lib

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2017 License: Apache-2.0 Imports: 55 Imported by: 78

Documentation

Index

Constants

View Source 
const (
	// DefaultServerPort is the default listening port for the fabric-ca server
	DefaultServerPort = 7054

	// DefaultServerAddr is the default listening address for the fabric-ca server
	DefaultServerAddr = "0.0.0.0"
)

Variables

This section is empty.

Functions

func BytesToX509Cert 

func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)

BytesToX509Cert converts bytes (PEM or DER) to an X509 certificate

func GetAttrValue 

func GetAttrValue(attrs []api.Attribute, name string) string

GetAttrValue searches 'attrs' for the attribute with name 'name' and returns its value, or "" if not found.

func GetCertID 

func GetCertID(bytes []byte) (string, string, error)

GetCertID returns both the serial number and AKI (Authority Key ID) for the certificate

func LoadPEMCertPool 

func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)

LoadPEMCertPool loads a pool of PEM certificates from list of files

func NormalizeURL 

func NormalizeURL(addr string) (*url.URL, error)

NormalizeURL normalizes a URL (from cfssl)

func UnmarshalConfig 

func UnmarshalConfig(config interface{}, vp *viper.Viper, configFile string, server, viperIssue327WorkAround bool) error

UnmarshalConfig will use the viperunmarshal workaround to unmarshal a configuration file into a struct

Types

type Accessor 

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements db.Accessor interface.

func NewDBAccessor 

func NewDBAccessor() *Accessor

NewDBAccessor is a constructor for the database API

func (*Accessor) DeleteAffiliation 

func (d *Accessor) DeleteAffiliation(name string) error

DeleteAffiliation deletes affiliation from database

func (*Accessor) DeleteUser 

func (d *Accessor) DeleteUser(id string) error

DeleteUser deletes user from database

func (*Accessor) GetAffiliation 

func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error)

GetAffiliation gets affiliation from database

func (*Accessor) GetUser 

func (d *Accessor) GetUser(id string, attrs []string) (spi.User, error)

GetUser gets user from database

func (*Accessor) GetUserInfo 

func (d *Accessor) GetUserInfo(id string) (spi.UserInfo, error)

GetUserInfo gets user information from database

func (*Accessor) InsertAffiliation 

func (d *Accessor) InsertAffiliation(name string, prekey string) error

InsertAffiliation inserts affiliation into database

func (*Accessor) InsertUser 

func (d *Accessor) InsertUser(user spi.UserInfo) error

InsertUser inserts user into database

func (*Accessor) SetDB 

func (d *Accessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser 

func (d *Accessor) UpdateUser(user spi.UserInfo) error

UpdateUser updates user in database

type CA 

type CA struct {
	// The home directory for the CA
	HomeDir string
	// The CA's configuration
	Config *CAConfig
	// The file path of the config file
	ConfigFilePath string
	// contains filtered or unexported fields
}

CA represents a certificate authority which signs, issues and revokes certificates

func NewCA 

func NewCA(caFile string, config *CAConfig, server *Server, renew bool) (*CA, error)

NewCA creates a new CA with the specified home directory, parent server URL, and config

func (*CA) CertDBAccessor 

func (ca *CA) CertDBAccessor() *CertDBAccessor

CertDBAccessor returns the certificate DB accessor for CA

func (*CA) DBAccessor 

func (ca *CA) DBAccessor() spi.UserRegistry

DBAccessor returns the registry DB accessor for server

func (*CA) VerifyCertificate 

func (ca *CA) VerifyCertificate(cert *x509.Certificate) error

VerifyCertificate verifies that 'cert' was issued by this CA Return nil if successful; otherwise, return an error.

type CAConfig 

type CAConfig struct {
	CA           CAInfo
	Signing      *config.Signing
	CSR          api.CSRInfo
	Registry     CAConfigRegistry
	Affiliations map[string]interface{}
	LDAP         ldap.Config
	DB           CAConfigDB
	CSP          *factory.FactoryOpts `mapstructure:"bccsp"`
	// Optional client config for an intermediate server which acts as a client
	// of the root (or parent) server
	Client       *ClientConfig
	Intermediate IntermediateCA
}

CAConfig is the CA instance's config The tags are recognized by the RegisterFlags function in fabric-ca/lib/util.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.

type CAConfigDB 

type CAConfigDB struct {
	Type       string `def:"sqlite3" help:"Type of database; one of: sqlite3, postgres, mysql"`
	Datasource string `def:"fabric-ca-server.db" help:"Data source which is database specific"`
	TLS        tls.ClientTLSConfig
}

CAConfigDB is the database part of the server's config

type CAConfigIdentity 

type CAConfigIdentity struct {
	Name           string
	Pass           string `secret:"password"`
	Type           string
	Affiliation    string
	MaxEnrollments int
	Attrs          map[string]string
}

CAConfigIdentity is identity information in the server's config

func (CAConfigIdentity) String 

func (cc CAConfigIdentity) String() string

type CAConfigRegistry 

type CAConfigRegistry struct {
	MaxEnrollments int `def:"-1" help:"Maximum number of enrollments; valid if LDAP not enabled"`
	Identities     []CAConfigIdentity
}

CAConfigRegistry is the registry part of the server's config

type CAInfo 

type CAInfo struct {
	Name      string `opt:"n" help:"Certificate Authority name"`
	Keyfile   string `def:"ca-key.pem" help:"PEM-encoded CA key file"`
	Certfile  string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"`
	Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"`
}

CAInfo is the CA information on a fabric-ca-server

type CertDBAccessor 

type CertDBAccessor struct {
	// contains filtered or unexported fields
}

CertDBAccessor implements certdb.Accessor interface.

func NewCertDBAccessor 

func NewCertDBAccessor(db *sqlx.DB) *CertDBAccessor

NewCertDBAccessor returns a new Accessor.

func (*CertDBAccessor) GetCertificate 

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificateWithID 

func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)

GetCertificateWithID gets a CertificateRecord indexed by serial and returns user too.

func (*CertDBAccessor) GetCertificatesByID 

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertificateRecord indexed by id.

func (*CertDBAccessor) GetOCSP 

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificates added in v1.0.1 

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificates returns all revoked and unexpired certificates

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel added in v1.0.1 

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificatesByLabel returns revoked and unexpired certificates matching the label

func (*CertDBAccessor) GetUnexpiredCertificates 

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs 

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate 

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP 

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate 

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID 

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked.

func (*CertDBAccessor) SetDB 

func (d *CertDBAccessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*CertDBAccessor) UpdateOCSP 

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP 

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord 

type CertRecord struct {
	ID string `db:"id"`
	certdb.CertificateRecord
}

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type Client 

type Client struct {
	// The client's home directory
	HomeDir string `json:"homeDir,omitempty"`
	// The client's configuration
	Config *ClientConfig
	// contains filtered or unexported fields
}

Client is the fabric-ca client object

func (*Client) CheckEnrollment 

func (c *Client) CheckEnrollment() error

CheckEnrollment returns an error if this client is not enrolled

func (*Client) Enroll 

func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)

Enroll enrolls a new identity @param req The enrollment request

func (*Client) GenCSR 

func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, bccsp.Key, error)

GenCSR generates a CSR (Certificate Signing Request)

func (*Client) GetCAInfo 

func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetServerInfoResponse, error)

GetCAInfo returns generic CA information

func (*Client) GetCertFilePath 

func (c *Client) GetCertFilePath() string

GetCertFilePath returns the path to the certificate file for this client

func (*Client) Init 

func (c *Client) Init() error

Init initializes the client

func (*Client) LoadCSRInfo 

func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error)

LoadCSRInfo reads CSR (Certificate Signing Request) from a file @parameter path The path to the file contains CSR info in JSON format

func (*Client) LoadIdentity 

func (c *Client) LoadIdentity(keyFile, certFile string) (*Identity, error)

LoadIdentity loads an identity from disk

func (*Client) LoadMyIdentity 

func (c *Client) LoadMyIdentity() (*Identity, error)

LoadMyIdentity loads the client's identity from disk

func (*Client) NewIdentity 

func (c *Client) NewIdentity(key bccsp.Key, cert []byte) (*Identity, error)

NewIdentity creates a new identity

func (*Client) SendReq 

func (c *Client) SendReq(req *http.Request, result interface{}) (err error)

SendReq sends a request to the fabric-ca-server and fills in the result

func (*Client) StoreMyIdentity 

func (c *Client) StoreMyIdentity(cert []byte) error

StoreMyIdentity stores my identity to disk

type ClientConfig 

type ClientConfig struct {
	Debug      bool   `def:"false" opt:"d" help:"Enable debug level logging"`
	URL        string `def:"http://localhost:7054" opt:"u" help:"URL of fabric-ca-server"`
	MSPDir     string `def:"msp" opt:"M" help:"Membership Service Provider directory"`
	TLS        tls.ClientTLSConfig
	Enrollment api.EnrollmentRequest
	CSR        api.CSRInfo
	ID         api.RegistrationRequest
	Revoke     api.RevocationRequest
	CAInfo     api.GetCAInfoRequest
	CAName     string               `help:"Name of CA"`
	CSP        *factory.FactoryOpts `mapstructure:"bccsp"`
}

ClientConfig is the fabric-ca client's config

func (*ClientConfig) Enroll 

func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)

Enroll a client given the server's URL and the client's home directory. The URL may be of the form: http://user:pass@host:port where user and pass are the enrollment ID and secret, respectively.

type DBUser 

type DBUser struct {
	spi.UserInfo
	// contains filtered or unexported fields
}

DBUser is the databases representation of a user

func (*DBUser) GetAffiliationPath 

func (u *DBUser) GetAffiliationPath() []string

GetAffiliationPath returns the complete path for the user's affiliation.

func (*DBUser) GetAttribute 

func (u *DBUser) GetAttribute(name string) string

GetAttribute returns the value for an attribute name

func (*DBUser) GetName 

func (u *DBUser) GetName() string

GetName returns the enrollment ID of the user

func (*DBUser) Login 

func (u *DBUser) Login(pass string, caMaxEnrollments int) error

Login the user with a password

type DN 

type DN struct {
	// contains filtered or unexported fields
}

DN is the distinguished name inside a certificate

type EnrollmentResponse 

type EnrollmentResponse struct {
	Identity   *Identity
	ServerInfo GetServerInfoResponse
}

EnrollmentResponse is the response from Client.Enroll and Identity.Reenroll

type GetServerInfoResponse 

type GetServerInfoResponse struct {
	// CAName is the name of the CA
	CAName string
	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
	// The 1st element of the chain is the root CA cert
	CAChain []byte
}

GetServerInfoResponse is the response from the GetServerInfo call

type Identity 

type Identity struct {
	CSP bccsp.BCCSP
	// contains filtered or unexported fields
}

Identity is fabric-ca's implementation of an identity

func (*Identity) GetClient 

func (i *Identity) GetClient() *Client

GetClient returns the client associated with this identity

func (*Identity) GetECert 

func (i *Identity) GetECert() *Signer

GetECert returns the enrollment certificate signer for this identity

func (*Identity) GetName 

func (i *Identity) GetName() string

GetName returns the identity name

func (*Identity) GetTCertBatch 

func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*Signer, error)

GetTCertBatch returns a batch of TCerts for this identity

func (*Identity) Post 

func (i *Identity) Post(endpoint string, reqBody []byte, result interface{}) error

Post sends arbtrary request body (reqBody) to an endpoint. This adds an authorization header which contains the signature of this identity over the body and non-signature part of the authorization header. The return value is the body of the response.

func (*Identity) Reenroll 

func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*EnrollmentResponse, error)

Reenroll reenrolls an existing Identity and returns a new Identity @param req The reenrollment request

func (*Identity) Register 

func (i *Identity) Register(req *api.RegistrationRequest) (rr *api.RegistrationResponse, err error)

Register registers a new identity @param req The registration request

func (*Identity) RegisterAndEnroll 

func (i *Identity) RegisterAndEnroll(req *api.RegistrationRequest) (*Identity, error)

RegisterAndEnroll registers and enrolls an identity and returns the identity

func (*Identity) Revoke 

func (i *Identity) Revoke(req *api.RevocationRequest) error

Revoke the identity associated with 'id'

func (*Identity) RevokeSelf 

func (i *Identity) RevokeSelf() error

RevokeSelf revokes the current identity and all certificates

func (*Identity) Store 

func (i *Identity) Store() error

Store writes my identity info to disk

type IntermediateCA 

type IntermediateCA struct {
	ParentServer ParentServer
	TLS          tls.ClientTLSConfig
	Enrollment   api.EnrollmentRequest
}

IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermetiate CA

type ParentServer 

type ParentServer struct {
	URL    string `opt:"u" help:"URL of the parent fabric-ca-server (e.g. http://<username>:<password>@<address>:<port)"`
	CAName string `help:"Name of the CA to connect to on fabric-ca-server"`
}

ParentServer contains URL for the parent server and the name of CA inside the server to connect to

type Server 

type Server struct {
	// The home directory for the server
	HomeDir string
	// BlockingStart if true makes the Start function blocking;
	// It is non-blocking by default.
	BlockingStart bool
	// The server's configuration
	Config *ServerConfig

	// Server's default CA
	CA
	// contains filtered or unexported fields
}

Server is the fabric-ca server

func TestGetIntermediateServer 

func TestGetIntermediateServer(idx int, t *testing.T) *Server

TestGetIntermediateServer creates a server with intermediate server configuration

func TestGetRootServer 

func TestGetRootServer(t *testing.T) *Server

TestGetRootServer creates a server with root configuration

func TestGetServer 

func TestGetServer(port int, home, parentURL string, maxEnroll int, t *testing.T) *Server

TestGetServer creates and returns a pointer to a server struct

func (*Server) Init 

func (s *Server) Init(renew bool) (err error)

Init initializes a fabric-ca server

func (*Server) RegisterBootstrapUser 

func (s *Server) RegisterBootstrapUser(user, pass, affiliation string) error

RegisterBootstrapUser registers the bootstrap user with appropriate privileges

func (*Server) Start 

func (s *Server) Start() (err error)

Start the fabric-ca server

func (*Server) Stop 

func (s *Server) Stop() error

Stop the server WARNING: This forcefully closes the listening socket and may cause requests in transit to fail, and so is only used for testing. A graceful shutdown will be supported with golang 1.8.

type ServerConfig 

type ServerConfig struct {
	// Listening port for the server
	Port int `def:"7054" opt:"p" help:"Listening port of fabric-ca-server"`
	// Bind address for the server
	Address string `def:"0.0.0.0" help:"Listening address of fabric-ca-server"`
	// Enables debug logging
	Debug bool `def:"false" opt:"d" help:"Enable debug level logging"`
	// TLS for the server's listening endpoint
	TLS tls.ServerTLSConfig
	// Optional client config for an intermediate server which acts as a client
	// of the root (or parent) server
	Client *ClientConfig
	// CACfg is the default CA's config
	CAcfg CAConfig `skip:"true"`
	// The names of the CA configuration files
	// This is empty unless there are non-default CAs served by this server
	CAfiles []string `help:"A list of comma-separated CA configuration files"`
	// The number of non-default CAs, which is useful for a dev environment to
	// quickly start any number of CAs in a single server
	CAcount int `def:"0" help:"Number of non-default CA instances"`
	// Size limit of an acceptable CRL in bytes
	CRLSizeLimit int `def:"512000" help:"Size limit of an acceptable CRL in bytes"`
}

ServerConfig is the fabric-ca server's config The tags are recognized by the RegisterFlags function in fabric-ca/lib/util.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer represents a signer Each identity may have multiple signers, currently one ecert and multiple tcerts

func (*Signer) Cert 

func (s *Signer) Cert() []byte

Cert returns the cert bytes of this signer

func (*Signer) Key 

func (s *Signer) Key() bccsp.Key

Key returns the key bytes of this signer

func (*Signer) RevokeSelf 

func (s *Signer) RevokeSelf() error

RevokeSelf revokes only the certificate associated with this signer

type UserRecord 

type UserRecord struct {
	Name           string `db:"id"`
	Pass           []byte `db:"token"`
	Type           string `db:"type"`
	Affiliation    string `db:"affiliation"`
	Attributes     string `db:"attributes"`
	State          int    `db:"state"`
	MaxEnrollments int    `db:"max_enrollments"`
}

UserRecord defines the properties of a user

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.