Documentation

Overview

    Copyright IBM Corp. All Rights Reserved.

    SPDX-License-Identifier: Apache-2.0

    Index

    Constants

    View Source
    const (
    	IdemixConfigDirMsp                  = "msp"
    	IdemixConfigDirUser                 = "user"
    	IdemixConfigFileIssuerPublicKey     = "IssuerPublicKey"
    	IdemixConfigFileRevocationPublicKey = "RevocationPublicKey"
    	IdemixConfigFileSigner              = "SignerConfig"
    )
    View Source
    const (
    	MSPv1_0 = iota
    	MSPv1_1
    	MSPv1_3
    	MSPv1_4_3
    )
    View Source
    const (
    	// AttributeIndexOU contains the index of the OU attribute in the idemix credential attributes
    	AttributeIndexOU = iota
    
    	// AttributeIndexRole contains the index of the Role attribute in the idemix credential attributes
    	AttributeIndexRole
    
    	// AttributeIndexEnrollmentId contains the index of the Enrollment ID attribute in the idemix credential attributes
    	AttributeIndexEnrollmentId
    
    	// AttributeIndexRevocationHandle contains the index of the Revocation Handle attribute in the idemix credential attributes
    	AttributeIndexRevocationHandle
    )
    View Source
    const (
    	// AttributeNameOU is the attribute name of the Organization Unit attribute
    	AttributeNameOU = "OU"
    
    	// AttributeNameRole is the attribute name of the Role attribute
    	AttributeNameRole = "Role"
    
    	// AttributeNameEnrollmentId is the attribute name of the Enrollment ID attribute
    	AttributeNameEnrollmentId = "EnrollmentID"
    
    	// AttributeNameRevocationHandle is the attribute name of the revocation handle attribute
    	AttributeNameRevocationHandle = "RevocationHandle"
    )

    Variables

    This section is empty.

    Functions

    func GetIdemixMspConfig

    func GetIdemixMspConfig(dir string, ID string) (*msp.MSPConfig, error)

      GetIdemixMspConfig returns the configuration for the Idemix MSP

      func GetLocalMspConfig

      func GetLocalMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string) (*msp.MSPConfig, error)

      func GetLocalMspConfigWithType

      func GetLocalMspConfigWithType(dir string, bccspConfig *factory.FactoryOpts, ID, mspType string) (*msp.MSPConfig, error)

        GetLocalMspConfigWithType returns a local MSP configuration for the MSP in the specified directory, with the specified ID and type

        func GetRoleMaskFromIdemixRole

        func GetRoleMaskFromIdemixRole(role Role) int

          GetRoleMaskFromIdemixRole return a bitmask for one role

          func GetVerifyingMspConfig

          func GetVerifyingMspConfig(dir, ID, mspType string) (*msp.MSPConfig, error)

            GetVerifyingMspConfig returns an MSP config given directory, ID and type

            func NewSerializedIdentity

            func NewSerializedIdentity(mspID string, certPEM []byte) ([]byte, error)

              NewSerializedIdentity returns a serialized identity having as content the passed mspID and x509 certificate in PEM format. This method does not check the validity of certificate nor any consistency of the mspID with it.

              func ProviderTypeToString

              func ProviderTypeToString(id ProviderType) string

                ProviderTypeToString returns a string that represents the ProviderType integer

                func SetupBCCSPKeystoreConfig

                func SetupBCCSPKeystoreConfig(bccspConfig *factory.FactoryOpts, keystoreDir string) *factory.FactoryOpts

                Types

                type BCCSPNewOpts

                type BCCSPNewOpts struct {
                	NewBaseOpts
                }

                  BCCSPNewOpts contains the options to instantiate a new BCCSP-based (X509) MSP

                  type Configuration

                  type Configuration struct {
                  	// OrganizationalUnitIdentifiers is a list of OUs. If this is set, the MSP
                  	// will consider an identity valid only it contains at least one of these OUs
                  	OrganizationalUnitIdentifiers []*OrganizationalUnitIdentifiersConfiguration `yaml:"OrganizationalUnitIdentifiers,omitempty"`
                  	// NodeOUs enables the MSP to tell apart clients, peers and orderers based
                  	// on the identity's OU.
                  	NodeOUs *NodeOUs `yaml:"NodeOUs,omitempty"`
                  }

                    Configuration represents the accessory configuration an MSP can be equipped with. By default, this configuration is stored in a yaml file

                    type IdemixNewOpts

                    type IdemixNewOpts struct {
                    	NewBaseOpts
                    }

                      IdemixNewOpts contains the options to instantiate a new Idemix-based MSP

                      type Identity

                      type Identity interface {
                      
                      	// ExpiresAt returns the time at which the Identity expires.
                      	// If the returned time is the zero value, it implies
                      	// the Identity does not expire, or that its expiration
                      	// time is unknown
                      	ExpiresAt() time.Time
                      
