in custos-services/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java [195:252]
public Optional<CertificateCredential> getCertificateCredential(long tenantId, String token) {
Secret secret = null;
if (token != null && !token.trim().equals("")) {
Optional<Secret> exSecret = repository.findById(token);
if (exSecret.isPresent()) {
secret = exSecret.get();
}
}
if (secret == null) {
List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token, tenantId);
if (secrets != null && !secrets.isEmpty()) {
secret = secrets.get(0);
}
}
if (secret == null) {
return Optional.empty();
}
String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId() +
"/" + Constants.CERTIFICATES + "/" + secret.getId();
VaultResponseSupport<Certificate> response = vaultTemplate.read(vaultPath, Certificate.class);
if (response == null || response.getData() == null && response.getData().getCertificate() == null) {
repository.delete(secret);
return Optional.empty();
}
Certificate certificate = response.getData();
SecretMetadata metadata = SecretMetadata.newBuilder()
.setOwnerId(secret.getOwnerId())
.setTenantId(tenantId)
.setPersistedTime(secret.getCreatedAt().getTime())
.setDescription(secret.getDiscription())
.setResourceType(ResourceType.VAULT_CREDENTIAL)
.setSource(ResourceSource.EXTERNAL)
.setType(ResourceSecretType.X509_CERTIFICATE)
.setToken(
(secret.getExternalId() != null &&
!secret.getExternalId().trim().equals("")) ? secret.getExternalId() : secret.getId())
.build();
CertificateCredential certificateCredential = CertificateCredential.newBuilder()
.setLifeTime(Long.valueOf(certificate.getLifetime()))
.setNotAfter(certificate.getNotAfter())
.setNotBefore(certificate.getNotBefore())
.setPrivateKey(certificate.getPrivateKey())
.setX509Cert(certificate.getCertificate())
.setMetadata(metadata)
.build();
return Optional.of(certificateCredential);
}