Documentation
¶
Overview ¶
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Package data_model contains structs used across packages to prevent circular imports. For example, the User struct is needed by both asset_mgmt and user_mgmt, but user_mgmt depends on functions in asset_mgmt. They can't import each other, so the shared structs live here.
Index ¶
- func GetEncryptedDataBytes(dataBytes []byte) []byte
- func IsEncryptedData(data []byte) bool
- type AccessControl
- type AccessControlFilters
- type Asset
- type Consent
- type Datatype
- type EncryptedData
- type ExportableTransactionLog
- type Key
- type Keys
- type Org
- type TransactionLog
- type User
- func (u *User) ConvertToAsset() Asset
- func (u *User) Equal(other User) bool
- func (u *User) GetLogSymKey() Key
- func (u *User) GetLogSymKeyId() string
- func (u *User) GetPrivateDataBytes() []byte
- func (u *User) GetPrivateKey() Key
- func (u *User) GetPrivateKeyHashSymKey() Key
- func (u *User) GetPrivateKeyHashSymKeyId() string
- func (u *User) GetPubPrivKeyId() string
- func (u *User) GetPublicDataBytes() []byte
- func (u *User) GetPublicKey() Key
- func (u *User) GetSymKey() Key
- func (u *User) GetSymKeyId() string
- func (u *User) IsSameUser(other User) bool
- func (u *User) IsSystemAdmin() bool
- func (u *User) LoadFromAsset(asset *Asset) *User
- type UserPrivateData
- type UserPublicData
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetEncryptedDataBytes ¶
GetEncryptedDataBytes returns data wrapped in an EncryptedData struct. Use this function to set or return data that needs to be identified as encrypted.
Example ¶
// assume data is encrypted
dataBytes := []byte{}
GetEncryptedDataBytes(dataBytes)
Output:
func IsEncryptedData ¶
IsEncryptedData returns true if data is a json instance of the EncryptedData struct.
Example ¶
// assume data is encrypted
encryptedDataBytes := []byte{}
wrappedEncryptedDataBytes := GetEncryptedDataBytes(encryptedDataBytes)
isEncryptedData := IsEncryptedData(wrappedEncryptedDataBytes)
fmt.Println(isEncryptedData)
Output: true
Types ¶
type AccessControl ¶
type AccessControl struct {
UserId string `json:"userid"`
UserKey *Key `json:"user_key"`
AssetId string `json:"assetid"`
AssetKey *Key `json:"asset_key"`
Access string `json:"access"`
}
AccessControl represents a user's read or write access to an asset. UserKey is optional
func (*AccessControl) IsValid ¶
func (a *AccessControl) IsValid() bool
IsValid checks if an AccessControl object's fields are valid
type AccessControlFilters ¶
type AccessControlFilters struct {
AssetFilters []string
OwnerFilters []string
DatatypeFilters []string
}
AccessControlFilters are filters for key traversal functions, which can be passed along each function call. Used with the SlowCheckAccessToKey function.
type Asset ¶
type Asset struct {
AssetId string `json:"asset_id"`
Datatypes []string `json:"datatypes"`
PublicData []byte `json:"public_data"`
PrivateData []byte `json:"private_data"`
OwnerIds []string `json:"owner_ids"`
Metadata map[string]string `json:"metadata"`
AssetKeyId string `json:"asset_key_id"`
AssetKeyHash []byte `json:"asset_key_hash"`
IndexTableName string `json:"index_table_name"`
}
Asset represents an item on the ledger. Datatypes are the datatypes associated with this asset. PublicData is accessible by any caller. PrivateData is encrypted by the asset key and is only accessible by those with access to asset key. OwnerIds represent asset owners, who have write access to the asset by default. Currently an asset can only have a single owner, so any element after the first one is automatically ignored. Metadata is used to store any data that describes the asset but is not part of the asset itself, e.g. data base name, connect string IndexTableName is the index table for an asset to save custom indices for querying.
func (*Asset) Copy ¶
Copy returns a copy of the asset as a new object. Callers can use this function to copy an object to avoid using reference pointers.
func (*Asset) GetDatastoreConnectionID ¶
GetDatastoreConnectionID returns the datastore connection ID of an asset if one is set.
func (*Asset) SetDatastoreConnectionID ¶
SetDatastoreConnectionID sets the datastore connection ID for an asset. If an asset has a DatastoreConnectionID set then it will be saved to that datastore.
type Consent ¶
type Consent struct {
ConsentID string `json:"consent_id"`
ConsentAssetID string `json:"consent_asset_id"`
AssetKeyID string `json:"asset_key_id"`
CreatorID string `json:"creator_id"`
OwnerID string `json:"owner_id"`
TargetID string `json:"target_id"`
DatatypeID string `json:"datatype_id"`
Access string `json:"access"`
ExpirationDate int64 `json:"expiration_date"`
ConsentDate int64 `json:"consent_date"`
Data interface{} `json:"data"`
ConnectionID string `json:"connection_id"`
}
Consent represents access given to all assets of a particular datatype, from one user/group to another, for a specified period of time.
Callers should not pass in the ConsentID, ConsentAssetID, AssetKeyID, or CreatorID fields.
Supply the following fields:
- OwnerID: de-identified UUID of the user giving the consent
- TargetID: de-identified UUID of the user receiving the consent
- DatatypeID: UUID of the datatype consent is given through
- Access: level of consent given
- ExpirationDate: consent expiration date
- ConsentDate: date of the last update to the consent's Access field
If caller is not the owner, caller must have access to owner’s RSA keys. ConsentID is hash(ConsentPrefix + DatatypeID + TargetID + OwnerID).
Optional fields:
- Data: arbitrary data specified by the solution developer
- ConnectionID: the connection ID for an off-chain datastore. If this is provided, the Consent's encrypted private data will be saved to that datastore.
De-identified fields:
- CreatorID
- OwnerID
- TargetID
type Datatype ¶
type Datatype struct {
DatatypeID string `json:"datatype_id"`
Description string `json:"description"`
IsActive bool `json:"is_acive"`
}
Datatype represents a type that can be used to classify assets. Datatypes are stored in a tree structure. Datatypes can have sub-datatypes. All datatype information is public
type EncryptedData ¶
type EncryptedData struct {
Encrypted []byte `json:"encrypted"`
}
EncryptedData stores data in order to identify it as encrypted.
func (*EncryptedData) Load ¶
func (e *EncryptedData) Load(encryptedDataByte []byte) error
Load unmarshals an encryptedDataByte into an EncryptedData object
type ExportableTransactionLog ¶
type ExportableTransactionLog struct {
EncryptedTransactionLog string `json:"encrypted_transaction_log"`
EncryptedLogEncryptionKey string `json:"encrypted_log_encryption_key"`
EncryptedSymKey string `json:"encrypted_sym_key"`
}
ExportableTransactionLog is designed to securely pass a transaction log for a query to outside of the chaincode and be sent back into the chaincode in an invoke context. This is because queries do not write to the ledger.
type Key ¶
Key is used for encrypting asset data and other keys on the ledger. Type can be KEY_TYPE_PRIVATE, KEY_TYPE_PUBLIC, or KEY_TYPE_SYM. Refer to key_mgmt package for more info.
func (*Key) GetLogSymKeyId ¶
GetLogSymKeyId returns the ID of a log sym key.
Example ¶
key := Key{ID: "key1"}
logSymKeyId := key.GetLogSymKeyId()
fmt.Println(logSymKeyId)
Output: log-sym-key1
type Keys ¶
type Keys struct {
PublicKey string `json:"public_key"`
PrivateKey string `json:"private_key"`
SymKey string `json:"sym_key"`
}
Keys is used in user_mgmt.GetUserKeys to return a user's public, private, and sym keys.
type TransactionLog ¶
type TransactionLog struct {
TransactionID string `json:"transaction_id"`
Namespace string `json:"namespace"`
FunctionName string `json:"function_name"`
CallerID string `json:"caller_id"`
Timestamp int64 `json:"timestamp"`
Data interface{} `json:"data"`
Field1 interface{} `json:"field_1"`
Field2 interface{} `json:"field_2"`
Field3 interface{} `json:"field_3"`
Field4 interface{} `json:"field_4"`
Field5 interface{} `json:"field_5"`
Field6 interface{} `json:"field_6"`
Field7 interface{} `json:"field_7"`
Field8 interface{} `json:"field_8"`
ConnectionID string `json:"connection_id"`
}
TransactionLog stores data about an individual invoke or query ledger transaction. Use the data field to store arbitrary data about your transaction. Fields 1-8 should be used as index fields. To index logs by a particular data field, store it in one of these fields. Additionally, the data field can be used to store arbitrary data. Multi-level indexing can be achieved by storing a concatenation of two pieces of data in the data field.
type User ¶
type User struct {
ID string `json:"id"`
Name string `json:"name"`
Role string `json:"role"`
PublicKey *rsa.PublicKey `json:"-"`
PublicKeyB64 string `json:"public_key"`
IsGroup bool `json:"is_group"`
Status string `json:"status"`
SolutionPublicData interface{} `json:"solution_public_data"`
ConnectionID string `json:"connection_id"`
// private data
Email string `json:"email"`
PrivateKey *rsa.PrivateKey `json:"-"`
PrivateKeyB64 string `json:"private_key"`
SymKey []byte `json:"-"`
SymKeyB64 string `json:"sym_key"`
KmsPublicKeyId string `json:"kms_public_key_id"`
KmsPrivateKeyId string `json:"kms_private_key_id"`
KmsSymKeyId string `json:"kms_sym_key_id"`
Secret string `json:"secret"`
SolutionPrivateData interface{} `json:"solution_private_data"`
}
User represents either a person or a group. A group is an organization and can have admins, members, and subgroups. De-identified fields:
- ID
- Name
- Org
func (*User) ConvertToAsset ¶
ConvertToAsset converts a user to an asset.
func (*User) Equal ¶
Equal returns true if two users objects are equal.
Example ¶
user := User{
ID: "user1",
Name: "name1",
Role: "user",
IsGroup: false,
}
person := User{
ID: "user1",
Name: "name1",
Role: "user",
IsGroup: false,
}
isEqual := user.Equal(person)
fmt.Println(isEqual)
Output: true
func (*User) GetLogSymKey ¶
GetLogSymKey deterministically generates and returns a log sym key for the user.
func (*User) GetLogSymKeyId ¶
GetLogSymKeyId returns the ID of the log sym key of the user.
Example ¶
user := User{ID: "user1"}
logSymKeyId := user.GetLogSymKeyId()
fmt.Println(logSymKeyId)
Output: log-sym-user1
func (*User) GetPrivateDataBytes ¶
GetPrivateDataBytes turns user's private data into bytes.
func (*User) GetPrivateKey ¶
GetPrivateKey returns the private key of the user.
func (*User) GetPrivateKeyHashSymKey ¶
GetPrivateKeyHashSymKey deterministically generates and returns a sym key from hash of the user's private key.
func (*User) GetPrivateKeyHashSymKeyId ¶
GetPrivateKeyHashSymKeyId returns the ID of the private-key-hash sym key of the user.
Example ¶
user := User{ID: "user1"}
privateKeyHashSymKeyId := user.GetPrivateKeyHashSymKeyId()
fmt.Println(privateKeyHashSymKeyId)
Output: private-hash-user1
func (*User) GetPubPrivKeyId ¶
GetPubPrivKeyId returns the ID of the public/private key of the user.
Example ¶
user := User{ID: "user1"}
pubPrivKeyId := user.GetPubPrivKeyId()
fmt.Println(pubPrivKeyId)
Output: pub-priv-user1
func (*User) GetPublicDataBytes ¶
GetPublicDataBytes turns user's public data into bytes.
func (*User) GetPublicKey ¶
GetPublicKey returns the public key of the user.
func (*User) GetSymKeyId ¶
GetSymKeyId returns the ID of the sym key of the user.
Example ¶
user := User{ID: "user1"}
symKeyId := user.GetSymKeyId()
fmt.Println(symKeyId)
Output: sym-user1
func (*User) IsSameUser ¶
IsSameUser checks if two users are the same by checking only minimally required fields Does not compare Email, Status, IsGroup, Secret, SolutionPublicData, and SolutionPrivateData.
func (*User) IsSystemAdmin ¶
IsSystemAdmin returns true if user's role is ROLE_SYSTEM_ADMIN.
func (*User) LoadFromAsset ¶
LoadFromAsset converts an asset to a user object.
type UserPrivateData ¶
type UserPrivateData struct {
Email string `json:"email"`
KmsPublicKeyId string `json:"kms_public_key_id"`
KmsPrivateKeyId string `json:"kms_private_key_id"`
KmsSymKeyId string `json:"kms_sym_key_id"`
Secret string `json:"secret"`
SolutionPrivateData interface{} `json:"solution_private_data"`
}
UserPrivateData is private data of the user object.
type UserPublicData ¶
type UserPublicData struct {
ID string `json:"id"`
Name string `json:"name"`
Role string `json:"role"`
PublicKeyB64 string `json:"public_key"`
IsGroup bool `json:"is_group"`
Status string `json:"status"`
SolutionPublicData interface{} `json:"solution_public_data"`
ConnectionID string `json:"connection_id"`
}
UserPublicData is public data of the user object.
Source Files
Directories