Documentation ¶
Overview ¶
Package msp enables creation and update of users on a Fabric network. Msp client supports the following actions: Enroll, Reenroll, Register, Revoke and GetSigningIdentity.
Basic Flow: 1) Prepare client context 2) Create msp client 3) Register user 4) Enroll user
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } username := randomUsername() enrollmentSecret, err := c.Register(&RegistrationRequest{Name: username}) if err != nil { fmt.Printf("Register return error %s\n", err) return } err = c.Enroll(username, WithSecret(enrollmentSecret)) if err != nil { fmt.Printf("failed to enroll user: %s\n", err) return } fmt.Println("enroll user is completed")
Output: enroll user is completed
Index ¶
- Variables
- type AffiliationInfo
- type AffiliationRequest
- type AffiliationResponse
- type Attribute
- type AttributeRequest
- type Client
- func (c *Client) AddAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)
- func (c *Client) CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)
- func (c *Client) CreateSigningIdentity(opts ...mspctx.SigningIdentityOption) (mspctx.SigningIdentity, error)
- func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error
- func (c *Client) GetAffiliation(affiliation string, opts ...RequestOption) (*AffiliationResponse, error)
- func (c *Client) GetAllAffiliations(opts ...RequestOption) (*AffiliationResponse, error)
- func (c *Client) GetAllIdentities(opts ...RequestOption) ([]*IdentityResponse, error)
- func (c *Client) GetCAInfo() (*GetCAInfoResponse, error)
- func (c *Client) GetIdentity(ID string, opts ...RequestOption) (*IdentityResponse, error)
- func (c *Client) GetSigningIdentity(id string) (mspctx.SigningIdentity, error)
- func (c *Client) ModifyAffiliation(request *ModifyAffiliationRequest) (*AffiliationResponse, error)
- func (c *Client) ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error)
- func (c *Client) Reenroll(enrollmentID string, opts ...EnrollmentOption) error
- func (c *Client) Register(request *RegistrationRequest) (string, error)
- func (c *Client) RemoveAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)
- func (c *Client) RemoveIdentity(request *RemoveIdentityRequest) (*IdentityResponse, error)
- func (c *Client) Revoke(request *RevocationRequest) (*RevocationResponse, error)
- type ClientOption
- type EnrollmentOption
- type GetCAInfoResponse
- type IdentityInfo
- type IdentityManager
- type IdentityRequest
- type IdentityResponse
- type ModifyAffiliationRequest
- type RegistrationRequest
- type RemoveIdentityRequest
- type RequestOption
- type RevocationRequest
- type RevocationResponse
- type RevokedCert
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUserNotFound indicates the user was not found ErrUserNotFound = errors.New("user not found") )
Functions ¶
This section is empty.
Types ¶
type AffiliationInfo ¶
type AffiliationInfo struct { Name string Affiliations []AffiliationInfo Identities []IdentityInfo }
AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.
type AffiliationRequest ¶
type AffiliationRequest struct { // Name of the affiliation Name string // Creates parent affiliations if they do not exist Force bool // Name of the CA CAName string }
AffiliationRequest represents the request to add/remove affiliation to the fabric-ca-server
type AffiliationResponse ¶
type AffiliationResponse struct { AffiliationInfo CAName string }
AffiliationResponse contains the response for get, add, modify, and remove an affiliation
type Attribute ¶
Attribute defines additional attributes that may be passed along during registration
type AttributeRequest ¶
AttributeRequest is a request for an attribute.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client enables access to Client services
func New ¶
func New(clientProvider context.ClientProvider, opts ...ClientOption) (*Client, error)
New creates a new Client instance
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } if c != nil { fmt.Println("msp client created") }
Output: msp client created
func (*Client) AddAffiliation ¶
func (c *Client) AddAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)
AddAffiliation adds a new affiliation to the server
func (*Client) CreateIdentity ¶
func (c *Client) CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)
CreateIdentity creates a new identity with the Fabric CA server. An enrollment secret is returned which can then be used, along with the enrollment ID, to enroll a new identity.
Parameters: request holds info about identity Returns: Return identity info including the secret
Example ¶
// Create msp client c, err := New(mockClientProvider()) if err != nil { fmt.Println("failed to create msp client") return } identity, err := c.CreateIdentity(&IdentityRequest{ID: "123", Affiliation: "org2", Attributes: []Attribute{{Name: "attName1", Value: "attValue1"}}}) if err != nil { fmt.Printf("Create identity return error %s\n", err) return } fmt.Printf("identity '%s' created\n", identity.ID)
Output: identity '123' created
func (*Client) CreateSigningIdentity ¶
func (c *Client) CreateSigningIdentity(opts ...mspctx.SigningIdentityOption) (mspctx.SigningIdentity, error)
CreateSigningIdentity creates a signing identity with the given options
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } testPrivKey := `-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgp4qKKB0WCEfx7XiB 5Ul+GpjM1P5rqc6RhjD5OkTgl5OhRANCAATyFT0voXX7cA4PPtNstWleaTpwjvbS J3+tMGTG67f+TdCfDxWYMpQYxLlE8VkbEzKWDwCYvDZRMKCQfv2ErNvb -----END PRIVATE KEY-----` testCert := `-----BEGIN CERTIFICATE----- MIICGTCCAcCgAwIBAgIRALR/1GXtEud5GQL2CZykkOkwCgYIKoZIzj0EAwIwczEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh Lm9yZzEuZXhhbXBsZS5jb20wHhcNMTcwNzI4MTQyNzIwWhcNMjcwNzI2MTQyNzIw WjBbMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN U2FuIEZyYW5jaXNjbzEfMB0GA1UEAwwWVXNlcjFAb3JnMS5leGFtcGxlLmNvbTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABPIVPS+hdftwDg8+02y1aV5pOnCO9tIn f60wZMbrt/5N0J8PFZgylBjEuUTxWRsTMpYPAJi8NlEwoJB+/YSs29ujTTBLMA4G A1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1UdIwQkMCKAIIeR0TY+iVFf mvoEKwaToscEu43ZXSj5fTVJornjxDUtMAoGCCqGSM49BAMCA0cAMEQCID+dZ7H5 AiaiI2BjxnL3/TetJ8iFJYZyWvK//an13WV/AiARBJd/pI5A7KZgQxJhXmmR8bie XdsmTcdRvJ3TS/6HCA== -----END CERTIFICATE-----` // Create signing identity based on certificate and private key id, err := c.CreateSigningIdentity(msp.WithCert([]byte(testCert)), msp.WithPrivateKey([]byte(testPrivKey))) if err != nil { fmt.Printf("failed when creating identity based on certificate and private key: %s\n", err) return } if string(id.EnrollmentCertificate()) != testCert { fmt.Printf("certificate mismatch\n") return } // In this user case client might want to import keys directly into keystore // out of band instead of enrolling the user via SDK. User enrolment creates a cert // and stores it into local SDK user store, while user might not want SDK to manage certs. err = importPrivateKeyOutOfBand([]byte(testPrivKey), c) if err != nil { fmt.Printf("failed to import key: %s\n", err) return } // Create signing identity using certificate. SDK will lookup the private key based on the certificate. id, err = c.CreateSigningIdentity(msp.WithCert([]byte(testCert))) if err != nil { fmt.Printf("failed when creating identity using certificate: %s\n", err) return } if string(id.EnrollmentCertificate()) != testCert { fmt.Printf("certificate mismatch\n") return } fmt.Println("create signing identity is completed")
Output: create signing identity is completed
func (*Client) Enroll ¶
func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error
Enroll enrolls a registered user in order to receive a signed X509 certificate. A new key pair is generated for the user. The private key and the enrollment certificate issued by the CA are stored in SDK stores. They can be retrieved by calling IdentityManager.GetSigningIdentity().
Parameters: enrollmentID enrollment ID of a registered user opts are optional enrollment options Returns: an error if enrollment fails
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret")) if err != nil { fmt.Printf("failed to enroll user: %s\n", err) return } fmt.Println("enroll user is completed")
Output: enroll user is completed
func (*Client) GetAffiliation ¶
func (c *Client) GetAffiliation(affiliation string, opts ...RequestOption) (*AffiliationResponse, error)
GetAffiliation returns information about the requested affiliation
func (*Client) GetAllAffiliations ¶
func (c *Client) GetAllAffiliations(opts ...RequestOption) (*AffiliationResponse, error)
GetAllAffiliations returns all affiliations that the caller is authorized to see
func (*Client) GetAllIdentities ¶
func (c *Client) GetAllIdentities(opts ...RequestOption) ([]*IdentityResponse, error)
GetAllIdentities returns all identities that the caller is authorized to see
Parameters: options holds optional request options Returns: Response containing identities
Example ¶
// Create msp client c, err := New(mockClientProvider()) if err != nil { fmt.Println("failed to create msp client") return } results, err := c.GetAllIdentities() if err != nil { fmt.Printf("Get identities return error %s\n", err) return } fmt.Printf("%d identities retrieved\n", len(results))
Output: 2 identities retrieved
func (*Client) GetCAInfo ¶
func (c *Client) GetCAInfo() (*GetCAInfoResponse, error)
GetCAInfo returns generic CA information
func (*Client) GetIdentity ¶
func (c *Client) GetIdentity(ID string, opts ...RequestOption) (*IdentityResponse, error)
GetIdentity retrieves identity information.
Parameters: ID is required identity ID options holds optional request options Returns: Response containing identity information
Example ¶
// Create msp client c, err := New(mockClientProvider()) if err != nil { fmt.Println("failed to create msp client") return } identity, err := c.GetIdentity("123") if err != nil { fmt.Printf("Get identity return error %s\n", err) return } fmt.Printf("identity '%s' retrieved\n", identity.ID)
Output: identity '123' retrieved
func (*Client) GetSigningIdentity ¶
func (c *Client) GetSigningIdentity(id string) (mspctx.SigningIdentity, error)
GetSigningIdentity returns signing identity for id
Parameters: id is user id Returns: signing identity
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } username := randomUsername() err = c.Enroll(username, WithSecret("enrollmentSecret")) if err != nil { fmt.Printf("failed to enroll user: %s\n", err) return } enrolledUser, err := c.GetSigningIdentity(username) if err != nil { fmt.Printf("user not found %s\n", err) return } if enrolledUser.Identifier().ID != username { fmt.Println("Enrolled user name doesn't match") return } fmt.Println("enroll user is completed")
Output: enroll user is completed
func (*Client) ModifyAffiliation ¶
func (c *Client) ModifyAffiliation(request *ModifyAffiliationRequest) (*AffiliationResponse, error)
ModifyAffiliation renames an existing affiliation on the server
func (*Client) ModifyIdentity ¶
func (c *Client) ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error)
ModifyIdentity modifies identity with the Fabric CA server.
Parameters: request holds info about identity Returns: Return updated identity info
Example ¶
// Create msp client c, err := New(mockClientProvider()) if err != nil { fmt.Println("failed to create msp client") return } identity, err := c.ModifyIdentity(&IdentityRequest{ID: "123", Affiliation: "org2", Secret: "top-secret"}) if err != nil { fmt.Printf("Modify identity return error %s\n", err) return } fmt.Printf("identity '%s' modified\n", identity.ID)
Output: identity '123' modified
func (*Client) Reenroll ¶
func (c *Client) Reenroll(enrollmentID string, opts ...EnrollmentOption) error
Reenroll reenrolls an enrolled user in order to obtain a new signed X509 certificate
Parameters: enrollmentID enrollment ID of a registered user Returns: an error if re-enrollment fails
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } username := randomUsername() err = c.Enroll(username, WithSecret("enrollmentSecret")) if err != nil { fmt.Printf("failed to enroll user: %s\n", err) return } err = c.Reenroll(username) if err != nil { fmt.Printf("failed to reenroll user: %s\n", err) return } fmt.Println("reenroll user is completed")
Output: reenroll user is completed
func (*Client) Register ¶
func (c *Client) Register(request *RegistrationRequest) (string, error)
Register registers a User with the Fabric CA
Parameters: request is registration request Returns: enrolment secret
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } _, err = c.Register(&RegistrationRequest{Name: randomUsername()}) if err != nil { fmt.Printf("Register return error %s\n", err) return } fmt.Println("register user is completed")
Output: register user is completed
func (*Client) RemoveAffiliation ¶
func (c *Client) RemoveAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)
RemoveAffiliation removes an existing affiliation from the server
func (*Client) RemoveIdentity ¶
func (c *Client) RemoveIdentity(request *RemoveIdentityRequest) (*IdentityResponse, error)
RemoveIdentity removes identity with the Fabric CA server.
Parameters: request holds info about identity to be removed Returns: Return removed identity info
Example ¶
// Create msp client c, err := New(mockClientProvider()) if err != nil { fmt.Println("failed to create msp client") return } identity, err := c.RemoveIdentity(&RemoveIdentityRequest{ID: "123"}) if err != nil { fmt.Printf("Remove identity return error %s\n", err) return } fmt.Printf("identity '%s' removed\n", identity.ID)
Output: identity '123' removed
func (*Client) Revoke ¶
func (c *Client) Revoke(request *RevocationRequest) (*RevocationResponse, error)
Revoke revokes a User with the Fabric CA
Parameters: request is revocation request Returns: revocation response
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx) if err != nil { fmt.Println("failed to create msp client") return } _, err = c.Revoke(&RevocationRequest{Name: "testuser"}) if err != nil { fmt.Printf("revoke return error %s\n", err) } fmt.Println("revoke user is completed")
Output: revoke user is completed
type ClientOption ¶
type ClientOption func(*clientOptions) error
ClientOption describes a functional parameter for the New constructor
func WithCAInstance ¶
func WithCAInstance(caID string) ClientOption
WithCAInstance option
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx, WithCAInstance("tlsca.org1.example.com")) if err != nil { fmt.Println("failed to create msp client") return } if c != nil { fmt.Println("msp client created with CA Instance") }
Output: msp client created with CA Instance
func WithOrg ¶
func WithOrg(orgName string) ClientOption
WithOrg option
Example ¶
ctx := mockClientProvider() // Create msp client c, err := New(ctx, WithOrg("org1")) if err != nil { fmt.Println("failed to create msp client") return } if c != nil { fmt.Println("msp client created with org") }
Output: msp client created with org
type EnrollmentOption ¶
type EnrollmentOption func(*enrollmentOptions) error
EnrollmentOption describes a functional parameter for Enroll
func WithAttributeRequests ¶
func WithAttributeRequests(attrReqs []*AttributeRequest) EnrollmentOption
WithAttributeRequests enrollment option
type GetCAInfoResponse ¶
type GetCAInfoResponse struct { // CAName is the name of the CA CAName string // CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain. // The 1st element of the chain is the root CA cert CAChain []byte // Idemix issuer public key of the CA IssuerPublicKey []byte // Idemix issuer revocation public key of the CA IssuerRevocationPublicKey []byte // Version of the server Version string }
GetCAInfoResponse is the response from the GetCAInfo call
type IdentityInfo ¶
type IdentityInfo struct { ID string Type string Affiliation string Attributes []Attribute MaxEnrollments int }
IdentityInfo contains information about an identity
type IdentityManager ¶
type IdentityManager interface { GetSigningIdentity(name string) (msp.SigningIdentity, error) CreateSigningIdentity(ops ...msp.SigningIdentityOption) (msp.SigningIdentity, error) }
IdentityManager provides management of identities in a Fabric network
type IdentityRequest ¶
type IdentityRequest struct { // The enrollment ID which uniquely identifies an identity (required) ID string // The identity's affiliation (required) Affiliation string // Array of attributes to assign to the user Attributes []Attribute // Type of identity being registered (e.g. 'peer, app, user'). Default is 'user'. Type string // The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment) MaxEnrollments int // The enrollment secret. If not provided, a random secret is generated. Secret string // Name of the CA to send the request to within the Fabric CA server (optional) CAName string }
IdentityRequest represents the request to add/update identity to the fabric-ca-server
type IdentityResponse ¶
type IdentityResponse struct { // The enrollment ID which uniquely identifies an identity ID string // The identity's affiliation Affiliation string // Array of attributes assigned to the user Attributes []Attribute // Type of identity (e.g. 'peer, app, user') Type string // The maximum number of times the secret can be reused to enroll MaxEnrollments int // The enrollment secret Secret string // Name of the CA CAName string }
IdentityResponse is the response from the any read/add/modify/remove identity call
type ModifyAffiliationRequest ¶
type ModifyAffiliationRequest struct { AffiliationRequest // New name of the affiliation NewName string }
ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server
type RegistrationRequest ¶
type RegistrationRequest struct { // Name is the unique name of the identity Name string // Type of identity being registered (e.g. "peer, app, user") Type string // MaxEnrollments is the number of times the secret can be reused to enroll. // if omitted, this defaults to max_enrollments configured on the server MaxEnrollments int // The identity's affiliation e.g. org1.department1 Affiliation string // Optional attributes associated with this identity Attributes []Attribute // CAName is the name of the CA to connect to CAName string // Secret is an optional password. If not specified, // a random secret is generated. In both cases, the secret // is returned from registration. Secret string }
RegistrationRequest defines the attributes required to register a user with the CA
type RemoveIdentityRequest ¶
type RemoveIdentityRequest struct { // The enrollment ID which uniquely identifies an identity ID string // Force delete Force bool // Name of the CA CAName string }
RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server
type RequestOption ¶
type RequestOption func(*requestOptions) error
RequestOption func for each Opts argument
func WithCA ¶
func WithCA(caName string) RequestOption
WithCA allows for specifying optional CA name (within the CA server instance)
Example ¶
// Create msp client c, err := New(mockClientProvider()) if err != nil { fmt.Println("failed to create msp client") return } results, err := c.GetAllIdentities(WithCA("CA")) if err != nil { fmt.Printf("Get identities return error %s\n", err) return } fmt.Printf("%d identities retrieved\n", len(results))
Output: 2 identities retrieved
type RevocationRequest ¶
type RevocationRequest struct { // Name of the identity whose certificates should be revoked // If this field is omitted, then Serial and AKI must be specified. Name string // Serial number of the certificate to be revoked // If this is omitted, then Name must be specified Serial string // AKI (Authority Key Identifier) of the certificate to be revoked AKI string // Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp // for valid values. The default value is 0 (ocsp.Unspecified). Reason string // CAName is the name of the CA to connect to CAName string }
RevocationRequest defines the attributes required to revoke credentials with the CA
type RevocationResponse ¶
type RevocationResponse struct { // RevokedCerts is an array of certificates that were revoked RevokedCerts []RevokedCert // CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates CRL []byte }
RevocationResponse represents response from the server for a revocation request
type RevokedCert ¶
type RevokedCert struct { // Serial number of the revoked certificate Serial string // AKI of the revoked certificate AKI string }
RevokedCert represents a revoked certificate