Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Attribute ¶
Attribute defines additional attributes that may be passed along during registration
type FabricCAClient ¶
type FabricCAClient interface { CAName() string Enroll(enrollmentID string, enrollmentSecret string) (apicryptosuite.Key, []byte, error) // Reenroll to renew user's enrollment certificate Reenroll(user User) (apicryptosuite.Key, []byte, error) Register(registrar User, request *RegistrationRequest) (string, error) Revoke(registrar User, request *RevocationRequest) (*api.RevocationResponse, error) }
FabricCAClient is the client interface for fabric-ca
type RegistrationRequest ¶
type RegistrationRequest struct { // Name is the unique name of the identity Name string // Type of identity being registered (e.g. "peer, app, user") Type string // MaxEnrollments is the number of times the secret can be reused to enroll. // if omitted, this defaults to max_enrollments configured on the server MaxEnrollments int // The identity's affiliation e.g. org1.department1 Affiliation string // Optional attributes associated with this identity Attributes []Attribute // CAName is the name of the CA to connect to CAName string // Secret is an optional password. If not specified, // a random secret is generated. In both cases, the secret // is returned from registration. Secret string }
RegistrationRequest defines the attributes required to register a user with the CA
type RevocationRequest ¶
type RevocationRequest struct { // Name of the identity whose certificates should be revoked // If this field is omitted, then Serial and AKI must be specified. Name string // Serial number of the certificate to be revoked // If this is omitted, then Name must be specified Serial string // AKI (Authority Key Identifier) of the certificate to be revoked AKI string // Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp // for valid values. The default value is 0 (ocsp.Unspecified). Reason string // CAName is the name of the CA to connect to CAName string }
RevocationRequest defines the attributes required to revoke credentials with the CA
type User ¶
type User interface { Name() string Roles() []string MspID() string // ECerts EnrollmentCertificate() []byte PrivateKey() apicryptosuite.Key Identity() ([]byte, error) }
User represents users that have been enrolled and represented by an enrollment certificate (ECert) and a signing key. The ECert must have been signed by one of the CAs the blockchain network has been configured to trust. An enrolled user (having a signing key and ECert) can conduct chaincode deployments, transactions and queries with the Chain.
User ECerts can be obtained from a CA beforehand as part of deploying the application, or it can be obtained from the optional Fabric COP service via its enrollment process.
Sometimes User identities are confused with Peer identities. User identities represent signing capability because it has access to the private key, while Peer identities in the context of the application/SDK only has the certificate for verifying signatures. An application cannot use the Peer identity to sign things because the application doesn’t have access to the Peer identity’s private key.