fabric-sdk-go: github.com/hyperledger/fabric-sdk-go/pkg/client/msp Index | Examples | Files

package msp

import "github.com/hyperledger/fabric-sdk-go/pkg/client/msp"

Package msp enables creation and update of users on a Fabric network. Msp client supports the following actions: Enroll, Reenroll, Register, Revoke and GetSigningIdentity.

Basic Flow:
1) Prepare client context
2) Create msp client
3) Register user
4) Enroll user

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

username := randomUsername()

enrollmentSecret, err := c.Register(&RegistrationRequest{Name: username})
if err != nil {
    fmt.Printf("Register return error %s\n", err)
    return
}

err = c.Enroll(username, WithSecret(enrollmentSecret))
if err != nil {
    fmt.Printf("failed to enroll user: %s\n", err)
    return
}
fmt.Println("enroll user is completed")

Output:

enroll user is completed

Index

Examples

Package Files

ca.go client.go identity.go options.go

Variables

var (
    // ErrUserNotFound indicates the user was not found
    ErrUserNotFound = errors.New("user not found")
)

type AffiliationInfo Uses

type AffiliationInfo struct {
    Name         string
    Affiliations []AffiliationInfo
    Identities   []IdentityInfo
}

AffiliationInfo contains the affiliation name, child affiliation info, and identities associated with this affiliation.

type AffiliationRequest Uses

type AffiliationRequest struct {
    // Name of the affiliation
    Name string

    // Creates parent affiliations if they do not exist
    Force bool

    // Name of the CA
    CAName string
}

AffiliationRequest represents the request to add/remove affiliation to the fabric-ca-server

type AffiliationResponse Uses

type AffiliationResponse struct {
    AffiliationInfo
    CAName string
}

AffiliationResponse contains the response for get, add, modify, and remove an affiliation

type Attribute Uses

type Attribute struct {
    Name  string
    Value string
    ECert bool
}

Attribute defines additional attributes that may be passed along during registration

type AttributeRequest Uses

type AttributeRequest struct {
    Name     string
    Optional bool
}

AttributeRequest is a request for an attribute.

type Client Uses

type Client struct {
    // contains filtered or unexported fields
}

Client enables access to Client services

func New Uses

func New(clientProvider context.ClientProvider, opts ...ClientOption) (*Client, error)

New creates a new Client instance

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

if c != nil {
    fmt.Println("msp client created")
}

Output:

msp client created

func (*Client) AddAffiliation Uses

func (c *Client) AddAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)

AddAffiliation adds a new affiliation to the server

func (*Client) CreateIdentity Uses

func (c *Client) CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)

CreateIdentity creates a new identity with the Fabric CA server. An enrollment secret is returned which can then be used, along with the enrollment ID, to enroll a new identity.

Parameters:
request holds info about identity

Returns:
Return identity info including the secret

Code:

// Create msp client
c, err := New(mockClientProvider())
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

identity, err := c.CreateIdentity(&IdentityRequest{ID: "123", Affiliation: "org2",
    Attributes: []Attribute{{Name: "attName1", Value: "attValue1"}}})
if err != nil {
    fmt.Printf("Create identity return error %s\n", err)
    return
}
fmt.Printf("identity '%s' created\n", identity.ID)

Output:

identity '123' created

func (*Client) CreateSigningIdentity Uses

func (c *Client) CreateSigningIdentity(opts ...mspctx.SigningIdentityOption) (mspctx.SigningIdentity, error)

CreateSigningIdentity creates a signing identity with the given options

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

testPrivKey := `-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgp4qKKB0WCEfx7XiB
5Ul+GpjM1P5rqc6RhjD5OkTgl5OhRANCAATyFT0voXX7cA4PPtNstWleaTpwjvbS
J3+tMGTG67f+TdCfDxWYMpQYxLlE8VkbEzKWDwCYvDZRMKCQfv2ErNvb
-----END PRIVATE KEY-----`

testCert := `-----BEGIN CERTIFICATE-----
MIICGTCCAcCgAwIBAgIRALR/1GXtEud5GQL2CZykkOkwCgYIKoZIzj0EAwIwczEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMTcwNzI4MTQyNzIwWhcNMjcwNzI2MTQyNzIw
WjBbMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
U2FuIEZyYW5jaXNjbzEfMB0GA1UEAwwWVXNlcjFAb3JnMS5leGFtcGxlLmNvbTBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABPIVPS+hdftwDg8+02y1aV5pOnCO9tIn
f60wZMbrt/5N0J8PFZgylBjEuUTxWRsTMpYPAJi8NlEwoJB+/YSs29ujTTBLMA4G
A1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1UdIwQkMCKAIIeR0TY+iVFf
mvoEKwaToscEu43ZXSj5fTVJornjxDUtMAoGCCqGSM49BAMCA0cAMEQCID+dZ7H5
AiaiI2BjxnL3/TetJ8iFJYZyWvK//an13WV/AiARBJd/pI5A7KZgQxJhXmmR8bie
XdsmTcdRvJ3TS/6HCA==
-----END CERTIFICATE-----`

// Create signing identity based on certificate and private key
id, err := c.CreateSigningIdentity(msp.WithCert([]byte(testCert)), msp.WithPrivateKey([]byte(testPrivKey)))
if err != nil {
    fmt.Printf("failed when creating identity based on certificate and private key: %s\n", err)
    return
}
if string(id.EnrollmentCertificate()) != testCert {
    fmt.Printf("certificate mismatch\n")
    return
}

// In this user case client might want to import keys directly into keystore
// out of band instead of enrolling the user via SDK. User enrolment creates a cert
// and stores it into local SDK user store, while user might not want SDK to manage certs.
err = importPrivateKeyOutOfBand([]byte(testPrivKey), c)
if err != nil {
    fmt.Printf("failed to import key: %s\n", err)
    return
}

// Create signing identity using certificate. SDK will lookup the private key based on the certificate.
id, err = c.CreateSigningIdentity(msp.WithCert([]byte(testCert)))
if err != nil {
    fmt.Printf("failed when creating identity using certificate: %s\n", err)
    return
}
if string(id.EnrollmentCertificate()) != testCert {
    fmt.Printf("certificate mismatch\n")
    return
}

fmt.Println("create signing identity is completed")

Output:

create signing identity is completed

func (*Client) Enroll Uses

func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error

Enroll enrolls a registered user in order to receive a signed X509 certificate. A new key pair is generated for the user. The private key and the enrollment certificate issued by the CA are stored in SDK stores. They can be retrieved by calling IdentityManager.GetSigningIdentity().

Parameters:
enrollmentID enrollment ID of a registered user
opts are optional enrollment options

Returns:
an error if enrollment fails

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret"))
if err != nil {
    fmt.Printf("failed to enroll user: %s\n", err)
    return
}
fmt.Println("enroll user is completed")

Output:

enroll user is completed

func (*Client) GetAffiliation Uses

func (c *Client) GetAffiliation(affiliation string, opts ...RequestOption) (*AffiliationResponse, error)

GetAffiliation returns information about the requested affiliation

func (*Client) GetAllAffiliations Uses

func (c *Client) GetAllAffiliations(opts ...RequestOption) (*AffiliationResponse, error)

GetAllAffiliations returns all affiliations that the caller is authorized to see

func (*Client) GetAllIdentities Uses

func (c *Client) GetAllIdentities(opts ...RequestOption) ([]*IdentityResponse, error)

GetAllIdentities returns all identities that the caller is authorized to see

Parameters:
options holds optional request options
Returns:
Response containing identities

Code:

// Create msp client
c, err := New(mockClientProvider())
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

results, err := c.GetAllIdentities()
if err != nil {
    fmt.Printf("Get identities return error %s\n", err)
    return
}
fmt.Printf("%d identities retrieved\n", len(results))

Output:

2 identities retrieved

func (*Client) GetCAInfo Uses

func (c *Client) GetCAInfo() (*GetCAInfoResponse, error)

GetCAInfo returns generic CA information

func (*Client) GetIdentity Uses

func (c *Client) GetIdentity(ID string, opts ...RequestOption) (*IdentityResponse, error)

GetIdentity retrieves identity information.

Parameters:
ID is required identity ID
options holds optional request options

Returns:
Response containing identity information

Code:

// Create msp client
c, err := New(mockClientProvider())
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

identity, err := c.GetIdentity("123")
if err != nil {
    fmt.Printf("Get identity return error %s\n", err)
    return
}
fmt.Printf("identity '%s' retrieved\n", identity.ID)

Output:

identity '123' retrieved

func (*Client) GetSigningIdentity Uses

func (c *Client) GetSigningIdentity(id string) (mspctx.SigningIdentity, error)

GetSigningIdentity returns signing identity for id

Parameters:
id is user id

Returns:
signing identity

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

username := randomUsername()

err = c.Enroll(username, WithSecret("enrollmentSecret"))
if err != nil {
    fmt.Printf("failed to enroll user: %s\n", err)
    return
}
enrolledUser, err := c.GetSigningIdentity(username)
if err != nil {
    fmt.Printf("user not found %s\n", err)
    return
}

if enrolledUser.Identifier().ID != username {
    fmt.Println("Enrolled user name doesn't match")
    return
}

fmt.Println("enroll user is completed")

Output:

enroll user is completed

func (*Client) ModifyAffiliation Uses

func (c *Client) ModifyAffiliation(request *ModifyAffiliationRequest) (*AffiliationResponse, error)

ModifyAffiliation renames an existing affiliation on the server

func (*Client) ModifyIdentity Uses

func (c *Client) ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error)

ModifyIdentity modifies identity with the Fabric CA server.

Parameters:
request holds info about identity

Returns:
Return updated identity info

Code:

// Create msp client
c, err := New(mockClientProvider())
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

identity, err := c.ModifyIdentity(&IdentityRequest{ID: "123", Affiliation: "org2", Secret: "top-secret"})
if err != nil {
    fmt.Printf("Modify identity return error %s\n", err)
    return
}
fmt.Printf("identity '%s' modified\n", identity.ID)

Output:

identity '123' modified

func (*Client) Reenroll Uses

func (c *Client) Reenroll(enrollmentID string, opts ...EnrollmentOption) error

Reenroll reenrolls an enrolled user in order to obtain a new signed X509 certificate

Parameters:
enrollmentID enrollment ID of a registered user

Returns:
an error if re-enrollment fails

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

username := randomUsername()

err = c.Enroll(username, WithSecret("enrollmentSecret"))
if err != nil {
    fmt.Printf("failed to enroll user: %s\n", err)
    return
}

err = c.Reenroll(username)
if err != nil {
    fmt.Printf("failed to reenroll user: %s\n", err)
    return
}

fmt.Println("reenroll user is completed")

Output:

reenroll user is completed

func (*Client) Register Uses

func (c *Client) Register(request *RegistrationRequest) (string, error)

Register registers a User with the Fabric CA

Parameters:
request is registration request

Returns:
enrolment secret

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

_, err = c.Register(&RegistrationRequest{Name: randomUsername()})
if err != nil {
    fmt.Printf("Register return error %s\n", err)
    return
}
fmt.Println("register user is completed")

Output:

register user is completed

func (*Client) RemoveAffiliation Uses

func (c *Client) RemoveAffiliation(request *AffiliationRequest) (*AffiliationResponse, error)

RemoveAffiliation removes an existing affiliation from the server

func (*Client) RemoveIdentity Uses

func (c *Client) RemoveIdentity(request *RemoveIdentityRequest) (*IdentityResponse, error)

RemoveIdentity removes identity with the Fabric CA server.

Parameters:
request holds info about identity to be removed

Returns:
Return removed identity info

Code:

// Create msp client
c, err := New(mockClientProvider())
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

identity, err := c.RemoveIdentity(&RemoveIdentityRequest{ID: "123"})
if err != nil {
    fmt.Printf("Remove identity return error %s\n", err)
    return
}
fmt.Printf("identity '%s' removed\n", identity.ID)

Output:

identity '123' removed

func (*Client) Revoke Uses

func (c *Client) Revoke(request *RevocationRequest) (*RevocationResponse, error)

Revoke revokes a User with the Fabric CA

Parameters:
request is revocation request

Returns:
revocation response

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx)
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

_, err = c.Revoke(&RevocationRequest{Name: "testuser"})
if err != nil {
    fmt.Printf("revoke return error %s\n", err)
}
fmt.Println("revoke user is completed")

Output:

revoke user is completed

type ClientOption Uses

type ClientOption func(*clientOptions) error

ClientOption describes a functional parameter for the New constructor

func WithCAInstance Uses

func WithCAInstance(caID string) ClientOption

WithCAInstance option

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx, WithCAInstance("tlsca.org1.example.com"))
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

if c != nil {
    fmt.Println("msp client created with CA Instance")
}

Output:

msp client created with CA Instance

func WithOrg Uses

func WithOrg(orgName string) ClientOption

WithOrg option

Code:

ctx := mockClientProvider()

// Create msp client
c, err := New(ctx, WithOrg("org1"))
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

if c != nil {
    fmt.Println("msp client created with org")
}

Output:

msp client created with org

type EnrollmentOption Uses

type EnrollmentOption func(*enrollmentOptions) error

EnrollmentOption describes a functional parameter for Enroll

func WithAttributeRequests Uses

func WithAttributeRequests(attrReqs []*AttributeRequest) EnrollmentOption

WithAttributeRequests enrollment option

func WithLabel Uses

func WithLabel(label string) EnrollmentOption

WithLabel enrollment option

func WithProfile Uses

func WithProfile(profile string) EnrollmentOption

WithProfile enrollment option

func WithSecret Uses

func WithSecret(secret string) EnrollmentOption

WithSecret enrollment option

func WithType Uses

func WithType(typ string) EnrollmentOption

WithType enrollment option

type GetCAInfoResponse Uses

type GetCAInfoResponse struct {
    // CAName is the name of the CA
    CAName string
    // CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
    // The 1st element of the chain is the root CA cert
    CAChain []byte
    // Idemix issuer public key of the CA
    IssuerPublicKey []byte
    // Idemix issuer revocation public key of the CA
    IssuerRevocationPublicKey []byte
    // Version of the server
    Version string
}

