Fix get certificates HLRC API (#36198)

- GetSslCertificatesRequest need not implement toXContentObject
- getRequest() returns a new Request object
- Add tests for GetSslCertificatesResponse
- Adjust docs to the new format

client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java

@@ -22,28 +22,19 @@ package org.elasticsearch.client.security;
 import org.apache.http.client.methods.HttpGet;
 import org.elasticsearch.client.Request;
 import org.elasticsearch.client.Validatable;
-import org.elasticsearch.common.xcontent.ToXContentObject;
-import org.elasticsearch.common.xcontent.XContentBuilder;
-
-import java.io.IOException;
 
 /**
  * Request object to retrieve the X.509 certificates that are used to encrypt communications in an Elasticsearch cluster.
  */
-public final class GetSslCertificatesRequest implements Validatable, ToXContentObject {
+public final class GetSslCertificatesRequest implements Validatable{
 
     public static final GetSslCertificatesRequest INSTANCE = new GetSslCertificatesRequest();
-    private final Request request;
 
-    private GetSslCertificatesRequest() {
-        request = new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates");
+    private GetSslCertificatesRequest(){
     }
 
     public Request getRequest() {
-        return request;
+        return new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates");
     }
 
-    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
-        return builder.startObject().endObject();
-    }
 }

client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/CertificateInfo.java

@@ -80,7 +80,7 @@ public final class CertificateInfo {
         return serialNumber;
     }
 
-    public boolean isHasPrivateKey() {
+    public boolean hasPrivateKey() {
         return hasPrivateKey;
     }
 

client/rest-high-level/src/test/java/org/elasticsearch/client/security/GetSslCertificatesResponseTests.java

@@ -0,0 +1,109 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.security.support.CertificateInfo;
+import org.elasticsearch.common.xcontent.XContentBuilder;
+import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.test.EqualsHashCodeTestUtils;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import static org.elasticsearch.test.AbstractXContentTestCase.xContentTester;
+
+public class GetSslCertificatesResponseTests extends ESTestCase {
+    public void testFromXContent() throws IOException {
+        xContentTester(
+            this::createParser,
+            this::createTestInstance,
+            this::toXContent,
+            GetSslCertificatesResponse::fromXContent)
+            .supportsUnknownFields(false)
+            .test();
+    }
+    public void testEqualsAndHashCode() {
+        final GetSslCertificatesResponse reponse = createTestInstance();
+        EqualsHashCodeTestUtils.checkEqualsAndHashCode(reponse, this::copy,
+            this::mutate);
+    }
+
+    protected GetSslCertificatesResponse createTestInstance() {
+        final CertificateInfo info1 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance",
+            "CN=Elastic Certificate Tool Autogenerated CA", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
+            false, "2021-01-15T20:42:49.000Z");
+        final CertificateInfo info2 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "ca",
+            "CN=Elastic Certificate Tool Autogenerated CA", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
+            false, "2021-01-15T20:42:49.000Z");
+        final CertificateInfo info3 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance",
+            "CN=instance", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
+            true, "2021-01-15T20:44:32.000Z");
+        return new GetSslCertificatesResponse(Arrays.asList(info1, info2, info3));
+    }
+
+    private void toXContent(GetSslCertificatesResponse response, XContentBuilder builder) throws IOException {
+        builder.startArray();
+        for (CertificateInfo info : response.getCertificates()){
+            builder.startObject();
+            builder.field(CertificateInfo.PATH.getPreferredName(), info.getPath());
+            builder.field(CertificateInfo.FORMAT.getPreferredName(), info.getFormat());
+            builder.field(CertificateInfo.ALIAS.getPreferredName(), info.getAlias());
+            builder.field(CertificateInfo.SUBJECT_DN.getPreferredName(), info.getSubjectDn());
+            builder.field(CertificateInfo.SERIAL_NUMBER.getPreferredName(), info.getSerialNumber());
+            builder.field(CertificateInfo.HAS_PRIVATE_KEY.getPreferredName(), info.hasPrivateKey());
+            builder.field(CertificateInfo.EXPIRY.getPreferredName(), info.getExpiry());
+            builder.endObject();
+        }
+        builder.endArray();
+    }
+
+    private GetSslCertificatesResponse copy(GetSslCertificatesResponse original) {
+        final List<CertificateInfo> infoList = new ArrayList<>(original.getCertificates());
+        return new GetSslCertificatesResponse(infoList);
+    }
+
+    private GetSslCertificatesResponse mutate(GetSslCertificatesResponse original) {
+        final int i = randomIntBetween(1,5);
+        final List<CertificateInfo> infoList = new ArrayList<>(original.getCertificates());
+        switch (i) {
+            case 1:
+                infoList.remove(0);
+                return new GetSslCertificatesResponse(infoList);
+            case 2:
+                final CertificateInfo info = new CertificateInfo("certs/elastic-certificates.crt", "PEM", "instance",
+                    "CN=instance2", "a20f0ee901e8f64t33ff633e5cd5437cdb4137",
+                    true, "2028-01-15T20:44:32.000Z");
+                infoList.add(info);
+                return new GetSslCertificatesResponse(infoList);
+            case 3:
+                final CertificateInfo info2 = new CertificateInfo("certs/elastic-certificates.p12", "PKCS12", "instance",
+                    "CN=instance1", "a20f0ee901e8f69dc633ff633e5cd5437cdb4137",
+                    true, "2021-01-15T20:44:32.000Z");
+                infoList.remove(2);
+                infoList.add(info2);
+                return new GetSslCertificatesResponse(infoList);
+             default:
+                 return new GetSslCertificatesResponse(Collections.emptyList());
+        }
+    }
+}

docs/java-rest/high-level/security/get-certificates.asciidoc

@@ -1,53 +1,35 @@
-[[java-rest-high-security-get-certificates]]
+
+--
+:api: get-certificates
+:response: GetSslCertificatesResponse
+--
+
+
+[id="{upid}-{api}"]
 === SSL Certificate API
 
-[[java-rest-high-security-get-certificates-execution]]
-==== Execution
+[id="{upid}-{api}-request"]
+==== Get Certificates Request
 
 The X.509 Certificates that are used to encrypt communications in an
 Elasticsearch cluster using the `security().getSslCertificates()` method:
 
 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute]
+include-tagged::{doc-tests}/SecurityDocumentationIT.java[{api}-execute]
 --------------------------------------------------
 
-[[java-rest-high-security-get-certificates-response]]
-==== Response
+[id="{upid}-{api}-response"]
+==== Get Certificates Response
 
-The returned `GetSslCertificatesResponse` contains a single field, `certificates`.
+The returned +{response}+ contains a single field, `certificates`.
 This field, accessed with `getCertificates` returns a List of `CertificateInfo`
 objects containing the information for all the certificates used.
 
 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-response]
+include-tagged::{doc-tests}/SecurityDocumentationIT.java[{api}-response]
 --------------------------------------------------
 <1> `certificates` is a List of `CertificateInfo`
 
-[[java-rest-high-security-get-certificates-execute-async]]
-==== Asynchronous Execution
-
-This request can be executed asynchronously using the `security().getSslCertificatesAsync()`
-method:
-
-["source","java",subs="attributes,callouts,macros"]
---------------------------------------------------
-include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute-async]
---------------------------------------------------
-<1> The `ActionListener` to use when the execution completes.
-
-The asynchronous method does not block and returns immediately. Once the request
-has completed the `ActionListener` is called back using the `onResponse` method
-if the execution successfully completed or using the `onFailure` method if
-it failed.
-
-A typical listener for a `GetSslCertificatesResponse` looks like:
-
-["source","java",subs="attributes,callouts,macros"]
---------------------------------------------------
-include-tagged::{doc-tests}/SecurityDocumentationIT.java[get-certificates-execute-listener]
---------------------------------------------------
-<1> Called when the execution is successfully completed. The response is
-provided as an argument.
-<2> Called in case of failure. The raised exception is provided as an argument.
+include::../execution.asciidoc[]