cmtlssupport

package

v1.3.1 Latest Latest Go to latest Published: Dec 27, 2023 License: Apache-2.0 Imports: 16 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

git.chainmaker.org.cn/chainmaker/net-common

Links

Open Source Insights

Documentation ¶

Index ¶

func AppendNewCertsToTrustRoots(tlsTrustRoots *ChainTrustRoots, chainId string, certPemBytes []byte) (bool, error)
func GetCertAndPeerIdWithKeyPair(certPEMBlock []byte, keyPEMBlock []byte) (*cmTls.Certificate, string, error)
func GetCertAndPeerIdWithKeyPair4Quic(certPEMBlock []byte, keyPEMBlock []byte) (*cmTls.Certificate, string, error)
func NewTlsConfigWithCertMode(certificates []cmTls.Certificate, certValidator *CertValidator) (*cmTls.Config, error)
func NewTlsConfigWithPubKeyMode(sk crypto.PrivateKey, certValidator *CertValidator) (*cmTls.Config, error)
func NewTlsConfigWithPubKeyMode4Quic(sk crypto.PrivateKey, certValidator *CertValidator) (*cmTls.Config, error)
func ParseQTLSCertToCMTLSCert(cert tls.Certificate) cmTls.Certificate
func PrivateKeyToCertificate(privateKey crypto.PrivateKey) (*cmTls.Certificate, error)
func PrivateKeyToCertificate4Quic(privateKey crypto.PrivateKey) (*cmTls.Certificate, error)
type CertValidator
- func NewCertValidator(pkMod bool, memberStatusValidator *common.MemberStatusValidator, ...) *CertValidator
type ChainTrustRoots
- func BuildTlsTrustRoots(chainTrustRoots map[string][][]byte) (*ChainTrustRoots, error)
- func NewChainTrustRoots() *ChainTrustRoots
type DerivedInfoWithCert

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AppendNewCertsToTrustRoots ¶

func AppendNewCertsToTrustRoots(tlsTrustRoots *ChainTrustRoots, chainId string, certPemBytes []byte) (bool, error)

AppendNewCertsToTrustRoots will load all cert from cert pem bytes, then append them to chain trust roots.

func GetCertAndPeerIdWithKeyPair ¶

func GetCertAndPeerIdWithKeyPair(certPEMBlock []byte, keyPEMBlock []byte) (*cmTls.Certificate, string, error)

GetCertAndPeerIdWithKeyPair will create a tls cert with x509 key pair and load the peer id from cert.

func GetCertAndPeerIdWithKeyPair4Quic ¶

func GetCertAndPeerIdWithKeyPair4Quic(certPEMBlock []byte, keyPEMBlock []byte) (*cmTls.Certificate, string, error)

GetCertAndPeerIdWithKeyPair4Quic will create a tls cert with qx509 key pair and load the peer id from cert.

func NewTlsConfigWithCertMode ¶

func NewTlsConfigWithCertMode(
	certificates []cmTls.Certificate,
	certValidator *CertValidator,
) (*cmTls.Config, error)

NewTlsConfigWithCertMode create a new tls config with tls certificates for tls handshake.

func NewTlsConfigWithPubKeyMode ¶

func NewTlsConfigWithPubKeyMode(
	sk crypto.PrivateKey,
	certValidator *CertValidator,
) (*cmTls.Config, error)

NewTlsConfigWithPubKeyMode create a new tls config with a tls certificate wrapped the public key of the private key for tls handshake.

func NewTlsConfigWithPubKeyMode4Quic ¶

func NewTlsConfigWithPubKeyMode4Quic(
	sk crypto.PrivateKey,
	certValidator *CertValidator,
) (*cmTls.Config, error)

NewTlsConfigWithPubKeyMode4Quic create a new tls config with a tls certificate wrapped the public key of the private key for tls handshake. Just for quic network.

func ParseQTLSCertToCMTLSCert ¶

func ParseQTLSCertToCMTLSCert(cert tls.Certificate) cmTls.Certificate

ParseQTLSCertToCMTLSCert parse the tls cert to chainmaker tls cert

func PrivateKeyToCertificate ¶

func PrivateKeyToCertificate(privateKey crypto.PrivateKey) (*cmTls.Certificate, error)

PrivateKeyToCertificate create a certificate simply with a private key.

func PrivateKeyToCertificate4Quic ¶

func PrivateKeyToCertificate4Quic(privateKey crypto.PrivateKey) (*cmTls.Certificate, error)

PrivateKeyToCertificate4Quic create a certificate simply with a private key. Just for quic network.

