Operations: Server: How to Generate a Client Certificate
You can generate a client certificate using CreateClientCertificateOperation.
Syntax
public CreateClientCertificateOperation(String name,
Map<String, DatabaseAccess> permissions,
SecurityClearance clearance)
public CreateClientCertificateOperation(String name,
Map<String, DatabaseAccess> permissions,
SecurityClearance clearance,
String password)
public enum SecurityClearance {
UNAUTHENTICATED_CLIENTS,
CLUSTER_ADMIN,
CLUSTER_NODE,
OPERATOR,
VALID_USER
}
public enum DatabaseAccess {
READ_WRITE,
ADMIN
}
Parameters |
|
|
name |
String |
Name of a certificate |
permissions |
Map<String, DatabaseAccess> |
Map with database to access level mapping |
clearance |
SecurityClearance |
Access level |
password |
String |
Optional certificate password, default: no password |
Return Value |
|
RawData |
client certificate raw data |
Example I
// With user role set to Cluster Administrator or Operator the user of this certificate
// is going to have access to all databases
CreateClientCertificateOperation operation = new CreateClientCertificateOperation("admin",
null, SecurityClearance.OPERATOR);
CertificateRawData certificateRawData = store.maintenance().server().send(operation);
byte[] certificatesZipped = certificateRawData.getRawData();
Example II
// when security clearance is ValidUser, you need to specify per database permissions
CreateClientCertificateOperation operation = new CreateClientCertificateOperation("user1",
Collections.singletonMap("Northwind", DatabaseAccess.ADMIN),
SecurityClearance.VALID_USER,
"myPassword");
CertificateRawData certificateRawData = store.maintenance().server().send(operation);
byte[] certificateZipped = certificateRawData.getRawData();