github.com/hyperledger/fabric-ca@v2.0.0-alpha.0.20201120210307-7b4f34729db1+incompatible/internal/pkg/api/client.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package api 8 9 import ( 10 "time" 11 12 "github.com/cloudflare/cfssl/csr" 13 "github.com/hyperledger/fabric-ca/internal/pkg/util" 14 ) 15 16 // RegistrationRequest for a new identity 17 type RegistrationRequest struct { 18 // Name is the unique name of the identity 19 Name string `json:"id" help:"Unique name of the identity"` 20 // Type of identity being registered (e.g. "peer, app, user") 21 Type string `json:"type" def:"client" help:"Type of identity being registered (e.g. 'peer, app, user')"` 22 // Secret is an optional password. If not specified, 23 // a random secret is generated. In both cases, the secret 24 // is returned in the RegistrationResponse. 25 Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being registered"` 26 // MaxEnrollments is the maximum number of times the secret can 27 // be reused to enroll. 28 MaxEnrollments int `json:"max_enrollments,omitempty" help:"The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)"` 29 // is returned in the response. 30 // The identity's affiliation. 31 // For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1". 32 Affiliation string `json:"affiliation" help:"The identity's affiliation"` 33 // Attributes associated with this identity 34 Attributes []Attribute `json:"attrs,omitempty"` 35 // CAName is the name of the CA to connect to 36 CAName string `json:"caname,omitempty" skip:"true"` 37 } 38 39 func (rr *RegistrationRequest) String() string { 40 return util.StructToString(rr) 41 } 42 43 // RegistrationResponse is a registration response 44 type RegistrationResponse struct { 45 // The secret returned from a successful registration response 46 Secret string `json:"secret"` 47 } 48 49 // EnrollmentRequest is a request to enroll an identity 50 type EnrollmentRequest struct { 51 // The identity name to enroll 52 Name string `json:"name" skip:"true"` 53 // The secret returned via Register 54 Secret string `json:"secret,omitempty" skip:"true" mask:"password"` 55 // CAName is the name of the CA to connect to 56 CAName string `json:"caname,omitempty" skip:"true"` 57 // AttrReqs are requests for attributes to add to the certificate. 58 // Each attribute is added only if the requestor owns the attribute. 59 AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` 60 // Profile is the name of the signing profile to use in issuing the X509 certificate 61 Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"` 62 // Label is the label to use in HSM operations 63 Label string `json:"label,omitempty" help:"Label to use in HSM operations"` 64 // CSR is Certificate Signing Request info 65 CSR *CSRInfo `json:"csr,omitempty" skip:"true"` // Skipping this because we pull the CSR from the CSR flags 66 // The type of the enrollment request: x509 or idemix 67 // The default is a request for an X509 enrollment certificate 68 Type string `def:"x509" help:"The type of enrollment request: 'x509' or 'idemix'"` 69 } 70 71 func (er EnrollmentRequest) String() string { 72 return util.StructToString(&er) 73 } 74 75 // ReenrollmentRequest is a request to reenroll an identity. 76 // This is useful to renew a certificate before it has expired. 77 type ReenrollmentRequest struct { 78 // Profile is the name of the signing profile to use in issuing the certificate 79 Profile string `json:"profile,omitempty"` 80 // Label is the label to use in HSM operations 81 Label string `json:"label,omitempty"` 82 // CSR is Certificate Signing Request info 83 CSR *CSRInfo `json:"csr,omitempty"` 84 // CAName is the name of the CA to connect to 85 CAName string `json:"caname,omitempty" skip:"true"` 86 // AttrReqs are requests for attributes to add to the certificate. 87 // Each attribute is added only if the requestor owns the attribute. 88 AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"` 89 } 90 91 // RevocationRequest is a revocation request for a single certificate or all certificates 92 // associated with an identity. 93 // To revoke a single certificate, both the Serial and AKI fields must be set; 94 // otherwise, to revoke all certificates and the identity associated with an enrollment ID, 95 // the Name field must be set to an existing enrollment ID. 96 // A RevocationRequest can only be performed by a user with the "hf.Revoker" attribute. 97 type RevocationRequest struct { 98 // Name of the identity whose certificates should be revoked 99 // If this field is omitted, then Serial and AKI must be specified. 100 Name string `json:"id,omitempty" opt:"e" help:"Identity whose certificates should be revoked"` 101 // Serial number of the certificate to be revoked 102 // If this is omitted, then Name must be specified 103 Serial string `json:"serial,omitempty" opt:"s" help:"Serial number of the certificate to be revoked"` 104 // AKI (Authority Key Identifier) of the certificate to be revoked 105 AKI string `json:"aki,omitempty" opt:"a" help:"AKI (Authority Key Identifier) of the certificate to be revoked"` 106 // Reason is the reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for 107 // valid values. The default value is 0 (ocsp.Unspecified). 108 Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"` 109 // CAName is the name of the CA to connect to 110 CAName string `json:"caname,omitempty" skip:"true"` 111 // GenCRL specifies whether to generate a CRL 112 GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"` 113 } 114 115 // RevocationResponse represents response from the server for a revocation request 116 type RevocationResponse struct { 117 // RevokedCerts is an array of certificates that were revoked 118 RevokedCerts []RevokedCert 119 // CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates 120 CRL []byte 121 } 122 123 // RevokedCert represents a revoked certificate 124 type RevokedCert struct { 125 // Serial number of the revoked certificate 126 Serial string 127 // AKI of the revoked certificate 128 AKI string 129 } 130 131 // GetCAInfoRequest is request to get generic CA information 132 type GetCAInfoRequest struct { 133 CAName string `json:"caname,omitempty" skip:"true"` 134 } 135 136 // GenCRLRequest represents a request to get CRL for the specified certificate authority 137 type GenCRLRequest struct { 138 CAName string `json:"caname,omitempty" skip:"true"` 139 RevokedAfter time.Time `json:"revokedafter,omitempty"` 140 RevokedBefore time.Time `json:"revokedbefore,omitempty"` 141 ExpireAfter time.Time `json:"expireafter,omitempty"` 142 ExpireBefore time.Time `json:"expirebefore,omitempty"` 143 } 144 145 // GenCRLResponse represents a response to get CRL 146 type GenCRLResponse struct { 147 // CRL is PEM-encoded certificate revocation list (CRL) that contains requested unexpired revoked certificates 148 CRL []byte 149 } 150 151 // GetCRIRequest is a request to send to server to get Idemix credential revocation information 152 type GetCRIRequest struct { 153 CAName string `json:"caname,omitempty" skip:"true"` 154 } 155 156 // GetCRIResponse is the response from the server for get CRI request 157 type GetCRIResponse struct { 158 // CRI is base64 encoded proto bytes of idemix.CredentialRevocationInformation 159 CRI string 160 } 161 162 // AddIdentityRequest represents the request to add a new identity to the 163 // fabric-ca-server 164 type AddIdentityRequest struct { 165 ID string `json:"id" skip:"true"` 166 Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"` 167 Affiliation string `json:"affiliation" help:"The identity's affiliation"` 168 Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` 169 MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)"` 170 // Secret is an optional password. If not specified, 171 // a random secret is generated. In both cases, the secret 172 // is returned in the RegistrationResponse. 173 Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being added"` 174 CAName string `json:"caname,omitempty" skip:"true"` 175 } 176 177 // ModifyIdentityRequest represents the request to modify an existing identity on the 178 // fabric-ca-server 179 type ModifyIdentityRequest struct { 180 ID string `skip:"true"` 181 Type string `json:"type" help:"Type of identity being registered (e.g. 'peer, app, user')"` 182 Affiliation string `json:"affiliation" help:"The identity's affiliation"` 183 Attributes []Attribute `mapstructure:"attrs" json:"attrs"` 184 MaxEnrollments int `mapstructure:"max_enrollments" json:"max_enrollments" help:"The maximum number of times the secret can be reused to enroll"` 185 Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity"` 186 CAName string `json:"caname,omitempty" skip:"true"` 187 } 188 189 // RemoveIdentityRequest represents the request to remove an existing identity from the 190 // fabric-ca-server 191 type RemoveIdentityRequest struct { 192 ID string `skip:"true"` 193 Force bool `json:"force"` 194 CAName string `json:"caname,omitempty" skip:"true"` 195 } 196 197 // GetIDResponse is the response from the GetIdentity call 198 type GetIDResponse struct { 199 ID string `json:"id" skip:"true"` 200 Type string `json:"type" def:"user"` 201 Affiliation string `json:"affiliation"` 202 Attributes []Attribute `json:"attrs" mapstructure:"attrs" ` 203 MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` 204 CAName string `json:"caname,omitempty"` 205 } 206 207 // GetAllIDsResponse is the response from the GetAllIdentities call 208 type GetAllIDsResponse struct { 209 Identities []IdentityInfo `json:"identities"` 210 CAName string `json:"caname,omitempty"` 211 } 212 213 // IdentityResponse is the response from the any add/modify/remove identity call 214 type IdentityResponse struct { 215 ID string `json:"id" skip:"true"` 216 Type string `json:"type,omitempty"` 217 Affiliation string `json:"affiliation"` 218 Attributes []Attribute `json:"attrs,omitempty" mapstructure:"attrs"` 219 MaxEnrollments int `json:"max_enrollments,omitempty" mapstructure:"max_enrollments"` 220 Secret string `json:"secret,omitempty"` 221 CAName string `json:"caname,omitempty"` 222 } 223 224 // IdentityInfo contains information about an identity 225 type IdentityInfo struct { 226 ID string `json:"id"` 227 Type string `json:"type"` 228 Affiliation string `json:"affiliation"` 