals of the same secret using different
|
||||
// leases
|
||||
if (renewalScheduler == null || !renewalScheduler.leaseEquals(lease)) {
|
||||
logger.debug(String.format(
|
||||
"Skipping rotation after renewal expiry for secret %s with lease %s as no LeaseRenewalScheduler is found. This can happen if leases have been restarted while concurrent expiry processing.",
|
||||
requestedSecret.getPath(), lease.getLeaseId()));
|
||||
logger.debug(
|
||||
"Skipping rotation after renewal expiry for secret %s with lease %s as no LeaseRenewalScheduler is found. This can happen if leases have been restarted while concurrent expiry processing."
|
||||
.formatted(requestedSecret.getPath(), lease.getLeaseId()));
|
||||
|
||||
super.onLeaseExpired(requestedSecret, lease);
|
||||
return;
|
||||
@@ -850,7 +849,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
}
|
||||
catch (HttpStatusCodeException e) {
|
||||
onError(requestedSecret, lease, new VaultException(
|
||||
String.format("Cannot revoke lease: %s", VaultResponses.getError(e.getResponseBodyAsString()))));
|
||||
"Cannot revoke lease: %s".formatted(VaultResponses.getError(e.getResponseBodyAsString()))));
|
||||
}
|
||||
catch (RuntimeException e) {
|
||||
onError(requestedSecret, lease, e);
|
||||
@@ -904,12 +903,12 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
if (lease.hasLeaseId()) {
|
||||
logger.debug(String.format("Scheduling renewal for secret %s with lease %s, lease duration %d",
|
||||
logger.debug("Scheduling renewal for secret %s with lease %s, lease duration %d".formatted(
|
||||
requestedSecret.getPath(), lease.getLeaseId(), lease.getLeaseDuration().getSeconds()));
|
||||
}
|
||||
else {
|
||||
logger.debug(String.format("Scheduling renewal for secret %s, with cache hint duration %d",
|
||||
requestedSecret.getPath(), lease.getLeaseDuration().getSeconds()));
|
||||
logger.debug("Scheduling renewal for secret %s, with cache hint duration %d"
|
||||
.formatted(requestedSecret.getPath(), lease.getLeaseDuration().getSeconds()));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -934,11 +933,11 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
if (lease.hasLeaseId()) {
|
||||
logger.debug(String.format("Renewing lease %s for secret %s", lease.getLeaseId(),
|
||||
logger.debug("Renewing lease %s for secret %s".formatted(lease.getLeaseId(),
|
||||
requestedSecret.getPath()));
|
||||
}
|
||||
else {
|
||||
logger.debug(String.format("Renewing secret without lease %s", requestedSecret.getPath()));
|
||||
logger.debug("Renewing secret without lease %s".formatted(requestedSecret.getPath()));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -950,7 +949,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
CURRENT_UPDATER.compareAndSet(LeaseRenewalScheduler.this, lease, renewLease.renewLease(lease));
|
||||
}
|
||||
catch (Exception e) {
|
||||
logger.error(String.format("Cannot renew lease %s", lease.getLeaseId()), e);
|
||||
logger.error("Cannot renew lease %s".formatted(lease.getLeaseId()), e);
|
||||
}
|
||||
}
|
||||
};
|
||||
@@ -971,8 +970,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
if (scheduledFuture != null) {
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
String.format("Canceling previously registered schedule for lease %s", lease.getLeaseId()));
|
||||
logger.debug("Canceling previously registered schedule for lease %s".formatted(lease.getLeaseId()));
|
||||
}
|
||||
|
||||
scheduledFuture.cancel(false);
|
||||
|
||||
@@ -27,7 +27,17 @@ import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
import org.springframework.vault.core.lease.event.*;
|
||||
import org.springframework.vault.core.lease.event.AfterSecretLeaseRenewedEvent;
|
||||
import org.springframework.vault.core.lease.event.AfterSecretLeaseRevocationEvent;
|
||||
import org.springframework.vault.core.lease.event.BeforeSecretLeaseRevocationEvent;
|
||||
import org.springframework.vault.core.lease.event.LeaseErrorListener;
|
||||
import org.springframework.vault.core.lease.event.LeaseListener;
|
||||
import org.springframework.vault.core.lease.event.SecretLeaseCreatedEvent;
|
||||
import org.springframework.vault.core.lease.event.SecretLeaseErrorEvent;
|
||||
import org.springframework.vault.core.lease.event.SecretLeaseEvent;
|
||||
import org.springframework.vault.core.lease.event.SecretLeaseExpiredEvent;
|
||||
import org.springframework.vault.core.lease.event.SecretLeaseRotatedEvent;
|
||||
import org.springframework.vault.core.lease.event.SecretNotFoundEvent;
|
||||
|
||||
/**
|
||||
* Publisher for {@link SecretLeaseEvent}s.
|
||||
@@ -229,8 +239,7 @@ public class SecretLeaseEventPublisher implements InitializingBean {
|
||||
|
||||
@Override
|
||||
public void onLeaseError(SecretLeaseEvent leaseEvent, Exception exception) {
|
||||
logger.warn(
|
||||
String.format("[%s] %s %s", leaseEvent.getSource(), leaseEvent.getLease(), exception.getMessage()),
|
||||
logger.warn("[%s] %s %s".formatted(leaseEvent.getSource(), leaseEvent.getLease(), exception.getMessage()),
|
||||
exception);
|
||||
}
|
||||
|
||||
|
||||
@@ -119,11 +119,9 @@ public class Lease {
|
||||
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Lease))
|
||||
if (!(o instanceof Lease lease))
|
||||
return false;
|
||||
|
||||
Lease lease = (Lease) o;
|
||||
|
||||
if (this.leaseDuration != lease.leaseDuration)
|
||||
return false;
|
||||
if (this.renewable != lease.renewable)
|
||||
|
||||
@@ -100,11 +100,9 @@ public class RequestedSecret {
|
||||
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof RequestedSecret))
|
||||
if (!(o instanceof RequestedSecret that))
|
||||
return false;
|
||||
|
||||
RequestedSecret that = (RequestedSecret) o;
|
||||
|
||||
if (!this.path.equals(that.path))
|
||||
return false;
|
||||
return this.mode == that.mode;
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public class AfterSecretLeaseRenewedEvent extends SecretLeaseEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public class AfterSecretLeaseRevocationEvent extends SecretLeaseEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public class BeforeSecretLeaseRevocationEvent extends SecretLeaseEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
@@ -29,6 +30,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public class SecretLeaseCreatedEvent extends SecretLeaseEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private final Map<String, Object> secrets;
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public class SecretLeaseErrorEvent extends SecretLeaseEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private final Throwable exception;
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
@@ -31,6 +33,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public abstract class SecretLeaseEvent extends ApplicationEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
@Nullable
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
@@ -27,6 +29,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public class SecretLeaseExpiredEvent extends SecretLeaseEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
@@ -26,6 +28,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
*/
|
||||
public class SecretNotFoundEvent extends SecretLeaseEvent {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
|
||||
@@ -91,7 +91,7 @@ public class KeyValueDelegate {
|
||||
|
||||
String keyPath = requestedSecret.substring(mountPath.length());
|
||||
|
||||
return String.format("%sdata/%s", mountPath, keyPath);
|
||||
return "%sdata/%s".formatted(mountPath, keyPath);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@@ -108,7 +108,7 @@ public class KeyValueDelegate {
|
||||
@SuppressWarnings("unchecked")
|
||||
private MountInfo doGetMountInfo(String path) {
|
||||
|
||||
VaultResponse response = this.operations.read(String.format("sys/internal/ui/mounts/%s", path));
|
||||
VaultResponse response = this.operations.read("sys/internal/ui/mounts/%s".formatted(path));
|
||||
|
||||
if (response == null || response.getData() == null) {
|
||||
return MountInfo.unavailable();
|
||||
|
||||
@@ -22,7 +22,6 @@ import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
import org.springframework.vault.support.VaultResponse;
|
||||
import org.springframework.vault.support.Versioned;
|
||||
|
||||
/**
|
||||
* Vault database exchange object containing data before/after it's exchanged with Vault.
|
||||
@@ -186,10 +185,9 @@ public class SecretDocument {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (!(o instanceof SecretDocument)) {
|
||||
if (!(o instanceof SecretDocument that)) {
|
||||
return false;
|
||||
}
|
||||
SecretDocument that = (SecretDocument) o;
|
||||
if (!ObjectUtils.nullSafeEquals(this.id, that.id)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -40,9 +40,9 @@ public class MappingVaultEntityInformation<T, ID> extends PersistentEntityInform
|
||||
|
||||
if (!entity.hasIdProperty()) {
|
||||
|
||||
throw new MappingException(String.format(
|
||||
"Entity %s requires to have an explicit id field. Did you forget to provide one using @Id?",
|
||||
entity.getName()));
|
||||
throw new MappingException(
|
||||
"Entity %s requires to have an explicit id field. Did you forget to provide one using @Id?"
|
||||
.formatted(entity.getName()));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -101,7 +101,7 @@ public class VaultKeyValueTemplate extends KeyValueTemplate {
|
||||
|
||||
if (adapter.contains(id, keyspace)) {
|
||||
throw new DuplicateKeyException(
|
||||
String.format("Cannot insert existing object with id %s!. Please use update.", id));
|
||||
"Cannot insert existing object with id %s!. Please use update.".formatted(id));
|
||||
}
|
||||
|
||||
return (T) adapter.put(id, objectToInsert, keyspace);
|
||||
|
||||
@@ -94,7 +94,7 @@ public class BasicVaultPersistentEntity<T> extends BasicKeyValuePersistentEntity
|
||||
|
||||
@Override
|
||||
public String getKeySpace() {
|
||||
return String.format("%s/%s", getSecretBackend(), super.getKeySpace());
|
||||
return "%s/%s".formatted(getSecretBackend(), super.getKeySpace());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -79,7 +79,7 @@ public class VaultQueryCreator extends AbstractQueryCreator<KeyValueQuery<VaultQ
|
||||
|
||||
if (propertyPath.getLeafProperty() != null && !propertyPath.getLeafProperty().isIdProperty()) {
|
||||
throw new InvalidDataAccessApiUsageException(
|
||||
String.format("Cannot create criteria for non-@Id property %s", propertyPath.getLeafProperty()));
|
||||
"Cannot create criteria for non-@Id property %s".formatted(propertyPath.getLeafProperty()));
|
||||
}
|
||||
|
||||
VariableAccessor accessor = getVariableAccessor(part);
|
||||
@@ -171,42 +171,24 @@ public class VaultQueryCreator extends AbstractQueryCreator<KeyValueQuery<VaultQ
|
||||
return part.shouldIgnoreCase() != IgnoreCaseType.NEVER;
|
||||
}
|
||||
|
||||
static final class Criteria<T> implements Predicate<String> {
|
||||
|
||||
private final T value;
|
||||
|
||||
private final BiPredicate<T, String> predicate;
|
||||
|
||||
public Criteria(T value, BiPredicate<T, String> predicate) {
|
||||
this.value = value;
|
||||
this.predicate = predicate;
|
||||
}
|
||||
record Criteria<T>(T value, BiPredicate<T, String> predicate) implements Predicate<String> {
|
||||
|
||||
@Override
|
||||
public boolean test(String s) {
|
||||
return this.predicate.test(this.value, s);
|
||||
}
|
||||
|
||||
public T getValue() {
|
||||
return this.value;
|
||||
}
|
||||
|
||||
public BiPredicate<T, String> getPredicate() {
|
||||
return this.predicate;
|
||||
}
|
||||
|
||||
public boolean equals(final Object o) {
|
||||
if (o == this)
|
||||
return true;
|
||||
if (!(o instanceof Criteria))
|
||||
if (!(o instanceof Criteria<?> other))
|
||||
return false;
|
||||
final Criteria<?> other = (Criteria<?>) o;
|
||||
final Object this$value = this.getValue();
|
||||
final Object other$value = other.getValue();
|
||||
final Object this$value = this.value();
|
||||
final Object other$value = other.value();
|
||||
if (this$value == null ? other$value != null : !this$value.equals(other$value))
|
||||
return false;
|
||||
final Object this$predicate = this.getPredicate();
|
||||
final Object other$predicate = other.getPredicate();
|
||||
final Object this$predicate = this.predicate();
|
||||
final Object other$predicate = other.predicate();
|
||||
if (this$predicate == null ? other$predicate != null : !this$predicate.equals(other$predicate))
|
||||
return false;
|
||||
return true;
|
||||
@@ -215,9 +197,9 @@ public class VaultQueryCreator extends AbstractQueryCreator<KeyValueQuery<VaultQ
|
||||
public int hashCode() {
|
||||
final int PRIME = 59;
|
||||
int result = 1;
|
||||
final Object $value = this.getValue();
|
||||
final Object $value = this.value();
|
||||
result = result * PRIME + ($value == null ? 43 : $value.hashCode());
|
||||
final Object $predicate = this.getPredicate();
|
||||
final Object $predicate = this.predicate();
|
||||
result = result * PRIME + ($predicate == null ? 43 : $predicate.hashCode());
|
||||
return result;
|
||||
}
|
||||
|
||||
@@ -66,9 +66,7 @@ public class VaultRepositoryFactory extends KeyValueRepositoryFactory {
|
||||
RepositoryComposition.RepositoryFragments fragments = super.getRepositoryFragments(metadata, operations);
|
||||
|
||||
if (RevisionRepository.class.isAssignableFrom(metadata.getRepositoryInterface())
|
||||
&& operations instanceof VaultKeyValueTemplate) {
|
||||
|
||||
VaultKeyValueTemplate template = (VaultKeyValueTemplate) operations;
|
||||
&& operations instanceof VaultKeyValueTemplate template) {
|
||||
|
||||
VaultPersistentEntity<?> entity = (VaultPersistentEntity<?>) this.operations.getMappingContext()
|
||||
.getRequiredPersistentEntity(metadata.getDomainType());
|
||||
|
||||
@@ -77,8 +77,7 @@ public class VaultBytesKeyGenerator implements BytesKeyGenerator {
|
||||
@Override
|
||||
public byte[] generateKey() {
|
||||
|
||||
VaultResponse response = this.vaultOperations.write(
|
||||
String.format("%s/random/%d", this.transitPath, getKeyLength()),
|
||||
VaultResponse response = this.vaultOperations.write("%s/random/%d".formatted(this.transitPath, getKeyLength()),
|
||||
Collections.singletonMap("format", "base64"));
|
||||
|
||||
String randomBytes = (String) response.getRequiredData().get("random_bytes");
|
||||
|
||||
@@ -325,15 +325,13 @@ public class CertificateBundle extends Certificate {
|
||||
private static KeySpec getPrivateKey(byte[] privateKey, String keyType)
|
||||
throws GeneralSecurityException, IOException {
|
||||
|
||||
switch (keyType.toLowerCase(Locale.ROOT)) {
|
||||
case "rsa":
|
||||
return KeyFactories.RSA_PRIVATE.getKey(privateKey);
|
||||
case "ec":
|
||||
return KeyFactories.EC.getKey(privateKey);
|
||||
}
|
||||
return switch (keyType.toLowerCase(Locale.ROOT)) {
|
||||
case "rsa" -> KeyFactories.RSA_PRIVATE.getKey(privateKey);
|
||||
case "ec" -> KeyFactories.EC.getKey(privateKey);
|
||||
default -> throw new IllegalArgumentException(
|
||||
"Key type %s not supported. Supported types are: rsa, ec.".formatted(keyType));
|
||||
};
|
||||
|
||||
throw new IllegalArgumentException(
|
||||
String.format("Key type %s not supported. Supported types are: rsa, ec.", keyType));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -75,9 +75,8 @@ public class Ciphertext {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Ciphertext))
|
||||
if (!(o instanceof Ciphertext that))
|
||||
return false;
|
||||
Ciphertext that = (Ciphertext) o;
|
||||
return this.ciphertext.equals(that.ciphertext) && this.context.equals(that.context);
|
||||
}
|
||||
|
||||
|
||||
@@ -302,7 +302,7 @@ class DerParser {
|
||||
BigInteger getInteger() {
|
||||
|
||||
if (this.type != INTEGER) {
|
||||
throw new IllegalStateException(String.format("Invalid DER: object (%d) is not integer.", this.type));
|
||||
throw new IllegalStateException("Invalid DER: object (%d) is not integer.".formatted(this.type));
|
||||
}
|
||||
|
||||
return new BigInteger(this.value);
|
||||
@@ -343,8 +343,7 @@ class DerParser {
|
||||
case OID:
|
||||
return getObjectIdentifier(this.value);
|
||||
default:
|
||||
throw new IllegalStateException(
|
||||
String.format("Invalid DER: object (%d) is not a string", this.type));
|
||||
throw new IllegalStateException("Invalid DER: object (%d) is not a string".formatted(this.type));
|
||||
}
|
||||
|
||||
return new String(this.value, encoding);
|
||||
|
||||
@@ -24,7 +24,6 @@ import java.util.regex.Pattern;
|
||||
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* Utility to parse a Go format duration into {@link Duration}.
|
||||
@@ -57,7 +56,7 @@ public class DurationParser {
|
||||
}
|
||||
|
||||
if (!VERIFY_PATTERN.matcher(duration.toLowerCase(Locale.ENGLISH)).matches()) {
|
||||
throw new IllegalArgumentException(String.format("Cannot parse '%s' into a Duration", duration));
|
||||
throw new IllegalArgumentException("Cannot parse '%s' into a Duration".formatted(duration));
|
||||
}
|
||||
|
||||
Matcher matcher = PARSE_PATTERN.matcher(duration.toLowerCase(Locale.ENGLISH));
|
||||
@@ -67,32 +66,17 @@ public class DurationParser {
|
||||
int num = Integer.parseInt(matcher.group(1));
|
||||
String typ = matcher.group(2);
|
||||
|
||||
switch (typ) {
|
||||
case "ns":
|
||||
result = result.plus(Duration.ofNanos(num));
|
||||
break;
|
||||
case "us":
|
||||
result = result.plus(Duration.ofNanos(num * 1000));
|
||||
break;
|
||||
case "ms":
|
||||
result = result.plus(Duration.ofMillis(num));
|
||||
break;
|
||||
case "s":
|
||||
result = result.plus(Duration.ofSeconds(num));
|
||||
break;
|
||||
case "m":
|
||||
result = result.plus(Duration.ofMinutes(num));
|
||||
break;
|
||||
case "h":
|
||||
result = result.plus(Duration.ofHours(num));
|
||||
break;
|
||||
case "d":
|
||||
result = result.plus(Duration.ofDays(num));
|
||||
break;
|
||||
case "w":
|
||||
result = result.plus(Duration.ofDays(num * 7));
|
||||
break;
|
||||
}
|
||||
result = switch (typ) {
|
||||
case "ns" -> result.plus(Duration.ofNanos(num));
|
||||
case "us" -> result.plus(Duration.ofNanos(num * 1000));
|
||||
case "ms" -> result.plus(Duration.ofMillis(num));
|
||||
case "s" -> result.plus(Duration.ofSeconds(num));
|
||||
case "m" -> result.plus(Duration.ofMinutes(num));
|
||||
case "h" -> result.plus(Duration.ofHours(num));
|
||||
case "d" -> result.plus(Duration.ofDays(num));
|
||||
case "w" -> result.plus(Duration.ofDays(num * 7));
|
||||
default -> result;
|
||||
};
|
||||
}
|
||||
|
||||
return result;
|
||||
|
||||
@@ -54,9 +54,8 @@ public class Hmac {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Hmac))
|
||||
if (!(o instanceof Hmac other))
|
||||
return false;
|
||||
Hmac other = (Hmac) o;
|
||||
return this.hmac.equals(other.hmac);
|
||||
}
|
||||
|
||||
|
||||
@@ -127,7 +127,7 @@ class KeystoreUtil {
|
||||
|
||||
int counter = 0;
|
||||
for (X509Certificate certificate : certificates) {
|
||||
keyStore.setCertificateEntry(String.format("cert_%d", counter++), certificate);
|
||||
keyStore.setCertificateEntry("cert_%d".formatted(counter++), certificate);
|
||||
}
|
||||
|
||||
return keyStore;
|
||||
|
||||
@@ -162,7 +162,7 @@ public class PemObject {
|
||||
|
||||
if (!endTitle.equals(title)) {
|
||||
throw new IllegalArgumentException(
|
||||
String.format("end tag (%s) doesn't match begin tag (%s)", endTitle, title));
|
||||
"end tag (%s) doesn't match begin tag (%s)".formatted(endTitle, title));
|
||||
}
|
||||
return new PemObject(PemObjectType.of(title), keyBuilder.toString());
|
||||
}
|
||||
@@ -308,7 +308,7 @@ public class PemObject {
|
||||
}
|
||||
}
|
||||
|
||||
throw new IllegalArgumentException(String.format("No enum constant %s", identifier));
|
||||
throw new IllegalArgumentException("No enum constant %s".formatted(identifier));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -143,9 +143,8 @@ public class Plaintext {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Plaintext))
|
||||
if (!(o instanceof Plaintext plaintext1))
|
||||
return false;
|
||||
Plaintext plaintext1 = (Plaintext) o;
|
||||
return Arrays.equals(this.plaintext, plaintext1.plaintext) && this.context.equals(plaintext1.context);
|
||||
}
|
||||
|
||||
|
||||
@@ -156,9 +156,8 @@ public class Policy {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Policy))
|
||||
if (!(o instanceof Policy policy))
|
||||
return false;
|
||||
Policy policy = (Policy) o;
|
||||
return this.rules.equals(policy.rules);
|
||||
}
|
||||
|
||||
@@ -297,9 +296,8 @@ public class Policy {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Rule))
|
||||
if (!(o instanceof Rule rule))
|
||||
return false;
|
||||
Rule rule = (Rule) o;
|
||||
return this.path.equals(rule.path);
|
||||
}
|
||||
|
||||
@@ -490,17 +488,11 @@ public class Policy {
|
||||
Assert.state(StringUtils.hasText(this.path), "Path must not be empty");
|
||||
Assert.state(!this.capabilities.isEmpty(), "Rule must define one or more capabilities");
|
||||
|
||||
List<Capability> capabilities;
|
||||
switch (this.capabilities.size()) {
|
||||
case 0:
|
||||
capabilities = Collections.emptyList();
|
||||
break;
|
||||
case 1:
|
||||
capabilities = Collections.singletonList(this.capabilities.iterator().next());
|
||||
break;
|
||||
default:
|
||||
capabilities = Collections.unmodifiableList(new ArrayList<>(this.capabilities));
|
||||
}
|
||||
List<Capability> capabilities = switch (this.capabilities.size()) {
|
||||
case 0 -> Collections.emptyList();
|
||||
case 1 -> Collections.singletonList(this.capabilities.iterator().next());
|
||||
default -> Collections.unmodifiableList(new ArrayList<>(this.capabilities));
|
||||
};
|
||||
|
||||
return new Rule(this.path, capabilities, this.minWrappingTtl, this.maxWrappingTtl,
|
||||
createMap(this.allowedParameters), createMap(this.deniedParameters));
|
||||
|
||||
@@ -54,9 +54,8 @@ public class Signature {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Signature))
|
||||
if (!(o instanceof Signature that))
|
||||
return false;
|
||||
Signature that = (Signature) o;
|
||||
return this.signature.equals(that.signature);
|
||||
}
|
||||
|
||||
|
||||
@@ -63,9 +63,8 @@ public class SignatureValidation {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof SignatureValidation))
|
||||
if (!(o instanceof SignatureValidation that))
|
||||
return false;
|
||||
SignatureValidation that = (SignatureValidation) o;
|
||||
return this.state == that.state;
|
||||
}
|
||||
|
||||
|
||||
@@ -163,7 +163,7 @@ public class SslConfiguration {
|
||||
public static SslConfiguration forTrustStore(Resource trustStore, @Nullable char[] trustStorePassword) {
|
||||
|
||||
Assert.notNull(trustStore, "TrustStore must not be null");
|
||||
Assert.isTrue(trustStore.exists(), () -> String.format("TrustStore %s does not exist", trustStore));
|
||||
Assert.isTrue(trustStore.exists(), () -> "TrustStore %s does not exist".formatted(trustStore));
|
||||
|
||||
return new SslConfiguration(KeyStoreConfiguration.unconfigured(), KeyConfiguration.unconfigured(),
|
||||
new KeyStoreConfiguration(trustStore, trustStorePassword, DEFAULT_KEYSTORE_TYPE));
|
||||
@@ -240,7 +240,7 @@ public class SslConfiguration {
|
||||
KeyConfiguration keyConfiguration) {
|
||||
|
||||
Assert.notNull(keyStore, "KeyStore must not be null");
|
||||
Assert.isTrue(keyStore.exists(), () -> String.format("KeyStore %s does not exist", keyStore));
|
||||
Assert.isTrue(keyStore.exists(), () -> "KeyStore %s does not exist".formatted(keyStore));
|
||||
Assert.notNull(keyConfiguration, "KeyConfiguration must not be null");
|
||||
|
||||
return new SslConfiguration(new KeyStoreConfiguration(keyStore, keyStorePassword, DEFAULT_KEYSTORE_TYPE),
|
||||
@@ -263,10 +263,10 @@ public class SslConfiguration {
|
||||
@Nullable char[] trustStorePassword) {
|
||||
|
||||
Assert.notNull(keyStore, "KeyStore must not be null");
|
||||
Assert.isTrue(keyStore.exists(), () -> String.format("KeyStore %s does not exist", keyStore));
|
||||
Assert.isTrue(keyStore.exists(), () -> "KeyStore %s does not exist".formatted(keyStore));
|
||||
|
||||
Assert.notNull(trustStore, "TrustStore must not be null");
|
||||
Assert.isTrue(trustStore.exists(), String.format("TrustStore %s does not exist", trustStore));
|
||||
Assert.isTrue(trustStore.exists(), "TrustStore %s does not exist".formatted(trustStore));
|
||||
|
||||
return new SslConfiguration(new KeyStoreConfiguration(keyStore, keyStorePassword, DEFAULT_KEYSTORE_TYPE),
|
||||
new KeyStoreConfiguration(trustStore, trustStorePassword, DEFAULT_KEYSTORE_TYPE));
|
||||
@@ -482,7 +482,7 @@ public class SslConfiguration {
|
||||
|
||||
Assert.notNull(resource, "Resource must not be null");
|
||||
Assert.isTrue(resource instanceof AbsentResource || resource.exists(),
|
||||
() -> String.format("Resource %s does not exist", resource));
|
||||
() -> "Resource %s does not exist".formatted(resource));
|
||||
Assert.notNull(storeType, "Keystore type must not be null");
|
||||
|
||||
this.resource = resource;
|
||||
|
||||
@@ -15,10 +15,10 @@
|
||||
*/
|
||||
package org.springframework.vault.support;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Objects;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Value object representing cipher text with an optional {@link VaultTransformContext}.
|
||||
*
|
||||
@@ -75,9 +75,8 @@ public class TransformCiphertext {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof TransformCiphertext))
|
||||
if (!(o instanceof TransformCiphertext that))
|
||||
return false;
|
||||
TransformCiphertext that = (TransformCiphertext) o;
|
||||
return this.ciphertext.equals(that.ciphertext) && this.context.equals(that.context);
|
||||
}
|
||||
|
||||
|
||||
@@ -140,9 +140,8 @@ public class TransformPlaintext {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof TransformPlaintext))
|
||||
if (!(o instanceof TransformPlaintext that))
|
||||
return false;
|
||||
TransformPlaintext that = (TransformPlaintext) o;
|
||||
if (!ObjectUtils.nullSafeEquals(this.plaintext, that.plaintext)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -21,7 +21,6 @@ import java.time.temporal.ChronoUnit;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.springframework.lang.Nullable;
|
||||
@@ -484,54 +483,29 @@ public class VaultCertificateRequest {
|
||||
Assert.notNull(this.commonName, "Common name must not be null");
|
||||
Assert.hasText(this.commonName, "Common name must not be empty");
|
||||
|
||||
List<String> altNames;
|
||||
switch (this.altNames.size()) {
|
||||
case 0:
|
||||
altNames = java.util.Collections.emptyList();
|
||||
break;
|
||||
case 1:
|
||||
altNames = java.util.Collections.singletonList(this.altNames.get(0));
|
||||
break;
|
||||
default:
|
||||
altNames = java.util.Collections.unmodifiableList(new ArrayList<>(this.altNames));
|
||||
}
|
||||
List<String> altNames = switch (this.altNames.size()) {
|
||||
case 0 -> java.util.Collections.emptyList();
|
||||
case 1 -> java.util.Collections.singletonList(this.altNames.get(0));
|
||||
default -> java.util.Collections.unmodifiableList(new ArrayList<>(this.altNames));
|
||||
};
|
||||
|
||||
List<String> ipSubjectAltNames;
|
||||
switch (this.ipSubjectAltNames.size()) {
|
||||
case 0:
|
||||
ipSubjectAltNames = java.util.Collections.emptyList();
|
||||
break;
|
||||
case 1:
|
||||
ipSubjectAltNames = java.util.Collections.singletonList(this.ipSubjectAltNames.get(0));
|
||||
break;
|
||||
default:
|
||||
ipSubjectAltNames = java.util.Collections.unmodifiableList(new ArrayList<>(this.ipSubjectAltNames));
|
||||
}
|
||||
List<String> ipSubjectAltNames = switch (this.ipSubjectAltNames.size()) {
|
||||
case 0 -> java.util.Collections.emptyList();
|
||||
case 1 -> java.util.Collections.singletonList(this.ipSubjectAltNames.get(0));
|
||||
default -> java.util.Collections.unmodifiableList(new ArrayList<>(this.ipSubjectAltNames));
|
||||
};
|
||||
|
||||
List<String> uriSubjectAltNames;
|
||||
switch (this.uriSubjectAltNames.size()) {
|
||||
case 0:
|
||||
uriSubjectAltNames = java.util.Collections.emptyList();
|
||||
break;
|
||||
case 1:
|
||||
uriSubjectAltNames = java.util.Collections.singletonList(this.uriSubjectAltNames.get(0));
|
||||
break;
|
||||
default:
|
||||
uriSubjectAltNames = java.util.Collections
|
||||
.unmodifiableList(new ArrayList<>(this.uriSubjectAltNames));
|
||||
}
|
||||
List<String> uriSubjectAltNames = switch (this.uriSubjectAltNames.size()) {
|
||||
case 0 -> java.util.Collections.emptyList();
|
||||
case 1 -> java.util.Collections.singletonList(this.uriSubjectAltNames.get(0));
|
||||
default -> java.util.Collections.unmodifiableList(new ArrayList<>(this.uriSubjectAltNames));
|
||||
};
|
||||
|
||||
List<String> otherSans;
|
||||
switch (this.otherSans.size()) {
|
||||
case 0:
|
||||
otherSans = java.util.Collections.emptyList();
|
||||
break;
|
||||
case 1:
|
||||
otherSans = java.util.Collections.singletonList(this.otherSans.get(0));
|
||||
break;
|
||||
default:
|
||||
otherSans = java.util.Collections.unmodifiableList(new ArrayList<>(this.otherSans));
|
||||
}
|
||||
List<String> otherSans = switch (this.otherSans.size()) {
|
||||
case 0 -> java.util.Collections.emptyList();
|
||||
case 1 -> java.util.Collections.singletonList(this.otherSans.get(0));
|
||||
default -> java.util.Collections.unmodifiableList(new ArrayList<>(this.otherSans));
|
||||
};
|
||||
|
||||
return new VaultCertificateRequest(this.commonName, this.excludeCommonNameFromSubjectAltNames, altNames,
|
||||
ipSubjectAltNames, uriSubjectAltNames, otherSans, this.ttl, notAfter, this.format,
|
||||
|
||||
@@ -78,9 +78,8 @@ public class VaultToken {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultToken))
|
||||
if (!(o instanceof VaultToken that))
|
||||
return false;
|
||||
VaultToken that = (VaultToken) o;
|
||||
return Arrays.equals(this.token, that.token);
|
||||
}
|
||||
|
||||
|
||||
@@ -341,7 +341,7 @@ public class VaultTokenRequest {
|
||||
Assert.isTrue(ttl >= 0, "TTL must not be negative");
|
||||
Assert.notNull(timeUnit, "TimeUnit must not be null");
|
||||
|
||||
this.ttl = String.format("%ss", timeUnit.toSeconds(ttl));
|
||||
this.ttl = "%ss".formatted(timeUnit.toSeconds(ttl));
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -357,7 +357,7 @@ public class VaultTokenRequest {
|
||||
Assert.notNull(ttl, "TTL must not be null");
|
||||
Assert.isTrue(!ttl.isNegative(), "TTL must not be negative");
|
||||
|
||||
this.ttl = String.format("%ss", ttl.getSeconds());
|
||||
this.ttl = "%ss".formatted(ttl.getSeconds());
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -375,7 +375,7 @@ public class VaultTokenRequest {
|
||||
Assert.isTrue(explicitMaxTtl >= 0, "TTL must not be negative");
|
||||
Assert.notNull(timeUnit, "TimeUnit must not be null");
|
||||
|
||||
this.explicitMaxTtl = String.format("%ss", timeUnit.toSeconds(explicitMaxTtl));
|
||||
this.explicitMaxTtl = "%ss".formatted(timeUnit.toSeconds(explicitMaxTtl));
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -394,7 +394,7 @@ public class VaultTokenRequest {
|
||||
Assert.notNull(explicitMaxTtl, "Explicit max TTL must not be null");
|
||||
Assert.isTrue(!explicitMaxTtl.isNegative(), "TTL must not be negative");
|
||||
|
||||
this.explicitMaxTtl = String.format("%ss", explicitMaxTtl.getSeconds());
|
||||
this.explicitMaxTtl = "%ss".formatted(explicitMaxTtl.getSeconds());
|
||||
return this;
|
||||
}
|
||||
|
||||
|
||||
@@ -19,7 +19,6 @@ import java.util.Arrays;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* Transform backend encode/decode context object.
|
||||
@@ -103,9 +102,8 @@ public class VaultTransformContext {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultTransformContext))
|
||||
if (!(o instanceof VaultTransformContext that))
|
||||
return false;
|
||||
VaultTransformContext that = (VaultTransformContext) o;
|
||||
return this.transformation.equals(that.transformation) && Arrays.equals(this.tweak, that.tweak);
|
||||
}
|
||||
|
||||
|
||||
@@ -107,9 +107,8 @@ public class VaultTransitContext {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof VaultTransitContext))
|
||||
if (!(o instanceof VaultTransitContext that))
|
||||
return false;
|
||||
VaultTransitContext that = (VaultTransitContext) o;
|
||||
return Arrays.equals(this.context, that.context) && Arrays.equals(this.nonce, that.nonce)
|
||||
&& this.keyVersion == that.keyVersion;
|
||||
}
|
||||
|
||||
@@ -200,9 +200,8 @@ public class Versioned<T> {
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof Versioned))
|
||||
if (!(o instanceof Versioned<?> versioned))
|
||||
return false;
|
||||
Versioned<?> versioned = (Versioned<?>) o;
|
||||
return Objects.equals(this.data, versioned.data) && Objects.equals(this.version, versioned.version)
|
||||
&& Objects.equals(this.metadata, versioned.metadata);
|
||||
}
|
||||
@@ -488,7 +487,7 @@ public class Versioned<T> {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("Version[%d]", this.version);
|
||||
return "Version[%d]".formatted(this.version);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -78,7 +78,7 @@ class AppRoleAuthenticationIntegrationTestBase extends IntegrationTestSupport {
|
||||
}
|
||||
|
||||
String getRoleId(String roleName) {
|
||||
return (String) getVaultOperations().read(String.format("auth/approle/role/%s/role-id", roleName))
|
||||
return (String) getVaultOperations().read("auth/approle/role/%s/role-id".formatted(roleName))
|
||||
.getRequiredData()
|
||||
.get("role_id");
|
||||
}
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
*/
|
||||
package org.springframework.vault.authentication;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -26,9 +28,6 @@ import org.springframework.vault.support.VaultResponse;
|
||||
import org.springframework.vault.support.VaultToken;
|
||||
import org.springframework.vault.util.Settings;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
|
||||
/**
|
||||
* Integration tests for {@link AppRoleAuthentication}.
|
||||
*
|
||||
@@ -80,7 +79,7 @@ class AppRoleAuthenticationIntegrationTests extends AppRoleAuthenticationIntegra
|
||||
|
||||
String roleId = getRoleId("with-secret-id");
|
||||
String secretId = (String) getVaultOperations()
|
||||
.write(String.format("auth/approle/role/%s/secret-id", "with-secret-id"), null)
|
||||
.write("auth/approle/role/%s/secret-id".formatted("with-secret-id"), null)
|
||||
.getRequiredData()
|
||||
.get("secret_id");
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user