v1

package
v1.0.7-1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 31, 2023 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AffiliationsOptions

type AffiliationsOptions struct {
	AllowRemove *bool `json:"allowremove,omitempty"`
}

AffiliationsOptions are options that are related to affiliations

type AttrConfig

type AttrConfig struct {
	Names      []string             `json:"names,omitempty"`
	Converters []NameVal            `json:"converters,omitempty"`
	Maps       map[string][]NameVal `json:"maps,omitempty"`
}

AttrConfig is attribute configuration information

type AttributeRequest

type AttributeRequest struct {
	Name     string `json:"name"`
	Optional *bool  `json:"optional,omitempty"`
}

type AuthRemote

type AuthRemote struct {
	RemoteName  string `json:"remote,omitempty"`
	AuthKeyName string `json:"authkey,omitempty"`
}

AuthRemote is an authenticated remote signer.

type BCCSP

type BCCSP struct {
	ProviderName string      `json:"default,omitempty"`
	SW           *SwOpts     `json:"sw,omitempty"`
	PKCS11       *PKCS11Opts `json:"pkcs11,omitempty"`
}

type CAConfig

type CAConfig struct {
	Version      string                 `json:"version,omitempty"`
	Cfg          CfgOptions             `json:"cfg,omitempty"`
	CA           CAInfo                 `json:"ca,omitempty"`
	Signing      Signing                `json:"signing,omitempty"`
	CSR          CSRInfo                `json:"csr,omitempty"`
	Registry     CAConfigRegistry       `json:"registry,omitempty"`
	Affiliations map[string]interface{} `json:"affiliations,omitempty"`
	LDAP         LDAP                   `json:"ldap,omitempty"`
	DB           *CAConfigDB            `json:"db,omitempty"`
	CSP          *BCCSP                 `json:"bccsp,omitempty"`
	Intermediate IntermediateCA         `json:"intermediate,omitempty"`
	CRL          CRLConfig              `json:"crl,omitempty"`
	Idemix       IdemixConfig           `json:"idemix,omitempty"`
}

type CAConfigDB

type CAConfigDB struct {
	Type       string          `json:"type,omitempty"`
	Datasource string          `json:"datasource,omitempty"`
	TLS        ClientTLSConfig `json:"tls,omitempty,omitempty"`
}

CAConfigDB is the database part of the server's config

type CAConfigIdentity

type CAConfigIdentity struct {
	Name           string                 `json:"name,omitempty"`
	Pass           string                 `json:"pass,omitempty"`
	Type           string                 `json:"type,omitempty"`
	Affiliation    string                 `json:"affiliation,omitempty"`
	MaxEnrollments int                    `json:"maxenrollments,omitempty"`
	Attrs          map[string]interface{} `json:"attrs,omitempty"`
}

CAConfigIdentity is identity information in the server's config

type CAConfigRegistry

type CAConfigRegistry struct {
	MaxEnrollments int                `json:"maxenrollments,omitempty"`
	Identities     []CAConfigIdentity `json:"identities,omitempty"`
}

CAConfigRegistry is the registry part of the server's config

type CAConstraint

type CAConstraint struct {
	IsCA           *bool `json:"isca,omitempty"`
	MaxPathLen     int   `json:"maxpathlen,omitempty"`
	MaxPathLenZero *bool `json:"maxpathlenzero,omitempty"`
}

CAConstraint specifies various CA constraints on the signed certificate. CAConstraint would verify against (and override) the CA extensions in the given CSR.

type CAInfo

type CAInfo struct {
	Name                     string `json:"name,omitempty"`
	Keyfile                  string `json:"keyfile,omitempty"`
	Certfile                 string `json:"certfile,omitempty"`
	Chainfile                string `json:"chainfile,omitempty"`
	ReenrollIgnoreCertExpiry *bool  `json:"reenrollignorecertexpiry,omitempty"`
}

CAInfo is the CA information on a fabric-ca-server

type CORS

type CORS struct {
	Enabled *bool    `json:"enabled"`
	Origins []string `json:"origins"`
}

type CRLConfig

type CRLConfig struct {
	// Specifies expiration for the CRL generated by the gencrl request
	// The number of hours specified by this property is added to the UTC time, resulting time
	// is used to set the 'Next Update' date of the CRL
	Expiry commonapi.Duration `json:"expiry,omitempty"`
}

CRLConfig contains configuration options used by the gencrl request handler

type CSRCAConfig

type CSRCAConfig struct {
	PathLength  int    `json:"pathlen"`
	PathLenZero *bool  `json:"pathlenzero"`
	Expiry      string `json:"expiry"`
	Backdate    string `json:"backdate"`
}

type CSRInfo

type CSRInfo struct {
	CN           string       `json:"cn"`
	Names        []Name       `json:"names,omitempty"`
	Hosts        []string     `json:"hosts,omitempty"`
	KeyRequest   *KeyRequest  `json:"key,omitempty"`
	CA           *CSRCAConfig `json:"ca,omitempty"`
	SerialNumber string       `json:"serial_number,omitempty"`
}

CSRInfo is Certificate Signing Request (CSR) Information

type CfgOptions

type CfgOptions struct {
	Identities   IdentitiesOptions   `json:"identities,omitempty"`
	Affiliations AffiliationsOptions `json:"affiliations,omitempty"`
}

CfgOptions is a CA configuration that allows for setting different options

type ClientAuth

type ClientAuth struct {
	Type      string   `json:"type,omitempty"`
	CertFiles []string `json:"certfiles,omitempty"`
}

ClientAuth defines the key material needed to verify client certificates

type ClientTLSConfig

type ClientTLSConfig struct {
	Enabled   *bool        `json:"enabled,omitempty"`
	CertFiles []string     `json:"certfiles,omitempty"`
	Client    KeyCertFiles `json:"client,omitempty"`
}

ClientTLSConfig defines the key material for a TLS client

func (*ClientTLSConfig) IsEnabled

func (c *ClientTLSConfig) IsEnabled() bool

type EnrollmentRequest

type EnrollmentRequest struct {
	// The identity name to enroll
	Name string `json:"name"`
	// The secret returned via Register
	Secret string `json:"secret,omitempty"`
	// CAName is the name of the CA to connect to
	CAName string `json:"caname,omitempty"`
	// AttrReqs are requests for attributes to add to the certificate.
	// Each attribute is added only if the requestor owns the attribute.
	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
	// Profile is the name of the signing profile to use in issuing the X509 certificate
	Profile string `json:"profile,omitempty"`
	// Label is the label to use in HSM operations
	Label string `json:"label,omitempty"`
	// CSR is Certificate Signing Request info
	CSR *CSRInfo `json:"csr,omitempty"` // Skipping this because we pull the CSR from the CSR flags
	// The type of the enrollment request: x509 or idemix
	// The default is a request for an X509 enrollment certificate
	Type string `def:"x509"`
}

EnrollmentRequest is a request to enroll an identity

type FileKeyStoreOpts

type FileKeyStoreOpts struct {
	KeyStorePath string `json:"keystore,omitempty"`
}

type IdemixConfig

type IdemixConfig struct {
	Curve                    string `json:"curve,omitempty"`
	IssuerPublicKeyfile      string `json:"issuerpublickeyfile,omitempty"`
	IssuerSecretKeyfile      string `json:"issuersecretkeyfile,omitempty"`
	RevocationPublicKeyfile  string `json:"revocationpublickeyfile,omitempty"`
	RevocationPrivateKeyfile string `json:"revocationprivatekeyfile,omitempty"`
	RHPoolSize               int    `json:"rhpoolsize,omitempty"`
	NonceExpiration          string `json:"nonceexpiration,omitempty"`
	NonceSweepInterval       string `json:"noncesweepinterval,omitempty"`
}

IdemixConfig encapsulates Idemix related the configuration options

type IdentitiesOptions

type IdentitiesOptions struct {
	PasswordAttempts int   `json:"passwordattempts,omitempty"`
	AllowRemove      *bool `json:"allowremove,omitempty"`
}

IdentitiesOptions are options that are related to identities

type IntermediateCA

type IntermediateCA struct {
	ParentServer ParentServer      `json:"parentserver,omitempty"`
	TLS          ClientTLSConfig   `json:"tls,omitempty"`
	Enrollment   EnrollmentRequest `json:"enrollment,omitempty"`
}

IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermetiate CA

type KeyCertFiles

type KeyCertFiles struct {
	KeyFile  string `json:"keyfile,omitempty"`
	CertFile string `json:"certfile,omitempty"`
}

KeyCertFiles defines the files need for client on TLS

type KeyRequest

type KeyRequest struct {
	Algo string `json:"algo"`
	Size int    `json:"size"`
}

KeyRequest encapsulates size and algorithm for the key to be generated

type LDAP

type LDAP struct {
	Enabled     *bool           `json:"enabled,omitempty"`
	URL         string          `json:"url,omitempty"`
	UserFilter  string          `json:"userFilter,omitempty"`
	GroupFilter string          `json:"groupFilter,omitempty"`
	Attribute   AttrConfig      `json:"attribute,omitempty"`
	TLS         ClientTLSConfig `json:"tls,omitempty"`
}

type MetricsOptions

type MetricsOptions struct {
	Provider string  `json:"provider,omitempty"`
	Statsd   *Statsd `json:"statsd,omitempty"`
}

MetricsOptions contains the information on providers

type Name

type Name struct {
	C            string `json:"C,omitempty"`
	ST           string `json:"ST,omitempty"`
	L            string `json:"L,omitempty"`
	O            string `json:"O,omitempty"`
	OU           string `json:"OU,omitempty"`
	SerialNumber string `json:"SerialNumber,omitempty"`
}

A Name contains the SubjectInfo fields.

type NameVal

type NameVal struct {
	Name  string `json:"name,omitempty"`
	Value string `json:"value,omitempty"`
}

type Options

type Options struct {
	ListenAddress string         `json:"listenaddress,omitempty"`
	Metrics       MetricsOptions `json:"metrics,omitempty"`
	TLS           TLS            `json:"tls,omitempty"`
}