Types ¶

type CertValidator ¶

type CertValidator struct {
	// contains filtered or unexported fields
}

CertValidator wraps a ChainTrustRoots instance and a common.MemberStatusValidator. It provides a function for verifying peer certificate when tls handshaking. In handshaking process, the function will load remote tls certificate and verify it by the access control module of each blockchain, also load remote peer id and cert id. All these infos will stored in validator. These infos could be queried with QueryDerivedInfoWithPeerId method, and could be removed with CleanDerivedInfoWithPeerId method.

func NewCertValidator ¶

func NewCertValidator(pkMod bool, memberStatusValidator *common.MemberStatusValidator,
	roots *ChainTrustRoots) *CertValidator

NewCertValidator create a new CertValidator instance.

func (*CertValidator) DeleteDerivedInfoWithPeerId ¶ added in v1.1.0

func (v *CertValidator) DeleteDerivedInfoWithPeerId(peerId string)

DeleteDerivedInfoWithPeerId if the certificate verify failed, delete the DerivedInfo

func (*CertValidator) QueryDerivedInfoWithPeerId ¶

func (v *CertValidator) QueryDerivedInfoWithPeerId(peerId string) *DerivedInfoWithCert

QueryDerivedInfoWithPeerId return all infos that loaded with VerifyPeerCertificateFunc and stored in validator.

func (*CertValidator) VerifyPeerCertificateFunc ¶

func (v *CertValidator) VerifyPeerCertificateFunc() func(rawCerts [][]byte, _ [][]*cmx509.Certificate) error

VerifyPeerCertificateFunc provides a function for verify peer certificate in tls config. In handshaking process, the function will load remote tls certificate and verify it by the access control module of each blockchain, also load remote peer id and cert id. All these infos will stored in validator.

type ChainTrustRoots ¶

type ChainTrustRoots struct {
	// contains filtered or unexported fields
}

ChainTrustRoots keep the trust root cert pools and the trust intermediates cert pools of all chains.

func BuildTlsTrustRoots ¶

func BuildTlsTrustRoots(chainTrustRoots map[string][][]byte) (*ChainTrustRoots, error)

BuildTlsTrustRoots . @Description: build the cert pool with cert bytes of chain. @param chainTrustRoots: @return *ChainTrustRoots: @return error:

func NewChainTrustRoots ¶

func NewChainTrustRoots() *ChainTrustRoots

NewChainTrustRoots . @Description: create a new ChainTrustRoots instance. @return *ChainTrustRoots:

func (*ChainTrustRoots) AddIntermediates ¶

func (ctr *ChainTrustRoots) AddIntermediates(chainId string, intermediates *cmx509.Certificate)

AddIntermediates . @Description: add a trust intermediates cert to cert pool. @receiver ctr @param chainId: @param intermediates:

func (*ChainTrustRoots) AddRoot ¶

func (ctr *ChainTrustRoots) AddRoot(chainId string, root *cmx509.Certificate)

AddRoot . @Description: add a trust root cert to cert pool. @receiver ctr @param chainId: @param root:

func (*ChainTrustRoots) AppendIntermediatesFromPem ¶

func (ctr *ChainTrustRoots) AppendIntermediatesFromPem(chainId string, intermediatesPem []byte) bool

AppendIntermediatesFromPem . @Description: append trust intermediates certs from pem bytes to cert pool. @receiver ctr @param chainId: @param intermediatesPem: @return bool:

func (*ChainTrustRoots) AppendRootsFromPem ¶

func (ctr *ChainTrustRoots) AppendRootsFromPem(chainId string, rootPem []byte) bool

AppendRootsFromPem . @Description: append trust root certs from pem bytes to cert pool. @receiver ctr @param chainId: @param rootPem: @return bool:

func (*ChainTrustRoots) IntermediatesPool ¶

func (ctr *ChainTrustRoots) IntermediatesPool(chainId string) (*cmx509.CertPool, bool)

IntermediatesPool . @Description: return the trust intermediates cert pool of the chain which id is the id given. @receiver ctr @param chainId: @return *cmx509.CertPool: @return bool:

func (*ChainTrustRoots) RefreshIntermediatesFromPem ¶

func (ctr *ChainTrustRoots) RefreshIntermediatesFromPem(chainId string, intermediatesPem [][]byte) bool

RefreshIntermediatesFromPem . @Description: reset all trust intermediates certs from pem bytes array to cert pool. @receiver ctr @param chainId: @param intermediatesPem: @return bool:

func (*ChainTrustRoots) RefreshRootsFromPem ¶

func (ctr *ChainTrustRoots) RefreshRootsFromPem(chainId string, rootsPem [][]byte) bool

RefreshRootsFromPem . @Description: reset all trust root certs from pem bytes array to cert pool. @receiver ctr @param chainId: @param rootsPem: @return bool:

func (*ChainTrustRoots) RootsPool ¶

func (ctr *ChainTrustRoots) RootsPool(chainId string) (*cmx509.CertPool, bool)

RootsPool . @Description: return the trust root cert pool of the chain which id is the id given. @receiver ctr @param chainId: @return *cmx509.CertPool: @return bool:

func (*ChainTrustRoots) VerifyCert ¶

func (ctr *ChainTrustRoots) VerifyCert(cert *cmx509.Certificate) ([]string, error)

VerifyCert . @Description: verify the cert given. If ok, return chain id list. @receiver ctr @param cert: @return []string: @return error:

func (*ChainTrustRoots) VerifyCertOfChain ¶

func (ctr *ChainTrustRoots) VerifyCertOfChain(chainId string, cert *cmx509.Certificate) bool

VerifyCertOfChain . @Description: verify the cert given with chainId. If ok, return true. @receiver ctr @param chainId: @param cert: @return bool:

type DerivedInfoWithCert ¶

type DerivedInfoWithCert struct {
	TlsCertBytes []byte
	PubKeyBytes  []byte
	ChainIds     []string
	PeerId       string
	CertId       string
}

DerivedInfoWithCert contains infos loaded from tls cert when verifying peer certificate.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL