Documentation ¶
Index ¶
- Variables
- func AddPemToCertPool(pemCerts []byte, pool *x509.CertPool) error
- func ClientKeepaliveOptions() []grpc.DialOption
- func GetPeerTestingAddress(port string) string
- func InitTLSForPeer() credentials.TransportCredentials
- func InitTLSForShim(key, certStr string) credentials.TransportCredentials
- func MaxRecvMsgSize() int
- func MaxSendMsgSize() int
- func NewChaincodeClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool, ...) (*grpc.ClientConn, error)
- func NewClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool, ...) (*grpc.ClientConn, error)
- func NewServerTransportCredentials(serverConfig *tls.Config) credentials.TransportCredentials
- func ServerKeepaliveOptions() []grpc.ServerOption
- func SetKeepaliveOptions(ka KeepaliveOptions)
- func SetMaxRecvMsgSize(size int)
- func SetMaxSendMsgSize(size int)
- func TLSEnabled() bool
- type CASupport
- type ConnectionFactory
- type ConnectionProducer
- type CredentialSupport
- type GRPCServer
- type KeepaliveOptions
- type SecureServerConfig
Constants ¶
This section is empty.
Variables ¶
var ( ClientHandshakeNotImplError = errors.New("core/comm: Client handshakes" + "are not implemented with serverCreds") OverrrideHostnameNotSupportedError = errors.New( "core/comm: OverrideServerName is " + "not supported") MissingServerConfigError = errors.New( "core/comm: `serverConfig` cannot be nil") )
var EndpointDisableInterval = time.Second * 10
Functions ¶
func AddPemToCertPool ¶
AddPemToCertPool adds PEM-encoded certs to a cert pool
func ClientKeepaliveOptions ¶
func ClientKeepaliveOptions() []grpc.DialOption
ClientKeepaliveOptions returns the gRPC keepalive options for clients
func GetPeerTestingAddress ¶
func InitTLSForPeer ¶
func InitTLSForPeer() credentials.TransportCredentials
InitTLSForPeer returns TLS credentials for peer
func InitTLSForShim ¶
func InitTLSForShim(key, certStr string) credentials.TransportCredentials
func MaxRecvMsgSize ¶
func MaxRecvMsgSize() int
MaxRecvMsgSize returns the maximum message size in bytes that gRPC clients and servers can receive
func MaxSendMsgSize ¶
func MaxSendMsgSize() int
MaxSendMsgSize returns the maximum message size in bytes that gRPC clients and servers can send
func NewChaincodeClientConnectionWithAddress ¶
func NewChaincodeClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool, creds credentials.TransportCredentials) (*grpc.ClientConn, error)
NewChaincodeClientConnectionWithAddress Returns a new chaincode type grpc.ClientConn to the given address
func NewClientConnectionWithAddress ¶
func NewClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool, creds credentials.TransportCredentials) (*grpc.ClientConn, error)
NewClientConnectionWithAddress Returns a new grpc.ClientConn to the given address
func NewServerTransportCredentials ¶
func NewServerTransportCredentials(serverConfig *tls.Config) credentials.TransportCredentials
NewServerTransportCredentials returns a new initialized grpc/credentials.TransportCredentials
func ServerKeepaliveOptions ¶
func ServerKeepaliveOptions() []grpc.ServerOption
ServerKeepaliveOptions returns the gRPC keepalive options for servers
func SetKeepaliveOptions ¶
func SetKeepaliveOptions(ka KeepaliveOptions)
SetKeepaliveOptions sets the gRPC keepalive options for both clients and servers
func SetMaxRecvMsgSize ¶
func SetMaxRecvMsgSize(size int)
SetMaxRecvMsgSize sets the maximum message size in bytes that gRPC clients and servers can receive
func SetMaxSendMsgSize ¶
func SetMaxSendMsgSize(size int)
SetMaxSendMsgSize sets the maximum message size in bytes that gRPC clients and servers can send
func TLSEnabled ¶
func TLSEnabled() bool
TLSEnabled return cached value for "peer.tls.enabled" configuration value
Types ¶
type CASupport ¶
type CASupport struct { sync.RWMutex AppRootCAsByChain map[string][][]byte OrdererRootCAsByChain map[string][][]byte ClientRootCAs [][]byte ServerRootCAs [][]byte }
CASupport type manages certificate authorities scoped by channel
func (*CASupport) GetClientRootCAs ¶
GetClientRootCAs returns the PEM-encoded root certificates for all of the application and orderer organizations defined for all chains. The root certificates returned should be used to set the trusted client roots for TLS servers.
func (*CASupport) GetServerRootCAs ¶
GetServerRootCAs returns the PEM-encoded root certificates for all of the application and orderer organizations defined for all chains. The root certificates returned should be used to set the trusted server roots for TLS clients.
type ConnectionFactory ¶
type ConnectionFactory func(endpoint string) (*grpc.ClientConn, error)
ConnectionFactory creates a connection to a certain endpoint
type ConnectionProducer ¶
type ConnectionProducer interface { // NewConnection creates a new connection. // Returns the connection, the endpoint selected, nil on success. // Returns nil, "", error on failure NewConnection() (*grpc.ClientConn, string, error) // UpdateEndpoints updates the endpoints of the ConnectionProducer // to be the given endpoints UpdateEndpoints(endpoints []string) // DisableEndpoint remove endpoint from endpoint for some time DisableEndpoint(endpoint string) }
ConnectionProducer produces connections out of a set of predefined endpoints
func NewConnectionProducer ¶
func NewConnectionProducer(factory ConnectionFactory, endpoints []string) ConnectionProducer
NewConnectionProducer creates a new ConnectionProducer with given endpoints and connection factory. It returns nil, if the given endpoints slice is empty.
type CredentialSupport ¶
type CredentialSupport struct { *CASupport ClientCert tls.Certificate }
CredentialSupport type manages credentials used for gRPC client connections
func GetCredentialSupport ¶
func GetCredentialSupport() *CredentialSupport
GetCredentialSupport returns the singleton CredentialSupport instance
func (*CredentialSupport) GetDeliverServiceCredentials ¶
func (cs *CredentialSupport) GetDeliverServiceCredentials(channelID string) (credentials.TransportCredentials, error)
GetDeliverServiceCredentials returns GRPC transport credentials for given channel to be used by GRPC clients which communicate with ordering service endpoints. If the channel isn't found, error is returned.
func (*CredentialSupport) GetPeerCredentials ¶
func (cs *CredentialSupport) GetPeerCredentials() credentials.TransportCredentials
GetPeerCredentials returns GRPC transport credentials for use by GRPC clients which communicate with remote peer endpoints.
type GRPCServer ¶
type GRPCServer interface { //Address returns the listen address for the GRPCServer Address() string //Start starts the underlying grpc.Server Start() error //Stop stops the underlying grpc.Server Stop() //Server returns the grpc.Server instance for the GRPCServer Server() *grpc.Server //Listener returns the net.Listener instance for the GRPCServer Listener() net.Listener //ServerCertificate returns the tls.Certificate used by the grpc.Server ServerCertificate() tls.Certificate //TLSEnabled is a flag indicating whether or not TLS is enabled for this //GRPCServer instance TLSEnabled() bool //MutualTLSRequired is a flag indicating whether or not client certificates //are required for this GRPCServer instance MutualTLSRequired() bool //AppendClientRootCAs appends PEM-encoded X509 certificate authorities to //the list of authorities used to verify client certificates AppendClientRootCAs(clientRoots [][]byte) error //RemoveClientRootCAs removes PEM-encoded X509 certificate authorities from //the list of authorities used to verify client certificates RemoveClientRootCAs(clientRoots [][]byte) error //SetClientRootCAs sets the list of authorities used to verify client //certificates based on a list of PEM-encoded X509 certificate authorities SetClientRootCAs(clientRoots [][]byte) error }
GRPCServer defines an interface representing a GRPC-based server
func NewChaincodeGRPCServer ¶
func NewChaincodeGRPCServer(address string, secureConfig SecureServerConfig) (GRPCServer, error)
NewChaincodeGRPCServer creates a new implementation of a chaincode GRPCServer given a listen address
func NewGRPCServer ¶
func NewGRPCServer(address string, secureConfig SecureServerConfig) (GRPCServer, error)
NewGRPCServer creates a new implementation of a GRPCServer given a listen address
func NewGRPCServerFromListener ¶
func NewGRPCServerFromListener(listener net.Listener, secureConfig SecureServerConfig) (GRPCServer, error)
NewGRPCServerFromListener creates a new implementation of a GRPCServer given an existing net.Listener instance using default keepalive
type KeepaliveOptions ¶
type KeepaliveOptions struct { // ClientKeepaliveTime is the duration in seconds after which if the client // does not see any activity from the server it pings the server to see // if it is alive ClientKeepaliveTime int // ClientKeepaliveTimeout is the duration the client waits for a response // from the server after sending a ping before closing the connection ClientKeepaliveTimeout int // ServerKeepaliveTime is the duration in seconds after which if the server // does not see any activity from the client it pings the client to see // if it is alive ServerKeepaliveTime int // ServerKeepaliveTimeout is the duration the server waits for a response // from the client after sending a ping before closing the connection ServerKeepaliveTimeout int }
KeepAliveOptions is used to set the gRPC keepalive settings for both clients and servers
type SecureServerConfig ¶
type SecureServerConfig struct { //PEM-encoded X509 public key to be used by the server for TLS communication ServerCertificate []byte //PEM-encoded private key to be used by the server for TLS communication ServerKey []byte //Set of PEM-encoded X509 certificate authorities to optionally send //as part of the server handshake ServerRootCAs [][]byte //Set of PEM-encoded X509 certificate authorities to use when verifying //client certificates ClientRootCAs [][]byte //Whether or not to use TLS for communication UseTLS bool //Whether or not TLS client must present certificates for authentication RequireClientCert bool }
A SecureServerConfig structure is used to configure security (e.g. TLS) for a GRPCServer instance