README
¶
cartridge
Library for working with crypto providers, for example, Vault or GCP. This library will most likely be replaced with "inject" in services. #go#library#crypto#secops#offchain#service#application#
Table of Contents
Description
How to use Cartridge with Vault:
package main
import (
"github.com/hyperledger/fabric-sdk-go/pkg/client/channel"
"github.com/hyperledger/fabric-sdk-go/pkg/core/config"
"github.com/hyperledger/fabric-sdk-go/pkg/fabsdk"
"github.com/sirupsen/logrus"
"github.com/anoideaopen/cartridge"
"github.com/anoideaopen/cartridge/manager"
)git
func main() {
// create manager instance
userCert := "User1@org1.example.com-cert.pem"
vaultManager, err := manager.NewVaultManager("Org1MSP", userCert, "http://dev-vault:8200", "secrettoken", "kv")
if err != nil {
logrus.Fatal(err)
}
configProvider := config.FromFile("connectionProfilePath")
configBackends, err := configProvider()
if err != nil {
logrus.Fatal(err)
}
connectOpts, err := cartridge.NewConnector(vaultManager, cartridge.NewVaultConnectProvider(configBackends...)).Opts()
if err != nil {
logrus.Fatal(err)
}
sdk, err := fabsdk.New(configProvider, connectOpts...)
if err is not nil {
logrus.Fatal(err)
}
// create a channel.Client with signing identity
signingIdentity := vaultManager.SigningIdentity()
channelProvider := sdk.ChannelContext("mychannel", fabsdk.WithOrg("Org1"), fabsdk.WithIdentity(signingIdentity))
cli, err := channel.New(channelProvider)
if err != nil {
logrus.Fatal(err)
}
}
How to use Cartridge with Google Secrets:
Define an environment variable with the path to service account credentials:
export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/sa-app.json
package main
import (
"github.com/hyperledger/fabric-sdk-go/pkg/client/channel"
"github.com/hyperledger/fabric-sdk-go/pkg/core/config"
"github.com/hyperledger/fabric-sdk-go/pkg/fabsdk"
"github.com/sirupsen/logrus"
"github.com/anoideaopen/cartridge"
"github.com/anoideaopen/cartridge/manager"
)
func main() {
userCert := "User1@org1.example.com-cert.pem"
secretManager, err := manager.NewSecretManager("Org1MSP", "gcp-project", userCert)
if err != nil {
logrus.Fatal(err)
}
configProvider := config.FromFile("connectionProfilePath")
configBackends, err := configProvider()
if err != nil {
logrus.Fatal(err)
}
connectOpts, err := cartridge.NewConnector(secretManager, cartridge.NewVaultConnectProvider(configBackends...)).Opts()
if err != nil {
logrus.Fatal(err)
}
sdk, err := fabsdk.New(configProvider, connectOpts...)
if err != nil {
logrus.Fatal(err)
}
signingIdentity := secretManager.SigningIdentity()
channelProvider := sdk.ChannelContext("channel0", fabsdk.WithOrg("Org1"), fabsdk.WithIdentity(signingIdentity))
_, err = channel.New(channelProvider)
if err != nil {
logrus.Fatal(err)
}
}
To integrate your own crypto storage for your signing crypto, you need to implement the Manager interface and provide this implementation to the NewConnector constructor as shown above. If you want to implement storage for all user's crypto, you need to implement the ConnectProvider interface and pass it to NewConnector as well.
Links
License
Documentation
¶
Index ¶
- func NewCartridgeCryptoSuite(manager manager.Manager) core.CryptoSuite
- func NewLoggerProvider() api.LoggerProvider
- type ConnectProvider
- type Connector
- type Crypto
- type CryptoSuite
- func (c *CryptoSuite) GetHash(_ core.HashOpts) (h hash.Hash, err error)
- func (c *CryptoSuite) GetKey(ski []byte) (core.Key, error)
- func (c *CryptoSuite) Hash(msg []byte, opts core.HashOpts) (hash []byte, err error)
- func (c *CryptoSuite) KeyGen(_ core.KeyGenOpts) (k core.Key, err error)
- func (c *CryptoSuite) KeyImport(raw interface{}, _ core.KeyImportOpts) (k core.Key, err error)
- func (c *CryptoSuite) Sign(k core.Key, digest []byte, _ core.SignerOpts) (signature []byte, err error)
- func (c *CryptoSuite) Verify(k core.Key, signature, digest []byte, _ core.SignerOpts) (valid bool, err error)
- type ProviderFactory
- func (c *ProviderFactory) CreateCryptoSuiteProvider(_ core.CryptoSuiteConfig) (core.CryptoSuite, error)
- func (c *ProviderFactory) CreateInfraProvider(config fab.EndpointConfig) (fab.InfraProvider, error)
- func (c *ProviderFactory) CreateSigningManager(cryptoProvider core.CryptoSuite) (core.SigningManager, error)
- type VaultConnector
- func (c *VaultConnector) EndpointConfig(cache cryptocache.CryptoCache) (fab.EndpointConfig, error)
- func (c *VaultConnector) IdentityConfig(cache cryptocache.CryptoCache) (msp.IdentityConfig, error)
- func (c *VaultConnector) WithChannelConfigProvider(channelConfigProvider func(name string) *fab.ChannelEndpointConfig)
- func (c *VaultConnector) WithChannelPeersProvider(channelPeersProvider func(channel string) []fab.ChannelPeer)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCartridgeCryptoSuite ¶
func NewCartridgeCryptoSuite(manager manager.Manager) core.CryptoSuite
NewCartridgeCryptoSuite returns cryptosuite adaptor for Signer
func NewLoggerProvider ¶
func NewLoggerProvider() api.LoggerProvider
NewLoggerProvider returns a new default implementation of a logger backend This function is separated from the factory to allow logger creation first.
Types ¶
type ConnectProvider ¶
type ConnectProvider interface {
// IdentityConfig provides user data
IdentityConfig(cache cryptocache.CryptoCache) (msp.IdentityConfig, error)
// EndpointConfig provides network data
EndpointConfig(cache cryptocache.CryptoCache) (fab.EndpointConfig, error)
}
ConnectProvider provides all necessary data (endpoints, certs) for connecting to HLF network.
type Connector ¶
type Connector struct {
// contains filtered or unexported fields
}
Connector holds all necessary data (endpoints, certs) for connecting to HLF network.
func NewConnector ¶
func NewConnector(manager manager.Manager, provider ConnectProvider) *Connector
NewConnector creates Connector instance.
type Crypto ¶
Crypto stores mapping <keyname string : cryptovalue core.Key>
type CryptoSuite ¶
type CryptoSuite struct {
// contains filtered or unexported fields
}
CryptoSuite provides a wrapper of Signer
func (*CryptoSuite) GetKey ¶
func (c *CryptoSuite) GetKey(ski []byte) (core.Key, error)
GetKey gets a key from CryptoSuite key store
func (*CryptoSuite) KeyGen ¶
func (c *CryptoSuite) KeyGen(_ core.KeyGenOpts) (k core.Key, err error)
KeyGen generate private/public key pair
func (*CryptoSuite) KeyImport ¶
func (c *CryptoSuite) KeyImport(raw interface{}, _ core.KeyImportOpts) (k core.Key, err error)
KeyImport imports new key to CryptoSuite key store
func (*CryptoSuite) Sign ¶
func (c *CryptoSuite) Sign(k core.Key, digest []byte, _ core.SignerOpts) (signature []byte, err error)
Sign uses Manager to sign the digest
func (*CryptoSuite) Verify ¶
func (c *CryptoSuite) Verify(k core.Key, signature, digest []byte, _ core.SignerOpts) (valid bool, err error)
Verify verifies if signature is created using provided key
type ProviderFactory ¶
type ProviderFactory struct {
// contains filtered or unexported fields
}
ProviderFactory represents the default SDK provider factory.
func NewCartridgeProviderFactory ¶
func NewCartridgeProviderFactory(manager manager.Manager) *ProviderFactory
NewCartridgeProviderFactory returns the default SDK provider factory.
func (*ProviderFactory) CreateCryptoSuiteProvider ¶
func (c *ProviderFactory) CreateCryptoSuiteProvider(_ core.CryptoSuiteConfig) (core.CryptoSuite, error)
CreateCryptoSuiteProvider returns a new default implementation of BCCSP
func (*ProviderFactory) CreateInfraProvider ¶
func (c *ProviderFactory) CreateInfraProvider(config fab.EndpointConfig) (fab.InfraProvider, error)
CreateInfraProvider returns a new default implementation of fabric primitives
func (*ProviderFactory) CreateSigningManager ¶
func (c *ProviderFactory) CreateSigningManager(cryptoProvider core.CryptoSuite) (core.SigningManager, error)
CreateSigningManager returns a new default implementation of signing manager
type VaultConnector ¶
type VaultConnector struct {
ChannelConfigProvider func(name string) *fab.ChannelEndpointConfig
ChannelPeersProvider func(channel string) []fab.ChannelPeer
// contains filtered or unexported fields
}
VaultConnector - VaultConnector is a struct that implements the core.ConfigProvider interface
func NewVaultConnectProvider ¶
func NewVaultConnectProvider(coreBackend ...core.ConfigBackend) *VaultConnector
NewVaultConnectProvider - NewVaultConnectProvider returns a new instance of VaultConnector
func (*VaultConnector) EndpointConfig ¶
func (c *VaultConnector) EndpointConfig(cache cryptocache.CryptoCache) (fab.EndpointConfig, error)
EndpointConfig - EndpointConfig returns the endpoint config
func (*VaultConnector) IdentityConfig ¶
func (c *VaultConnector) IdentityConfig(cache cryptocache.CryptoCache) (msp.IdentityConfig, error)
IdentityConfig - IdentityConfig returns the identity config
func (*VaultConnector) WithChannelConfigProvider ¶
func (c *VaultConnector) WithChannelConfigProvider(channelConfigProvider func(name string) *fab.ChannelEndpointConfig)
WithChannelConfigProvider - WithChannelConfigProvider sets the channel config provider
func (*VaultConnector) WithChannelPeersProvider ¶
func (c *VaultConnector) WithChannelPeersProvider(channelPeersProvider func(channel string) []fab.ChannelPeer)
WithChannelPeersProvider - WithChannelPeersProvider sets the channel peers provider
Source Files
Directories