msp

package
v1.0.0-alpha4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 13, 2018 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package msp enables creation and update of users on a Fabric network. Msp client supports the following actions: Enroll, Reenroll, Register, Revoke and GetSigningIdentity.

Basic Flow:
1) Prepare client context
2) Create msp client
3) Register user
4) Enroll user
Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

username := randomUsername()

enrollmentSecret, err := c.Register(&RegistrationRequest{Name: username})
if err != nil {
	fmt.Printf("Register return error %s\n", err)
	return
}

err = c.Enroll(username, WithSecret(enrollmentSecret))
if err != nil {
	fmt.Printf("failed to enroll user: %s\n", err)
	return
}
fmt.Println("enroll user is completed")
Output:

enroll user is completed

Index

Examples

Constants

This section is empty.

Variables

View Source
var (
	// ErrUserNotFound indicates the user was not found
	ErrUserNotFound = errors.New("user not found")
)

Functions

This section is empty.

Types

type Attribute

type Attribute struct {
	Name  string
	Value string
	ECert bool
}

Attribute defines additional attributes that may be passed along during registration

type AttributeRequest

type AttributeRequest struct {
	Name     string
	Optional bool
}

AttributeRequest is a request for an attribute.

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client enables access to Client services

func New

func New(clientProvider context.ClientProvider, opts ...ClientOption) (*Client, error)

New creates a new Client instance

Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

if c != nil {
	fmt.Println("msp client created")
}
Output:

msp client created

func (*Client) CreateIdentity

func (c *Client) CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)

CreateIdentity creates a new identity with the Fabric CA server. An enrollment secret is returned which can then be used, along with the enrollment ID, to enroll a new identity.

Parameters:
request holds info about identity

Returns:
Return identity info including the secret
Example
// Create msp client
c, err := New(mockClientProvider())
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

identity, err := c.CreateIdentity(&IdentityRequest{ID: "123", Affiliation: "org2",
	Attributes: []Attribute{{Name: "attName1", Value: "attValue1"}}})
if err != nil {
	fmt.Printf("Create identity return error %s\n", err)
	return
}
fmt.Printf("identity '%s' created\n", identity.ID)
Output:

identity '123' created

func (*Client) Enroll

func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error

Enroll enrolls a registered user in order to receive a signed X509 certificate. A new key pair is generated for the user. The private key and the enrollment certificate issued by the CA are stored in SDK stores. They can be retrieved by calling IdentityManager.GetSigningIdentity().

Parameters:
enrollmentID enrollment ID of a registered user
opts are optional enrollment options

Returns:
an error if enrollment fails
Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret"))
if err != nil {
	fmt.Printf("failed to enroll user: %s\n", err)
	return
}
fmt.Println("enroll user is completed")
Output:

enroll user is completed

func (*Client) GetAllIdentities

func (c *Client) GetAllIdentities(options ...RequestOption) ([]*IdentityResponse, error)

GetAllIdentities returns all identities that the caller is authorized to see

Parameters:
options holds optional request options
Returns:
Response containing identities
Example
// Create msp client
c, err := New(mockClientProvider())
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

results, err := c.GetAllIdentities()
if err != nil {
	fmt.Printf("Get identities return error %s\n", err)
	return
}
fmt.Printf("%d identities retrieved\n", len(results))
Output:

2 identities retrieved

func (*Client) GetIdentity

func (c *Client) GetIdentity(ID string, options ...RequestOption) (*IdentityResponse, error)

GetIdentity retrieves identity information.

Parameters:
ID is required identity ID
options holds optional request options

Returns:
Response containing identity information
Example
// Create msp client
c, err := New(mockClientProvider())
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

identity, err := c.GetIdentity("123")
if err != nil {
	fmt.Printf("Get identity return error %s\n", err)
	return
}
fmt.Printf("identity '%s' retrieved\n", identity.ID)
Output:

identity '123' retrieved

func (*Client) GetSigningIdentity

func (c *Client) GetSigningIdentity(id string) (mspctx.SigningIdentity, error)

GetSigningIdentity returns signing identity for id

Parameters:
id is user id

Returns:
signing identity
Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

username := randomUsername()

err = c.Enroll(username, WithSecret("enrollmentSecret"))
if err != nil {
	fmt.Printf("failed to enroll user: %s\n", err)
	return
}
enrolledUser, err := c.GetSigningIdentity(username)
if err != nil {
	fmt.Printf("user not found %s\n", err)
	return
}

if enrolledUser.Identifier().ID != username {
	fmt.Println("Enrolled user name doesn't match")
	return
}

fmt.Println("enroll user is completed")
Output:

enroll user is completed

func (*Client) ModifyIdentity

func (c *Client) ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error)

ModifyIdentity modifies identity with the Fabric CA server.

Parameters:
request holds info about identity

Returns:
Return updated identity info
Example
// Create msp client
c, err := New(mockClientProvider())
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

identity, err := c.ModifyIdentity(&IdentityRequest{ID: "123", Affiliation: "org2", Secret: "top-secret"})
if err != nil {
	fmt.Printf("Modify identity return error %s\n", err)
	return
}
fmt.Printf("identity '%s' modified\n", identity.ID)
Output:

identity '123' modified

func (*Client) Reenroll

func (c *Client) Reenroll(enrollmentID string) error

Reenroll reenrolls an enrolled user in order to obtain a new signed X509 certificate

Parameters:
enrollmentID enrollment ID of a registered user

Returns:
an error if re-enrollment fails
Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

username := randomUsername()

err = c.Enroll(username, WithSecret("enrollmentSecret"))
if err != nil {
	fmt.Printf("failed to enroll user: %s\n", err)
	return
}

err = c.Reenroll(username)
if err != nil {
	fmt.Printf("failed to reenroll user: %s\n", err)
	return
}

fmt.Println("reenroll user is completed")
Output:

reenroll user is completed

func (*Client) Register

func (c *Client) Register(request *RegistrationRequest) (string, error)

Register registers a User with the Fabric CA

Parameters:
request is registration request

Returns:
enrolment secret
Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

_, err = c.Register(&RegistrationRequest{Name: randomUsername()})
if err != nil {
	fmt.Printf("Register return error %s\n", err)
	return
}
fmt.Println("register user is completed")
Output:

register user is completed

func (*Client) RemoveIdentity

func (c *Client) RemoveIdentity(request *RemoveIdentityRequest) (*IdentityResponse, error)

RemoveIdentity removes identity with the Fabric CA server.

Parameters:
request holds info about identity to be removed

Returns:
Return removed identity info
Example
// Create msp client
c, err := New(mockClientProvider())
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

identity, err := c.RemoveIdentity(&RemoveIdentityRequest{ID: "123"})
if err != nil {
	fmt.Printf("Remove identity return error %s\n", err)
	return
}
fmt.Printf("identity '%s' removed\n", identity.ID)
Output:

identity '123' removed

func (*Client) Revoke

func (c *Client) Revoke(request *RevocationRequest) (*RevocationResponse, error)

Revoke revokes a User with the Fabric CA

Parameters:
request is revocation request

Returns:
revocation response
Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

_, err = c.Revoke(&RevocationRequest{Name: "testuser"})
if err != nil {
	fmt.Printf("revoke return error %s\n", err)
}
fmt.Println("revoke user is completed")
Output:

revoke user is completed

type ClientOption

type ClientOption func(*Client) error

ClientOption describes a functional parameter for the New constructor

func WithOrg

func WithOrg(orgName string) ClientOption

WithOrg option

Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx, WithOrg("org1"))
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

if c != nil {
	fmt.Println("msp client created with org")
}
Output:

msp client created with org

type EnrollmentOption

type EnrollmentOption func(*enrollmentOptions) error

EnrollmentOption describes a functional parameter for Enroll

func WithSecret

func WithSecret(secret string) EnrollmentOption

WithSecret enrollment option

Example
ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret"))
if err != nil {
	fmt.Printf("failed to enroll user: %s\n", err)
	return
}
fmt.Println("enroll user is completed")
Output:

enroll user is completed

type IdentityManager

type IdentityManager interface {
	GetSigningIdentity(name string) (msp.SigningIdentity, error)
}

IdentityManager provides management of identities in a Fabric network

type IdentityRequest

type IdentityRequest struct {

	// The enrollment ID which uniquely identifies an identity (required)
	ID string

	// The identity's affiliation (required)
	Affiliation string

	// Array of attributes to assign to the user
	Attributes []Attribute

	// Type of identity being registered (e.g. 'peer, app, user'). Default is 'user'.
	Type string

	// The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
	MaxEnrollments int

	// The enrollment secret. If not provided, a random secret is generated.
	Secret string

	// Name of the CA to send the request to within the Fabric CA server (optional)
	CAName string
}

IdentityRequest represents the request to add/update identity to the fabric-ca-server

type IdentityResponse

type IdentityResponse struct {

	// The enrollment ID which uniquely identifies an identity
	ID string

	// The identity's affiliation
	Affiliation string

	// Array of attributes assigned to the user
	Attributes []Attribute

	// Type of identity (e.g. 'peer, app, user')
	Type string

	// The maximum number of times the secret can be reused to enroll
	MaxEnrollments int

	// The enrollment secret
	Secret string

	// Name of the CA
	CAName string
}

IdentityResponse is the response from the any read/add/modify/remove identity call

type RegistrationRequest

type RegistrationRequest struct {
	// Name is the unique name of the identity
	Name string
	// Type of identity being registered (e.g. "peer, app, user")
	Type string
	// MaxEnrollments is the number of times the secret can  be reused to enroll.
	// if omitted, this defaults to max_enrollments configured on the server
	MaxEnrollments int
	// The identity's affiliation e.g. org1.department1
	Affiliation string
	// Optional attributes associated with this identity
	Attributes []Attribute
	// CAName is the name of the CA to connect to
	CAName string
	// Secret is an optional password.  If not specified,
	// a random secret is generated.  In both cases, the secret
	// is returned from registration.
	Secret string
}

RegistrationRequest defines the attributes required to register a user with the CA

type RemoveIdentityRequest

type RemoveIdentityRequest struct {

	// The enrollment ID which uniquely identifies an identity
	ID string

	// Force delete
	Force bool

	// Name of the CA
	CAName string
}

RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server

type RequestOption

type RequestOption func(ctx context.Client, opts *requestOptions) error

RequestOption func for each Opts argument

func WithCA

func WithCA(caname string) RequestOption

WithCA allows for specifying optional CA name

Example
// Create msp client
c, err := New(mockClientProvider())
if err != nil {
	fmt.Println("failed to create msp client")
	return
}

results, err := c.GetAllIdentities(WithCA("CA"))
if err != nil {
	fmt.Printf("Get identities return error %s\n", err)
	return
}
fmt.Printf("%d identities retrieved\n", len(results))
Output:

2 identities retrieved

type RevocationRequest

type RevocationRequest struct {
	// Name of the identity whose certificates should be revoked
	// If this field is omitted, then Serial and AKI must be specified.
	Name string
	// Serial number of the certificate to be revoked
	// If this is omitted, then Name must be specified
	Serial string
	// AKI (Authority Key Identifier) of the certificate to be revoked
	AKI string
	// Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp
	// for valid values. The default value is 0 (ocsp.Unspecified).
	Reason string
	// CAName is the name of the CA to connect to
	CAName string
}

RevocationRequest defines the attributes required to revoke credentials with the CA

type RevocationResponse

type RevocationResponse struct {
	// RevokedCerts is an array of certificates that were revoked
	RevokedCerts []RevokedCert
	// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
	CRL []byte
}

RevocationResponse represents response from the server for a revocation request

type RevokedCert

type RevokedCert struct {
	// Serial number of the revoked certificate
	Serial string
	// AKI of the revoked certificate
	AKI string
}

RevokedCert represents a revoked certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL