Add support for response wrapping lookup #78

dubreuia · dubreuia · commit 862ea73f954e · 2018-03-08T13:20:34.000+01:00
See issue #78
diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java
@@ -6,12 +6,14 @@
 import com.bettercloud.vault.json.Json;
 import com.bettercloud.vault.json.JsonObject;
 import com.bettercloud.vault.response.AuthResponse;
+import com.bettercloud.vault.response.LogicalResponse;
 import com.bettercloud.vault.response.LookupResponse;
 import com.bettercloud.vault.rest.Rest;
 import com.bettercloud.vault.rest.RestResponse;
 import lombok.Getter;
 
 import java.io.Serializable;
+import java.net.URI;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -1084,17 +1086,17 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
 
     /**
      * <p>Returns information about the current client token.</p>
-     * 
+     *
      * @return The response information returned from Vault
      * @throws VaultException If any error occurs, or unexpected response received from Vault
      */
     public LookupResponse lookupSelf() throws VaultException {
     	return lookupSelf("token");
     }
-    
+
     /**
      * <p>Returns information about the current client token.</p>
-     * 
+     *
      * @param tokenAuthMount The mount name of the token authentication back end.  If null, defaults to "token"
      * @return The response information returned from Vault
      * @throws VaultException If any error occurs, or unexpected response received from Vault
@@ -1142,6 +1144,68 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept
         }
     }
 
