Documentation
¶
Index ¶
- Constants
- func ComputeSKI(hashType crypto.HashType, pub interface{}) ([]byte, error)
- func GetCertificateIdFromDER(certDER []byte, hashType string) ([]byte, error)
- func NewACProvider(chainConfig *params.ChainConfig, localOrgId string) (*certACProvider, error)
- type AccessControlProvider
- type EndorsementEntry
- type Member
- type MemberInterface
- type MemberType
- type PWKACProvider
- func (pp *PWKACProvider) CreatePrincipal(resourceName string, endorsements []*EndorsementEntry, message []byte) (Principal, error)
- func (pp *PWKACProvider) GetHashAlg() string
- func (pp *PWKACProvider) NewMember(member *Member) (MemberInterface, error)
- func (pp *PWKACProvider) RefineEndorsements(endorsements []*EndorsementEntry, msg []byte) []*EndorsementEntry
- func (pp *PWKACProvider) VerifyPrincipal(principal Principal) (bool, error)
- type Principal
- type ResourcePolicy
- type Role
- type Rule
- type SigningMember
- type TrustMemberConfig
- type TrustRootConfig
Constants ¶
View Source
const ( LIMIT_DELIMITER = "/" PARAM_CERTS = "certs" PARAM_CERTHASHES = "cert_hashes" PARAM_ALIASES = "aliases" PARAM_ALIAS = "alias" PUBLIC_KEYS = "pubkey" )
Special characters allowed to define customized access rules
View Source
const ( //PermissionedWithCert permissioned with certificate PermissionedWithCert string = "permissionedwithcert" //PermissionedWithKey permissioned with public key PermissionedWithKey string = "permissionedwithkey" // Public public key Public string = "public" // Identity (1.X PermissionedWithCert) Identity string = "identity" )
View Source
const ( //X509 cert MemberType_CERT MemberType = 0 //cert hash MemberType_CERT_HASH MemberType = 1 //public key MemberType_PUBLIC_KEY MemberType = 2 //did MemberType_DID MemberType = 3 //alias MemberType_ALIAS MemberType = 4 //address MemberType_ADDR MemberType = 5 ResourceNameUnknown = "UNKNOWN" ResourceNameReadData = "READ" ResourceNameWriteData = "WRITE" ResourceNameP2p = "P2P" ResourceNameConsensusNode = "CONSENSUS" ResourceNameAdmin = "ADMIN" ResourceNameUpdateConfig = "CONFIG" ResourceNameUpdateSelfConfig = "SELF_CONFIG" ResourceNameAllTest = "ALL_TEST" RoleAdmin Role = "ADMIN" RoleClient Role = "CLIENT" RoleLight Role = "LIGHT" RoleConsensusNode Role = "CONSENSUS" RoleCommonNode Role = "COMMON" RoleContract Role = "CONTRACT" RuleMajority Rule = "MAJORITY" RuleAll Rule = "ALL" RuleAny Rule = "ANY" RuleSelf Rule = "SELF" RuleForbidden Rule = "FORBIDDEN" RuleDelete Rule = "DELETE" )
Variables ¶
This section is empty.
Functions ¶
func GetCertificateIdFromDER ¶
GetCertificateIdFromDER get certificate id from DER
func NewACProvider ¶
func NewACProvider(chainConfig *params.ChainConfig, localOrgId string) (*certACProvider, error)
Types ¶
type AccessControlProvider ¶
type AccessControlProvider interface {
// GetHashAlg return hash algorithm the access control provider uses
GetHashAlg() string
// CreatePrincipal creates a principal for one time authentication
CreatePrincipal(resourceName string, endorsements []*EndorsementEntry, message []byte) (Principal, error)
// VerifyPrincipal verifies if the policy for the resource is met
VerifyPrincipal(principal Principal) (bool, error)
}
type EndorsementEntry ¶
type Member ¶
type Member struct {
// organization identifier of the member
OrgId string
// member type
MemberType MemberType
// member identity related info bytes
MemberInfo []byte
}
type MemberInterface ¶
type MemberInterface interface {
// GetMemberId returns the identity of this member (non-uniqueness)
GetMemberId() string
// GetOrgId returns the organization id which this member belongs to
GetOrgId() string
// GetRole returns roles of this member
GetRole() Role
// GetUid returns the identity of this member (unique)
GetUid() string
// Verify verifies a signature over some message using this member
Verify(hashType string, msg []byte, sig []byte) error
// GetMember returns Member
GetMember() (*Member, error)
//GetPk returns public key
GetPk() crypto.PublicKey
}
Member is the identity of a node or user.
type MemberType ¶
type MemberType int32
type PWKACProvider ¶
type PWKACProvider struct {
// contains filtered or unexported fields
}
func (*PWKACProvider) CreatePrincipal ¶
func (pp *PWKACProvider) CreatePrincipal(resourceName string, endorsements []*EndorsementEntry, message []byte) (Principal, error)
CreatePrincipal creates a principal for one time authentication
func (*PWKACProvider) GetHashAlg ¶
func (pp *PWKACProvider) GetHashAlg() string
GetHashAlg return hash algorithm the access control provider uses
func (*PWKACProvider) NewMember ¶
func (pp *PWKACProvider) NewMember(member *Member) (MemberInterface, error)
NewMember creates a member from pb Member
func (*PWKACProvider) RefineEndorsements ¶
func (pp *PWKACProvider) RefineEndorsements(endorsements []*EndorsementEntry, msg []byte) []*EndorsementEntry
验证并筛选一组背书,确保它们来自有效且被信任的成员 通过对背书条目的签名进行验证,确保每个背书都来自一个有效的签名者
func (*PWKACProvider) VerifyPrincipal ¶
func (pp *PWKACProvider) VerifyPrincipal(principal Principal) (bool, error)
VerifyPrincipal verifies if the principal for the resource is met 验证给定的 principal 是否满足对应资源的访问控制策略
type Principal ¶
type Principal interface {
// GetResourceName returns resource name of the verification
GetResourceName() string
// GetEndorsement returns all endorsements (signatures) of the verification
GetEndorsement() []*EndorsementEntry
// GetMessage returns signing data of the verification
GetMessage() []byte
// GetTargetOrgId returns target organization id of the verification if the verification is for a specific organization
GetTargetOrgId() string
}
Principal contains all information related to one time verification
type ResourcePolicy ¶
type ResourcePolicy struct {
ResourceName string
Policy policy
}
type SigningMember ¶
type SigningMember interface {
// Extends Member interface
MemberInterface
// Sign signs the message with the given hash type and returns signature bytes
Sign(hashType string, msg []byte) ([]byte, error)
}
func NewCertSigningMember ¶
func NewCertSigningMember(hashType string, member *Member, privateKeyPem, password string) (SigningMember, error)
NewCertSigningMember 基于传入的参数新建一个SigningMember @param hashType @param member @param privateKeyPem @param password @return protocol.SigningMember @return error
type TrustMemberConfig ¶
type TrustRootConfig ¶
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
hibe/hibe_amd64/hibe
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh.
|
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh. |
|
hibe/hibe_amd64/hibe/bn256
Package bn256 implements a particular bilinear group at the 128-bit security level.
|
Package bn256 implements a particular bilinear group at the 128-bit security level. |
|
hibe/hibe_noamd64/hibe
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh.
|
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh. |
|
hibe/hibe_noamd64/hibe/bn256
Package bn256 implements a particular bilinear group.
|
Package bn256 implements a particular bilinear group. |
|
tls
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
|
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446. |
Click to show internal directories.
Click to hide internal directories.