예제 #1
0
        public ClientCertificate()
        {
            using (var store = new DocumentStore())
            {
                {
                    #region cert_1_4
                    // With user role set to Cluster Administator or Operator the user of this certificate
                    // is going to have access to all databases
                    CreateClientCertificateOperation operation =
                        new CreateClientCertificateOperation(
                            "admin", null, SecurityClearance.Operator);
                    CertificateRawData certificateRawData =
                        store.Maintenance.Server.Send(operation);
                    byte[] cert = certificateRawData.RawData;
                    #endregion
                }

                {
                    #region cert_1_5
                    // when security clearance is ValidUser, you need to specify per database permissions
                    CreateClientCertificateOperation operation =
                        new CreateClientCertificateOperation(
                            "user1", new Dictionary <string, DatabaseAccess>
                    {
                        { "Northwind", DatabaseAccess.Admin }
                    }, SecurityClearance.ValidUser, "myPassword");
                    CertificateRawData certificateRawData =
                        store.Maintenance.Server.Send(operation);
                    byte[] cert = certificateRawData.RawData;
                    #endregion
                }

                {
                    #region get_cert_2
                    string thumbprint = "a909502dd82ae41433e6f83886b00d4277a32a7b";
                    CertificateDefinition definition =
                        store.Maintenance.Server.Send(new GetCertificateOperation(thumbprint));
                    #endregion
                }

                {
                    #region get_certs_2
                    CertificateDefinition[] definitions =
                        store.Maintenance.Server.Send(new GetCertificatesOperation(0, 20));
                    #endregion
                }

                {
                    #region cert_put_2
                    X509Certificate2 certificate = new X509Certificate2("c:\\path_to_pfx_file");
                    store.Maintenance.Server.Send(
                        new PutClientCertificateOperation(
                            "cert1", certificate, null, SecurityClearance.ClusterAdmin));
                    #endregion
                }
            }
        }
        /// <summary>
        ///     Request creation of a client certificate for the specified user.
        /// </summary>
        /// <param name="serverOperations">
        ///     The server operations client.
        /// </param>
        /// <param name="subjectName">
        ///     The name of the security principal that the certificate will represent.
        /// </param>
        /// <param name="protectedWithPassword">
        ///     The password that the certificate will be protected with.
        /// </param>
        /// <param name="clearance">
        ///     Rights assigned to the user.
        /// </param>
        /// <param name="permissions">
        ///     Database-level permissions assigned to the user.
        /// </param>
        /// <param name="cancellationToken">
        ///     An optional <see cref="CancellationToken"/> that can be used to cancel the request.
        /// </param>
        /// <returns>
        ///     A byte array containing the PKCS12-encoded (i.e. PFX) certificate and private key.
        /// </returns>
        public static async Task <byte[]> CreateClientCertificate(this ServerOperationExecutor serverOperations, string subjectName, string protectedWithPassword, SecurityClearance clearance, Dictionary <string, DatabaseAccess> permissions = null, CancellationToken cancellationToken = default)
        {
            if (serverOperations == null)
            {
                throw new ArgumentNullException(nameof(serverOperations));
            }

            if (String.IsNullOrWhiteSpace(subjectName))
            {
                throw new ArgumentException("Argument cannot be null, empty, or entirely composed of whitespace: 'userName'.", nameof(subjectName));
            }

            CertificateRawData clientCertificatePfx = await serverOperations.SendAsync(
                new CreateClientCertificateOperation(
                    subjectName,
                    permissions ?? new Dictionary <string, DatabaseAccess>(),
                    clearance,
                    protectedWithPassword
                    ),
                cancellationToken
                );

            return(clientCertificatePfx.RawData);
        }