package com.datapipe.jenkins.vault.jcasc.secrets;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultException;
import java.util.Calendar;
import java.util.logging.Level;
import java.util.logging.Logger;
abstract class VaultAuthenticatorWithExpiration implements VaultAuthenticator {
private final static Logger LOGGER = Logger.getLogger(VaultAuthenticatorWithExpiration.class.getName());
protected String mountPath;
private Calendar tokenExpiration;
protected String currentAuthToken;
public boolean isTokenTTLExpired() {
if (tokenExpiration == null) return true;
boolean result = true;
Calendar now = Calendar.getInstance();
long timeDiffInMillis = now.getTimeInMillis() - tokenExpiration.getTimeInMillis();
if (timeDiffInMillis < -2000L) {
// token will be valid for at least another 2s
result = false;
LOGGER.log(Level.FINE, "Auth token is still valid");
} else {
LOGGER.log(Level.FINE, "Auth token has to be re-issued" + timeDiffInMillis);
}
return result;
}
public void getTTLExpiryOfCurrentToken(Vault vault) {
int tokenTTL = 0;
try {
// save token TTL
tokenTTL = (int)vault.auth().lookupSelf().getTTL();
} catch (VaultException e) {
LOGGER.log(Level.WARNING, "Could not determine token expiration. " +
"Check if token is allowed to access auth/token/lookup-self. " +
"Assuming token TTL expired.", e);
}
tokenExpiration = Calendar.getInstance();
tokenExpiration.add(Calendar.SECOND, tokenTTL);
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
VaultAuthenticatorWithExpiration authenticator = (VaultAuthenticatorWithExpiration) o;
return hashCode() == authenticator.hashCode();
}
@Override
public int hashCode() {
return super.hashCode();
}
}
