cert-signer.git

ref: 538be75f1ffe4d54419e54d382933ebd2c49512f

src/main/java/net/lulli/certsigner/network/VaultLocal.java

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

/* 
 * This file is part of cert-signer
 * Copyright (c) 2024 Paolo Lulli.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

package net.lulli.certsigner.network;

import org.json.JSONObject;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.ArrayList;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;

public class VaultLocal {
    private final String endpoint;
    private final String token;

    public VaultLocal(String endpoint, String token) {
        Objects.requireNonNull(token);
        Objects.requireNonNull(endpoint);

        this.endpoint = endpoint;
        this.token = token;
    }

    public boolean storeSecret(String secretName, Map<String, String> secretMap) {
        var url = String.format("%s/%s", endpoint, secretName);

        var containerJson = new JSONObject();
        containerJson.put("options", new ArrayList<String>());
        containerJson.put("version", 0);
        containerJson.put("data", secretMap);

        try {
            postToVault(url, containerJson.toString(), token);
        } catch (Exception ignored) {
            return false;
        }
        return true;
    }

    private static JSONObject getWithHeader(String url, String headerName, String headerValue) {
        try {
            var client = HttpClient.newHttpClient();
            var request = HttpRequest.newBuilder(URI.create(url)).header("accept", "application/json")
                    .header(headerName, headerValue).build();

            HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());

            return new JSONObject(response.body());
        } catch (Exception e) {
            System.out.println(e.getMessage());
            return null;
        }
    }

    public Optional<String> retrieveSecret(String secretName) {
        var url = String.format("%s/%s", endpoint, secretName);
        var json = getWithHeader(url, "X-Vault-Token", token);

        if (null != json) {
            return Optional.of(json.toString());
        }

        return Optional.empty();
    }

    public static String postToVault(String url, String payload, String token)
            throws Exception {

        var client = HttpClient.newBuilder().build();
        var request = HttpRequest.newBuilder().POST(HttpRequest.BodyPublishers.ofString(payload))
                .header("X-Vault-Token", token)
                .uri(URI.create(url)).build();

        var response = client.send(request, HttpResponse.BodyHandlers.ofInputStream());
        return response.body().toString();
    }
}