                      	// GetIdentifier returns the identifier of that identity
                      	GetIdentifier() *IdentityIdentifier
                      
                      	// GetMSPIdentifier returns the MSP Id for this instance
                      	GetMSPIdentifier() string
                      
                      	// Validate uses the rules that govern this identity to validate it.
                      	// E.g., if it is a fabric TCert implemented as identity, validate
                      	// will check the TCert signature against the assumed root certificate
                      	// authority.
                      	Validate() error
                      
                      	// GetOrganizationalUnits returns zero or more organization units or
                      	// divisions this identity is related to as long as this is public
                      	// information. Certain MSP implementations may use attributes
                      	// that are publicly associated to this identity, or the identifier of
                      	// the root certificate authority that has provided signatures on this
                      	// certificate.
                      	// Examples:
                      	//  - if the identity is an x.509 certificate, this function returns one
                      	//    or more string which is encoded in the Subject's Distinguished Name
                      	//    of the type OU
                      	// TODO: For X.509 based identities, check if we need a dedicated type
                      	//       for OU where the Certificate OU is properly namespaced by the
                      	//       signer's identity
                      	GetOrganizationalUnits() []*OUIdentifier
                      
                      	// Anonymous returns true if this is an anonymous identity, false otherwise
                      	Anonymous() bool
                      
                      	// Verify a signature over some message using this identity as reference
                      	Verify(msg []byte, sig []byte) error
                      
                      	// Serialize converts an identity to bytes
                      	Serialize() ([]byte, error)
                      
                      	// SatisfiesPrincipal checks whether this instance matches
                      	// the description supplied in MSPPrincipal. The check may
                      	// involve a byte-by-byte comparison (if the principal is
                      	// a serialized identity) or may require MSP validation
                      	SatisfiesPrincipal(principal *msp.MSPPrincipal) error
                      }

                        Identity interface defining operations associated to a "certificate". That is, the public part of the identity could be thought to be a certificate, and offers solely signature verification capabilities. This is to be used at the peer side when verifying certificates that transactions are signed with, and verifying signatures that correspond to these certificates.///

                        type IdentityDeserializer

                        type IdentityDeserializer interface {
                        	// DeserializeIdentity deserializes an identity.
                        	// Deserialization will fail if the identity is associated to
                        	// an msp that is different from this one that is performing
                        	// the deserialization.
                        	DeserializeIdentity(serializedIdentity []byte) (Identity, error)
                        
                        	// IsWellFormed checks if the given identity can be deserialized into its provider-specific form
                        	IsWellFormed(identity *msp.SerializedIdentity) error
                        }

                          IdentityDeserializer is implemented by both MSPManger and MSP

                          type IdentityIdentifier

                          type IdentityIdentifier struct {
                          
                          	// The identifier of the associated membership service provider
                          	Mspid string
                          
                          	// The identifier for an identity within a provider
                          	Id string
                          }

                            IdentityIdentifier is a holder for the identifier of a specific identity, naturally namespaced, by its provider identifier.

                            type MSP

                            type MSP interface {
                            
                            	// IdentityDeserializer interface needs to be implemented by MSP
                            	IdentityDeserializer
                            
                            	// Setup the MSP instance according to configuration information
                            	Setup(config *msp.MSPConfig) error
                            
                            	// GetVersion returns the version of this MSP
                            	GetVersion() MSPVersion
                            
                            	// GetType returns the provider type
                            	GetType() ProviderType
                            
                            	// GetIdentifier returns the provider identifier
                            	GetIdentifier() (string, error)
                            
                            	// GetSigningIdentity returns a signing identity corresponding to the provided identifier
                            	GetSigningIdentity(identifier *IdentityIdentifier) (SigningIdentity, error)
                            
                            	// GetDefaultSigningIdentity returns the default signing identity
                            	GetDefaultSigningIdentity() (SigningIdentity, error)
                            
                            	// GetTLSRootCerts returns the TLS root certificates for this MSP
                            	GetTLSRootCerts() [][]byte
                            
                            	// GetTLSIntermediateCerts returns the TLS intermediate root certificates for this MSP
                            	GetTLSIntermediateCerts() [][]byte
                            
                            	// Validate checks whether the supplied identity is valid
                            	Validate(id Identity) error
                            
                            	// SatisfiesPrincipal checks whether the identity matches
                            	// the description supplied in MSPPrincipal. The check may
                            	// involve a byte-by-byte comparison (if the principal is
                            	// a serialized identity) or may require MSP validation
                            	SatisfiesPrincipal(id Identity, principal *msp.MSPPrincipal) error
                            }

                              MSP is the minimal Membership Service Provider Interface to be implemented to accommodate peer functionality

                              func New

                              func New(opts NewOpts) (MSP, error)

                                New create a new MSP instance depending on the passed Opts

                                type MSPManager

                                type MSPManager interface {
                                
                                	// IdentityDeserializer interface needs to be implemented by MSPManager
                                	IdentityDeserializer
                                
                                	// Setup the MSP manager instance according to configuration information
                                	Setup(msps []MSP) error
                                
                                	// GetMSPs Provides a list of Membership Service providers
                                	GetMSPs() (map[string]MSP, error)
                                }

                                  MSPManager is an interface defining a manager of one or more MSPs. This essentially acts as a mediator to MSP calls and routes MSP related calls to the appropriate MSP. This object is immutable, it is initialized once and never changed.

                                  func NewMSPManager

                                  func NewMSPManager() MSPManager

                                    NewMSPManager returns a new MSP manager instance; note that this instance is not initialized until the Setup method is called

                                    type MSPVersion

                                    type MSPVersion int

                                    type NewBaseOpts

                                    type NewBaseOpts struct {
                                    	Version MSPVersion
                                    }

                                      NewBaseOpts is the default base type for all MSP instantiation Opts

                                      func (*NewBaseOpts) GetVersion

                                      func (o *NewBaseOpts) GetVersion() MSPVersion

                                      type NewOpts

                                      type NewOpts interface {
                                      	// GetVersion returns the MSP's version to be instantiated
                                      	GetVersion() MSPVersion
                                      }

                                        NewOpts represent

                                        type NodeOUs

                                        type NodeOUs struct {
                                        	// Enable activates the OU enforcement
                                        	Enable bool `yaml:"Enable,omitempty"`
                                        	// ClientOUIdentifier specifies how to recognize clients by OU
                                        	ClientOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"ClientOUIdentifier,omitempty"`
                                        	// PeerOUIdentifier specifies how to recognize peers by OU
                                        	PeerOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"PeerOUIdentifier,omitempty"`
                                        	// AdminOUIdentifier specifies how to recognize admins by OU
                                        	AdminOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"AdminOUIdentifier,omitempty"`
                                        	// OrdererOUIdentifier specifies how to recognize admins by OU
                                        	OrdererOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"OrdererOUIdentifier,omitempty"`
                                        }

                                          NodeOUs contains information on how to tell apart clients, peers and orderers based on OUs. If the check is enforced, by setting Enabled to true, the MSP will consider an identity valid if it is an identity of a client, a peer or an orderer. An identity should have only one of these special OUs.

                                          type OUIdentifier

                                          type OUIdentifier struct {
                                          	// CertifiersIdentifier is the hash of certificates chain of trust
                                          	// related to this organizational unit
                                          	CertifiersIdentifier []byte
                                          	// OrganizationUnitIdentifier defines the organizational unit under the
                                          	// MSP identified with MSPIdentifier
                                          	OrganizationalUnitIdentifier string
                                          }

                                            OUIdentifier represents an organizational unit and its related chain of trust identifier.

                                            type OrganizationalUnitIdentifiersConfiguration

                                            type OrganizationalUnitIdentifiersConfiguration struct {
                                            	// Certificate is the path to a root or intermediate certificate
                                            	Certificate string `yaml:"Certificate,omitempty"`
                                            	// OrganizationalUnitIdentifier is the name of the OU
                                            	OrganizationalUnitIdentifier string `yaml:"OrganizationalUnitIdentifier,omitempty"`
                                            }

                                              OrganizationalUnitIdentifiersConfiguration is used to represent an OU and an associated trusted certificate

                                              type ProviderType

                                              type ProviderType int

                                                ProviderType indicates the type of an identity provider

                                                const (
                                                	FABRIC ProviderType = iota // MSP is of FABRIC type
                                                	IDEMIX                     // MSP is of IDEMIX type
                                                	OTHER                      // MSP is of OTHER TYPE
                                                
                                                )

                                                  The ProviderType of a member relative to the member API

                                                  type Role

                                                  type Role int32

                                                    Role : Represents a IdemixRole

                                                    const (
                                                    	MEMBER Role = 1
                                                    	ADMIN  Role = 2
                                                    	CLIENT Role = 4
                                                    	PEER   Role = 8
                                                    )

                                                      The expected roles are 4; We can combine them using a bitmask

                                                      type SigningIdentity

                                                      type SigningIdentity interface {
                                                      
                                                      	// Extends Identity
                                                      	Identity
                                                      
                                                      	// Sign the message
                                                      	Sign(msg []byte) ([]byte, error)
                                                      
                                                      	// GetPublicVersion returns the public parts of this identity
                                                      	GetPublicVersion() Identity
                                                      }

                                                        SigningIdentity is an extension of Identity to cover signing capabilities. E.g., signing identity should be requested in the case of a client who wishes to sign transactions, or fabric endorser who wishes to sign proposal processing outcomes.

                                                        Directories

                                                        Path Synopsis