gitee.com/zhaochuninhefei/fabric-ca-gm@v0.0.2/lib/caconfig.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package lib 8 9 import ( 10 "time" 11 12 // "gitee.com/zhaochuninhefei/cfssl-gm/config" 13 "gitee.com/zhaochuninhefei/cfssl-gm/config" 14 "gitee.com/zhaochuninhefei/fabric-ca-gm/internal/pkg/api" 15 "gitee.com/zhaochuninhefei/fabric-ca-gm/internal/pkg/util" 16 dbutil "gitee.com/zhaochuninhefei/fabric-ca-gm/lib/server/db/util" 17 "gitee.com/zhaochuninhefei/fabric-ca-gm/lib/server/idemix" 18 "gitee.com/zhaochuninhefei/fabric-ca-gm/lib/server/ldap" 19 "gitee.com/zhaochuninhefei/fabric-ca-gm/lib/tls" 20 "gitee.com/zhaochuninhefei/fabric-gm/bccsp/factory" 21 ) 22 23 const ( 24 // defaultCACfgTemplate is the a CA's default configuration file template 25 defaultCACfgTemplate = ` 26 ############################################################################# 27 # This file contains information specific to a single Certificate Authority (CA). 28 # A single fabric-ca-server can service multiple CAs. The server's configuration 29 # file contains configuration information for the default CA, and each of these 30 # CA-specific files define configuration settings for a non-default CA. 31 # 32 # The only required configuration item in each CA-specific file is a unique 33 # CA name (see "ca.name" below). Each CA name in the same fabric-ca-server 34 # must be unique. All other configuration settings needed for this CA are 35 # taken from the default CA settings, or you may override those settings by 36 # adding the setting to this file. 37 # 38 # For example, you should provide a different username and password for the 39 # bootstrap identity as found in the "identities" subsection of the "registry" 40 # section. 41 # 42 # See the server's configuration file for comments on all settings. 43 # All settings pertaining to the server's listening endpoint are by definition 44 # server-specific and so will be ignored in a CA configuration file. 45 ############################################################################# 46 ca: 47 # Name of this CA 48 name: <<<CANAME>>> 49 # The CA certificate file 50 certfile: ca-cert.pem 51 # The CA key file 52 keyfile: ca-key.pem 53 54 ############################################################################# 55 # Database section 56 # Supported types are: "sqlite3", "postgres", and "mysql". 57 # The datasource value depends on the type. 58 # If the type is "sqlite3", the datasource value is a file name to use 59 # as the database store. Since "sqlite3" is an embedded database, it 60 # may not be used if you want to run the fabric-ca-server in a cluster. 61 # To run the fabric-ca-server in a cluster, you must choose "postgres" 62 # or "mysql". 63 ############################################################################# 64 db: 65 datasource: <<<DATASOURCE>>> 66 67 ########################################################################### 68 # Certificate Signing Request section for generating the CA certificate 69 ########################################################################### 70 csr: 71 cn: <<<COMMONNAME>>> 72 ` 73 ) 74 75 // CAConfig is the CA instance's config 76 // The tags are recognized by the RegisterFlags function in fabric-ca/util/flag.go 77 // and are as follows: 78 // "def" - the default value of the field; 79 // "opt" - the optional one character short name to use on the command line; 80 // "help" - the help message to display on the command line; 81 // "skip" - to skip the field. 82 type CAConfig struct { 83 Version string `skip:"true"` 84 Cfg CfgOptions 85 CA CAInfo 86 Signing *config.Signing `skip:"true"` 87 CSR api.CSRInfo 88 Registry CAConfigRegistry 89 Affiliations map[string]interface{} 90 LDAP ldap.Config 91 DB CAConfigDB 92 CSP *factory.FactoryOpts `yaml:"bccsp" mapstructure:"bccsp" hide:"true"` 93 // Optional client config for an intermediate server which acts as a client 94 // of the root (or parent) server 95 Client *ClientConfig `skip:"true"` 96 Intermediate IntermediateCA 97 CRL CRLConfig 98 Idemix idemix.Config 99 } 100 101 // CfgOptions is a CA configuration that allows for setting different options 102 type CfgOptions struct { 103 Identities identitiesOptions 104 Affiliations affiliationsOptions 105 } 106 107 // identitiesOptions are options that are related to identities 108 type identitiesOptions struct { 109 PasswordAttempts int `def:"10" help:"Number of incorrect password attempts allowed"` 110 AllowRemove bool `help:"Enables removal of identities dynamically"` 111 } 112 113 // affiliationsOptions are options that are related to affiliations 114 type affiliationsOptions struct { 115 AllowRemove bool `help:"Enables removal of affiliations dynamically"` 116 } 117 118 // CAInfo is the CA information on a fabric-ca-server 119 type CAInfo struct { 120 Name string `opt:"n" help:"Certificate Authority name"` 121 Keyfile string `help:"PEM-encoded CA key file"` 122 Certfile string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"` 123 Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"` 124 ReenrollIgnoreCertExpiry bool `def:"false" help:"Ignore Certificate Expiry for re-enroll"` 125 } 126 127 // CAConfigDB is the database part of the server's config 128 type CAConfigDB struct { 129 Type string `def:"sqlite3" help:"Type of database; one of: sqlite3, postgres, mysql"` 130 Datasource string `def:"fabric-ca-server.db" help:"Data source which is database specific"` 131 TLS tls.ClientTLSConfig 132 } 133 134 // Implements Stringer interface for CAConfigDB 135 // Calls util.StructToString to convert the CAConfigDB struct to 136 // string and masks the password from the database URL. Returns 137 // resulting string. 138 func (c CAConfigDB) String() string { 139 str := util.StructToString(&c) 140 return dbutil.MaskDBCred(str) 141 } 142 143 // CAConfigRegistry is the registry part of the server's config 144 type CAConfigRegistry struct { 145 MaxEnrollments int `def:"-1" help:"Maximum number of enrollments; valid if LDAP not enabled"` 146 Identities []CAConfigIdentity 147 } 148 149 // CAConfigIdentity is identity information in the server's config 150 type CAConfigIdentity struct { 151 Name string `mask:"username"` 152 Pass string `mask:"password"` 153 Type string 154 Affiliation string 155 MaxEnrollments int 156 Attrs map[string]string 157 } 158 159 // ParentServer contains URL for the parent server and the name of CA inside 160 // the server to connect to 161 type ParentServer struct { 162 URL string `opt:"u" help:"URL of the parent fabric-ca-server (e.g. http://<username>:<password>@<address>:<port)" mask:"url"` 163 CAName string `help:"Name of the CA to connect to on fabric-ca-server"` 164 } 165 166 // IntermediateCA contains parent server information, TLS configuration, and 167 // enrollment request for an intermediate CA 168 type IntermediateCA struct { 169 ParentServer ParentServer 170 TLS tls.ClientTLSConfig 171 Enrollment api.EnrollmentRequest 172 } 173 174 // CRLConfig contains configuration options used by the gencrl request handler 175 type CRLConfig struct { 176 // Specifies expiration for the CRL generated by the gencrl request 177 // The number of hours specified by this property is added to the UTC time, resulting time 178 // is used to set the 'Next Update' date of the CRL 179 Expiry time.Duration `def:"24h" help:"Expiration for the CRL generated by the gencrl request"` 180 } 181 182 func (cc CAConfigIdentity) String() string { 183 return util.StructToString(&cc) 184 } 185 186 func (parent ParentServer) String() string { 187 return util.StructToString(&parent) 188 }