lib

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 3, 2018 License: Apache-2.0 Imports: 73 Imported by: 78

Documentation

Index

Constants

View Source 
const (
	// DefaultServerPort is the default listening port for the fabric-ca server
	DefaultServerPort = 7054

	// DefaultServerAddr is the default listening address for the fabric-ca server
	DefaultServerAddr = "0.0.0.0"
)
View Source 
const (
	// Unknown error code
	ErrUnknown = 0
	// HTTP method not allowed
	ErrMethodNotAllowed = 1
	// No authorization header was found in request
	ErrNoAuthHdr = 2
	// Failed reading the HTTP request body
	ErrReadingReqBody = 3
	// HTTP request body was empty but should not have been
	ErrEmptyReqBody = 4
	// HTTP request body was of the wrong format
	ErrBadReqBody = 5
	// The token in the authorization header was invalid
	ErrBadReqToken = 6
	// The caller does not have the "hf.Revoker" attibute
	ErrNotRevoker = 7
	// Certificate to be revoked was not found
	ErrRevCertNotFound = 8
	// Certificate to be revoked is not owned by expected user
	ErrCertWrongOwner = 9
	// Identity of certificate to be revoked was not found
	ErrRevokeIDNotFound = 10
	// User info was not found for issuee of revoked certificate
	ErrRevokeUserInfoNotFound = 11
	// Certificate revocation failed for another reason
	ErrRevokeFailure = 12
	// Failed to update user info when revoking identity
	ErrRevokeUpdateUser = 13
	// Failed to revoke any certificates by identity
	ErrNoCertsRevoked = 14
	// Missing fields in the revocation request
	ErrMissingRevokeArgs = 15
	// Failed to get user's affiliation
	ErrGettingAffiliation = 16
	// Revoker's affiliation not equal to or above revokee's affiliation
	ErrRevokerNotAffiliated = 17
	// Failed to send an HTTP response
	ErrSendingResponse = 18
	// The CA (Certificate Authority) name was not found
	ErrCANotFound = 19
	// Authorization failure
	ErrAuthFailure = 20
	// No username and password were in the authorization header
	ErrNoUserPass = 21
	// Enrollment is currently disabled for the server
	ErrEnrollDisabled = 22
	// Invalid user name
	ErrInvalidUser = 23
	// Invalid password
	ErrInvalidPass = 24
	// Invalid token in authorization header
	ErrInvalidToken = 25
	// Certificate was not issued by a trusted authority
	ErrUntrustedCertificate = 26
	// Certificate has expired
	ErrCertExpired = 27
	// Certificate has been revoked
	ErrCertRevoked = 28
	// Failed trying to check if certificate is revoked
	ErrCertRevokeCheckFailure = 29
	// Certificate was not found
	ErrCertNotFound = 30
	// Bad certificate signing request
	ErrBadCSR = 31
	// Failed to get identity's prekey
	ErrNoPreKey = 32
	// The caller was not authenticated
	ErrCallerIsNotAuthenticated = 33
	// Invalid configuration setting
	ErrConfig = 34
	// The caller does not have authority to generate a CRL
	ErrNoGenCRLAuth = 35
	// Invalid RevokedAfter value in the GenCRL request
	ErrInvalidRevokedAfter = 36
	// Invalid ExpiredAfter value in the GenCRL request
	ErrInvalidExpiredAfter = 37
	// Failed to get revoked certs from the database
	ErrRevokedCertsFromDB = 38
	// Failed to get CA cert
	ErrGetCACert = 39
	// Failed to get CA signer
	ErrGetCASigner = 40
	// Failed to generate CRL
	ErrGenCRL = 41
	// Registrar does not have the authority to register an attribute
	ErrRegAttrAuth = 42
	// Registrar does not own 'hf.Registrar.Attributes'
	ErrMissingRegAttr = 43
	// Caller does not have appropriate affiliation to perform requested action
	ErrCallerNotAffiliated = 44
	// Failed to verify if caller has appropriate type
	ErrGettingType = 45
	// CA cert does not have 'crl sign' usage
	ErrNoCrlSignAuth = 46
	// Incorrect level of database
	ErrDBLevel = 47
	// Incorrect level of configuration file
	ErrConfigFileLevel = 48
	// Failed to get user from database
	ErrGettingUser = 49
	// Error processing HTTP request
	ErrHTTPRequest = 50
	// Error connecting to database
	ErrConnectingDB = 51
	// Failed to add identity
	ErrAddIdentity = 52
	// Unauthorized to perform update action
	ErrUpdateConfigAuth = 53
	// Registrar not authorized to act on type
	ErrRegistrarInvalidType = 54
	// Registrar not authorized to act on affiliation
	ErrRegistrarNotAffiliated = 55
	// Failed to remove identity
	ErrRemoveIdentity = 56
	// Failed to get boolean query parameter
	ErrGettingBoolQueryParm = 57
	// Failed to modify identity
	ErrModifyingIdentity = 58
	// Caller does not have the appropriate role
	ErrMissingRole = 59
	// Failed to add new affiliation
	ErrUpdateConfigAddAff = 60
	// Failed to remove affiliation
	ErrUpdateConfigRemoveAff = 61
	// Error occured while removing affiliation in database
	ErrRemoveAffDB = 62
	// Error occured when making a Get request to database
	ErrDBGet = 63
	// Failed to modiy affiliation
	ErrUpdateConfigModifyAff = 64
	// Error occured while deleting user
	ErrDBDeleteUser = 65
	// Certificate that is being revoked has already been revoked
	ErrCertAlreadyRevoked = 66
	// Failed to get requested certificate(s)
	ErrGettingCert = 67
	// Error occurred parsing variable as an integer
	ErrParsingIntEnvVar = 68
	// CA certificate file is not found warning message
	ErrCACertFileNotFound = 69
)

Error codes

View Source 
const (

	// CAChainParentFirstEnvVar is the name of the environment variable that needs to be set
	// for server to return CA chain in parent-first order
	CAChainParentFirstEnvVar = "CA_CHAIN_PARENT_FIRST"
)

Variables

This section is empty.

Functions

func AffiliationDecoder added in v1.1.0 

func AffiliationDecoder(decoder *json.Decoder) error

AffiliationDecoder decodes streams of data coming from the server into an Affiliation object

func BytesToX509Cert 

func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)

BytesToX509Cert converts bytes (PEM or DER) to an X509 certificate

func CopyFile added in v1.1.0 

func CopyFile(src, dst string) error

CopyFile copies a file

func GenerateECDSATestCert added in v1.1.0 

func GenerateECDSATestCert() error

GenerateECDSATestCert generates EC based certificate for testing purposes

func GetCertID 

func GetCertID(bytes []byte) (string, string, error)

GetCertID returns both the serial number and AKI (Authority Key ID) for the certificate

func GetKeyRequest added in v1.1.0 

func GetKeyRequest(cfg *CAConfig) *api.BasicKeyRequest

GetKeyRequest constructs and returns api.BasicKeyRequest object based on the bccsp configuration options

func GetUserAffiliation added in v1.1.0 

func GetUserAffiliation(user spi.User) string

GetUserAffiliation return a joined version version of the affiliation path with '.' as the seperator

func IdentityDecoder added in v1.1.0 

func IdentityDecoder(decoder *json.Decoder) error

IdentityDecoder decodes streams of data coming from the server into an Identity object

func LoadPEMCertPool 

func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)

LoadPEMCertPool loads a pool of PEM certificates from list of files

func NormalizeURL 

func NormalizeURL(addr string) (*url.URL, error)

NormalizeURL normalizes a URL (from cfssl)

func UnmarshalConfig 

func UnmarshalConfig(config interface{}, vp *viper.Viper, configFile string,
	server bool) error

UnmarshalConfig unmarshals a configuration file

Types

type Accessor 

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements db.Accessor interface.

func NewDBAccessor 

func NewDBAccessor(db *dbutil.DB) *Accessor

NewDBAccessor is a constructor for the database API

func (*Accessor) DeleteAffiliation 

func (d *Accessor) DeleteAffiliation(name string, force, identityRemoval, isRegistrar bool) (*spi.DbTxResult, error)

DeleteAffiliation deletes affiliation from database. Using the force option with identity removal allowed this will also delete the identities associated with removed affiliations, and also delete the certificates for the identities removed

func (*Accessor) DeleteUser 

func (d *Accessor) DeleteUser(id string) (spi.User, error)

DeleteUser deletes user from database

func (*Accessor) GetAffiliation 

func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error)

GetAffiliation gets affiliation from database

func (*Accessor) GetAffiliationTree added in v1.1.0 

func (d *Accessor) GetAffiliationTree(name string) (*spi.DbTxResult, error)

GetAffiliationTree returns the requested affiliation and affiliations below

func (*Accessor) GetAllAffiliations added in v1.1.0 

func (d *Accessor) GetAllAffiliations(name string) (*sqlx.Rows, error)

