Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// Max send and receive bytes for grpc clients and servers
	MaxRecvMsgSize = 100 * 1024 * 1024
	MaxSendMsgSize = 100 * 1024 * 1024
	// Default peer keepalive options
	DefaultKeepaliveOptions = &KeepaliveOptions{
		ClientInterval:    time.Duration(1) * time.Minute,
		ClientTimeout:     time.Duration(20) * time.Second,
		ServerInterval:    time.Duration(2) * time.Hour,
		ServerTimeout:     time.Duration(20) * time.Second,
		ServerMinInterval: time.Duration(1) * time.Minute,
	}
	// strong TLS cipher suites
	DefaultTLSCipherSuites = []uint16{
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	}
	// default connection timeout
	DefaultConnectionTimeout = 5 * time.Second
)

    Configuration defaults

    View Source
    var (
    	ClientHandshakeNotImplError = errors.New("core/comm: Client handshakes" +
    		"are not implemented with serverCreds")
    	OverrrideHostnameNotSupportedError = errors.New(
    		"core/comm: OverrideServerName is " +
    			"not supported")
    	ServerHandshakeNotImplementedError = errors.New("core/comm: server handshakes are not implemented with clientCreds")
    
    	MissingServerConfigError = errors.New(
    		"core/comm: `serverConfig` cannot be nil")
    )
    View Source
    var EndpointDisableInterval = time.Second * 10

    Functions

    func AddPemToCertPool

    func AddPemToCertPool(pemCerts []byte, pool *x509.CertPool) error

      AddPemToCertPool adds PEM-encoded certs to a cert pool

      func ClientKeepaliveOptions

      func ClientKeepaliveOptions(ka *KeepaliveOptions) []grpc.DialOption

        ClientKeepaliveOptions returns gRPC keepalive options for clients. If opts is nil, the default keepalive options are returned

        func ExtractCertificateFromContext

        func ExtractCertificateFromContext(ctx context.Context) *x509.Certificate

          ExtractCertificateFromContext returns the TLS certificate (if applicable) from the given context of a gRPC stream

          func ExtractCertificateHashFromContext

          func ExtractCertificateHashFromContext(ctx context.Context) []byte

            ExtractCertificateHashFromContext extracts the hash of the certificate from the given context. If the certificate isn't present, nil is returned

            func ExtractRawCertificateFromContext

            func ExtractRawCertificateFromContext(ctx context.Context) []byte

              ExtractRawCertificateFromContext returns the raw TLS certificate (if applicable) from the given context of a gRPC stream

              func InitTLSForShim

              func InitTLSForShim(key, certStr string) credentials.TransportCredentials

              func NewClientConnectionWithAddress

              func NewClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool,
              	creds credentials.TransportCredentials, ka *KeepaliveOptions) (*grpc.ClientConn, error)

                NewClientConnectionWithAddress Returns a new grpc.ClientConn to the given address

                func NewServerTransportCredentials

                func NewServerTransportCredentials(
                	serverConfig *TLSConfig,
                	logger *flogging.FabricLogger) credentials.TransportCredentials

                  NewServerTransportCredentials returns a new initialized grpc/credentials.TransportCredentials

                  func ServerKeepaliveOptions

                  func ServerKeepaliveOptions(ka *KeepaliveOptions) []grpc.ServerOption

                    ServerKeepaliveOptions returns gRPC keepalive options for server. If opts is nil, the default keepalive options are returned

                    Types

                    type BindingInspector

                    type BindingInspector func(context.Context, proto.Message) error

                      BindingInspector receives as parameters a gRPC context and an Envelope, and verifies whether the message contains an appropriate binding to the context

                      func NewBindingInspector

                      func NewBindingInspector(mutualTLS bool, extractTLSCertHash CertHashExtractor) BindingInspector

                        NewBindingInspector returns a BindingInspector according to whether mutualTLS is configured or not, and according to a function that extracts TLS certificate hashes from proto messages

                        type CertHashExtractor

                        type CertHashExtractor func(proto.Message) []byte

                          CertHashExtractor extracts a certificate from a proto.Message message

                          type CertificateBundle

                          type CertificateBundle [][]byte

                            CertificateBundle bundles certificates

                            type ClientConfig

                            type ClientConfig struct {
                            	// SecOpts defines the security parameters
                            	SecOpts *SecureOptions
                            	// KaOpts defines the keepalive parameters
                            	KaOpts *KeepaliveOptions
                            	// Timeout specifies how long the client will block when attempting to
                            	// establish a connection
                            	Timeout time.Duration
                            	// AsyncConnect makes connection creation non blocking
                            	AsyncConnect bool
                            }

                              ClientConfig defines the parameters for configuring a GRPCClient instance

                              func (ClientConfig) Clone

                              func (cc ClientConfig) Clone() ClientConfig

                                Clone clones this ClientConfig

                                type ConnProducer

                                type ConnProducer struct {
                                	sync.RWMutex
                                	// contains filtered or unexported fields
                                }

                                  ConnProducer produces connections

                                  func NewConnectionProducer

                                  func NewConnectionProducer(factory ConnectionFactory, endpoints []EndpointCriteria) *ConnProducer

                                    NewConnectionProducer creates a new ConnectionProducer with given endpoints and connection factory. It returns nil, if the given endpoints slice is empty.

                                    func (*ConnProducer) GetEndpoints

                                    func (cp *ConnProducer) GetEndpoints() []EndpointCriteria

                                      GetEndpoints returns configured endpoint criteria for ordering service

                                      func (*ConnProducer) NewConnection

                                      func (cp *ConnProducer) NewConnection() (*grpc.ClientConn, string, error)

                                        NewConnection creates a new connection. Returns the connection, the endpoint selected, nil on success. Returns nil, "", error on failure

                                        func (*ConnProducer) UpdateEndpoints

                                        func (cp *ConnProducer) UpdateEndpoints(endpoints []EndpointCriteria)

                                          UpdateEndpoints updates the endpoints of the ConnectionProducer to be the given endpoints

                                          type ConnectionFactory

                                          type ConnectionFactory func(criteria EndpointCriteria) (*grpc.ClientConn, error)

                                            ConnectionFactory creates a connection to a certain endpoint

                                            type ConnectionProducer

                                            type ConnectionProducer interface {
                                            	// NewConnection creates a new connection.
                                            	// Returns the connection, the endpoint selected, nil on success.
                                            	// Returns nil, "", error on failure
                                            	NewConnection() (*grpc.ClientConn, string, error)
                                            	// UpdateEndpoints updates the endpoint criteria of the ConnectionProducer
                                            	// to be the given endpoints.
                                            	UpdateEndpoints(endpoints []EndpointCriteria)
                                            	// GetEndpoints return ordering service endpoint criteria.
                                            	GetEndpoints() []EndpointCriteria
                                            }

                                              ConnectionProducer produces connections out of a set of predefined endpoints

                                              type CredentialSupport

                                              type CredentialSupport struct {
                                              	sync.RWMutex
                                              	AppRootCAsByChain           map[string]CertificateBundle
                                              	OrdererRootCAsByChainAndOrg OrgRootCAs
                                              	ClientRootCAs               CertificateBundle
                                              	ServerRootCAs               CertificateBundle
                                              	// contains filtered or unexported fields
                                              }

                                                CredentialSupport type manages credentials used for gRPC client connections

                                                func GetCredentialSupport

                                                func GetCredentialSupport() *CredentialSupport

                                                  GetCredentialSupport returns the singleton CredentialSupport instance

                                                  func (*CredentialSupport) GetClientCertificate

                                                  func (cs *CredentialSupport) GetClientCertificate() tls.Certificate

                                                    GetClientCertificate returns the client certificate of the CredentialSupport

                                                    func (*CredentialSupport) GetDeliverServiceCredentials

                                                    func (cs *CredentialSupport) GetDeliverServiceCredentials(
                                                    	channelID string,
                                                    	appendStaticRoots bool,
                                                    	orgs []string,
                                                    	endpointOverrides map[string]*OrdererEndpoint,
                                                    ) (credentials.TransportCredentials, error)

                                                      GetDeliverServiceCredentials returns gRPC transport credentials for given channel to be used by gRPC clients which communicate with ordering service endpoints. If appendStaticRoots is set to true, ServerRootCAs are also included in the credentials. If the channel isn't found, an error is returned.

