fix: correct JSON serialization and error handling in VaultHttp

AddJsonBody(string) in RestSharp re-serializes the argument, wrapping a
pre-serialized JSON string in quotes and escaping it. Vault receives a
JSON string literal instead of a JSON object and returns HTTP 400.
Fixed by using AddStringBody(string, ContentType.Json) which sends the
raw body without re-encoding.

ThrowOnAnyError = true caused RestSharp to throw before the explicit
BadRequest handler ran, hiding the Vault error body from logs. Removed
ThrowOnAnyError and added response.ThrowIfError() after the BadRequest
block so all other non-2xx responses still surface as exceptions.

Also drops the EOL net6.0 target; project now multi-targets net8.0 and net10.0.

Author: spbsoluble

CHANGELOG.md

@@ -0,0 +1,21 @@
+# Changelog
+
+## [Unreleased]
+
+### Fixed
+
+- **`VaultHttp.PostAsync`: JSON double-encoding caused HTTP 400 from Vault/OpenBao**
+
+  `PostAsync` manually serialized the request body to a JSON string using `JsonSerializer.Serialize`, then passed that string to `request.AddJsonBody()`. In RestSharp ≥ 106, `AddJsonBody` re-serializes whatever object it receives — when the argument is a `string`, it encodes it as a JSON string literal, wrapping the content in quotes and escaping the inner characters. Vault/OpenBao received `"{\\"csr\\":\\"...\\"}"` (a JSON-encoded string) instead of `{"csr":"..."}` (a JSON object) and returned HTTP 400 "error parsing JSON".
+
+  Fixed by replacing `request.AddJsonBody(serializedParams)` with `request.AddStringBody(serializedParams, ContentType.Json)`. `AddStringBody` sends the string as the raw request body without re-encoding it.
+
+- **`ThrowOnAnyError = true` made the `BadRequest` error-parsing block dead code**
+
+  `RestClientOptions` was constructed with `ThrowOnAnyError = true`, which causes RestSharp to throw an exception on any non-2xx response before returning to the caller. The `PostAsync` method had explicit handling for `HttpStatusCode.BadRequest` that deserialized Vault error messages and threw a descriptive exception — but that block was never reached because RestSharp threw first, and the actual Vault error body was lost.
+
+  Fixed by removing `ThrowOnAnyError = true` from `RestClientOptions` and adding `response.ThrowIfError()` after the explicit `BadRequest` handler, so non-2xx responses that are not `BadRequest` still surface as exceptions while `BadRequest` responses are handled with full Vault error body parsing.
+
+### Changed
+
+- Dropped .NET 6.0 target (EOL). The project now targets `net8.0` and `net10.0`.

hashicorp-vault-cagateway/Client/VaultHttp.cs

@@ -41,7 +41,7 @@ public VaultHttp(string host, string mountPoint, string authToken, string nameSp
                 PreferredObjectCreationHandling = JsonObjectCreationHandling.Replace,
             };
 
-            var restClientOptions = new RestClientOptions($"{host.TrimEnd('/')}/v1") { ThrowOnAnyError = true };
+            var restClientOptions = new RestClientOptions($"{host.TrimEnd('/')}/v1");
             _restClient = new RestClient(restClientOptions, configureSerialization: s => s.UseSystemTextJson(_serializerOptions));
 
             _mountPoint = mountPoint.TrimStart('/').TrimEnd('/'); // remove leading and trailing slashes
@@ -109,7 +109,7 @@ public async Task<T> PostAsync<T>(string path, dynamic parameters = default)
                 {
                     string serializedParams = JsonSerializer.Serialize(parameters, _serializerOptions);
                     logger.LogTrace($"serialized parameters (from {parameters.GetType()?.Name}): {serializedParams}");
-                    request.AddJsonBody(serializedParams);
+                    request.AddStringBody(serializedParams, ContentType.Json);
                 }
 
                 logger.LogTrace($"full url for the request: {_restClient.Options.BaseUrl}/{request.Resource}");
@@ -135,6 +135,8 @@ public async Task<T> PostAsync<T>(string path, dynamic parameters = default)
                     logger.LogTrace($"errors: {allErrors}");
                     throw new Exception(allErrors);
                 }
+
+                response.ThrowIfError();
                 return response.Data;
             }
             catch (Exception ex)

hashicorp-vault-cagateway/hashicorp-vault-caplugin.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
-		<TargetFramework>net6.0</TargetFramework>
+		<TargetFrameworks>net8.0;net10.0</TargetFrameworks>
 		<RootNamespace>Keyfactor.Extensions.CAPlugin.HashicorpVault</RootNamespace>
 		<ImplicitUsings>disable</ImplicitUsings>
 		<Nullable>warnings</Nullable>