Move off deprecated AWS API.

Refine also deprecation warnings.

See gh-925

Author: mp911de

spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsIamAuthentication.java

@@ -28,10 +28,12 @@
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.signer.Aws4Signer;
 import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
+import software.amazon.awssdk.http.ContentStreamProvider;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.http.auth.aws.signer.AwsV4HttpSigner;
+import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
 import software.amazon.awssdk.regions.Region;
-import tools.jackson.databind.ObjectMapper;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
@@ -212,24 +214,25 @@ private static String getSignedHeaders(AwsIamAuthenticationOptions options, AwsC
 
 		Map<String, List<String>> headers = createIamRequestHeaders(options);
 
+		ContentStreamProvider contentStreamProvider = () -> new ByteArrayInputStream(REQUEST_BODY.getBytes());
 		SdkHttpFullRequest.Builder builder = SdkHttpFullRequest.builder()
-			.contentStreamProvider(() -> new ByteArrayInputStream(REQUEST_BODY.getBytes()))
+			.contentStreamProvider(contentStreamProvider)
 			.headers(headers)
 			.method(SdkHttpMethod.POST)
 			.uri(options.getEndpointUri());
+
 		SdkHttpFullRequest request = builder.build();
+		AwsV4HttpSigner signer = AwsV4HttpSigner.create();
 
-		Aws4Signer signer = Aws4Signer.create();
-		Aws4SignerParams signerParams = Aws4SignerParams.builder()
-			.awsCredentials(credentials)
-			.signingName("sts")
-			.signingRegion(region)
-			.build();
-		SdkHttpFullRequest signedRequest = signer.sign(request, signerParams);
+		SignedRequest signedRequest = signer.sign(r -> r.identity(credentials)
+			.request(request)
+			.payload(contentStreamProvider)
+			.putProperty(AwsV4HttpSigner.SERVICE_SIGNING_NAME, "sts")
+			.putProperty(AwsV4HttpSigner.REGION_NAME, region.id()));
 
 		return JacksonCompat.instance()
 			.getObjectMapperAccessor()
-			.writeValueAsString(new LinkedHashMap<>(signedRequest.headers()));
+			.writeValueAsString(new LinkedHashMap<>(signedRequest.request().headers()));
 	}
 
 	private static Map<String, List<String>> createIamRequestHeaders(AwsIamAuthenticationOptions options) {

spring-vault-core/src/main/java/org/springframework/vault/client/ClientHttpRequestFactoryFactory.java

@@ -15,21 +15,9 @@
  */
 package org.springframework.vault.client;
 
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.KeyManagerFactorySpi;
-import javax.net.ssl.ManagerFactoryParameters;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509ExtendedKeyManager;
-import javax.net.ssl.X509TrustManager;
-
 import java.io.IOException;
 import java.net.ProxySelector;
 import java.security.GeneralSecurityException;
-import java.security.KeyStore;
 
 import javax.net.ssl.SSLContext;
 
@@ -40,9 +28,10 @@
 import org.apache.hc.client5.http.impl.classic.HttpClients;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner;
+import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
 import org.apache.hc.client5.http.ssl.HttpsSupport;
-import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
 import org.apache.hc.core5.http.io.SocketConfig;
+import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
 import org.apache.hc.core5.util.Timeout;
 
 import org.springframework.http.client.ClientHttpRequestFactory;
@@ -54,12 +43,8 @@
 import org.springframework.http.client.reactive.JettyClientHttpConnector;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
-import org.springframework.util.StringUtils;
 import org.springframework.vault.support.ClientOptions;
 import org.springframework.vault.support.SslConfiguration;
-import org.springframework.vault.support.SslConfiguration.KeyConfiguration;
-
-import static org.springframework.vault.client.ClientConfiguration.*;
 
 /**
  * Factory for {@link ClientHttpRequestFactory} that supports Apache HTTP Components,
@@ -210,9 +195,9 @@ public static HttpClientBuilder getHttpClientBuilder(ClientOptions options, SslC
 					enabledCipherSuites = sslConfiguration.getEnabledCipherSuites().toArray(new String[0]);
 				}
 
-				SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext,
-						enabledProtocols, enabledCipherSuites, HttpsSupport.getDefaultHostnameVerifier());
-				connectionManagerBuilder.setSSLSocketFactory(sslSocketFactory);
+				DefaultClientTlsStrategy tlsStrategy = new DefaultClientTlsStrategy(sslContext, enabledProtocols,
+						enabledCipherSuites, SSLBufferMode.STATIC, HttpsSupport.getDefaultHostnameVerifier());
+				connectionManagerBuilder.setTlsSocketStrategy(tlsStrategy);
 			}
 
 			httpClientBuilder.setDefaultRequestConfig(requestConfig);

spring-vault-core/src/main/java/org/springframework/vault/core/ReactiveVaultVersionedKeyValueTemplate.java

@@ -85,6 +85,7 @@ public <T> Mono<Versioned<T>> get(String path, Version version, Class<T> respons
 		return doRead(path, version, responseType);
 	}
 
+	@SuppressWarnings("removal")
 	private <T> Mono<Versioned<T>> doRead(String path, Version version, Class<T> responseType) {
 
 		String secretPath = version.isVersioned()

spring-vault-core/src/main/java/org/springframework/vault/core/VaultVersionedKeyValueTemplate.java

@@ -86,7 +86,7 @@ public <T> Versioned<T> get(String path, Version version, Class<T> responseType)
 	}
 
 	@Nullable
-	@SuppressWarnings("NullAway")
+	@SuppressWarnings({ "NullAway", "removal" })
 	private <T> Versioned<T> doRead(String path, Version version, Class<T> responseType) {
 
 		String secretPath = version.isVersioned()

spring-vault-core/src/main/java/org/springframework/vault/support/PolicyJackson2.java

@@ -85,7 +85,7 @@ public Policy deserialize(JsonParser p, DeserializationContext ctxt) throws IOEx
 
 				while (p.currentToken() == JsonToken.FIELD_NAME) {
 
-					String path = p.getCurrentName();
+					String path = p.currentName();
 					p.nextToken();
 
 					Assert.isTrue(p.getCurrentToken() == JsonToken.START_OBJECT,