public ClientCertificate()
{
using (var store = new DocumentStore())
{
{
#region cert_1_4
// With user role set to Cluster Administator or Operator the user of this certificate
// is going to have access to all databases
CreateClientCertificateOperation operation =
new CreateClientCertificateOperation(
"admin", null, SecurityClearance.Operator);
CertificateRawData certificateRawData =
store.Maintenance.Server.Send(operation);
byte[] cert = certificateRawData.RawData;
#endregion
}
{
#region cert_1_5
// when security clearance is ValidUser, you need to specify per database permissions
CreateClientCertificateOperation operation =
new CreateClientCertificateOperation(
"user1", new Dictionary <string, DatabaseAccess>
{
{ "Northwind", DatabaseAccess.Admin }
}, SecurityClearance.ValidUser, "myPassword");
CertificateRawData certificateRawData =
store.Maintenance.Server.Send(operation);
byte[] cert = certificateRawData.RawData;
#endregion
}
{
#region get_cert_2
string thumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b";
CertificateDefinition definition =
store.Maintenance.Server.Send(new GetCertificateOperation(thumbprint));
#endregion
}
{
#region get_certs_2
CertificateDefinition[] definitions =
store.Maintenance.Server.Send(new GetCertificatesOperation(0, 20));
#endregion
}
{
#region cert_put_2
X509Certificate2 certificate = new X509Certificate2("c:\\path_to_pfx_file");
store.Maintenance.Server.Send(
new PutClientCertificateOperation(
"cert1", certificate, null, SecurityClearance.ClusterAdmin));
#endregion
}
}
}
/// <summary>
/// Request creation of a client certificate for the specified user.
/// </summary>
/// <param name="serverOperations">
/// The server operations client.
/// </param>
/// <param name="subjectName">
/// The name of the security principal that the certificate will represent.
/// </param>
/// <param name="protectedWithPassword">
/// The password that the certificate will be protected with.
/// </param>
/// <param name="clearance">
/// Rights assigned to the user.
/// </param>
/// <param name="permissions">
/// Database-level permissions assigned to the user.
/// </param>
/// <param name="cancellationToken">
/// An optional <see cref="CancellationToken"/> that can be used to cancel the request.
/// </param>
/// <returns>
/// A byte array containing the PKCS12-encoded (i.e. PFX) certificate and private key.
/// </returns>
public static async Task <byte[]> CreateClientCertificate(this ServerOperationExecutor serverOperations, string subjectName, string protectedWithPassword, SecurityClearance clearance, Dictionary <string, DatabaseAccess> permissions = null, CancellationToken cancellationToken = default)
{
if (serverOperations == null)
{
throw new ArgumentNullException(nameof(serverOperations));
}
if (String.IsNullOrWhiteSpace(subjectName))
{
throw new ArgumentException("Argument cannot be null, empty, or entirely composed of whitespace: 'userName'.", nameof(subjectName));
}
CertificateRawData clientCertificatePfx = await serverOperations.SendAsync(
new CreateClientCertificateOperation(
subjectName,
permissions ?? new Dictionary <string, DatabaseAccess>(),
clearance,
protectedWithPassword
),
cancellationToken
);
return(clientCertificatePfx.RawData);
}
