protected X509Certificate2 CreateAndPutClientCertificate(string serverCertPath,
RavenServer.CertificateHolder serverCertificateHolder,
Dictionary <string, DatabaseAccess> permissions,
SecurityClearance clearance,
RavenServer server = null)
{
var clientCertificate = CertificateUtils.CreateSelfSignedClientCertificate("RavenTestsClient", serverCertificateHolder, out _);
var serverCertificate = new X509Certificate2(serverCertPath);
using (var store = GetDocumentStore(new Options
{
AdminCertificate = serverCertificate,
Server = server
}))
{
var requestExecutor = store.GetRequestExecutor();
using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context))
{
var command = new PutClientCertificateOperation("RavenTestsClient", clientCertificate, permissions, clearance)
.GetCommand(store.Conventions, context);
requestExecutor.Execute(command, context);
}
}
return(clientCertificate);
}
public static X509Certificate2 CreateSelfSignedExpiredClientCertificate(string commonNameValue, RavenServer.CertificateHolder certificateHolder)
{
var readCertificate = new X509CertificateParser().ReadCertificate(certificateHolder.Certificate.Export(X509ContentType.Cert));
CreateSelfSignedCertificateBasedOnPrivateKey(
commonNameValue,
readCertificate.SubjectDN,
(certificateHolder.PrivateKey.Key, readCertificate.GetPublicKey()),
true,
false,
-1,
out var certBytes);
return(new X509Certificate2(certBytes, (string)null, X509KeyStorageFlags.MachineKeySet));
}
public static X509Certificate2 CreateSelfSignedClientCertificate(string commonNameValue, RavenServer.CertificateHolder certificateHolder, out byte[] certBytes)
{
var serverCertBytes = certificateHolder.Certificate.Export(X509ContentType.Cert);
var readCertificate = new X509CertificateParser().ReadCertificate(serverCertBytes);
CreateSelfSignedCertificateBasedOnPrivateKey(
commonNameValue,
readCertificate.SubjectDN,
(certificateHolder.PrivateKey.Key, readCertificate.GetPublicKey()),
true,
false,
5,
out certBytes);
ValidateNoPrivateKeyInServerCert(serverCertBytes);
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
var serverCert = DotNetUtilities.FromX509Certificate(certificateHolder.Certificate);
store.Load(new MemoryStream(certBytes), Array.Empty <char>());
store.SetCertificateEntry(serverCert.SubjectDN.ToString(), new X509CertificateEntry(serverCert));
var memoryStream = new MemoryStream();
store.Save(memoryStream, Array.Empty <char>(), GetSeededSecureRandom());
certBytes = memoryStream.ToArray();
var cert = new X509Certificate2(certBytes, (string)null, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
return(cert);
}
public static X509Certificate2 CreateSelfSignedExpiredClientCertificate(string commonNameValue, RavenServer.CertificateHolder certificateHolder)
{
var readCertificate = new X509CertificateParser().ReadCertificate(certificateHolder.Certificate.Export(X509ContentType.Cert));
return(CreateSelfSignedCertificateBasedOnPrivateKey(
commonNameValue,
readCertificate.SubjectDN,
(certificateHolder.PrivateKey.Key, readCertificate.GetPublicKey()),
true,
false,
-1,
out _));
}
public static X509Certificate2 CreateSelfSignedExpiredClientCertificate(string commonNameValue, RavenServer.CertificateHolder certificateHolder)
{
return(CreateSelfSignedCertificateBasedOnPrivateKey(
commonNameValue,
certificateHolder.Certificate.Subject,
certificateHolder.PrivateKey.Key,
true,
-1));
}
