Class DelegatePkiRequest
- All Implemented Interfaces:
JsonpSerializable
This API implements the exchange of an X509Certificate chain for an
Elasticsearch access token. The certificate chain is validated, according to
RFC 5280, by sequentially considering the trust configuration of every
installed PKI realm that has delegation.enabled set to
true. A successfully trusted client certificate is also subject
to the validation of the subject distinguished name according to thw
username_pattern of the respective realm.
This API is called by smart and trusted proxies, such as Kibana, which terminate the user's TLS session but still want to authenticate the user by using a PKI realm—-as if the user connected directly to Elasticsearch.
IMPORTANT: The association between the subject public key in the target certificate and the corresponding private key is not validated. This is part of the TLS authentication process and it is delegated to the proxy that calls this API. The proxy is trusted to have performed the TLS authentication and this API translates that authentication into an Elasticsearch access token.
- See Also:
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class co.elastic.clients.elasticsearch._types.RequestBase
RequestBase.AbstractBuilder<BuilderT extends RequestBase.AbstractBuilder<BuilderT>> -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final JsonpDeserializer<DelegatePkiRequest>Json deserializer forDelegatePkiRequeststatic final Endpoint<DelegatePkiRequest,DelegatePkiResponse, ErrorResponse> Endpoint "security.delegate_pki". -
Method Summary
Modifier and TypeMethodDescriptionstatic DelegatePkiRequestvoidserialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper) Serialize this object to JSON.protected voidserializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper) protected static voidRequired - The X509Certificate chain, which is represented as an ordered string array.Methods inherited from class co.elastic.clients.elasticsearch._types.RequestBase
toString
-
Field Details
-
_DESERIALIZER
Json deserializer forDelegatePkiRequest -
_ENDPOINT
Endpoint "security.delegate_pki".
-
-
Method Details
-
of
public static DelegatePkiRequest of(Function<DelegatePkiRequest.Builder, ObjectBuilder<DelegatePkiRequest>> fn) -
x509CertificateChain
Required - The X509Certificate chain, which is represented as an ordered string array. Each string in the array is a base64-encoded (Section 4 of RFC4648 - not base64url-encoded) of the certificate's DER encoding.The first element is the target certificate that contains the subject distinguished name that is requesting access. This may be followed by additional certificates; each subsequent certificate is used to certify the previous one.
API name:
x509_certificate_chain -
serialize
Serialize this object to JSON.- Specified by:
serializein interfaceJsonpSerializable
-
serializeInternal
-
setupDelegatePkiRequestDeserializer
protected static void setupDelegatePkiRequestDeserializer(ObjectDeserializer<DelegatePkiRequest.Builder> op)
-