Fix get certificates HLRC API (#36198)
- GetSslCertificatesRequest need not implement toXContentObject - getRequest() returns a new Request object - Add tests for GetSslCertificatesResponse - Adjust docs to the new format
This commit is contained in:
parent
ee05ef1312
commit
77e6ef7b20
|
@ -22,28 +22,19 @@ package org.elasticsearch.client.security;
|
||||||
import org.apache.http.client.methods.HttpGet;
|
import org.apache.http.client.methods.HttpGet;
|
||||||
import org.elasticsearch.client.Request;
|
import org.elasticsearch.client.Request;
|
||||||
import org.elasticsearch.client.Validatable;
|
import org.elasticsearch.client.Validatable;
|
||||||
import org.elasticsearch.common.xcontent.ToXContentObject;
|
|
||||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Request object to retrieve the X.509 certificates that are used to encrypt communications in an Elasticsearch cluster.
|
* Request object to retrieve the X.509 certificates that are used to encrypt communications in an Elasticsearch cluster.
|
||||||
*/
|
*/
|
||||||
public final class GetSslCertificatesRequest implements Validatable, ToXContentObject {
|
public final class GetSslCertificatesRequest implements Validatable{
|
||||||
|
|
||||||
public static final GetSslCertificatesRequest INSTANCE = new GetSslCertificatesRequest();
|
public static final GetSslCertificatesRequest INSTANCE = new GetSslCertificatesRequest();
|
||||||
private final Request request;
|
|
||||||
|
|
||||||
private GetSslCertificatesRequest() {
|
private GetSslCertificatesRequest(){
|
||||||
request = new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public Request getRequest() {
|
public Request getRequest() {
|
||||||
return request;
|
return new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates");
|
||||||
}
|
}
|
||||||
|
|
||||||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
|
|
||||||
return builder.startObject().endObject();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,7 +80,7 @@ public final class CertificateInfo {
|
||||||
return serialNumber;
|
return serialNumber;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isHasPrivateKey() {
|
public boolean hasPrivateKey() {
|
||||||
return hasPrivateKey;
|
return hasPrivateKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,109 @@
|
||||||
|
/*
|
||||||
|
* Licensed to Elasticsearch under one or more contributor
|
||||||
|
* license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright
|
||||||
|
* ownership. Elasticsearch licenses this file to you under
|
||||||
|
* the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.elasticsearch.client.security;
|
||||||
|
|
||||||
|
import org.elasticsearch.client.security.support.CertificateInfo;
|
||||||
|
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||||
|
import org.elasticsearch.test.ESTestCase;
|
||||||
|
import org.elasticsearch.test.EqualsHashCodeTestUtils;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import static org.elasticsearch.test.AbstractXContentTestCase.xContentTester;
|
||||||
|
|
||||||
|
public class GetSslCertificatesResponseTests extends ESTestCase {
|
||||||
|
public void testFromXContent() throws IOException {
|
||||||
|
xContentTester(
|
||||||
|
this::createParser,
|
||||||
|
this::createTestInstance,
|
||||||
|
this::toXContent,
|
||||||
|
GetSslCertificatesResponse::fromXContent)
|
||||||
|
.supportsUnknownFields(false)
|
||||||
|
.test();
|
||||||
|
}
|
||||||
|
public void testEqualsAndHashCode() {
|
||||||
|
final GetSslCertificatesResponse reponse = createTestInstance();
|
||||||
|
EqualsHashCodeTestUtils.checkEqualsAndHashCode(reponse, this::copy,
|
||||||
|
this::mutate);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected GetSslCertificatesResponse createTestInstance() {
|
||||||
|
final CertificateInfo info1 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance",
|
||||||
|
"CN=Elastic Certificate Tool Autogenerated CA", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
|
||||||
|
false, "2021-01-15T20:42:49.000Z");
|
||||||
|
final CertificateInfo info2 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "ca",
|
||||||
|
"CN=Elastic Certificate Tool Autogenerated CA", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
|
||||||
|
false, "2021-01-15T20:42:49.000Z");
|
||||||
|
final CertificateInfo info3 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance",
|
||||||
|
"CN=instance", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
|
||||||
|
true, "2021-01-15T20:44:32.000Z");
|
||||||
|
return new GetSslCertificatesResponse(Arrays.asList(info1, info2, info3));
|
||||||
|
}
|
||||||
|
|
||||||
|
private void toXContent(GetSslCertificatesResponse response, XContentBuilder builder) throws IOException {
|
||||||
|
builder.startArray();
|
||||||
|
for (CertificateInfo info : response.getCertificates()){
|
||||||
|
builder.startObject();
|
||||||
|
builder.field(CertificateInfo.PATH.getPreferredName(), info.getPath());
|
||||||
|
builder.field(CertificateInfo.FORMAT.getPreferredName(), info.getFormat());
|
||||||
|
builder.field(CertificateInfo.ALIAS.getPreferredName(), info.getAlias());
|
||||||
|
builder.field(CertificateInfo.SUBJECT_DN.getPreferredName(), info.getSubjectDn());
|
||||||
|
builder.field(CertificateInfo.SERIAL_NUMBER.getPreferredName(), info.getSerialNumber());
|
||||||
|
builder.field(CertificateInfo.HAS_PRIVATE_KEY.getPreferredName(), info.hasPrivateKey());
|
||||||
|
builder.field(CertificateInfo.EXPIRY.getPreferredName(), info.getExpiry());
|
||||||
|
builder.endObject();
|
||||||
|
}
|
||||||
|
builder.endArray();
|
||||||
|
}
|
||||||
|
|
||||||
|
private GetSslCertificatesResponse copy(GetSslCertificatesResponse original) {
|
||||||
|
final List<CertificateInfo> infoList = new ArrayList<>(original.getCertificates());
|
||||||
|
return new GetSslCertificatesResponse(infoList);
|
||||||
|
}
|
||||||
|
|
||||||
|
private GetSslCertificatesResponse mutate(GetSslCertificatesResponse original) {
|
||||||
|
final int i = randomIntBetween(1,5);
|
||||||
|
final List<CertificateInfo> infoList = new ArrayList<>(original.getCertificates());
|
||||||
|
switch (i) {
|
||||||
|
case 1:
|
||||||
|
infoList.remove(0);
|
||||||
|
return new GetSslCertificatesResponse(infoList);
|
||||||
|
case 2:
|
||||||
|
final CertificateInfo info = new CertificateInfo("certs/elastic-certificates.crt", "PEM", "instance",
|
||||||
|
"CN=instance2", "a20f0ee901e8f64t33ff633e5cd5437cdb4137",
|
||||||
|
true, "2028-01-15T20:44:32.000Z");
|
||||||
|
infoList.add(info);
|
||||||
|
return new GetSslCertificatesResponse(infoList);
|
||||||
|
case 3:
|
||||||
|
final CertificateInfo info2 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance",
|
||||||
|
"CN=instance1", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
|
||||||
|
true, "2021-01-15T20:44:32.000Z");
|
||||||
|
infoList.remove(2);
|
||||||
|
infoList.add(info2);
|
||||||
|
return new GetSslCertificatesResponse(infoList);
|
||||||
|
default:
|
||||||
|
return new GetSslCertificatesResponse(Collections.emptyList());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,53 +1,35 @@
|
||||||
[[java-rest-high-security-get-certificates]]
|
|
||||||
|
--
|
||||||
|
:api: get-certificates
|
||||||
|
:response: GetSslCertificatesResponse
|
||||||
|
--
|
||||||
|
|
||||||
|
|
||||||
|
[id="{upid}-{api}"]
|
||||||
=== SSL Certificate API
|
=== SSL Certificate API
|
||||||
|
|
||||||
[[java-rest-high-security-get-certificates-execution]]
|
[id="{upid}-{api}-request"]
|
||||||
==== Execution
|
==== Get Certificates Request
|
||||||
|
|
||||||
The X.509 Certificates that are used to encrypt communications in an
|
The X.509 Certificates that are used to encrypt communications in an
|
||||||
Elasticsearch cluster using the `security().getSslCertificates()` method:
|
Elasticsearch cluster using the `security().getSslCertificates()` method:
|
||||||
|
|
||||||
["source","java",subs="attributes,callouts,macros"]
|
["source","java",subs="attributes,callouts,macros"]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute]
|
include-tagged::{doc-tests}/SecurityDocumentationIT.java[{api}-execute]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
|
||||||
[[java-rest-high-security-get-certificates-response]]
|
[id="{upid}-{api}-response"]
|
||||||
==== Response
|
==== Get Certificates Response
|
||||||
|
|
||||||
The returned `GetSslCertificatesResponse` contains a single field, `certificates`.
|
The returned +{response}+ contains a single field, `certificates`.
|
||||||
This field, accessed with `getCertificates` returns a List of `CertificateInfo`
|
This field, accessed with `getCertificates` returns a List of `CertificateInfo`
|
||||||
objects containing the information for all the certificates used.
|
objects containing the information for all the certificates used.
|
||||||
|
|
||||||
["source","java",subs="attributes,callouts,macros"]
|
["source","java",subs="attributes,callouts,macros"]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-response]
|
include-tagged::{doc-tests}/SecurityDocumentationIT.java[{api}-response]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
<1> `certificates` is a List of `CertificateInfo`
|
<1> `certificates` is a List of `CertificateInfo`
|
||||||
|
|
||||||
[[java-rest-high-security-get-certificates-execute-async]]
|
include::../execution.asciidoc[]
|
||||||
==== Asynchronous Execution
|
|
||||||
|
|
||||||
This request can be executed asynchronously using the `security().getSslCertificatesAsync()`
|
|
||||||
method:
|
|
||||||
|
|
||||||
["source","java",subs="attributes,callouts,macros"]
|
|
||||||
--------------------------------------------------
|
|
||||||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute-async]
|
|
||||||
--------------------------------------------------
|
|
||||||
<1> The `ActionListener` to use when the execution completes.
|
|
||||||
|
|
||||||
The asynchronous method does not block and returns immediately. Once the request
|
|
||||||
has completed the `ActionListener` is called back using the `onResponse` method
|
|
||||||
if the execution successfully completed or using the `onFailure` method if
|
|
||||||
it failed.
|
|
||||||
|
|
||||||
A typical listener for a `GetSslCertificatesResponse` looks like:
|
|
||||||
|
|
||||||
["source","java",subs="attributes,callouts,macros"]
|
|
||||||
--------------------------------------------------
|
|
||||||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute-listener]
|
|
||||||
--------------------------------------------------
|
|
||||||
<1> Called when the execution is successfully completed. The response is
|
|
||||||
provided as an argument.
|
|
||||||
<2> Called in case of failure. The raised exception is provided as an argument.
|
|
||||||
|
|
Loading…
Reference in New Issue