msp

package
v1.0.0-alpha2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2017 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetLocalMspConfig

func GetLocalMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string) (*msp.MSPConfig, error)

func GetVerifyingMspConfig

func GetVerifyingMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string) (*msp.MSPConfig, error)

func NewSerializedIdentity

func NewSerializedIdentity(mspID string, certPEM []byte) ([]byte, error)

NewSerializedIdentity returns a serialized identity having as content the passed mspID and x509 certificate in PEM format. This method does not check the validity of certificate nor any consistency of the mspID with it.

func SetupBCCSPKeystoreConfig

func SetupBCCSPKeystoreConfig(bccspConfig *factory.FactoryOpts, keystoreDir string)

Types

type Attribute

type Attribute interface {
	Key() AttributeName
	Value() []byte
	Serialise() []byte
}

Attribute is an arbitrary name/value pair

type AttributeName

type AttributeName struct {
	// contains filtered or unexported fields
}

AttributeName defines the name of an attribute assuming a namespace defined by the entity that certifies this attributes' ownership.

type AttributeProofSpec

type AttributeProofSpec struct {
	Attributes []Attribute
	Message    []byte
}

type Configuration

type Configuration struct {
	OrganizationalUnitIdentifiers []*OrganizationalUnitIdentifiersConfiguration `yaml:"OrganizationalUnitIdentifiers,omitempty"`
}

type Identity

type Identity interface {

	// GetIdentifier returns the identifier of that identity
	GetIdentifier() *IdentityIdentifier

	// GetMSPIdentifier returns the MSP Id for this instance
	GetMSPIdentifier() string

	// Validate uses the rules that govern this identity to validate it.
	// E.g., if it is a fabric TCert implemented as identity, validate
	// will check the TCert signature against the assumed root certificate
	// authority.
	Validate() error

	// GetOrganizationalUnits returns zero or more organization units or
	// divisions this identity is related to as long as this is public
	// information. Certain MSP implementations may use attributes
	// that are publicly associated to this identity, or the identifier of
	// the root certificate authority that has provided signatures on this
	// certificate.
	// Examples:
	//  - if the identity is an x.509 certificate, this function returns one
	//    or more string which is encoded in the Subject's Distinguished Name
	//    of the type OU
	// TODO: For X.509 based identities, check if we need a dedicated type
	//       for OU where the Certificate OU is properly namespaced by the
	//       signer's identity
	GetOrganizationalUnits() []*OUIdentifier

	// Verify a signature over some message using this identity as reference
	Verify(msg []byte, sig []byte) error

	// VerifyOpts a signature over some message using this identity as reference
	VerifyOpts(msg []byte, sig []byte, opts SignatureOpts) error

	// VerifyAttributes verifies attributes given a proof
	VerifyAttributes(proof []byte, spec *AttributeProofSpec) error

	// Serialize converts an identity to bytes
	Serialize() ([]byte, error)

	// SatisfiesPrincipal checks whether this instance matches
	// the description supplied in MSPPrincipal. The check may
	// involve a byte-by-byte comparison (if the principal is
	// a serialized identity) or may require MSP validation
	SatisfiesPrincipal(principal *msp.MSPPrincipal) error
}

Identity interface defining operations associated to a "certificate". That is, the public part of the identity could be thought to be a certificate, and offers solely signature verification capabilities. This is to be used at the peer side when verifying certificates that transactions are signed with, and verifying signatures that correspond to these certificates.///

type IdentityDeserializer

type IdentityDeserializer interface {
	// DeserializeIdentity deserializes an identity.
	// Deserialization will fail if the identity is associated to
	// an msp that is different from this one that is performing
	// the deserialization.
	DeserializeIdentity(serializedIdentity []byte) (Identity, error)
}

IdentityDeserializer is implemented by both MSPManger and MSP

type IdentityIdentifier

type IdentityIdentifier struct {

	// The identifier of the associated membership service provider
	Mspid string

	// The identifier for an identity within a provider
	Id string
}

IdentityIdentifier is a holder for the identifier of a specific identity, naturally namespaced, by its provider identifier.

type ImportRequest

type ImportRequest struct {

	// IdentityProvider to enroll with
	Idp string

	// The certificate to import
	IdentityDesc []byte

	// Key reference associated to the key of the imported member
	KeyReference []string
}

ImportRequest is data required when importing a member or

enrollment identity that was created off-band

type MSP

type MSP interface {

	// IdentityDeserializer interface needs to be implemented by MSP
	IdentityDeserializer

	// Setup the MSP instance according to configuration information
	Setup(config *msp.MSPConfig) error

	// GetType returns the provider type
	GetType() ProviderType

	// GetIdentifier returns the provider identifier
	GetIdentifier() (string, error)

	// GetSigningIdentity returns a signing identity corresponding to the provided identifier
	GetSigningIdentity(identifier *IdentityIdentifier) (SigningIdentity, error)

	// GetDefaultSigningIdentity returns the default signing identity
	GetDefaultSigningIdentity() (SigningIdentity, error)

	// GetRootCerts returns the root certificates for this MSP
	GetRootCerts() []Identity

	// GetIntermediateCerts returns the intermediate root certificates for this MSP
	GetIntermediateCerts() []Identity

	// Validate checks whether the supplied identity is valid
	Validate(id Identity) error

	// SatisfiesPrincipal checks whether the identity matches
	// the description supplied in MSPPrincipal. The check may
	// involve a byte-by-byte comparison (if the principal is
	// a serialized identity) or may require MSP validation
	SatisfiesPrincipal(id Identity, principal *msp.MSPPrincipal) error
}

MSP is the minimal Membership Service Provider Interface to be implemented to accommodate peer functionality

func NewBccspMsp

func NewBccspMsp() (MSP, error)

NewBccspMsp returns an MSP instance backed up by a BCCSP crypto provider. It handles x.509 certificates and can generate identities and signing identities backed by certificates and keypairs

type MSPManager

type MSPManager interface {

	// IdentityDeserializer interface needs to be implemented by MSPManager
	IdentityDeserializer

	// Setup the MSP manager instance according to configuration information
	Setup(msps []MSP) error

	// GetMSPs Provides a list of Membership Service providers
	GetMSPs() (map[string]MSP, error)
}

MSPManager is an interface defining a manager of one or more MSPs. This essentially acts as a mediator to MSP calls and routes MSP related calls to the appropriate MSP. This object is immutable, it is initialized once and never changed.

func NewMSPManager

func NewMSPManager() MSPManager

NewMSPManager returns a new MSP manager instance; note that this instance is not initialized until the Setup method is called

type OUIdentifier

type OUIdentifier struct {
	// CertifiersIdentifier is the hash of certificates chain of trust
	// related to this organizational unit
	CertifiersIdentifier []byte
	// OrganizationUnitIdentifier defines the organizational unit under the
	// MSP identified with MSPIdentifier
	OrganizationalUnitIdentifier string
}

OUIdentifier represents an organizational unit and its related chain of trust identifier.

type OrganizationalUnitIdentifiersConfiguration

type OrganizationalUnitIdentifiersConfiguration struct {
	Certificate                  string `yaml:"Certificate,omitempty"`
	OrganizationalUnitIdentifier string `yaml:"OrganizationalUnitIdentifier,omitempty"`
}

type ProviderType

type ProviderType int

ProviderType indicates the type of an identity provider

const (
	FABRIC ProviderType = iota // MSP is of FABRIC type
	OTHER                      // MSP is of OTHER TYPE
)

The ProviderType of a member relative to the member API

type SignatureOpts

type SignatureOpts struct {
	Policy []string
	Label  string
}

SignatureOpts are signature options

type SigningIdentity

type SigningIdentity interface {

	// Extends Identity
	Identity

	// Sign the message
	Sign(msg []byte) ([]byte, error)

	// SignOpts the message with options
	SignOpts(msg []byte, opts SignatureOpts) ([]byte, error)

	// GetAttributeProof creates a proof for a set of attributes
	GetAttributeProof(spec *AttributeProofSpec) (proof []byte, err error)

	// GetPublicVersion returns the public parts of this identity
	GetPublicVersion() Identity

	// Renew this identity
	Renew() error
}

SigningIdentity is an extension of Identity to cover signing capabilities. E.g., signing identity should be requested in the case of a client who wishes to sign transactions, or fabric endorser who wishes to sign proposal processing outcomes.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL