Documentation

Overview

    Package msp enables creation and update of users on a Fabric network. Msp client supports the following actions: Enroll, Reenroll, Register, Revoke and GetSigningIdentity.

    Basic Flow:
    1) Prepare client context
    2) Create msp client
    3) Register user
    4) Enroll user
    
    Example
    Output:
    
    enroll user is completed
    

    Index

    Examples

    Constants

    This section is empty.

    Variables

    View Source
    var (
    	// ErrUserNotFound indicates the user was not found
    	ErrUserNotFound = errors.New("user not found")
    )

    Functions

    This section is empty.

    Types

    type AffiliationInfo

    type AffiliationInfo struct {
    	Name         string
    	Affiliations []AffiliationInfo
    	Identities   []IdentityInfo
    }

      AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.

      type AffiliationRequest

      type AffiliationRequest struct {
      	// Name of the affiliation
      	Name string
      
      	// Creates parent affiliations if they do not exist
      	Force bool
      
      	// Name of the CA
      	CAName string
      }

        AffiliationRequest represents the request to add/remove affiliation to the fabric-ca-server

        type AffiliationResponse

        type AffiliationResponse struct {
        	AffiliationInfo
        	CAName string
        }

          AffiliationResponse contains the response for get, add, modify, and remove an affiliation

          type Attribute

          type Attribute struct {
          	Name  string
          	Value string
          	ECert bool
          }

            Attribute defines additional attributes that may be passed along during registration

            type AttributeRequest

            type AttributeRequest struct {
            	Name     string
            	Optional bool
            }

              AttributeRequest is a request for an attribute.

              type CSRInfo

              type CSRInfo struct {
              	CN    string
              	Hosts []string
              }

                CSRInfo is Certificate Signing Request (CSR) Information

                type Client

                type Client struct {
                	// contains filtered or unexported fields
                }

                  Client enables access to Client services

                  func New

                  func New(clientProvider context.ClientProvider, opts ...ClientOption) (*Client, error)

                    New creates a new Client instance

                    Example
                    Output:
                    
                    msp client created
                    

                    func (*Client) AddAffiliation

                    func (c *Client) AddAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)

                      AddAffiliation adds a new affiliation to the server

                      func (*Client) CreateIdentity

                      func (c *Client) CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)

                        CreateIdentity creates a new identity with the Fabric CA server. An enrollment secret is returned which can then be used, along with the enrollment ID, to enroll a new identity.

                        Parameters:
                        request holds info about identity
                        
                        Returns:
                        Return identity info including the secret
                        
                        Example
                        Output:
                        
                        identity '123' created
                        

                        func (*Client) CreateSigningIdentity

                        func (c *Client) CreateSigningIdentity(opts ...mspctx.SigningIdentityOption) (mspctx.SigningIdentity, error)

                          CreateSigningIdentity creates a signing identity with the given options

                          Example
                          Output:
                          
                          create signing identity is completed
                          

                          func (*Client) Enroll

                          func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error

                            Enroll enrolls a registered user in order to receive a signed X509 certificate. A new key pair is generated for the user. The private key and the enrollment certificate issued by the CA are stored in SDK stores. They can be retrieved by calling IdentityManager.GetSigningIdentity().

                            Parameters:
                            enrollmentID enrollment ID of a registered user
                            opts are optional enrollment options
                            
                            Returns:
                            an error if enrollment fails
                            
                            Example
                            Output:
                            
                            enroll user is completed
                            

                            func (*Client) GetAffiliation

                            func (c *Client) GetAffiliation(affiliation string, opts ...RequestOption) (*AffiliationResponse, error)

                              GetAffiliation returns information about the requested affiliation

                              func (*Client) GetAllAffiliations

                              func (c *Client) GetAllAffiliations(opts ...RequestOption) (*AffiliationResponse, error)

                                GetAllAffiliations returns all affiliations that the caller is authorized to see

                                func (*Client) GetAllIdentities

                                func (c *Client) GetAllIdentities(opts ...RequestOption) ([]*IdentityResponse, error)

                                  GetAllIdentities returns all identities that the caller is authorized to see

                                  Parameters:
                                  options holds optional request options
                                  Returns:
                                  Response containing identities
                                  
                                  Example
                                  Output:
                                  
                                  2 identities retrieved
                                  

                                  func (*Client) GetCAInfo

                                  func (c *Client) GetCAInfo() (*GetCAInfoResponse, error)

                                    GetCAInfo returns generic CA information

                                    func (*Client) GetIdentity

                                    func (c *Client) GetIdentity(ID string, opts ...RequestOption) (*IdentityResponse, error)

                                      GetIdentity retrieves identity information.

                                      Parameters:
                                      ID is required identity ID
                                      options holds optional request options
                                      
                                      Returns:
                                      Response containing identity information
                                      
                                      Example
                                      Output:
                                      
                                      identity '123' retrieved
                                      

                                      func (*Client) GetSigningIdentity

                                      func (c *Client) GetSigningIdentity(id string) (mspctx.SigningIdentity, error)

                                        GetSigningIdentity returns signing identity for id

                                        Parameters:
                                        id is user id
                                        
                                        Returns:
                                        signing identity
                                        
                                        Example
                                        Output:
                                        
                                        enroll user is completed
                                        

                                        func (*Client) ModifyAffiliation

                                        func (c *Client) ModifyAffiliation(request *ModifyAffiliationRequest) (*AffiliationResponse, error)

                                          ModifyAffiliation renames an existing affiliation on the server

                                          func (*Client) ModifyIdentity

                                          func (c *Client) ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error)

                                            ModifyIdentity modifies identity with the Fabric CA server.

                                            Parameters:
                                            request holds info about identity
                                            
                                            Returns:
                                            Return updated identity info
                                            
                                            Example
                                            Output:
                                            
                                            identity '123' modified
                                            

                                            func (*Client) Reenroll

                                            func (c *Client) Reenroll(enrollmentID string, opts ...EnrollmentOption) error

                                              Reenroll reenrolls an enrolled user in order to obtain a new signed X509 certificate

                                              Parameters:
                                              enrollmentID enrollment ID of a registered user
                                              
                                              Returns:
                                              an error if re-enrollment fails
                                              
                                              Example
                                              Output:
                                              
                                              reenroll user is completed
                                              

                                              func (*Client) Register

                                              func (c *Client) Register(request *RegistrationRequest) (string, error)

                                                Register registers a User with the Fabric CA

                                                Parameters:
                                                request is registration request
                                                
                                                Returns:
                                                enrolment secret
                                                
                                                Example
                                                Output:
                                                
                                                register user is completed
                                                

                                                func (*Client) RemoveAffiliation

                                                func (c *Client) RemoveAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)

                                                  RemoveAffiliation removes an existing affiliation from the server

                                                  func (*Client) RemoveIdentity

                                                  func (c *Client) RemoveIdentity(request *RemoveIdentityRequest) (*IdentityResponse, error)

                                                    RemoveIdentity removes identity with the Fabric CA server.

                                                    Parameters:
                                                    request holds info about identity to be removed
                                                    
                                                    Returns:
                                                    Return removed identity info
                                                    
                                                    Example
                                                    Output:
                                                    
                                                    identity '123' removed
                                                    

                                                    func (*Client) Revoke

                                                    func (c *Client) Revoke(request *RevocationRequest) (*RevocationResponse, error)

                                                      Revoke revokes a User with the Fabric CA

                                                      Parameters:
                                                      request is revocation request
                                                      
                                                      Returns:
                                                      revocation response
                                                      
                                                      Example
                                                      Output:
                                                      
                                                      revoke user is completed
                                                      

                                                      type ClientOption

                                                      type ClientOption func(*clientOptions) error

                                                        ClientOption describes a functional parameter for the New constructor

                                                        func WithCAInstance

                                                        func WithCAInstance(caID string) ClientOption

                                                          WithCAInstance option

                                                          Example
                                                          Output:
                                                          
                                                          msp client created with CA Instance
                                                          

                                                          func WithOrg

                                                          func WithOrg(orgName string) ClientOption

                                                            WithOrg option

                                                            Example
                                                            Output:
                                                            
                                                            msp client created with org
                                                            

                                                            type EnrollmentOption

                                                            type EnrollmentOption func(*enrollmentOptions) error

                                                              EnrollmentOption describes a functional parameter for Enroll

                                                              func WithAttributeRequests

                                                              func WithAttributeRequests(attrReqs []*AttributeRequest) EnrollmentOption

                                                                WithAttributeRequests enrollment option

                                                                func WithCSR

                                                                func WithCSR(csr *CSRInfo) EnrollmentOption

                                                                  WithCSR enrollment option

                                                                  func WithLabel

                                                                  func WithLabel(label string) EnrollmentOption

                                                                    WithLabel enrollment option

                                                                    func WithProfile

                                                                    func WithProfile(profile string) EnrollmentOption

                                                                      WithProfile enrollment option

                                                                      func WithSecret

                                                                      func WithSecret(secret string) EnrollmentOption

                                                                        WithSecret enrollment option

                                                                        func WithType

                                                                        func WithType(typ string) EnrollmentOption

                                                                          WithType enrollment option

                                                                          type GetCAInfoResponse

                                                                          type GetCAInfoResponse struct {
                                                                          	// CAName is the name of the CA
                                                                          	CAName string
                                                                          	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
                                                                          	// The 1st element of the chain is the root CA cert
                                                                          	CAChain []byte
                                                                          	// Idemix issuer public key of the CA
                                                                          	IssuerPublicKey []byte
                                                                          	// Idemix issuer revocation public key of the CA
                                                                          	IssuerRevocationPublicKey []byte
                                                                          	// Version of the server
                                                                          	Version string
                                                                          }

                                                                            GetCAInfoResponse is the response from the GetCAInfo call

                                                                            type IdentityInfo

                                                                            type IdentityInfo struct {
                                                                            	ID             string
                                                                            	Type           string
                                                                            	Affiliation    string
                                                                            	Attributes     []Attribute
                                                                            	MaxEnrollments int
                                                                            }

                                                                              IdentityInfo contains information about an identity

                                                                              type IdentityManager

                                                                              type IdentityManager interface {
                                                                              	GetSigningIdentity(name string) (msp.SigningIdentity, error)
                                                                              	CreateSigningIdentity(ops ...msp.SigningIdentityOption) (msp.SigningIdentity, error)
                                                                              }

                                                                                IdentityManager provides management of identities in a Fabric network

                                                                                type IdentityRequest

                                                                                type IdentityRequest struct {
                                                                                
                                                                                	// The enrollment ID which uniquely identifies an identity (required)
                                                                                	ID string
                                                                                
                                                                                	// The identity's affiliation (required)
                                                                                	Affiliation string
                                                                                
                                                                                	// Array of attributes to assign to the user
                                                                                	Attributes []Attribute
                                                                                
                                                                                	// Type of identity being registered (e.g. 'peer, app, user'). Default is 'user'.
                                                                                	Type string
                                                                                
                                                                                	// The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
                                                                                	MaxEnrollments int
                                                                                
                                                                                	// The enrollment secret. If not provided, a random secret is generated.
                                                                                	Secret string
                                                                                
                                                                                	// Name of the CA to send the request to within the Fabric CA server (optional)
                                                                                	CAName string
                                                                                }

                                                                                  IdentityRequest represents the request to add/update identity to the fabric-ca-server

                                                                                  type IdentityResponse

                                                                                  type IdentityResponse struct {
                                                                                  
                                                                                  	// The enrollment ID which uniquely identifies an identity
                                                                                  	ID string
                                                                                  
                                                                                  	// The identity's affiliation
                                                                                  	Affiliation string
                                                                                  
                                                                                  	// Array of attributes assigned to the user
                                                                                  	Attributes []Attribute
                                                                                  
                                                                                  	// Type of identity (e.g. 'peer, app, user')
                                                                                  	Type string
                                                                                  
                                                                                  	// The maximum number of times the secret can be reused to enroll
                                                                                  	MaxEnrollments int
                                                                                  
                                                                                  	// The enrollment secret
                                                                                  	Secret string
                                                                                  
                                                                                  	// Name of the CA
                                                                                  	CAName string
                                                                                  }

                                                                                    IdentityResponse is the response from the any read/add/modify/remove identity call

                                                                                    type ModifyAffiliationRequest

                                                                                    type ModifyAffiliationRequest struct {
                                                                                    	AffiliationRequest
                                                                                    
                                                                                    	// New name of the affiliation
                                                                                    	NewName string
                                                                                    }

                                                                                      ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server

                                                                                      type RegistrationRequest

                                                                                      type RegistrationRequest struct {
                                                                                      	// Name is the unique name of the identity
                                                                                      	Name string
                                                                                      	// Type of identity being registered (e.g. "peer, app, user")
                                                                                      	Type string
                                                                                      	// MaxEnrollments is the number of times the secret can  be reused to enroll.
                                                                                      	// if omitted, this defaults to max_enrollments configured on the server
                                                                                      	MaxEnrollments int
                                                                                      	// The identity's affiliation e.g. org1.department1
                                                                                      	Affiliation string
                                                                                      	// Optional attributes associated with this identity
                                                                                      	Attributes []Attribute
                                                                                      	// CAName is the name of the CA to connect to
                                                                                      	CAName string
                                                                                      	// Secret is an optional password.  If not specified,
                                                                                      	// a random secret is generated.  In both cases, the secret
                                                                                      	// is returned from registration.
                                                                                      	Secret string
                                                                                      }

                                                                                        RegistrationRequest defines the attributes required to register a user with the CA

                                                                                        type RemoveIdentityRequest

                                                                                        type RemoveIdentityRequest struct {
                                                                                        
                                                                                        	// The enrollment ID which uniquely identifies an identity
                                                                                        	ID string
                                                                                        
                                                                                        	// Force delete
                                                                                        	Force bool
                                                                                        
                                                                                        	// Name of the CA
                                                                                        	CAName string
                                                                                        }

                                                                                          RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server

                                                                                          type RequestOption

                                                                                          type RequestOption func(*requestOptions) error

                                                                                            RequestOption func for each Opts argument

                                                                                            func WithCA

                                                                                            func WithCA(caName string) RequestOption

                                                                                              WithCA allows for specifying optional CA name (within the CA server instance)

                                                                                              Example
                                                                                              Output:
                                                                                              
                                                                                              2 identities retrieved
                                                                                              

                                                                                              type RevocationRequest

                                                                                              type RevocationRequest struct {
                                                                                              	// Name of the identity whose certificates should be revoked
                                                                                              	// If this field is omitted, then Serial and AKI must be specified.
                                                                                              	Name string
                                                                                              	// Serial number of the certificate to be revoked
                                                                                              	// If this is omitted, then Name must be specified
                                                                                              	Serial string
                                                                                              	// AKI (Authority Key Identifier) of the certificate to be revoked
                                                                                              	AKI string
                                                                                              	// Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp
                                                                                              	// for valid values. The default value is 0 (ocsp.Unspecified).
                                                                                              	Reason string
                                                                                              	// CAName is the name of the CA to connect to
                                                                                              	CAName string
                                                                                              	// GenCRL specifies whether to generate a CRL
                                                                                              	GenCRL bool
                                                                                              }

                                                                                                RevocationRequest defines the attributes required to revoke credentials with the CA

                                                                                                type RevocationResponse

                                                                                                type RevocationResponse struct {
                                                                                                	// RevokedCerts is an array of certificates that were revoked
                                                                                                	RevokedCerts []RevokedCert
                                                                                                	// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
                                                                                                	CRL []byte
                                                                                                }

                                                                                                  RevocationResponse represents response from the server for a revocation request

                                                                                                  type RevokedCert

                                                                                                  type RevokedCert struct {
                                                                                                  	// Serial number of the revoked certificate
                                                                                                  	Serial string
                                                                                                  	// AKI of the revoked certificate
                                                                                                  	AKI string
                                                                                                  }

                                                                                                    RevokedCert represents a revoked certificate