lib

package
v1.0.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2017 License: Apache-2.0 Imports: 46 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultServerPort is the default listening port for the fabric-ca server
	DefaultServerPort = 7054

	// DefaultServerAddr is the default listening address for the fabric-ca server
	DefaultServerAddr = "0.0.0.0"
)

Variables

This section is empty.

Functions

func BytesToX509Cert 

func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)

BytesToX509Cert converts bytes (PEM or DER) to an X509 certificate

func GetCertID 

func GetCertID(bytes []byte) (string, string, error)

GetCertID returns both the serial number and AKI (Authority Key ID) for the certificate

func NormalizeURL 

func NormalizeURL(addr string) (*url.URL, error)

NormalizeURL normalizes a URL (from cfssl)

Types

type Accessor 

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements db.Accessor interface.

func NewDBAccessor 

func NewDBAccessor() *Accessor

NewDBAccessor is a constructor for the database API

func (*Accessor) DeleteAffiliation 

func (d *Accessor) DeleteAffiliation(name string) error

DeleteAffiliation deletes affiliation from database

func (*Accessor) DeleteUser 

func (d *Accessor) DeleteUser(id string) error

DeleteUser deletes user from database

func (*Accessor) GetAffiliation 

func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error)

GetAffiliation gets affiliation from database

func (*Accessor) GetUser 

func (d *Accessor) GetUser(id string, attrs []string) (spi.User, error)

GetUser gets user from database

func (*Accessor) GetUserInfo 

func (d *Accessor) GetUserInfo(id string) (spi.UserInfo, error)

GetUserInfo gets user information from database

func (*Accessor) InsertAffiliation 

func (d *Accessor) InsertAffiliation(name string, prekey string) error

InsertAffiliation inserts affiliation into database

func (*Accessor) InsertUser 

func (d *Accessor) InsertUser(user spi.UserInfo) error

InsertUser inserts user into database

func (*Accessor) SetDB 

func (d *Accessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser 

func (d *Accessor) UpdateUser(user spi.UserInfo) error

UpdateUser updates user in database

type CertDBAccessor 

type CertDBAccessor struct {
	// contains filtered or unexported fields
}

CertDBAccessor implements certdb.Accessor interface.

func NewCertDBAccessor 

func NewCertDBAccessor(db *sqlx.DB) *CertDBAccessor

NewCertDBAccessor returns a new Accessor.

func (*CertDBAccessor) GetCertificate 

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificateWithID 

func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)

GetCertificateWithID gets a CertificateRecord indexed by serial and returns user too.

func (*CertDBAccessor) GetCertificatesByID 

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertificateRecord indexed by id.

func (*CertDBAccessor) GetOCSP 

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetUnexpiredCertificates 

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs 

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate 

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP 

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate 

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID 

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked.

func (*CertDBAccessor) SetDB 

func (d *CertDBAccessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*CertDBAccessor) UpdateOCSP 

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP 

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord 

type CertRecord struct {
	ID string `db:"id"`
	certdb.CertificateRecord
}

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type Client 

type Client struct {
	// HomeDir is the home directory
	HomeDir string `json:"homeDir,omitempty"`
	// The client's configuration
	Config *ClientConfig
	// contains filtered or unexported fields
}

Client is the fabric-ca client object

func NewClient 

func NewClient(configFile string) (*Client, error)

NewClient is the constructor for the fabric-ca client API

func (*Client) CheckEnrollment 

func (c *Client) CheckEnrollment() error

CheckEnrollment returns an error if this client is not enrolled

func (*Client) Enroll 

func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)

Enroll enrolls a new identity @param req The enrollment request

func (*Client) GenCSR 

func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, []byte, error)

GenCSR generates a CSR (Certificate Signing Request)

func (*Client) GetServerInfo 

func (c *Client) GetServerInfo() (*GetServerInfoResponse, error)

GetServerInfo returns generic server information

func (*Client) Init 

func (c *Client) Init() error

Init initializes the client

func (*Client) LoadCSRInfo 

func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error)

LoadCSRInfo reads CSR (Certificate Signing Request) from a file @parameter path The path to the file contains CSR info in JSON format

func (*Client) LoadMyIdentity 

func (c *Client) LoadMyIdentity() (*Identity, error)

LoadMyIdentity loads the client's identity from disk

func (*Client) SendReq 

func (c *Client) SendReq(req *http.Request, result interface{}) (err error)

SendReq sends a request to the fabric-ca-server and fills in the result

func (*Client) StoreMyIdentity 

func (c *Client) StoreMyIdentity(key, cert []byte) error

StoreMyIdentity stores my identity to disk

type ClientConfig 

type ClientConfig struct {
	Debug      bool   `def:"false" opt:"d" help:"Enable debug level logging"`
	URL        string `def:"http://localhost:7054" opt:"u" help:"URL of fabric-ca-server"`
	MSPDir     string `def:"msp" opt:"M" help:"Membership Service Provider directory"`
	TLS        tls.ClientTLSConfig
	Enrollment api.EnrollmentRequest
	CSR        api.CSRInfo
	ID         api.RegistrationRequest
}

ClientConfig is the fabric-ca client's config

func (*ClientConfig) Enroll 

func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)

Enroll a client given the server's URL and the client's home directory. The URL may be of the form: http://user:pass@host:port where user and pass are the enrollment ID and secret, respectively.

type DBUser 

type DBUser struct {
	spi.UserInfo
	// contains filtered or unexported fields
}

DBUser is the databases representation of a user

func (*DBUser) GetAffiliationPath 

func (u *DBUser) GetAffiliationPath() []string

GetAffiliationPath returns the complete path for the user's affiliation.

func (*DBUser) GetAttribute 

func (u *DBUser) GetAttribute(name string) string

GetAttribute returns the value for an attribute name

func (*DBUser) GetName 

func (u *DBUser) GetName() string

GetName returns the enrollment ID of the user

func (*DBUser) Login 

func (u *DBUser) Login(pass string) error

Login the user with a password

type EnrollmentResponse 

type EnrollmentResponse struct {
	Identity   *Identity
	ServerInfo GetServerInfoResponse
}

EnrollmentResponse is the response from Client.Enroll and Identity.Reenroll

type GetServerInfoResponse 

type GetServerInfoResponse struct {
	// CAName is the name of the CA
	CAName string
	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
	// The 1st element of the chain is the root CA cert
	CAChain []byte
}

GetServerInfoResponse is the response from the GetServerInfo call

type Identity 

type Identity struct {
	CSP bccsp.BCCSP
	// contains filtered or unexported fields
}

Identity is fabric-ca's implementation of an identity

func (*Identity) GetECert 

func (i *Identity) GetECert() *Signer

GetECert returns the enrollment certificate signer for this identity

func (*Identity) GetName 

func (i *Identity) GetName() string

GetName returns the identity name

func (*Identity) GetTCertBatch 

func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*Signer, error)

GetTCertBatch returns a batch of TCerts for this identity

func (*Identity) Post 

func (i *Identity) Post(endpoint string, reqBody []byte, result interface{}) error

Post sends arbtrary request body (reqBody) to an endpoint. This adds an authorization header which contains the signature of this identity over the body and non-signature part of the authorization header. The return value is the body of the response.

func (*Identity) Reenroll 

func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*EnrollmentResponse, error)

Reenroll reenrolls an existing Identity and returns a new Identity @param req The reenrollment request

func (*Identity) Register 

func (i *Identity) Register(req *api.RegistrationRequest) (rr *api.RegistrationResponse, err error)

Register registers a new identity @param req The registration request

func (*Identity) Revoke 

func (i *Identity) Revoke(req *api.RevocationRequest) error

Revoke the identity associated with 'id'

func (*Identity) RevokeSelf 

func (i *Identity) RevokeSelf() error

RevokeSelf revokes the current identity and all certificates

func (*Identity) Store 

func (i *Identity) Store() error

Store writes my identity info to disk

type Server 

type Server struct {
	// The home directory for the server
	HomeDir string
	// BlockingStart if true makes the Start function blocking;
	// It is non-blocking by default.
	BlockingStart bool
	// The server's configuration
	Config *ServerConfig
	// The parent server URL, which is non-null if this is an intermediate server
	ParentServerURL string
	// contains filtered or unexported fields
}

Server is the fabric-ca server

func (*Server) CertDBAccessor 

func (s *Server) CertDBAccessor() *CertDBAccessor

CertDBAccessor returns the certificate DB accessor for server

func (*Server) Init 

func (s *Server) Init(renew bool) (err error)

Init initializes a fabric-ca server

func (*Server) RegisterBootstrapUser 

func (s *Server) RegisterBootstrapUser(user, pass, affiliation string) error

RegisterBootstrapUser registers the bootstrap user with appropriate privileges

func (*Server) Start 

func (s *Server) Start() (err error)

Start the fabric-ca server

func (*Server) Stop 

func (s *Server) Stop() error

Stop the server WARNING: This forcefully closes the listening socket and may cause requests in transit to fail, and so is only used for testing. A graceful shutdown will be supported with golang 1.8.

type ServerConfig 

type ServerConfig struct {
	Port         int    `def:"7054" opt:"p" help:"Listening port of fabric-ca-server"`
	Address      string `def:"0.0.0.0" help:"Listening address of fabric-ca-server"`
	Debug        bool   `def:"false" opt:"d" help:"Enable debug level logging"`
	TLS          tls.ServerTLSConfig
	CSP          *factory.FactoryOpts
	CA           ServerConfigCA
	Signing      *config.Signing
	CSR          csr.CertificateRequest
	Registry     ServerConfigRegistry
	Affiliations map[string]interface{}
	LDAP         ldap.Config
	DB           ServerConfigDB
	Remote       string `skip:"true"`
	Client       *ClientConfig
}

ServerConfig is the fabric-ca server's config The tags are recognized by the RegisterFlags function in fabric-ca/lib/util.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.

type ServerConfigCA 

type ServerConfigCA struct {
	Name      string `opt:"n" help:"Certificate Authority name"`
	Keyfile   string `def:"ca-key.pem" help:"PEM-encoded CA key file"`
	Certfile  string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"`
	Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"`
}

ServerConfigCA is the CA config for the fabric-ca server

type ServerConfigDB 

type ServerConfigDB struct {
	Type       string `def:"sqlite3" help:"Type of database; one of: sqlite3, postgres, mysql"`
	Datasource string `def:"fabric-ca-server.db" help:"Data source which is database specific"`
	TLS        tls.ClientTLSConfig
}

ServerConfigDB is the database part of the server's config

type ServerConfigIdentity 

type ServerConfigIdentity struct {
	Name           string
	Pass           string `secret:"password"`
	Type           string
	Affiliation    string
	MaxEnrollments int
	Attrs          map[string]string
}

ServerConfigIdentity is identity information in the server's config

func (*ServerConfigIdentity) String 

func (sc *ServerConfigIdentity) String() string

type ServerConfigRegistry 

type ServerConfigRegistry struct {
	MaxEnrollments int `def:"0" help:"Maximum number of enrollments; valid if LDAP not enabled"`
	Identities     []ServerConfigIdentity
}

ServerConfigRegistry is the registry part of the server's config

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer represents a signer Each identity may have multiple signers, currently one ecert and multiple tcerts

func (*Signer) Cert 

func (s *Signer) Cert() []byte

Cert returns the cert bytes of this signer

func (*Signer) Key 

func (s *Signer) Key() []byte

Key returns the key bytes of this signer

func (*Signer) RevokeSelf 

func (s *Signer) RevokeSelf() error

RevokeSelf revokes only the certificate associated with this signer

type UserRecord 

type UserRecord struct {
	Name           string `db:"id"`
	Pass           string `db:"token"`
	Type           string `db:"type"`
	Affiliation    string `db:"affiliation"`
	Attributes     string `db:"attributes"`
	State          int    `db:"state"`
	MaxEnrollments int    `db:"max_enrollments"`
}

UserRecord defines the properties of a user

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.