Module org.elasticsearch.xcore

Package org.elasticsearch.xpack.core.security.action.apikey

Class ApiKeyCredentials

java.lang.Object

org.elasticsearch.xpack.core.security.action.apikey.ApiKeyCredentials

All Implemented Interfaces:

Closeable, AutoCloseable, AuthenticationToken

public final class ApiKeyCredentials
extends Object
implements AuthenticationToken, Closeable

Credentials for API key authentication. Holds the decoded id and secret from the encoded API key string (Base64(id + ":" + secret)).

Constructor Summary

Constructors

Constructor	Description
ApiKeyCredentials(String id, SecureString key, ApiKey.Type expectedType)
ApiKeyCredentials(String id, SecureString key, ApiKey.Type expectedType, String certificateIdentity)

Method Summary

Modifier and Type	Method	Description
void	clearCredentials()
void	close()
Object	credentials()
String	getCertificateIdentity()	The identity (Subject DistinguishedName) of the X.509 certificate that was provided by the client alongside the API during authenticate.
ApiKey.Type	getExpectedType()
String	getId()
SecureString	getKey()
static ApiKeyCredentials	parse(SecureString apiKeyString, String certificateIdentity, ApiKey.Type expectedType)	Parses the encoded API key credential (Base64(id + ":" + secret)) into an ApiKeyCredentials instance.
String	principal()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ApiKeyCredentials

public ApiKeyCredentials(String id,
 SecureString key,
 ApiKey.Type expectedType)

ApiKeyCredentials

public ApiKeyCredentials(String id,
 SecureString key,
 ApiKey.Type expectedType,
 @Nullable
 String certificateIdentity)

Method Details

parse

public static ApiKeyCredentials parse(SecureString apiKeyString,
 @Nullable
 String certificateIdentity,
 ApiKey.Type expectedType)

Parses the encoded API key credential (Base64(id + ":" + secret)) into an ApiKeyCredentials instance.

Parameters:

apiKeyString - the encoded API key string, or null

certificateIdentity - optional certificate identity for cross-cluster API keys

expectedType - the expected API key type (validates secret length for cross-cluster keys)

Returns:

the parsed credentials, or null if apiKeyString is null

Throws:

IllegalArgumentException - if the value is invalid

getId

public String getId()

getKey

public SecureString getKey()

close

public void close()

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable

principal

public String principal()

Specified by:

principal in interface AuthenticationToken

credentials

public Object credentials()

Specified by:

credentials in interface AuthenticationToken

clearCredentials

public void clearCredentials()

Specified by:

clearCredentials in interface AuthenticationToken

getExpectedType

public ApiKey.Type getExpectedType()

getCertificateIdentity

public String getCertificateIdentity()

The identity (Subject DistinguishedName) of the X.509 certificate that was provided by the client alongside the API during authenticate. At the time of writing, the only place where this is used is for cross cluster request signing