fabric-sdk-go: github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/msp Index | Files | Directories

package msp

import "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/msp"


Package Files

cert.go configbuilder.go factory.go identities.go msp.go mspimpl.go mspimplsetup.go mspimplvalidate.go mspmgrimpl.go


const (
    IdemixConfigDirMsp                  = "msp"
    IdemixConfigDirUser                 = "user"
    IdemixConfigFileIssuerPublicKey     = "IssuerPublicKey"
    IdemixConfigFileRevocationPublicKey = "RevocationPublicKey"
    IdemixConfigFileSigner              = "SignerConfig"
const (
    MSPv1_0 = iota


var Options = map[string]NewOpts{
    ProviderTypeToString(FABRIC): &BCCSPNewOpts{NewBaseOpts: NewBaseOpts{Version: MSPv1_4_3}},
    ProviderTypeToString(IDEMIX): &IdemixNewOpts{NewBaseOpts: NewBaseOpts{Version: MSPv1_1}},

func GetVerifyingMspConfig Uses

func GetVerifyingMspConfig(dir, ID, mspType string) (*msp.MSPConfig, error)

GetVerifyingMspConfig returns an MSP config given directory, ID and type

func ProviderTypeToString Uses

func ProviderTypeToString(id ProviderType) string

ProviderTypeToString returns a string that represents the ProviderType integer

type BCCSPNewOpts Uses

type BCCSPNewOpts struct {

BCCSPNewOpts contains the options to instantiate a new BCCSP-based (X509) MSP

type Configuration Uses

type Configuration struct {
    // OrganizationalUnitIdentifiers is a list of OUs. If this is set, the MSP
    // will consider an identity valid only it contains at least one of these OUs
    OrganizationalUnitIdentifiers []*OrganizationalUnitIdentifiersConfiguration `yaml:"OrganizationalUnitIdentifiers,omitempty"`
    // NodeOUs enables the MSP to tell apart clients, peers and orderers based
    // on the identity's OU.
    NodeOUs *NodeOUs `yaml:"NodeOUs,omitempty"`

Configuration represents the accessory configuration an MSP can be equipped with. By default, this configuration is stored in a yaml file

type IdemixNewOpts Uses

type IdemixNewOpts struct {

IdemixNewOpts contains the options to instantiate a new Idemix-based MSP

type Identity Uses

type Identity interface {

    // ExpiresAt returns the time at which the Identity expires.
    // If the returned time is the zero value, it implies
    // the Identity does not expire, or that its expiration
    // time is unknown
    ExpiresAt() time.Time

    // GetIdentifier returns the identifier of that identity
    GetIdentifier() *IdentityIdentifier

    // GetMSPIdentifier returns the MSP Id for this instance
    GetMSPIdentifier() string

    // Validate uses the rules that govern this identity to validate it.
    // E.g., if it is a fabric TCert implemented as identity, validate
    // will check the TCert signature against the assumed root certificate
    // authority.
    Validate() error

    // GetOrganizationalUnits returns zero or more organization units or
    // divisions this identity is related to as long as this is public
    // information. Certain MSP implementations may use attributes
    // that are publicly associated to this identity, or the identifier of
    // the root certificate authority that has provided signatures on this
    // certificate.
    // Examples:
    //  - if the identity is an x.509 certificate, this function returns one
    //    or more string which is encoded in the Subject's Distinguished Name
    //    of the type OU
    // TODO: For X.509 based identities, check if we need a dedicated type
    //       for OU where the Certificate OU is properly namespaced by the
    //       signer's identity
    GetOrganizationalUnits() []*OUIdentifier

    // Anonymous returns true if this is an anonymous identity, false otherwise
    Anonymous() bool

    // Verify a signature over some message using this identity as reference
    Verify(msg []byte, sig []byte) error

    // Serialize converts an identity to bytes
    Serialize() ([]byte, error)

    // SatisfiesPrincipal checks whether this instance matches
    // the description supplied in MSPPrincipal. The check may
    // involve a byte-by-byte comparison (if the principal is
    // a serialized identity) or may require MSP validation
    SatisfiesPrincipal(principal *msp.MSPPrincipal) error

Identity interface defining operations associated to a "certificate". That is, the public part of the identity could be thought to be a certificate, and offers solely signature verification capabilities. This is to be used at the peer side when verifying certificates that transactions are signed with, and verifying signatures that correspond to these certificates.///

type IdentityDeserializer Uses

type IdentityDeserializer interface {
    // DeserializeIdentity deserializes an identity.
    // Deserialization will fail if the identity is associated to
    // an msp that is different from this one that is performing
    // the deserialization.
    DeserializeIdentity(serializedIdentity []byte) (Identity, error)

    // IsWellFormed checks if the given identity can be deserialized into its provider-specific form
    IsWellFormed(identity *msp.SerializedIdentity) error

IdentityDeserializer is implemented by both MSPManger and MSP

type IdentityIdentifier Uses

type IdentityIdentifier struct {

    // The identifier of the associated membership service provider
    Mspid string

    // The identifier for an identity within a provider
    Id  string

IdentityIdentifier is a holder for the identifier of a specific identity, naturally namespaced, by its provider identifier.

type MSP Uses

type MSP interface {

    // IdentityDeserializer interface needs to be implemented by MSP

    // Setup the MSP instance according to configuration information
    Setup(config *msp.MSPConfig) error

    // GetVersion returns the version of this MSP
    GetVersion() MSPVersion

    // GetType returns the provider type
    GetType() ProviderType

    // GetIdentifier returns the provider identifier
    GetIdentifier() (string, error)

    // GetSigningIdentity returns a signing identity corresponding to the provided identifier
    GetSigningIdentity(identifier *IdentityIdentifier) (SigningIdentity, error)

    // GetDefaultSigningIdentity returns the default signing identity
    GetDefaultSigningIdentity() (SigningIdentity, error)

    // GetTLSRootCerts returns the TLS root certificates for this MSP
    GetTLSRootCerts() [][]byte

    // GetTLSIntermediateCerts returns the TLS intermediate root certificates for this MSP
    GetTLSIntermediateCerts() [][]byte

    // Validate checks whether the supplied identity is valid
    Validate(id Identity) error

    // SatisfiesPrincipal checks whether the identity matches
    // the description supplied in MSPPrincipal. The check may
    // involve a byte-by-byte comparison (if the principal is
    // a serialized identity) or may require MSP validation
    SatisfiesPrincipal(id Identity, principal *msp.MSPPrincipal) error

MSP is the minimal Membership Service Provider Interface to be implemented to accommodate peer functionality

func New Uses

func New(opts NewOpts, cryptoProvider core.CryptoSuite) (MSP, error)

New create a new MSP instance depending on the passed Opts

type MSPManager Uses

type MSPManager interface {

    // IdentityDeserializer interface needs to be implemented by MSPManager

    // Setup the MSP manager instance according to configuration information
    Setup(msps []MSP) error

    // GetMSPs Provides a list of Membership Service providers
    GetMSPs() (map[string]MSP, error)

MSPManager is an interface defining a manager of one or more MSPs. This essentially acts as a mediator to MSP calls and routes MSP related calls to the appropriate MSP. This object is immutable, it is initialized once and never changed.

func NewMSPManager Uses

func NewMSPManager() MSPManager

NewMSPManager returns a new MSP manager instance; note that this instance is not initialized until the Setup method is called

type MSPVersion Uses

type MSPVersion int

type NewBaseOpts Uses

type NewBaseOpts struct {
    Version MSPVersion

NewBaseOpts is the default base type for all MSP instantiation Opts

func (*NewBaseOpts) GetVersion Uses

func (o *NewBaseOpts) GetVersion() MSPVersion

type NewOpts Uses

type NewOpts interface {
    // GetVersion returns the MSP's version to be instantiated
    GetVersion() MSPVersion

NewOpts represent

type NodeOUs Uses

type NodeOUs struct {
    // Enable activates the OU enforcement
    Enable bool `yaml:"Enable,omitempty"`
    // ClientOUIdentifier specifies how to recognize clients by OU
    ClientOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"ClientOUIdentifier,omitempty"`
    // PeerOUIdentifier specifies how to recognize peers by OU
    PeerOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"PeerOUIdentifier,omitempty"`
    // AdminOUIdentifier specifies how to recognize admins by OU
    AdminOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"AdminOUIdentifier,omitempty"`
    // OrdererOUIdentifier specifies how to recognize admins by OU
    OrdererOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"OrdererOUIdentifier,omitempty"`

NodeOUs contains information on how to tell apart clients, peers and orderers based on OUs. If the check is enforced, by setting Enabled to true, the MSP will consider an identity valid if it is an identity of a client, a peer or an orderer. An identity should have only one of these special OUs.

type OUIDs Uses

type OUIDs []*OUIdentifier

func (OUIDs) String Uses

func (o OUIDs) String() string

type OUIdentifier Uses

type OUIdentifier struct {
    // CertifiersIdentifier is the hash of certificates chain of trust
    // related to this organizational unit
    CertifiersIdentifier []byte
    // OrganizationUnitIdentifier defines the organizational unit under the
    // MSP identified with MSPIdentifier
    OrganizationalUnitIdentifier string

OUIdentifier represents an organizational unit and its related chain of trust identifier.

type OrganizationalUnitIdentifiersConfiguration Uses

type OrganizationalUnitIdentifiersConfiguration struct {
    // Certificate is the path to a root or intermediate certificate
    Certificate string `yaml:"Certificate,omitempty"`
    // OrganizationalUnitIdentifier is the name of the OU
    OrganizationalUnitIdentifier string `yaml:"OrganizationalUnitIdentifier,omitempty"`

OrganizationalUnitIdentifiersConfiguration is used to represent an OU and an associated trusted certificate

type ProviderType Uses

type ProviderType int

ProviderType indicates the type of an identity provider

const (
    FABRIC ProviderType = iota // MSP is of FABRIC type
    IDEMIX                     // MSP is of IDEMIX type
    OTHER                      // MSP is of OTHER TYPE


The ProviderType of a member relative to the member API

type SigningIdentity Uses

type SigningIdentity interface {

    // Extends Identity

    // Sign the message
    Sign(msg []byte) ([]byte, error)

    // GetPublicVersion returns the public parts of this identity
    GetPublicVersion() Identity

SigningIdentity is an extension of Identity to cover signing capabilities. E.g., signing identity should be requested in the case of a client who wishes to sign transactions, or fabric endorser who wishes to sign proposal processing outcomes.



Package msp imports 26 packages (graph) and is imported by 9 packages. Updated 2020-07-22. Refresh now. Tools for package owners.