ca

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 3, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AddAffiliationRequest

type AddAffiliationRequest struct {
	Name string `json:"name"`
}

type Affiliation

type Affiliation struct {
	Name         string        `json:"name"`
	Affiliations []Affiliation `json:"affiliations,omitempty"`
	Identities   []Identity    `json:"identities,omitempty"`
}

type AffiliationOpt

type AffiliationOpt func(values *url.Values) error

func WithForce

func WithForce() AffiliationOpt

type CertificateListOpt

type CertificateListOpt func(values *url.Values) error

func WithEnrollId

func WithEnrollId(enrollId string) CertificateListOpt

type Core

type Core interface {
	// Getting information about CA
	CAInfo(ctx context.Context) (*ResponseCAInfo, error)

	// Common operations over certificates
	Register(ctx context.Context, req RegistrationRequest) (string, error)
	Enroll(ctx context.Context, name, secret string, req *x509.CertificateRequest, opts ...EnrollOpt) (*x509.Certificate, interface{}, error)
	Revoke(ctx context.Context, req RevocationRequest) (*pkix.CertificateList, error)

	// Operations over identities
	IdentityList(ctx context.Context) ([]Identity, error)
	IdentityGet(ctx context.Context, enrollId string) (*Identity, error)

	// Operations over certificates
	CertificateList(ctx context.Context, opts ...CertificateListOpt) ([]*x509.Certificate, error)

	// Operations over affiliations
	// AffiliationList lists all affiliations and identities of identity affiliation
	AffiliationList(ctx context.Context, rootAffiliation ...string) ([]Identity, []Affiliation, error)
	AffiliationCreate(ctx context.Context, name string, opts ...AffiliationOpt) error
	AffiliationDelete(ctx context.Context, name string, opts ...AffiliationOpt) ([]Identity, []Affiliation, error)
}

type EnrollAttribute

type EnrollAttribute struct {
	// Name is the name of the attribute
	Name string `json:"name"`
	// Optional define behaviour when required attribute is not available to user. If `true` then request will continue,
	// but attribute will not be included in ECert. If `false` and attribute is missing, request will fail.
	// If false and attribute is available, request will continue and attribute will be added in ECert
	Optional bool `json:"optional,omitempty"`
}

EnrollAttribute describe attribute that must be included in enrollment request

type EnrollOpt

type EnrollOpt func(opts *EnrollOpts) error

func WithEnrollPrivateKey

func WithEnrollPrivateKey(privateKey interface{}) EnrollOpt

type EnrollOpts

type EnrollOpts struct {
	PrivateKey interface{}
}

type EnrollmentRequest

type EnrollmentRequest struct {
	// EnrollmentId is the unique entity identifies
	EnrollmentId string
	// Secret is the password for this identity
	Secret string
	// Profile define which CA profile to be used for signing. When this profile is empty default profile is used.
	// This is the common situation when issuing and ECert.
	// If request is fo generating TLS certificates then profile must be `tls`
	// If operation is related to parent CA server then profile must be `ca`
	// In FabricCA custom profiles can be created. In this situation use custom profile name.
	Profile string `json:"profile,omitempty"`
	// Label is used for hardware secure modules.
	Label string `json:"label,omitempty"`
	// CAName is the name of the CA that should be used. FabricCa support more than one CA server on same endpoint and
	// these names are used to distinguish between them. If empty default CA instance will be used.
	CAName string `json:"caname,omitempty"`
	// Host is the list of valid host names for this certificate. If empty default hosts will be used
	Hosts []string `json:"hosts"`
	// Attrs are the attributes that must be included in ECert. This is subset of the attributes used in registration.
	Attrs []EnrollAttribute `json:"attr_reqs,omitempty"`
}

EnrollmentRequest holds data needed for getting ECert (enrollment) from CA server

type Identity

type Identity struct {
	Id             string              `json:"id"`
	Type           string              `json:"type"`
	MaxEnrollments int                 `json:"max_enrollments"`
	Name           string              `json:"name"`
	Attrs          []IdentityAttribute `json:"attrs"`
}

type IdentityAttribute

type IdentityAttribute struct {
	Name  string `json:"name"`
	Value string `json:"value"`
	ECert bool   `json:"ecert"`
}

type ReEnrollmentRequest

type ReEnrollmentRequest struct {
	// Profile define which CA profile to be used for signing. When this profile is empty default profile is used.
	// This is the common situation when issuing and ECert.
	// If request is fo generating TLS certificates then profile must be `tls`
	// If operation is related to parent CA server then profile must be `ca`
	// In FabricCA custom profiles can be created. In this situation use custom profile name.
	Profile string `json:"profile,omitempty"`
	// Label is used for hardware secure modules.
	Label string `json:"label,omitempty"`
	// CAName is the name of the CA that should be used. FabricCa support more than one CA server on same endpoint and
	// these names are used to distinguish between them. If empty default CA instance will be used.
	CAName string `json:"caname,omitempty"`
	// Host is the list of valid host names for this certificate. If empty default hosts will be used
	Hosts []string `json:"hosts"`
	// Attrs are the attributes that must be included in ECert. This is subset of the attributes used in registration.
	Attrs []EnrollAttribute `json:"attr_reqs,omitempty"`
}

ReEnrollmentRequest holds data needed for getting new ECert from CA server

type RegisterAttribute

type RegisterAttribute struct {
	// Name is the name of the attribute.
	Name string `json:"name"`
	// Value is the value of the attribute. Can be empty string
	Value string `json:"value"`
	// ECert define how this attribute will be included in ECert. If this value is true this attribute will be
	// added to ECert automatically on Enrollment if no attributes are requested on Enrollment request.
	ECert bool `json:"ecert,omitempty"`
}

RegisterAttribute holds user attribute used for registration for example user may have attr `accountType` with value `premium` this attributes can be accessed in chainCode and build business logic on top of them

type RegistrationRequest

type RegistrationRequest struct {
	// Name is unique name that identifies identity
	Name string `json:"id"`
	// Type defines type of this identity (user,client, auditor etc...)
	Type string `json:"type"`
	// Secret is password that will be used for enrollment. If not provided random password will be generated
	Secret string `json:"secret,omitempty"`
	// MaxEnrollments define maximum number of times that identity can enroll. If not provided or is 0 there is no limit
	MaxEnrollments int `json:"max_enrollments,omitempty"`
	// Affiliation associates identity with particular organisation.
	// for example org1.department1 makes this identity part of organisation `org1` and department `department1`
	// Hierarchical structure can be created using .(dot). For example org1.dep1 will create dep1 as part of org1
	Affiliation string `json:"affiliation"`
	// Attrs are attributes associated with this identity
	Attrs []RegisterAttribute `json:"attrs"`
	// CAName is the name of the CA that should be used. FabricCa support more than one CA server on same endpoint and
	// these names are used to distinguish between them. If empty default CA instance will be used.
	CAName string `json:"caname,omitempty"`
}

RegistrationRequest holds all data needed for new registration of new user in Certificate Authority

type Response

type Response struct {
	Success  bool              `json:"success"`
	Result   json.RawMessage   `json:"result"`
	Errors   []ResponseMessage `json:"errors"`
	Messages []ResponseMessage `json:"messages"`
}

type ResponseAffiliationCreate

type ResponseAffiliationCreate struct {
	Name   string `json:"name"`
	CAName string `json:"caname"`
}

type ResponseAffiliationDelete

type ResponseAffiliationDelete struct {
	ResponseAffiliationList
}

type ResponseAffiliationList

type ResponseAffiliationList struct {
	Name         string        `json:"name"`
	Affiliations []Affiliation `json:"affiliations"`
	Identities   []Identity    `json:"identities"`
	CAName       string        `json:"caname"`
}

type ResponseCAInfo

type ResponseCAInfo struct {
	CAName  string `json:"CAName"`
	CAChain string `json:"CAChain"`
	Version string `json:"Version"`
}

type ResponseCertificateList

type ResponseCertificateList struct {
	CAName string                       `json:"caname"`
	Certs  []ResponseCertificateListPEM `json:"certs"`
}

type ResponseCertificateListPEM

type ResponseCertificateListPEM struct {
	PEM string `json:"PEM"`
}

type ResponseEnrollment

type ResponseEnrollment struct {
	Cert       string         `json:"Cert"`
	ServerInfo ResponseCAInfo `json:"ServerInfo"`
}

type ResponseError

type ResponseError struct {
	Errors   []ResponseMessage
	Messages []ResponseMessage
}

func (ResponseError) Error

func (err ResponseError) Error() string

type ResponseIdentityList

type ResponseIdentityList struct {
	Identities []Identity `json:"identities"`
}

type ResponseMessage

type ResponseMessage struct {
	Code    int    `json:"code"`
	Message string `json:"message"`
}

type ResponseRegistration

type ResponseRegistration struct {
	Secret string `json:"secret"`
}

type ResponseRevoke

type ResponseRevoke struct {
	RevokedCerts []RevokedCert
	CRL          []byte
}

type RevocationRequest

type RevocationRequest struct {
	// Name of the identity whose certificates should be revoked
	// If this field is omitted, then Serial and AKI must be specified.
	Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"`
	// Serial number of the certificate to be revoked
	// If this is omitted, then Name must be specified
	Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"`
	// AKI (Authority Key Identifier) of the certificate to be revoked
	AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"`
	// Reason is the reason for revocation.  See https://godoc.org/golang.org/x/crypto/ocsp for
	// valid values.  The default value is 0 (ocsp.Unspecified).
	Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"`
	// CAName is the name of the CA to connect to
	CAName string `json:"caname,omitempty" skip:"true"`
	// GenCRL specifies whether to generate a CRL
	GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"`
}

RevocationRequest is a revocation request for a single certificate or all certificates associated with an identity. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.

type RevokedCert

type RevokedCert struct {
	Serial string
	AKI    string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL