Documentation
¶
Index ¶
- Constants
- type AddAffiliationRequest
- type AddAffiliationRequestNet
- type AddIdentityRequest
- type AddIdentityRequestNet
- type AffiliationInfo
- type AffiliationResponse
- type Attribute
- type AttributeRequest
- type CAInfoResponseNet
- type CSRInfo
- type CertificateResponse
- type EnrollmentRequest
- type EnrollmentRequestNet
- type EnrollmentResponseNet
- type GenCRLRequest
- type GenCRLResponse
- type GetAllIDsResponse
- type GetCAInfoRequest
- type GetCRIRequest
- type GetCRIResponse
- type GetCertificatesRequest
- type GetCertificatesRequestNet
- type GetIDResponse
- type IdemixEnrollmentResponseNet
- type IdentityInfo
- type IdentityResponse
- type KeyRequest
- type KeySig
- type ModifyAffiliationRequest
- type ModifyAffiliationRequestNet
- type ModifyIdentityRequest
- type ModifyIdentityRequestNet
- type ReenrollmentRequest
- type ReenrollmentRequestNet
- type RegistrationRequest
- type RegistrationRequestNet
- type RegistrationResponse
- type RegistrationResponseNet
- type RemoveAffiliationRequest
- type RemoveIdentityRequest
- type RevocationRequest
- type RevocationRequestNet
- type RevocationResponse
- type RevokedCert
- type TimeRange
Constants ¶
const (
// IdemixTokenVersion1 represents version 1 of the authorization token created using Idemix credential
IdemixTokenVersion1 = "1"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddAffiliationRequest ¶
type AddAffiliationRequest struct {
Name string `json:"name"`
Force bool `json:"force"`
CAName string `json:"caname,omitempty"`
}
AddAffiliationRequest represents the request to add a new affiliation to the fabric-ca-server
type AddAffiliationRequestNet ¶
type AddAffiliationRequestNet struct {
AddAffiliationRequest
}
AddAffiliationRequestNet is a network request for adding a new affiliation
type AddIdentityRequest ¶
type AddIdentityRequest struct {
ID string `json:"id" skip:"true"`
Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"`
Affiliation string `json:"affiliation" help:"The identity's affiliation"`
Attributes []Attribute `json:"attrs" mapstructure:"attrs" `
MaxEnrollments int `` /* 153-byte string literal not displayed */
// Secret is an optional password. If not specified,
// a random secret is generated. In both cases, the secret
// is returned in the RegistrationResponse.
Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being added"`
CAName string `json:"caname,omitempty" skip:"true"`
}
AddIdentityRequest represents the request to add a new identity to the fabric-ca-server
type AddIdentityRequestNet ¶
type AddIdentityRequestNet struct {
AddIdentityRequest
}
AddIdentityRequestNet is a network request for adding a new identity
type AffiliationInfo ¶
type AffiliationInfo struct {
Name string `json:"name"`
Affiliations []AffiliationInfo `json:"affiliations,omitempty"`
Identities []IdentityInfo `json:"identities,omitempty"`
}
AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.
type AffiliationResponse ¶
type AffiliationResponse struct {
AffiliationInfo `mapstructure:",squash"`
CAName string `json:"caname,omitempty"`
}
AffiliationResponse contains the response for get, add, modify, and remove an affiliation
type Attribute ¶
type Attribute struct {
Name string `json:"name"`
Value string `json:"value"`
ECert bool `json:"ecert,omitempty"`
}
Attribute is a name and value pair
type AttributeRequest ¶
type AttributeRequest struct {
Name string `json:"name"`
Optional bool `json:"optional,omitempty"`
}
AttributeRequest is a request for an attribute. This implements the certmgr/AttributeRequest interface.
func (*AttributeRequest) GetName ¶
func (ar *AttributeRequest) GetName() string
GetName returns the name of an attribute being requested
func (*AttributeRequest) IsRequired ¶
func (ar *AttributeRequest) IsRequired() bool
IsRequired returns true if the attribute being requested is required
type CAInfoResponseNet ¶
type CAInfoResponseNet struct {
// CAName is a unique name associated with fabric-ca-server's CA
CAName string
// Base64 encoding of PEM-encoded certificate chain
CAChain string
// Base64 encoding of Idemix issuer public key
IssuerPublicKey string
// Base64 encoding of PEM-encoded Idemix issuer revocation public key
IssuerRevocationPublicKey string
// Version of the server
Version string
}
CAInfoResponseNet is the response to the GET /info request
type CSRInfo ¶
type CSRInfo struct {
CN string `json:"CN"`
Names []csr.Name `json:"names,omitempty"`
Hosts []string `json:"hosts,omitempty"`
KeyRequest *KeyRequest `json:"key,omitempty"`
CA *csr.CAConfig `json:"ca,omitempty" hide:"true"`
SerialNumber string `json:"serial_number,omitempty"`
}
CSRInfo is Certificate Signing Request (CSR) Information
type CertificateResponse ¶
type CertificateResponse struct {
Certs []string `json:"certs"`
}
CertificateResponse contains the response from Get or Delete certificate request.
type EnrollmentRequest ¶
type EnrollmentRequest struct {
// The identity name to enroll
Name string `json:"name" skip:"true"`
// The secret returned via Register
Secret string `json:"secret,omitempty" skip:"true" mask:"password"`
// CAName is the name of the CA to connect to
CAName string `json:"caname,omitempty" skip:"true"`
// AttrReqs are requests for attributes to add to the certificate.
// Each attribute is added only if the requestor owns the attribute.
AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
// Profile is the name of the signing profile to use in issuing the X509 certificate
Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"`
// Label is the label to use in HSM operations
Label string `json:"label,omitempty" help:"Label to use in HSM operations"`
// CSR is Certificate Signing Request info
CSR *CSRInfo `json:"csr,omitempty" skip:"true"` // Skipping this because we pull the CSR from the CSR flags
// The type of the enrollment request: x509 or idemix
// The default is a request for an X509 enrollment certificate
Type string `def:"x509" help:"The type of enrollment request: 'x509' or 'idemix'"`
}
EnrollmentRequest is a request to enroll an identity
func (EnrollmentRequest) String ¶
func (er EnrollmentRequest) String() string
type EnrollmentRequestNet ¶
type EnrollmentRequestNet struct {
signer.SignRequest
CAName string
AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
}
EnrollmentRequestNet is a request to enroll an identity
type EnrollmentResponseNet ¶
type EnrollmentResponseNet struct {
// Base64 encoded PEM-encoded ECert
Cert string
// The server information
ServerInfo CAInfoResponseNet
}
EnrollmentResponseNet is the response to the /enroll request
type GenCRLRequest ¶
type GenCRLRequest struct {
CAName string `json:"caname,omitempty" skip:"true"`
RevokedAfter time.Time `json:"revokedafter,omitempty"`
RevokedBefore time.Time `json:"revokedbefore,omitempty"`
ExpireAfter time.Time `json:"expireafter,omitempty"`
ExpireBefore time.Time `json:"expirebefore,omitempty"`
}
GenCRLRequest represents a request to get CRL for the specified certificate authority
type GenCRLResponse ¶
type GenCRLResponse struct {
// CRL is PEM-encoded certificate revocation list (CRL) that contains requested unexpired revoked certificates
CRL []byte
}
GenCRLResponse represents a response to get CRL
type GetAllIDsResponse ¶
type GetAllIDsResponse struct {
Identities []IdentityInfo `json:"identities"`
CAName string `json:"caname,omitempty"`
}
GetAllIDsResponse is the response from the GetAllIdentities call
type GetCAInfoRequest ¶
type GetCAInfoRequest struct {
CAName string `json:"caname,omitempty" skip:"true"`
}
GetCAInfoRequest is request to get generic CA information
type GetCRIRequest ¶
type GetCRIRequest struct {
CAName string `json:"caname,omitempty" skip:"true"`
}
GetCRIRequest is a request to send to server to get Idemix credential revocation information
type GetCRIResponse ¶
type GetCRIResponse struct {
// CRI is base64 encoded proto bytes of idemix.CredentialRevocationInformation
CRI string
}
GetCRIResponse is the response from the server for get CRI request
type GetCertificatesRequest ¶
type GetCertificatesRequest struct {
ID string `skip:"true"` // Get certificates for this enrollment ID
AKI string `help:"Get certificates for this AKI"` // Get certificate that matches this AKI
Serial string `help:"Get certificates for this serial number"` // Get certificate that matches this serial
Revoked TimeRange `skip:"true"` // Get certificates which were revoked between the specified time range
Expired TimeRange `skip:"true"` // Get certificates which expire between the specified time range
NotExpired bool `help:"Don't return expired certificates"` // Don't return expired certificates
NotRevoked bool `help:"Don't return revoked certificates"` // Don't return revoked certificates
CAName string `skip:"true"` // Name of CA to send request to within the server
}
GetCertificatesRequest represents the request to get certificates from the server per the enrollment ID and/or AKI and Serial. If neither ID or AKI/Serial are provided all certificates are returned which are in or under the caller's affiliation. By default all certificates are returned. However, only revoked and/or expired certificates can be requested by providing a time range.
type GetCertificatesRequestNet ¶
type GetCertificatesRequestNet struct {
GetCertificatesRequest
}
GetCertificatesRequestNet is a network request for getting certificates
type GetIDResponse ¶
type GetIDResponse struct {
ID string `json:"id" skip:"true"`
Type string `json:"type" def:"user"`
Affiliation string `json:"affiliation"`
Attributes []Attribute `json:"attrs" mapstructure:"attrs" `
MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"`
CAName string `json:"caname,omitempty"`
}
GetIDResponse is the response from the GetIdentity call
type IdemixEnrollmentResponseNet ¶
type IdemixEnrollmentResponseNet struct {
// Base64 encoding of proto bytes of idemix.Credential
Credential string
// Attribute name-value pairs
Attrs map[string]interface{}
// Base64 encoding of proto bytes of idemix.CredentialRevocationInformation
CRI string
// Base64 encoding of the issuer nonce
Nonce string
// The CA information
CAInfo CAInfoResponseNet
}
IdemixEnrollmentResponseNet is the response to the /idemix/credential request
type IdentityInfo ¶
type IdentityInfo struct {
ID string `json:"id"`
Type string `json:"type"`
Affiliation string `json:"affiliation"`
Attributes []Attribute `json:"attrs" mapstructure:"attrs"`
MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"`
}
IdentityInfo contains information about an identity
type IdentityResponse ¶
type IdentityResponse struct {
ID string `json:"id" skip:"true"`
Type string `json:"type,omitempty"`
Affiliation string `json:"affiliation"`
Attributes []Attribute `json:"attrs,omitempty" mapstructure:"attrs"`
MaxEnrollments int `json:"max_enrollments,omitempty" mapstructure:"max_enrollments"`
Secret string `json:"secret,omitempty"`
CAName string `json:"caname,omitempty"`
}
IdentityResponse is the response from the any add/modify/remove identity call
type KeyRequest ¶
type KeyRequest struct {
Algo string `json:"algo" yaml:"algo" help:"Specify key algorithm"`
Size int `json:"size" yaml:"size" help:"Specify key size"`
}
KeyRequest encapsulates size and algorithm for the key to be generated
func NewKeyRequest ¶
func NewKeyRequest() *KeyRequest
NewKeyRequest returns the KeyRequest object that is constructed from the object returned by the csr.NewKeyRequest() function
type KeySig ¶
type KeySig struct {
// Key is a public key
Key []byte `json:"key"`
// Sig is a signature over the PublicKey
Sig []byte `json:"sig"`
// Alg is the signature algorithm
Alg string `json:"alg"`
}
KeySig is a public key, signature, and signature algorithm tuple
type ModifyAffiliationRequest ¶
type ModifyAffiliationRequest struct {
Name string
NewName string `json:"name"`
Force bool `json:"force"`
CAName string `json:"caname,omitempty"`
}
ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server
type ModifyAffiliationRequestNet ¶
type ModifyAffiliationRequestNet struct {
ModifyAffiliationRequest
}
ModifyAffiliationRequestNet is a network request for modifying an existing affiliation
type ModifyIdentityRequest ¶
type ModifyIdentityRequest struct {
ID string `skip:"true"`
Type string `json:"type" help:"Type of identity being registered (e.g. 'peer, app, user')"`
Affiliation string `json:"affiliation" help:"The identity's affiliation"`
Attributes []Attribute `mapstructure:"attrs" json:"attrs"`
MaxEnrollments int `mapstructure:"max_enrollments" json:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll"`
Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity"`
CAName string `json:"caname,omitempty" skip:"true"`
}
ModifyIdentityRequest represents the request to modify an existing identity on the fabric-ca-server
type ModifyIdentityRequestNet ¶
type ModifyIdentityRequestNet struct {
ModifyIdentityRequest
}
ModifyIdentityRequestNet is a network request for modifying an existing identity
type ReenrollmentRequest ¶
type ReenrollmentRequest struct {
// Profile is the name of the signing profile to use in issuing the certificate
Profile string `json:"profile,omitempty"`
// Label is the label to use in HSM operations
Label string `json:"label,omitempty"`
// CSR is Certificate Signing Request info
CSR *CSRInfo `json:"csr,omitempty"`
// CAName is the name of the CA to connect to
CAName string `json:"caname,omitempty" skip:"true"`
// AttrReqs are requests for attributes to add to the certificate.
// Each attribute is added only if the requestor owns the attribute.
AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
}
ReenrollmentRequest is a request to reenroll an identity. This is useful to renew a certificate before it has expired.
type ReenrollmentRequestNet ¶
type ReenrollmentRequestNet struct {
signer.SignRequest
CAName string
AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
}
ReenrollmentRequestNet is a request to reenroll an identity. This is useful to renew a certificate before it has expired.
type RegistrationRequest ¶
type RegistrationRequest struct {
// Name is the unique name of the identity
Name string `json:"id" help:"Unique name of the identity"`
// Type of identity being registered (e.g. "peer, app, user")
Type string `json:"type" def:"client" help:"Type of identity being registered (e.g. 'peer, app, user')"`
// Secret is an optional password. If not specified,
// a random secret is generated. In both cases, the secret
// is returned in the RegistrationResponse.
Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"`
// MaxEnrollments is the maximum number of times the secret can
// be reused to enroll.
MaxEnrollments int `` /* 132-byte string literal not displayed */
// is returned in the response.
// The identity's affiliation.
// For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1".
Affiliation string `json:"affiliation" help:"The identity's affiliation"`
// Attributes associated with this identity
Attributes []Attribute `json:"attrs,omitempty"`
// CAName is the name of the CA to connect to
CAName string `json:"caname,omitempty" skip:"true"`
}
RegistrationRequest for a new identity
func (*RegistrationRequest) String ¶
func (rr *RegistrationRequest) String() string
type RegistrationRequestNet ¶
type RegistrationRequestNet struct {
RegistrationRequest
}
RegistrationRequestNet is the registration request for a new identity
type RegistrationResponse ¶
type RegistrationResponse struct {
// The secret returned from a successful registration response
Secret string `json:"secret"`
}
RegistrationResponse is a registration response
type RegistrationResponseNet ¶
type RegistrationResponseNet struct {
RegistrationResponse
}
RegistrationResponseNet is a registration response
type RemoveAffiliationRequest ¶
type RemoveAffiliationRequest struct {
Name string
Force bool `json:"force"`
CAName string `json:"caname,omitempty"`
}
RemoveAffiliationRequest represents the request to remove an existing affiliation from the fabric-ca-server
type RemoveIdentityRequest ¶
type RemoveIdentityRequest struct {
ID string `skip:"true"`
Force bool `json:"force"`
CAName string `json:"caname,omitempty" skip:"true"`
}
RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server
type RevocationRequest ¶
type RevocationRequest struct {
// Name of the identity whose certificates should be revoked
// If this field is omitted, then Serial and AKI must be specified.
Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"`
// Serial number of the certificate to be revoked
// If this is omitted, then Name must be specified
Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"`
// AKI (Authority Key Identifier) of the certificate to be revoked
AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"`
// Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for
// valid values. The default value is 0 (ocsp.Unspecified).
Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"`
// CAName is the name of the CA to connect to
CAName string `json:"caname,omitempty" skip:"true"`
// GenCRL specifies whether to generate a CRL
GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"`
}
RevocationRequest is a revocation request for a single certificate or all certificates associated with an identity. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.
type RevocationRequestNet ¶
type RevocationRequestNet struct {
RevocationRequest
}
RevocationRequestNet is a revocation request which flows over the network to the fabric-ca server. To revoke a single certificate, both the Serial and AKI fields must be set; otherwise, to revoke all certificates and the identity associated with an enrollment ID, the Name field must be set to an existing enrollment ID. A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute.
type RevocationResponse ¶
type RevocationResponse struct {
// RevokedCerts is an array of certificates that were revoked
RevokedCerts []RevokedCert
// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
CRL []byte
}
RevocationResponse represents response from the server for a revocation request
type RevokedCert ¶
type RevokedCert struct {
// Serial number of the revoked certificate
Serial string
// AKI of the revoked certificate
AKI string
}
RevokedCert represents a revoked certificate
Source Files