229 Attributes []Attribute `json:"attrs" mapstructure:"attrs"` 230 MaxEnrollments int `json:"max_enrollments" mapstructure:"max_enrollments"` 231 } 232 233 // AddAffiliationRequest represents the request to add a new affiliation to the 234 // fabric-ca-server 235 type AddAffiliationRequest struct { 236 Name string `json:"name"` 237 Force bool `json:"force"` 238 CAName string `json:"caname,omitempty"` 239 } 240 241 // ModifyAffiliationRequest represents the request to modify an existing affiliation on the 242 // fabric-ca-server 243 type ModifyAffiliationRequest struct { 244 Name string 245 NewName string `json:"name"` 246 Force bool `json:"force"` 247 CAName string `json:"caname,omitempty"` 248 } 249 250 // RemoveAffiliationRequest represents the request to remove an existing affiliation from the 251 // fabric-ca-server 252 type RemoveAffiliationRequest struct { 253 Name string 254 Force bool `json:"force"` 255 CAName string `json:"caname,omitempty"` 256 } 257 258 // AffiliationResponse contains the response for get, add, modify, and remove an affiliation 259 type AffiliationResponse struct { 260 AffiliationInfo `mapstructure:",squash"` 261 CAName string `json:"caname,omitempty"` 262 } 263 264 // AffiliationInfo contains the affiliation name, child affiliation info, and identities 265 // associated with this affiliation. 266 type AffiliationInfo struct { 267 Name string `json:"name"` 268 Affiliations []AffiliationInfo `json:"affiliations,omitempty"` 269 Identities []IdentityInfo `json:"identities,omitempty"` 270 } 271 272 // CSRInfo is Certificate Signing Request (CSR) Information 273 type CSRInfo struct { 274 CN string `json:"CN"` 275 Names []csr.Name `json:"names,omitempty"` 276 Hosts []string `json:"hosts,omitempty"` 277 KeyRequest *KeyRequest `json:"key,omitempty"` 278 CA *csr.CAConfig `json:"ca,omitempty" hide:"true"` 279 SerialNumber string `json:"serial_number,omitempty"` 280 } 281 282 // GetCertificatesRequest represents the request to get certificates from the server 283 // per the enrollment ID and/or AKI and Serial. If neither ID or AKI/Serial are 284 // provided all certificates are returned which are in or under the caller's affiliation. 285 // By default all certificates are returned. However, only revoked and/or expired 286 // certificates can be requested by providing a time range. 287 type GetCertificatesRequest struct { 288 ID string `skip:"true"` // Get certificates for this enrollment ID 289 AKI string `help:"Get certificates for this AKI"` // Get certificate that matches this AKI 290 Serial string `help:"Get certificates for this serial number"` // Get certificate that matches this serial 291 Revoked TimeRange `skip:"true"` // Get certificates which were revoked between the specified time range 292 Expired TimeRange `skip:"true"` // Get certificates which expire between the specified time range 293 NotExpired bool `help:"Don't return expired certificates"` // Don't return expired certificates 294 NotRevoked bool `help:"Don't return revoked certificates"` // Don't return revoked certificates 295 CAName string `skip:"true"` // Name of CA to send request to within the server 296 } 297 298 // CertificateResponse contains the response from Get or Delete certificate request. 299 type CertificateResponse struct { 300 Certs []string `json:"certs"` 301 } 302 303 // TimeRange specifies a range of time 304 type TimeRange struct { 305 StartTime string 306 EndTime string 307 } 308 309 // KeyRequest encapsulates size and algorithm for the key to be generated. 310 // If ReuseKey is set, reenrollment requests will reuse the existing private 311 // key. 312 type KeyRequest struct { 313 Algo string `json:"algo" yaml:"algo" help:"Specify key algorithm"` 314 Size int `json:"size" yaml:"size" help:"Specify key size"` 315 ReuseKey bool `json:"reusekey" yaml:"reusekey" help:"Reuse existing key during reenrollment"` 316 } 317 318 // Attribute is a name and value pair 319 type Attribute struct { 320 Name string `json:"name"` 321 Value string `json:"value"` 322 ECert bool `json:"ecert,omitempty"` 323 } 324 325 // GetName returns the name of the attribute 326 func (a *Attribute) GetName() string { 327 return a.Name 328 } 329 330 // GetValue returns the value of the attribute 331 func (a *Attribute) GetValue() string { 332 return a.Value 333 } 334 335 // AttributeRequest is a request for an attribute. 336 // This implements the certmgr/AttributeRequest interface. 337 type AttributeRequest struct { 338 Name string `json:"name"` 339 Optional bool `json:"optional,omitempty"` 340 } 341 342 // GetName returns the name of an attribute being requested 343 func (ar *AttributeRequest) GetName() string { 344 return ar.Name 345 } 346 347 // IsRequired returns true if the attribute being requested is required 348 func (ar *AttributeRequest) IsRequired() bool { 349 return !ar.Optional 350 } 351 352 // NewKeyRequest returns the KeyRequest object that is constructed 353 // from the object returned by the csr.NewKeyRequest() function 354 func NewKeyRequest() *KeyRequest { 355 bkr := csr.NewKeyRequest() 356 return &KeyRequest{Algo: bkr.A, Size: bkr.S} 357 }