github.com/hxx258456/fabric-ca-gm@v0.0.3-0.20221111064038-a268ad7e3a37/internal/pkg/api/client.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package api 8 9 import ( 10 "time" 11 12 "github.com/hxx258456/cfssl-gm/csr" 13 "github.com/hxx258456/fabric-ca-gm/internal/pkg/util" 14 "github.com/hxx258456/fabric-gm/bccsp" 15 ) 16 17 // RegistrationRequest for a new identity 18 type RegistrationRequest struct { 19 // Name is the unique name of the identity 20 Name string `json:"id" help:"Unique name of the identity"` 21 // Type of identity being registered (e.g. "peer, app, user") 22 Type string `json:"type" def:"client" help:"Type of identity being registered (e.g. 'peer, app, user')"` 23 // Secret is an optional password. If not specified, 24 // a random secret is generated. In both cases, the secret 25 // is returned in the RegistrationResponse. 26 Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"` 27 // MaxEnrollments is the maximum number of times the secret can 28 // be reused to enroll. 29 MaxEnrollments int `json:"max_enrollments,omitempty" help:"The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)"` 30 // is returned in the response. 31 // The identity's affiliation. 32 // For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1". 33 Affiliation string `json:"affiliation" help:"The identity's affiliation"` 34 // Attributes associated with this identity 35 Attributes []Attribute `json:"attrs,omitempty"` 36 // CAName is the name of the CA to connect to 37 CAName string `json:"caname,omitempty" skip:"true"` 38 } 39 40 func (rr *RegistrationRequest) String() string { 41 return util.StructToString(rr) 42 } 43 44 // RegistrationResponse is a registration response 45 type RegistrationResponse struct { 46 // The secret returned from a successful registration response 47 Secret string `json:"secret"` 48 } 49 50 // EnrollmentRequest is a request to enroll an identity 51 type EnrollmentRequest struct { 52 // The identity name to enroll 53 Name string `json:"name" skip:"true"` 54 // The secret returned via Register 55 Secret string `json:"secret,omitempty" skip:"true" mask:"password"` 56 // CAName is the name of the CA to connect to 57 CAName string `json:"caname,omitempty" skip:"true"` 58 // AttrReqs are requests for attributes to add to the certificate. 59 // Each attribute is added only if the requestor owns the attribute. 60 AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` 61 // Profile is the name of the signing profile to use in issuing the X509 certificate 62 Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"` 63 // Label is the label to use in HSM operations 64 Label string `json:"label,omitempty" help:"Label to use in HSM operations"` 65 // CSR is Certificate Signing Request info 66 CSR *CSRInfo `json:"csr,omitempty" skip:"true"` // Skipping this because we pull the CSR from the CSR flags 67 // The type of the enrollment request: x509 or idemix 68 // The default is a request for an X509 enrollment certificate 69 Type string `def:"x509" help:"The type of enrollment request: 'x509' or 'idemix'"` 70 } 71 72 func (er EnrollmentRequest) String() string { 73 return util.StructToString(&er) 74 } 75 76 // ReenrollmentRequest is a request to reenroll an identity. 77 // This is useful to renew a certificate before it has expired. 78 type ReenrollmentRequest struct { 79 // Profile is the name of the signing profile to use in issuing the certificate 80 Profile string `json:"profile,omitempty"` 81 // Label is the label to use in HSM operations 82 Label string `json:"label,omitempty"` 83 // CSR is Certificate Signing Request info 84 CSR *CSRInfo `json:"csr,omitempty"` 85 // CAName is the name of the CA to connect to 86 CAName string `json:"caname,omitempty" skip:"true"` 87 // AttrReqs are requests for attributes to add to the certificate. 88 // Each attribute is added only if the requestor owns the attribute. 89 AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` 90 } 91 92 // RevocationRequest is a revocation request for a single certificate or all certificates 93 // associated with an identity. 94 // To revoke a single certificate, both the Serial and AKI fields must be set; 95 // otherwise, to revoke all certificates and the identity associated with an enrollment ID, 96 // the Name field must be set to an existing enrollment ID. 97 // A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute. 98 type RevocationRequest struct { 99 // Name of the identity whose certificates should be revoked 100 // If this field is omitted, then Serial and AKI must be specified. 101 Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"` 102 // Serial number of the certificate to be revoked 103 // If this is omitted, then Name must be specified 104 Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"` 105 // AKI (Authority Key Identifier) of the certificate to be revoked 106 AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"` 107 // Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for 108 // valid values. The default value is 0 (ocsp.Unspecified). 109 Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"` 110 // CAName is the name of the CA to connect to 111 CAName string `json:"caname,omitempty" skip:"true"` 112 // GenCRL specifies whether to generate a CRL 113 GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"` 114 } 115 116 // RevocationResponse represents response from the server for a revocation request 117 type RevocationResponse struct { 118 // RevokedCerts is an array of certificates that were revoked 119 RevokedCerts []RevokedCert 120 // CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates 121 CRL []byte 122 } 123 124 // RevokedCert represents a revoked certificate 125 type RevokedCert struct { 126 // Serial number of the revoked certificate 127 Serial string 128 // AKI of the revoked certificate 129 AKI string 130 } 131 132 // GetCAInfoRequest is request to get generic CA information 133 type GetCAInfoRequest struct { 134 CAName string `json:"caname,omitempty" skip:"true"` 135 } 136 137 // GenCRLRequest represents a request to get CRL for the specified certificate authority 138 type GenCRLRequest struct { 139 CAName string `json:"caname,omitempty" skip:"true"` 140 RevokedAfter time.Time `json:"revokedafter,omitempty"` 141 RevokedBefore time.Time `json:"revokedbefore,omitempty"` 142 ExpireAfter time.Time `json:"expireafter,omitempty"` 143 ExpireBefore time.Time `json:"expirebefore,omitempty"` 144 } 145 146 // GenCRLResponse represents a response to get CRL 147 type GenCRLResponse struct { 148 // CRL is PEM-encoded certificate revocation list (CRL) that contains requested unexpired revoked certificates 149 CRL []byte 150 } 151 152 // GetCRIRequest is a request to send to server to get Idemix credential revocation information 153 type GetCRIRequest struct { 154 CAName string `json:"caname,omitempty" skip:"true"` 155 } 156 157 // GetCRIResponse is the response from the server for get CRI request 158 type GetCRIResponse struct { 159 // CRI is base64 encoded proto bytes of idemix.CredentialRevocationInformation 160 CRI string 161 } 162 163 // AddIdentityRequest represents the request to add a new identity to the 164 // fabric-ca-server 165 type AddIdentityRequest struct { 166 ID string `json:"id" skip:"true"` 167 Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"` 168 Affiliation string `json:"affiliation" help:"The identity's affiliation"` 169 Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` 170 MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)"` 171 // Secret is an optional password. If not specified, 172 // a random secret is generated. In both cases, the secret 173 // is returned in the RegistrationResponse. 174 Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being added"` 175 CAName string `json:"caname,omitempty" skip:"true"` 176 } 177 178 // ModifyIdentityRequest represents the request to modify an existing identity on the 179 // fabric-ca-server 180 type ModifyIdentityRequest struct { 181 ID string `skip:"true"` 182 Type string `json:"type" help:"Type of identity being registered (e.g. 'peer, app, user')"` 183 Affiliation string `json:"affiliation" help:"The identity's affiliation"` 184 Attributes []Attribute `mapstructure:"attrs" json:"attrs"` 185 MaxEnrollments int `mapstructure:"max_enrollments" json:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll"` 186 Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity"` 187 CAName string `json:"caname,omitempty" skip:"true"` 188 } 189 190 // RemoveIdentityRequest represents the request to remove an existing identity from the 191 // fabric-ca-server 192 type RemoveIdentityRequest struct { 193 ID string `skip:"true"` 194 Force bool `json:"force"` 195 CAName string `json:"caname,omitempty" skip:"true"` 196 } 197 198 // GetIDResponse is the response from the GetIdentity call 199 type GetIDResponse struct { 200 ID string `json:"id" skip:"true"` 201 Type string `json:"type" def:"user"` 202 Affiliation string `json:"affiliation"` 203 Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` 204 MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` 205 CAName string `json:"caname,omitempty"` 206 } 207 208 // GetAllIDsResponse is the response from the GetAllIdentities call 209 type GetAllIDsResponse struct { 210 Identities []IdentityInfo `json:"identities"` 211 CAName string `json:"caname,omitempty"` 212 } 213 214 // IdentityResponse is the response from the any add/modify/remove identity call 215 type IdentityResponse struct { 216 ID string `json:"id" skip:"true"` 217 Type string `json:"type,omitempty"` 218 Affiliation string `json:"affiliation"` 219 Attributes []Attribute `json:"attrs,omitempty" mapstructure:"attrs"` 220 MaxEnrollments int `json:"max_enrollments,omitempty" mapstructure:"max_enrollments"` 221 Secret string `json:"secret,omitempty"` 222 CAName string `json:"caname,omitempty"` 223 } 224 225 // IdentityInfo contains information about an identity 226 type IdentityInfo struct { 227 ID string `json:"id"` 228 Type string `json:"type"` 229 Affiliation string `json:"affiliation"` 230 Attributes []Attribute `json:"attrs" mapstructure:"attrs"` 231 MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` 232 } 233 234 // AddAffiliationRequest represents the request to add a new affiliation to the 235 // fabric-ca-server 236 type AddAffiliationRequest struct { 237 Name string `json:"name"` 238 Force bool `json:"force"` 239 CAName string `json:"caname,omitempty"` 240 } 241 242 // ModifyAffiliationRequest represents the request to modify an existing affiliation on the 243 // fabric-ca-server 244 type ModifyAffiliationRequest struct { 245 Name string 246 NewName string `json:"name"` 247 Force bool `json:"force"` 248 CAName string `json:"caname,omitempty"` 249 } 250 251 // RemoveAffiliationRequest represents the request to remove an existing affiliation from the 252 // fabric-ca-server 253 type RemoveAffiliationRequest struct { 254 Name string 255 Force bool `json:"force"` 256 CAName string `json:"caname,omitempty"` 257 } 258 259 // AffiliationResponse contains the response for get, add, modify, and remove an affiliation 260 type AffiliationResponse struct { 261 AffiliationInfo `mapstructure:",squash"` 262 CAName string `json:"caname,omitempty"` 263 } 264 265 // AffiliationInfo contains the affiliation name, child affiliation info, and identities 266 // associated with this affiliation. 267 type AffiliationInfo struct { 268 Name string `json:"name"` 269 Affiliations []AffiliationInfo `json:"affiliations,omitempty"` 270 Identities []IdentityInfo `json:"identities,omitempty"` 271 } 272 273 // CSRInfo is Certificate Signing Request (CSR) Information 274 type CSRInfo struct { 275 CN string `json:"CN"` 276 Names []csr.Name `json:"names,omitempty"` 277 Hosts []string `json:"hosts,omitempty"` 278 KeyRequest *KeyRequest `json:"key,omitempty"` 279 CA *csr.CAConfig `json:"ca,omitempty" hide:"true"` 280 SerialNumber string `json:"serial_number,omitempty"` 281 } 282 283 // GetCertificatesRequest represents the request to get certificates from the server 284 // per the enrollment ID and/or AKI and Serial. If neither ID or AKI/Serial are 285 // provided all certificates are returned which are in or under the caller's affiliation. 286 // By default all certificates are returned. However, only revoked and/or expired 287 // certificates can be requested by providing a time range. 288 type GetCertificatesRequest struct { 289 ID string `skip:"true"` // Get certificates for this enrollment ID 290 AKI string `help:"Get certificates for this AKI"` // Get certificate that matches this AKI 291 Serial string `help:"Get certificates for this serial number"` // Get certificate that matches this serial 292 Revoked TimeRange `skip:"true"` // Get certificates which were revoked between the specified time range 293 Expired TimeRange `skip:"true"` // Get certificates which expire between the specified time range 294 NotExpired bool `help:"Don't return expired certificates"` // Don't return expired certificates 295 NotRevoked bool `help:"Don't return revoked certificates"` // Don't return revoked certificates 296 CAName string `skip:"true"` // Name of CA to send request to within the server 297 } 298 299 // CertificateResponse contains the response from Get or Delete certificate request. 300 type CertificateResponse struct { 301 Certs []string `json:"certs"` 302 } 303 304 // TimeRange specifies a range of time 305 type TimeRange struct { 306 StartTime string 307 EndTime string 308 } 309 310 // KeyRequest encapsulates size and algorithm for the key to be generated. 311 // If ReuseKey is set, reenrollment requests will reuse the existing private 312 // key. 313 type KeyRequest struct { 314 Algo string `json:"algo" yaml:"algo" help:"Specify key algorithm"` 315 Size int `json:"size" yaml:"size" help:"Specify key size"` 316 ReuseKey bool `json:"reusekey" yaml:"reusekey" help:"Reuse existing key during reenrollment"` 317 } 318 319 // Attribute is a name and value pair 320 type Attribute struct { 321 Name string `json:"name"` 322 Value string `json:"value"` 323 ECert bool `json:"ecert,omitempty"` 324 } 325 326 // GetName returns the name of the attribute 327 func (a *Attribute) GetName() string { 328 return a.Name 329 } 330 331 // GetValue returns the value of the attribute 332 func (a *Attribute) GetValue() string { 333 return a.Value 334 } 335 336 // AttributeRequest is a request for an attribute. 337 // This implements the certmgr/AttributeRequest interface. 338 type AttributeRequest struct { 339 Name string `json:"name"` 340 Optional bool `json:"optional,omitempty"` 341 } 342 343 // GetName returns the name of an attribute being requested 344 func (ar *AttributeRequest) GetName() string { 345 return ar.Name 346 } 347 348 // IsRequired returns true if the attribute being requested is required 349 func (ar *AttributeRequest) IsRequired() bool { 350 return !ar.Optional 351 } 352 353 // NewKeyRequest returns the KeyRequest object that is constructed 354 // from the object returned by the csr.NewKeyRequest() function 355 func NewKeyRequest() *KeyRequest { 356 bkr := csr.NewKeyRequest() 357 return &KeyRequest{Algo: bkr.A, Size: bkr.S} 358 } 359 360 // TODO 添加NewKeyRequest的国密版本 361 func NewGMKeyRequest() *KeyRequest { 362 bkr := &csr.KeyRequest{A: bccsp.SM2, S: 256} 363 return &KeyRequest{Algo: bkr.A, Size: bkr.S} 364 }