Documentation ¶
Index ¶
- Constants
- Variables
- func AffiliationDecoder(decoder *json.Decoder) error
- func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)
- func ComputeSKI(template *x509GM.Certificate) ([]byte, error)
- func CopyFile(src, dst string) error
- func FillTemplate(template *x509GM.Certificate, defaultProfile, profile *config.SigningProfile, ...) error
- func FindProfile(policy *config.Signing, profile string) (*config.SigningProfile, error)
- func GenerateECDSATestCert() error
- func GetCertID(bytes []byte) (string, string, error)
- func GetKeyRequest(cfg *CAConfig) *api.BasicKeyRequest
- func IdentityDecoder(decoder *json.Decoder) error
- func IsGMConfig() bool
- func LoadPEMCertPool(certFiles []string) (*sm2.CertPool, error)
- func NormalizeURL(addr string) (*url.URL, error)
- func OverrideHosts(template *x509GM.Certificate, hosts []string)
- func ParseSm2CertificateRequest2X509(sm2req *sm2.CertificateRequest) *x509.CertificateRequest
- func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *x509GM.Certificate
- func PopulateSubjectFromCSR(s *signer.Subject, req pkix.Name) pkix.Name
- func SetProviderName(name string)
- func UnmarshalConfig(config interface{}, vp *viper.Viper, configFile string, server bool) error
- type Accessor
- func (d *Accessor) DeleteAffiliation(name string, force, identityRemoval, isRegistrar bool) (*user.DbTxResult, error)
- func (d *Accessor) DeleteUser(id string) (user.User, error)
- func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error)
- func (d *Accessor) GetAffiliationTree(name string) (*user.DbTxResult, error)
- func (d *Accessor) GetAllAffiliations(name string) (*sqlx.Rows, error)
- func (d *Accessor) GetFilteredUsers(affiliation, types string) (*sqlx.Rows, error)
- func (d *Accessor) GetUser(id string, attrs []string) (user.User, error)
- func (d *Accessor) GetUserLessThanLevel(level int) ([]user.User, error)
- func (d *Accessor) InsertAffiliation(name string, prekey string, level int) error
- func (d *Accessor) InsertUser(user *cadbuser.Info) error
- func (d *Accessor) ModifyAffiliation(oldAffiliation, newAffiliation string, force, isRegistrar bool) (*user.DbTxResult, error)
- func (d *Accessor) SetDB(db db.FabricCADB)
- func (d *Accessor) UpdateUser(user *cadbuser.Info, updatePass bool) error
- type CA
- type CAConfig
- type CAConfigDB
- type CAConfigIdentity
- type CAConfigRegistry
- type CAInfo
- type CORS
- type CRLConfig
- type CertDBAccessor
- func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)
- func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs db.CertRecord, err error)
- func (d *CertDBAccessor) GetCertificates(req cr.CertificateRequest, callersAffiliation string) (*sqlx.Rows, error)
- func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []db.CertRecord, err error)
- func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)
- func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)
- func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)
- func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)
- func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
- func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)
- func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error
- func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error
- func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error
- func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []db.CertRecord, err error)
- func (d *CertDBAccessor) SetDB(db *db.DB)
- func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error
- func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error
- type CertificateDecoder
- type CertificateStatus
- type CfgOptions
- type Client
- func (c *Client) CheckEnrollment() error
- func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)
- func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, bccsp.Key, crypto.Signer, error)
- func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetCAInfoResponse, error)
- func (c *Client) GetCSP() bccsp.BCCSP
- func (c *Client) GetCertFilePath() string
- func (c *Client) GetIssuerPubKey() (*idemix.IssuerPublicKey, error)
- func (c *Client) Init() error
- func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error)
- func (c *Client) LoadIdentity(keyFile, certFile, idemixCredFile string) (*Identity, error)
- func (c *Client) LoadMyIdentity() (*Identity, error)
- func (c *Client) NewIdentity(creds []credential.Credential) (*Identity, error)
- func (c *Client) NewX509Identity(name string, creds []credential.Credential) x509cred.Identity
- func (c *Client) SendReq(req *http.Request, result interface{}) (err error)
- func (c *Client) StreamResponse(req *http.Request, stream string, cb func(*json.Decoder) error) (err error)
- type ClientConfig
- type DN
- type EnrollmentResponse
- type GetCAInfoResponse
- type Identity
- func (i *Identity) AddAffiliation(req *api.AddAffiliationRequest) (*api.AffiliationResponse, error)
- func (i *Identity) AddIdentity(req *api.AddIdentityRequest) (*api.IdentityResponse, error)
- func (i *Identity) Delete(endpoint string, result interface{}, queryParam map[string]string) error
- func (i *Identity) GenCRL(req *api.GenCRLRequest) (*api.GenCRLResponse, error)
- func (i *Identity) Get(endpoint, caname string, result interface{}) error
- func (i *Identity) GetAffiliation(affiliation, caname string) (*api.AffiliationResponse, error)
- func (i *Identity) GetAllAffiliations(caname string) (*api.AffiliationResponse, error)
- func (i *Identity) GetAllIdentities(caname string, cb func(*json.Decoder) error) error
- func (i *Identity) GetCRI(req *api.GetCRIRequest) (*api.GetCRIResponse, error)
- func (i *Identity) GetCertificates(req *api.GetCertificatesRequest, cb func(*json.Decoder) error) error
- func (i *Identity) GetClient() *Client
- func (i *Identity) GetECert() *x509.Signer
- func (i *Identity) GetIdemixCredential() credential.Credential
- func (i *Identity) GetIdentity(id, caname string) (*api.GetIDResponse, error)
- func (i *Identity) GetName() string
- func (i *Identity) GetStreamResponse(endpoint string, queryParam map[string]string, stream string, ...) error
- func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*x509.Signer, error)
- func (i *Identity) GetX509Credential() credential.Credential
- func (i *Identity) ModifyAffiliation(req *api.ModifyAffiliationRequest) (*api.AffiliationResponse, error)
- func (i *Identity) ModifyIdentity(req *api.ModifyIdentityRequest) (*api.IdentityResponse, error)
- func (i *Identity) Post(endpoint string, reqBody []byte, result interface{}, ...) error
- func (i *Identity) Put(endpoint string, reqBody []byte, queryParam map[string]string, ...) error
- func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*EnrollmentResponse, error)
- func (i *Identity) Register(req *api.RegistrationRequest) (rr *api.RegistrationResponse, err error)
- func (i *Identity) RegisterAndEnroll(req *api.RegistrationRequest) (*Identity, error)
- func (i *Identity) RemoveAffiliation(req *api.RemoveAffiliationRequest) (*api.AffiliationResponse, error)
- func (i *Identity) RemoveIdentity(req *api.RemoveIdentityRequest) (*api.IdentityResponse, error)
- func (i *Identity) Revoke(req *api.RevocationRequest) (*api.RevocationResponse, error)
- func (i *Identity) RevokeSelf() (*api.RevocationResponse, error)
- func (i *Identity) Store() error
- type IntermediateCA
- type ParentServer
- type Server
- func TestGetIntermediateServer(idx int, t *testing.T) *Server
- func TestGetRootServer(t *testing.T) *Server
- func TestGetServer(port int, home, parentURL string, maxEnroll int, t *testing.T) *Server
- func TestGetServer2(deleteHome bool, port int, home, parentURL string, maxEnroll int, t *testing.T) *Server
- func (s *Server) GetCA(name string) (*CA, error)
- func (s *Server) HealthCheck(ctx context.Context) error
- func (s *Server) Init(renew bool) (err error)
- func (s *Server) Log(keyvals ...interface{}) error
- func (s *Server) RegisterBootstrapUser(user, pass, affiliation string) error
- func (s *Server) Start() (err error)
- func (s *Server) Stop() error
- type ServerConfig
- type ServerInfoResponseNet
- type ServerRequestContext
Constants ¶
const ( // DefaultServerPort is the default listening port for the fabric-ca server DefaultServerPort = 7054 // DefaultServerAddr is the default listening address for the fabric-ca server DefaultServerAddr = "0.0.0.0" )
const ( // CAChainParentFirstEnvVar is the name of the environment variable that needs to be set // for server to return CA chain in parent-first order CAChainParentFirstEnvVar = "CA_CHAIN_PARENT_FIRST" )
Variables ¶
var ( // CTPoisonOID is the object ID of the critical poison extension for precertificates // https://tools.ietf.org/html/rfc6962#page-9 CTPoisonOID = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3} // SCTListOID is the object ID for the Signed Certificate Timestamp certificate extension // https://tools.ietf.org/html/rfc6962#page-14 SCTListOID = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2} )
var CAPolicy = func() *config.Signing { return &config.Signing{ Default: &config.SigningProfile{ Usage: []string{"cert sign", "crl sign"}, ExpiryString: "43800h", Expiry: 5 * helpers.OneYear, CAConstraint: config.CAConstraint{IsCA: true}, }, } }
CAPolicy contains the CA issuing policy as default policy.
Functions ¶
func AffiliationDecoder ¶
AffiliationDecoder decodes streams of data coming from the server into an Affiliation object
func BytesToX509Cert ¶
func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)
BytesToX509Cert converts bytes (PEM or DER) to an X509 certificate
func ComputeSKI ¶
func ComputeSKI(template *x509GM.Certificate) ([]byte, error)
func FillTemplate ¶
func FillTemplate(template *x509GM.Certificate, defaultProfile, profile *config.SigningProfile, notBefore time.Time, notAfter time.Time) error
func FindProfile ¶
func GenerateECDSATestCert ¶
func GenerateECDSATestCert() error
GenerateECDSATestCert generates EC based certificate for testing purposes
func GetCertID ¶
GetCertID returns both the serial number and AKI (Authority Key ID) for the certificate
func GetKeyRequest ¶
func GetKeyRequest(cfg *CAConfig) *api.BasicKeyRequest
GetKeyRequest constructs and returns api.BasicKeyRequest object based on the bccsp configuration options
func IdentityDecoder ¶
IdentityDecoder decodes streams of data coming from the server into an Identity object
func IsGMConfig ¶
func IsGMConfig() bool
func LoadPEMCertPool ¶
LoadPEMCertPool loads a pool of PEM certificates from list of files
func NormalizeURL ¶
NormalizeURL normalizes a URL (from cfssl)
func OverrideHosts ¶
func OverrideHosts(template *x509GM.Certificate, hosts []string)
add by thoughtwork's matrix
func ParseSm2CertificateRequest2X509 ¶
func ParseSm2CertificateRequest2X509(sm2req *sm2.CertificateRequest) *x509.CertificateRequest
SM2证书请求 转换 X509 证书请求
func ParseX509Certificate2Sm2 ¶
func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *x509GM.Certificate
func PopulateSubjectFromCSR ¶
PopulateSubjectFromCSR has functionality similar to Name, except it fills the fields of the resulting pkix.Name with req's if the subject's corresponding fields are empty
func SetProviderName ¶
func SetProviderName(name string)
Types ¶
type Accessor ¶
type Accessor struct {
// contains filtered or unexported fields
}
Accessor implements db.Accessor interface.
func NewDBAccessor ¶
func NewDBAccessor(cadb db.FabricCADB) *Accessor
NewDBAccessor is a constructor for the database API
func (*Accessor) DeleteAffiliation ¶
func (d *Accessor) DeleteAffiliation(name string, force, identityRemoval, isRegistrar bool) (*user.DbTxResult, error)
DeleteAffiliation deletes affiliation from database. Using the force option with identity removal allowed this will also delete the identities associated with removed affiliations, and also delete the certificates for the identities removed
func (*Accessor) DeleteUser ¶
DeleteUser deletes user from database
func (*Accessor) GetAffiliation ¶
func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error)
GetAffiliation gets affiliation from database
func (*Accessor) GetAffiliationTree ¶
func (d *Accessor) GetAffiliationTree(name string) (*user.DbTxResult, error)
GetAffiliationTree returns the requested affiliation and affiliations below
func (*Accessor) GetAllAffiliations ¶
GetAllAffiliations gets the requested affiliation and any sub affiliations from the database
func (*Accessor) GetFilteredUsers ¶
GetFilteredUsers returns all identities that fall under the affiliation and types
func (*Accessor) GetUserLessThanLevel ¶
GetUserLessThanLevel returns all identities that are less than the level specified Otherwise, returns no users if requested level is zero
func (*Accessor) InsertAffiliation ¶
InsertAffiliation inserts affiliation into database
func (*Accessor) InsertUser ¶
InsertUser inserts user into database
func (*Accessor) ModifyAffiliation ¶
func (d *Accessor) ModifyAffiliation(oldAffiliation, newAffiliation string, force, isRegistrar bool) (*user.DbTxResult, error)
ModifyAffiliation renames the affiliation and updates all identities to use the new affiliation depending on the value of the "force" parameter
func (*Accessor) SetDB ¶
func (d *Accessor) SetDB(db db.FabricCADB)
SetDB changes the underlying sql.DB object Accessor is manipulating.
type CA ¶
type CA struct { // The home directory for the CA HomeDir string // The CA's configuration Config *CAConfig // The file path of the config file ConfigFilePath string // contains filtered or unexported fields }
CA represents a certificate authority which signs, issues and revokes certificates
func (*CA) CertDBAccessor ¶
func (ca *CA) CertDBAccessor() *CertDBAccessor
CertDBAccessor returns the certificate DB accessor for CA
func (*CA) DBAccessor ¶
DBAccessor returns the registry DB accessor for server
func (*CA) GetCertificate ¶
func (ca *CA) GetCertificate(serial, aki string) (*certdb.CertificateRecord, error)
GetCertificate returns a single certificate matching serial and aki, if multiple certificates found for serial and aki an error is returned
func (*CA) VerifyCertificate ¶
func (ca *CA) VerifyCertificate(cert *x509.Certificate) error
VerifyCertificate verifies that 'cert' was issued by this CA Return nil if successful; otherwise, return an error.
type CAConfig ¶
type CAConfig struct { Version string `skip:"true"` Cfg CfgOptions CA CAInfo Signing *config.Signing `skip:"true"` CSR api.CSRInfo Registry CAConfigRegistry Affiliations map[string]interface{} LDAP ldap.Config DB CAConfigDB CSP *factory.FactoryOpts `mapstructure:"bccsp" hide:"true"` // Optional client config for an intermediate server which acts as a client // of the root (or parent) server Client *ClientConfig `skip:"true"` Intermediate IntermediateCA CRL CRLConfig Idemix idemix.Config }
CAConfig is the CA instance's config The tags are recognized by the RegisterFlags function in fabric-ca/util/flag.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.
type CAConfigDB ¶
type CAConfigDB struct { Type string `def:"sqlite3" help:"Type of database; one of: sqlite3, postgres, mysql"` Datasource string `def:"fabric-ca-server.db" help:"Data source which is database specific"` TLS tls.ClientTLSConfig }
CAConfigDB is the database part of the server's config
func (CAConfigDB) String ¶
func (c CAConfigDB) String() string
Implements Stringer interface for CAConfigDB Calls util.StructToString to convert the CAConfigDB struct to string and masks the password from the database URL. Returns resulting string.
type CAConfigIdentity ¶
type CAConfigIdentity struct { Name string `mask:"username"` Pass string `mask:"password"` Type string Affiliation string MaxEnrollments int Attrs map[string]string }
CAConfigIdentity is identity information in the server's config
func (CAConfigIdentity) String ¶
func (cc CAConfigIdentity) String() string
type CAConfigRegistry ¶
type CAConfigRegistry struct { MaxEnrollments int `def:"-1" help:"Maximum number of enrollments; valid if LDAP not enabled"` Identities []CAConfigIdentity }
CAConfigRegistry is the registry part of the server's config
type CAInfo ¶
type CAInfo struct { Name string `opt:"n" help:"Certificate Authority name"` Keyfile string `help:"PEM-encoded CA key file"` Certfile string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"` Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"` }
CAInfo is the CA information on a fabric-ca-server
type CORS ¶
type CORS struct { Enabled bool `help:"Enable CORS for the fabric-ca-server"` Origins []string `help:"Comma-separated list of Access-Control-Allow-Origin domains"` }
CORS defines the Cross-Origin Resource Sharing settings for the server.
type CRLConfig ¶
type CRLConfig struct { // Specifies expiration for the CRL generated by the gencrl request // The number of hours specified by this property is added to the UTC time, resulting time // is used to set the 'Next Update' date of the CRL Expiry time.Duration `def:"24h" help:"Expiration for the CRL generated by the gencrl request"` }
CRLConfig contains configuration options used by the gencrl request handler
type CertDBAccessor ¶
type CertDBAccessor struct {
// contains filtered or unexported fields
}
CertDBAccessor implements certdb.Accessor interface.
func NewCertDBAccessor ¶
func NewCertDBAccessor(db cadb.FabricCADB, level int) *CertDBAccessor
NewCertDBAccessor returns a new Accessor.
func (*CertDBAccessor) GetCertificate ¶
func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)
GetCertificate gets a CertificateRecord indexed by serial.
func (*CertDBAccessor) GetCertificateWithID ¶
func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs db.CertRecord, err error)
GetCertificateWithID gets a CertificateRecord indexed by serial and returns user too.
func (*CertDBAccessor) GetCertificates ¶
func (d *CertDBAccessor) GetCertificates(req cr.CertificateRequest, callersAffiliation string) (*sqlx.Rows, error)
GetCertificates returns based on filter parameters certificates
func (*CertDBAccessor) GetCertificatesByID ¶
func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []db.CertRecord, err error)
GetCertificatesByID gets a CertificateRecord indexed by id.
func (*CertDBAccessor) GetOCSP ¶
func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)
GetOCSP retrieves a certdb.OCSPRecord from db by serial.
func (*CertDBAccessor) GetRevokedAndUnexpiredCertificates ¶
func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)
GetRevokedAndUnexpiredCertificates returns revoked and unexpired certificates
func (*CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel ¶
func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)
GetRevokedAndUnexpiredCertificatesByLabel returns revoked and unexpired certificates matching the label
func (*CertDBAccessor) GetRevokedCertificates ¶
func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)
GetRevokedCertificates returns revoked certificates
func (*CertDBAccessor) GetUnexpiredCertificates ¶
func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
GetUnexpiredCertificates gets all unexpired certificate from db.
func (*CertDBAccessor) GetUnexpiredOCSPs ¶
func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)
GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.
func (*CertDBAccessor) InsertCertificate ¶
func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error
InsertCertificate puts a CertificateRecord into db.
func (*CertDBAccessor) InsertOCSP ¶
func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error
InsertOCSP puts a new certdb.OCSPRecord into the db.
func (*CertDBAccessor) RevokeCertificate ¶
func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error
RevokeCertificate updates a certificate with a given serial number and marks it revoked.
func (*CertDBAccessor) RevokeCertificatesByID ¶
func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []db.CertRecord, err error)
RevokeCertificatesByID updates all certificates for a given ID and marks them revoked.
func (*CertDBAccessor) SetDB ¶
func (d *CertDBAccessor) SetDB(db *db.DB)
SetDB changes the underlying sql.DB object Accessor is manipulating.
func (*CertDBAccessor) UpdateOCSP ¶
func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error
UpdateOCSP updates a ocsp response record with a given serial number.
func (*CertDBAccessor) UpsertOCSP ¶
func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error
UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db
type CertificateDecoder ¶
type CertificateDecoder struct {
// contains filtered or unexported fields
}
CertificateDecoder is needed to keep track of state, to see how many certificates have been returned for each enrollment ID.
func NewCertificateDecoder ¶
func NewCertificateDecoder(storePath string) *CertificateDecoder
NewCertificateDecoder returns decoder for certificates
func (*CertificateDecoder) CertificateDecoder ¶
func (cd *CertificateDecoder) CertificateDecoder(decoder *json.Decoder) error
CertificateDecoder decodes streams of data coming from the server
type CertificateStatus ¶
type CertificateStatus string
CertificateStatus represents status of an enrollment certificate
const ( // Revoked is the status of a revoked certificate Revoked CertificateStatus = "revoked" // Good is the status of a active certificate Good = "good" )
type CfgOptions ¶
type CfgOptions struct { Identities identitiesOptions Affiliations affiliationsOptions }
CfgOptions is a CA configuration that allows for setting different options
type Client ¶
type Client struct { // The client's home directory HomeDir string `json:"homeDir,omitempty"` // The client's configuration Config *ClientConfig // contains filtered or unexported fields }
Client is the fabric-ca client object
func TestGetClient ¶
TestGetClient returns a Fabric CA client
func TestGetRootClient ¶
func TestGetRootClient() *Client
TestGetRootClient returns a Fabric CA client that is meant for a root Fabric CA server
func (*Client) CheckEnrollment ¶
CheckEnrollment returns an error if this client is not enrolled
func (*Client) Enroll ¶
func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)
Enroll enrolls a new identity @param req The enrollment request
func (*Client) GetCAInfo ¶
func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetCAInfoResponse, error)
GetCAInfo returns generic CA information
func (*Client) GetCertFilePath ¶
GetCertFilePath returns the path to the certificate file for this client
func (*Client) GetIssuerPubKey ¶
func (c *Client) GetIssuerPubKey() (*idemix.IssuerPublicKey, error)
GetIssuerPubKey returns issuer public key associated with this client
func (*Client) LoadCSRInfo ¶
LoadCSRInfo reads CSR (Certificate Signing Request) from a file @parameter path The path to the file contains CSR info in JSON format
func (*Client) LoadIdentity ¶
LoadIdentity loads an identity from disk
func (*Client) LoadMyIdentity ¶
LoadMyIdentity loads the client's identity from disk
func (*Client) NewIdentity ¶
func (c *Client) NewIdentity(creds []credential.Credential) (*Identity, error)
NewIdentity creates a new identity
func (*Client) NewX509Identity ¶
func (c *Client) NewX509Identity(name string, creds []credential.Credential) x509cred.Identity
NewX509Identity creates a new identity
type ClientConfig ¶
type ClientConfig struct { URL string `def:"http://localhost:7054" opt:"u" help:"URL of fabric-ca-server"` MSPDir string `def:"msp" opt:"M" help:"Membership Service Provider directory"` TLS gmtls.ClientTLSConfig Enrollment api.EnrollmentRequest CSR api.CSRInfo ID api.RegistrationRequest Revoke api.RevocationRequest CAInfo api.GetCAInfoRequest CAName string `help:"Name of CA"` CSP *factory.FactoryOpts `mapstructure:"bccsp" hide:"true"` Debug bool `opt:"d" help:"Enable debug level logging" hide:"true"` LogLevel string `help:"Set logging level (info, warning, debug, error, fatal, critical)"` }
ClientConfig is the fabric-ca client's config
func (*ClientConfig) Enroll ¶
func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)
Enroll a client given the server's URL and the client's home directory. The URL may be of the form: http://user:pass@host:port where user and pass are the enrollment ID and secret, respectively.
func (*ClientConfig) GenCSR ¶
func (c *ClientConfig) GenCSR(home string) error
GenCSR generates a certificate signing request and writes the CSR to a file.
type DN ¶
type DN struct {
// contains filtered or unexported fields
}
DN is the distinguished name inside a certificate
type EnrollmentResponse ¶
type EnrollmentResponse struct { Identity *Identity CAInfo GetCAInfoResponse }
EnrollmentResponse is the response from Client.Enroll and Identity.Reenroll
type GetCAInfoResponse ¶
type GetCAInfoResponse struct { // CAName is the name of the CA CAName string // CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain. // The 1st element of the chain is the root CA cert CAChain []byte // Idemix issuer public key of the CA IssuerPublicKey []byte // Idemix issuer revocation public key of the CA IssuerRevocationPublicKey []byte // Version of the server Version string }
GetCAInfoResponse is the response from the GetCAInfo call
type Identity ¶
type Identity struct {
// contains filtered or unexported fields
}
Identity is fabric-ca's implementation of an identity
func NewIdentity ¶
func NewIdentity(client *Client, name string, creds []credential.Credential) *Identity
NewIdentity is the constructor for identity
func (*Identity) AddAffiliation ¶
func (i *Identity) AddAffiliation(req *api.AddAffiliationRequest) (*api.AffiliationResponse, error)
AddAffiliation adds a new affiliation to the server
func (*Identity) AddIdentity ¶
func (i *Identity) AddIdentity(req *api.AddIdentityRequest) (*api.IdentityResponse, error)
AddIdentity adds a new identity to the server
func (*Identity) GenCRL ¶
func (i *Identity) GenCRL(req *api.GenCRLRequest) (*api.GenCRLResponse, error)
GenCRL generates CRL
func (*Identity) GetAffiliation ¶
func (i *Identity) GetAffiliation(affiliation, caname string) (*api.AffiliationResponse, error)
GetAffiliation returns information about the requested affiliation
func (*Identity) GetAllAffiliations ¶
func (i *Identity) GetAllAffiliations(caname string) (*api.AffiliationResponse, error)
GetAllAffiliations returns all affiliations that the caller is authorized to see
func (*Identity) GetAllIdentities ¶
GetAllIdentities returns all identities that the caller is authorized to see
func (*Identity) GetCRI ¶
func (i *Identity) GetCRI(req *api.GetCRIRequest) (*api.GetCRIResponse, error)
GetCRI gets Idemix credential revocation information (CRI)
func (*Identity) GetCertificates ¶
func (i *Identity) GetCertificates(req *api.GetCertificatesRequest, cb func(*json.Decoder) error) error
GetCertificates returns all certificates that the caller is authorized to see
func (*Identity) GetECert ¶
GetECert returns the enrollment certificate signer for this identity Returns nil if the identity does not have a X509 credential
func (*Identity) GetIdemixCredential ¶
func (i *Identity) GetIdemixCredential() credential.Credential
GetIdemixCredential returns Idemix credential of this identity
func (*Identity) GetIdentity ¶
func (i *Identity) GetIdentity(id, caname string) (*api.GetIDResponse, error)
GetIdentity returns information about the requested identity
func (*Identity) GetStreamResponse ¶
func (i *Identity) GetStreamResponse(endpoint string, queryParam map[string]string, stream string, cb func(*json.Decoder) error) error
GetStreamResponse sends a request to an endpoint and streams the response
func (*Identity) GetTCertBatch ¶
GetTCertBatch returns a batch of TCerts for this identity
func (*Identity) GetX509Credential ¶
func (i *Identity) GetX509Credential() credential.Credential
GetX509Credential returns X509 credential of this identity
func (*Identity) ModifyAffiliation ¶
func (i *Identity) ModifyAffiliation(req *api.ModifyAffiliationRequest) (*api.AffiliationResponse, error)
ModifyAffiliation renames an existing affiliation on the server
func (*Identity) ModifyIdentity ¶
func (i *Identity) ModifyIdentity(req *api.ModifyIdentityRequest) (*api.IdentityResponse, error)
ModifyIdentity modifies an existing identity on the server
func (*Identity) Post ¶
func (i *Identity) Post(endpoint string, reqBody []byte, result interface{}, queryParam map[string]string) error
Post sends arbitrary request body (reqBody) to an endpoint. This adds an authorization header which contains the signature of this identity over the body and non-signature part of the authorization header. The return value is the body of the response.
func (*Identity) Put ¶
func (i *Identity) Put(endpoint string, reqBody []byte, queryParam map[string]string, result interface{}) error
Put sends a put request to an endpoint
func (*Identity) Reenroll ¶
func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*EnrollmentResponse, error)
Reenroll reenrolls an existing Identity and returns a new Identity @param req The reenrollment request
func (*Identity) Register ¶
func (i *Identity) Register(req *api.RegistrationRequest) (rr *api.RegistrationResponse, err error)
Register registers a new identity @param req The registration request
func (*Identity) RegisterAndEnroll ¶
func (i *Identity) RegisterAndEnroll(req *api.RegistrationRequest) (*Identity, error)
RegisterAndEnroll registers and enrolls an identity and returns the identity
func (*Identity) RemoveAffiliation ¶
func (i *Identity) RemoveAffiliation(req *api.RemoveAffiliationRequest) (*api.AffiliationResponse, error)
RemoveAffiliation removes an existing affiliation from the server
func (*Identity) RemoveIdentity ¶
func (i *Identity) RemoveIdentity(req *api.RemoveIdentityRequest) (*api.IdentityResponse, error)
RemoveIdentity removes a new identity from the server
func (*Identity) Revoke ¶
func (i *Identity) Revoke(req *api.RevocationRequest) (*api.RevocationResponse, error)
Revoke the identity associated with 'id'
func (*Identity) RevokeSelf ¶
func (i *Identity) RevokeSelf() (*api.RevocationResponse, error)
RevokeSelf revokes the current identity and all certificates
type IntermediateCA ¶
type IntermediateCA struct { ParentServer ParentServer TLS gmtls.ClientTLSConfig Enrollment api.EnrollmentRequest }
IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermetiate CA
type ParentServer ¶
type ParentServer struct { URL string `opt:"u" help:"URL of the parent fabric-ca-server (e.g. http://<username>:<password>@<address>:<port)" mask:"url"` CAName string `help:"Name of the CA to connect to on fabric-ca-server"` }
ParentServer contains URL for the parent server and the name of CA inside the server to connect to
func (ParentServer) String ¶
func (parent ParentServer) String() string
type Server ¶
type Server struct { // The home directory for the server HomeDir string // BlockingStart if true makes the Start function blocking; // It is non-blocking by default. BlockingStart bool // The server's configuration Config *ServerConfig // Metrics are the metrics that the server tracks Metrics cametrics.Metrics // Operations is responsible for the server's operation information Operations operationsServer // Server's default CA CA // contains filtered or unexported fields }
Server is the fabric-ca server
func TestGetIntermediateServer ¶
TestGetIntermediateServer creates a server with intermediate server configuration
func TestGetRootServer ¶
TestGetRootServer creates a server with root configuration
func TestGetServer ¶
TestGetServer creates and returns a pointer to a server struct
func TestGetServer2 ¶
func TestGetServer2(deleteHome bool, port int, home, parentURL string, maxEnroll int, t *testing.T) *Server
TestGetServer2 creates and returns a pointer to a server struct, with an option of whether or not to remove the home directory first
func (*Server) HealthCheck ¶
HealthCheck pings the database to determine if it is reachable
func (*Server) RegisterBootstrapUser ¶
RegisterBootstrapUser registers the bootstrap user with appropriate privileges
type ServerConfig ¶
type ServerConfig struct { // Listening port for the server Port int `def:"7054" opt:"p" help:"Listening port of fabric-ca-server"` // Bind address for the server Address string `def:"0.0.0.0" help:"Listening address of fabric-ca-server"` // Cross-Origin Resource Sharing settings for the server CORS CORS // Enables debug logging Debug bool `def:"false" opt:"d" help:"Enable debug level logging" hide:"true"` // Sets the logging level on the server LogLevel string `help:"Set logging level (info, warning, debug, error, fatal, critical)"` // TLS for the server's listening endpoint TLS gmtls.ServerTLSConfig // Optional client config for an intermediate server which acts as a client // of the root (or parent) server Client *ClientConfig `skip:"true"` // CACfg is the default CA's config CAcfg CAConfig `skip:"true"` // The names of the CA configuration files // This is empty unless there are non-default CAs served by this server CAfiles []string `help:"A list of comma-separated CA configuration files"` // The number of non-default CAs, which is useful for a dev environment to // quickly start any number of CAs in a single server CAcount int `def:"0" help:"Number of non-default CA instances"` // Size limit of an acceptable CRL in bytes CRLSizeLimit int `def:"512000" help:"Size limit of an acceptable CRL in bytes"` // CompMode1_3 determines if to run in comptability for version 1.3 CompMode1_3 bool `skip:"true"` // Metrics contains the configuration for provider and statsd Metrics operations.MetricsOptions `hide:"true"` // Operations contains the configuration for the operations servers Operations operations.Options `hide:"true"` }
ServerConfig is the fabric-ca server's config The tags are recognized by the RegisterFlags function in fabric-ca/util/flag.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.
type ServerInfoResponseNet ¶
type ServerInfoResponseNet struct { // CAName is a unique name associated with fabric-ca-server's CA CAName string // Base64 encoding of PEM-encoded certificate chain CAChain string // Base64 encoding of idemix issuer public key IssuerPublicKey string // Version of the server Version string }
ServerInfoResponseNet is the response to the GET /cainfo request
type ServerRequestContext ¶
type ServerRequestContext interface { BasicAuthentication() (string, error) TokenAuthentication() (string, error) GetCaller() (user.User, error) HasRole(role string) error ChunksToDeliver(string) (int, error) GetReq() *http.Request GetQueryParm(name string) string GetBoolQueryParm(name string) (bool, error) GetResp() http.ResponseWriter GetCertificates(cr.CertificateRequest, string) (*sqlx.Rows, error) IsLDAPEnabled() bool ReadBody(interface{}) error ContainsAffiliation(string) error CanActOnType(string) error }
ServerRequestContext defines the functionality of a server request context object
Source Files ¶
- ca.go
- caconfig.go
- certdbaccessor.go
- client.go
- clientconfig.go
- dbaccessor.go
- gmca.go
- identity.go
- keyrequestnopkcs11.go
- server.go
- serveraffiliations.go
- servercertificates.go
- serverconfig.go
- serverendpoint.go
- serverenroll.go
- servergencrl.go
- serveridemixcri.go
- serveridemixenroll.go
- serveridentities.go
- serverinfo.go
- serverregister.go
- serverrequestcontext.go
- serverrevoke.go
- servertcert.go
- test-util.go
- util.go
Directories ¶
Path | Synopsis |
---|---|
client
|
|
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
server
|
|
certificaterequest/mocks
Code generated by mockery v1.0.0.
|
Code generated by mockery v1.0.0. |
db/mocks
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
db/mysql/mocks
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
db/postgres/mocks
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
db/sqlite/mocks
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
idemix/mocks
Code generated by mockery v1.0.0.
|
Code generated by mockery v1.0.0. |
user/mocks
Code generated by counterfeiter.
|
Code generated by counterfeiter. |