User account management - WormBase/db-prototypes GitHub Wiki

This stuff may change considerably depending on decisions made about how to run HTTP servers, etc. Therefore don't recommend doing too much work to automate it until you're happy with server architecture.

Creating a new user

    @(d/transact con [{:db/id #db/id[:db.part/user]
                       :user/name "fredbloggs"
                       :user/email "[email protected]"          ; Used for logon.
                       :user/wbperson [:person/id "WBPerson12345"]}])  ; If absent, can't edit database

Changing details

Normal Datomic transaction stuff should work!

Creating a client SSL certificate

Assumes 'certs' is our working directory of certificate files, and certs/server.jks is the keystore/truststore used by the server.

     keytool -genkey -alias fredbloggs -keyalg RSA -keystore certs/fredbloggs.jks

     # When prompted, enter details.  In particular, the "What is your name?" question refers to
     # the CN of the certificate, and is used to link the user back to the database, so remember this!

     keytool -export -file certs/server.cert -keystore certs/server.jks -storepass <passwd> -alias wormnames
     keytool -import -file certs/server.cert -keystore certs/fredbloggs.jks -storepass <client-passwd> -alias wormnames
     
     keytool -export -file certs/fredbloggs.cert -keystore certs/fredbloggs.jks -storepass client -alias fredbloggs
     keytool -import -file certs/fredbloggs.cert -keystore certs/server.jks -storepass <passwd> -alias fredbloggs

     # Transact with Datomic to associate the key with an existing user account.

     @(d/transact con [{:db/id #db/id[:db.part/user]
                        :user/name "fredbloggs"
                        :user/x500-cn "Fred Bloggs"}])     ; Or whatever is in the CN field of the certificate

At this point you've got keystore (.jks file) that Java clients can use, and is registered with the server. You may need to restart the server for it to be recognised.

For clients which can't use .jks files, you need a few more steps to convert the certificate into PEM format:

     keytool -importkeystore -srckeystore certs/fredbloggs.jks -destkeystore certs/fredbloggs.p12 -srcstoretype jks -deststoretype pkcs12
     openssl pkcs12 -in fredbloggs.p12 -out fredbloggs-key.pem -nocerts
     openssl pkcs12 -in fredbloggs.p12 -out fredbloggs-cert.pem -clcerts -nokeys
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️