fix: Handle directory paths explicitly when loading Vault token/config/certificate files

Author: tdferreira

src/main/java/com/premiumminds/vault/client/DefaultVaultTokenLoader.java

@@ -34,19 +34,22 @@ public DefaultVaultTokenLoader(Optional<Path> tokenFile, String vaultAddress) {
     public String get() throws Exception {
         if (tokenFile.isPresent() && !tokenFile.toString().isBlank()) {
             if (tokenFile.get().toFile().exists()){
+                assertRegularFile(tokenFile.get(), "Vault token file");
                 return Files.readString(tokenFile.get());
             }
         }
 
         final var vaultConfigFile = getConfigFile();
         if (vaultConfigFile.toFile().exists()){
+            assertRegularFile(vaultConfigFile, "Vault config file");
             final String token = getTokenFromVaultTokenHelper(vaultConfigFile, vaultAddress);
             if (token != null){
                 return token;
             }
         }
         final var defaultTokenFilePath = Paths.get(System.getProperty("user.home"), DEFAULT_VAULT_TOKEN_FILE);
         if (defaultTokenFilePath.toFile().exists()){
+            assertRegularFile(defaultTokenFilePath, "Vault token file");
             return Files.readString(defaultTokenFilePath);
         }
 
@@ -64,6 +67,12 @@ private Path getConfigFile(){
         return vaultConfigPath;
     }
 
+    private static void assertRegularFile(Path path, String description) {
+        if (!Files.isRegularFile(path)) {
+            throw new IllegalArgumentException(description + " path is not a file: " + path);
+        }
+    }
+
     private String getTokenFromVaultTokenHelper(Path configFile, String vaultAddress)
             throws IOException, InterruptedException
     {

src/main/java/com/premiumminds/vault/client/VaultClient.java

@@ -13,6 +13,7 @@
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.security.SecureRandom;
@@ -189,6 +190,9 @@ private HttpClient getClient(Optional<Path> certificate) throws Exception {
     }
 
     private SSLContext getSSLContext(Path certificate) throws Exception {
+        if (!Files.isRegularFile(certificate)) {
+            throw new IllegalArgumentException("Vault certificate path is not a file: " + certificate);
+        }
 
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
 

src/test/java/com/premiumminds/vault/client/VaultClientTest.java

@@ -8,13 +8,16 @@
 import org.testcontainers.containers.Network;
 import org.testcontainers.utility.DockerImageName;
 
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.ResultSet;
 import java.util.Map;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
 
@@ -23,6 +26,34 @@ class VaultClientTest {
     @TempDir
     Path tempDir;
 
+    @Test
+    void tokenFileDirectoryReturnsExplicitError() throws Exception {
+        final var tokenDir = tempDir.resolve("token-dir");
+        Files.createDirectory(tokenDir);
+        final var loader = new DefaultVaultTokenLoader(java.util.Optional.of(tokenDir), "http://localhost:8200");
+
+        final var exception = assertThrows(IllegalArgumentException.class, loader::get);
+        assertEquals("Vault token file path is not a file: " + tokenDir, exception.getMessage());
+    }
+
+    @Test
+    void vaultConfigDirectoryReturnsExplicitError() throws Exception {
+        final var originalUserHome = System.getProperty("user.home");
+        final var vaultConfigDir = tempDir.resolve(".vault");
+        Files.createDirectory(vaultConfigDir);
+
+        try {
+            System.setProperty("user.home", tempDir.toString());
+
+            final var loader = new DefaultVaultTokenLoader(java.util.Optional.empty(), "http://localhost:8200");
+            final var exception = assertThrows(IllegalArgumentException.class, loader::get);
+
+            assertEquals("Vault config file path is not a file: " + vaultConfigDir, exception.getMessage());
+        } finally {
+            System.setProperty("user.home", originalUserHome);
+        }
+    }
+
     @Test
     void dynamicCredentials() throws Exception {