GetAllAffiliations gets the requested affiliation and any sub affiliations from the database

func (*Accessor) GetFilteredUsers added in v1.1.0 

func (d *Accessor) GetFilteredUsers(affiliation, types string) (*sqlx.Rows, error)

GetFilteredUsers returns all identities that fall under the affiliation and types

func (*Accessor) GetProperties added in v1.1.0 

func (d *Accessor) GetProperties(names []string) (map[string]string, error)

GetProperties returns the properties from the database

func (*Accessor) GetUser 

func (d *Accessor) GetUser(id string, attrs []string) (spi.User, error)

GetUser gets user from database

func (*Accessor) GetUserLessThanLevel added in v1.1.0 

func (d *Accessor) GetUserLessThanLevel(level int) ([]spi.User, error)

GetUserLessThanLevel returns all identities that are less than the level specified Otherwise, returns no users if requested level is zero

func (*Accessor) InsertAffiliation 

func (d *Accessor) InsertAffiliation(name string, prekey string, level int) error

InsertAffiliation inserts affiliation into database

func (*Accessor) InsertUser 

func (d *Accessor) InsertUser(user *spi.UserInfo) error

InsertUser inserts user into database

func (*Accessor) ModifyAffiliation added in v1.1.0 

func (d *Accessor) ModifyAffiliation(oldAffiliation, newAffiliation string, force, isRegistrar bool) (*spi.DbTxResult, error)

ModifyAffiliation renames the affiliation and updates all identities to use the new affiliation depending on the value of the "force" parameter

func (*Accessor) SetDB 

func (d *Accessor) SetDB(db *dbutil.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser 

func (d *Accessor) UpdateUser(user *spi.UserInfo, updatePass bool) error

UpdateUser updates user in database

type AffiliationRecord added in v1.1.0 

type AffiliationRecord struct {
	ID     int    `db:"id"`
	Name   string `db:"name"`
	Prekey string `db:"prekey"`
	Level  int    `db:"level"`
}

AffiliationRecord defines the properties of an affiliation

type CA 

type CA struct {
	// The home directory for the CA
	HomeDir string
	// The CA's configuration
	Config *CAConfig
	// The file path of the config file
	ConfigFilePath string
	// contains filtered or unexported fields
}

CA represents a certificate authority which signs, issues and revokes certificates

func (*CA) CertDBAccessor 

func (ca *CA) CertDBAccessor() *CertDBAccessor

CertDBAccessor returns the certificate DB accessor for CA

func (*CA) DBAccessor 

func (ca *CA) DBAccessor() spi.UserRegistry

DBAccessor returns the registry DB accessor for server

func (*CA) GetDB added in v1.2.0 

func (ca *CA) GetDB() *dbutil.DB

GetDB returns pointer to database

func (*CA) VerifyCertificate 

func (ca *CA) VerifyCertificate(cert *x509.Certificate) error

VerifyCertificate verifies that 'cert' was issued by this CA Return nil if successful; otherwise, return an error.

type CAConfig 

type CAConfig struct {
	Version      string `skip:"true"`
	Cfg          CfgOptions
	CA           CAInfo
	Signing      *config.Signing
	CSR          api.CSRInfo
	Registry     CAConfigRegistry
	Affiliations map[string]interface{}
	LDAP         ldap.Config
	DB           CAConfigDB
	CSP          *factory.FactoryOpts `mapstructure:"bccsp"`
	// Optional client config for an intermediate server which acts as a client
	// of the root (or parent) server
	Client       *ClientConfig
	Intermediate IntermediateCA
	CRL          CRLConfig
	Idemix       idemix.Config `skip:"true"`
}

CAConfig is the CA instance's config The tags are recognized by the RegisterFlags function in fabric-ca/util/flag.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.

type CAConfigDB 

type CAConfigDB struct {
	Type       string `def:"sqlite3" help:"Type of database; one of: sqlite3, postgres, mysql"`
	Datasource string `def:"fabric-ca-server.db" help:"Data source which is database specific"`
	TLS        tls.ClientTLSConfig
}

CAConfigDB is the database part of the server's config

func (CAConfigDB) String added in v1.0.3 

func (c CAConfigDB) String() string

Implements Stringer interface for CAConfigDB Calls util.StructToString to convert the CAConfigDB struct to string and masks the password from the database URL. Returns resulting string.

type CAConfigIdentity 

type CAConfigIdentity struct {
	Name           string `mask:"username"`
	Pass           string `mask:"password"`
	Type           string
	Affiliation    string
	MaxEnrollments int
	Attrs          map[string]string
}

CAConfigIdentity is identity information in the server's config

func (CAConfigIdentity) String 

func (cc CAConfigIdentity) String() string

type CAConfigRegistry 

type CAConfigRegistry struct {
	MaxEnrollments int `def:"-1" help:"Maximum number of enrollments; valid if LDAP not enabled"`
	Identities     []CAConfigIdentity
}

CAConfigRegistry is the registry part of the server's config

type CAInfo 

type CAInfo struct {
	Name      string `opt:"n" help:"Certificate Authority name"`
	Keyfile   string `help:"PEM-encoded CA key file"`
	Certfile  string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"`
	Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"`
}

CAInfo is the CA information on a fabric-ca-server

type CRLConfig added in v1.1.0 

type CRLConfig struct {
	// Specifies expiration for the CRL generated by the gencrl request
	// The number of hours specified by this property is added to the UTC time, resulting time
	// is used to set the 'Next Update' date of the CRL
	Expiry time.Duration `def:"24h" help:"Expiration for the CRL generated by the gencrl request"`
}

CRLConfig contains configuration options used by the gencrl request handler

type CertDBAccessor 

type CertDBAccessor struct {
	// contains filtered or unexported fields
}

CertDBAccessor implements certdb.Accessor interface.

func NewCertDBAccessor 

func NewCertDBAccessor(db *dbutil.DB, level int) *CertDBAccessor

NewCertDBAccessor returns a new Accessor.

func (*CertDBAccessor) GetCertificate 

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificateWithID 

func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)

GetCertificateWithID gets a CertificateRecord indexed by serial and returns user too.

func (*CertDBAccessor) GetCertificates added in v1.2.0 

func (d *CertDBAccessor) GetCertificates(req server.CertificateRequest, callersAffiliation string) (*sqlx.Rows, error)

GetCertificates returns based on filter parameters certificates

func (*CertDBAccessor) GetCertificatesByID 

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertificateRecord indexed by id.

func (*CertDBAccessor) GetOCSP 

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificates added in v1.0.1 

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificates returns revoked and unexpired certificates

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel added in v1.0.1 

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificatesByLabel returns revoked and unexpired certificates matching the label

func (*CertDBAccessor) GetRevokedCertificates added in v1.1.0 

func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)

GetRevokedCertificates returns revoked certificates

func (*CertDBAccessor) GetUnexpiredCertificates 

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs 

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate 

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP 

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate 

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID 

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked.

func (*CertDBAccessor) SetDB 

func (d *CertDBAccessor) SetDB(db *dbutil.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*CertDBAccessor) UpdateOCSP 

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP 

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord 

type CertRecord struct {
	ID    string `db:"id"`
	Level int    `db:"level"`
	certdb.CertificateRecord
}

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type CertificateDecoder added in v1.2.0 

type CertificateDecoder struct {
	// contains filtered or unexported fields
}

CertificateDecoder is needed to keep track of state, to see how many certificates have been returned for each enrollment ID.

func NewCertificateDecoder added in v1.2.0 

func NewCertificateDecoder(storePath string) *CertificateDecoder

NewCertificateDecoder returns decoder for certificates

func (*CertificateDecoder) CertificateDecoder added in v1.2.0 

func (cd *CertificateDecoder) CertificateDecoder(decoder *json.Decoder) error

CertificateDecoder decodes streams of data coming from the server

func (*CertificateDecoder) StoreCert added in v1.2.0 

func (cd *CertificateDecoder) StoreCert(enrollmentID, storePath string, cert []byte) error

StoreCert stores the certificate on the file system

type CertificateStatus added in v1.1.0 

type CertificateStatus string

CertificateStatus represents status of an enrollment certificate 

const (
	// Revoked is the status of a revoked certificate
	Revoked CertificateStatus = "revoked"
	// Good is the status of a active certificate
	Good = "good"
)

type CfgOptions added in v1.2.0 

type CfgOptions struct {
	Identities   identitiesOptions
	Affiliations affiliationsOptions
}

CfgOptions is a CA configuration that allows for setting different options

type Client 

type Client struct {
	// The client's home directory
	HomeDir string `json:"homeDir,omitempty"`
	// The client's configuration
	Config *ClientConfig
	// contains filtered or unexported fields
}

Client is the fabric-ca client object

func (*Client) CheckEnrollment 

func (c *Client) CheckEnrollment() error

CheckEnrollment returns an error if this client is not enrolled

func (*Client) Enroll 

func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)

Enroll enrolls a new identity @param req The enrollment request

func (*Client) GenCSR 

func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, bccsp.Key, error)

GenCSR generates a CSR (Certificate Signing Request)

func (*Client) GetCAInfo 

func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetCAInfoResponse, error)

GetCAInfo returns generic CA information

func (*Client) GetCSP added in v1.2.0 

func (c *Client) GetCSP() bccsp.BCCSP

GetCSP returns BCCSP instance associated with this client

func (*Client) GetCertFilePath 

func (c *Client) GetCertFilePath() string

GetCertFilePath returns the path to the certificate file for this client

func (*Client) GetIssuerPubKey added in v1.2.0 

func (c *Client) GetIssuerPubKey() (*idemix.IssuerPublicKey, error)

GetIssuerPubKey returns issuer public key associated with this client

func (*Client) Init 

func (c *Client) Init() error

Init initializes the client

func (*Client) LoadCSRInfo 

func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error)

LoadCSRInfo reads CSR (Certificate Signing Request) from a file @parameter path The path to the file contains CSR info in JSON format

func (*Client) LoadIdentity 

func (c *Client) LoadIdentity(keyFile, certFile, idemixCredFile string) (*Identity, error)

LoadIdentity loads an identity from disk

func (*Client) LoadMyIdentity 

func (c *Client) LoadMyIdentity() (*Identity, error)

LoadMyIdentity loads the client's identity from disk

func (*Client) NewIdentity 

func (c *Client) NewIdentity(creds []credential.Credential) (*Identity, error)

NewIdentity creates a new identity

func (*Client) NewX509Identity added in v1.2.0 

func (c *Client) NewX509Identity(name string, creds []credential.Credential) x509cred.Identity

NewX509Identity creates a new identity

func (*Client) SendReq 

func (c *Client) SendReq(req *http.Request, result interface{}) (err error)

SendReq sends a request to the fabric-ca-server and fills in the result

func (*Client) StreamResponse added in v1.1.0 

func (c *Client) StreamResponse(req *http.Request, stream string, cb func(*json.Decoder) error) (err error)

StreamResponse reads the response as it comes back from the server

type ClientConfig 

type ClientConfig struct {
	URL        string `def:"http://localhost:7054" opt:"u" help:"URL of fabric-ca-server"`
	MSPDir     string `def:"msp" opt:"M" help:"Membership Service Provider directory"`
	TLS        tls.ClientTLSConfig
	Enrollment api.EnrollmentRequest
	CSR        api.CSRInfo
	ID         api.RegistrationRequest
	Revoke     api.RevocationRequest
	CAInfo     api.GetCAInfoRequest
	CAName     string               `help:"Name of CA"`
	CSP        *factory.FactoryOpts `mapstructure:"bccsp"`
}

ClientConfig is the fabric-ca client's config

func (*ClientConfig) Enroll 

func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)

Enroll a client given the server's URL and the client's home directory. The URL may be of the form: http://user:pass@host:port where user and pass are the enrollment ID and secret, respectively.

func (*ClientConfig) GenCSR added in v1.1.0 

func (c *ClientConfig) GenCSR(home string) error

GenCSR generates a certificate signing request and writes the CSR to a file.

type DBUser 

type DBUser struct {
	spi.UserInfo
	// contains filtered or unexported fields
}

DBUser is the databases representation of a user

func (*DBUser) GetAffiliationPath 

func (u *DBUser) GetAffiliationPath() []string

GetAffiliationPath returns the complete path for the user's affiliation.

func (*DBUser) GetAttribute 

func (u *DBUser) GetAttribute(name string) (*api.Attribute, error)

GetAttribute returns the value for an attribute name

func (*DBUser) GetAttributes added in v1.1.0 

func (u *DBUser) GetAttributes(attrNames []string) ([]api.Attribute, error)

GetAttributes returns the requested attributes. Return all the user's attributes if nil is passed in

func (*DBUser) GetLevel added in v1.1.0 

func (u *DBUser) GetLevel() int

GetLevel returns the level of the user

func (*DBUser) GetMaxEnrollments added in v1.1.0 

func (u *DBUser) GetMaxEnrollments() int

GetMaxEnrollments returns the max enrollments of the user

func (*DBUser) GetName 

func (u *DBUser) GetName() string

GetName returns the enrollment ID of the user

func (*DBUser) GetType added in v1.1.0 

func (u *DBUser) GetType() string

GetType returns the type of the user

func (*DBUser) Login 

func (u *DBUser) Login(pass string, caMaxEnrollments int) error

Login the user with a password

func (*DBUser) LoginComplete added in v1.1.0 

func (u *DBUser) LoginComplete() error

LoginComplete completes the login process by incrementing the state of the user

func (*DBUser) ModifyAttributes added in v1.1.0 

func (u *DBUser) ModifyAttributes(newAttrs []api.Attribute) error

ModifyAttributes adds a new attribute, modifies existing attribute, or delete attribute

func (*DBUser) Revoke added in v1.1.0 

func (u *DBUser) Revoke() error

Revoke will revoke the user, setting the state of the user to be -1

func (*DBUser) SetLevel added in v1.1.0 

func (u *DBUser) SetLevel(level int) error

SetLevel sets the level of the user

type DN 

type DN struct {
	// contains filtered or unexported fields
}

DN is the distinguished name inside a certificate

type EnrollmentResponse 

type EnrollmentResponse struct {
	Identity *Identity
	CAInfo   GetCAInfoResponse
}

EnrollmentResponse is the response from Client.Enroll and Identity.Reenroll

type GetCAInfoResponse added in v1.2.0 

type GetCAInfoResponse struct {
	// CAName is the name of the CA
	CAName string
	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
	// The 1st element of the chain is the root CA cert
	CAChain []byte
	// Idemix issuer public key of the CA
	IssuerPublicKey []byte
	// Idemix issuer revocation public key of the CA
	IssuerRevocationPublicKey []byte
	// Version of the server
	Version string
}

GetCAInfoResponse is the response from the GetCAInfo call

type Identity 

type Identity struct {
	// contains filtered or unexported fields
}

Identity is fabric-ca's implementation of an identity

func NewIdentity added in v1.2.0 

func NewIdentity(client *Client, name string, creds []credential.Credential) *Identity

NewIdentity is the constructor for identity

func (*Identity) AddAffiliation added in v1.1.0 

func (i *Identity) AddAffiliation(req *api.AddAffiliationRequest) (*api.AffiliationResponse, error)

AddAffiliation adds a new affiliation to the server

func (*Identity) AddIdentity added in v1.1.0 

func (i *Identity) AddIdentity(req *api.AddIdentityRequest) (*api.IdentityResponse, error)

AddIdentity adds a new identity to the server

func (*Identity) Delete added in v1.1.0 

func (i *Identity) Delete(endpoint string, result interface{}, queryParam map[string]string) error

Delete sends a delete request to an endpoint

func (*Identity) GenCRL added in v1.1.0 

func (i *Identity) GenCRL(req *api.GenCRLRequest) (*api.GenCRLResponse, error)

GenCRL generates CRL

func (*Identity) Get added in v1.1.0 

func (i *Identity) Get(endpoint, caname string, result interface{}) error

Get sends a get request to an endpoint

func (*Identity) GetAffiliation added in v1.1.0 

func (i *Identity) GetAffiliation(affiliation, caname string) (*api.AffiliationResponse, error)

GetAffiliation returns information about the requested affiliation

func (*Identity) GetAllAffiliations added in v1.1.0 

func (i *Identity) GetAllAffiliations(caname string) (*api.AffiliationResponse, error)

GetAllAffiliations returns all affiliations that the caller is authorized to see

func (*Identity) GetAllIdentities added in v1.1.0 

func (i *Identity) GetAllIdentities(caname string, cb func(*json.Decoder) error) error

GetAllIdentities returns all identities that the caller is authorized to see

func (*Identity) GetCRI added in v1.2.0 

func (i *Identity) GetCRI(req *api.GetCRIRequest) (*api.GetCRIResponse, error)

GetCRI gets Idemix credential revocation information (CRI)

func (*Identity) GetCertificates added in v1.2.0 

func (i *Identity) GetCertificates(req *api.GetCertificatesRequest, cb func(*json.Decoder) error) error

GetCertificates returns all certificates that the caller is authorized to see

func (*Identity) GetClient 

func (i *Identity) GetClient() *Client

GetClient returns the client associated with this identity

func (*Identity) GetECert 

func (i *Identity) GetECert() *x509.Signer

GetECert returns the enrollment certificate signer for this identity Returns nil if the identity does not have a X509 credential

func (*Identity) GetIdemixCredential added in v1.2.0 

func (i *Identity) GetIdemixCredential() credential.Credential

GetIdemixCredential returns Idemix credential of this identity

func (*Identity) GetIdentity added in v1.1.0 

func (i *Identity) GetIdentity(id, caname string) (*api.GetIDResponse, error)