+    /**
+     * <p>Returns information about the current client token for a wrapped token, for which the lookup endpoint is
+     * different at "sys/wrapping/lookup". Example usage:</p>
+     *
+     * <blockquote>
+     * <pre>{@code
+     * final String wrappingToken = "...";
+     * final VaultConfig config = new VaultConfig().address(...).token(wrappingToken).build();
+     * final Vault vault = new Vault(config);
+     * final LogicalResponse response = vault.auth().lookupWarp();
+     * // Then you can validate "path" for example ...
+     * final String path = response.getData().get("path");
+     * }</pre>
+     * </blockquote>
+     *
+     * @return The response information returned from Vault
+     * @throws VaultException If any error occurs, or unexpected response received from Vault
+     */
+    public LogicalResponse lookupWrap() throws VaultException {
+        int retryCount = 0;
+        while (true) {
+            try {
+                // HTTP request to Vault
+                final RestResponse restResponse = new Rest()//NOPMD
+                        .url(config.getAddress() + "/v1/sys/wrapping/lookup")
+                        .header("X-Vault-Token", config.getToken())
+                        .connectTimeoutSeconds(config.getOpenTimeout())
+                        .readTimeoutSeconds(config.getReadTimeout())
+                        .sslVerification(config.getSslConfig().isVerify())
+                        .sslContext(config.getSslConfig().getSslContext())
+                        .get();
+                // Validate restResponse
+                if (restResponse.getStatus() != 200) {
+                    throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(),
+                            restResponse.getStatus());
+                }
+                final String mimeType = restResponse.getMimeType();
+                if (mimeType == null || !"application/json".equals(mimeType)) {
+                    throw new VaultException("Vault responded with MIME type: " + mimeType, restResponse.getStatus());
+                }
+                return new LogicalResponse(restResponse, retryCount);
+            } catch (Exception e) {
+                // If there are retries to perform, then pause for the configured interval and then execute the loop
+                // again...
+                if (retryCount < config.getMaxRetries()) {
+                    retryCount++;
+                    try {
+                        final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
+                        Thread.sleep(retryIntervalMilliseconds);
+                    } catch (InterruptedException e1) {
+                        e1.printStackTrace(); //NOPMD
+                    }
+                } else if (e instanceof VaultException) { //NOPMD
+                    // ... otherwise, give up.
+                    throw (VaultException) e;
+                } else {
+                    throw new VaultException(e);
+                }
+            }
+        }
+    }
+
     /**
      * <p>Revokes current client token.</p>
      *
diff --git a/src/test/java/com/bettercloud/vault/vault/VaultTestUtils.java b/src/test/java/com/bettercloud/vault/vault/VaultTestUtils.java
@@ -70,7 +70,8 @@ public static Optional<JsonObject> readRequestBody(HttpServletRequest request) {
         try {
             StringBuilder requestBuffer = new StringBuilder();
             IOUtils.readLines(request.getReader()).forEach(requestBuffer::append);
-            return Optional.of(Json.parse(requestBuffer.toString()).asObject());
+            String string = requestBuffer.toString();
+            return string.isEmpty() ? Optional.empty() : Optional.of(Json.parse(string).asObject());
         } catch (IOException e) {
             return Optional.empty();
         }
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthLookupTest.java b/src/test/java/com/bettercloud/vault/vault/api/AuthLookupTest.java
@@ -0,0 +1,75 @@
+package com.bettercloud.vault.vault.api;
+
+import com.bettercloud.vault.Vault;
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.json.JsonArray;
+import com.bettercloud.vault.json.JsonObject;
+import com.bettercloud.vault.response.LookupResponse;
+import com.bettercloud.vault.vault.VaultTestUtils;
+import com.bettercloud.vault.vault.mock.MockVault;
+import org.eclipse.jetty.server.Server;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Optional;
+
+import static org.junit.Assert.assertEquals;
+
+public class AuthLookupTest {
+
+    private static final JsonObject RESPONSE_AUTH_LOOKUPSELF = new JsonObject()
+            .add("data", new JsonObject()
+                    .add("accessor", "accessor")
+                    .add("policies", new JsonArray()));
+
+    private Server server;
+    private MockVault vaultServer;
+
+    @Before
+    public void before() throws Exception {
+        vaultServer = new MockVault(200, RESPONSE_AUTH_LOOKUPSELF.toString());
+        server = VaultTestUtils.initHttpMockVault(vaultServer);
+        server.start();
+    }
+
+    @After
+    public void after() throws Exception {
+        VaultTestUtils.shutdownMockVault(server);
+    }
+
+    @Test
+    public void should_lookup_self_use_url_auth_token_lookup_self() throws Exception {
+        VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("token").build();
+        Vault vault = new Vault(vaultConfig);
+        LookupResponse response = vault.auth().lookupSelf();
+
+        assertEquals(200, response.getRestResponse().getStatus());
+
+        // Request URL should contain auth/token/lookup-self
+        assertEquals(Optional.empty(), vaultServer.getRequestBody());
+        assertEquals("token", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+        assertEquals("http://127.0.0.1:8999/v1/auth/token/lookup-self", vaultServer.getRequestUrl());
+
+        // Assert response should have the accessor
+        assertEquals("accessor", response.getAccessor());
+    }
+
+    @Test
+    public void should_lookup_self_with_param_use_url_auth_mount_lookup_self() throws Exception {
+        VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("token").build();
+        Vault vault = new Vault(vaultConfig);
+        LookupResponse response = vault.auth().lookupSelf("mount");
+
+        assertEquals(200, response.getRestResponse().getStatus());
+
+        // Request URL should contain auth/mount/lookup-self
+        assertEquals(Optional.empty(), vaultServer.getRequestBody());
+        assertEquals("token", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+        assertEquals("http://127.0.0.1:8999/v1/auth/mount/lookup-self", vaultServer.getRequestUrl());
+
+        // Assert response should have the accessor
+        assertEquals("accessor", response.getAccessor());
+    }
+
+}
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthLookupWrapTest.java b/src/test/java/com/bettercloud/vault/vault/api/AuthLookupWrapTest.java
@@ -0,0 +1,56 @@
+package com.bettercloud.vault.vault.api;
+
+import com.bettercloud.vault.Vault;
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.json.JsonObject;
+import com.bettercloud.vault.response.LogicalResponse;
+import com.bettercloud.vault.vault.VaultTestUtils;
+import com.bettercloud.vault.vault.mock.MockVault;
+import org.eclipse.jetty.server.Server;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Optional;
+
+import static org.junit.Assert.assertEquals;
+
+public class AuthLookupWrapTest {
+
+    private static final JsonObject RESPONSE_AUTH_LOOKUPSELF = new JsonObject()
+            .add("data", new JsonObject()
+                    .add("creation_path", "token/path"));
+
+    private Server server;
+    private MockVault vaultServer;
+
+    @Before
+    public void before() throws Exception {
+        vaultServer = new MockVault(200, RESPONSE_AUTH_LOOKUPSELF.toString());
+        server = VaultTestUtils.initHttpMockVault(vaultServer);
+        server.start();
+    }
+
+    @After
+    public void after() throws Exception {
+        VaultTestUtils.shutdownMockVault(server);
+    }
+
+    @Test
+    public void should_lookup_wrap_use_url_sys_wrapping_lookup() throws Exception {
+        VaultConfig vaultConfig = new VaultConfig().address("http://127.0.0.1:8999").token("wrapped").build();
+        Vault vault = new Vault(vaultConfig);
+        LogicalResponse response = vault.auth().lookupWrap();
+
+        assertEquals(200, response.getRestResponse().getStatus());
+
+        // Request URL should contain sys/wrapping/lookup
+        assertEquals(Optional.empty(), vaultServer.getRequestBody());
+        assertEquals("wrapped", vaultServer.getRequestHeaders().get("X-Vault-Token"));
+        assertEquals("http://127.0.0.1:8999/v1/sys/wrapping/lookup", vaultServer.getRequestUrl());
+
+        // Assert response should have the accessor
+        assertEquals("token/path", response.getData().get("creation_path"));
+    }
+
+}
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthUnwrapTest.java b/src/test/java/com/bettercloud/vault/vault/api/AuthUnwrapTest.java
@@ -46,7 +46,7 @@ public void should_unwrap_without_param_sends_no_token_and_return_unwrapped_toke
         assertEquals(200, response.getRestResponse().getStatus());
 
