protected X509Certificate2 AskServerForClientCertificate(string serverCertPath, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance = SecurityClearance.ValidUser, RavenServer server = null)
{
var serverCertificate = new X509Certificate2(serverCertPath);
X509Certificate2 clientCertificate;
using (var store = GetDocumentStore(new Options
{
Server = server,
ClientCertificate = serverCertificate,
AdminCertificate = serverCertificate
}))
{
var requestExecutor = store.GetRequestExecutor();
using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context))
{
var command = new CreateClientCertificateOperation("client certificate", permissions, clearance)
.GetCommand(store.Conventions, context);
requestExecutor.Execute(command, context);
using (var archive = new ZipArchive(new MemoryStream(command.Result.RawData)))
{
var entry = archive.Entries.First(e => string.Equals(Path.GetExtension(e.Name), ".pfx", StringComparison.OrdinalIgnoreCase));
using (var stream = entry.Open())
{
var destination = new MemoryStream();
stream.CopyTo(destination);
clientCertificate = new X509Certificate2(destination.ToArray());
}
}
}
}
return(clientCertificate);
}
public ClientCertificate()
{
using (var store = new DocumentStore())
{
{
#region cert_1_4
// With user role set to Cluster Administator or Operator the user of this certificate
// is going to have access to all databases
CreateClientCertificateOperation operation =
new CreateClientCertificateOperation(
"admin", null, SecurityClearance.Operator);
CertificateRawData certificateRawData =
store.Maintenance.Server.Send(operation);
byte[] cert = certificateRawData.RawData;
#endregion
}
{
#region cert_1_5
// when security clearance is ValidUser, you need to specify per database permissions
CreateClientCertificateOperation operation =
new CreateClientCertificateOperation(
"user1", new Dictionary <string, DatabaseAccess>
{
{ "Northwind", DatabaseAccess.Admin }
}, SecurityClearance.ValidUser, "myPassword");
CertificateRawData certificateRawData =
store.Maintenance.Server.Send(operation);
byte[] cert = certificateRawData.RawData;
#endregion
}
{
#region get_cert_2
string thumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b";
CertificateDefinition definition =
store.Maintenance.Server.Send(new GetCertificateOperation(thumbprint));
#endregion
}
{
#region get_certs_2
CertificateDefinition[] definitions =
store.Maintenance.Server.Send(new GetCertificatesOperation(0, 20));
#endregion
}
{
#region cert_put_2
X509Certificate2 certificate = new X509Certificate2("c:\\path_to_pfx_file");
store.Maintenance.Server.Send(
new PutClientCertificateOperation(
"cert1", certificate, null, SecurityClearance.ClusterAdmin));
#endregion
}
}
}
protected X509Certificate2 AskServerForClientCertificate(string serverCertPath, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance = SecurityClearance.ValidUser, RavenServer server = null)
{
var serverCertificate = new X509Certificate2(serverCertPath);
X509Certificate2 clientCertificate;
using (var store = GetDocumentStore(new Options
{
Server = server,
ClientCertificate = serverCertificate,
AdminCertificate = serverCertificate
}))
{
var requestExecutor = store.GetRequestExecutor();
using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context))
{
var command = new CreateClientCertificateOperation("client certificate", permissions, clearance)
.GetCommand(store.Conventions, context);
requestExecutor.Execute(command, context);
clientCertificate = new X509Certificate2(command.Result.RawData);
}
}
return(clientCertificate);
}