GetCAInfoResponse is the response from the GetCAInfo call

type IdentityInfo Uses

type IdentityInfo struct {
    ID             string
    Type           string
    Affiliation    string
    Attributes     []Attribute
    MaxEnrollments int
}

IdentityInfo contains information about an identity

type IdentityManager Uses

type IdentityManager interface {
    GetSigningIdentity(name string) (msp.SigningIdentity, error)
    CreateSigningIdentity(ops ...msp.SigningIdentityOption) (msp.SigningIdentity, error)
}

IdentityManager provides management of identities in a Fabric network

type IdentityRequest Uses

type IdentityRequest struct {

    // The enrollment ID which uniquely identifies an identity (required)
    ID  string

    // The identity's affiliation (required)
    Affiliation string

    // Array of attributes to assign to the user
    Attributes []Attribute

    // Type of identity being registered (e.g. 'peer, app, user'). Default is 'user'.
    Type string

    // The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
    MaxEnrollments int

    // The enrollment secret. If not provided, a random secret is generated.
    Secret string

    // Name of the CA to send the request to within the Fabric CA server (optional)
    CAName string
}

IdentityRequest represents the request to add/update identity to the fabric-ca-server

type IdentityResponse Uses

type IdentityResponse struct {

    // The enrollment ID which uniquely identifies an identity
    ID  string

    // The identity's affiliation
    Affiliation string

    // Array of attributes assigned to the user
    Attributes []Attribute

    // Type of identity (e.g. 'peer, app, user')
    Type string

    // The maximum number of times the secret can be reused to enroll
    MaxEnrollments int

    // The enrollment secret
    Secret string

    // Name of the CA
    CAName string
}

IdentityResponse is the response from the any read/add/modify/remove identity call

type ModifyAffiliationRequest Uses

type ModifyAffiliationRequest struct {
    AffiliationRequest

    // New name of the affiliation
    NewName string
}

ModifyAffiliationRequest represents the request to modify an existing affiliation on the fabric-ca-server

type RegistrationRequest Uses

type RegistrationRequest struct {
    // Name is the unique name of the identity
    Name string
    // Type of identity being registered (e.g. "peer, app, user")
    Type string
    // MaxEnrollments is the number of times the secret can  be reused to enroll.
    // if omitted, this defaults to max_enrollments configured on the server
    MaxEnrollments int
    // The identity's affiliation e.g. org1.department1
    Affiliation string
    // Optional attributes associated with this identity
    Attributes []Attribute
    // CAName is the name of the CA to connect to
    CAName string
    // Secret is an optional password.  If not specified,
    // a random secret is generated.  In both cases, the secret
    // is returned from registration.
    Secret string
}

RegistrationRequest defines the attributes required to register a user with the CA

type RemoveIdentityRequest Uses

type RemoveIdentityRequest struct {

    // The enrollment ID which uniquely identifies an identity
    ID  string

    // Force delete
    Force bool

    // Name of the CA
    CAName string
}

RemoveIdentityRequest represents the request to remove an existing identity from the fabric-ca-server

type RequestOption Uses

type RequestOption func(*requestOptions) error

RequestOption func for each Opts argument

func WithCA Uses

func WithCA(caName string) RequestOption

WithCA allows for specifying optional CA name (within the CA server instance)

Code:

// Create msp client
c, err := New(mockClientProvider())
if err != nil {
    fmt.Println("failed to create msp client")
    return
}

results, err := c.GetAllIdentities(WithCA("CA"))
if err != nil {
    fmt.Printf("Get identities return error %s\n", err)
    return
}
fmt.Printf("%d identities retrieved\n", len(results))

Output:

2 identities retrieved

type RevocationRequest Uses

type RevocationRequest struct {
    // Name of the identity whose certificates should be revoked
    // If this field is omitted, then Serial and AKI must be specified.
    Name string
    // Serial number of the certificate to be revoked
    // If this is omitted, then Name must be specified
    Serial string
    // AKI (Authority Key Identifier) of the certificate to be revoked
    AKI string
    // Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp
    // for valid values. The default value is 0 (ocsp.Unspecified).
    Reason string
    // CAName is the name of the CA to connect to
    CAName string
}

RevocationRequest defines the attributes required to revoke credentials with the CA

type RevocationResponse Uses

type RevocationResponse struct {
    // RevokedCerts is an array of certificates that were revoked
    RevokedCerts []RevokedCert
    // CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
    CRL []byte
}

RevocationResponse represents response from the server for a revocation request

type RevokedCert Uses

type RevokedCert struct {
    // Serial number of the revoked certificate
    Serial string
    // AKI of the revoked certificate
    AKI string
}

RevokedCert represents a revoked certificate

Package msp imports 8 packages (graph) and is imported by 6 packages. Updated 2019-08-08. Refresh now. Tools for package owners.