fabric: github.com/hyperledger/fabric/core/comm Index | Files | Directories

package comm

import "github.com/hyperledger/fabric/core/comm"

Index

Package Files

client.go config.go connection.go creds.go metrics.go server.go serverstatshandler.go util.go

Variables

var (
    // Max send and receive bytes for grpc clients and servers
    MaxRecvMsgSize = 100 * 1024 * 1024
    MaxSendMsgSize = 100 * 1024 * 1024
    // Default peer keepalive options
    DefaultKeepaliveOptions = KeepaliveOptions{
        ClientInterval:    time.Duration(1) * time.Minute,
        ClientTimeout:     time.Duration(20) * time.Second,
        ServerInterval:    time.Duration(2) * time.Hour,
        ServerTimeout:     time.Duration(20) * time.Second,
        ServerMinInterval: time.Duration(1) * time.Minute,
    }
    // strong TLS cipher suites
    DefaultTLSCipherSuites = []uint16{
        tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
        tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
        tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    }
    // default connection timeout
    DefaultConnectionTimeout = 5 * time.Second
)

Configuration defaults

var (
    ErrClientHandshakeNotImplemented = errors.New("core/comm: client handshakes are not implemented with serverCreds")
    ErrOverrideHostnameNotSupported  = errors.New("core/comm: OverrideServerName is not supported")
)

func AddPemToCertPool Uses

func AddPemToCertPool(pemCerts []byte, pool *x509.CertPool) error

AddPemToCertPool adds PEM-encoded certs to a cert pool

func ClientKeepaliveOptions Uses

func ClientKeepaliveOptions(ka KeepaliveOptions) []grpc.DialOption

ClientKeepaliveOptions returns gRPC keepalive options for clients.

func ExtractCertificateFromContext Uses

func ExtractCertificateFromContext(ctx context.Context) *x509.Certificate

ExtractCertificateFromContext returns the TLS certificate (if applicable) from the given context of a gRPC stream

func ExtractCertificateHashFromContext Uses

func ExtractCertificateHashFromContext(ctx context.Context) []byte

ExtractCertificateHashFromContext extracts the hash of the certificate from the given context. If the certificate isn't present, nil is returned

func ExtractRawCertificateFromContext Uses

func ExtractRawCertificateFromContext(ctx context.Context) []byte

ExtractRawCertificateFromContext returns the raw TLS certificate (if applicable) from the given context of a gRPC stream

func GetLocalIP Uses

func GetLocalIP() (string, error)

GetLocalIP returns the non loopback local IP of the host

func NewServerTransportCredentials Uses

func NewServerTransportCredentials(
    serverConfig *tls.Config,
    logger *flogging.FabricLogger) credentials.TransportCredentials

NewServerTransportCredentials returns a new initialized grpc/credentials.TransportCredentials

func ServerKeepaliveOptions Uses

func ServerKeepaliveOptions(ka KeepaliveOptions) []grpc.ServerOption

ServerKeepaliveOptions returns gRPC keepalive options for server.

type BindingInspector Uses

type BindingInspector func(context.Context, proto.Message) error

BindingInspector receives as parameters a gRPC context and an Envelope, and verifies whether the message contains an appropriate binding to the context

func NewBindingInspector Uses

func NewBindingInspector(mutualTLS bool, extractTLSCertHash CertHashExtractor) BindingInspector

NewBindingInspector returns a BindingInspector according to whether mutualTLS is configured or not, and according to a function that extracts TLS certificate hashes from proto messages

type CertHashExtractor Uses

type CertHashExtractor func(proto.Message) []byte

CertHashExtractor extracts a certificate from a proto.Message message

type ClientConfig Uses

type ClientConfig struct {
    // SecOpts defines the security parameters
    SecOpts SecureOptions
    // KaOpts defines the keepalive parameters
    KaOpts KeepaliveOptions
    // Timeout specifies how long the client will block when attempting to
    // establish a connection
    Timeout time.Duration
    // AsyncConnect makes connection creation non blocking
    AsyncConnect bool
}

ClientConfig defines the parameters for configuring a GRPCClient instance

func (ClientConfig) Clone Uses

func (cc ClientConfig) Clone() ClientConfig

Clone clones this ClientConfig

type CredentialSupport Uses

type CredentialSupport struct {
    // contains filtered or unexported fields
}

CredentialSupport type manages credentials used for gRPC client connections

func NewCredentialSupport Uses

func NewCredentialSupport(rootCAs ...[]byte) *CredentialSupport

NewCredentialSupport creates a CredentialSupport instance.

func (*CredentialSupport) AppRootCAsByChain Uses

func (cs *CredentialSupport) AppRootCAsByChain() map[string][][]byte

func (*CredentialSupport) BuildTrustedRootsForChain Uses

func (cs *CredentialSupport) BuildTrustedRootsForChain(cm channelconfig.Resources)

BuildTrustedRootsForChain populates the appRootCAs and orderRootCAs maps by getting the root and intermediate certs for all msps associated with the MSPManager.

func (*CredentialSupport) GetClientCertificate Uses

func (cs *CredentialSupport) GetClientCertificate() tls.Certificate

GetClientCertificate returns the client certificate of the CredentialSupport

func (*CredentialSupport) GetPeerCredentials Uses

func (cs *CredentialSupport) GetPeerCredentials() credentials.TransportCredentials

GetPeerCredentials returns gRPC transport credentials for use by gRPC clients which communicate with remote peer endpoints.

func (*CredentialSupport) SetClientCertificate Uses

func (cs *CredentialSupport) SetClientCertificate(cert tls.Certificate)

SetClientCertificate sets the tls.Certificate to use for gRPC client connections

type GRPCClient Uses

type GRPCClient struct {
    // contains filtered or unexported fields
}

func NewGRPCClient Uses

func NewGRPCClient(config ClientConfig) (*GRPCClient, error)

NewGRPCClient creates a new implementation of GRPCClient given an address and client configuration

func (*GRPCClient) Certificate Uses

func (client *GRPCClient) Certificate() tls.Certificate

Certificate returns the tls.Certificate used to make TLS connections when client certificates are required by the server

func (*GRPCClient) MutualTLSRequired Uses

func (client *GRPCClient) MutualTLSRequired() bool

MutualTLSRequired is a flag indicating whether the client must send a certificate when making TLS connections

func (*GRPCClient) NewConnection Uses

func (client *GRPCClient) NewConnection(address string, tlsOptions ...TLSOption) (*grpc.ClientConn, error)

NewConnection returns a grpc.ClientConn for the target address and overrides the server name used to verify the hostname on the certificate returned by a server when using TLS

func (*GRPCClient) SetMaxRecvMsgSize Uses

func (client *GRPCClient) SetMaxRecvMsgSize(size int)

SetMaxRecvMsgSize sets the maximum message size the client can receive

func (*GRPCClient) SetMaxSendMsgSize Uses

func (client *GRPCClient) SetMaxSendMsgSize(size int)

SetMaxSendMsgSize sets the maximum message size the client can send

func (*GRPCClient) SetServerRootCAs Uses

func (client *GRPCClient) SetServerRootCAs(serverRoots [][]byte) error

SetServerRootCAs sets the list of authorities used to verify server certificates based on a list of PEM-encoded X509 certificate authorities

func (*GRPCClient) TLSEnabled Uses

func (client *GRPCClient) TLSEnabled() bool

TLSEnabled is a flag indicating whether to use TLS for client connections

type GRPCServer Uses

type GRPCServer struct {
    // contains filtered or unexported fields
}

func NewGRPCServer Uses

func NewGRPCServer(address string, serverConfig ServerConfig) (*GRPCServer, error)

NewGRPCServer creates a new implementation of a GRPCServer given a listen address

func NewGRPCServerFromListener Uses

func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig) (*GRPCServer, error)

NewGRPCServerFromListener creates a new implementation of a GRPCServer given an existing net.Listener instance using default keepalive

func (*GRPCServer) Address Uses

func (gServer *GRPCServer) Address() string

Address returns the listen address for this GRPCServer instance

func (*GRPCServer) AppendClientRootCAs Uses

func (gServer *GRPCServer) AppendClientRootCAs(clientRoots [][]byte) error

AppendClientRootCAs appends PEM-encoded X509 certificate authorities to the list of authorities used to verify client certificates

func (*GRPCServer) Listener Uses

func (gServer *GRPCServer) Listener() net.Listener

Listener returns the net.Listener for the GRPCServer instance

func (*GRPCServer) MutualTLSRequired Uses

func (gServer *GRPCServer) MutualTLSRequired() bool

MutualTLSRequired is a flag indicating whether or not client certificates are required for this GRPCServer instance

func (*GRPCServer) Server Uses

func (gServer *GRPCServer) Server() *grpc.Server

Server returns the grpc.Server for the GRPCServer instance

func (*GRPCServer) ServerCertificate Uses

func (gServer *GRPCServer) ServerCertificate() tls.Certificate

ServerCertificate returns the tls.Certificate used by the grpc.Server

func (*GRPCServer) SetClientRootCAs Uses

func (gServer *GRPCServer) SetClientRootCAs(clientRoots [][]byte) error

SetClientRootCAs sets the list of authorities used to verify client certificates based on a list of PEM-encoded X509 certificate authorities

func (*GRPCServer) SetServerCertificate Uses

func (gServer *GRPCServer) SetServerCertificate(cert tls.Certificate)

SetServerCertificate assigns the current TLS certificate to be the peer's server certificate

func (*GRPCServer) Start Uses

func (gServer *GRPCServer) Start() error

Start starts the underlying grpc.Server

func (*GRPCServer) Stop Uses

func (gServer *GRPCServer) Stop()

Stop stops the underlying grpc.Server

func (*GRPCServer) TLSEnabled Uses

func (gServer *GRPCServer) TLSEnabled() bool

TLSEnabled is a flag indicating whether or not TLS is enabled for the GRPCServer instance

type KeepaliveOptions Uses

type KeepaliveOptions struct {
    // ClientInterval is the duration after which if the client does not see
    // any activity from the server it pings the server to see if it is alive
    ClientInterval time.Duration
    // ClientTimeout is the duration the client waits for a response
    // from the server after sending a ping before closing the connection
    ClientTimeout time.Duration
    // ServerInterval is the duration after which if the server does not see
    // any activity from the client it pings the client to see if it is alive
    ServerInterval time.Duration
    // ServerTimeout is the duration the server waits for a response
    // from the client after sending a ping before closing the connection
    ServerTimeout time.Duration
    // ServerMinInterval is the minimum permitted time between client pings.
    // If clients send pings more frequently, the server will disconnect them
    ServerMinInterval time.Duration
}

KeepaliveOptions is used to set the gRPC keepalive settings for both clients and servers

type Metrics Uses

type Metrics struct {
    // OpenConnCounter keeps track of number of open connections
    OpenConnCounter metrics.Counter
    // ClosedConnCounter keeps track of number connections closed
    ClosedConnCounter metrics.Counter
}

type SecureOptions Uses

type SecureOptions struct {
    // VerifyCertificate, if not nil, is called after normal
    // certificate verification by either a TLS client or server.
    // If it returns a non-nil error, the handshake is aborted and that error results.
    VerifyCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
    // PEM-encoded X509 public key to be used for TLS communication
    Certificate []byte
    // PEM-encoded private key to be used for TLS communication
    Key []byte
    // Set of PEM-encoded X509 certificate authorities used by clients to
    // verify server certificates
    ServerRootCAs [][]byte
    // Set of PEM-encoded X509 certificate authorities used by servers to
    // verify client certificates
    ClientRootCAs [][]byte
    // Whether or not to use TLS for communication
    UseTLS bool
    // Whether or not TLS client must present certificates for authentication
    RequireClientCert bool
    // CipherSuites is a list of supported cipher suites for TLS
    CipherSuites []uint16
    // TimeShift makes TLS handshakes time sampling shift to the past by a given duration
    TimeShift time.Duration
}

SecureOptions defines the security parameters (e.g. TLS) for a GRPCServer or GRPCClient instance

type ServerConfig Uses

type ServerConfig struct {
    // ConnectionTimeout specifies the timeout for connection establishment
    // for all new connections
    ConnectionTimeout time.Duration
    // SecOpts defines the security parameters
    SecOpts SecureOptions
    // KaOpts defines the keepalive parameters
    KaOpts KeepaliveOptions
    // StreamInterceptors specifies a list of interceptors to apply to
    // streaming RPCs.  They are executed in order.
    StreamInterceptors []grpc.StreamServerInterceptor
    // UnaryInterceptors specifies a list of interceptors to apply to unary
    // RPCs.  They are executed in order.
    UnaryInterceptors []grpc.UnaryServerInterceptor
    // Logger specifies the logger the server will use
    Logger *flogging.FabricLogger
    // HealthCheckEnabled enables the gRPC Health Checking Protocol for the server
    HealthCheckEnabled bool
    // ServerStatsHandler should be set if metrics on connections are to be reported.
    ServerStatsHandler *ServerStatsHandler
}

ServerConfig defines the parameters for configuring a GRPCServer instance

type ServerStatsHandler Uses

type ServerStatsHandler struct {
    OpenConnCounter   metrics.Counter
    ClosedConnCounter metrics.Counter
}

func NewServerStatsHandler Uses

func NewServerStatsHandler(p metrics.Provider) *ServerStatsHandler

func (*ServerStatsHandler) HandleConn Uses

func (h *ServerStatsHandler) HandleConn(ctx context.Context, s stats.ConnStats)

func (*ServerStatsHandler) HandleRPC Uses

func (h *ServerStatsHandler) HandleRPC(ctx context.Context, s stats.RPCStats)

func (*ServerStatsHandler) TagConn Uses

func (h *ServerStatsHandler) TagConn(ctx context.Context, info *stats.ConnTagInfo) context.Context

func (*ServerStatsHandler) TagRPC Uses

func (h *ServerStatsHandler) TagRPC(ctx context.Context, info *stats.RPCTagInfo) context.Context

type TLSOption Uses

type TLSOption func(tlsConfig *tls.Config)

func CertPoolOverride Uses

func CertPoolOverride(pool *x509.CertPool) TLSOption

func ServerNameOverride Uses

func ServerNameOverride(name string) TLSOption

Directories

PathSynopsis
testpb

Package comm imports 25 packages (graph) and is imported by 200 packages. Updated 2019-11-16. Refresh now. Tools for package owners.