com.bettercloud.vault.api.Seal Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of vault-java-driver Show documentation
Show all versions of vault-java-driver Show documentation
Zero-dependency Java client for HashiCorp's Vault
package com.bettercloud.vault.api;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.response.SealResponse;
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestResponse;
/**
* The implementing class for operations on REST endpoints, under the "seal/unseal/seal-status" section of the Vault HTTP API
* docs (https://www.vaultproject.io/api/system/index.html).
*
* This class is not intended to be constructed directly. Rather, it is meant to used by way of
* Vault in a DSL-style builder pattern. See the Javadoc comments of each public
* method for usage examples.
*/
public class Seal {
private final VaultConfig config;
public Seal(final VaultConfig config) {
this.config = config;
}
/**
* Seal the Vault.
*
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public void seal() throws VaultException {
int retryCount = 0;
while (true) {
try {
// HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/seal")
.header("X-Vault-Token", config.getToken())
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
.sslContext(config.getSslConfig().getSslContext())
.post();
// Validate restResponse
if (restResponse.getStatus() != 204) {
throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus());
}
return;
} catch (Exception e) {
// If there are retries to perform, then pause for the configured interval and then execute the loop again...
if (retryCount < config.getMaxRetries()) {
retryCount++;
try {
final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
Thread.sleep(retryIntervalMilliseconds);
} catch (InterruptedException e1) {
e1.printStackTrace(); //NOPMD
}
} else if (e instanceof VaultException) { //NOPMD
// ... otherwise, give up.
throw (VaultException) e;
} else {
throw new VaultException(e);
}
}
}
}
/**
* Enter a single master key share to progress the unsealing of the Vault.
*
* @param key Single master key share
* @return The response information returned from Vault
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public SealResponse unseal(final String key) throws VaultException {
return unseal(key, false);
}
/**
* Enter a single master key share to progress the unsealing of the Vault.
*
* @param key Single master key share
* @param reset Specifies if previously-provided unseal keys are discarded and the unseal process is reset
* @return The response information returned from Vault
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public SealResponse unseal(final String key, final Boolean reset) throws VaultException {
int retryCount = 0;
while (true) {
try {
// HTTP request to Vault
final String requestJson = Json.object().add("key", key).add("reset", reset).toString();
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/unseal")
.body(requestJson.getBytes("UTF-8"))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
.sslContext(config.getSslConfig().getSslContext())
.post();
// Validate restResponse
if (restResponse.getStatus() != 200) {
throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus());
}
final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType();
if (!mimeType.equals("application/json")) {
throw new VaultException("Vault responded with MIME type: " + mimeType, restResponse.getStatus());
}
return new SealResponse(restResponse, retryCount);
} catch (Exception e) {
// If there are retries to perform, then pause for the configured interval and then execute the loop again...
if (retryCount < config.getMaxRetries()) {
retryCount++;
try {
final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
Thread.sleep(retryIntervalMilliseconds);
} catch (InterruptedException e1) {
e1.printStackTrace();
}
} else if (e instanceof VaultException) {
// ... otherwise, give up.
throw (VaultException) e;
} else {
throw new VaultException(e);
}
}
}
}
/**
* Check progress of unsealing the Vault.
*
* @return The response information returned from Vault
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public SealResponse sealStatus() throws VaultException {
int retryCount = 0;
while (true) {
try {
// HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/seal-status")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
.sslContext(config.getSslConfig().getSslContext())
.get();
// Validate restResponse
if (restResponse.getStatus() != 200) {
throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus());
}
final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType();
if (!mimeType.equals("application/json")) {
throw new VaultException("Vault responded with MIME type: " + mimeType, restResponse.getStatus());
}
return new SealResponse(restResponse, retryCount);
} catch (Exception e) {
// If there are retries to perform, then pause for the configured interval and then execute the loop again...
if (retryCount < config.getMaxRetries()) {
retryCount++;
try {
final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
Thread.sleep(retryIntervalMilliseconds);
} catch (InterruptedException e1) {
e1.printStackTrace();
}
} else if (e instanceof VaultException) {
// ... otherwise, give up.
throw (VaultException) e;
} else {
throw new VaultException(e);
}
}
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy