Documentation ¶
Index ¶
- Constants
- Variables
- func B64Decode(str string) (buf []byte, err error)
- func B64Encode(buf []byte) string
- func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP bccsp.BCCSP) (bccsp.Key, crypto.Signer, error)
- func BccspBackedSigner(caFile, keyFile string, policy *config.Signing, csp bccsp.BCCSP) (signer.Signer, error)
- func CheckHostsInCert(certFile string, hosts ...string) error
- func CmdRunBegin(v *viper.Viper)
- func ConfigureBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) error
- func CopyMissingValues(src, dst interface{})
- func CreateClientHome() (string, error)
- func CreateToken(csp bccsp.BCCSP, cert []byte, key bccsp.Key, method, uri string, body []byte) (string, error)
- func DecodeToken(token string) (*x509.Certificate, string, string, error)
- func ErrorContains(t *testing.T, err error, contains, msg string, args ...interface{})
- func Fatal(format string, v ...interface{})
- func FatalError(t *testing.T, err error, msg string, args ...interface{})
- func FileExists(name string) bool
- func FlagString(v *viper.Viper, flags *pflag.FlagSet, name, short string, def string, ...)
- func GenECDSAToken(csp bccsp.BCCSP, cert []byte, key bccsp.Key, method, uri string, body []byte) (string, error)
- func GetBCCSP(opts *factory.FactoryOpts, homeDir string) (bccsp.BCCSP, error)
- func GetCertificateDuration(cert *x509.Certificate) time.Duration
- func GetCertificateDurationFromFile(file string) (time.Duration, error)
- func GetCommandLineOptValue(optName string, remove bool) string
- func GetDefaultBCCSP() bccsp.BCCSP
- func GetDefaultConfigFile(cmdName string) string
- func GetECPrivateKey(raw []byte) (*ecdsa.PrivateKey, error)
- func GetEnrollmentIDFromPEM(cert []byte) (string, error)
- func GetEnrollmentIDFromX509Certificate(cert *x509.Certificate) string
- func GetMaskedURL(url string) string
- func GetRSAPrivateKey(raw []byte) (*rsa.PrivateKey, error)
- func GetSM2PrivateKey(raw []byte) (*sm2.PrivateKey, error)
- func GetSerialAsHex(serial *big.Int) string
- func GetServerAddr() string
- func GetServerPort() string
- func GetServerProtocol() string
- func GetServerURL() string
- func GetSignerFromCert(cert *x509.Certificate, csp bccsp.BCCSP) (bccsp.Key, crypto.Signer, error)
- func GetSignerFromCertFile(certFile string, csp bccsp.BCCSP) (bccsp.Key, crypto.Signer, *x509.Certificate, error)
- func GetSignerFromSM2Cert(cert *x509GM.Certificate, csp bccsp.BCCSP) (bccsp.Key, crypto.Signer, error)
- func GetSliceFromList(split string, delim string) []string
- func GetUser(v *viper.Viper) (string, string, error)
- func GetX509CertificateFromPEM(cert []byte) (*x509.Certificate, error)
- func GetX509CertificateFromPEMFile(file string) (*x509.Certificate, error)
- func GetX509CertificatesFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
- func HTTPRequestToString(req *http.Request) string
- func HTTPResponseToString(resp *http.Response) string
- func Hostname() string
- func ImportBCCSPKeyFromPEM(keyFile string, myCSP bccsp.BCCSP, temporary bool) (bccsp.Key, error)
- func InitBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) (bccsp.BCCSP, error)
- func IsGMConfig() bool
- func IsSubsetOf(small, big string) error
- func ListContains(list, find string) bool
- func LoadX509KeyPair(certFile, keyFile string, csp bccsp.BCCSP) (*tls.Certificate, error)
- func LoadX509KeyPairSM2(certFile, keyFile string, csp bccsp.BCCSP) (bccsp.Key, *gtls.Certificate, error)
- func MakeFileAbs(file, dir string) (string, error)
- func MakeFileNamesAbsolute(files []*string, home string) error
- func Marshal(from interface{}, what string) ([]byte, error)
- func NormalizeFileList(files []string, homeDir string) ([]string, error)
- func NormalizeStringSlice(slice []string) []string
- func ParseObj(obj interface{}, cb func(*Field) error, tags map[string]string) error
- func ParseSm2Certificate2X509(sm2Cert *x509GM.Certificate) *x509.Certificate
- func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *x509GM.Certificate
- func RandomString(n int) string
- func Read(r io.Reader, data []byte) ([]byte, error)
- func ReadFile(file string) ([]byte, error)
- func RegisterFlags(v *viper.Viper, flags *pflag.FlagSet, config interface{}, ...) error
- func RemoveQuotes(str string) string
- func SetDefaultServerPort()
- func SetProviderName(name string)
- func StrContained(str string, strs []string) bool
- func StructToString(si interface{}) string
- func Unmarshal(from []byte, to interface{}, what string) error
- func ValidateAndReturnAbsConf(configFilePath, homeDir, cmdName string) (string, string, error)
- func VerifyToken(csp bccsp.BCCSP, token string, method, uri string, body []byte, ...) (*x509.Certificate, error)
- func ViperUnmarshal(cfg interface{}, stringSliceFields []string, vp *viper.Viper) error
- func WriteFile(file string, buf []byte, perm os.FileMode) error
- type ECDSASignature
- type Field
Constants ¶
const ( // TagDefault is the tag name for a default value of a field as recognized // by RegisterFlags. TagDefault = "def" // TagHelp is the tag name for a help message of a field as recognized // by RegisterFlags. TagHelp = "help" // TagOpt is the tag name for a one character option of a field as recognized // by RegisterFlags. For example, a value of "d" reserves "-d" for the // command line argument. TagOpt = "opt" // TagSkip is the tag name which causes the field to be skipped by // RegisterFlags. TagSkip = "skip" // TagHide is the tag name which causes the field to be hidden TagHide = "hide" )
const SecretTag = "mask"
SecretTag to tag a field as secret as in password, token
Variables ¶
var ( // ErrNotImplemented used to return errors for functions not implemented ErrNotImplemented = errors.New("NOT YET IMPLEMENTED") )
var RevocationReasonCodes = map[string]int{ "unspecified": ocsp.Unspecified, "keycompromise": ocsp.KeyCompromise, "cacompromise": ocsp.CACompromise, "affiliationchanged": ocsp.AffiliationChanged, "superseded": ocsp.Superseded, "cessationofoperation": ocsp.CessationOfOperation, "certificatehold": ocsp.CertificateHold, "removefromcrl": ocsp.RemoveFromCRL, "privilegewithdrawn": ocsp.PrivilegeWithdrawn, "aacompromise": ocsp.AACompromise, }
RevocationReasonCodes is a map between string reason codes to integers as defined in RFC 5280
var URLRegex = regexp.MustCompile("(ldap|http)s*://(\\S+):(\\S+)@")
URLRegex is the regular expression to check if a value is an URL
Functions ¶
func BCCSPKeyRequestGenerate ¶
func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP bccsp.BCCSP) (bccsp.Key, crypto.Signer, error)
TODO: remove first param BCCSPKeyRequestGenerate generates keys through BCCSP somewhat mirroring to cfssl/req.KeyRequest.Generate()
func BccspBackedSigner ¶
func BccspBackedSigner(caFile, keyFile string, policy *config.Signing, csp bccsp.BCCSP) (signer.Signer, error)
BccspBackedSigner attempts to create a signer using csp bccsp.BCCSP. This csp could be SW (golang crypto) PKCS11 or whatever BCCSP-conformant library is configured
func CheckHostsInCert ¶
CheckHostsInCert checks to see if host correctly inserted into certificate
func CmdRunBegin ¶
CmdRunBegin is called at the beginning of each cobra run function
func ConfigureBCCSP ¶
func ConfigureBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) error
ConfigureBCCSP configures BCCSP, using
func CopyMissingValues ¶
func CopyMissingValues(src, dst interface{})
CopyMissingValues checks the dst interface for missing values and replaces them with value from src config struct. This does a deep copy of pointers.
func CreateClientHome ¶
CreateClientHome will create a home directory if it does not exist
func CreateToken ¶
func CreateToken(csp bccsp.BCCSP, cert []byte, key bccsp.Key, method, uri string, body []byte) (string, error)
CreateToken creates a JWT-like token. In a normal JWT token, the format of the token created is:
<algorithm,claims,signature>
where each part is base64-encoded string separated by a period. In this JWT-like token, there are two differences:
- the claims section is a certificate, so the format is: <certificate,signature>
- the signature uses the private key associated with the certificate, and the signature is across both the certificate and the "body" argument, which is the body of an HTTP request, though could be any arbitrary bytes.
@param cert The pem-encoded certificate @param key The pem-encoded key @param method http method of the request @param uri URI of the request @param body The body of an HTTP request
func DecodeToken ¶
DecodeToken extracts an X509 certificate and base64 encoded signature from a token
func ErrorContains ¶
ErrorContains will check to see if an error occurred, if so it will check that it contains the appropriate error message
func FatalError ¶
FatalError will check to see if an error occured if so it will cause the test cases exit
func FlagString ¶
FlagString sets up a flag for a string, binding it to its name
func GenECDSAToken ¶
func GenECDSAToken(csp bccsp.BCCSP, cert []byte, key bccsp.Key, method, uri string, body []byte) (string, error)
GenECDSAToken signs the http body and cert with ECDSA using EC private key
func GetCertificateDuration ¶
func GetCertificateDuration(cert *x509.Certificate) time.Duration
GetCertificateDuration returns the validity duration for a certificate
func GetCertificateDurationFromFile ¶
GetCertificateDurationFromFile returns the validity duration for a certificate in a file.
func GetCommandLineOptValue ¶
GetCommandLineOptValue searches the command line arguments for the specified option and returns the following value if found; otherwise it returns "". If **remove** is true and it is found, the option and its value are removed from os.Args. For example, if command line is:
fabric-ca client enroll -config myconfig.json
GetCommandLineOptValue("-config",true) returns "myconfig.json" and changes os.Args to
fabric-ca client enroll
func GetDefaultConfigFile ¶
GetDefaultConfigFile gets the default path for the config file to display in usage message
func GetECPrivateKey ¶
func GetECPrivateKey(raw []byte) (*ecdsa.PrivateKey, error)
GetECPrivateKey get *ecdsa.PrivateKey from key pem
func GetEnrollmentIDFromPEM ¶
GetEnrollmentIDFromPEM returns the EnrollmentID from a PEM buffer
func GetEnrollmentIDFromX509Certificate ¶
func GetEnrollmentIDFromX509Certificate(cert *x509.Certificate) string
GetEnrollmentIDFromX509Certificate returns the EnrollmentID from the X509 certificate
func GetMaskedURL ¶
GetMaskedURL returns masked URL. It masks username and password from the URL if present
func GetRSAPrivateKey ¶
func GetRSAPrivateKey(raw []byte) (*rsa.PrivateKey, error)
GetRSAPrivateKey get *rsa.PrivateKey from key pem
func GetSM2PrivateKey ¶
func GetSM2PrivateKey(raw []byte) (*sm2.PrivateKey, error)
GetSM2PrivateKey get *sm2.PrivateKey from key pem
func GetSerialAsHex ¶
GetSerialAsHex returns the serial number from certificate as hex format
func GetServerProtocol ¶
func GetServerProtocol() string
GetServerProtocol returns the server's protocol
func GetSignerFromCert ¶
GetSignerFromCert load private key represented by ski and return bccsp signer that conforms to crypto.Signer
func GetSignerFromCertFile ¶
func GetSignerFromCertFile(certFile string, csp bccsp.BCCSP) (bccsp.Key, crypto.Signer, *x509.Certificate, error)
GetSignerFromCertFile load skiFile and load private key represented by ski and return bccsp signer that conforms to crypto.Signer
func GetSignerFromSM2Cert ¶
func GetSignerFromSM2Cert(cert *x509GM.Certificate, csp bccsp.BCCSP) (bccsp.Key, crypto.Signer, error)
GetSignerFromSM2Cert load private key represented by ski and return bccsp signer that conforms to crypto.Signer
func GetSliceFromList ¶
GetSliceFromList will return a slice from a list
func GetX509CertificateFromPEM ¶
func GetX509CertificateFromPEM(cert []byte) (*x509.Certificate, error)
GetX509CertificateFromPEM get an X509 certificate from bytes in PEM format
func GetX509CertificateFromPEMFile ¶
func GetX509CertificateFromPEMFile(file string) (*x509.Certificate, error)
GetX509CertificateFromPEMFile gets an X509 certificate from a file
func GetX509CertificatesFromPEM ¶
func GetX509CertificatesFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
GetX509CertificatesFromPEM returns X509 certificates from bytes in PEM format
func HTTPRequestToString ¶
HTTPRequestToString returns a string for an HTTP request for debuggging
func HTTPResponseToString ¶
HTTPResponseToString returns a string for an HTTP response for debuggging
func ImportBCCSPKeyFromPEM ¶
ImportBCCSPKeyFromPEM attempts to create a private BCCSP key from a pem file keyFile
func IsGMConfig ¶
func IsGMConfig() bool
func IsSubsetOf ¶
IsSubsetOf returns an error if there is something in 'small' that is not in 'big'. Both small and big are assumed to be comma-separated strings. All string comparisons are case-insensitive. Examples: 1) IsSubsetOf('a,B', 'A,B,C') returns nil 2) IsSubsetOf('A,B,C', 'B,C') returns an error because A is not in the 2nd set.
func ListContains ¶
ListContains looks through a comma separated list to see if a string exists
func LoadX509KeyPair ¶
LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain. On successful return, Certificate.Leaf will be nil because the parsed form of the certificate is not retained.
This function originated from crypto/tls/tls.go and was adapted to use a BCCSP Signer
func LoadX509KeyPairSM2 ¶
func MakeFileAbs ¶
MakeFileAbs makes 'file' absolute relative to 'dir' if not already absolute
func MakeFileNamesAbsolute ¶
MakeFileNamesAbsolute makes all file names in the list absolute, relative to home
func NormalizeFileList ¶
NormalizeFileList provides absolute pathing for the list of files
func NormalizeStringSlice ¶
NormalizeStringSlice checks for seperators
func ParseSm2Certificate2X509 ¶
func ParseSm2Certificate2X509(sm2Cert *x509GM.Certificate) *x509.Certificate
sm2 证书转换 x509 证书
func ParseX509Certificate2Sm2 ¶
func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *x509GM.Certificate
X509证书格式转换为 SM2证书格式
func RegisterFlags ¶
func RegisterFlags(v *viper.Viper, flags *pflag.FlagSet, config interface{}, tags map[string]string) error
RegisterFlags registers flags for all fields in an arbitrary 'config' object. This method recognizes the following field tags: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.
func RemoveQuotes ¶
RemoveQuotes removes outer quotes from a string if necessary
func SetDefaultServerPort ¶
func SetDefaultServerPort()
SetDefaultServerPort overrides the default CFSSL server port by adding the "-port" option to the command line if it was not already present.
func SetProviderName ¶
func SetProviderName(name string)
func StrContained ¶
StrContained returns true if 'str' is in 'strs'; otherwise return false
func StructToString ¶
func StructToString(si interface{}) string
StructToString converts a struct to a string. If a field has a 'secret' tag, it is masked in the returned string
func ValidateAndReturnAbsConf ¶
ValidateAndReturnAbsConf checks to see that there are no conflicts between the configuration file path and home directory. If no conflicts, returns back the absolute path for the configuration file and home directory.
func VerifyToken ¶
func VerifyToken(csp bccsp.BCCSP, token string, method, uri string, body []byte, compMode1_3 bool) (*x509.Certificate, error)
VerifyToken verifies token signed by either ECDSA or RSA and returns the associated user ID
func ViperUnmarshal ¶
ViperUnmarshal is a work around for a bug in viper.Unmarshal This can be removed once https://github.com/spf13/viper/issues/327 is fixed and vendored.
Types ¶
type ECDSASignature ¶
ECDSASignature forms the structure for R and S value for ECDSA