search

spring-projects / spring-vault

Provides familiar Spring abstractions for HashiCorp Vault
https://spring.io/projects/spring-vault
Apache License 2.0
283 stars 186 forks source link

Spring-vault hmac verify support is missing #659

Closed amol-gaikwad closed 3 years ago

amol-gaikwad commented 3 years ago

Vault supports hmac verification as below but spring-vault doesn't provide a way to do it.

Request

curl --location --request POST 'https://127.0.0.1:8200/v1/transit/verify/default-mac/sha2-256' \
--header 'X-Vault-Token: s.NvdLGh4ohtgcXEShSCYfB73n' \
--header 'X-Vault-Request: true' \
--header 'Content-Type: application/json' \
--data-raw '{
    "input": "QW1vbCBHYWlrd2FkIHFhOCBDcnlwdG8tYXBpIDIuMTIgZGF0YWJhc2UgOQ==",
    "hmac" : "vault:v1:VZMQieAS6eodoGvW9KybcMe1Er5EzyHwvp0XivUOYr8="
}'

Response

{
    "request_id": "e0049996-0be7-6991-081f-045639742384",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "valid": true
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}
amol-gaikwad commented 3 years ago

Support is there in VaultTransitTemplate but it suffers from same issue as algorithm is passed in body instead of url path of transit api.