api

package
v1.1.0-preview Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2017 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Attribute

type Attribute struct {
	Name  string `json:"name"`
	Value string `json:"value"`
	ECert bool   `json:"ecert,omitempty"`
}

Attribute is a name and value pair

func (*Attribute) GetName added in v1.1.0

func (a *Attribute) GetName() string

GetName returns the name of the attribute

func (*Attribute) GetValue added in v1.1.0

func (a *Attribute) GetValue() string

GetValue returns the value of the attribute

type AttributeRequest added in v1.1.0

type AttributeRequest struct {
	Name     string `json:"name"`
	Optional bool   `json:"optional,omitempty"`
}

AttributeRequest is a request for an attribute. This implements the certmgr/AttributeRequest interface.

func (*AttributeRequest) GetName added in v1.1.0

func (ar *AttributeRequest) GetName() string

GetName returns the name of an attribute being requested

func (*AttributeRequest) IsRequired added in v1.1.0

func (ar *AttributeRequest) IsRequired() bool

IsRequired returns true if the attribute being requested is required

type CSRInfo

type CSRInfo struct {
	CN           string               `json:"CN"`
	Names        []csr.Name           `json:"names,omitempty"`
	Hosts        []string             `json:"hosts,omitempty"`
	KeyRequest   *csr.BasicKeyRequest `json:"key,omitempty"`
	CA           *csr.CAConfig        `json:"ca,omitempty"`
	SerialNumber string               `json:"serial_number,omitempty"`
}

CSRInfo is Certificate Signing Request (CSR) Information

type EnrollmentRequest

type EnrollmentRequest struct {
	// The identity name to enroll
	Name string `json:"name" skip:"true"`
	// The secret returned via Register
	Secret string `json:"secret,omitempty" skip:"true" mask:"password"`
	// Profile is the name of the signing profile to use in issuing the certificate
	Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"`
	// Label is the label to use in HSM operations
	Label string `json:"label,omitempty" help:"Label to use in HSM operations"`
	// CSR is Certificate Signing Request info
	CSR *CSRInfo `json:"csr,omitempty" help:"Certificate Signing Request info"`
	// CAName is the name of the CA to connect to
	CAName string `json:"caname,omitempty" skip:"true"`
	// AttrReqs are requests for attributes to add to the certificate.
	// Each attribute is added only if the requestor owns the attribute.
	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
}

EnrollmentRequest is a request to enroll an identity

func (EnrollmentRequest) String added in v1.1.0

func (er EnrollmentRequest) String() string

type EnrollmentRequestNet

type EnrollmentRequestNet struct {
	signer.SignRequest
	CAName   string
	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
}

EnrollmentRequestNet is a request to enroll an identity

type GenCRLRequest added in v1.1.0

type GenCRLRequest struct {
	CAName        string    `json:"caname,omitempty" skip:"true"`
	RevokedAfter  time.Time `json:"revokedafter,omitempty"`
	RevokedBefore time.Time `json:"revokedbefore,omitempty"`
	ExpireAfter   time.Time `json:"expireafter,omitempty"`
	ExpireBefore  time.Time `json:"expirebefore,omitempty"`
}

GenCRLRequest represents a request to get CRL for the specified certificate authority

type GenCRLResponse added in v1.1.0

type GenCRLResponse struct {
	CRL string
}

GenCRLResponse represents a response to get CRL

type GetCAInfoRequest

type GetCAInfoRequest struct {
	CAName string `json:"caname,omitempty" skip:"true"`
}

GetCAInfoRequest is request to get generic CA information

type GetTCertBatchRequest

type GetTCertBatchRequest struct {
	// Number of TCerts in the batch.
	Count int `json:"count"`
	// The attribute names whose names and values are to be sealed in the issued TCerts.
	AttrNames []string `json:"attr_names,omitempty"`
	// EncryptAttrs denotes whether to encrypt attribute values or not.
	// When set to true, each issued TCert in the batch will contain encrypted attribute values.
	EncryptAttrs bool `json:"encrypt_attrs,omitempty"`
	// Certificate Validity Period.  If specified, the value used
	// is the minimum of this value and the configured validity period
	// of the TCert manager.
	ValidityPeriod time.Duration `json:"validity_period,omitempty"`
	// The pre-key to be used for key derivation.
	PreKey string `json:"prekey"`
	// DisableKeyDerivation if true disables key derivation so that a TCert is not
	// cryptographically related to an ECert.  This may be necessary when using an
	// HSM which does not support the TCert's key derivation function.
	DisableKeyDerivation bool `json:"disable_kdf,omitempty"`
	// CAName is the name of the CA to connect to
	CAName string `json:"caname,omitempty" skip:"true"`
}

GetTCertBatchRequest is input provided to identity.GetTCertBatch

type GetTCertBatchRequestNet

type GetTCertBatchRequestNet struct {
	GetTCertBatchRequest
	// KeySigs is an optional array of public keys and corresponding signatures.
	// If not set, the server generates it's own keys based on a key derivation function
	// which cryptographically relates the TCerts to an ECert.
	KeySigs []KeySig `json:"key_sigs,omitempty"`
}

GetTCertBatchRequestNet is a network request for a batch of transaction certificates

type GetTCertBatchResponse

type GetTCertBatchResponse struct {
	tcert.GetBatchResponse
}

GetTCertBatchResponse is the return value of identity.GetTCertBatch

type GetTCertBatchResponseNet

type GetTCertBatchResponseNet struct {
	tcert.GetBatchResponse
}

GetTCertBatchResponseNet is the network response for a batch of transaction certificates

type KeySig

type KeySig struct {
	// Key is a public key
	Key []byte `json:"key"`
	// Sig is a signature over the PublicKey
	Sig []byte `json:"sig"`
	// Alg is the signature algorithm
	Alg string `json:"alg"`
}

KeySig is a public key, signature, and signature algorithm tuple

type ReenrollmentRequest

type ReenrollmentRequest struct {
	// Profile is the name of the signing profile to use in issuing the certificate
	Profile string `json:"profile,omitempty"`
	// Label is the label to use in HSM operations
	Label string `json:"label,omitempty"`
	// CSR is Certificate Signing Request info
	CSR *CSRInfo `json:"csr,omitempty"`
	// CAName is the name of the CA to connect to
	CAName string `json:"caname,omitempty" skip:"true"`
	// AttrReqs are requests for attributes to add to the certificate.
	// Each attribute is added only if the requestor owns the attribute.
	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
}

ReenrollmentRequest is a request to reenroll an identity. This is useful to renew a certificate before it has expired.

type ReenrollmentRequestNet

type ReenrollmentRequestNet struct {
	signer.SignRequest
	CAName   string
	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
}

ReenrollmentRequestNet is a request to reenroll an identity. This is useful to renew a certificate before it has expired.

type RegistrationRequest

type RegistrationRequest struct {
	// Name is the unique name of the identity
	Name string `json:"id" help:"Unique name of the identity"`
	// Type of identity being registered (e.g. "peer, app, user")
	Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"`
	// Secret is an optional password.  If not specified,
	// a random secret is generated.  In both cases, the secret
	// is returned in the RegistrationResponse.
	Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"`
	// MaxEnrollments is the maximum number of times the secret can
	// be reused to enroll.
	MaxEnrollments int `json:"max_enrollments,omitempty" def:"-1" help:"The maximum number of times the secret can be reused to enroll."`
	// is returned in the response.
	// The identity's affiliation.
	// For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1".
	Affiliation string `json:"affiliation" help:"The identity's affiliation"`
	// Attributes associated with this identity
	Attributes []Attribute `json:"attrs,omitempty"`
	// CAName is the name of the CA to connect to
	CAName string `json:"caname,omitempty" skip:"true"`
}

RegistrationRequest for a new identity

func (*RegistrationRequest) String added in v1.1.0

func (rr *RegistrationRequest) String() string

type RegistrationRequestNet

type RegistrationRequestNet struct {
	RegistrationRequest
}

RegistrationRequestNet is the registration request for a new identity

type RegistrationResponse

type RegistrationResponse struct {
	// The secret returned from a successful registration response
	Secret string `json:"secret"`
}

RegistrationResponse is a registration response

type RegistrationResponseNet

type RegistrationResponseNet struct {
	RegistrationResponse
}

RegistrationResponseNet is a registration response

type RevocationRequest

type RevocationRequest struct {
	// Name of the identity whose certificates should be revoked
	// If this field is omitted, then Serial and AKI must be specified.
	Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"`
	// Serial number of the certificate to be revoked
	// If this is omitted, then Name must be specified
	Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"`
	// AKI (Authority Key Identifier) of the certificate to be revoked
	AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"`
	// Reason is the reason for revocation.  See https://godoc.org/golang.org/x/crypto/ocsp for
	// valid values.  The default value is 0 (ocsp.Unspecified).
	Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"`
	// CAName is the name of the CA to connect to
	CAName string `json:"caname,omitempty" skip:"true"`
}

RevocationRequest is a revocation request for a single certificate or all certificates associated with an identity. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.

type RevocationRequestNet

type RevocationRequestNet struct {
	RevocationRequest
}

RevocationRequestNet is a revocation request which flows over the network to the fabric-ca server. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL