comm

package
v1.1.0-preview Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2017 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ClientHandshakeNotImplError = errors.New("core/comm: Client handshakes" +
		"are not implemented with serverCreds")
	OverrrideHostnameNotSupportedError = errors.New(
		"core/comm: OverrideServerName is " +
			"not supported")
	MissingServerConfigError = errors.New(
		"core/comm: `serverConfig` cannot be nil")
)
View Source
var EndpointDisableInterval = time.Second * 10

Functions

func AddPemToCertPool

func AddPemToCertPool(pemCerts []byte, pool *x509.CertPool) error

AddPemToCertPool adds PEM-encoded certs to a cert pool

func ClientKeepaliveOptions

func ClientKeepaliveOptions() []grpc.DialOption

ClientKeepaliveOptions returns the gRPC keepalive options for clients

func GetPeerTestingAddress

func GetPeerTestingAddress(port string) string

func InitTLSForPeer

func InitTLSForPeer() credentials.TransportCredentials

InitTLSForPeer returns TLS credentials for peer

func InitTLSForShim

func InitTLSForShim(key, certStr string) credentials.TransportCredentials

func MaxRecvMsgSize

func MaxRecvMsgSize() int

MaxRecvMsgSize returns the maximum message size in bytes that gRPC clients and servers can receive

func MaxSendMsgSize

func MaxSendMsgSize() int

MaxSendMsgSize returns the maximum message size in bytes that gRPC clients and servers can send

func NewChaincodeClientConnectionWithAddress

func NewChaincodeClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool, creds credentials.TransportCredentials) (*grpc.ClientConn, error)

NewChaincodeClientConnectionWithAddress Returns a new chaincode type grpc.ClientConn to the given address

func NewClientConnectionWithAddress

func NewClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool, creds credentials.TransportCredentials) (*grpc.ClientConn, error)

NewClientConnectionWithAddress Returns a new grpc.ClientConn to the given address

func NewServerTransportCredentials

func NewServerTransportCredentials(serverConfig *tls.Config) credentials.TransportCredentials

NewServerTransportCredentials returns a new initialized grpc/credentials.TransportCredentials

func ServerKeepaliveOptions

func ServerKeepaliveOptions() []grpc.ServerOption

ServerKeepaliveOptions returns the gRPC keepalive options for servers

func SetKeepaliveOptions

func SetKeepaliveOptions(ka KeepaliveOptions)

SetKeepaliveOptions sets the gRPC keepalive options for both clients and servers

func SetMaxRecvMsgSize

func SetMaxRecvMsgSize(size int)

SetMaxRecvMsgSize sets the maximum message size in bytes that gRPC clients and servers can receive

func SetMaxSendMsgSize

func SetMaxSendMsgSize(size int)

SetMaxSendMsgSize sets the maximum message size in bytes that gRPC clients and servers can send

func TLSEnabled

func TLSEnabled() bool

TLSEnabled return cached value for "peer.tls.enabled" configuration value

Types

type CASupport

type CASupport struct {
	sync.RWMutex
	AppRootCAsByChain     map[string][][]byte
	OrdererRootCAsByChain map[string][][]byte
	ClientRootCAs         [][]byte
	ServerRootCAs         [][]byte
}

CASupport type manages certificate authorities scoped by channel

func (*CASupport) GetClientRootCAs

func (cas *CASupport) GetClientRootCAs() (appRootCAs, ordererRootCAs [][]byte)

GetClientRootCAs returns the PEM-encoded root certificates for all of the application and orderer organizations defined for all chains. The root certificates returned should be used to set the trusted client roots for TLS servers.

func (*CASupport) GetServerRootCAs

func (cas *CASupport) GetServerRootCAs() (appRootCAs, ordererRootCAs [][]byte)

GetServerRootCAs returns the PEM-encoded root certificates for all of the application and orderer organizations defined for all chains. The root certificates returned should be used to set the trusted server roots for TLS clients.

type ConnectionFactory

type ConnectionFactory func(endpoint string) (*grpc.ClientConn, error)

ConnectionFactory creates a connection to a certain endpoint

type ConnectionProducer

type ConnectionProducer interface {
	// NewConnection creates a new connection.
	// Returns the connection, the endpoint selected, nil on success.
	// Returns nil, "", error on failure
	NewConnection() (*grpc.ClientConn, string, error)
	// UpdateEndpoints updates the endpoints of the ConnectionProducer
	// to be the given endpoints
	UpdateEndpoints(endpoints []string)
	// DisableEndpoint remove endpoint from endpoint for some time
	DisableEndpoint(endpoint string)
}

ConnectionProducer produces connections out of a set of predefined endpoints

func NewConnectionProducer

func NewConnectionProducer(factory ConnectionFactory, endpoints []string) ConnectionProducer

NewConnectionProducer creates a new ConnectionProducer with given endpoints and connection factory. It returns nil, if the given endpoints slice is empty.

type CredentialSupport

type CredentialSupport struct {
	*CASupport
	ClientCert tls.Certificate
}

CredentialSupport type manages credentials used for gRPC client connections

func GetCredentialSupport

func GetCredentialSupport() *CredentialSupport

GetCredentialSupport returns the singleton CredentialSupport instance

func (*CredentialSupport) GetDeliverServiceCredentials

func (cs *CredentialSupport) GetDeliverServiceCredentials(channelID string) (credentials.TransportCredentials, error)

GetDeliverServiceCredentials returns GRPC transport credentials for given channel to be used by GRPC clients which communicate with ordering service endpoints. If the channel isn't found, error is returned.

func (*CredentialSupport) GetPeerCredentials

func (cs *CredentialSupport) GetPeerCredentials() credentials.TransportCredentials

GetPeerCredentials returns GRPC transport credentials for use by GRPC clients which communicate with remote peer endpoints.

type GRPCServer

type GRPCServer interface {
	//Address returns the listen address for the GRPCServer
	Address() string
	//Start starts the underlying grpc.Server
	Start() error
	//Stop stops the underlying grpc.Server
	Stop()
	//Server returns the grpc.Server instance for the GRPCServer
	Server() *grpc.Server
	//Listener returns the net.Listener instance for the GRPCServer
	Listener() net.Listener
	//ServerCertificate returns the tls.Certificate used by the grpc.Server
	ServerCertificate() tls.Certificate
	//TLSEnabled is a flag indicating whether or not TLS is enabled for this
	//GRPCServer instance
	TLSEnabled() bool
	//MutualTLSRequired is a flag indicating whether or not client certificates
	//are required for this GRPCServer instance
	MutualTLSRequired() bool
	//AppendClientRootCAs appends PEM-encoded X509 certificate authorities to
	//the list of authorities used to verify client certificates
	AppendClientRootCAs(clientRoots [][]byte) error
	//RemoveClientRootCAs removes PEM-encoded X509 certificate authorities from
	//the list of authorities used to verify client certificates
	RemoveClientRootCAs(clientRoots [][]byte) error
	//SetClientRootCAs sets the list of authorities used to verify client
	//certificates based on a list of PEM-encoded X509 certificate authorities
	SetClientRootCAs(clientRoots [][]byte) error
}

GRPCServer defines an interface representing a GRPC-based server

func NewChaincodeGRPCServer

func NewChaincodeGRPCServer(address string, secureConfig SecureServerConfig) (GRPCServer, error)

NewChaincodeGRPCServer creates a new implementation of a chaincode GRPCServer given a listen address

func NewGRPCServer

func NewGRPCServer(address string, secureConfig SecureServerConfig) (GRPCServer, error)

NewGRPCServer creates a new implementation of a GRPCServer given a listen address

func NewGRPCServerFromListener

func NewGRPCServerFromListener(listener net.Listener, secureConfig SecureServerConfig) (GRPCServer, error)

NewGRPCServerFromListener creates a new implementation of a GRPCServer given an existing net.Listener instance using default keepalive

type KeepaliveOptions

type KeepaliveOptions struct {
	// ClientKeepaliveTime is the duration in seconds after which if the client
	// does not see any activity from the server it pings the server to see
	// if it is alive
	ClientKeepaliveTime int
	// ClientKeepaliveTimeout is the duration the client waits for a response
	// from the server after sending a ping before closing the connection
	ClientKeepaliveTimeout int
	// ServerKeepaliveTime is the duration in seconds after which if the server
	// does not see any activity from the client it pings the client to see
	// if it is alive
	ServerKeepaliveTime int
	// ServerKeepaliveTimeout is the duration the server waits for a response
	// from the client after sending a ping before closing the connection
	ServerKeepaliveTimeout int
}

KeepAliveOptions is used to set the gRPC keepalive settings for both clients and servers

type SecureServerConfig

type SecureServerConfig struct {
	//PEM-encoded X509 public key to be used by the server for TLS communication
	ServerCertificate []byte
	//PEM-encoded private key to be used by the server for TLS communication
	ServerKey []byte
	//Set of PEM-encoded X509 certificate authorities to optionally send
	//as part of the server handshake
	ServerRootCAs [][]byte
	//Set of PEM-encoded X509 certificate authorities to use when verifying
	//client certificates
	ClientRootCAs [][]byte
	//Whether or not to use TLS for communication
	UseTLS bool
	//Whether or not TLS client must present certificates for authentication
	RequireClientCert bool
}

A SecureServerConfig structure is used to configure security (e.g. TLS) for a GRPCServer instance

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL