Documentation ¶
Index ¶
- Constants
- func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)
- func CopyFile(src, dst string) error
- func GetAttrValue(attrs []api.Attribute, name string) string
- func GetCertID(bytes []byte) (string, string, error)
- func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)
- func NormalizeURL(addr string) (*url.URL, error)
- func UnmarshalConfig(config interface{}, vp *viper.Viper, configFile string, ...) error
- type Accessor
- func (d *Accessor) DeleteAffiliation(name string) error
- func (d *Accessor) DeleteUser(id string) error
- func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error)
- func (d *Accessor) GetUser(id string, attrs []string) (spi.User, error)
- func (d *Accessor) GetUserInfo(id string) (spi.UserInfo, error)
- func (d *Accessor) InsertAffiliation(name string, prekey string) error
- func (d *Accessor) InsertUser(user spi.UserInfo) error
- func (d *Accessor) SetDB(db *sqlx.DB)
- func (d *Accessor) UpdateUser(user spi.UserInfo) error
- type CA
- type CAConfig
- type CAConfigDB
- type CAConfigIdentity
- type CAConfigRegistry
- type CAInfo
- type CRLConfig
- type CertDBAccessor
- func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)
- func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)
- func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)
- func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)
- func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)
- func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)
- func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)
- func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
- func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)
- func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error
- func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error
- func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error
- func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)
- func (d *CertDBAccessor) SetDB(db *sqlx.DB)
- func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error
- func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error
- type CertRecord
- type Client
- func (c *Client) CheckEnrollment() error
- func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)
- func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, bccsp.Key, error)
- func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetServerInfoResponse, error)
- func (c *Client) GetCertFilePath() string
- func (c *Client) Init() error
- func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error)
- func (c *Client) LoadIdentity(keyFile, certFile string) (*Identity, error)
- func (c *Client) LoadMyIdentity() (*Identity, error)
- func (c *Client) NewIdentity(key bccsp.Key, cert []byte) (*Identity, error)
- func (c *Client) SendReq(req *http.Request, result interface{}) (err error)
- func (c *Client) StoreMyIdentity(cert []byte) error
- type ClientConfig
- type DBUser
- func (u *DBUser) GetAffiliationPath() []string
- func (u *DBUser) GetAttribute(name string) string
- func (u *DBUser) GetAttributes(attrNames []string) []tcert.Attribute
- func (u *DBUser) GetName() string
- func (u *DBUser) Login(pass string, caMaxEnrollments int) error
- func (u *DBUser) LoginComplete() error
- type DN
- type EnrollmentResponse
- type GetServerInfoResponse
- type Identity
- func (i *Identity) GenCRL(req *api.GenCRLRequest) (*api.GenCRLResponse, error)
- func (i *Identity) GetClient() *Client
- func (i *Identity) GetECert() *Signer
- func (i *Identity) GetName() string
- func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*Signer, error)
- func (i *Identity) Post(endpoint string, reqBody []byte, result interface{}) error
- func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*EnrollmentResponse, error)
- func (i *Identity) Register(req *api.RegistrationRequest) (rr *api.RegistrationResponse, err error)
- func (i *Identity) RegisterAndEnroll(req *api.RegistrationRequest) (*Identity, error)
- func (i *Identity) Revoke(req *api.RevocationRequest) error
- func (i *Identity) RevokeSelf() error
- func (i *Identity) Store() error
- type IntermediateCA
- type ParentServer
- type Server
- func TestGetIntermediateServer(idx int, t *testing.T) *Server
- func TestGetRootServer(t *testing.T) *Server
- func TestGetServer(port int, home, parentURL string, maxEnroll int, t *testing.T) *Server
- func TestGetServer2(deleteHome bool, port int, home, parentURL string, maxEnroll int, t *testing.T) *Server
- type ServerConfig
- type Signer
- type UserRecord
Constants ¶
const ( // DefaultServerPort is the default listening port for the fabric-ca server DefaultServerPort = 7054 // DefaultServerAddr is the default listening address for the fabric-ca server DefaultServerAddr = "0.0.0.0" )
