/
ca.go
197 lines (160 loc) · 5.41 KB
/
ca.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
/*
Copyright SecureKey Technologies Inc. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package msp
// AttributeRequest is a request for an attribute.
type AttributeRequest struct {
Name string
Optional bool
}
// RegistrationRequest defines the attributes required to register a user with the CA
type RegistrationRequest struct {
// Name is the unique name of the identity
Name string
// Type of identity being registered (e.g. "peer, app, user")
Type string
// MaxEnrollments is the number of times the secret can be reused to enroll.
// if omitted, this defaults to max_enrollments configured on the server
MaxEnrollments int
// The identity's affiliation e.g. org1.department1
Affiliation string
// Optional attributes associated with this identity
Attributes []Attribute
// CAName is the name of the CA to connect to
CAName string
// Secret is an optional password. If not specified,
// a random secret is generated. In both cases, the secret
// is returned from registration.
Secret string
}
// Attribute defines additional attributes that may be passed along during registration
type Attribute struct {
Name string
Value string
ECert bool
}
// RevocationRequest defines the attributes required to revoke credentials with the CA
type RevocationRequest struct {
// Name of the identity whose certificates should be revoked
// If this field is omitted, then Serial and AKI must be specified.
Name string
// Serial number of the certificate to be revoked
// If this is omitted, then Name must be specified
Serial string
// AKI (Authority Key Identifier) of the certificate to be revoked
AKI string
// Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp
// for valid values. The default value is 0 (ocsp.Unspecified).
Reason string
// CAName is the name of the CA to connect to
CAName string
}
// RevocationResponse represents response from the server for a revocation request
type RevocationResponse struct {
// RevokedCerts is an array of certificates that were revoked
RevokedCerts []RevokedCert
// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
CRL []byte
}
// RevokedCert represents a revoked certificate
type RevokedCert struct {
// Serial number of the revoked certificate
Serial string
// AKI of the revoked certificate
AKI string
}
// IdentityRequest represents the request to add/update identity to the fabric-ca-server
type IdentityRequest struct {
// The enrollment ID which uniquely identifies an identity (required)
ID string
// The identity's affiliation (required)
Affiliation string
// Array of attributes to assign to the user
Attributes []Attribute
// Type of identity being registered (e.g. 'peer, app, user'). Default is 'user'.
Type string
// The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
MaxEnrollments int
// The enrollment secret. If not provided, a random secret is generated.
Secret string
// Name of the CA to send the request to within the Fabric CA server (optional)
CAName string
}
// IdentityResponse is the response from the any read/add/modify/remove identity call
type IdentityResponse struct {
// The enrollment ID which uniquely identifies an identity
ID string
// The identity's affiliation
Affiliation string
// Array of attributes assigned to the user
Attributes []Attribute
// Type of identity (e.g. 'peer, app, user')
Type string
// The maximum number of times the secret can be reused to enroll
MaxEnrollments int
// The enrollment secret
Secret string
// Name of the CA
CAName string
}
// RemoveIdentityRequest represents the request to remove an existing identity from the
// fabric-ca-server
type RemoveIdentityRequest struct {
// The enrollment ID which uniquely identifies an identity
ID string
// Force delete
Force bool
// Name of the CA
CAName string
}
// AffiliationRequest represents the request to add/remove affiliation to the fabric-ca-server
type AffiliationRequest struct {
// Name of the affiliation
Name string
// Creates parent affiliations if they do not exist
Force bool
// Name of the CA
CAName string
}
// ModifyAffiliationRequest represents the request to modify an existing affiliation on the
// fabric-ca-server
type ModifyAffiliationRequest struct {
AffiliationRequest
// New name of the affiliation
NewName string
}
// AffiliationResponse contains the response for get, add, modify, and remove an affiliation
type AffiliationResponse struct {
AffiliationInfo
CAName string
}
// AffiliationInfo contains the affiliation name, child affiliation info, and identities
// associated with this affiliation.
type AffiliationInfo struct {
Name string
Affiliations []AffiliationInfo
Identities []IdentityInfo
}
// IdentityInfo contains information about an identity
type IdentityInfo struct {
ID string
Type string
Affiliation string
Attributes []Attribute
MaxEnrollments int
}
// GetCAInfoResponse is the response from the GetCAInfo call
type GetCAInfoResponse struct {
// CAName is the name of the CA
CAName string
// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
// The 1st element of the chain is the root CA cert
CAChain []byte
// Idemix issuer public key of the CA
IssuerPublicKey []byte
// Idemix issuer revocation public key of the CA
IssuerRevocationPublicKey []byte
// Version of the server
Version string
}