Class StoreCertificateManager

Namespace

MarymoorStudios.Core.Rpc.Identity

Assembly

MarymoorStudios.Core.Rpc.Identity.dll

An implementation of CertificateManager that stores its certificates in an X509Store.

public sealed class StoreCertificateManager : CertificateManager, IDisposable, IAsyncDisposable

Inheritance

object

CertificateManager

StoreCertificateManager

Implements

IDisposable

IAsyncDisposable

Inherited Members

CertificateManager.Dispose()

CertificateManager.DisposeAsync()

object.GetType()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Constructors

StoreCertificateManager(UserIdentity, AdmissionManager)

public StoreCertificateManager(UserIdentity identity, AdmissionManager admission)

Parameters

identity UserIdentity

admission AdmissionManager

StoreCertificateManager(string, string, Claim[], AdmissionManager)

public StoreCertificateManager(string name, string email, Claim[] claims, AdmissionManager admission)

Parameters

name string

email string

claims Claim[]

admission AdmissionManager

Properties

ClientOptions

The TLS client options used to negotiate authentication parameters.

public override SslClientAuthenticationOptions ClientOptions { get; }

Property Value

SslClientAuthenticationOptions

Endorsements

Endorsements to support Identity.

public override EndorsementCollection Endorsements { get; }

Property Value

EndorsementCollection

Identity

The identity.

public override UserIdentity Identity { get; }

Property Value

UserIdentity

ServerOptions

The TLS server options used to negotiate authentication parameters.

public override SslServerAuthenticationOptions ServerOptions { get; }

Property Value

SslServerAuthenticationOptions

Methods

Dispose(bool)

protected override void Dispose(bool disposing)

Parameters

disposing bool

GetIdentities(string)

Enumerates the identities in the store.

public static IEnumerable<UserIdentity> GetIdentities(string filter = "")

Parameters

filter string

An optional filter that can match either name or email.

Returns

IEnumerable<UserIdentity>

RemoveIdentity(UserIdentity)

Removes the identity from the store.

public static bool RemoveIdentity(UserIdentity identity)

Parameters

identity UserIdentity

The identity to remove.

Returns

bool

True if successful, false otherwise.

TryAdmit(UserIdentity, IEnumerable<Endorsement>, DateTime)

Checks if the user can be admitted.

public override ValueTask<bool> TryAdmit(UserIdentity identity, IEnumerable<Endorsement> endorsements, DateTime timestamp)

Parameters

identity UserIdentity

The identity of the user to be admitted.

endorsements IEnumerable<Endorsement>

Endorsements that support identity.

timestamp DateTime

The timestamp.

Returns

ValueTask<bool>

True if the user should be admitted, false otherwise.

TryAdmit(X509Certificate, IEnumerable<Endorsement>, DateTime)

Checks if the user can be admitted.

public override ValueTask<(bool IsAdmitted, UserIdentity Identity)> TryAdmit(X509Certificate cert, IEnumerable<Endorsement> endorsements, DateTime timestamp)

Parameters

cert X509Certificate

The user's certificate.

endorsements IEnumerable<Endorsement>

Endorsements that support cert.

timestamp DateTime

The timestamp.

Returns

ValueTask<(bool IsAdmitted, UserIdentity Identity)>

(True, the admitted identity) if the user should be admitted, (false, undefined) otherwise.

TryCreateIdentity(string, string, out UserIdentity)

Creates a new identity.

public static bool TryCreateIdentity(string name, string email, out UserIdentity identity)

Parameters

name string

The unique name of the identity.

email string

An email to associate with the identity.

identity UserIdentity

If successful, the identity, otherwise.

Returns

bool

True if successful, false an identity with the same name already exists.

TryGetIdentity(string, string, out UserIdentity)

Loads an existing identity.

public static bool TryGetIdentity(string name, string email, out UserIdentity identity)

Parameters

name string

The unique name of the identity.

email string

An email to associate with the identity.

identity UserIdentity

If successful, the identity, otherwise.

Returns

bool

True if successful, false an identity with the same name already exists.

TrySignData(ReadOnlySpan<byte>, out ReadOnlyMemory<byte>)

Signs data with the Identity private key.

public override bool TrySignData(ReadOnlySpan<byte> data, out ReadOnlyMemory<byte> signature)

Parameters

data ReadOnlySpan<byte>

The data to sign.

signature ReadOnlyMemory<byte>

The signature, if successful, undefined otherwise.

Returns

bool

True if successful, false otherwise.

ValidateData(ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>)

Validates a signature over the data.

public override bool ValidateData(ReadOnlySpan<byte> publicKey, ReadOnlySpan<byte> data, ReadOnlySpan<byte> signature)

Parameters

publicKey ReadOnlySpan<byte>

The public key whose private key was used to sign the data.

data ReadOnlySpan<byte>

The data that was signed.

signature ReadOnlySpan<byte>

The signature to validate.

Returns

bool

True if successful, false otherwise.