github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/hyperledger/fabric-config/configtx/membership/membership.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package membership 8 9 import ( 10 "crypto" 11 "github.com/hellobchain/newcryptosm/x509" 12 ) 13 14 // KeyInfo represents a (secret) key that is either already stored 15 // in the bccsp/keystore or key material to be imported to the 16 // bccsp key-store. In later versions it may contain also a 17 // keystore identifier. 18 type KeyInfo struct { 19 // Identifier of the key inside the default keystore; this for 20 // the case of Software BCCSP as well as the HSM BCCSP would be 21 // the SKI of the key. 22 KeyIdentifier string 23 // KeyMaterial (optional) for the key to be imported; this 24 // must be a supported PKCS#8 private key type of either 25 // *rsa.PrivateKey, *ecdsa.PrivateKey, or ed25519.PrivateKey. 26 KeyMaterial crypto.PrivateKey 27 } 28 29 // SigningIdentityInfo represents the configuration information 30 // related to the signing identity the peer is to use for generating 31 // endorsements. 32 type SigningIdentityInfo struct { 33 // PublicSigner carries the public information of the signing 34 // identity. For an X.509 provider this would be represented by 35 // an X.509 certificate. 36 PublicSigner *x509.Certificate 37 // PrivateSigner denotes a reference to the private key of the 38 // peer's signing identity. 39 PrivateSigner KeyInfo 40 } 41 42 // CryptoConfig contains configuration parameters 43 // for the cryptographic algorithms used by the MSP 44 // this configuration refers to. 45 type CryptoConfig struct { 46 // SignatureHashFamily is a string representing the hash family to be used 47 // during sign and verify operations. 48 // Allowed values are "SHA2" and "SHA3". 49 SignatureHashFamily string 50 // IdentityIdentifierHashFunction is a string representing the hash function 51 // to be used during the computation of the identity identifier of an MSP identity. 52 // Allowed values are "SHA256", "SHA384" and "SHA3_256", "SHA3_384". 53 IdentityIdentifierHashFunction string 54 } 55 56 // OUIdentifier represents an organizational unit and 57 // its related chain of trust identifier. 58 type OUIdentifier struct { 59 // Certificate represents the second certificate in a certification chain. 60 // (Notice that the first certificate in a certification chain is supposed 61 // to be the certificate of an identity). 62 // It must correspond to the certificate of root or intermediate CA 63 // recognized by the MSP this message belongs to. 64 // Starting from this certificate, a certification chain is computed 65 // and bound to the OrganizationUnitIdentifier specified. 66 Certificate *x509.Certificate 67 // OrganizationUnitIdentifier defines the organizational unit under the 68 // MSP identified with MSPIdentifier. 69 OrganizationalUnitIdentifier string 70 } 71 72 // NodeOUs contains configuration to tell apart clients from peers from orderers 73 // based on OUs. If NodeOUs recognition is enabled then an msp identity 74 // that does not contain any of the specified OU will be considered invalid. 75 type NodeOUs struct { 76 // If true then an msp identity that does not contain any of the specified OU will be considered invalid. 77 Enable bool 78 // OU Identifier of the clients. 79 ClientOUIdentifier OUIdentifier 80 // OU Identifier of the peers. 81 PeerOUIdentifier OUIdentifier 82 // OU Identifier of the admins. 83 AdminOUIdentifier OUIdentifier 84 // OU Identifier of the orderers. 85 OrdererOUIdentifier OUIdentifier 86 }