From 77e6ef7b20720fd859beb2f5ebc79ee80b311b75 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 12:44:51 +0200 Subject: [PATCH] Fix get certificates HLRC API (#36198) - GetSslCertificatesRequest need not implement toXContentObject - getRequest() returns a new Request object - Add tests for GetSslCertificatesResponse - Adjust docs to the new format --- .../security/GetSslCertificatesRequest.java | 15 +-- .../security/support/CertificateInfo.java | 2 +- .../GetSslCertificatesResponseTests.java | 109 ++++++++++++++++++ .../security/get-certificates.asciidoc | 50 +++----- 4 files changed, 129 insertions(+), 47 deletions(-) create mode 100644 client/rest-high-level/src/test/java/org/elasticsearch/client/security/GetSslCertificatesResponseTests.java diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java index c4dbef4e422..4a5c6b03534 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java @@ -22,28 +22,19 @@ package org.elasticsearch.client.security; import org.apache.http.client.methods.HttpGet; import org.elasticsearch.client.Request; import org.elasticsearch.client.Validatable; -import org.elasticsearch.common.xcontent.ToXContentObject; -import org.elasticsearch.common.xcontent.XContentBuilder; - -import java.io.IOException; /** * Request object to retrieve the X.509 certificates that are used to encrypt communications in an Elasticsearch cluster. */ -public final class GetSslCertificatesRequest implements Validatable, ToXContentObject { +public final class GetSslCertificatesRequest implements Validatable{ public static final GetSslCertificatesRequest INSTANCE = new GetSslCertificatesRequest(); - private final Request request; - private GetSslCertificatesRequest() { - request = new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates"); + private GetSslCertificatesRequest(){ } public Request getRequest() { - return request; + return new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates"); } - public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { - return builder.startObject().endObject(); - } } diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/CertificateInfo.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/CertificateInfo.java index 28fd1c61c0d..97ff0378a74 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/CertificateInfo.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/CertificateInfo.java @@ -80,7 +80,7 @@ public final class CertificateInfo { return serialNumber; } - public boolean isHasPrivateKey() { + public boolean hasPrivateKey() { return hasPrivateKey; } diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/security/GetSslCertificatesResponseTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/security/GetSslCertificatesResponseTests.java new file mode 100644 index 00000000000..fedcee53649 --- /dev/null +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/security/GetSslCertificatesResponseTests.java @@ -0,0 +1,109 @@ +/* + * Licensed to Elasticsearch under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.elasticsearch.client.security; + +import org.elasticsearch.client.security.support.CertificateInfo; +import org.elasticsearch.common.xcontent.XContentBuilder; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.test.EqualsHashCodeTestUtils; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import static org.elasticsearch.test.AbstractXContentTestCase.xContentTester; + +public class GetSslCertificatesResponseTests extends ESTestCase { + public void testFromXContent() throws IOException { + xContentTester( + this::createParser, + this::createTestInstance, + this::toXContent, + GetSslCertificatesResponse::fromXContent) + .supportsUnknownFields(false) + .test(); + } + public void testEqualsAndHashCode() { + final GetSslCertificatesResponse reponse = createTestInstance(); + EqualsHashCodeTestUtils.checkEqualsAndHashCode(reponse, this::copy, + this::mutate); + } + + protected GetSslCertificatesResponse createTestInstance() { + final CertificateInfo info1 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance", + "CN=Elastic Certificate Tool Autogenerated CA", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137", + false, "2021-01-15T20:42:49.000Z"); + final CertificateInfo info2 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "ca", + "CN=Elastic Certificate Tool Autogenerated CA", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137", + false, "2021-01-15T20:42:49.000Z"); + final CertificateInfo info3 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance", + "CN=instance", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137", + true, "2021-01-15T20:44:32.000Z"); + return new GetSslCertificatesResponse(Arrays.asList(info1, info2, info3)); + } + + private void toXContent(GetSslCertificatesResponse response, XContentBuilder builder) throws IOException { + builder.startArray(); + for (CertificateInfo info : response.getCertificates()){ + builder.startObject(); + builder.field(CertificateInfo.PATH.getPreferredName(), info.getPath()); + builder.field(CertificateInfo.FORMAT.getPreferredName(), info.getFormat()); + builder.field(CertificateInfo.ALIAS.getPreferredName(), info.getAlias()); + builder.field(CertificateInfo.SUBJECT_DN.getPreferredName(), info.getSubjectDn()); + builder.field(CertificateInfo.SERIAL_NUMBER.getPreferredName(), info.getSerialNumber()); + builder.field(CertificateInfo.HAS_PRIVATE_KEY.getPreferredName(), info.hasPrivateKey()); + builder.field(CertificateInfo.EXPIRY.getPreferredName(), info.getExpiry()); + builder.endObject(); + } + builder.endArray(); + } + + private GetSslCertificatesResponse copy(GetSslCertificatesResponse original) { + final List infoList = new ArrayList<>(original.getCertificates()); + return new GetSslCertificatesResponse(infoList); + } + + private GetSslCertificatesResponse mutate(GetSslCertificatesResponse original) { + final int i = randomIntBetween(1,5); + final List infoList = new ArrayList<>(original.getCertificates()); + switch (i) { + case 1: + infoList.remove(0); + return new GetSslCertificatesResponse(infoList); + case 2: + final CertificateInfo info = new CertificateInfo("certs/elastic-certificates.crt", "PEM", "instance", + "CN=instance2", "a20f0ee901e8f64t33ff633e5cd5437cdb4137", + true, "2028-01-15T20:44:32.000Z"); + infoList.add(info); + return new GetSslCertificatesResponse(infoList); + case 3: + final CertificateInfo info2 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance", + "CN=instance1", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137", + true, "2021-01-15T20:44:32.000Z"); + infoList.remove(2); + infoList.add(info2); + return new GetSslCertificatesResponse(infoList); + default: + return new GetSslCertificatesResponse(Collections.emptyList()); + } + } +} diff --git a/docs/java-rest/high-level/security/get-certificates.asciidoc b/docs/java-rest/high-level/security/get-certificates.asciidoc index 6820b1564fb..2f46cfc927a 100644 --- a/docs/java-rest/high-level/security/get-certificates.asciidoc +++ b/docs/java-rest/high-level/security/get-certificates.asciidoc @@ -1,53 +1,35 @@ -[[java-rest-high-security-get-certificates]] + +-- +:api: get-certificates +:response: GetSslCertificatesResponse +-- + + +[id="{upid}-{api}"] === SSL Certificate API -[[java-rest-high-security-get-certificates-execution]] -==== Execution +[id="{upid}-{api}-request"] +==== Get Certificates Request The X.509 Certificates that are used to encrypt communications in an Elasticsearch cluster using the `security().getSslCertificates()` method: ["source","java",subs="attributes,callouts,macros"] -------------------------------------------------- -include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute] +include-tagged::{doc-tests}/SecurityDocumentationIT.java[{api}-execute] -------------------------------------------------- -[[java-rest-high-security-get-certificates-response]] -==== Response +[id="{upid}-{api}-response"] +==== Get Certificates Response -The returned `GetSslCertificatesResponse` contains a single field, `certificates`. +The returned +{response}+ contains a single field, `certificates`. This field, accessed with `getCertificates` returns a List of `CertificateInfo` objects containing the information for all the certificates used. ["source","java",subs="attributes,callouts,macros"] -------------------------------------------------- -include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-response] +include-tagged::{doc-tests}/SecurityDocumentationIT.java[{api}-response] -------------------------------------------------- <1> `certificates` is a List of `CertificateInfo` -[[java-rest-high-security-get-certificates-execute-async]] -==== Asynchronous Execution - -This request can be executed asynchronously using the `security().getSslCertificatesAsync()` -method: - -["source","java",subs="attributes,callouts,macros"] --------------------------------------------------- -include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute-async] --------------------------------------------------- -<1> The `ActionListener` to use when the execution completes. - -The asynchronous method does not block and returns immediately. Once the request -has completed the `ActionListener` is called back using the `onResponse` method -if the execution successfully completed or using the `onFailure` method if -it failed. - -A typical listener for a `GetSslCertificatesResponse` looks like: - -["source","java",subs="attributes,callouts,macros"] --------------------------------------------------- -include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute-listener] --------------------------------------------------- -<1> Called when the execution is successfully completed. The response is -provided as an argument. -<2> Called in case of failure. The raised exception is provided as an argument. +include::../execution.asciidoc[]