public Task GeneratePullReplicationCertificate()
{
if (ServerStore.Server.Certificate?.Certificate == null)
{
throw new BadRequestException("This endpoint requires secured server.");
}
ServerStore.LicenseManager.AssertCanAddPullReplicationAsHub();
var validYears = GetIntValueQueryString("validYears", required: false) ?? 0; // 0 yr. will set the expiration to 3 months
var notAfter = validYears == 0 ? DateTime.UtcNow.AddMonths(3) : DateTime.UtcNow.AddYears(validYears);
var log = new StringBuilder();
var commonNameValue = "PullReplicationAutogeneratedCertificate";
CertificateUtils.CreateCertificateAuthorityCertificate(commonNameValue + " CA", out var ca, out var caSubjectName, log);
CertificateUtils.CreateSelfSignedCertificateBasedOnPrivateKey(commonNameValue, caSubjectName, ca, false, false, notAfter, out var certBytes, log: log);
var certificateWithPrivateKey = new X509Certificate2(certBytes, (string)null, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
certificateWithPrivateKey.Verify();
var keyPairInfo = new PullReplicationCertificate
{
PublicKey = Convert.ToBase64String(certificateWithPrivateKey.Export(X509ContentType.Cert)),
Thumbprint = certificateWithPrivateKey.Thumbprint,
Certificate = Convert.ToBase64String(certificateWithPrivateKey.Export(X509ContentType.Pfx))
};
using (ContextPool.AllocateOperationContext(out DocumentsOperationContext context))
using (var writer = new BlittableJsonTextWriter(context, ResponseBodyStream()))
{
writer.WriteStartObject();
writer.WritePropertyName(nameof(keyPairInfo.PublicKey));
writer.WriteString(keyPairInfo.PublicKey);
writer.WriteComma();
writer.WritePropertyName(nameof(keyPairInfo.Certificate));
writer.WriteString(keyPairInfo.Certificate);
writer.WriteComma();
writer.WritePropertyName(nameof(keyPairInfo.Thumbprint));
writer.WriteString(keyPairInfo.Thumbprint);
writer.WriteEndObject();
}
return(Task.CompletedTask);
}