                                                      func (*CredentialSupport) GetPeerCredentials

                                                      func (cs *CredentialSupport) GetPeerCredentials() credentials.TransportCredentials

                                                        GetPeerCredentials returns gRPC transport credentials for use by gRPC clients which communicate with remote peer endpoints.

                                                        func (*CredentialSupport) SetClientCertificate

                                                        func (cs *CredentialSupport) SetClientCertificate(cert tls.Certificate)

                                                          SetClientCertificate sets the tls.Certificate to use for gRPC client connections

                                                          type DynamicClientCredentials

                                                          type DynamicClientCredentials struct {
                                                          	TLSConfig  *tls.Config
                                                          	TLSOptions []TLSOption
                                                          }

                                                          func (*DynamicClientCredentials) ClientHandshake

                                                          func (dtc *DynamicClientCredentials) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)

                                                          func (*DynamicClientCredentials) Clone

                                                          func (*DynamicClientCredentials) Info

                                                          func (*DynamicClientCredentials) OverrideServerName

                                                          func (dtc *DynamicClientCredentials) OverrideServerName(name string) error

                                                          func (*DynamicClientCredentials) ServerHandshake

                                                          func (dtc *DynamicClientCredentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)

                                                          type EndpointCriteria

                                                          type EndpointCriteria struct {
                                                          	Endpoint      string
                                                          	Organizations []string
                                                          }

                                                            EndpointCriteria defines an endpoint, and a list of trusted organizations it corresponds to.

                                                            func (EndpointCriteria) Equals

                                                            func (ec EndpointCriteria) Equals(other EndpointCriteria) bool

                                                              Equals returns whether this EndpointCriteria is equivalent to the given other EndpointCriteria

                                                              type GRPCClient

                                                              type GRPCClient struct {
                                                              	// contains filtered or unexported fields
                                                              }

                                                              func NewGRPCClient

                                                              func NewGRPCClient(config ClientConfig) (*GRPCClient, error)

                                                                NewGRPCClient creates a new implementation of GRPCClient given an address and client configuration

                                                                func (*GRPCClient) Certificate

                                                                func (client *GRPCClient) Certificate() tls.Certificate

                                                                  Certificate returns the tls.Certificate used to make TLS connections when client certificates are required by the server

                                                                  func (*GRPCClient) MutualTLSRequired

                                                                  func (client *GRPCClient) MutualTLSRequired() bool

                                                                    MutualTLSRequired is a flag indicating whether the client must send a certificate when making TLS connections

                                                                    func (*GRPCClient) NewConnection

                                                                    func (client *GRPCClient) NewConnection(address string, serverNameOverride string, tlsOptions ...TLSOption) (
                                                                    	*grpc.ClientConn, error)

                                                                      NewConnection returns a grpc.ClientConn for the target address and overrides the server name used to verify the hostname on the certificate returned by a server when using TLS

                                                                      func (*GRPCClient) SetMaxRecvMsgSize

                                                                      func (client *GRPCClient) SetMaxRecvMsgSize(size int)

                                                                        SetMaxRecvMsgSize sets the maximum message size the client can receive

                                                                        func (*GRPCClient) SetMaxSendMsgSize

                                                                        func (client *GRPCClient) SetMaxSendMsgSize(size int)

                                                                          SetMaxSendMsgSize sets the maximum message size the client can send

                                                                          func (*GRPCClient) SetServerRootCAs

                                                                          func (client *GRPCClient) SetServerRootCAs(serverRoots [][]byte) error

                                                                            SetServerRootCAs sets the list of authorities used to verify server certificates based on a list of PEM-encoded X509 certificate authorities

