Documentation ¶
Overview ¶
* * This file is part of go-palletone. * go-palletone is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * go-palletone is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with go-palletone. If not, see <http://www.gnu.org/licenses/>. * / * * * @author PalletOne core developer <dev@pallet.one> * * @date 2018 *
* * This file is part of go-palletone. * go-palletone is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * go-palletone is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with go-palletone. If not, see <http://www.gnu.org/licenses/>. * / * * * @author PalletOne core developer <dev@pallet.one> * * @date 2018 *
* * This file is part of go-palletone. * go-palletone is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * go-palletone is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with go-palletone. If not, see <http://www.gnu.org/licenses/>. * / * * * @author PalletOne core developer <dev@pallet.one> * * @date 2018 *
Index ¶
- func Register(ca *PalletCAClient, identity *Identity, req *CARegistrationRequest) ([]byte, error)
- func Revoke(ca *PalletCAClient, identity *Identity, req *CARevocationRequest) ([]byte, error)
- func SaveCrl(ca *PalletCAClient, request *CARevocationRequest, result *CARevokeResult) ([]byte, error)
- type BasicKeyRequest
- type CAGetCertResponse
- type CAGetIdentityResponse
- type CAListAllIdentitesResponse
- type CARegistrationRequest
- type CARevocationRequest
- type CARevokeResult
- type CSRInfo
- type CaEnrollAttribute
- type CaEnrollmentRequest
- type CaGenInfo
- func (c *CaGenInfo) EnrollAdmin() error
- func (c *CaGenInfo) Enrolluser() ([]byte, error)
- func (c *CaGenInfo) GetCaCertificateChain(caName string) (*CAGetCertResponse, error)
- func (c *CaGenInfo) GetIndentities() (*CAListAllIdentitesResponse, error)
- func (c *CaGenInfo) GetIndentity(enrollmentid, caname string) (*CAGetIdentityResponse, error)
- func (c *CaGenInfo) Revoke(enrollmentid, reason string) ([]byte, error)
- type CaIdentityResponse
- type CaRegisterAttribute
- type CaRevokeResultCertificate
- type CryptoSuite
- type ECCryptSuite
- type Identity
- type PalletCAClient
- func (f *PalletCAClient) Enroll(request CaEnrollmentRequest) (*Identity, []byte, error)
- func (f *PalletCAClient) GetCaCertificateChain(caName string) (*CAGetCertResponse, error)
- func (f *PalletCAClient) GetIdentities(identity *Identity, caName string) (*CAListAllIdentitesResponse, error)
- func (f *PalletCAClient) GetIndentity(identity *Identity, id string, caName string) (*CAGetIdentityResponse, error)
- func (f *PalletCAClient) Register(identity *Identity, req *CARegistrationRequest) (string, error)
- func (f *PalletCAClient) Revoke(identity *Identity, request *CARevocationRequest) (*CARevokeResult, error)
- type ServerInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Register ¶
func Register(ca *PalletCAClient, identity *Identity, req *CARegistrationRequest) ([]byte, error)
func Revoke ¶
func Revoke(ca *PalletCAClient, identity *Identity, req *CARevocationRequest) ([]byte, error)
func SaveCrl ¶
func SaveCrl(ca *PalletCAClient, request *CARevocationRequest, result *CARevokeResult) ([]byte, error)
Save crl
Types ¶
type BasicKeyRequest ¶
type BasicKeyRequest struct { Algo string `json:"algo" yaml:"algo"` Size int `json:"size" yaml:"size"` }
BasicKeyRequest encapsulates size and algorithm for the key to be generated
type CAGetCertResponse ¶
type CAGetCertResponse struct { // RootCertificates is list of pem encoded certificates RootCertificates []*x509.Certificate // IntermediateCertificates is list of pem encoded intermediate certificates IntermediateCertificates []*pem.Block // CAName is the name of the CA server that returns this certificates CAName string // Version is the version of server that returns this certificates Version string }
CAGetCertsResponse holds response from `GetCaCertificateChain`
func GetCertificateChain ¶
func GetCertificateChain(ca *PalletCAClient, identity *Identity, caName string) (CAGetCertResponse, error)
type CAGetIdentityResponse ¶
type CAGetIdentityResponse struct { CaIdentityResponse CAName string `json:"caname"` }
func GetIndentity ¶
func GetIndentity(ca *PalletCAClient, identity *Identity, id string, caName string) (CAGetIdentityResponse, error)
type CAListAllIdentitesResponse ¶
type CAListAllIdentitesResponse struct { CAName string `json:"caname"` Identities []CaIdentityResponse `json:"identities,omitempty"` }
func GetIndentities ¶
func GetIndentities(ca *PalletCAClient, identity *Identity) (CAListAllIdentitesResponse, error)
type CARegistrationRequest ¶
type CARegistrationRequest struct { // EnrolmentId is unique name that identifies identity EnrolmentId string `json:"id"` // Type defines type of this identity (user,client, auditor etc...) Type string `json:"type"` // Secret is password that will be used for enrollment. If not provided random password will be generated Secert string `json:"secert,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"` // MaxEnrollments define maximum number of times that identity can enroll. If not provided or is 0 there is no limit MaxEnrollments int `json:"max_enrollments,omitempty"` // Affiliation associates identity with particular organisation. Affiliation string `json:"affiliation" help:"The identity's affiliation"` // Attrs are attributes associated with this identity Attrs []CaRegisterAttribute `json:"attrs,omitempty"` // CAName is the name of the CA that should be used. CAName string `json:"caname,omitempty" skip:"true"` }
RegistrationRequest holds all data needed for new registration of new user in Certificate Authority
type CARevocationRequest ¶
type CARevocationRequest struct { EnrollmentId string `json:"id,omitempty"` Serial string `json:"serial,omitempty"` AKI string `json:"aki,omitempty"` Reason string `json:"reason,omitempty"` CAName string `json:"caname,omitempty"` // GenCRL specifies whether to generate a CRL. CRL will be returned only when AKI and Serial are provided. GenCRL bool `json:"gencrl,omitempty"` }
type CARevokeResult ¶
type CARevokeResult struct { RevokedCertificates []CaRevokeResultCertificate `json:"RevokedCerts"` CRL string `json:"CRL"` }
type CaEnrollAttribute ¶
type CaEnrollAttribute struct { // Name is the name of the attribute Name string `json:"name"` // Optional define behaviour when required attribute is not available to user. If `true` then request will continue, // but attribute will not be included in ECert. If `false` and attribute is missing, request will fail. // If false and attribute is available, request will continue and attribute will be added in ECert Optional bool `json:"optional,omitempty"` }
type CaEnrollmentRequest ¶
type CaEnrollmentRequest struct { EnrollmentId string `json:"name" skip:"true"` // Secret is the password for this identity Secret string `json:"secret,omitempty" skip:"true" mask:"password"` Profile string `json:"profile,omitempty"` //Label is used for hardware secure modules. Label string `json:"label,omitempty"` CAName string `json:"caname,omitempty" skip:"true"` // Host is the list of valid host names for this certificate. If empty default hosts will be used Hosts []string `json:"hosts"` // Attrs are the attributes that must be included in ECert. This is subset of the attributes used in registration. Attrs []CaEnrollAttribute `json:"attr_reqs,omitempty"` // CSR is Certificate Signing Request info CSR *CSRInfo `json:"csr,omitempty" help:"Certificate Signing Request info"` }
CaEnrollmentRequest holds data needed for getting ECert (enrollment) from CA server
type CaGenInfo ¶
type CaGenInfo struct { EnrolmentId string `json:"enrolmentid"` Name string `json:"name"` Data string `json:"data"` ECert bool `json:"ecert"` Type string `json:"type"` Affiliation string `json:"affiliation"` }
func NewCaGenInfo ¶
func (*CaGenInfo) EnrollAdmin ¶
You must register your administrator certificate first
func (*CaGenInfo) Enrolluser ¶
func (*CaGenInfo) GetCaCertificateChain ¶
func (c *CaGenInfo) GetCaCertificateChain(caName string) (*CAGetCertResponse, error)
func (*CaGenInfo) GetIndentities ¶
func (c *CaGenInfo) GetIndentities() (*CAListAllIdentitesResponse, error)
func (*CaGenInfo) GetIndentity ¶
func (c *CaGenInfo) GetIndentity(enrollmentid, caname string) (*CAGetIdentityResponse, error)
type CaIdentityResponse ¶
type CaIdentityResponse struct { ID string `json:"id"` Type string `json:"type"` Affiliation string `json:"affiliation"` Attributes []CaRegisterAttribute `json:"attrs" mapstructure:"attrs"` MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` }
type CaRegisterAttribute ¶
type CaRegisterAttribute struct { // Name is the name of the attribute. Name string `json:"name"` // Value is the value of the attribute. Can be empty string Value string `json:"value"` // ECert define how this attribute will be included in ECert. If this value is true this attribute will be // added to ECert automatically on Enrollment if no attributes are requested on Enrollment request. // ECert : certificate of registration ECert bool `json:"ecert,omitempty"` }
CaRegisterAttribute holds user attribute used for registration for example user may have attr `accountType` with value `premium` this attributes can be accessed in chainCode and build business logic on top of them
type CaRevokeResultCertificate ¶
CaRevokeResultCertificate identify revoked certificate
type CryptoSuite ¶
type CryptoSuite interface { // GenerateKey returns PrivateKey. GenerateKey() (interface{}, error) // CreateCertificateRequest will create CSR request. It takes enrolmentId and Private key CreateCertificateRequest(enrollmentId string, key interface{}, hosts []string) ([]byte, error) // Sign signs message. It takes message to sign and Private key Sign(msg []byte, k interface{}) ([]byte, error) // Hash computes Hash value of provided data. Hash function will be different in different crypto implementations. Hash(data []byte) []byte }
CryptSuite defines common interface for different crypto implementations.
func NewECCryptoSuiteFromConfig ¶
func NewECCryptoSuiteFromConfig(conf config.CryptoConfig) (CryptoSuite, error)
type ECCryptSuite ¶
type ECCryptSuite struct {
// contains filtered or unexported fields
}
func (*ECCryptSuite) CreateCertificateRequest ¶
func (c *ECCryptSuite) CreateCertificateRequest(enrollmentId string, key interface{}, hosts []string) ([]byte, error)
func (*ECCryptSuite) GenerateKey ¶
func (c *ECCryptSuite) GenerateKey() (interface{}, error)
func (*ECCryptSuite) Hash ¶
func (c *ECCryptSuite) Hash(data []byte) []byte
type Identity ¶
type Identity struct { Certificate *x509.Certificate PrivateKey interface{} MspId string }
var ID *Identity
func Enroll ¶
func Enroll(ca *PalletCAClient, req CaEnrollmentRequest) (*Identity, []byte, error)
func (*Identity) GetCertByte ¶
func (*Identity) SaveCert ¶
func (i *Identity) SaveCert(ca *PalletCAClient, enreq *CaEnrollmentRequest, cainfo *CAGetCertResponse) error
func (*Identity) SaveTLScert ¶
func (i *Identity) SaveTLScert(ca *PalletCAClient, cainfo *CAGetCertResponse) error
type PalletCAClient ¶
type PalletCAClient struct { // Uri is access point for palletone-ca server. Port number and scheme must be provided. // for example http://127.0.0.1:7054 Url string // SkipTLSVerification define how connection must handle invalid TLC certificates. // if true, all verifications are skipped. This value is overwritten by Transport property, if provided SkipTLSVerification bool // Crypto is CryptSuite implementation used to sign request for palletone-ca server Crypto CryptoSuite // Transport define transport rules for communication with palletone-ca server. If nil, default Go setting will be used // It is responsibility of the user to provide proper TLS/certificate setting in TLS communication. Transport *http.Transport // MspId value will be added to Identity in Enrollment and ReEnrollment invocations. // This value is not used anywhere in CA implementation, but is need in every call to palletone and is added here // for convenience, because (in general case) palletoneCA is serving one MSP // User can overwrite this value at any time. MspId string FilePath string ServerInfo ServerInfo Admin string Adminpw string }
var CA *PalletCAClient
func NewCAClient ¶
func NewCAClient(path string, transport *http.Transport) (*PalletCAClient, error)
func NewCaClientFromConfig ¶
func (*PalletCAClient) Enroll ¶
func (f *PalletCAClient) Enroll(request CaEnrollmentRequest) (*Identity, []byte, error)
Enroll execute enrollment request for registered user in FabricCA server. On success new Identity with ECert and generated csr are returned.
func (*PalletCAClient) GetCaCertificateChain ¶
func (f *PalletCAClient) GetCaCertificateChain(caName string) (*CAGetCertResponse, error)
GetCaCertificateChain gets root and intermediate certificates used by PalletoneCA server.
func (*PalletCAClient) GetIdentities ¶
func (f *PalletCAClient) GetIdentities(identity *Identity, caName string) (*CAListAllIdentitesResponse, error)
ListAllIdentities get list of all identities
func (*PalletCAClient) GetIndentity ¶
func (f *PalletCAClient) GetIndentity(identity *Identity, id string, caName string) (*CAGetIdentityResponse, error)
func (*PalletCAClient) Register ¶
func (f *PalletCAClient) Register(identity *Identity, req *CARegistrationRequest) (string, error)
Register registers new user in fabric-ca server. In registration request attributes, affiliation and max enrolments must be set. It is responsibility of the SDK user to ensure passwords are with big entropy. Identity parameter is certificate for user that makes registration and this user MUST have the role for registering new users.
func (*PalletCAClient) Revoke ¶
func (f *PalletCAClient) Revoke(identity *Identity, request *CARevocationRequest) (*CARevokeResult, error)
Revoke revokes ECert
type ServerInfo ¶
type ServerInfo struct { CAName string CACert *x509.Certificate }