Documentation

Index

Constants

View Source
const (
	// IdemixTokenVersion1 represents version 1 of the authorization token created using Idemix credential
	IdemixTokenVersion1 = "1"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AddAffiliationRequest

type AddAffiliationRequest struct {
	Name   string `json:"name"`
	Force  bool   `json:"force"`
	CAName string `json:"caname,omitempty"`
}

    AddAffiliationRequest represents the request to add a new affiliation to the fabric-ca-server

    type AddAffiliationRequestNet

    type AddAffiliationRequestNet struct {
    	AddAffiliationRequest
    }

      AddAffiliationRequestNet is a network request for adding a new affiliation

      type AddIdentityRequest

      type AddIdentityRequest struct {
      	ID             string      `json:"id" skip:"true"`
      	Type           string      `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"`
      	Affiliation    string      `json:"affiliation" help:"The identity's affiliation"`
      	Attributes     []Attribute `json:"attrs" mapstructure:"attrs" `
      	MaxEnrollments int         `` /* 153-byte string literal not displayed */
      	// Secret is an optional password.  If not specified,
      	// a random secret is generated.  In both cases, the secret
      	// is returned in the RegistrationResponse.
      	Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being added"`
      	CAName string `json:"caname,omitempty" skip:"true"`
      }

        AddIdentityRequest represents the request to add a new identity to the fabric-ca-server

        type AddIdentityRequestNet

        type AddIdentityRequestNet struct {
        	AddIdentityRequest
        }

          AddIdentityRequestNet is a network request for adding a new identity

          type AffiliationInfo

          type AffiliationInfo struct {
          	Name         string            `json:"name"`
          	Affiliations []AffiliationInfo `json:"affiliations,omitempty"`
          	Identities   []IdentityInfo    `json:"identities,omitempty"`
          }

            AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.

            type AffiliationResponse

            type AffiliationResponse struct {
            	AffiliationInfo `mapstructure:",squash"`
            	CAName          string `json:"caname,omitempty"`
            }

              AffiliationResponse contains the response for get, add, modify, and remove an affiliation

              type Attribute

              type Attribute struct {
              	Name  string `json:"name"`
              	Value string `json:"value"`
              	ECert bool   `json:"ecert,omitempty"`
              }

                Attribute is a name and value pair

                func (*Attribute) GetName

                func (a *Attribute) GetName() string

                  GetName returns the name of the attribute

                  func (*Attribute) GetValue

                  func (a *Attribute) GetValue() string

                    GetValue returns the value of the attribute

                    type AttributeRequest

                    type AttributeRequest struct {
                    	Name     string `json:"name"`
                    	Optional bool   `json:"optional,omitempty"`
                    }

                      AttributeRequest is a request for an attribute. This implements the certmgr/AttributeRequest interface.

                      func (*AttributeRequest) GetName

                      func (ar *AttributeRequest) GetName() string

                        GetName returns the name of an attribute being requested

                        func (*AttributeRequest) IsRequired

                        func (ar *AttributeRequest) IsRequired() bool

                          IsRequired returns true if the attribute being requested is required

                          type CAInfoResponseNet

                          type CAInfoResponseNet struct {
                          	// CAName is a unique name associated with fabric-ca-server's CA
                          	CAName string
                          	// Base64 encoding of PEM-encoded certificate chain
                          	CAChain string
                          	// Base64 encoding of Idemix issuer public key
                          	IssuerPublicKey string
                          	// Base64 encoding of PEM-encoded Idemix issuer revocation public key
                          	IssuerRevocationPublicKey string
                          	// Version of the server
                          	Version string
                          }

                            CAInfoResponseNet is the response to the GET /info request

                            type CSRInfo

                            type CSRInfo struct {
                            	CN           string        `json:"CN"`
                            	Names        []csr.Name    `json:"names,omitempty"`
                            	Hosts        []string      `json:"hosts,omitempty"`
                            	KeyRequest   *KeyRequest   `json:"key,omitempty"`
                            	CA           *csr.CAConfig `json:"ca,omitempty" hide:"true"`
                            	SerialNumber string        `json:"serial_number,omitempty"`
                            }

                              CSRInfo is Certificate Signing Request (CSR) Information

                              type CertificateResponse

                              type CertificateResponse struct {
                              	Certs []string `json:"certs"`
                              }

                                CertificateResponse contains the response from Get or Delete certificate request.

                                type EnrollmentRequest

                                type EnrollmentRequest struct {
                                	// The identity name to enroll
                                	Name string `json:"name" skip:"true"`
                                	// The secret returned via Register
                                	Secret string `json:"secret,omitempty" skip:"true" mask:"password"`
                                	// CAName is the name of the CA to connect to
                                	CAName string `json:"caname,omitempty" skip:"true"`
                                	// AttrReqs are requests for attributes to add to the certificate.
                                	// Each attribute is added only if the requestor owns the attribute.
                                	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
                                	// Profile is the name of the signing profile to use in issuing the X509 certificate
                                	Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"`
                                	// Label is the label to use in HSM operations
                                	Label string `json:"label,omitempty" help:"Label to use in HSM operations"`
                                	// CSR is Certificate Signing Request info
                                	CSR *CSRInfo `json:"csr,omitempty" skip:"true"` // Skipping this because we pull the CSR from the CSR flags
                                	// The type of the enrollment request: x509 or idemix
                                	// The default is a request for an X509 enrollment certificate
                                	Type string `def:"x509" help:"The type of enrollment request: 'x509' or 'idemix'"`
                                }

                                  EnrollmentRequest is a request to enroll an identity

                                  func (EnrollmentRequest) String

                                  func (er EnrollmentRequest) String() string

                                  type EnrollmentRequestNet

                                  type EnrollmentRequestNet struct {
                                  	signer.SignRequest
                                  	CAName   string
                                  	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
                                  }

                                    EnrollmentRequestNet is a request to enroll an identity

                                    type EnrollmentResponseNet

                                    type EnrollmentResponseNet struct {
                                    	// Base64 encoded PEM-encoded ECert
                                    	Cert string
                                    	// The server information
                                    	ServerInfo CAInfoResponseNet
                                    }

                                      EnrollmentResponseNet is the response to the /enroll request

                                      type GenCRLRequest

                                      type GenCRLRequest struct {
                                      	CAName        string    `json:"caname,omitempty" skip:"true"`
                                      	RevokedAfter  time.Time `json:"revokedafter,omitempty"`
                                      	RevokedBefore time.Time `json:"revokedbefore,omitempty"`
                                      	ExpireAfter   time.Time `json:"expireafter,omitempty"`
                                      	ExpireBefore  time.Time `json:"expirebefore,omitempty"`
                                      }

                                        GenCRLRequest represents a request to get CRL for the specified certificate authority

                                        type GenCRLResponse

                                        type GenCRLResponse struct {
                                        	// CRL is PEM-encoded certificate revocation list (CRL) that contains requested unexpired revoked certificates
                                        	CRL []byte
                                        }

                                          GenCRLResponse represents a response to get CRL

                                          type GetAllIDsResponse

                                          type GetAllIDsResponse struct {
                                          	Identities []IdentityInfo `json:"identities"`
                                          	CAName     string         `json:"caname,omitempty"`
                                          }

                                            GetAllIDsResponse is the response from the GetAllIdentities call

                                            type GetCAInfoRequest

                                            type GetCAInfoRequest struct {
                                            	CAName string `json:"caname,omitempty" skip:"true"`
                                            }

                                              GetCAInfoRequest is request to get generic CA information

                                              type GetCRIRequest

                                              type GetCRIRequest struct {
                                              	CAName string `json:"caname,omitempty" skip:"true"`
                                              }

                                                GetCRIRequest is a request to send to server to get Idemix credential revocation information

                                                type GetCRIResponse

                                                type GetCRIResponse struct {
                                                	// CRI is base64 encoded proto bytes of idemix.CredentialRevocationInformation
                                                	CRI string
                                                }

                                                  GetCRIResponse is the response from the server for get CRI request

                                                  type GetCertificatesRequest

                                                  type GetCertificatesRequest struct {
                                                  	ID         string    `skip:"true"`                                    // Get certificates for this enrollment ID
                                                  	AKI        string    `help:"Get certificates for this AKI"`           // Get certificate that matches this AKI
                                                  	Serial     string    `help:"Get certificates for this serial number"` // Get certificate that matches this serial
                                                  	Revoked    TimeRange `skip:"true"`                                    // Get certificates which were revoked between the specified time range
                                                  	Expired    TimeRange `skip:"true"`                                    // Get certificates which expire between the specified time range
                                                  	NotExpired bool      `help:"Don't return expired certificates"`       // Don't return expired certificates
                                                  	NotRevoked bool      `help:"Don't return revoked certificates"`       // Don't return revoked certificates
                                                  	CAName     string    `skip:"true"`                                    // Name of CA to send request to within the server
                                                  }

                                                    GetCertificatesRequest represents the request to get certificates from the server per the enrollment ID and/or AKI and Serial. If neither ID or AKI/Serial are provided all certificates are returned which are in or under the caller's affiliation. By default all certificates are returned. However, only revoked and/or expired certificates can be requested by providing a time range.

                                                    type GetCertificatesRequestNet

                                                    type GetCertificatesRequestNet struct {
                                                    	GetCertificatesRequest
                                                    }

                                                      GetCertificatesRequestNet is a network request for getting certificates

                                                      type GetIDResponse

                                                      type GetIDResponse struct {
                                                      	ID             string      `json:"id" skip:"true"`
                                                      	Type           string      `json:"type" def:"user"`
                                                      	Affiliation    string      `json:"affiliation"`
                                                      	Attributes     []Attribute `json:"attrs" mapstructure:"attrs" `
                                                      	MaxEnrollments int         `json:"max_enrollments" mapstructure:"max_enrollments"`
                                                      	CAName         string      `json:"caname,omitempty"`
                                                      }

                                                        GetIDResponse is the response from the GetIdentity call

                                                        type IdemixEnrollmentResponseNet

                                                        type IdemixEnrollmentResponseNet struct {
                                                        	// Base64 encoding of proto bytes of idemix.Credential
                                                        	Credential string
                                                        	// Attribute name-value pairs
                                                        	Attrs map[string]interface{}
                                                        	// Base64 encoding of proto bytes of idemix.CredentialRevocationInformation
                                                        	CRI string
                                                        	// Base64 encoding of the issuer nonce
                                                        	Nonce string
                                                        	// The CA information
                                                        	CAInfo CAInfoResponseNet
                                                        }

                                                          IdemixEnrollmentResponseNet is the response to the /idemix/credential request

                                                          type IdentityInfo

                                                          type IdentityInfo struct {
                                                          	ID             string      `json:"id"`
                                                          	Type           string      `json:"type"`
                                                          	Affiliation    string      `json:"affiliation"`
                                                          	Attributes     []Attribute `json:"attrs" mapstructure:"attrs"`
                                                          	MaxEnrollments int         `json:"max_enrollments" mapstructure:"max_enrollments"`
                                                          }

                                                            IdentityInfo contains information about an identity

                                                            type IdentityResponse

                                                            type IdentityResponse struct {
                                                            	ID             string      `json:"id" skip:"true"`
                                                            	Type           string      `json:"type,omitempty"`
                                                            	Affiliation    string      `json:"affiliation"`
                                                            	Attributes     []Attribute `json:"attrs,omitempty" mapstructure:"attrs"`
                                                            	MaxEnrollments int         `json:"max_enrollments,omitempty" mapstructure:"max_enrollments"`
                                                            	Secret         string      `json:"secret,omitempty"`
                                                            	CAName         string      `json:"caname,omitempty"`
                                                            }

                                                              IdentityResponse is the response from the any add/modify/remove identity call

                                                              type KeyRequest

                                                              type KeyRequest struct {
                                                              	Algo string `json:"algo" yaml:"algo" help:"Specify key algorithm"`
                                                              	Size int    `json:"size" yaml:"size" help:"Specify key size"`
                                                              }

                                                                KeyRequest encapsulates size and algorithm for the key to be generated

                                                                func NewKeyRequest

                                                                func NewKeyRequest() *KeyRequest

                                                                  NewKeyRequest returns the KeyRequest object that is constructed from the object returned by the csr.NewKeyRequest() function

                                                                  type KeySig

                                                                  type KeySig struct {
                                                                  	// Key is a public key
                                                                  	Key []byte `json:"key"`
                                                                  	// Sig is a signature over the PublicKey
                                                                  	Sig []byte `json:"sig"`
                                                                  	// Alg is the signature algorithm
                                                                  	Alg string `json:"alg"`
                                                                  }

                                                                    KeySig is a public key, signature, and signature algorithm tuple

                                                                    type ModifyAffiliationRequest

                                                                    type ModifyAffiliationRequest struct {
                                                                    	Name    string
                                                                    	NewName string `json:"name"`
                                                                    	Force   bool   `json:"force"`
                                                                    	CAName  string `json:"caname,omitempty"`
                                                                    }

                                                                      ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server

                                                                      type ModifyAffiliationRequestNet

                                                                      type ModifyAffiliationRequestNet struct {
                                                                      	ModifyAffiliationRequest
                                                                      }

                                                                        ModifyAffiliationRequestNet is a network request for modifying an existing affiliation

                                                                        type ModifyIdentityRequest

                                                                        type ModifyIdentityRequest struct {
                                                                        	ID             string      `skip:"true"`
                                                                        	Type           string      `json:"type" help:"Type of identity being registered (e.g. 'peer, app, user')"`
                                                                        	Affiliation    string      `json:"affiliation" help:"The identity's affiliation"`
                                                                        	Attributes     []Attribute `mapstructure:"attrs" json:"attrs"`
                                                                        	MaxEnrollments int         `mapstructure:"max_enrollments" json:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll"`
                                                                        	Secret         string      `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity"`
                                                                        	CAName         string      `json:"caname,omitempty" skip:"true"`
                                                                        }

                                                                          ModifyIdentityRequest represents the request to modify an existing identity on the fabric-ca-server

                                                                          type ModifyIdentityRequestNet

                                                                          type ModifyIdentityRequestNet struct {
                                                                          	ModifyIdentityRequest
                                                                          }

                                                                            ModifyIdentityRequestNet is a network request for modifying an existing identity

                                                                            type ReenrollmentRequest

                                                                            type ReenrollmentRequest struct {
                                                                            	// Profile is the name of the signing profile to use in issuing the certificate
                                                                            	Profile string `json:"profile,omitempty"`
                                                                            	// Label is the label to use in HSM operations
                                                                            	Label string `json:"label,omitempty"`
                                                                            	// CSR is Certificate Signing Request info
                                                                            	CSR *CSRInfo `json:"csr,omitempty"`
                                                                            	// CAName is the name of the CA to connect to
                                                                            	CAName string `json:"caname,omitempty" skip:"true"`
                                                                            	// AttrReqs are requests for attributes to add to the certificate.
                                                                            	// Each attribute is added only if the requestor owns the attribute.
                                                                            	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
                                                                            }

                                                                              ReenrollmentRequest is a request to reenroll an identity. This is useful to renew a certificate before it has expired.

                                                                              type ReenrollmentRequestNet

                                                                              type ReenrollmentRequestNet struct {
                                                                              	signer.SignRequest
                                                                              	CAName   string
                                                                              	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
                                                                              }

                                                                                ReenrollmentRequestNet is a request to reenroll an identity. This is useful to renew a certificate before it has expired.

                                                                                type RegistrationRequest

                                                                                type RegistrationRequest struct {
                                                                                	// Name is the unique name of the identity
                                                                                	Name string `json:"id" help:"Unique name of the identity"`
                                                                                	// Type of identity being registered (e.g. "peer, app, user")
                                                                                	Type string `json:"type" def:"client" help:"Type of identity being registered (e.g. 'peer, app, user')"`
                                                                                	// Secret is an optional password.  If not specified,
                                                                                	// a random secret is generated.  In both cases, the secret
                                                                                	// is returned in the RegistrationResponse.
                                                                                	Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"`
                                                                                	// MaxEnrollments is the maximum number of times the secret can
                                                                                	// be reused to enroll.
                                                                                	MaxEnrollments int `` /* 132-byte string literal not displayed */
                                                                                	// is returned in the response.
                                                                                	// The identity's affiliation.
                                                                                	// For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1".
                                                                                	Affiliation string `json:"affiliation" help:"The identity's affiliation"`
                                                                                	// Attributes associated with this identity
                                                                                	Attributes []Attribute `json:"attrs,omitempty"`
                                                                                	// CAName is the name of the CA to connect to
                                                                                	CAName string `json:"caname,omitempty" skip:"true"`
                                                                                }

                                                                                  RegistrationRequest for a new identity

                                                                                  func (*RegistrationRequest) String

                                                                                  func (rr *RegistrationRequest) String() string

                                                                                  type RegistrationRequestNet

                                                                                  type RegistrationRequestNet struct {
                                                                                  	RegistrationRequest
                                                                                  }

                                                                                    RegistrationRequestNet is the registration request for a new identity

                                                                                    type RegistrationResponse

                                                                                    type RegistrationResponse struct {
                                                                                    	// The secret returned from a successful registration response
                                                                                    	Secret string `json:"secret"`
                                                                                    }

                                                                                      RegistrationResponse is a registration response

                                                                                      type RegistrationResponseNet

                                                                                      type RegistrationResponseNet struct {
                                                                                      	RegistrationResponse
                                                                                      }

                                                                                        RegistrationResponseNet is a registration response

                                                                                        type RemoveAffiliationRequest

                                                                                        type RemoveAffiliationRequest struct {
                                                                                        	Name   string
                                                                                        	Force  bool   `json:"force"`
                                                                                        	CAName string `json:"caname,omitempty"`
                                                                                        }

                                                                                          RemoveAffiliationRequest represents the request to remove an existing affiliation from the fabric-ca-server

                                                                                          type RemoveIdentityRequest

                                                                                          type RemoveIdentityRequest struct {
                                                                                          	ID     string `skip:"true"`
                                                                                          	Force  bool   `json:"force"`
                                                                                          	CAName string `json:"caname,omitempty" skip:"true"`
                                                                                          }

                                                                                            RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server

                                                                                            type RevocationRequest

                                                                                            type RevocationRequest struct {
                                                                                            	// Name of the identity whose certificates should be revoked
                                                                                            	// If this field is omitted, then Serial and AKI must be specified.
                                                                                            	Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"`
                                                                                            	// Serial number of the certificate to be revoked
                                                                                            	// If this is omitted, then Name must be specified
                                                                                            	Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"`
                                                                                            	// AKI (Authority Key Identifier) of the certificate to be revoked
                                                                                            	AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"`
                                                                                            	// Reason is the reason for revocation.  See https://godoc.org/golang.org/x/crypto/ocsp for
                                                                                            	// valid values.  The default value is 0 (ocsp.Unspecified).
                                                                                            	Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"`
                                                                                            	// CAName is the name of the CA to connect to
                                                                                            	CAName string `json:"caname,omitempty" skip:"true"`
                                                                                            	// GenCRL specifies whether to generate a CRL
                                                                                            	GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"`
                                                                                            }

                                                                                              RevocationRequest is a revocation request for a single certificate or all certificates associated with an identity. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.

                                                                                              type RevocationRequestNet

                                                                                              type RevocationRequestNet struct {
                                                                                              	RevocationRequest
                                                                                              }

                                                                                                RevocationRequestNet is a revocation request which flows over the network to the fabric-ca server. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.

                                                                                                type RevocationResponse

                                                                                                type RevocationResponse struct {
                                                                                                	// RevokedCerts is an array of certificates that were revoked
                                                                                                	RevokedCerts []RevokedCert
                                                                                                	// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
                                                                                                	CRL []byte
                                                                                                }

                                                                                                  RevocationResponse represents response from the server for a revocation request

                                                                                                  type RevokedCert

                                                                                                  type RevokedCert struct {
                                                                                                  	// Serial number of the revoked certificate
                                                                                                  	Serial string
                                                                                                  	// AKI of the revoked certificate
                                                                                                  	AKI string
                                                                                                  }

                                                                                                    RevokedCert represents a revoked certificate

                                                                                                    type TimeRange

                                                                                                    type TimeRange struct {
                                                                                                    	StartTime string
                                                                                                    	EndTime   string
                                                                                                    }

                                                                                                      TimeRange specifies a range of time