-
Notifications
You must be signed in to change notification settings - Fork 508
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
References to low level packages are removed from MSP Client. Change-Id: I2214de6898301072175bd105f3760be558121cd1 Signed-off-by: Aleksandar Likic <aleksandar.likic@securekey.com>
- Loading branch information
Aleksandar Likic
committed
Mar 14, 2018
1 parent
267c094
commit 8241d5c
Showing
6 changed files
with
261 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package msp | ||
|
||
// AttributeRequest is a request for an attribute. | ||
type AttributeRequest struct { | ||
Name string | ||
Optional bool | ||
} | ||
|
||
// RegistrationRequest defines the attributes required to register a user with the CA | ||
type RegistrationRequest struct { | ||
// Name is the unique name of the identity | ||
Name string | ||
// Type of identity being registered (e.g. "peer, app, user") | ||
Type string | ||
// MaxEnrollments is the number of times the secret can be reused to enroll. | ||
// if omitted, this defaults to max_enrollments configured on the server | ||
MaxEnrollments int | ||
// The identity's affiliation e.g. org1.department1 | ||
Affiliation string | ||
// Optional attributes associated with this identity | ||
Attributes []Attribute | ||
// CAName is the name of the CA to connect to | ||
CAName string | ||
// Secret is an optional password. If not specified, | ||
// a random secret is generated. In both cases, the secret | ||
// is returned from registration. | ||
Secret string | ||
} | ||
|
||
// Attribute defines additional attributes that may be passed along during registration | ||
type Attribute struct { | ||
Name string | ||
Key string | ||
Value string | ||
} | ||
|
||
// RevocationRequest defines the attributes required to revoke credentials with the CA | ||
type RevocationRequest struct { | ||
// Name of the identity whose certificates should be revoked | ||
// If this field is omitted, then Serial and AKI must be specified. | ||
Name string | ||
// Serial number of the certificate to be revoked | ||
// If this is omitted, then Name must be specified | ||
Serial string | ||
// AKI (Authority Key Identifier) of the certificate to be revoked | ||
AKI string | ||
// Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp | ||
// for valid values. The default value is 0 (ocsp.Unspecified). | ||
Reason string | ||
// CAName is the name of the CA to connect to | ||
CAName string | ||
} | ||
|
||
// RevocationResponse represents response from the server for a revocation request | ||
type RevocationResponse struct { | ||
// RevokedCerts is an array of certificates that were revoked | ||
RevokedCerts []RevokedCert | ||
// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates | ||
CRL []byte | ||
} | ||
|
||
// RevokedCert represents a revoked certificate | ||
type RevokedCert struct { | ||
// Serial number of the revoked certificate | ||
Serial string | ||
// AKI of the revoked certificate | ||
AKI string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package msp | ||
|
||
import ( | ||
"github.com/hyperledger/fabric-sdk-go/pkg/context/api/core" | ||
"github.com/pkg/errors" | ||
) | ||
|
||
var ( | ||
// ErrUserNotFound indicates the user was not found | ||
ErrUserNotFound = errors.New("user not found") | ||
) | ||
|
||
// Identity supplies the serialized identity and key reference. | ||
type Identity interface { | ||
MspID() string | ||
SerializedIdentity() ([]byte, error) | ||
PrivateKey() core.Key | ||
} | ||
|
||
// SigningIdentity is the identity object that encapsulates the user's private key for signing | ||
// and the user's enrollment certificate (identity) | ||
type SigningIdentity struct { | ||
MspID string | ||
EnrollmentCert []byte | ||
PrivateKey core.Key | ||
} | ||
|
||
// IdentityManager provides management of identities in a Fabric network | ||
type IdentityManager interface { | ||
GetSigningIdentity(name string) (*SigningIdentity, error) | ||
GetUser(name string) (User, error) | ||
} | ||
|
||
// User represents users that have been enrolled and represented by | ||
// an enrollment certificate (ECert) and a signing key. The ECert must have | ||
// been signed by one of the CAs the blockchain network has been configured to trust. | ||
// An enrolled user (having a signing key and ECert) can conduct chaincode deployments, | ||
// transactions and queries with the Chain. | ||
// | ||
// User ECerts can be obtained from a CA beforehand as part of deploying the application, | ||
// or it can be obtained from the optional Fabric COP service via its enrollment process. | ||
// | ||
// Sometimes User identities are confused with Peer identities. User identities represent | ||
// signing capability because it has access to the private key, while Peer identities in | ||
// the context of the application/SDK only has the certificate for verifying signatures. | ||
// An application cannot use the Peer identity to sign things because the application doesn’t | ||
// have access to the Peer identity’s private key. | ||
type User interface { | ||
MspID() string | ||
Name() string | ||
SerializedIdentity() ([]byte, error) | ||
PrivateKey() core.Key | ||
EnrollmentCertificate() []byte | ||
} | ||
|
||
// UserData is the representation of User in UserStore | ||
// PrivateKey is stored separately, in the crypto store | ||
type UserData struct { | ||
Name string | ||
MspID string | ||
EnrollmentCertificate []byte | ||
} | ||
|
||
// UserStore is responsible for UserData persistence | ||
type UserStore interface { | ||
Store(*UserData) error | ||
Load(UserIdentifier) (*UserData, error) | ||
} | ||
|
||
// UserIdentifier is the User's unique identifier | ||
type UserIdentifier struct { | ||
MspID string | ||
Name string | ||
} | ||
|
||
// PrivKeyKey is a composite key for accessing a private key in the key store | ||
type PrivKeyKey struct { | ||
MspID string | ||
UserName string | ||
SKI []byte | ||
} | ||
|
||
// CertKey is a composite key for accessing a cert in the cert store | ||
type CertKey struct { | ||
MspID string | ||
UserName string | ||
} |
Oops, something went wrong.