GetIdentity returns information about the requested identity

func (*Identity) GetName 

func (i *Identity) GetName() string

GetName returns the identity name

func (*Identity) GetStreamResponse added in v1.1.0 

func (i *Identity) GetStreamResponse(endpoint string, queryParam map[string]string, stream string, cb func(*json.Decoder) error) error

GetStreamResponse sends a request to an endpoint and streams the response

func (*Identity) GetTCertBatch 

func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*x509.Signer, error)

GetTCertBatch returns a batch of TCerts for this identity

func (*Identity) GetX509Credential added in v1.2.0 

func (i *Identity) GetX509Credential() credential.Credential

GetX509Credential returns X509 credential of this identity

func (*Identity) ModifyAffiliation added in v1.1.0 

func (i *Identity) ModifyAffiliation(req *api.ModifyAffiliationRequest) (*api.AffiliationResponse, error)

ModifyAffiliation renames an existing affiliation on the server

func (*Identity) ModifyIdentity added in v1.1.0 

func (i *Identity) ModifyIdentity(req *api.ModifyIdentityRequest) (*api.IdentityResponse, error)

ModifyIdentity modifies an existing identity on the server

func (*Identity) Post 

func (i *Identity) Post(endpoint string, reqBody []byte, result interface{}, queryParam map[string]string) error

Post sends arbitrary request body (reqBody) to an endpoint. This adds an authorization header which contains the signature of this identity over the body and non-signature part of the authorization header. The return value is the body of the response.

func (*Identity) Put added in v1.1.0 

func (i *Identity) Put(endpoint string, reqBody []byte, queryParam map[string]string, result interface{}) error

Put sends a put request to an endpoint

func (*Identity) Reenroll 

func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*EnrollmentResponse, error)

Reenroll reenrolls an existing Identity and returns a new Identity @param req The reenrollment request

func (*Identity) Register 

func (i *Identity) Register(req *api.RegistrationRequest) (rr *api.RegistrationResponse, err error)

Register registers a new identity @param req The registration request

func (*Identity) RegisterAndEnroll 

func (i *Identity) RegisterAndEnroll(req *api.RegistrationRequest) (*Identity, error)

RegisterAndEnroll registers and enrolls an identity and returns the identity

func (*Identity) RemoveAffiliation added in v1.1.0 

func (i *Identity) RemoveAffiliation(req *api.RemoveAffiliationRequest) (*api.AffiliationResponse, error)

RemoveAffiliation removes an existing affiliation from the server

func (*Identity) RemoveIdentity added in v1.1.0 

func (i *Identity) RemoveIdentity(req *api.RemoveIdentityRequest) (*api.IdentityResponse, error)

RemoveIdentity removes a new identity from the server

func (*Identity) Revoke 

func (i *Identity) Revoke(req *api.RevocationRequest) (*api.RevocationResponse, error)

Revoke the identity associated with 'id'

func (*Identity) RevokeSelf 

func (i *Identity) RevokeSelf() (*api.RevocationResponse, error)

RevokeSelf revokes the current identity and all certificates

func (*Identity) Store 

func (i *Identity) Store() error

Store writes my identity info to disk

type IntermediateCA 

type IntermediateCA struct {
	ParentServer ParentServer
	TLS          tls.ClientTLSConfig
	Enrollment   api.EnrollmentRequest
}

IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermetiate CA

type ParentServer 

type ParentServer struct {
	URL    string `opt:"u" help:"URL of the parent fabric-ca-server (e.g. http://<username>:<password>@<address>:<port)" mask:"url"`
	CAName string `help:"Name of the CA to connect to on fabric-ca-server"`
}

ParentServer contains URL for the parent server and the name of CA inside the server to connect to

func (ParentServer) String added in v1.1.0 

func (parent ParentServer) String() string

type Server 

type Server struct {
	// The home directory for the server
	HomeDir string
	// BlockingStart if true makes the Start function blocking;
	// It is non-blocking by default.
	BlockingStart bool
	// The server's configuration
	Config *ServerConfig

	// Server's default CA
	CA
	// contains filtered or unexported fields
}

Server is the fabric-ca server

func TestGetIntermediateServer 

func TestGetIntermediateServer(idx int, t *testing.T) *Server

TestGetIntermediateServer creates a server with intermediate server configuration

func TestGetRootServer 

func TestGetRootServer(t *testing.T) *Server

TestGetRootServer creates a server with root configuration

func TestGetServer 

func TestGetServer(port int, home, parentURL string, maxEnroll int, t *testing.T) *Server

TestGetServer creates and returns a pointer to a server struct

func TestGetServer2 added in v1.0.5 

func TestGetServer2(deleteHome bool, port int, home, parentURL string, maxEnroll int, t *testing.T) *Server

TestGetServer2 creates and returns a pointer to a server struct, with an option of whether or not to remove the home directory first

func (*Server) GetCA added in v1.1.0 

func (s *Server) GetCA(name string) (*CA, error)

GetCA returns the CA given its name

func (*Server) Init 

func (s *Server) Init(renew bool) (err error)

Init initializes a fabric-ca server

func (*Server) RegisterBootstrapUser 

func (s *Server) RegisterBootstrapUser(user, pass, affiliation string) error

RegisterBootstrapUser registers the bootstrap user with appropriate privileges

func (*Server) Start 

func (s *Server) Start() (err error)

Start the fabric-ca server

func (*Server) Stop 

func (s *Server) Stop() error

Stop the server WARNING: This forcefully closes the listening socket and may cause requests in transit to fail, and so is only used for testing. A graceful shutdown will be supported with golang 1.8.

type ServerConfig 

type ServerConfig struct {
	// Listening port for the server
	Port int `def:"7054" opt:"p" help:"Listening port of fabric-ca-server"`
	// Bind address for the server
	Address string `def:"0.0.0.0" help:"Listening address of fabric-ca-server"`
	// Enables debug logging
	Debug bool `def:"false" opt:"d" help:"Enable debug level logging"`
	// TLS for the server's listening endpoint
	TLS tls.ServerTLSConfig
	// Optional client config for an intermediate server which acts as a client
	// of the root (or parent) server
	Client *ClientConfig
	// CACfg is the default CA's config
	CAcfg CAConfig `skip:"true"`
	// The names of the CA configuration files
	// This is empty unless there are non-default CAs served by this server
	CAfiles []string `help:"A list of comma-separated CA configuration files"`
	// The number of non-default CAs, which is useful for a dev environment to
	// quickly start any number of CAs in a single server
	CAcount int `def:"0" help:"Number of non-default CA instances"`
	// Size limit of an acceptable CRL in bytes
	CRLSizeLimit int `def:"512000" help:"Size limit of an acceptable CRL in bytes"`
}

ServerConfig is the fabric-ca server's config The tags are recognized by the RegisterFlags function in fabric-ca/util/flag.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.

type ServerInfoResponseNet added in v1.2.0 

type ServerInfoResponseNet struct {
	// CAName is a unique name associated with fabric-ca-server's CA
	CAName string
	// Base64 encoding of PEM-encoded certificate chain
	CAChain string
	// Base64 encoding of idemix issuer public key
	IssuerPublicKey string
	// Version of the server
	Version string
}

ServerInfoResponseNet is the response to the GET /cainfo request

type ServerRequestContext added in v1.2.0 

type ServerRequestContext interface {
	BasicAuthentication() (string, error)
	TokenAuthentication() (string, error)
	GetCaller() (spi.User, error)
	HasRole(role string) error
	ChunksToDeliver(string) (int, error)
	GetReq() *http.Request
	GetQueryParm(name string) string
	GetBoolQueryParm(name string) (bool, error)
	GetResp() http.ResponseWriter
	GetCertificates(server.CertificateRequest, string) (*sqlx.Rows, error)
}

ServerRequestContext defines the functionality of a server request context object

type UserRecord 

type UserRecord struct {
	Name           string `db:"id"`
	Pass           []byte `db:"token"`
	Type           string `db:"type"`
	Affiliation    string `db:"affiliation"`
	Attributes     string `db:"attributes"`
	State          int    `db:"state"`
	MaxEnrollments int    `db:"max_enrollments"`
	Level          int    `db:"level"`
}

UserRecord defines the properties of a user

Source Files

View all Source files

Directories

Path Synopsis
client
credential
credential/idemix
credential/x509
credential/x509/mocks
mocks
Code generated by mockery v1.0.0.
 Code generated by mockery v1.0.0.
idemix
idemix/mocks
mocks
Code generated by mockery v1.0.0.
 Code generated by mockery v1.0.0.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.