Documentation
¶
Index ¶
- type AffiliationsOptions
- type AttrConfig
- type AttributeRequest
- type AuthRemote
- type BCCSP
- type CAConfig
- type CAConfigDB
- type CAConfigIdentity
- type CAConfigRegistry
- type CAConstraint
- type CAInfo
- type CORS
- type CRLConfig
- type CSRCAConfig
- type CSRInfo
- type CfgOptions
- type ClientAuth
- type ClientTLSConfig
- type EnrollmentRequest
- type FileKeyStoreOpts
- type IdentitiesOptions
- type IntermediateCA
- type KeyCertFiles
- type KeyRequest
- type LDAP
- type MetricsOptions
- type Name
- type NameVal
- type Options
- type PKCS11Opts
- type ParentServer
- type ServerConfig
- type ServerTLSConfig
- type Signing
- type SigningProfile
- type Statsd
- type SwOpts
- type TLS
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AffiliationsOptions ¶
type AffiliationsOptions struct {
AllowRemove *bool `json:"allowremove,omitempty"`
}
AffiliationsOptions are options that are related to affiliations
type AttrConfig ¶
type AttrConfig struct {
Names []string `json:"names,omitempty"`
Converters []NameVal `json:"converters,omitempty"`
Maps map[string][]NameVal `json:"maps,omitempty"`
}
AttrConfig is attribute configuration information
type AttributeRequest ¶
type AuthRemote ¶
type AuthRemote struct {
RemoteName string `json:"remote,omitempty"`
AuthKeyName string `json:"authkey,omitempty"`
}
AuthRemote is an authenticated remote signer.
type BCCSP ¶
type BCCSP struct {
ProviderName string `json:"default,omitempty"`
SW *SwOpts `json:"sw,omitempty"`
PKCS11 *PKCS11Opts `json:"pkcs11,omitempty"`
}
type CAConfig ¶
type CAConfig struct {
Version string `json:"version,omitempty"`
Cfg CfgOptions `json:"cfg,omitempty"`
CA CAInfo `json:"ca,omitempty"`
Signing Signing `json:"signing,omitempty"`
CSR CSRInfo `json:"csr,omitempty"`
Registry CAConfigRegistry `json:"registry,omitempty"`
Affiliations map[string]interface{} `json:"affiliations,omitempty"`
LDAP LDAP `json:"ldap,omitempty"`
DB *CAConfigDB `json:"db,omitempty"`
CSP *BCCSP `json:"bccsp,omitempty"`
Intermediate IntermediateCA `json:"intermediate,omitempty"`
CRL CRLConfig `json:"crl,omitempty"`
}
type CAConfigDB ¶
type CAConfigDB struct {
Type string `json:"type,omitempty"`
Datasource string `json:"datasource,omitempty"`
TLS ClientTLSConfig `json:"tls,omitempty,omitempty"`
}
CAConfigDB is the database part of the server's config
type CAConfigIdentity ¶
type CAConfigIdentity struct {
Name string `json:"name,omitempty"`
Pass string `json:"pass,omitempty"`
Type string `json:"type,omitempty"`
Affiliation string `json:"affiliation,omitempty"`
MaxEnrollments int `json:"maxenrollments,omitempty"`
Attrs map[string]interface{} `json:"attrs,omitempty"`
}
CAConfigIdentity is identity information in the server's config
type CAConfigRegistry ¶
type CAConfigRegistry struct {
MaxEnrollments int `json:"maxenrollments,omitempty"`
Identities []CAConfigIdentity `json:"identities,omitempty"`
}
CAConfigRegistry is the registry part of the server's config
type CAConstraint ¶
type CAConstraint struct {
IsCA *bool `json:"isca,omitempty"`
MaxPathLen int `json:"maxpathlen,omitempty"`
MaxPathLenZero *bool `json:"maxpathlenzero,omitempty"`
}
CAConstraint specifies various CA constraints on the signed certificate. CAConstraint would verify against (and override) the CA extensions in the given CSR.
type CAInfo ¶
type CAInfo struct {
Name string `json:"name,omitempty"`
Keyfile string `json:"keyfile,omitempty"`
Certfile string `json:"certfile,omitempty"`
Chainfile string `json:"chainfile,omitempty"`
ReenrollIgnoreCertExpiry *bool `json:"reenrollignorecertexpiry,omitempty"`
}
CAInfo is the CA information on a fabric-ca-server
type CRLConfig ¶
type CRLConfig struct {
// Specifies expiration for the CRL generated by the gencrl request
// The number of hours specified by this property is added to the UTC time, resulting time
// is used to set the 'Next Update' date of the CRL
Expiry commonapi.Duration `json:"expiry,omitempty"`
}
CRLConfig contains configuration options used by the gencrl request handler
type CSRCAConfig ¶
type CSRInfo ¶
type CSRInfo struct {
CN string `json:"cn"`
Names []Name `json:"names,omitempty"`
Hosts []string `json:"hosts,omitempty"`
KeyRequest *KeyRequest `json:"key,omitempty"`
CA *CSRCAConfig `json:"ca,omitempty"`
SerialNumber string `json:"serial_number,omitempty"`
}
CSRInfo is Certificate Signing Request (CSR) Information
type CfgOptions ¶
type CfgOptions struct {
Identities IdentitiesOptions `json:"identities,omitempty"`
Affiliations AffiliationsOptions `json:"affiliations,omitempty"`
}
CfgOptions is a CA configuration that allows for setting different options
type ClientAuth ¶
type ClientAuth struct {
Type string `json:"type,omitempty"`
CertFiles []string `json:"certfiles,omitempty"`
}
ClientAuth defines the key material needed to verify client certificates
type ClientTLSConfig ¶
type ClientTLSConfig struct {
Enabled *bool `json:"enabled,omitempty"`
CertFiles []string `json:"certfiles,omitempty"`
Client KeyCertFiles `json:"client,omitempty"`
}
ClientTLSConfig defines the key material for a TLS client
func (*ClientTLSConfig) IsEnabled ¶
func (c *ClientTLSConfig) IsEnabled() bool
type EnrollmentRequest ¶
type EnrollmentRequest struct {
// The identity name to enroll
Name string `json:"name"`
// The secret returned via Register
Secret string `json:"secret,omitempty"`
// CAName is the name of the CA to connect to
CAName string `json:"caname,omitempty"`
// AttrReqs are requests for attributes to add to the certificate.
// Each attribute is added only if the requestor owns the attribute.
AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
// Profile is the name of the signing profile to use in issuing the X509 certificate
Profile string `json:"profile,omitempty"`
// Label is the label to use in HSM operations
Label string `json:"label,omitempty"`
// CSR is Certificate Signing Request info
CSR *CSRInfo `json:"csr,omitempty"` // Skipping this because we pull the CSR from the CSR flags
// The type of the enrollment request: x509 or idemix
// The default is a request for an X509 enrollment certificate
Type string `def:"x509"`
}
EnrollmentRequest is a request to enroll an identity
type FileKeyStoreOpts ¶
type FileKeyStoreOpts struct {
KeyStorePath string `json:"keystore,omitempty"`
}
type IdentitiesOptions ¶
type IdentitiesOptions struct {
PasswordAttempts int `json:"passwordattempts,omitempty"`
AllowRemove *bool `json:"allowremove,omitempty"`
}
IdentitiesOptions are options that are related to identities
type IntermediateCA ¶
type IntermediateCA struct {
ParentServer ParentServer `json:"parentserver,omitempty"`
TLS ClientTLSConfig `json:"tls,omitempty"`
Enrollment EnrollmentRequest `json:"enrollment,omitempty"`
}
IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermetiate CA
type KeyCertFiles ¶
type KeyCertFiles struct {
KeyFile string `json:"keyfile,omitempty"`
CertFile string `json:"certfile,omitempty"`
}
KeyCertFiles defines the files need for client on TLS
type KeyRequest ¶
KeyRequest encapsulates size and algorithm for the key to be generated
type LDAP ¶
type LDAP struct {
Enabled *bool `json:"enabled,omitempty"`
URL string `json:"url,omitempty"`
UserFilter string `json:"userFilter,omitempty"`
GroupFilter string `json:"groupFilter,omitempty"`
Attribute AttrConfig `json:"attribute,omitempty"`
TLS ClientTLSConfig `json:"tls,omitempty"`
}
type MetricsOptions ¶
type MetricsOptions struct {
Provider string `json:"provider,omitempty"`
Statsd *Statsd `json:"statsd,omitempty"`
}
MetricsOptions contains the information on providers
type Name ¶
type Name struct {
C string `json:"C,omitempty"`
ST string `json:"ST,omitempty"`
L string `json:"L,omitempty"`
O string `json:"O,omitempty"`
OU string `json:"OU,omitempty"`
SerialNumber string `json:"SerialNumber,omitempty"`
}
A Name contains the SubjectInfo fields.
type Options ¶
type Options struct {
ListenAddress string `json:"listenaddress,omitempty"`
Metrics MetricsOptions `json:"metrics,omitempty"`
TLS TLS `json:"tls,omitempty"`
}
Options contains configuration for the operations system
type PKCS11Opts ¶
type PKCS11Opts struct {
SecLevel int `json:"security,omitempty"`
HashFamily string `json:"hash,omitempty"`
Library string `json:"library,omitempty"`
Label string `json:"label,omitempty"`
Pin string `json:"pin,omitempty"`
Ephemeral *bool `json:"tempkeys,omitempty"`
SoftVerify *bool `json:"softwareVerify,omitempty"`
Immutable *bool `json:"immutable,omitempty"`
FileKeyStore FileKeyStoreOpts `json:"filekeystore,omitempty"`
}
type ParentServer ¶
type ParentServer struct {
URL string `json:"url,omitempty"`
CAName string `json:"caname,omitempty"`
}
ParentServer contains URL for the parent server and the name of CA inside the server to connect to
type ServerConfig ¶
type ServerConfig struct {
CAConfig `json:",inline"`
// Listening port for the server
Port int `json:"port,omitempty"`
// Bind address for the server
Address string `json:"address,omitempty"`
// Cross-Origin Resource Sharing settings for the server
CORS CORS `json:"cors,omitempty"`
// Enables debug logging
Debug *bool `json:"debug,omitempty"`
// Sets the logging level on the server
LogLevel string `json:"loglevel,omitempty"`
// TLS for the server's listening endpoint
TLS ServerTLSConfig `json:"tls,omitempty"`
// CACfg is the default CA's config
// The names of the CA configuration files
// This is empty unless there are non-default CAs served by this server
CAfiles []string `json:"cafiles,omitempty"`
// The number of non-default CAs, which is useful for a dev environment to
// quickly start any number of CAs in a single server
CAcount int `json:"cacount,omitempty"`
// Size limit of an acceptable CRL in bytes
CRLSizeLimit int `json:"crlsizelimit,omitempty"`
// CompMode1_3 determines if to run in comptability for version 1.3
CompMode1_3 *bool `json:"compmode1_3,omitempty"`
// Metrics contains the configuration for provider and statsd
Metrics MetricsOptions `json:"metrics,omitempty"`
// Operations contains the configuration for the operations servers
Operations Options `json:"operations,omitempty"`
}
ServerConfig is the fabric-ca server's config
type ServerTLSConfig ¶
type ServerTLSConfig struct {
Enabled *bool `json:"enabled,omitempty"`
CertFile string `json:"certfile,omitempty"`
KeyFile string `json:"keyfile,omitempty"`
ClientAuth ClientAuth `json:"clientauth,omitempty"`
}
func (*ServerTLSConfig) IsEnabled ¶
func (s *ServerTLSConfig) IsEnabled() bool
type Signing ¶
type Signing struct {
Profiles map[string]*SigningProfile `json:"profiles"`
Default *SigningProfile `json:"default"`
}
Signing codifies the signature configuration policy for a CA.
type SigningProfile ¶
type SigningProfile struct {
Usage []string `json:"usage,omitempty"`
IssuerURL []string `json:"issuerurl,omitempty"`
OCSP string `json:"ocsp,omitempty"`
CRL string `json:"crl,omitempty"`
CAConstraint CAConstraint `json:"caconstraint,omitempty"`
OCSPNoCheck *bool `json:"ocspnocheck,omitempty"`
ExpiryString string `json:"expirystring,omitempty"`
BackdateString string `json:"backdatestring,omitempty"`
AuthKeyName string `json:"authkeyname,omitempty"`
RemoteName string `json:"remotename,omitempty"`
NameWhitelistString string `json:"namewhiteliststring,omitempty"`
AuthRemote AuthRemote `json:"authremote,omitempty"`
CTLogServers []string `json:"ctlogservers,omitempty"`
CertStore string `json:"certstore,omitempty"`
Expiry commonapi.Duration `json:"expiry,omitempty"`
}
A SigningProfile stores information that the CA needs to store signature policy.
type Statsd ¶
type Statsd struct {
Network string `json:"network,omitempty"`
Address string `json:"address,omitempty"`
WriteInterval commonapi.Duration `json:"writeinterval,omitempty"`
Prefix string `json:"prefix,omitempty"`
}
Statsd contains configuration of statsd
type SwOpts ¶
type SwOpts struct {
SecLevel int `json:"security,omitempty"`
HashFamily string `json:"hash,omitempty"`
FileKeyStore FileKeyStoreOpts `json:"filekeystore,omitempty"`
}
SwOpts contains options for the SWFactory
type TLS ¶
type TLS struct {
Enabled *bool `json:"enabled,omitempty"`
CertFile string `json:"certfile,omitempty"`
KeyFile string `json:"keyfile,omitempty"`
ClientCertRequired *bool `json:"clientcerrequired,omitempty"`
ClientCACertFiles []string `json:"clientcacertfiles,omitempty"`
}
TLS contains the TLS configuration for the operations system serve
Source Files
Click to show internal directories.
Click to hide internal directories.