|
12 | 12 | import java.net.http.HttpClient; |
13 | 13 | import java.net.http.HttpRequest; |
14 | 14 | import java.net.http.HttpResponse; |
| 15 | +import java.nio.charset.StandardCharsets; |
15 | 16 | import java.time.Duration; |
16 | 17 | import java.util.Arrays; |
17 | 18 | import java.util.Map; |
|
24 | 25 |
|
25 | 26 | import javax.crypto.SecretKey; |
26 | 27 |
|
| 28 | +import org.slf4j.Logger; |
| 29 | +import org.slf4j.LoggerFactory; |
| 30 | + |
27 | 31 | import com.fasterxml.jackson.core.JsonProcessingException; |
28 | 32 | import com.fasterxml.jackson.core.type.TypeReference; |
29 | 33 | import com.fasterxml.jackson.databind.ObjectMapper; |
|
48 | 52 | */ |
49 | 53 | public class VaultKms implements Kms<String, VaultEdek> { |
50 | 54 |
|
| 55 | + private static final Logger LOGGER = LoggerFactory.getLogger(VaultKms.class); |
51 | 56 | private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); |
52 | 57 | private static final String AES_KEY_ALGO = "AES"; |
53 | 58 | private static final Pattern LEGAL_API_VERSION_REGEX = Pattern.compile("^/?v1/.+"); |
@@ -153,6 +158,11 @@ private String createDecryptPostBody(VaultEdek edek) { |
153 | 158 | return OBJECT_MAPPER.writeValueAsString(map); |
154 | 159 | } |
155 | 160 | catch (JsonProcessingException e) { |
| 161 | + LOGGER.atWarn() |
| 162 | + .setCause(LOGGER.isDebugEnabled() ? e : null) |
| 163 | + .addArgument(edek.kekRef()) |
| 164 | + .addArgument(e.getMessage()) |
| 165 | + .log("Failed to build request body for key '{}', cause: {}. Increase log level to DEBUG for stacktrace"); |
156 | 166 | throw new KmsException("Failed to build request body for %s".formatted(edek.kekRef())); |
157 | 167 | } |
158 | 168 | } |
@@ -183,24 +193,36 @@ private <T> CompletableFuture<T> sendAsync(String key, |
183 | 193 | .thenApply(VaultResponse::data); |
184 | 194 | } |
185 | 195 |
|
186 | | - private static <T> VaultResponse<T> decodeJson(TypeReference<VaultResponse<T>> valueTypeRef, byte[] bytes) { |
| 196 | + static <T> VaultResponse<T> decodeJson(TypeReference<VaultResponse<T>> valueTypeRef, byte[] bytes) { |
187 | 197 | try { |
188 | 198 | VaultResponse<T> result = OBJECT_MAPPER.readValue(bytes, valueTypeRef); |
189 | 199 | Arrays.fill(bytes, (byte) 0); |
190 | 200 | return result; |
191 | 201 | } |
192 | 202 | catch (IOException e) { |
193 | | - throw new UncheckedIOException(e); |
| 203 | + var responseBody = new String(bytes, StandardCharsets.UTF_8); |
| 204 | + LOGGER.atWarn() |
| 205 | + .setCause(LOGGER.isDebugEnabled() ? e : null) |
| 206 | + .addArgument(responseBody) |
| 207 | + .addArgument(e.getMessage()) |
| 208 | + .log("Failed to decode Vault response as JSON, response body: {}, cause: {}. Increase log level to DEBUG for stacktrace"); |
| 209 | + throw new UncheckedIOException("Failed to decode Vault response as JSON", e); |
194 | 210 | } |
195 | 211 | } |
196 | 212 |
|
197 | 213 | private static HttpResponse<byte[]> checkResponseStatus(String key, |
198 | 214 | HttpResponse<byte[]> response, |
199 | 215 | Function<String, KmsException> notFound) { |
200 | 216 | if (response.statusCode() == 404 || response.statusCode() == 400) { |
| 217 | + var uri = response.request().uri(); |
| 218 | + var responseBody = new String(response.body(), StandardCharsets.UTF_8); |
| 219 | + LOGGER.warn("Key '{}' not found in Vault, request uri: {}, HTTP status code: {}, response: {}", key, uri, response.statusCode(), responseBody); |
201 | 220 | throw notFound.apply("key '%s' is not found.".formatted(key)); |
202 | 221 | } |
203 | 222 | else if (response.statusCode() != 200) { |
| 223 | + var uri = response.request().uri(); |
| 224 | + var responseBody = new String(response.body(), StandardCharsets.UTF_8); |
| 225 | + LOGGER.warn("Failed to retrieve key '{}' from Vault, request uri: {}, HTTP status code: {}, response: {}", key, uri, response.statusCode(), responseBody); |
204 | 226 | throw new KmsException("fail to retrieve key '%s', HTTP status code %d.".formatted(key, response.statusCode())); |
205 | 227 | } |
206 | 228 | return response; |
|
0 commit comments