api

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrCARegistrarNotFound indicates the CA registrar was not found
	ErrCARegistrarNotFound = errors.New("CA registrar not found")
)

Functions

This section is empty.

Types

type AffiliationInfo

type AffiliationInfo struct {
	Name         string
	Affiliations []AffiliationInfo
	Identities   []IdentityInfo
}

AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.

type AffiliationRequest

type AffiliationRequest struct {
	// Name of the affiliation
	Name string

	// Creates parent affiliations if they do not exist
	Force bool

	// Name of the CA
	CAName string
}

AffiliationRequest represents the request to add/remove affiliation to the fabric-ca-server

type AffiliationResponse

type AffiliationResponse struct {
	AffiliationInfo
	CAName string
}

AffiliationResponse contains the response for get, add, modify, and remove an affiliation

type Attribute

type Attribute struct {
	Name  string
	Value string
	ECert bool
}

Attribute defines additional attributes that may be passed along during registration

type AttributeRequest

type AttributeRequest struct {
	Name     string
	Optional bool
}

AttributeRequest is a request for an attribute.

type CAClient

type CAClient interface {
	Enroll(request *EnrollmentRequest) error
	Reenroll(request *ReenrollmentRequest) error
	Register(request *RegistrationRequest) (string, error)
	Revoke(request *RevocationRequest) (*RevocationResponse, error)
	GetCAInfo() (*GetCAInfoResponse, error)
	CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)
	GetIdentity(id, caname string) (*IdentityResponse, error)
	ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error)
	RemoveIdentity(request *RemoveIdentityRequest) (*IdentityResponse, error)
	GetAllIdentities(caname string) ([]*IdentityResponse, error)
	GetAffiliation(affiliation, caname string) (*AffiliationResponse, error)
	GetAllAffiliations(caname string) (*AffiliationResponse, error)
	AddAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)
	ModifyAffiliation(request *ModifyAffiliationRequest) (*AffiliationResponse, error)
	RemoveAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)
}

CAClient provides management of identities in a Fabric network

type EnrollmentRequest

type EnrollmentRequest struct {
	// The identity name to enroll
	Name string
	// The secret returned via Register
	Secret string
	// CAName is the name of the CA to connect to
	CAName string
	// AttrReqs are requests for attributes to add to the certificate.
	// Each attribute is added only if the requestor owns the attribute.
	AttrReqs []*AttributeRequest
	// Profile is the name of the signing profile to use in issuing the X509 certificate
	Profile string
	// Label is the label to use in HSM operations
	Label string
	// The type of the enrollment request: x509 or idemix
	// The default is a request for an X509 enrollment certificate
	Type string
}

EnrollmentRequest is a request to enroll an identity

type GetCAInfoResponse

type GetCAInfoResponse struct {
	// CAName is the name of the CA
	CAName string
	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
	// The 1st element of the chain is the root CA cert
	CAChain []byte
	// Idemix issuer public key of the CA
	IssuerPublicKey []byte
	// Idemix issuer revocation public key of the CA
	IssuerRevocationPublicKey []byte
	// Version of the server
	Version string
}

GetCAInfoResponse is the response from the GetCAInfo call

type IdentityInfo

type IdentityInfo struct {
	ID             string
	Type           string
	Affiliation    string
	Attributes     []Attribute
	MaxEnrollments int
}

IdentityInfo contains information about an identity

type IdentityRequest

type IdentityRequest struct {

	// The enrollment ID which uniquely identifies an identity (required)
	ID string

	// The identity's affiliation (required)
	Affiliation string

	// Array of attributes to assign to the user
	Attributes []Attribute

	// Type of identity being registered (e.g. 'peer, app, user'). Default is 'user'.
	Type string

	// The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
	MaxEnrollments int

	// The enrollment secret. If not provided, a random secret is generated.
	Secret string

	// Name of the CA to send the request to within the Fabric CA server (optional)
	CAName string
}

IdentityRequest represents the request to add/update identity to the fabric-ca-server

type IdentityResponse

type IdentityResponse struct {

	// The enrollment ID which uniquely identifies an identity
	ID string

	// The identity's affiliation
	Affiliation string

	// Array of attributes assigned to the user
	Attributes []Attribute

	// Type of identity (e.g. 'peer, app, user')
	Type string

	// The maximum number of times the secret can be reused to enroll
	MaxEnrollments int

	// The enrollment secret
	Secret string

	// Name of the CA
	CAName string
}

IdentityResponse is the response from the any read/add/modify/remove identity call

type ModifyAffiliationRequest

type ModifyAffiliationRequest struct {
	AffiliationRequest
	// New name of the affiliation
	NewName string
}

ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server

type ReenrollmentRequest

type ReenrollmentRequest struct {
	// The identity name to enroll
	Name string
	// Profile is the name of the signing profile to use in issuing the certificate
	Profile string
	// Label is the label to use in HSM operations
	Label string
	// CAName is the name of the CA to connect to
	CAName string
	// AttrReqs are requests for attributes to add to the certificate.
	// Each attribute is added only if the requestor owns the attribute.
	AttrReqs []*AttributeRequest
}

ReenrollmentRequest is a request to reenroll an identity. This is useful to renew a certificate before it has expired.

type RegistrationRequest

type RegistrationRequest struct {
	// Name is the unique name of the identity
	Name string
	// Type of identity being registered (e.g. "peer, app, user")
	Type string
	// MaxEnrollments is the number of times the secret can  be reused to enroll.
	// if omitted, this defaults to max_enrollments configured on the server
	MaxEnrollments int
	// The identity's affiliation e.g. org1.department1
	Affiliation string
	// Optional attributes associated with this identity
	Attributes []Attribute
	// CAName is the name of the CA to connect to
	CAName string
	// Secret is an optional password.  If not specified,
	// a random secret is generated.  In both cases, the secret
	// is returned from registration.
	Secret string
}

RegistrationRequest defines the attributes required to register a user with the CA

type RemoveIdentityRequest

type RemoveIdentityRequest struct {

	// The enrollment ID which uniquely identifies an identity
	ID string

	// Force delete
	Force bool

	// Name of the CA
	CAName string
}

RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server

type RevocationRequest

type RevocationRequest struct {
	// Name of the identity whose certificates should be revoked
	// If this field is omitted, then Serial and AKI must be specified.
	Name string
	// Serial number of the certificate to be revoked
	// If this is omitted, then Name must be specified
	Serial string
	// AKI (Authority Key Identifier) of the certificate to be revoked
	AKI string
	// Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp
	// for valid values. The default value is 0 (ocsp.Unspecified).
	Reason string
	// CAName is the name of the CA to connect to
	CAName string
}

RevocationRequest defines the attributes required to revoke credentials with the CA

type RevocationResponse

type RevocationResponse struct {
	// RevokedCerts is an array of certificates that were revoked
	RevokedCerts []RevokedCert
	// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
	CRL []byte
}

RevocationResponse represents response from the server for a revocation request

type RevokedCert

type RevokedCert struct {
	// Serial number of the revoked certificate
	Serial string
	// AKI of the revoked certificate
	AKI string
}

RevokedCert represents a revoked certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL