diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java
index f696f096..515f2664 100644
--- a/src/main/java/com/bettercloud/vault/api/Auth.java
+++ b/src/main/java/com/bettercloud/vault/api/Auth.java
@@ -6,12 +6,14 @@
import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.json.JsonObject;
import com.bettercloud.vault.response.AuthResponse;
+import com.bettercloud.vault.response.LogicalResponse;
import com.bettercloud.vault.response.LookupResponse;
-import com.bettercloud.vault.rest.RestResponse;
import com.bettercloud.vault.rest.Rest;
+import com.bettercloud.vault.rest.RestResponse;
import lombok.Getter;
import java.io.Serializable;
+import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.UUID;
@@ -1084,17 +1086,17 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
/**
* Returns information about the current client token.
- *
+ *
* @return The response information returned from Vault
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public LookupResponse lookupSelf() throws VaultException {
return lookupSelf("token");
}
-
+
/**
* Returns information about the current client token.
- *
+ *
* @param tokenAuthMount The mount name of the token authentication back end. If null, defaults to "token"
* @return The response information returned from Vault
* @throws VaultException If any error occurs, or unexpected response received from Vault
@@ -1142,6 +1144,68 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept
}
}
+ /**
+ * Returns information about the current client token for a wrapped token, for which the lookup endpoint is
+ * different at "sys/wrapping/lookup". Example usage:
+ *
+ *
+ * {@code
+ * final String wrappingToken = "...";
+ * final VaultConfig config = new VaultConfig().address(...).token(wrappingToken).build();
+ * final Vault vault = new Vault(config);
+ * final LogicalResponse response = vault.auth().lookupWarp();
+ * // Then you can validate "path" for example ...
+ * final String path = response.getData().get("path");
+ * }
+ *
+ *
+ * @return The response information returned from Vault
+ * @throws VaultException If any error occurs, or unexpected response received from Vault
+ */
+ public LogicalResponse lookupWrap() throws VaultException {
+ int retryCount = 0;
+ while (true) {
+ try {
+ // HTTP request to Vault
+ final RestResponse restResponse = new Rest()//NOPMD
+ .url(config.getAddress() + "/v1/sys/wrapping/lookup")
+ .header("X-Vault-Token", config.getToken())
+ .connectTimeoutSeconds(config.getOpenTimeout())
+ .readTimeoutSeconds(config.getReadTimeout())
+ .sslVerification(config.getSslConfig().isVerify())
+ .sslContext(config.getSslConfig().getSslContext())
+ .get();
+ // Validate restResponse
+ if (restResponse.getStatus() != 200) {
+ throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(),
+ restResponse.getStatus());
+ }
+ final String mimeType = restResponse.getMimeType();
+ if (mimeType == null || !"application/json".equals(mimeType)) {
+ throw new VaultException("Vault responded with MIME type: " + mimeType, restResponse.getStatus());
+ }
+ return new LogicalResponse(restResponse, retryCount);
+ } catch (Exception e) {
+ // If there are retries to perform, then pause for the configured interval and then execute the loop
+ // again...
+ if (retryCount < config.getMaxRetries()) {
+ retryCount++;
+ try {
+ final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
+ Thread.sleep(retryIntervalMilliseconds);
+ } catch (InterruptedException e1) {
+ e1.printStackTrace(); //NOPMD
+ }
+ } else if (e instanceof VaultException) { //NOPMD
+ // ... otherwise, give up.
+ throw (VaultException) e;
+ } else {
+ throw new VaultException(e);
+ }
+ }
+ }
+ }
+
/**
* Revokes current client token.
*
@@ -1196,4 +1260,111 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException {
}
}
+ /**
+ * Returns the original response inside the wrapped auth token. This method is useful if you need to unwrap a
+ * token without being authenticated. See {@link #unwrap(String)} if you need to do that authenticated.
+ *
+ * In the example below, you cannot use twice the {@code VaultConfig}, since
+ * after the first usage of the {@code wrappingToken}, it is not usable anymore. You need to use the
+ * {@code unwrappedToken} in a new vault configuration to continue. Example usage:
+ *
+ *
+ * {@code
+ * final String wrappingToken = "...";
+ * final VaultConfig config = new VaultConfig().address(...).token(wrappingToken).build();
+ * final Vault vault = new Vault(config);
+ * final AuthResponse response = vault.auth().unwrap();
+ * final String unwrappedToken = response.getAuthClientToken();
+ * }
+ *
+ *
+ * @return The response information returned from Vault
+ * @throws VaultException If any error occurs, or unexpected response received from Vault
+ * @see #unwrap(String)
+ */
+ public AuthResponse unwrap() throws VaultException {
+ return unwrap(null);
+ }
+
+ /**
+ * Returns the original response inside the given wrapped auth token. This method is useful if you need to unwrap
+ * a token, while being already authenticated. Do NOT authenticate in vault with your wrapping token, since it will
+ * both fail authentication and invalidate the wrapping token at the same time. See {@link #unwrap()} if you need to
+ * do that without being authenticated.
+ *
+ * In the example below, {@code authToken} is NOT your wrapped token, and should have unwrapping permissions.
+ * The unwrapped token in {@code unwrappedToken}. Example usage:
+ *
+ *
+ * {@code
+ * final String authToken = "...";
+ * final String wrappingToken = "...";
+ * final VaultConfig config = new VaultConfig().address(...).token(authToken).build();
+ * final Vault vault = new Vault(config);
+ * final AuthResponse response = vault.auth().unwrap(wrappingToken);
+ * final String unwrappedToken = response.getAuthClientToken();
+ * }
+ *
+ *
+ * @param wrappedToken Specifies the wrapping token ID, do NOT also put this in your {@link VaultConfig#token},
+ * if token is {@code null}, this method will unwrap the auth token in {@link VaultConfig#token}
+ * @return The response information returned from Vault
+ * @throws VaultException If any error occurs, or unexpected response received from Vault
+ * @see #unwrap()
+ */
+ public AuthResponse unwrap(final String wrappedToken) throws VaultException {
+ int retryCount = 0;
+ while (true) {
+ try {
+ // Parse parameters to JSON
+ final JsonObject jsonObject = Json.object();
+ if (wrappedToken != null) {
+ jsonObject.add("token", wrappedToken);
+ }
+
+ final String requestJson = jsonObject.toString();
+ final String url = config.getAddress() + "/v1/sys/wrapping/unwrap";
+
+ // HTTP request to Vault
+ final RestResponse restResponse = new Rest()
+ .url(url)
+ .header("X-Vault-Token", config.getToken())
+ .body(requestJson.getBytes("UTF-8"))
+ .connectTimeoutSeconds(config.getOpenTimeout())
+ .readTimeoutSeconds(config.getReadTimeout())
+ .sslVerification(config.getSslConfig().isVerify())
+ .sslContext(config.getSslConfig().getSslContext())
+ .post();
+
+ // Validate restResponse
+ if (restResponse.getStatus() != 200) {
+ throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(),
+ restResponse.getStatus());
+ }
+ final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType();
+ if (!mimeType.equals("application/json")) {
+ throw new VaultException("Vault responded with MIME type: " + mimeType, restResponse.getStatus());
+ }
+ return new AuthResponse(restResponse, retryCount);
+ } catch (final Exception e) {
+ // If there are retries to perform, then pause for the configured interval and then execute the
+ // loop again...
+ if (retryCount < config.getMaxRetries()) {
+ retryCount++;
+ try {
+ final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
+ Thread.sleep(retryIntervalMilliseconds);
+ } catch (InterruptedException e1) {
+ e1.printStackTrace();
+ }
+ } else if (e instanceof VaultException) {
+ // ... otherwise, give up.
+ throw (VaultException) e;
+ } else {
+ throw new VaultException(e);
+ }
+ }
+ }
+ }
+
}
diff --git a/src/test/java/com/bettercloud/vault/vault/VaultTestUtils.java b/src/test/java/com/bettercloud/vault/vault/VaultTestUtils.java
index 2747730d..7958959b 100644
--- a/src/test/java/com/bettercloud/vault/vault/VaultTestUtils.java
+++ b/src/test/java/com/bettercloud/vault/vault/VaultTestUtils.java
@@ -1,6 +1,9 @@
package com.bettercloud.vault.vault;
+import com.bettercloud.vault.json.Json;
+import com.bettercloud.vault.json.JsonObject;
import com.bettercloud.vault.vault.mock.MockVault;
+import org.apache.commons.io.IOUtils;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
@@ -10,6 +13,15 @@
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Optional;
+
+import static java.util.function.Function.identity;
+import static java.util.stream.Collectors.toMap;
+
/**
* Utilities used by all of the Vault-related unit test classes under
* src/test/java/com/bettercloud/vault, to setup and shutdown mock Vault server implementations.
@@ -54,5 +66,21 @@ public static void shutdownMockVault(final Server server) throws Exception {
}
}
+ public static Optional readRequestBody(HttpServletRequest request) {
+ try {
+ StringBuilder requestBuffer = new StringBuilder();
+ IOUtils.readLines(request.getReader()).forEach(requestBuffer::append);
+ String string = requestBuffer.toString();
+ return string.isEmpty() ? Optional.empty() : Optional.of(Json.parse(string).asObject());
+ } catch (IOException e) {
+ return Optional.empty();
+ }
+ }
+
+ public static Map readRequestHeaders(HttpServletRequest request) {
+ return Collections.list(request.getHeaderNames()).stream()
+ .collect(toMap(identity(), request::getHeader));
+ }
+
}
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java b/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java
index afe9f405..cfa5fa0b 100644
--- a/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java
+++ b/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java
@@ -3,17 +3,16 @@
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
-import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.json.JsonObject;
import com.bettercloud.vault.vault.VaultTestUtils;
import com.bettercloud.vault.vault.mock.AuthRequestValidatingMockVault;
-import org.apache.commons.io.IOUtils;
import org.eclipse.jetty.server.Server;
import org.junit.Test;
import javax.servlet.http.HttpServletRequest;
import java.util.function.Predicate;
+import static com.bettercloud.vault.vault.VaultTestUtils.readRequestBody;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -23,7 +22,7 @@ public class AuthBackendAwsTests {
public void testLoginByAwsEc2Id() throws Exception {
final Predicate isValidEc2IdRequest = (request) -> {
try {
- JsonObject requestBody = readRequestBody(request);
+ JsonObject requestBody = readRequestBody(request).orElse(null);
return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
requestBody.getString("identity", "").equals("identity") &&
requestBody.getString("signature", "").equals("signature");
@@ -59,7 +58,7 @@ public void testLoginByAwsEc2Id() throws Exception {
public void testLoginByAwsEc2Pkcs7() throws Exception {
final Predicate isValidEc2pkcs7Request = (request) -> {
try {
- JsonObject requestBody = readRequestBody(request);
+ JsonObject requestBody = readRequestBody(request).orElse(null);
return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
requestBody.getString("pkcs7", "").equals("pkcs7");
} catch (Exception e) {
@@ -95,7 +94,7 @@ public void testLoginByAwsEc2Pkcs7() throws Exception {
@Test
public void testLoginByAwsIam() throws Exception {
final Predicate isValidEc2IamRequest = (request) -> {
- JsonObject requestBody = readRequestBody(request);
+ JsonObject requestBody = readRequestBody(request).orElse(null);
return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
requestBody.getString("iam_http_request_method", "").equals("POST") &&
requestBody.getString("iam_request_url", "").equals("url") &&
@@ -123,14 +122,4 @@ public void testLoginByAwsIam() throws Exception {
assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim());
}
- private JsonObject readRequestBody(HttpServletRequest request) {
- try {
- StringBuilder requestBuffer = new StringBuilder();
- IOUtils.readLines(request.getReader()).forEach(requestBuffer::append);
- return Json.parse(requestBuffer.toString()).asObject();
- } catch (Exception e) {
- return null;
- }
- }
-
}
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthLookupTest.java b/src/test/java/com/bettercloud/vault/vault/api/AuthLookupTest.java
new file mode 100644
index 00000000..b1aa2462
--- /dev/null
+++ b/src/test/java/com/bettercloud/vault/vault/api/AuthLookupTest.java
@@ -0,0 +1,75 @@
+package com.bettercloud.vault.vault.api;
+
+import com.bettercloud.vault.Vault;
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.json.JsonArray;
+import com.bettercloud.vault.json.JsonObject;
+import com.bettercloud.vault.response.LookupResponse;
+import com.bettercloud.vault.vault.VaultTestUtils;
+import com.bettercloud.vault.vault.mock.MockVault;
+import org.eclipse.jetty.server.Server;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Optional;
+
+import static org.junit.Assert.assertEquals;
+
+public class AuthLookupTest {
+
+ private static final JsonObject RESPONSE_AUTH_LOOKUPSELF = new JsonObject()
+ .add("data", new JsonObject()
+ .add("accessor", "accessor")
+ .add("policies", new JsonArray()));
+
+ private Server server;
+ private MockVault vaultServer;
+
+ @Before
+ public void before() throws Exception {
+ vaultServer = new MockVault(200, RESPONSE_AUTH_LOOKUPSELF.toString());
+ server = VaultTestUtils.initHttpMockVault(vaultServer);
+ server.start();
+ }
+
+ @After
+ public void after() throws Exception {
+ VaultTestUtils.shutdownMockVault(server);
+ }
+
+ @Test
+ public void should_lookup_self_use_url_auth_token_lookup_self() throws Exception {
+ VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("token").build();
+ Vault vault = new Vault(vaultConfig);
+ LookupResponse response = vault.auth().lookupSelf();
+
+ assertEquals(200, response.getRestResponse().getStatus());
+
+ // Request URL should contain auth/token/lookup-self
+ assertEquals(Optional.empty(), vaultServer.getRequestBody());
+ assertEquals("token", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+ assertEquals("http://127.0.0.1:8999/v1/auth/token/lookup-self", vaultServer.getRequestUrl());
+
+ // Assert response should have the accessor
+ assertEquals("accessor", response.getAccessor());
+ }
+
+ @Test
+ public void should_lookup_self_with_param_use_url_auth_mount_lookup_self() throws Exception {
+ VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("token").build();
+ Vault vault = new Vault(vaultConfig);
+ LookupResponse response = vault.auth().lookupSelf("mount");
+
+ assertEquals(200, response.getRestResponse().getStatus());
+
+ // Request URL should contain auth/mount/lookup-self
+ assertEquals(Optional.empty(), vaultServer.getRequestBody());
+ assertEquals("token", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+ assertEquals("http://127.0.0.1:8999/v1/auth/mount/lookup-self", vaultServer.getRequestUrl());
+
+ // Assert response should have the accessor
+ assertEquals("accessor", response.getAccessor());
+ }
+
+}
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthLookupWrapTest.java b/src/test/java/com/bettercloud/vault/vault/api/AuthLookupWrapTest.java
new file mode 100644
index 00000000..6b49fc91
--- /dev/null
+++ b/src/test/java/com/bettercloud/vault/vault/api/AuthLookupWrapTest.java
@@ -0,0 +1,56 @@
+package com.bettercloud.vault.vault.api;
+
+import com.bettercloud.vault.Vault;
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.json.JsonObject;
+import com.bettercloud.vault.response.LogicalResponse;
+import com.bettercloud.vault.vault.VaultTestUtils;
+import com.bettercloud.vault.vault.mock.MockVault;
+import org.eclipse.jetty.server.Server;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Optional;
+
+import static org.junit.Assert.assertEquals;
+
+public class AuthLookupWrapTest {
+
+ private static final JsonObject RESPONSE_AUTH_LOOKUPSELF = new JsonObject()
+ .add("data", new JsonObject()
+ .add("creation_path", "token/path"));
+
+ private Server server;
+ private MockVault vaultServer;
+
+ @Before
+ public void before() throws Exception {
+ vaultServer = new MockVault(200, RESPONSE_AUTH_LOOKUPSELF.toString());
+ server = VaultTestUtils.initHttpMockVault(vaultServer);
+ server.start();
+ }
+
+ @After
+ public void after() throws Exception {
+ VaultTestUtils.shutdownMockVault(server);
+ }
+
+ @Test
+ public void should_lookup_wrap_use_url_sys_wrapping_lookup() throws Exception {
+ VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("wrapped").build();
+ Vault vault = new Vault(vaultConfig);
+ LogicalResponse response = vault.auth().lookupWrap();
+
+ assertEquals(200, response.getRestResponse().getStatus());
+
+ // Request URL should contain sys/wrapping/lookup
+ assertEquals(Optional.empty(), vaultServer.getRequestBody());
+ assertEquals("wrapped", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+ assertEquals("http://127.0.0.1:8999/v1/sys/wrapping/lookup", vaultServer.getRequestUrl());
+
+ // Assert response should have the accessor
+ assertEquals("token/path", response.getData().get("creation_path"));
+ }
+
+}
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthUnwrapTest.java b/src/test/java/com/bettercloud/vault/vault/api/AuthUnwrapTest.java
new file mode 100644
index 00000000..2657187e
--- /dev/null
+++ b/src/test/java/com/bettercloud/vault/vault/api/AuthUnwrapTest.java
@@ -0,0 +1,72 @@
+package com.bettercloud.vault.vault.api;
+
+import com.bettercloud.vault.Vault;
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.json.JsonArray;
+import com.bettercloud.vault.json.JsonObject;
+import com.bettercloud.vault.response.AuthResponse;
+import com.bettercloud.vault.vault.VaultTestUtils;
+import com.bettercloud.vault.vault.mock.MockVault;
+import org.eclipse.jetty.server.Server;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class AuthUnwrapTest {
+
+ private static final JsonObject RESPONSE_AUTH_UNWRAP = new JsonObject()
+ .add("renewable", false)
+ .add("auth", new JsonObject()
+ .add("policies", new JsonArray())
+ .add("client_token", "unwrappedToken"));
+
+ private Server server;
+ private MockVault vaultServer;
+
+ @Before
+ public void before() throws Exception {
+ vaultServer = new MockVault(200, RESPONSE_AUTH_UNWRAP.toString());
+ server = VaultTestUtils.initHttpMockVault(vaultServer);
+ server.start();
+ }
+
+ @After
+ public void after() throws Exception {
+ VaultTestUtils.shutdownMockVault(server);
+ }
+
+ @Test
+ public void should_unwrap_without_param_sends_no_token_and_return_unwrapped_token() throws Exception {
+ VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("wrappedToken").build();
+ Vault vault = new Vault(vaultConfig);
+ AuthResponse response = vault.auth().unwrap();
+
+ assertEquals(200, response.getRestResponse().getStatus());
+
+ // Assert request body should NOT have token body (wrapped is in header)
+ assertEquals(null, vaultServer.getRequestBody().get().get("token"));
+ assertEquals("wrappedToken", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+
+ // Assert response should have the unwrapped token in the client_token key
+ assertEquals("unwrappedToken", response.getAuthClientToken());
+ }
+
+ @Test
+ public void should_unwrap_param_sends_token_and_return_unwrapped_token() throws Exception {
+ VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("authToken").build();
+ Vault vault = new Vault(vaultConfig);
+ AuthResponse response = vault.auth().unwrap("wrappedToken");
+
+ assertEquals(200, response.getRestResponse().getStatus());
+
+ // Assert request body SHOULD have token body
+ assertEquals("wrappedToken", vaultServer.getRequestBody().get().getString("token", null));
+ assertEquals("authToken", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+
+ // Assert response should have the unwrapped token in the client_token key
+ assertEquals("unwrappedToken", response.getAuthClientToken());
+ }
+
+}
diff --git a/src/test/java/com/bettercloud/vault/vault/mock/MockVault.java b/src/test/java/com/bettercloud/vault/vault/mock/MockVault.java
index 312bbffd..7df77a40 100644
--- a/src/test/java/com/bettercloud/vault/vault/mock/MockVault.java
+++ b/src/test/java/com/bettercloud/vault/vault/mock/MockVault.java
@@ -1,12 +1,19 @@
package com.bettercloud.vault.vault.mock;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.handler.AbstractHandler;
+import static com.bettercloud.vault.vault.VaultTestUtils.readRequestBody;
+import static com.bettercloud.vault.vault.VaultTestUtils.readRequestHeaders;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Optional;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.handler.AbstractHandler;
+
+import com.bettercloud.vault.json.JsonObject;
/**
* This class is used to mock out a Vault server in unit tests involving retry logic. As it extends Jetty's
@@ -22,7 +29,7 @@
* server.setHandler( new MockVault(200, "{\"data\":{\"value\":\"mock\"}}") );
* server.start();
*
- * final VaultConfig vaultConfig = new VaultConfig("http://127.0.0.1:8999", "mock_token");
+ * final VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("mock_token").build();
* final Vault vault = new Vault(vaultConfig);
* final LogicalResponse response = vault.logical().read("secret/hello");
*
@@ -37,15 +44,18 @@ public class MockVault extends AbstractHandler {
private int mockStatus;
private String mockResponse;
+ private JsonObject requestBody;
+ private Map requestHeaders;
+ private String requestUrl;
+
+ MockVault() {
+ }
public MockVault(final int mockStatus, final String mockResponse) {
this.mockStatus = mockStatus;
this.mockResponse = mockResponse;
}
- protected MockVault() {
- }
-
@Override
public void handle(
final String target,
@@ -53,6 +63,9 @@ public void handle(
final HttpServletRequest request,
final HttpServletResponse response
) throws IOException, ServletException {
+ requestBody = readRequestBody(request).orElse(null);
+ requestHeaders = readRequestHeaders(request);
+ requestUrl = request.getRequestURL().toString();
response.setContentType("application/json");
baseRequest.setHandled(true);
System.out.println("MockVault is sending an HTTP " + mockStatus + " code, with expected success payload...");
@@ -62,4 +75,16 @@ public void handle(
}
}
+ public Optional getRequestBody() {
+ return Optional.ofNullable(requestBody);
+ }
+
+ public Map getRequestHeaders() {
+ return requestHeaders;
+ }
+
+ public String getRequestUrl() {
+ return requestUrl;
+ }
+
}