public EditClientCertificateCommand(string thumbprint, string name, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance) { _thumbprint = thumbprint; _name = name; _permissions = permissions; _clearance = clearance; }
public PutClientCertificateCommand(string name, X509Certificate2 certificate, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance) { _certificate = certificate ?? throw new ArgumentNullException(nameof(certificate)); _permissions = permissions ?? throw new ArgumentNullException(nameof(permissions)); _name = name; _clearance = clearance; }
protected X509Certificate2 CreateAndPutClientCertificate(string serverCertPath, RavenServer.CertificateHolder serverCertificateHolder, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance, RavenServer server = null) { var clientCertificate = CertificateUtils.CreateSelfSignedClientCertificate("RavenTestsClient", serverCertificateHolder, out _); var serverCertificate = new X509Certificate2(serverCertPath); using (var store = GetDocumentStore(new Options { AdminCertificate = serverCertificate, Server = server })) { var requestExecutor = store.GetRequestExecutor(); using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context)) { var command = new PutClientCertificateOperation("RavenTestsClient", clientCertificate, permissions, clearance) .GetCommand(store.Conventions, context); requestExecutor.Execute(command, context); } } return(clientCertificate); }
public CreateClientCertificateOperation(string name, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance, string password = null) { _name = name ?? throw new ArgumentNullException(nameof(name)); _permissions = permissions ?? throw new ArgumentNullException(nameof(permissions)); _clearance = clearance; _password = password; }
public static SecurityClearance MakeSecurityClearance1() { SecurityClearance securityClearance1 = new SecurityClearance() { SecurityClearanceName = "none" }; return(securityClearance1); }
public static SecurityClearance MakeSecurityClearance2() { SecurityClearance securityClearance2 = new SecurityClearance() { SecurityClearanceName = "retired" }; return(securityClearance2); }
public static SecurityClearance MakeSecurityClearance5() { SecurityClearance securityClearance3 = new SecurityClearance() { SecurityClearanceName = "secret" }; return(securityClearance3); }
public ActionResult AddAgent() { var agent = new Agent(); var agencies = new Agencies(); var clear = new SecurityClearance(); var agents = new AgentVM(agent, agencies.All(), clear.All()); return(View(agents)); }
public EditClientCertificateOperation(Parameters parameters) { if (parameters == null) { throw new ArgumentNullException(nameof(parameters)); } _name = parameters.Name ?? throw new ArgumentNullException(nameof(parameters.Name)); _thumbprint = parameters.Thumbprint ?? throw new ArgumentNullException(nameof(parameters.Thumbprint)); _permissions = parameters.Permissions ?? throw new ArgumentNullException(nameof(parameters.Permissions)); _clearance = parameters.Clearance; }
public ActionResult AddAgent(Agent agent) { var repo = new AgentRepo(); repo.Add(agent); var agencies = new Agencies(); var clear = new SecurityClearance(); var agents = new AgentVM(agent, agencies.All(), clear.All()); return(Redirect("/")); }
public ActionResult EditAgent(int id) { var xd = repo.GrabID(id); // this part is where I will be calling upon the repo in services to return a list. var assin = new Assignment(); var agencies = new Agencies(); var clear = new SecurityClearance(); var agents = new AssignVM(xd, agencies.All(), clear.All(), assin); return(View(agents)); }
public X509Certificate2 RegisterClientCertificate( X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance = SecurityClearance.ValidUser, RavenServer server = null, string certificateName = "client certificate") { using var store = _parent.GetDocumentStore(new Options { CreateDatabase = false, Server = server, ClientCertificate = serverCertificate, AdminCertificate = serverCertificate, ModifyDocumentStore = s => s.Conventions = new DocumentConventions { DisableTopologyUpdates = true } }); store.Maintenance.Server.Send(new PutClientCertificateOperation(certificateName, clientCertificate, permissions, clearance)); return(clientCertificate); }
private async Task AssertDatabaseDebugInfoEntries(string dbName, Dictionary <string, DatabaseAccess> databaseAccesses, SecurityClearance securityClearance, string[] shouldContain) { var certificates = SetupServerAuthentication(); var adminCert = RegisterClientCertificate(certificates.ServerCertificate.Value, certificates.ClientCertificate1.Value, new Dictionary <string, DatabaseAccess>(), SecurityClearance.ClusterAdmin); var userCert = RegisterClientCertificate(certificates.ServerCertificate.Value, certificates.ClientCertificate2.Value, databaseAccesses, securityClearance); using var store = GetDocumentStore(new Options { AdminCertificate = adminCert, ClientCertificate = userCert, ModifyDatabaseName = s => dbName }); var requestExecutor = store.GetRequestExecutor(store.Database); await using var response = await requestExecutor.HttpClient.GetStreamAsync($"{store.Urls.First()}/databases/{dbName}/debug/info-package"); using var archive = new ZipArchive(response); var entries = archive.Entries.Select(e => e.Name).ToArray(); var shouldContainButNot = shouldContain.Except(entries).ToArray(); var shouldNotContainButDo = entries.Except(shouldContain).ToArray(); Assert.True(shouldContainButNot.Any() == false && shouldNotContainButDo.Any() == false, $"Should contain \"{string.Join(", ", shouldContainButNot)}\", Should not contain \"{string.Join(", ", shouldNotContainButDo)}\""); }
protected X509Certificate2 AskServerForClientCertificate(string serverCertPath, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance = SecurityClearance.ValidUser, RavenServer server = null) { var serverCertificate = new X509Certificate2(serverCertPath); X509Certificate2 clientCertificate; using (var store = GetDocumentStore(new Options { Server = server, ClientCertificate = serverCertificate, AdminCertificate = serverCertificate })) { var requestExecutor = store.GetRequestExecutor(); using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context)) { var command = new CreateClientCertificateOperation("client certificate", permissions, clearance) .GetCommand(store.Conventions, context); requestExecutor.Execute(command, context); using (var archive = new ZipArchive(new MemoryStream(command.Result.RawData))) { var entry = archive.Entries.First(e => string.Equals(Path.GetExtension(e.Name), ".pfx", StringComparison.OrdinalIgnoreCase)); using (var stream = entry.Open()) { var destination = new MemoryStream(); stream.CopyTo(destination); clientCertificate = new X509Certificate2(destination.ToArray()); } } } } return(clientCertificate); }
public X509Certificate2 RegisterClientCertificate(TestCertificatesHolder certificates, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance = SecurityClearance.ValidUser, RavenServer server = null) { return(RegisterClientCertificate(certificates.ServerCertificate.Value, certificates.ClientCertificate1.Value, permissions, clearance, server)); }
/// <summary> /// Request creation of a client certificate for the specified user. /// </summary> /// <param name="serverOperations"> /// The server operations client. /// </param> /// <param name="subjectName"> /// The name of the security principal that the certificate will represent. /// </param> /// <param name="protectedWithPassword"> /// The password that the certificate will be protected with. /// </param> /// <param name="clearance"> /// Rights assigned to the user. /// </param> /// <param name="permissions"> /// Database-level permissions assigned to the user. /// </param> /// <param name="cancellationToken"> /// An optional <see cref="CancellationToken"/> that can be used to cancel the request. /// </param> /// <returns> /// A byte array containing the PKCS12-encoded (i.e. PFX) certificate and private key. /// </returns> public static async Task <byte[]> CreateClientCertificate(this ServerOperationExecutor serverOperations, string subjectName, string protectedWithPassword, SecurityClearance clearance, Dictionary <string, DatabaseAccess> permissions = null, CancellationToken cancellationToken = default) { if (serverOperations == null) { throw new ArgumentNullException(nameof(serverOperations)); } if (String.IsNullOrWhiteSpace(subjectName)) { throw new ArgumentException("Argument cannot be null, empty, or entirely composed of whitespace: 'userName'.", nameof(subjectName)); } CertificateRawData clientCertificatePfx = await serverOperations.SendAsync( new CreateClientCertificateOperation( subjectName, permissions ?? new Dictionary <string, DatabaseAccess>(), clearance, protectedWithPassword ), cancellationToken ); return(clientCertificatePfx.RawData); }
/// <summary> /// Register a client certificate for the specified user. /// </summary> /// <param name="serverOperations"> /// The server operations client. /// </param> /// <param name="subjectName"> /// The name of the security principal that the certificate will represent. /// </param> /// <param name="certificate"> /// The client certificate to register. /// </param> /// <param name="clearance"> /// Rights assigned to the user. /// </param> /// <param name="permissions"> /// Database-level permissions assigned to the user. /// </param> /// <param name="cancellationToken"> /// An optional <see cref="CancellationToken"/> that can be used to cancel the request. /// </param> /// <returns> /// A <see cref="Task"/> representing the operation. /// </returns> public static async Task PutClientCertificate(this ServerOperationExecutor serverOperations, string subjectName, X509Certificate2 certificate, SecurityClearance clearance, Dictionary <string, DatabaseAccess> permissions = null, CancellationToken cancellationToken = default) { if (serverOperations == null) { throw new ArgumentNullException(nameof(serverOperations)); } if (String.IsNullOrWhiteSpace(subjectName)) { throw new ArgumentException("Argument cannot be null, empty, or entirely composed of whitespace: 'userName'.", nameof(subjectName)); } if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } await serverOperations.SendAsync( new PutClientCertificateOperation( subjectName, certificate, permissions ?? new Dictionary <string, DatabaseAccess>(), clearance ), cancellationToken ); }
public X509Certificate2 CreateAndPutExpiredClientCertificate(string serverCertPath, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance = SecurityClearance.ValidUser) { var serverCertificate = new X509Certificate2(serverCertPath, (string)null, X509KeyStorageFlags.MachineKeySet); var serverCertificateHolder = new SecretProtection(new SecurityConfiguration()).LoadCertificateFromPath(serverCertPath, null, Server.ServerStore); var clientCertificate = CertificateUtils.CreateSelfSignedExpiredClientCertificate("expired client cert", serverCertificateHolder); using (var store = GetDocumentStore(new Options { AdminCertificate = serverCertificate, ClientCertificate = serverCertificate })) { var requestExecutor = store.GetRequestExecutor(); using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context)) { var command = new PutClientCertificateOperation("expired client cert", clientCertificate, permissions, clearance) .GetCommand(store.Conventions, context); requestExecutor.Execute(command, context); } } return(clientCertificate); }
protected X509Certificate2 AskServerForClientCertificate(string serverCertPath, Dictionary <string, DatabaseAccess> permissions, SecurityClearance clearance = SecurityClearance.ValidUser, RavenServer server = null) { var serverCertificate = new X509Certificate2(serverCertPath); X509Certificate2 clientCertificate; using (var store = GetDocumentStore(new Options { Server = server, ClientCertificate = serverCertificate, AdminCertificate = serverCertificate })) { var requestExecutor = store.GetRequestExecutor(); using (requestExecutor.ContextPool.AllocateOperationContext(out JsonOperationContext context)) { var command = new CreateClientCertificateOperation("client certificate", permissions, clearance) .GetCommand(store.Conventions, context); requestExecutor.Execute(command, context); clientCertificate = new X509Certificate2(command.Result.RawData); } } return(clientCertificate); }