client

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2019 License: GPL-3.0 Imports: 27 Imported by: 1

Documentation

Overview

* * This file is part of go-palletone. * go-palletone is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * go-palletone is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with go-palletone. If not, see <http://www.gnu.org/licenses/>. * / * * * @author PalletOne core developer <dev@pallet.one> * * @date 2018 *

* * This file is part of go-palletone. * go-palletone is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * go-palletone is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with go-palletone. If not, see <http://www.gnu.org/licenses/>. * / * * * @author PalletOne core developer <dev@pallet.one> * * @date 2018 *

* * This file is part of go-palletone. * go-palletone is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * go-palletone is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with go-palletone. If not, see <http://www.gnu.org/licenses/>. * / * * * @author PalletOne core developer <dev@pallet.one> * * @date 2018 *

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Register 

func Register(ca *PalletCAClient, identity *Identity, req *CARegistrationRequest) ([]byte, error)

func Revoke 

func Revoke(ca *PalletCAClient, identity *Identity, req *CARevocationRequest) ([]byte, error)

func SaveCrl 

func SaveCrl(ca *PalletCAClient, request *CARevocationRequest, result *CARevokeResult) ([]byte, error)

Save crl

Types

type BasicKeyRequest 

type BasicKeyRequest struct {
	Algo string `json:"algo" yaml:"algo"`
	Size int    `json:"size" yaml:"size"`
}

BasicKeyRequest encapsulates size and algorithm for the key to be generated

type CAGetCertResponse 

type CAGetCertResponse struct {
	// RootCertificates is list of pem encoded certificates
	RootCertificates []*x509.Certificate
	// IntermediateCertificates is list of pem encoded intermediate certificates
	IntermediateCertificates []*pem.Block
	// CAName is the name of the CA server that returns this certificates
	CAName string
	// Version is the version of server that returns this certificates
	Version string
}

CAGetCertsResponse holds response from `GetCaCertificateChain`

func GetCertificateChain 

func GetCertificateChain(ca *PalletCAClient, identity *Identity, caName string) (CAGetCertResponse, error)

type CAGetIdentityResponse 

type CAGetIdentityResponse struct {
	CaIdentityResponse
	CAName string `json:"caname"`
}

func GetIndentity 

func GetIndentity(ca *PalletCAClient, identity *Identity, id string, caName string) (CAGetIdentityResponse, error)

type CAListAllIdentitesResponse 

type CAListAllIdentitesResponse struct {
	CAName     string               `json:"caname"`
	Identities []CaIdentityResponse `json:"identities,omitempty"`
}

func GetIndentities 

func GetIndentities(ca *PalletCAClient, identity *Identity) (CAListAllIdentitesResponse, error)

type CARegistrationRequest 

type CARegistrationRequest struct {
	// EnrolmentId is unique name that identifies identity
	EnrolmentId string `json:"id"`
	// Type defines type of this identity (user,client, auditor etc...)
	Type string `json:"type"`
	// Secret is password that will be used for enrollment. If not provided random password will be generated
	Secert string `json:"secert,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"`
	// MaxEnrollments define maximum number of times that identity can enroll. If not provided or is 0 there is no limit
	MaxEnrollments int `json:"max_enrollments,omitempty"`
	// Affiliation associates identity with particular organisation.
	Affiliation string `json:"affiliation" help:"The identity's affiliation"`
	// Attrs are attributes associated with this identity
	Attrs []CaRegisterAttribute `json:"attrs,omitempty"`
	// CAName is the name of the CA that should be used.
	CAName string `json:"caname,omitempty" skip:"true"`
}

RegistrationRequest holds all data needed for new registration of new user in Certificate Authority

type CARevocationRequest 

type CARevocationRequest struct {
	EnrollmentId string `json:"id,omitempty"`
	Serial       string `json:"serial,omitempty"`
	AKI          string `json:"aki,omitempty"`
	Reason       string `json:"reason,omitempty"`
	CAName       string `json:"caname,omitempty"`
	// GenCRL specifies whether to generate a CRL. CRL will be returned only when AKI and Serial are provided.
	GenCRL bool `json:"gencrl,omitempty"`
}

type CARevokeResult 

type CARevokeResult struct {
	RevokedCertificates []CaRevokeResultCertificate `json:"RevokedCerts"`
	CRL                 string                      `json:"CRL"`
}

type CSRInfo 

type CSRInfo struct {
	CN           string           `json:"CN"`
	Names        []csr.Name       `json:"names,omitempty"`
	Hosts        []string         `json:"hosts,omitempty"`
	KeyRequest   *BasicKeyRequest `json:"key,omitempty"`
	CA           *csr.CAConfig    `json:"ca,omitempty"`
	SerialNumber string           `json:"serial_number,omitempty"`
}

type CaEnrollAttribute 

type CaEnrollAttribute struct {
	// Name is the name of the attribute
	Name string `json:"name"`
	// Optional define behaviour when required attribute is not available to user. If `true` then request will continue,
	// but attribute will not be included in ECert. If `false` and attribute is missing, request will fail.
	// If false and attribute is available, request will continue and attribute will be added in ECert
	Optional bool `json:"optional,omitempty"`
}

type CaEnrollmentRequest 

type CaEnrollmentRequest struct {
	EnrollmentId string `json:"name" skip:"true"`
	// Secret is the password for this identity
	Secret  string `json:"secret,omitempty" skip:"true" mask:"password"`
	Profile string `json:"profile,omitempty"`
	//Label is used for hardware secure modules.
	Label  string `json:"label,omitempty"`
	CAName string `json:"caname,omitempty" skip:"true"`
	// Host is the list of valid host names for this certificate. If empty default hosts will be used
	Hosts []string `json:"hosts"`
	// Attrs are the attributes that must be included in ECert. This is subset of the attributes used in registration.
	Attrs []CaEnrollAttribute `json:"attr_reqs,omitempty"`
	// CSR is Certificate Signing Request info
	CSR *CSRInfo `json:"csr,omitempty" help:"Certificate Signing Request info"`
}

CaEnrollmentRequest holds data needed for getting ECert (enrollment) from CA server

type CaGenInfo 

type CaGenInfo struct {
	EnrolmentId string `json:"enrolmentid"`
	Name        string `json:"name"`
	Data        string `json:"data"`
	ECert       bool   `json:"ecert"`
	Type        string `json:"type"`
	Affiliation string `json:"affiliation"`
}

func NewCaGenInfo 

func NewCaGenInfo(address string, name string, data string, ecert bool, ty string, affiliation string) *CaGenInfo

func (*CaGenInfo) EnrollAdmin 

func (c *CaGenInfo) EnrollAdmin() error

You must register your administrator certificate first

func (*CaGenInfo) Enrolluser 

func (c *CaGenInfo) Enrolluser() ([]byte, error)

func (*CaGenInfo) GetCaCertificateChain 

func (c *CaGenInfo) GetCaCertificateChain(caName string) (*CAGetCertResponse, error)

func (*CaGenInfo) GetIndentities 

func (c *CaGenInfo) GetIndentities() (*CAListAllIdentitesResponse, error)

func (*CaGenInfo) GetIndentity 

func (c *CaGenInfo) GetIndentity(enrollmentid, caname string) (*CAGetIdentityResponse, error)

func (*CaGenInfo) Revoke 

func (c *CaGenInfo) Revoke(enrollmentid, reason string) ([]byte, error)

type CaIdentityResponse 

type CaIdentityResponse struct {
	ID             string                `json:"id"`
	Type           string                `json:"type"`
	Affiliation    string                `json:"affiliation"`
	Attributes     []CaRegisterAttribute `json:"attrs" mapstructure:"attrs"`
	MaxEnrollments int                   `json:"max_enrollments" mapstructure:"max_enrollments"`
}

type CaRegisterAttribute 

type CaRegisterAttribute struct {
	// Name is the name of the attribute.
	Name string `json:"name"`
	// Value is the value of the attribute. Can be empty string
	Value string `json:"value"`
	// ECert define how this attribute will be included in ECert. If this value is true this attribute will be
	// added to ECert automatically on Enrollment if no attributes are requested on Enrollment request.
	// ECert : certificate of registration
	ECert bool `json:"ecert,omitempty"`
}

CaRegisterAttribute holds user attribute used for registration for example user may have attr `accountType` with value `premium` this attributes can be accessed in chainCode and build business logic on top of them

type CaRevokeResultCertificate 

type CaRevokeResultCertificate struct {
	Serial string `json:"Serial"`
	AKI    string `json:"AKI"`
}

CaRevokeResultCertificate identify revoked certificate

type CryptoSuite 

type CryptoSuite interface {
	// GenerateKey returns PrivateKey.
	GenerateKey() (interface{}, error)
	// CreateCertificateRequest will create CSR request. It takes enrolmentId and Private key
	CreateCertificateRequest(enrollmentId string, key interface{}, hosts []string) ([]byte, error)
	// Sign signs message. It takes message to sign and Private key
	Sign(msg []byte, k interface{}) ([]byte, error)
	// Hash computes Hash value of provided data. Hash function will be different in different crypto implementations.
	Hash(data []byte) []byte
}

CryptSuite defines common interface for different crypto implementations.

func NewECCryptoSuiteFromConfig 

func NewECCryptoSuiteFromConfig(conf config.CryptoConfig) (CryptoSuite, error)

type ECCryptSuite 

type ECCryptSuite struct {
	// contains filtered or unexported fields
}

func (*ECCryptSuite) CreateCertificateRequest 

func (c *ECCryptSuite) CreateCertificateRequest(enrollmentId string, key interface{}, hosts []string) ([]byte, error)

func (*ECCryptSuite) GenerateKey 

func (c *ECCryptSuite) GenerateKey() (interface{}, error)

func (*ECCryptSuite) Hash 

func (c *ECCryptSuite) Hash(data []byte) []byte

func (*ECCryptSuite) Sign 

func (c *ECCryptSuite) Sign(msg []byte, k interface{}) ([]byte, error)

type Identity 

type Identity struct {
	Certificate *x509.Certificate
	PrivateKey  interface{}
	MspId       string
}
var ID *Identity

func Enroll 

func Enroll(ca *PalletCAClient, req CaEnrollmentRequest) (*Identity, []byte, error)

func (*Identity) GetCertByte 

func (i *Identity) GetCertByte() []byte

func (*Identity) SaveCert 

func (i *Identity) SaveCert(ca *PalletCAClient, enreq *CaEnrollmentRequest, cainfo *CAGetCertResponse) error

func (*Identity) SaveTLScert 

func (i *Identity) SaveTLScert(ca *PalletCAClient, cainfo *CAGetCertResponse) error

type PalletCAClient 

type PalletCAClient struct {
	// Uri is access point for palletone-ca server. Port number and scheme must be provided.
	// for example http://127.0.0.1:7054
	Url string
	// SkipTLSVerification define how connection must handle invalid TLC certificates.
	// if true, all verifications are skipped. This value is overwritten by Transport property, if provided
	SkipTLSVerification bool
	// Crypto is CryptSuite implementation used to sign request for palletone-ca server
	Crypto CryptoSuite
	// Transport define transport rules for communication with palletone-ca server. If nil, default Go setting will be used
	// It is responsibility of the user to provide proper TLS/certificate setting in TLS communication.
	Transport *http.Transport
	// MspId value will be added to Identity in Enrollment and ReEnrollment invocations.
	// This value is not used anywhere in CA implementation, but is need in every call to palletone and is added here
	// for convenience, because (in general case) palletoneCA is serving one MSP
	// User can overwrite this value at any time.
	MspId string

	FilePath string

	ServerInfo ServerInfo

	Admin   string
	Adminpw string
}
var CA *PalletCAClient

func InitCASDK 

func InitCASDK(configPth string, configFile string) (*PalletCAClient, error)

func NewCAClient 

func NewCAClient(path string, transport *http.Transport) (*PalletCAClient, error)

func NewCaClientFromConfig 

func NewCaClientFromConfig(conf config.CAConfig, transport *http.Transport) (*PalletCAClient, error)

func (*PalletCAClient) Enroll 

func (f *PalletCAClient) Enroll(request CaEnrollmentRequest) (*Identity, []byte, error)

Enroll execute enrollment request for registered user in FabricCA server. On success new Identity with ECert and generated csr are returned.

func (*PalletCAClient) GetCaCertificateChain 

func (f *PalletCAClient) GetCaCertificateChain(caName string) (*CAGetCertResponse, error)

GetCaCertificateChain gets root and intermediate certificates used by PalletoneCA server.

func (*PalletCAClient) GetIdentities 

func (f *PalletCAClient) GetIdentities(identity *Identity, caName string) (*CAListAllIdentitesResponse, error)

ListAllIdentities get list of all identities

func (*PalletCAClient) GetIndentity 

func (f *PalletCAClient) GetIndentity(identity *Identity, id string, caName string) (*CAGetIdentityResponse, error)

func (*PalletCAClient) Register 

func (f *PalletCAClient) Register(identity *Identity, req *CARegistrationRequest) (string, error)

Register registers new user in fabric-ca server. In registration request attributes, affiliation and max enrolments must be set. It is responsibility of the SDK user to ensure passwords are with big entropy. Identity parameter is certificate for user that makes registration and this user MUST have the role for registering new users.

func (*PalletCAClient) Revoke 

func (f *PalletCAClient) Revoke(identity *Identity, request *CARevocationRequest) (*CARevokeResult, error)

Revoke revokes ECert

type ServerInfo 

type ServerInfo struct {
	CAName string
	CACert *x509.Certificate
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.