Documentation ¶
Index ¶
- Constants
- type AddAffiliationRequest
- type AddAffiliationRequestNet
- type AddIdentityRequest
- type AddIdentityRequestNet
- type AffiliationInfo
- type AffiliationResponse
- type Attribute
- type AttributeRequest
- type CAInfoResponseNet
- type CSRInfo
- type CertificateResponse
- type EnrollmentRequest
- type EnrollmentRequestNet
- type EnrollmentResponseNet
- type GenCRLRequest
- type GenCRLResponse
- type GetAllIDsResponse
- type GetCAInfoRequest
- type GetCRIRequest
- type GetCRIResponse
- type GetCertificatesRequest
- type GetCertificatesRequestNet
- type GetIDResponse
- type IdemixEnrollmentResponseNet
- type IdentityInfo
- type IdentityResponse
- type KeyRequest
- type KeySig
- type ModifyAffiliationRequest
- type ModifyAffiliationRequestNet
- type ModifyIdentityRequest
- type ModifyIdentityRequestNet
- type ReenrollmentRequest
- type ReenrollmentRequestNet
- type RegistrationRequest
- type RegistrationRequestNet
- type RegistrationResponse
- type RegistrationResponseNet
- type RemoveAffiliationRequest
- type RemoveIdentityRequest
- type RevocationRequest
- type RevocationRequestNet
- type RevocationResponse
- type RevokedCert
- type TimeRange
Constants ¶
const (
// IdemixTokenVersion1 represents version 1 of the authorization token created using Idemix credential
IdemixTokenVersion1 = "1"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddAffiliationRequest ¶
type AddAffiliationRequest struct { Name string `json:"name"` Force bool `json:"force"` CAName string `json:"caname,omitempty"` }
AddAffiliationRequest represents the request to add a new affiliation to the fabric-ca-server
type AddAffiliationRequestNet ¶
type AddAffiliationRequestNet struct {
AddAffiliationRequest
}
AddAffiliationRequestNet is a network request for adding a new affiliation
type AddIdentityRequest ¶
type AddIdentityRequest struct { ID string `json:"id" skip:"true"` Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"` Affiliation string `json:"affiliation" help:"The identity's affiliation"` Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` MaxEnrollments int `` /* 153-byte string literal not displayed */ // Secret is an optional password. If not specified, // a random secret is generated. In both cases, the secret // is returned in the RegistrationResponse. Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being added"` CAName string `json:"caname,omitempty" skip:"true"` }
AddIdentityRequest represents the request to add a new identity to the fabric-ca-server
type AddIdentityRequestNet ¶
type AddIdentityRequestNet struct {
AddIdentityRequest
}
AddIdentityRequestNet is a network request for adding a new identity
type AffiliationInfo ¶
type AffiliationInfo struct { Name string `json:"name"` Affiliations []AffiliationInfo `json:"affiliations,omitempty"` Identities []IdentityInfo `json:"identities,omitempty"` }
AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.
type AffiliationResponse ¶
type AffiliationResponse struct { AffiliationInfo `mapstructure:",squash"` CAName string `json:"caname,omitempty"` }
AffiliationResponse contains the response for get, add, modify, and remove an affiliation
type Attribute ¶
type Attribute struct { Name string `json:"name"` Value string `json:"value"` ECert bool `json:"ecert,omitempty"` }
Attribute is a name and value pair
type AttributeRequest ¶
type AttributeRequest struct { Name string `json:"name"` Optional bool `json:"optional,omitempty"` }
AttributeRequest is a request for an attribute. This implements the certmgr/AttributeRequest interface.
func (*AttributeRequest) GetName ¶
func (ar *AttributeRequest) GetName() string
GetName returns the name of an attribute being requested
func (*AttributeRequest) IsRequired ¶
func (ar *AttributeRequest) IsRequired() bool
IsRequired returns true if the attribute being requested is required
type CAInfoResponseNet ¶
type CAInfoResponseNet struct { // CAName is a unique name associated with fabric-ca-server's CA CAName string // Base64 encoding of PEM-encoded certificate chain CAChain string // Base64 encoding of Idemix issuer public key IssuerPublicKey string // Base64 encoding of PEM-encoded Idemix issuer revocation public key IssuerRevocationPublicKey string // Version of the server Version string }
CAInfoResponseNet is the response to the GET /info request
type CSRInfo ¶
type CSRInfo struct { CN string `json:"CN"` Names []csr.Name `json:"names,omitempty"` Hosts []string `json:"hosts,omitempty"` KeyRequest *KeyRequest `json:"key,omitempty"` CA *csr.CAConfig `json:"ca,omitempty" hide:"true"` SerialNumber string `json:"serial_number,omitempty"` }
CSRInfo is Certificate Signing Request (CSR) Information
type CertificateResponse ¶
type CertificateResponse struct {
Certs []string `json:"certs"`
}
CertificateResponse contains the response from Get or Delete certificate request.
type EnrollmentRequest ¶
type EnrollmentRequest struct { // The identity name to enroll Name string `json:"name" skip:"true"` // The secret returned via Register Secret string `json:"secret,omitempty" skip:"true" mask:"password"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` // AttrReqs are requests for attributes to add to the certificate. // Each attribute is added only if the requestor owns the attribute. AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` // Profile is the name of the signing profile to use in issuing the X509 certificate Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"` // Label is the label to use in HSM operations Label string `json:"label,omitempty" help:"Label to use in HSM operations"` // CSR is Certificate Signing Request info CSR *CSRInfo `json:"csr,omitempty" skip:"true"` // Skipping this because we pull the CSR from the CSR flags // The type of the enrollment request: x509 or idemix // The default is a request for an X509 enrollment certificate Type string `def:"x509" help:"The type of enrollment request: 'x509' or 'idemix'"` }
EnrollmentRequest is a request to enroll an identity
func (EnrollmentRequest) String ¶
func (er EnrollmentRequest) String() string
type EnrollmentRequestNet ¶
type EnrollmentRequestNet struct { signer.SignRequest CAName string AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` }
EnrollmentRequestNet is a request to enroll an identity
type EnrollmentResponseNet ¶
type EnrollmentResponseNet struct { // Base64 encoded PEM-encoded ECert Cert string // The server information ServerInfo CAInfoResponseNet }
EnrollmentResponseNet is the response to the /enroll request
type GenCRLRequest ¶
type GenCRLRequest struct { CAName string `json:"caname,omitempty" skip:"true"` RevokedAfter time.Time `json:"revokedafter,omitempty"` RevokedBefore time.Time `json:"revokedbefore,omitempty"` ExpireAfter time.Time `json:"expireafter,omitempty"` ExpireBefore time.Time `json:"expirebefore,omitempty"` }
GenCRLRequest represents a request to get CRL for the specified certificate authority
type GenCRLResponse ¶
type GenCRLResponse struct { // CRL is PEM-encoded certificate revocation list (CRL) that contains requested unexpired revoked certificates CRL []byte }
GenCRLResponse represents a response to get CRL
type GetAllIDsResponse ¶
type GetAllIDsResponse struct { Identities []IdentityInfo `json:"identities"` CAName string `json:"caname,omitempty"` }
GetAllIDsResponse is the response from the GetAllIdentities call
type GetCAInfoRequest ¶
type GetCAInfoRequest struct {
CAName string `json:"caname,omitempty" skip:"true"`
}
GetCAInfoRequest is request to get generic CA information
type GetCRIRequest ¶
type GetCRIRequest struct {
CAName string `json:"caname,omitempty" skip:"true"`
}
GetCRIRequest is a request to send to server to get Idemix credential revocation information
type GetCRIResponse ¶
type GetCRIResponse struct { // CRI is base64 encoded proto bytes of idemix.CredentialRevocationInformation CRI string }
GetCRIResponse is the response from the server for get CRI request
type GetCertificatesRequest ¶
type GetCertificatesRequest struct { ID string `skip:"true"` // Get certificates for this enrollment ID AKI string `help:"Get certificates for this AKI"` // Get certificate that matches this AKI Serial string `help:"Get certificates for this serial number"` // Get certificate that matches this serial Revoked TimeRange `skip:"true"` // Get certificates which were revoked between the specified time range Expired TimeRange `skip:"true"` // Get certificates which expire between the specified time range NotExpired bool `help:"Don't return expired certificates"` // Don't return expired certificates NotRevoked bool `help:"Don't return revoked certificates"` // Don't return revoked certificates CAName string `skip:"true"` // Name of CA to send request to within the server }
GetCertificatesRequest represents the request to get certificates from the server per the enrollment ID and/or AKI and Serial. If neither ID or AKI/Serial are provided all certificates are returned which are in or under the caller's affiliation. By default all certificates are returned. However, only revoked and/or expired certificates can be requested by providing a time range.
type GetCertificatesRequestNet ¶
type GetCertificatesRequestNet struct {
GetCertificatesRequest
}
GetCertificatesRequestNet is a network request for getting certificates
type GetIDResponse ¶
type GetIDResponse struct { ID string `json:"id" skip:"true"` Type string `json:"type" def:"user"` Affiliation string `json:"affiliation"` Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` CAName string `json:"caname,omitempty"` }
GetIDResponse is the response from the GetIdentity call
type IdemixEnrollmentResponseNet ¶
type IdemixEnrollmentResponseNet struct { // Base64 encoding of proto bytes of idemix.Credential Credential string // Attribute name-value pairs Attrs map[string]interface{} // Base64 encoding of proto bytes of idemix.CredentialRevocationInformation CRI string // Base64 encoding of the issuer nonce Nonce string // The CA information CAInfo CAInfoResponseNet }
IdemixEnrollmentResponseNet is the response to the /idemix/credential request
type IdentityInfo ¶
type IdentityInfo struct { ID string `json:"id"` Type string `json:"type"` Affiliation string `json:"affiliation"` Attributes []Attribute `json:"attrs" mapstructure:"attrs"` MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` }
IdentityInfo contains information about an identity
type IdentityResponse ¶
type IdentityResponse struct { ID string `json:"id" skip:"true"` Type string `json:"type,omitempty"` Affiliation string `json:"affiliation"` Attributes []Attribute `json:"attrs,omitempty" mapstructure:"attrs"` MaxEnrollments int `json:"max_enrollments,omitempty" mapstructure:"max_enrollments"` Secret string `json:"secret,omitempty"` CAName string `json:"caname,omitempty"` }
IdentityResponse is the response from the any add/modify/remove identity call
type KeyRequest ¶
type KeyRequest struct { Algo string `json:"algo" yaml:"algo" help:"Specify key algorithm"` Size int `json:"size" yaml:"size" help:"Specify key size"` }
KeyRequest encapsulates size and algorithm for the key to be generated
func NewKeyRequest ¶
func NewKeyRequest() *KeyRequest
NewKeyRequest returns the KeyRequest object that is constructed from the object returned by the csr.NewKeyRequest() function
type KeySig ¶
type KeySig struct { // Key is a public key Key []byte `json:"key"` // Sig is a signature over the PublicKey Sig []byte `json:"sig"` // Alg is the signature algorithm Alg string `json:"alg"` }
KeySig is a public key, signature, and signature algorithm tuple
type ModifyAffiliationRequest ¶
type ModifyAffiliationRequest struct { Name string NewName string `json:"name"` Force bool `json:"force"` CAName string `json:"caname,omitempty"` }
ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server
type ModifyAffiliationRequestNet ¶
type ModifyAffiliationRequestNet struct {
ModifyAffiliationRequest
}
ModifyAffiliationRequestNet is a network request for modifying an existing affiliation
type ModifyIdentityRequest ¶
type ModifyIdentityRequest struct { ID string `skip:"true"` Type string `json:"type" help:"Type of identity being registered (e.g. 'peer, app, user')"` Affiliation string `json:"affiliation" help:"The identity's affiliation"` Attributes []Attribute `mapstructure:"attrs" json:"attrs"` MaxEnrollments int `mapstructure:"max_enrollments" json:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll"` Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity"` CAName string `json:"caname,omitempty" skip:"true"` }
ModifyIdentityRequest represents the request to modify an existing identity on the fabric-ca-server
type ModifyIdentityRequestNet ¶
type ModifyIdentityRequestNet struct {
ModifyIdentityRequest
}
ModifyIdentityRequestNet is a network request for modifying an existing identity
type ReenrollmentRequest ¶
type ReenrollmentRequest struct { // Profile is the name of the signing profile to use in issuing the certificate Profile string `json:"profile,omitempty"` // Label is the label to use in HSM operations Label string `json:"label,omitempty"` // CSR is Certificate Signing Request info CSR *CSRInfo `json:"csr,omitempty"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` // AttrReqs are requests for attributes to add to the certificate. // Each attribute is added only if the requestor owns the attribute. AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` }
ReenrollmentRequest is a request to reenroll an identity. This is useful to renew a certificate before it has expired.
type ReenrollmentRequestNet ¶
type ReenrollmentRequestNet struct { signer.SignRequest CAName string AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` }
ReenrollmentRequestNet is a request to reenroll an identity. This is useful to renew a certificate before it has expired.
type RegistrationRequest ¶
type RegistrationRequest struct { // Name is the unique name of the identity Name string `json:"id" help:"Unique name of the identity"` // Type of identity being registered (e.g. "peer, app, user") Type string `json:"type" def:"client" help:"Type of identity being registered (e.g. 'peer, app, user')"` // Secret is an optional password. If not specified, // a random secret is generated. In both cases, the secret // is returned in the RegistrationResponse. Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"` // MaxEnrollments is the maximum number of times the secret can // be reused to enroll. MaxEnrollments int `` /* 132-byte string literal not displayed */ // is returned in the response. // The identity's affiliation. // For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1". Affiliation string `json:"affiliation" help:"The identity's affiliation"` // Attributes associated with this identity Attributes []Attribute `json:"attrs,omitempty"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` }
RegistrationRequest for a new identity
func (*RegistrationRequest) String ¶
func (rr *RegistrationRequest) String() string
type RegistrationRequestNet ¶
type RegistrationRequestNet struct {
RegistrationRequest
}
RegistrationRequestNet is the registration request for a new identity
type RegistrationResponse ¶
type RegistrationResponse struct { // The secret returned from a successful registration response Secret string `json:"secret"` }
RegistrationResponse is a registration response
type RegistrationResponseNet ¶
type RegistrationResponseNet struct {
RegistrationResponse
}
RegistrationResponseNet is a registration response
type RemoveAffiliationRequest ¶
type RemoveAffiliationRequest struct { Name string Force bool `json:"force"` CAName string `json:"caname,omitempty"` }
RemoveAffiliationRequest represents the request to remove an existing affiliation from the fabric-ca-server
type RemoveIdentityRequest ¶
type RemoveIdentityRequest struct { ID string `skip:"true"` Force bool `json:"force"` CAName string `json:"caname,omitempty" skip:"true"` }
RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server
type RevocationRequest ¶
type RevocationRequest struct { // Name of the identity whose certificates should be revoked // If this field is omitted, then Serial and AKI must be specified. Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"` // Serial number of the certificate to be revoked // If this is omitted, then Name must be specified Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"` // AKI (Authority Key Identifier) of the certificate to be revoked AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"` // Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for // valid values. The default value is 0 (ocsp.Unspecified). Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"` // CAName is the name of the CA to connect to CAName string `json:"caname,omitempty" skip:"true"` // GenCRL specifies whether to generate a CRL GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"` }
RevocationRequest is a revocation request for a single certificate or all certificates associated with an identity. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.
type RevocationRequestNet ¶
type RevocationRequestNet struct {
RevocationRequest
}
RevocationRequestNet is a revocation request which flows over the network to the fabric-ca server. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.
type RevocationResponse ¶
type RevocationResponse struct { // RevokedCerts is an array of certificates that were revoked RevokedCerts []RevokedCert // CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates CRL []byte }
RevocationResponse represents response from the server for a revocation request
type RevokedCert ¶
type RevokedCert struct { // Serial number of the revoked certificate Serial string // AKI of the revoked certificate AKI string }
RevokedCert represents a revoked certificate