Options contains configuration for the operations system

type PKCS11Opts

type PKCS11Opts struct {
	SecLevel     int              `json:"security,omitempty"`
	HashFamily   string           `json:"hash,omitempty"`
	Library      string           `json:"library,omitempty"`
	Label        string           `json:"label,omitempty"`
	Pin          string           `json:"pin,omitempty"`
	Ephemeral    *bool            `json:"tempkeys,omitempty"`
	SoftVerify   *bool            `json:"softwareVerify,omitempty"`
	Immutable    *bool            `json:"immutable,omitempty"`
	FileKeyStore FileKeyStoreOpts `json:"filekeystore,omitempty"`
}

type ParentServer

type ParentServer struct {
	URL    string `json:"url,omitempty"`
	CAName string `json:"caname,omitempty"`
}

ParentServer contains URL for the parent server and the name of CA inside the server to connect to

type ServerConfig

type ServerConfig struct {
	CAConfig `json:",inline"`
	// Listening port for the server
	Port int `json:"port,omitempty"`
	// Bind address for the server
	Address string `json:"address,omitempty"`
	// Cross-Origin Resource Sharing settings for the server
	CORS CORS `json:"cors,omitempty"`
	// Enables debug logging
	Debug *bool `json:"debug,omitempty"`
	// Sets the logging level on the server
	LogLevel string `json:"loglevel,omitempty"`
	// TLS for the server's listening endpoint
	TLS ServerTLSConfig `json:"tls,omitempty"`
	// CACfg is the default CA's config
	// The names of the CA configuration files
	// This is empty unless there are non-default CAs served by this server
	CAfiles []string `json:"cafiles,omitempty"`
	// The number of non-default CAs, which is useful for a dev environment to
	// quickly start any number of CAs in a single server
	CAcount int `json:"cacount,omitempty"`
	// Size limit of an acceptable CRL in bytes
	CRLSizeLimit int `json:"crlsizelimit,omitempty"`
	// CompMode1_3 determines if to run in comptability for version 1.3
	CompMode1_3 *bool `json:"compmode1_3,omitempty"`
	// Metrics contains the configuration for provider and statsd
	Metrics MetricsOptions `json:"metrics,omitempty"`
	// Operations contains the configuration for the operations servers
	Operations Options `json:"operations,omitempty"`
}

ServerConfig is the fabric-ca server's config

type ServerTLSConfig

type ServerTLSConfig struct {
	Enabled    *bool      `json:"enabled,omitempty"`
	CertFile   string     `json:"certfile,omitempty"`
	KeyFile    string     `json:"keyfile,omitempty"`
	ClientAuth ClientAuth `json:"clientauth,omitempty"`
}

func (*ServerTLSConfig) IsEnabled

func (s *ServerTLSConfig) IsEnabled() bool

type Signing

type Signing struct {
	Profiles map[string]*SigningProfile `json:"profiles"`
	Default  *SigningProfile            `json:"default"`
}

Signing codifies the signature configuration policy for a CA.

type SigningProfile

type SigningProfile struct {
	Usage               []string           `json:"usage,omitempty"`
	IssuerURL           []string           `json:"issuerurl,omitempty"`
	OCSP                string             `json:"ocsp,omitempty"`
	CRL                 string             `json:"crl,omitempty"`
	CAConstraint        CAConstraint       `json:"caconstraint,omitempty"`
	OCSPNoCheck         *bool              `json:"ocspnocheck,omitempty"`
	ExpiryString        string             `json:"expirystring,omitempty"`
	BackdateString      string             `json:"backdatestring,omitempty"`
	AuthKeyName         string             `json:"authkeyname,omitempty"`
	RemoteName          string             `json:"remotename,omitempty"`
	NameWhitelistString string             `json:"namewhiteliststring,omitempty"`
	AuthRemote          AuthRemote         `json:"authremote,omitempty"`
	CTLogServers        []string           `json:"ctlogservers,omitempty"`
	CertStore           string             `json:"certstore,omitempty"`
	Expiry              commonapi.Duration `json:"expiry,omitempty"`
}

A SigningProfile stores information that the CA needs to store signature policy.

type Statsd

type Statsd struct {
	Network       string             `json:"network,omitempty"`
	Address       string             `json:"address,omitempty"`
	WriteInterval commonapi.Duration `json:"writeinterval,omitempty"`
	Prefix        string             `json:"prefix,omitempty"`
}

Statsd contains configuration of statsd

type SwOpts

type SwOpts struct {
	SecLevel     int              `json:"security,omitempty"`
	HashFamily   string           `json:"hash,omitempty"`
	FileKeyStore FileKeyStoreOpts `json:"filekeystore,omitempty"`
}

SwOpts contains options for the SWFactory

type TLS

type TLS struct {
	Enabled            *bool    `json:"enabled,omitempty"`
	CertFile           string   `json:"certfile,omitempty"`
	KeyFile            string   `json:"keyfile,omitempty"`
	ClientCertRequired *bool    `json:"clientcerrequired,omitempty"`
	ClientCACertFiles  []string `json:"clientcacertfiles,omitempty"`
}

TLS contains the TLS configuration for the operations system serve

func (*TLS) IsEnabled

func (t *TLS) IsEnabled() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL