#  Licensed to Elasticsearch B.V. under one or more contributor
#  license agreements. See the NOTICE file distributed with
#  this work for additional information regarding copyright
#  ownership. Elasticsearch B.V. licenses this file to you under
#  the Apache License, Version 2.0 (the "License"); you may
#  not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
# 	http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing,
#  software distributed under the License is distributed on an
#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
#  KIND, either express or implied.  See the License for the
#  specific language governing permissions and limitations
#  under the License.

import typing as t

from elastic_transport import ObjectApiResponse

from ._base import NamespacedClient
from .utils import _rewrite_parameters


class SslClient(NamespacedClient):

    @_rewrite_parameters()
    async def certificates(
        self,
        *,
        error_trace: t.Optional[bool] = None,
        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
        human: t.Optional[bool] = None,
        pretty: t.Optional[bool] = None,
    ) -> ObjectApiResponse[t.Any]:
        """
        .. raw:: html

          <p>Get SSL certificates.</p>
          <p>Get information about the X.509 certificates that are used to encrypt communications in the cluster.
          The API returns a list that includes certificates from all TLS contexts including:</p>
          <ul>
          <li>Settings for transport and HTTP interfaces</li>
          <li>TLS settings that are used within authentication realms</li>
          <li>TLS settings for remote monitoring exporters</li>
          </ul>
          <p>The list includes certificates that are used for configuring trust, such as those configured in the <code>xpack.security.transport.ssl.truststore</code> and <code>xpack.security.transport.ssl.certificate_authorities</code> settings.
          It also includes certificates that are used for configuring server identity, such as <code>xpack.security.http.ssl.keystore</code> and <code>xpack.security.http.ssl.certificate settings</code>.</p>
          <p>The list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.</p>
          <p>NOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.</p>
          <p>If Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.</p>


        `<https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ssl-certificates>`_
        """
        __path_parts: t.Dict[str, str] = {}
        __path = "/_ssl/certificates"
        __query: t.Dict[str, t.Any] = {}
        if error_trace is not None:
            __query["error_trace"] = error_trace
        if filter_path is not None:
            __query["filter_path"] = filter_path
        if human is not None:
            __query["human"] = human
        if pretty is not None:
            __query["pretty"] = pretty
        __headers = {"accept": "application/json"}
        return await self.perform_request(  # type: ignore[return-value]
            "GET",
            __path,
            params=__query,
            headers=__headers,
            endpoint_id="ssl.certificates",
            path_parts=__path_parts,
        )