         // Assert request body should NOT have token body (wrapped is in header)
-        assertEquals(null, vaultServer.getRequestBody().get("token"));
+        assertEquals(null, vaultServer.getRequestBody().get().get("token"));
         assertEquals("wrappedToken", vaultServer.getRequestHeaders().get("X-Vault-Token"));
 
         // Assert response should have the unwrapped token in the client_token key
@@ -62,7 +62,7 @@ public void should_unwrap_param_sends_token_and_return_unwrapped_token() throws
         assertEquals(200, response.getRestResponse().getStatus());
 
         // Assert request body SHOULD have token body
-        assertEquals("wrappedToken", vaultServer.getRequestBody().getString("token", null));
+        assertEquals("wrappedToken", vaultServer.getRequestBody().get().getString("token", null));
         assertEquals("authToken", vaultServer.getRequestHeaders().get("X-Vault-Token"));
 
         // Assert response should have the unwrapped token in the client_token key
diff --git a/src/test/java/com/bettercloud/vault/vault/mock/MockVault.java b/src/test/java/com/bettercloud/vault/vault/mock/MockVault.java
@@ -5,6 +5,7 @@
 
 import java.io.IOException;
 import java.util.Map;
+import java.util.Optional;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -45,6 +46,7 @@ public class MockVault extends AbstractHandler {
     private String mockResponse;
     private JsonObject requestBody;
     private Map<String, String> requestHeaders;
+    private String requestUrl;
 
     MockVault() {
     }
@@ -63,6 +65,7 @@ public void handle(
     ) throws IOException, ServletException {
         requestBody = readRequestBody(request).orElse(null);
         requestHeaders = readRequestHeaders(request);
+        requestUrl = request.getRequestURL().toString();
         response.setContentType("application/json");
         baseRequest.setHandled(true);
         System.out.println("MockVault is sending an HTTP " + mockStatus + " code, with expected success payload...");
@@ -72,12 +75,16 @@ public void handle(
         }
     }
 
-    public JsonObject getRequestBody() {
-        return requestBody;
+    public Optional<JsonObject> getRequestBody() {
+        return Optional.ofNullable(requestBody);
     }
 
     public Map<String, String> getRequestHeaders() {
         return requestHeaders;
     }
 
+    public String getRequestUrl() {
+        return requestUrl;
+    }
+
 }
