Documentation ¶
Index ¶
- type AddAffiliationRequest
- type AddAffiliationRequestNet
- type AddIdentityRequest
- type AddIdentityRequestNet
- type AffiliationInfo
- type AffiliationResponse
- type Attribute
- type AttributeRequest
- type BasicKeyRequest
- type CSRInfo
- type CertificateResponse
- type EnrollmentRequest
- type EnrollmentRequestNet
- type GenCRLRequest
- type GenCRLResponse
- type GetAllIDsResponse
- type GetCAInfoRequest
- type GetCRIRequest
- type GetCRIResponse
- type GetCertificatesRequest
- type GetCertificatesRequestNet
- type GetIDResponse
- type GetTCertBatchRequest
- type GetTCertBatchRequestNet
- type GetTCertBatchResponse
- type GetTCertBatchResponseNet
- type IdemixEnrollmentRequestNet
- type IdentityInfo
- type IdentityResponse
- type KeySig
- type ModifyAffiliationRequest
- type ModifyAffiliationRequestNet
- type ModifyIdentityRequest
- type ModifyIdentityRequestNet
- type ReenrollmentRequest
- type ReenrollmentRequestNet
- type RegistrationRequest
- type RegistrationRequestNet
- type RegistrationResponse
- type RegistrationResponseNet
- type RemoveAffiliationRequest
- type RemoveIdentityRequest
- type RevocationRequest
- type RevocationRequestNet
- type RevocationResponse
- type RevokedCert
- type TCert
- type TimeRange
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddAffiliationRequest ¶ added in v1.1.0
type AddAffiliationRequest struct { Name string `json:"name"` Force bool `json:"force"` CAName string `json:"caname,omitempty"` }
AddAffiliationRequest represents the request to add a new affiliation to the fabric-ca-server
type AddAffiliationRequestNet ¶ added in v1.1.0
type AddAffiliationRequestNet struct {
AddAffiliationRequest
}
AddAffiliationRequestNet is a network request for adding a new affiliation
type AddIdentityRequest ¶ added in v1.1.0
type AddIdentityRequest struct { ID string `json:"id" skip:"true"` Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"` Affiliation string `json:"affiliation" help:"The identity's affiliation"` Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` MaxEnrollments int `` /* 153-byte string literal not displayed */ // Secret is an optional password. If not specified, // a random secret is generated. In both cases, the secret // is returned in the RegistrationResponse. Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being added"` CAName string `json:"caname,omitempty" skip:"true"` }
AddIdentityRequest represents the request to add a new identity to the fabric-ca-server
type AddIdentityRequestNet ¶ added in v1.1.0
type AddIdentityRequestNet struct {
AddIdentityRequest
}
AddIdentityRequestNet is a network request for adding a new identity
type AffiliationInfo ¶ added in v1.1.0
type AffiliationInfo struct { Name string `json:"name"` Affiliations []AffiliationInfo `json:"affiliations,omitempty"` Identities []IdentityInfo `json:"identities,omitempty"` }
AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.
type AffiliationResponse ¶ added in v1.1.0
type AffiliationResponse struct { AffiliationInfo `mapstructure:",squash"` CAName string `json:"caname,omitempty"` }
AffiliationResponse contains the response for get, add, modify, and remove an affiliation
type Attribute ¶
type Attribute struct { Name string `json:"name"` Value string `json:"value"` ECert bool `json:"ecert,omitempty"` }
Attribute is a name and value pair
type AttributeRequest ¶ added in v1.1.0
type AttributeRequest struct { Name string `json:"name"` Optional bool `json:"optional,omitempty"` }
AttributeRequest is a request for an attribute. This implements the certmgr/AttributeRequest interface.
func (*AttributeRequest) GetName ¶ added in v1.1.0
func (ar *AttributeRequest) GetName() string
GetName returns the name of an attribute being requested
func (*AttributeRequest) IsRequired ¶ added in v1.1.0
func (ar *AttributeRequest) IsRequired() bool
IsRequired returns true if the attribute being requested is required
type BasicKeyRequest ¶ added in v1.1.0
type BasicKeyRequest struct { Algo string `json:"algo" yaml:"algo" help:"Specify key algorithm"` Size int `json:"size" yaml:"size" help:"Specify key size"` ReuseKey bool `json:"reusekey" yaml:"reusekey" help:"Reuse existing key during reenrollment"` }
BasicKeyRequest encapsulates size and algorithm for the key to be generated If ReuseKey is set, reenrollment requests will reuse the existing private key.
func NewBasicKeyRequest ¶ added in v1.1.0
func NewBasicKeyRequest() *BasicKeyRequest
NewBasicKeyRequest returns the BasicKeyRequest object that is constructed from the object returned by the csr.NewBasicKeyRequest() function
type CSRInfo ¶
type CSRInfo struct { CN string `json:"CN"` Names []csr.Name `json:"names,omitempty"` Hosts []string `json:"hosts,omitempty"` KeyRequest *BasicKeyRequest `json:"key,omitempty"` CA *csr.CAConfig `json:"ca,omitempty" hide:"true"` SerialNumber string `json:"serial_number,omitempty"` }
CSRInfo is Certificate Signing Request (CSR) Information
type CertificateResponse ¶ added in v1.2.0
type CertificateResponse struct {
Certs []string `json:"certs"`
}
CertificateResponse contains the response from Get or Delete certificate request.
type EnrollmentRequest ¶
type EnrollmentRequest struct { // The identity name to enroll Name string `json:"name" skip:"true"` // The secret returned via Register Secret string `json:"secret,omitempty" skip:"true" mask:"password"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` // AttrReqs are requests for attributes to add to the certificate. // Each attribute is added only if the requestor owns the attribute. AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` // Profile is the name of the signing profile to use in issuing the X509 certificate Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"` // Label is the label to use in HSM operations Label string `json:"label,omitempty" help:"Label to use in HSM operations"` // CSR is Certificate Signing Request info CSR *CSRInfo `json:"csr,omitempty" skip:"true"` // Skipping this because we pull the CSR from the CSR flags // The type of the enrollment request: x509 or idemix // The default is a request for an X509 enrollment certificate Type string `def:"x509" help:"The type of enrollment request: 'x509' or 'idemix'"` }
EnrollmentRequest is a request to enroll an identity
func (EnrollmentRequest) String ¶ added in v1.1.0
func (er EnrollmentRequest) String() string
type EnrollmentRequestNet ¶
type EnrollmentRequestNet struct { signer.SignRequest CAName string AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` }
EnrollmentRequestNet is a request to enroll an identity
type GenCRLRequest ¶ added in v1.1.0
type GenCRLRequest struct { CAName string `json:"caname,omitempty" skip:"true"` RevokedAfter time.Time `json:"revokedafter,omitempty"` RevokedBefore time.Time `json:"revokedbefore,omitempty"` ExpireAfter time.Time `json:"expireafter,omitempty"` ExpireBefore time.Time `json:"expirebefore,omitempty"` }
GenCRLRequest represents a request to get CRL for the specified certificate authority
type GenCRLResponse ¶ added in v1.1.0
type GenCRLResponse struct { // CRL is PEM-encoded certificate revocation list (CRL) that contains requested unexpired revoked certificates CRL []byte }
GenCRLResponse represents a response to get CRL
type GetAllIDsResponse ¶ added in v1.1.0
type GetAllIDsResponse struct { Identities []IdentityInfo `json:"identities"` CAName string `json:"caname,omitempty"` }
GetAllIDsResponse is the response from the GetAllIdentities call
type GetCAInfoRequest ¶
type GetCAInfoRequest struct {
CAName string `json:"caname,omitempty" skip:"true"`
}
GetCAInfoRequest is request to get generic CA information
type GetCRIRequest ¶ added in v1.2.0
type GetCRIRequest struct {
CAName string `json:"caname,omitempty" skip:"true"`
}
GetCRIRequest is a request to send to server to get Idemix credential revocation information
type GetCRIResponse ¶ added in v1.2.0
type GetCRIResponse struct { // CRI is base64 encoded proto bytes of idemix.CredentialRevocationInformation CRI string }
GetCRIResponse is the response from the server for get CRI request
type GetCertificatesRequest ¶ added in v1.2.0
type GetCertificatesRequest struct { ID string `skip:"true"` // Get certificates for this enrollment ID AKI string `help:"Get certificates for this AKI"` // Get certificate that matches this AKI Serial string `help:"Get certificates for this serial number"` // Get certificate that matches this serial Revoked TimeRange `skip:"true"` // Get certificates which were revoked between the specified time range Expired TimeRange `skip:"true"` // Get certificates which expire between the specified time range NotExpired bool `help:"Don't return expired certificates"` // Don't return expired certificates NotRevoked bool `help:"Don't return revoked certificates"` // Don't return revoked certificates CAName string `skip:"true"` // Name of CA to send request to within the server }
GetCertificatesRequest represents the request to get certificates from the server per the enrollment ID and/or AKI and Serial. If neither ID or AKI/Serial are provided all certificates are returned which are in or under the caller's affiliation. By default all certificates are returned. However, only revoked and/or expired certificates can be requested by providing a time range.
type GetCertificatesRequestNet ¶ added in v1.2.0
type GetCertificatesRequestNet struct {
GetCertificatesRequest
}
GetCertificatesRequestNet is a network request for getting certificates
type GetIDResponse ¶ added in v1.1.0
type GetIDResponse struct { ID string `json:"id" skip:"true"` Type string `json:"type" def:"user"` Affiliation string `json:"affiliation"` Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` CAName string `json:"caname,omitempty"` }
GetIDResponse is the response from the GetIdentity call
type GetTCertBatchRequest ¶
type GetTCertBatchRequest struct { // Number of TCerts in the batch. Count int `json:"count"` // The attribute names whose names and values are to be sealed in the issued TCerts. AttrNames []string `json:"attr_names,omitempty"` // EncryptAttrs denotes whether to encrypt attribute values or not. // When set to true, each issued TCert in the batch will contain encrypted attribute values. EncryptAttrs bool `json:"encrypt_attrs,omitempty"` // Certificate Validity Period. If specified, the value used // is the minimum of this value and the configured validity period // of the TCert manager. ValidityPeriod time.Duration `json:"validity_period,omitempty"` // The pre-key to be used for key derivation. PreKey string `json:"prekey"` // DisableKeyDerivation if true disables key derivation so that a TCert is not // cryptographically related to an ECert. This may be necessary when using an // HSM which does not support the TCert's key derivation function. DisableKeyDerivation bool `json:"disable_kdf,omitempty"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` }
GetTCertBatchRequest is input provided to identity.GetTCertBatch
type GetTCertBatchRequestNet ¶
type GetTCertBatchRequestNet struct { GetTCertBatchRequest // KeySigs is an optional array of public keys and corresponding signatures. // If not set, the server generates it's own keys based on a key derivation function // which cryptographically relates the TCerts to an ECert. KeySigs []KeySig `json:"key_sigs,omitempty"` }
GetTCertBatchRequestNet is a network request for a batch of transaction certificates
type GetTCertBatchResponse ¶
type GetTCertBatchResponse struct { ID *big.Int `json:"id"` TS time.Time `json:"ts"` Key []byte `json:"key"` TCerts []TCert `json:"tcerts"` }
GetTCertBatchResponse is the return value of identity.GetTCertBatch
type GetTCertBatchResponseNet ¶
type GetTCertBatchResponseNet struct {
GetTCertBatchResponse
}
GetTCertBatchResponseNet is the network response for a batch of transaction certificates
type IdemixEnrollmentRequestNet ¶ added in v1.2.0
type IdemixEnrollmentRequestNet struct { *idemix.CredRequest `json:"request"` CAName string `json:"caname"` }
IdemixEnrollmentRequestNet is a request to enroll an identity and get idemix credential
type IdentityInfo ¶ added in v1.1.0
type IdentityInfo struct { ID string `json:"id"` Type string `json:"type"` Affiliation string `json:"affiliation"` Attributes []Attribute `json:"attrs" mapstructure:"attrs"` MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` }
IdentityInfo contains information about an identity
type IdentityResponse ¶ added in v1.1.0
type IdentityResponse struct { ID string `json:"id" skip:"true"` Type string `json:"type,omitempty"` Affiliation string `json:"affiliation"` Attributes []Attribute `json:"attrs,omitempty" mapstructure:"attrs"` MaxEnrollments int `json:"max_enrollments,omitempty" mapstructure:"max_enrollments"` Secret string `json:"secret,omitempty"` CAName string `json:"caname,omitempty"` }
IdentityResponse is the response from the any add/modify/remove identity call
type KeySig ¶
type KeySig struct { // Key is a public key Key []byte `json:"key"` // Sig is a signature over the PublicKey Sig []byte `json:"sig"` // Alg is the signature algorithm Alg string `json:"alg"` }
KeySig is a public key, signature, and signature algorithm tuple
type ModifyAffiliationRequest ¶ added in v1.1.0
type ModifyAffiliationRequest struct { Name string NewName string `json:"name"` Force bool `json:"force"` CAName string `json:"caname,omitempty"` }
ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server
type ModifyAffiliationRequestNet ¶ added in v1.1.0
type ModifyAffiliationRequestNet struct {
ModifyAffiliationRequest
}
ModifyAffiliationRequestNet is a network request for modifying an existing affiliation
type ModifyIdentityRequest ¶ added in v1.1.0
type ModifyIdentityRequest struct { ID string `skip:"true"` Type string `json:"type" help:"Type of identity being registered (e.g. 'peer, app, user')"` Affiliation string `json:"affiliation" help:"The identity's affiliation"` Attributes []Attribute `mapstructure:"attrs" json:"attrs"` MaxEnrollments int `mapstructure:"max_enrollments" json:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll"` Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity"` CAName string `json:"caname,omitempty" skip:"true"` }
ModifyIdentityRequest represents the request to modify an existing identity on the fabric-ca-server
type ModifyIdentityRequestNet ¶ added in v1.1.0
type ModifyIdentityRequestNet struct {
ModifyIdentityRequest
}
ModifyIdentityRequestNet is a network request for modifying an existing identity
type ReenrollmentRequest ¶
type ReenrollmentRequest struct { // Profile is the name of the signing profile to use in issuing the certificate Profile string `json:"profile,omitempty"` // Label is the label to use in HSM operations Label string `json:"label,omitempty"` // CSR is Certificate Signing Request info CSR *CSRInfo `json:"csr,omitempty"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` // AttrReqs are requests for attributes to add to the certificate. // Each attribute is added only if the requestor owns the attribute. AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` }
ReenrollmentRequest is a request to reenroll an identity. This is useful to renew a certificate before it has expired.
type ReenrollmentRequestNet ¶
type ReenrollmentRequestNet struct { signer.SignRequest CAName string AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` }
ReenrollmentRequestNet is a request to reenroll an identity. This is useful to renew a certificate before it has expired.
type RegistrationRequest ¶
type RegistrationRequest struct { // Name is the unique name of the identity Name string `json:"id" help:"Unique name of the identity"` // Type of identity being registered (e.g. "peer, app, user") Type string `json:"type" def:"client" help:"Type of identity being registered (e.g. 'peer, app, user')"` // Secret is an optional password. If not specified, // a random secret is generated. In both cases, the secret // is returned in the RegistrationResponse. Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"` // MaxEnrollments is the maximum number of times the secret can // be reused to enroll. MaxEnrollments int `` /* 132-byte string literal not displayed */ // is returned in the response. // The identity's affiliation. // For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1". Affiliation string `json:"affiliation" help:"The identity's affiliation"` // Attributes associated with this identity Attributes []Attribute `json:"attrs,omitempty"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` }
RegistrationRequest for a new identity
func (*RegistrationRequest) String ¶ added in v1.1.0
func (rr *RegistrationRequest) String() string
type RegistrationRequestNet ¶
type RegistrationRequestNet struct {
RegistrationRequest
}
RegistrationRequestNet is the registration request for a new identity
type RegistrationResponse ¶
type RegistrationResponse struct { // The secret returned from a successful registration response Secret string `json:"secret"` }
RegistrationResponse is a registration response
type RegistrationResponseNet ¶
type RegistrationResponseNet struct {
RegistrationResponse
}
RegistrationResponseNet is a registration response
type RemoveAffiliationRequest ¶ added in v1.1.0
type RemoveAffiliationRequest struct { Name string Force bool `json:"force"` CAName string `json:"caname,omitempty"` }
RemoveAffiliationRequest represents the request to remove an existing affiliation from the fabric-ca-server
type RemoveIdentityRequest ¶ added in v1.1.0
type RemoveIdentityRequest struct { ID string `skip:"true"` Force bool `json:"force"` CAName string `json:"caname,omitempty" skip:"true"` }
RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server
type RevocationRequest ¶
type RevocationRequest struct { // Name of the identity whose certificates should be revoked // If this field is omitted, then Serial and AKI must be specified. Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"` // Serial number of the certificate to be revoked // If this is omitted, then Name must be specified Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"` // AKI (Authority Key Identifier) of the certificate to be revoked AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"` // Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for // valid values. The default value is 0 (ocsp.Unspecified). Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` // GenCRL specifies whether to generate a CRL GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"` }
RevocationRequest is a revocation request for a single certificate or all certificates associated with an identity. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.
type RevocationRequestNet ¶
type RevocationRequestNet struct {
RevocationRequest
}
RevocationRequestNet is a revocation request which flows over the network to the fabric-ca server. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.
type RevocationResponse ¶ added in v1.1.0
type RevocationResponse struct { // RevokedCerts is an array of certificates that were revoked RevokedCerts []RevokedCert // CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates CRL []byte }
RevocationResponse represents response from the server for a revocation request
type RevokedCert ¶ added in v1.1.0
type RevokedCert struct { // Serial number of the revoked certificate Serial string // AKI of the revoked certificate AKI string }
RevokedCert represents a revoked certificate