Documentation ¶
Index ¶
- Constants
- func CheckRole(bitmask int, role Role) bool
- func DecodeKeys(pemEncodedPK, pemEncodedPubKey []byte) (*sm2.PrivateKey, *sm2.PublicKey, error)
- func EncodeKeys(privateKey *sm2.PrivateKey, publicKey *sm2.PublicKey) ([]byte, []byte, error)
- func GetAttributeNames() []string
- func GetRoleMask(roles []Role) int
- func IsToken(token string) bool
- type CRIRequestHandler
- type Clock
- type Config
- type CredDBAccessor
- type CredRecord
- type CredentialAccessor
- func (ac *CredentialAccessor) GetCredential(revocationHandle string) (*CredRecord, error)
- func (ac *CredentialAccessor) GetCredentialsByID(id string) ([]CredRecord, error)
- func (ac *CredentialAccessor) GetRevokedCredentials() ([]CredRecord, error)
- func (ac *CredentialAccessor) InsertCredential(cr CredRecord) error
- func (ac *CredentialAccessor) SetDB(db dbutil.FabricCADB)
- type EnrollRequestHandler
- func (h *EnrollRequestHandler) Authenticate() error
- func (h *EnrollRequestHandler) GenerateNonce() (*fp256bn.BIG, error)
- func (h *EnrollRequestHandler) GetAttributeValues(caller spi.User, ipk *idemix.IssuerPublicKey, rh *fp256bn.BIG) (map[string]interface{}, []*fp256bn.BIG, error)
- func (h *EnrollRequestHandler) HandleRequest() (*EnrollmentResponse, error)
- type EnrollmentResponse
- type Issuer
- type IssuerCredential
- type Lib
- type MyIssuer
- type Nonce
- type NonceManager
- type RevocationAuthority
- type RevocationAuthorityInfo
- type RevocationKey
- type Role
- type ServerRequestCtx
Constants ¶
const ( // DefaultIssuerPublicKeyFile is the default name of the file that contains issuer public key DefaultIssuerPublicKeyFile = "IssuerPublicKey" // DefaultIssuerSecretKeyFile is the default name of the file that contains issuer secret key DefaultIssuerSecretKeyFile = "IssuerSecretKey" // DefaultRevocationPublicKeyFile is the name of the file where revocation public key is stored DefaultRevocationPublicKeyFile = "IssuerRevocationPublicKey" // DefaultRevocationPrivateKeyFile is the name of the file where revocation private key is stored DefaultRevocationPrivateKeyFile = "IssuerRevocationPrivateKey" // KeystoreDir is the keystore directory where all keys are stored. It is relative to the server home directory. KeystoreDir = "msp/keystore" )
const ( // InsertCredentialSQL is the SQL to add a credential to database InsertCredentialSQL = `` /* 208-byte string literal not displayed */ // SelectCredentialByIDSQL is the SQL for getting credentials of a user SelectCredentialByIDSQL = ` SELECT %s FROM credentials WHERE (id = ?);` // SelectCredentialSQL is the SQL for getting a credential given a revocation handle SelectCredentialSQL = ` SELECT %s FROM credentials WHERE (revocation_handle = ?);` // SelectRevokedCredentialSQL is the SQL for getting revoked credentials SelectRevokedCredentialSQL = ` SELECT %s FROM credentials WHERE (status = 'revoked');` // UpdateRevokeCredentialSQL is the SQL for updating status of a credential to revoked UpdateRevokeCredentialSQL = `` /* 128-byte string literal not displayed */ // DeleteCredentialbyID is the SQL for deleting credential of a user DeleteCredentialbyID = ` DELETE FROM credentials WHERE (id = ?);` )
const ( // AttrEnrollmentID is the attribute name for enrollment ID AttrEnrollmentID = "EnrollmentID" // AttrRole is the attribute name for role AttrRole = "Role" // AttrOU is the attribute name for OU AttrOU = "OU" // AttrRevocationHandle is the attribute name for revocation handle AttrRevocationHandle = "RevocationHandle" )
const ( // InsertNonce is the SQL for inserting a nonce InsertNonce = "INSERT into nonces(val, expiry, level) VALUES (:val, :expiry, :level)" // SelectNonce is query string for getting a particular nonce SelectNonce = "SELECT * FROM nonces WHERE (val = ?)" // RemoveNonce is the query string for removing a specified nonce RemoveNonce = "DELETE FROM nonces WHERE (val = ?)" // RemoveExpiredNonces is the SQL string removing expired nonces RemoveExpiredNonces = "DELETE FROM nonces WHERE (expiry < ?)" // DefaultNonceExpiration is the default value for nonce expiration DefaultNonceExpiration = "15s" // DefaultNonceSweepInterval is the default value for nonce sweep interval DefaultNonceSweepInterval = "15m" )
const ( // InsertRAInfo is the SQL for inserting revocation authority info InsertRAInfo = "" /* 143-byte string literal not displayed */ // SelectRAInfo is the query string for getting revocation authority info SelectRAInfo = "SELECT * FROM revocation_authority_info" // UpdateNextAndLastHandle is the SQL for updating next and last revocation handle UpdateNextAndLastHandle = "UPDATE revocation_authority_info SET next_handle = ?, lasthandle_in_pool = ?, epoch = ? WHERE (epoch = ?)" // UpdateNextHandle s the SQL for updating next revocation handle UpdateNextHandle = "UPDATE revocation_authority_info SET next_handle = ? WHERE (epoch = ?)" // DefaultRevocationHandlePoolSize is the default revocation handle pool size DefaultRevocationHandlePoolSize = 1000 )
Variables ¶
This section is empty.
Functions ¶
func DecodeKeys ¶
DecodeKeys decodes sm2 key pair that are pem encoded
func EncodeKeys ¶
EncodeKeys encodes sm2 key pair to PEM encoding
func GetAttributeNames ¶
func GetAttributeNames() []string
GetAttributeNames returns attribute names supported by the Fabric CA for Idemix credentials
func GetRoleMask ¶
GetRoleMask Receive a list of roles to combine in a single bitmask
Types ¶
type CRIRequestHandler ¶
type CRIRequestHandler struct { Ctx ServerRequestCtx Issuer MyIssuer }
CRIRequestHandler is the handler for Idemix CRI (credential revocation information) request
func (*CRIRequestHandler) HandleRequest ¶
func (ch *CRIRequestHandler) HandleRequest() (*api.GetCRIResponse, error)
HandleRequest handles processing for idemix/cri request
type Config ¶
type Config struct { IssuerPublicKeyfile string `def:"IssuerPublicKey" skip:"true" help:"Name of the file that contains marshalled bytes of CA's Idemix issuer public key"` IssuerSecretKeyfile string `def:"IssuerSecretKey" skip:"true" help:"Name of the file that contains CA's Idemix issuer secret key"` RevocationPublicKeyfile string `def:"IssuerRevocationPublicKey" skip:"true" help:"Name of the file that contains Idemix issuer revocation public key"` RevocationPrivateKeyfile string `def:"IssuerRevocationPrivateKey" skip:"true" help:"Name of the file that contains Idemix issuer revocation private key"` RHPoolSize int `def:"100" help:"Specifies revocation handle pool size"` NonceExpiration string `def:"15s" help:"Duration after which a nonce expires"` NonceSweepInterval string `def:"15m" help:"Interval at which expired nonces are deleted"` }
Config encapsulates Idemix related the configuration options
type CredDBAccessor ¶
type CredDBAccessor interface { // Sets reference to datastore object SetDB(db dbutil.FabricCADB) // InsertCredential inserts specified Idemix credential record into database InsertCredential(cr CredRecord) error // GetCredential returns Idemix credential associated with the specified revocation // handle GetCredential(revocationHandle string) (*CredRecord, error) // GetCredentialsByID returns Idemix credentials associated with the specified // enrollment ID GetCredentialsByID(id string) ([]CredRecord, error) // GetRevokedCredentials returns revoked credentials GetRevokedCredentials() ([]CredRecord, error) }
CredDBAccessor is the accessor for credentials database table
func NewCredentialAccessor ¶
func NewCredentialAccessor(db dbutil.FabricCADB, level int) CredDBAccessor
NewCredentialAccessor returns a new CredentialAccessor.
type CredRecord ¶
type CredRecord struct { ID string `db:"id"` RevocationHandle string `db:"revocation_handle"` Cred string `db:"cred"` CALabel string `db:"ca_label"` Status string `db:"status"` Reason int `db:"reason"` Expiry time.Time `db:"expiry"` RevokedAt time.Time `db:"revoked_at"` Level int `db:"level"` }
CredRecord represents a credential database record
type CredentialAccessor ¶
type CredentialAccessor struct {
// contains filtered or unexported fields
}
CredentialAccessor implements IdemixCredDBAccessor interface
func (*CredentialAccessor) GetCredential ¶
func (ac *CredentialAccessor) GetCredential(revocationHandle string) (*CredRecord, error)
GetCredential gets a CredentialRecord indexed by revocationHandle.
func (*CredentialAccessor) GetCredentialsByID ¶
func (ac *CredentialAccessor) GetCredentialsByID(id string) ([]CredRecord, error)
GetCredentialsByID gets a CredentialRecord indexed by id.
func (*CredentialAccessor) GetRevokedCredentials ¶
func (ac *CredentialAccessor) GetRevokedCredentials() ([]CredRecord, error)
GetRevokedCredentials returns revoked certificates
func (*CredentialAccessor) InsertCredential ¶
func (ac *CredentialAccessor) InsertCredential(cr CredRecord) error
InsertCredential puts a CredentialRecord into db.
func (*CredentialAccessor) SetDB ¶
func (ac *CredentialAccessor) SetDB(db dbutil.FabricCADB)
SetDB changes the underlying sql.DB object Accessor is manipulating.
type EnrollRequestHandler ¶
type EnrollRequestHandler struct { Ctx ServerRequestCtx EnrollmentID string Issuer MyIssuer IdmxLib Lib }
EnrollRequestHandler is the handler for Idemix enroll request
func (*EnrollRequestHandler) Authenticate ¶
func (h *EnrollRequestHandler) Authenticate() error
Authenticate authenticates the Idemix enroll request
func (*EnrollRequestHandler) GenerateNonce ¶
func (h *EnrollRequestHandler) GenerateNonce() (*fp256bn.BIG, error)
GenerateNonce generates a nonce for an Idemix enroll request
func (*EnrollRequestHandler) GetAttributeValues ¶
func (h *EnrollRequestHandler) GetAttributeValues(caller spi.User, ipk *idemix.IssuerPublicKey, rh *fp256bn.BIG) (map[string]interface{}, []*fp256bn.BIG, error)
GetAttributeValues returns attribute values of the caller of Idemix enroll request
func (*EnrollRequestHandler) HandleRequest ¶
func (h *EnrollRequestHandler) HandleRequest() (*EnrollmentResponse, error)
HandleRequest handles processing for Idemix enroll
type EnrollmentResponse ¶
type EnrollmentResponse struct { // Base64 encoding of idemix Credential Credential string // Attribute name-value pairs Attrs map[string]interface{} // Base64 encoding of Credential Revocation information CRI string // Base64 encoding of the issuer nonce Nonce string }
EnrollmentResponse is the idemix enrollment response from the server
type Issuer ¶
type Issuer interface { Init(renew bool, db dbutil.FabricCADB, levels *dbutil.Levels) error IssuerPublicKey() ([]byte, error) RevocationPublicKey() ([]byte, error) IssueCredential(ctx ServerRequestCtx) (*EnrollmentResponse, error) GetCRI(ctx ServerRequestCtx) (*api.GetCRIResponse, error) VerifyToken(authHdr, method, uri string, body []byte) (string, error) }
Issuer is the interface to the Issuer for external components
type IssuerCredential ¶
type IssuerCredential interface { // Load loads the CA's Idemix credential from the disk Load() error // Store stores the CA's Idemix credential to the disk Store() error // GetIssuerKey returns *idemix.IssuerKey that represents // CA's Idemix public and secret key GetIssuerKey() (*idemix.IssuerKey, error) // SetIssuerKey sets issuer key SetIssuerKey(key *idemix.IssuerKey) // Returns new instance of idemix.IssuerKey NewIssuerKey() (*idemix.IssuerKey, error) }
IssuerCredential represents CA's Idemix credential
func NewIssuerCredential ¶
func NewIssuerCredential(pubKeyFile, secretKeyFile string, lib Lib) IssuerCredential
NewIssuerCredential returns an instance of an object that implements IssuerCredential interface
type Lib ¶
type Lib interface { NewIssuerKey(AttributeNames []string, rng *amcl.RAND) (ik *idemix.IssuerKey, err error) NewCredential(key *idemix.IssuerKey, m *idemix.CredRequest, attrs []*fp256bn.BIG, rng *amcl.RAND) (cred *idemix.Credential, err error) CreateCRI(key *sm2.PrivateKey, unrevokedHandles []*fp256bn.BIG, epoch int, alg idemix.RevocationAlgorithm, rng *amcl.RAND) (cri *idemix.CredentialRevocationInformation, err error) GenerateLongTermRevocationKey() (pk *sm2.PrivateKey, err error) GetRand() (rand *amcl.RAND, err error) RandModOrder(rng *amcl.RAND) (big *fp256bn.BIG, err error) }
Lib represents idemix library
type MyIssuer ¶
type MyIssuer interface { Name() string HomeDir() string Config() *Config IdemixLib() Lib DB() dbutil.FabricCADB IdemixRand() *amcl.RAND IssuerCredential() IssuerCredential RevocationAuthority() RevocationAuthority NonceManager() NonceManager CredDBAccessor() CredDBAccessor }
MyIssuer provides functions for accessing issuer components
type NonceManager ¶
type NonceManager interface { // GetNonce creates a nonce, stores it in the database and returns it GetNonce() (*fp256bn.BIG, error) // CheckNonce checks if the specified nonce exists in the database and has not expired CheckNonce(nonce *fp256bn.BIG) error // SweepExpiredNonces removes expired nonces from the database SweepExpiredNonces() error }
NonceManager represents nonce manager that is responsible for getting a new nonce
func NewNonceManager ¶
func NewNonceManager(issuer MyIssuer, clock Clock, level int) (NonceManager, error)
NewNonceManager returns an instance of an object that implements NonceManager interface
type RevocationAuthority ¶
type RevocationAuthority interface { // GetNewRevocationHandle returns new revocation handle, which is required to // create a new Idemix credential GetNewRevocationHandle() (*fp256bn.BIG, error) // CreateCRI returns latest credential revocation information (CRI). CRI contains // information that allows a prover to create a proof that the revocation handle associated // with his credential is not revoked and by the verifier to verify the non-revocation // proof of the prover. Verification will fail if the version of the CRI that verifier has // does not match the version of the CRI that prover used to create non-revocation proof. // The version of the CRI is specified by the Epoch value associated with the CRI. CreateCRI() (*idemix.CredentialRevocationInformation, error) // Epoch returns epoch value of the latest CRI Epoch() (int, error) // PublicKey returns revocation authority's public key PublicKey() *sm2.PublicKey }
RevocationAuthority is responsible for generating revocation handles and credential revocation info (CRI)
func NewRevocationAuthority ¶
func NewRevocationAuthority(issuer MyIssuer, level int) (RevocationAuthority, error)
NewRevocationAuthority constructor for revocation authority
type RevocationAuthorityInfo ¶
type RevocationAuthorityInfo struct { Epoch int `db:"epoch"` NextRevocationHandle int `db:"next_handle"` LastHandleInPool int `db:"lasthandle_in_pool"` Level int `db:"level"` }
RevocationAuthorityInfo is the revocation authority information record that is stored in the database
type RevocationKey ¶
type RevocationKey interface { // Load loads this revocation key from the disk Load() error // Store stores this revocation key to the disk Store() error // GetKey returns *sm2.PrivateKey that represents revocation public and private key pair GetKey() *sm2.PrivateKey // SetKey sets revocation public and private key SetKey(key *sm2.PrivateKey) // SetNewKey creates new revocation public and private key pair and sets them in this object SetNewKey() error }
RevocationKey represents issuer revocation public and private key
func NewRevocationKey ¶
func NewRevocationKey(pubKeyFile, privateKeyFile string, lib Lib) RevocationKey
NewRevocationKey returns an instance of an object that implements RevocationKey interface