const ( // Unknown error code ErrUnknown = 0 // HTTP method not allowed ErrMethodNotAllowed = 1 // No authorization header was found in request ErrNoAuthHdr = 2 // Failed reading the HTTP request body ErrReadingReqBody = 3 // HTTP request body was empty but should not have been ErrEmptyReqBody = 4 // HTTP request body was of the wrong format ErrBadReqBody = 5 // The token in the authorization header was invalid ErrBadReqToken = 6 // The caller does not have the "hf.Revoker" attibute ErrNotRevoker = 7 // Certificate to be revoked was not found ErrRevCertNotFound = 8 // Certificate to be revoked is not owned by expected user ErrCertWrongOwner = 9 // Identity of certificate to be revoked was not found ErrRevokeIDNotFound = 10 // User info was not found for issuee of revoked certificate ErrRevokeUserInfoNotFound = 11 // Certificate revocation failed for another reason ErrRevokeFailure = 12 // Failed to update user info when revoking identity ErrRevokeUpdateUser = 13 // Failed to revoke any certificates by identity ErrNoCertsRevoked = 14 // Missing fields in the revocation request ErrMissingRevokeArgs = 15 // Failed to get user's affiliation ErrGettingAffiliation = 16 // Revoker's affiliation not equal to or above revokee's affiliation ErrRevokerNotAffiliated = 17 // Failed to send an HTTP response ErrSendingResponse = 18 // The CA (Certificate Authority) name was not found ErrCANotFound = 19 // Authorization failure ErrAuthFailure = 20 // No username and password were in the authorization header ErrNoUserPass = 21 // Enrollment is currently disabled for the server ErrEnrollDisabled = 22 // Invalid user name ErrInvalidUser = 23 // Invalid password ErrInvalidPass = 24 // Invalid token in authorization header ErrInvalidToken = 25 // Certificate was not issued by a trusted authority ErrUntrustedCertificate = 26 // Certificate has expired ErrCertExpired = 27 // Certificate has been revoked ErrCertRevoked = 28 // Failed trying to check if certificate is revoked ErrCertRevokeCheckFailure = 29 // Certificate was not found ErrCertNotFound = 30 // Bad certificate signing request ErrBadCSR = 31 // Failed to get identity's prekey ErrNoPreKey = 32 // The caller was not authenticated ErrCallerIsNotAuthenticated = 33 // Invalid configuration setting ErrConfig = 34 // The caller does not have authority to generate a CRL ErrNoGenCRLAuth = 35 // Invalid RevokedAfter value in the GenCRL request ErrInvalidRevokedAfter = 36 // Invalid ExpiredAfter value in the GenCRL request ErrInvalidExpiredAfter = 37 // Failed to get revoked certs from the database ErrRevokedCertsFromDB = 38 // Failed to get CA cert ErrGetCACert = 39 // Failed to get CA signer ErrGetCASigner = 40 // Failed to generate CRL ErrGenCRL = 41 // Registrar does not have the authority to register an attribute ErrRegAttrAuth = 42 // Registrar does not own 'hf.Registrar.Attributes' ErrMissingRegAttr = 43 )
Error codes
Variables ¶
This section is empty.
Functions ¶
func BytesToX509Cert ¶
func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)
BytesToX509Cert converts bytes (PEM or DER) to an X509 certificate
func GetAttrValue ¶
GetAttrValue searches 'attrs' for the attribute with name 'name' and returns its value, or "" if not found.
func GetCertID ¶
GetCertID returns both the serial number and AKI (Authority Key ID) for the certificate
func LoadPEMCertPool ¶
LoadPEMCertPool loads a pool of PEM certificates from list of files
func NormalizeURL ¶
NormalizeURL normalizes a URL (from cfssl)
Types ¶
type Accessor ¶
type Accessor struct {
// contains filtered or unexported fields
}
Accessor implements db.Accessor interface.
func NewDBAccessor ¶
func NewDBAccessor() *Accessor
NewDBAccessor is a constructor for the database API
func (*Accessor) DeleteAffiliation ¶
DeleteAffiliation deletes affiliation from database
func (*Accessor) DeleteUser ¶
DeleteUser deletes user from database
func (*Accessor) GetAffiliation ¶
func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error)
GetAffiliation gets affiliation from database
func (*Accessor) GetUserInfo ¶
GetUserInfo gets user information from database
func (*Accessor) InsertAffiliation ¶
InsertAffiliation inserts affiliation into database
func (*Accessor) InsertUser ¶
InsertUser inserts user into database
type CA ¶
type CA struct { // The home directory for the CA HomeDir string // The CA's configuration Config *CAConfig // The file path of the config file ConfigFilePath string // contains filtered or unexported fields }
CA represents a certificate authority which signs, issues and revokes certificates
func (*CA) CertDBAccessor ¶
func (ca *CA) CertDBAccessor() *CertDBAccessor
CertDBAccessor returns the certificate DB accessor for CA
func (*CA) DBAccessor ¶
func (ca *CA) DBAccessor() spi.UserRegistry
DBAccessor returns the registry DB accessor for server
func (*CA) VerifyCertificate ¶
func (ca *CA) VerifyCertificate(cert *x509.Certificate) error
VerifyCertificate verifies that 'cert' was issued by this CA Return nil if successful; otherwise, return an error.
type CAConfig ¶
type CAConfig struct { CA CAInfo Signing *config.Signing CSR api.CSRInfo Registry CAConfigRegistry Affiliations map[string]interface{} LDAP ldap.Config DB CAConfigDB CSP *factory.FactoryOpts `mapstructure:"bccsp"` // Optional client config for an intermediate server which acts as a client // of the root (or parent) server Client *ClientConfig Intermediate IntermediateCA CRL CRLConfig }
CAConfig is the CA instance's config The tags are recognized by the RegisterFlags function in fabric-ca/lib/util.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.
type CAConfigDB ¶
type CAConfigDB struct { Type string `def:"sqlite3" help:"Type of database; one of: sqlite3, postgres, mysql"` Datasource string `def:"fabric-ca-server.db" help:"Data source which is database specific"` TLS tls.ClientTLSConfig }
CAConfigDB is the database part of the server's config
func (CAConfigDB) String ¶ added in v1.0.3
func (c CAConfigDB) String() string
Implements Stringer interface for CAConfigDB Calls util.StructToString to convert the CAConfigDB struct to string and masks the password from the database URL. Returns resulting string.
type CAConfigIdentity ¶
type CAConfigIdentity struct { Name string `mask:"username"` Pass string `mask:"password"` Type string Affiliation string MaxEnrollments int Attrs map[string]string }
CAConfigIdentity is identity information in the server's config
func (CAConfigIdentity) String ¶
func (cc CAConfigIdentity) String() string
type CAConfigRegistry ¶
type CAConfigRegistry struct { MaxEnrollments int `def:"-1" help:"Maximum number of enrollments; valid if LDAP not enabled"` Identities []CAConfigIdentity }
CAConfigRegistry is the registry part of the server's config
type CAInfo ¶
type CAInfo struct { Name string `opt:"n" help:"Certificate Authority name"` Keyfile string `def:"ca-key.pem" help:"PEM-encoded CA key file"` Certfile string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"` Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"` }
CAInfo is the CA information on a fabric-ca-server
type CRLConfig ¶ added in v1.1.0
type CRLConfig struct { // Specifies expiration for the CRL generated by the gencrl request // The number of hours specified by this property is added to the UTC time, resulting time // is used to set the 'Next Update' date of the CRL Expiry time.Duration `def:"24h" help:"Expiration for the CRL generated by the gencrl request"` }
CRLConfig contains configuration options used by the gencrl request handler
type CertDBAccessor ¶
type CertDBAccessor struct {
// contains filtered or unexported fields
}
CertDBAccessor implements certdb.Accessor interface.
func NewCertDBAccessor ¶
func NewCertDBAccessor(db *sqlx.DB) *CertDBAccessor
NewCertDBAccessor returns a new Accessor.
func (*CertDBAccessor) GetCertificate ¶
func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)
GetCertificate gets a CertificateRecord indexed by serial.
func (*CertDBAccessor) GetCertificateWithID ¶
func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)
GetCertificateWithID gets a CertificateRecord indexed by serial and returns user too.
func (*CertDBAccessor) GetCertificatesByID ¶
func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)
GetCertificatesByID gets a CertificateRecord indexed by id.
func (*CertDBAccessor) GetOCSP ¶
func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)
GetOCSP retrieves a certdb.OCSPRecord from db by serial.
func (*CertDBAccessor) GetRevokedAndUnexpiredCertificates ¶ added in v1.0.1
func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)
GetRevokedAndUnexpiredCertificates returns revoked and unexpired certificates
func (*CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel ¶ added in v1.0.1
func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)
GetRevokedAndUnexpiredCertificatesByLabel returns revoked and unexpired certificates matching the label
func (*CertDBAccessor) GetRevokedCertificates ¶ added in v1.1.0
func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)
GetRevokedCertificates returns revoked certificates
func (*CertDBAccessor) GetUnexpiredCertificates ¶
func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
GetUnexpiredCertificates gets all unexpired certificate from db.
func (*CertDBAccessor) GetUnexpiredOCSPs ¶
func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)
GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.
func (*CertDBAccessor) InsertCertificate ¶
func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error
InsertCertificate puts a CertificateRecord into db.
func (*CertDBAccessor) InsertOCSP ¶
func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error
InsertOCSP puts a new certdb.OCSPRecord into the db.
func (*CertDBAccessor) RevokeCertificate ¶
func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error
RevokeCertificate updates a certificate with a given serial number and marks it revoked.
func (*CertDBAccessor) RevokeCertificatesByID ¶
func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)
RevokeCertificatesByID updates all certificates for a given ID and marks them revoked.
func (*CertDBAccessor) SetDB ¶
func (d *CertDBAccessor) SetDB(db *sqlx.DB)
SetDB changes the underlying sql.DB object Accessor is manipulating.
func (*CertDBAccessor) UpdateOCSP ¶
func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error
UpdateOCSP updates a ocsp response record with a given serial number.
func (*CertDBAccessor) UpsertOCSP ¶
func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error
UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db
type CertRecord ¶
type CertRecord struct { ID string `db:"id"` certdb.CertificateRecord }
CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record
type Client ¶
type Client struct { // The client's home directory HomeDir string `json:"homeDir,omitempty"` // The client's configuration Config *ClientConfig // contains filtered or unexported fields }
Client is the fabric-ca client object
func (*Client) CheckEnrollment ¶
CheckEnrollment returns an error if this client is not enrolled
func (*Client) Enroll ¶
func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)
Enroll enrolls a new identity @param req The enrollment request
func (*Client) GetCAInfo ¶
func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetServerInfoResponse, error)
GetCAInfo returns generic CA information
func (*Client) GetCertFilePath ¶
GetCertFilePath returns the path to the certificate file for this client
func (*Client) LoadCSRInfo ¶
LoadCSRInfo reads CSR (Certificate Signing Request) from a file @parameter path The path to the file contains CSR info in JSON format
func (*Client) LoadIdentity ¶
LoadIdentity loads an identity from disk
func (*Client) LoadMyIdentity ¶
LoadMyIdentity loads the client's identity from disk
func (*Client) NewIdentity ¶
NewIdentity creates a new identity
func (*Client) StoreMyIdentity ¶
StoreMyIdentity stores my identity to disk
type ClientConfig ¶
type ClientConfig struct { Debug bool `def:"false" opt:"d" help:"Enable debug level logging"` URL string `def:"http://localhost:7054" opt:"u" help:"URL of fabric-ca-server"` MSPDir string `def:"msp" opt:"M" help:"Membership Service Provider directory"` TLS tls.ClientTLSConfig Enrollment api.EnrollmentRequest CSR api.CSRInfo ID api.RegistrationRequest Revoke api.RevocationRequest CAInfo api.GetCAInfoRequest CAName string `help:"Name of CA"` CSP *factory.FactoryOpts `mapstructure:"bccsp"` }
ClientConfig is the fabric-ca client's config
func (*ClientConfig) Enroll ¶
func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)
Enroll a client given the server's URL and the client's home directory. The URL may be of the form: http://user:pass@host:port where user and pass are the enrollment ID and secret, respectively.
func (*ClientConfig) GenCSR ¶ added in v1.1.0
func (c *ClientConfig) GenCSR(home string) error
GenCSR generates a certificate signing request and writes the CSR to a file.
type DBUser ¶
DBUser is the databases representation of a user
func (*DBUser) GetAffiliationPath ¶
GetAffiliationPath returns the complete path for the user's affiliation.
func (*DBUser) GetAttribute ¶
GetAttribute returns the value for an attribute name
func (*DBUser) GetAttributes ¶ added in v1.1.0
GetAttributes returns the requested attributes
func (*DBUser) LoginComplete ¶ added in v1.1.0
LoginComplete completes the login process by incrementing the state of the user
type DN ¶
type DN struct {
// contains filtered or unexported fields
}
DN is the distinguished name inside a certificate
type EnrollmentResponse ¶
type EnrollmentResponse struct { Identity *Identity ServerInfo GetServerInfoResponse }
EnrollmentResponse is the response from Client.Enroll and Identity.Reenroll
type GetServerInfoResponse ¶
type GetServerInfoResponse struct { // CAName is the name of the CA CAName string // CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain. // The 1st element of the chain is the root CA cert CAChain []byte }
GetServerInfoResponse is the response from the GetServerInfo call
type Identity ¶
Identity is fabric-ca's implementation of an identity
func (*Identity) GenCRL ¶ added in v1.1.0
func (i *Identity) GenCRL(req *api.GenCRLRequest) (*api.GenCRLResponse, error)
GenCRL generates CRL
func (*Identity) GetTCertBatch ¶
func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*Signer, error)
GetTCertBatch returns a batch of TCerts for this identity
func (*Identity) Post ¶
Post sends arbtrary request body (reqBody) to an endpoint. This adds an authorization header which contains the signature of this identity over the body and non-signature part of the authorization header. The return value is the body of the response.
func (*Identity) Reenroll ¶
func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*EnrollmentResponse, error)
Reenroll reenrolls an existing Identity and returns a new Identity @param req The reenrollment request
func (*Identity) Register ¶
func (i *Identity) Register(req *api.RegistrationRequest) (rr *api.RegistrationResponse, err error)
Register registers a new identity @param req The registration request
func (*Identity) RegisterAndEnroll ¶
func (i *Identity) RegisterAndEnroll(req *api.RegistrationRequest) (*Identity, error)
RegisterAndEnroll registers and enrolls an identity and returns the identity
func (*Identity) Revoke ¶
func (i *Identity) Revoke(req *api.RevocationRequest) error
Revoke the identity associated with 'id'
func (*Identity) RevokeSelf ¶
RevokeSelf revokes the current identity and all certificates
type IntermediateCA ¶
type IntermediateCA struct { ParentServer ParentServer TLS tls.ClientTLSConfig Enrollment api.EnrollmentRequest }
IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermetiate CA
type ParentServer ¶
type ParentServer struct { URL string `opt:"u" help:"URL of the parent fabric-ca-server (e.g. http://<username>:<password>@<address>:<port)" mask:"url"` CAName string `help:"Name of the CA to connect to on fabric-ca-server"` }
ParentServer contains URL for the parent server and the name of CA inside the server to connect to
func (ParentServer) String ¶ added in v1.1.0
func (parent ParentServer) String() string
type Server ¶
type Server struct { // The home directory for the server HomeDir string // BlockingStart if true makes the Start function blocking; // It is non-blocking by default. BlockingStart bool // The server's configuration Config *ServerConfig // Server's default CA CA // contains filtered or unexported fields }
Server is the fabric-ca server
func TestGetIntermediateServer ¶
TestGetIntermediateServer creates a server with intermediate server configuration
func TestGetRootServer ¶
TestGetRootServer creates a server with root configuration
func TestGetServer ¶
TestGetServer creates and returns a pointer to a server struct
func TestGetServer2 ¶ added in v1.0.5
func TestGetServer2(deleteHome bool, port int, home, parentURL string, maxEnroll int, t *testing.T) *Server
TestGetServer2 creates and returns a pointer to a server struct, with an option of whether or not to remove the home directory first
func (*Server) RegisterBootstrapUser ¶
RegisterBootstrapUser registers the bootstrap user with appropriate privileges
type ServerConfig ¶
type ServerConfig struct { // Listening port for the server Port int `def:"7054" opt:"p" help:"Listening port of fabric-ca-server"` // Bind address for the server Address string `def:"0.0.0.0" help:"Listening address of fabric-ca-server"` // Enables debug logging Debug bool `def:"false" opt:"d" help:"Enable debug level logging"` // TLS for the server's listening endpoint TLS tls.ServerTLSConfig // Optional client config for an intermediate server which acts as a client // of the root (or parent) server Client *ClientConfig // CACfg is the default CA's config CAcfg CAConfig `skip:"true"` // The names of the CA configuration files // This is empty unless there are non-default CAs served by this server CAfiles []string `help:"A list of comma-separated CA configuration files"` // The number of non-default CAs, which is useful for a dev environment to // quickly start any number of CAs in a single server CAcount int `def:"0" help:"Number of non-default CA instances"` // Size limit of an acceptable CRL in bytes CRLSizeLimit int `def:"512000" help:"Size limit of an acceptable CRL in bytes"` }
ServerConfig is the fabric-ca server's config The tags are recognized by the RegisterFlags function in fabric-ca/lib/util.go and are as follows: "def" - the default value of the field; "opt" - the optional one character short name to use on the command line; "help" - the help message to display on the command line; "skip" - to skip the field.
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer represents a signer Each identity may have multiple signers, currently one ecert and multiple tcerts
func (*Signer) Attributes ¶ added in v1.1.0
func (s *Signer) Attributes() (*attrmgr.Attributes, error)
Attributes returns the attributes that are in the certificate
func (*Signer) GetX509Cert ¶ added in v1.1.0
func (s *Signer) GetX509Cert() (*x509.Certificate, error)
GetX509Cert returns the X509 certificate for this signer
func (*Signer) RevokeSelf ¶
RevokeSelf revokes only the certificate associated with this signer