                                                                            func (*GRPCClient) TLSEnabled

                                                                            func (client *GRPCClient) TLSEnabled() bool

                                                                              TLSEnabled is a flag indicating whether to use TLS for client connections

                                                                              type GRPCServer

                                                                              type GRPCServer struct {
                                                                              	// contains filtered or unexported fields
                                                                              }

                                                                              func NewGRPCServer

                                                                              func NewGRPCServer(address string, serverConfig ServerConfig) (*GRPCServer, error)

                                                                                NewGRPCServer creates a new implementation of a GRPCServer given a listen address

                                                                                func NewGRPCServerFromListener

                                                                                func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig) (*GRPCServer, error)

                                                                                  NewGRPCServerFromListener creates a new implementation of a GRPCServer given an existing net.Listener instance using default keepalive

                                                                                  func (*GRPCServer) Address

                                                                                  func (gServer *GRPCServer) Address() string

                                                                                    Address returns the listen address for this GRPCServer instance

                                                                                    func (*GRPCServer) Listener

                                                                                    func (gServer *GRPCServer) Listener() net.Listener

                                                                                      Listener returns the net.Listener for the GRPCServer instance

                                                                                      func (*GRPCServer) MutualTLSRequired

                                                                                      func (gServer *GRPCServer) MutualTLSRequired() bool

                                                                                        MutualTLSRequired is a flag indicating whether or not client certificates are required for this GRPCServer instance

                                                                                        func (*GRPCServer) RemoveClientRootCAs

                                                                                        func (gServer *GRPCServer) RemoveClientRootCAs(clientRoots [][]byte) error

                                                                                          RemoveClientRootCAs removes PEM-encoded X509 certificate authorities from the list of authorities used to verify client certificates

                                                                                          func (*GRPCServer) Server

                                                                                          func (gServer *GRPCServer) Server() *grpc.Server

                                                                                            Server returns the grpc.Server for the GRPCServer instance

                                                                                            func (*GRPCServer) ServerCertificate

                                                                                            func (gServer *GRPCServer) ServerCertificate() tls.Certificate

                                                                                              ServerCertificate returns the tls.Certificate used by the grpc.Server

                                                                                              func (*GRPCServer) SetClientRootCAs

                                                                                              func (gServer *GRPCServer) SetClientRootCAs(clientRoots [][]byte) error

                                                                                                SetClientRootCAs sets the list of authorities used to verify client certificates based on a list of PEM-encoded X509 certificate authorities

                                                                                                func (*GRPCServer) SetServerCertificate

                                                                                                func (gServer *GRPCServer) SetServerCertificate(cert tls.Certificate)

                                                                                                  SetServerCertificate assigns the current TLS certificate to be the peer's server certificate

                                                                                                  func (*GRPCServer) Start

                                                                                                  func (gServer *GRPCServer) Start() error

                                                                                                    Start starts the underlying grpc.Server

                                                                                                    func (*GRPCServer) Stop

                                                                                                    func (gServer *GRPCServer) Stop()

                                                                                                      Stop stops the underlying grpc.Server

                                                                                                      func (*GRPCServer) TLSEnabled

                                                                                                      func (gServer *GRPCServer) TLSEnabled() bool

                                                                                                        TLSEnabled is a flag indicating whether or not TLS is enabled for the GRPCServer instance

                                                                                                        type KeepaliveOptions

                                                                                                        type KeepaliveOptions struct {
                                                                                                        	// ClientInterval is the duration after which if the client does not see
                                                                                                        	// any activity from the server it pings the server to see if it is alive
                                                                                                        	ClientInterval time.Duration
                                                                                                        	// ClientTimeout is the duration the client waits for a response
                                                                                                        	// from the server after sending a ping before closing the connection
                                                                                                        	ClientTimeout time.Duration
                                                                                                        	// ServerInterval is the duration after which if the server does not see
                                                                                                        	// any activity from the client it pings the client to see if it is alive
                                                                                                        	ServerInterval time.Duration
                                                                                                        	// ServerTimeout is the duration the server waits for a response
                                                                                                        	// from the client after sending a ping before closing the connection
                                                                                                        	ServerTimeout time.Duration
                                                                                                        	// ServerMinInterval is the minimum permitted time between client pings.
                                                                                                        	// If clients send pings more frequently, the server will disconnect them
                                                                                                        	ServerMinInterval time.Duration
                                                                                                        }

                                                                                                          KeepaliveOptions is used to set the gRPC keepalive settings for both clients and servers

                                                                                                          type Metrics

                                                                                                          type Metrics struct {
                                                                                                          	// OpenConnCounter keeps track of number of open connections
                                                                                                          	OpenConnCounter metrics.Counter
                                                                                                          	// ClosedConnCounter keeps track of number connections closed
                                                                                                          	ClosedConnCounter metrics.Counter
                                                                                                          }

                                                                                                          type NewSemaphoreFunc

                                                                                                          type NewSemaphoreFunc func(size int) Semaphore

                                                                                                          type OrdererEndpoint

                                                                                                          type OrdererEndpoint struct {
                                                                                                          	Address string
                                                                                                          	PEMs    []byte
                                                                                                          }

                                                                                                          type OrgRootCAs

                                                                                                          type OrgRootCAs map[string]PerOrgCertificateBundle

                                                                                                            OrgRootCAs defines root CA certificates of organizations, by their corresponding channels. channel --> organization --> certificates

                                                                                                            func (OrgRootCAs) AppendCertificates

                                                                                                            func (orc OrgRootCAs) AppendCertificates(channel string, org string, rootCAs CertificateBundle)

                                                                                                              AppendCertificates appends certificates that belong to the given organization in the context of the given channel. This operation isn't thread safe.

                                                                                                              func (OrgRootCAs) CertificatesByChannelAndOrg

                                                                                                              func (orc OrgRootCAs) CertificatesByChannelAndOrg(channel string, org string) CertificateBundle

                                                                                                                CertificatesByChannelAndOrg returns the certificates of the given organization in the context of the given channel.

                                                                                                                type PerOrgCertificateBundle

                                                                                                                type PerOrgCertificateBundle map[string]CertificateBundle

                                                                                                                  PerOrgCertificateBundle maps organizations to CertificateBundles

                                                                                                                  type SecureOptions

                                                                                                                  type SecureOptions struct {
                                                                                                                  	// VerifyCertificate, if not nil, is called after normal
                                                                                                                  	// certificate verification by either a TLS client or server.
                                                                                                                  	// If it returns a non-nil error, the handshake is aborted and that error results.
                                                                                                                  	VerifyCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
                                                                                                                  	// PEM-encoded X509 public key to be used for TLS communication
                                                                                                                  	Certificate []byte
                                                                                                                  	// PEM-encoded private key to be used for TLS communication
                                                                                                                  	Key []byte
                                                                                                                  	// Set of PEM-encoded X509 certificate authorities used by clients to
                                                                                                                  	// verify server certificates
                                                                                                                  	ServerRootCAs [][]byte
                                                                                                                  	// Set of PEM-encoded X509 certificate authorities used by servers to
                                                                                                                  	// verify client certificates
                                                                                                                  	ClientRootCAs [][]byte
                                                                                                                  	// Whether or not to use TLS for communication
                                                                                                                  	UseTLS bool
                                                                                                                  	// Whether or not TLS client must present certificates for authentication
                                                                                                                  	RequireClientCert bool
                                                                                                                  	// CipherSuites is a list of supported cipher suites for TLS
                                                                                                                  	CipherSuites []uint16
                                                                                                                  	// TimeShift makes TLS handshakes time sampling shift to the past by a given duration
                                                                                                                  	TimeShift time.Duration
                                                                                                                  }

                                                                                                                    SecureOptions defines the security parameters (e.g. TLS) for a GRPCServer or GRPCClient instance

                                                                                                                    type Semaphore

                                                                                                                    type Semaphore interface {
                                                                                                                    	Acquire(ctx context.Context) error
                                                                                                                    	Release()
                                                                                                                    }

                                                                                                                    type ServerConfig

                                                                                                                    type ServerConfig struct {
                                                                                                                    	// ConnectionTimeout specifies the timeout for connection establishment
                                                                                                                    	// for all new connections
                                                                                                                    	ConnectionTimeout time.Duration
                                                                                                                    	// SecOpts defines the security parameters
                                                                                                                    	SecOpts *SecureOptions
                                                                                                                    	// KaOpts defines the keepalive parameters
                                                                                                                    	KaOpts *KeepaliveOptions
                                                                                                                    	// StreamInterceptors specifies a list of interceptors to apply to
                                                                                                                    	// streaming RPCs.  They are executed in order.
                                                                                                                    	StreamInterceptors []grpc.StreamServerInterceptor
                                                                                                                    	// UnaryInterceptors specifies a list of interceptors to apply to unary
                                                                                                                    	// RPCs.  They are executed in order.
                                                                                                                    	UnaryInterceptors []grpc.UnaryServerInterceptor
                                                                                                                    	// Logger specifies the logger the server will use
                                                                                                                    	Logger *flogging.FabricLogger
                                                                                                                    	// ServerStatsHandler should be set if metrics on connections are to be reported.
                                                                                                                    	ServerStatsHandler *ServerStatsHandler
                                                                                                                    }

                                                                                                                      ServerConfig defines the parameters for configuring a GRPCServer instance

                                                                                                                      type ServerStatsHandler

                                                                                                                      type ServerStatsHandler struct {
                                                                                                                      	OpenConnCounter   metrics.Counter
                                                                                                                      	ClosedConnCounter metrics.Counter
                                                                                                                      }

                                                                                                                      func NewServerStatsHandler

                                                                                                                      func NewServerStatsHandler(p metrics.Provider) *ServerStatsHandler

                                                                                                                      func (*ServerStatsHandler) HandleConn

                                                                                                                      func (h *ServerStatsHandler) HandleConn(ctx context.Context, s stats.ConnStats)

                                                                                                                      func (*ServerStatsHandler) HandleRPC

                                                                                                                      func (h *ServerStatsHandler) HandleRPC(ctx context.Context, s stats.RPCStats)

                                                                                                                      func (*ServerStatsHandler) TagConn

                                                                                                                      func (*ServerStatsHandler) TagRPC

                                                                                                                      type TLSConfig

                                                                                                                      type TLSConfig struct {
                                                                                                                      	// contains filtered or unexported fields
                                                                                                                      }

                                                                                                                      func NewTLSConfig

                                                                                                                      func NewTLSConfig(config *tls.Config) *TLSConfig

                                                                                                                      func (*TLSConfig) AddClientRootCA

                                                                                                                      func (t *TLSConfig) AddClientRootCA(cert *x509.Certificate)

                                                                                                                      func (*TLSConfig) Config

                                                                                                                      func (t *TLSConfig) Config() tls.Config

                                                                                                                      func (*TLSConfig) SetClientCAs

                                                                                                                      func (t *TLSConfig) SetClientCAs(certPool *x509.CertPool)

                                                                                                                      type TLSOption

                                                                                                                      type TLSOption func(tlsConfig *tls.Config)

                                                                                                                        TLSOption changes the given TLS config

                                                                                                                        type Throttle

                                                                                                                        type Throttle struct {
                                                                                                                        	// contains filtered or unexported fields
                                                                                                                        }

                                                                                                                        func NewThrottle

                                                                                                                        func NewThrottle(maxConcurrency int, options ...ThrottleOption) *Throttle

                                                                                                                        func (*Throttle) StreamServerInterceptor

                                                                                                                        func (t *Throttle) StreamServerInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

                                                                                                                        func (*Throttle) UnaryServerIntercptor

                                                                                                                        func (t *Throttle) UnaryServerIntercptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)

                                                                                                                        type ThrottleOption

                                                                                                                        type ThrottleOption func(t *Throttle)

                                                                                                                        func WithNewSemaphore

                                                                                                                        func WithNewSemaphore(newSemaphore NewSemaphoreFunc) ThrottleOption

                                                                                                                        Directories

                                                                                                                        Path Synopsis
                                                                                                                        Code generated by counterfeiter.
                                                                                                                        Code generated by counterfeiter.