github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/lib/caconfig.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package lib 18 19 import ( 20 "time" 21 22 "github.com/cloudflare/cfssl/config" 23 "github.com/hyperledger/fabric-ca/api" 24 "github.com/hyperledger/fabric-ca/lib/dbutil" 25 "github.com/hyperledger/fabric-ca/lib/ldap" 26 "github.com/hyperledger/fabric-ca/lib/tls" 27 "github.com/hyperledger/fabric-ca/util" 28 "github.com/hyperledger/fabric/bccsp/factory" 29 ) 30 31 const ( 32 // defaultCACfgTemplate is the a CA's default configuration file template 33 defaultCACfgTemplate = ` 34 ############################################################################# 35 # This file contains information specific to a single Certificate Authority (CA). 36 # A single fabric-ca-server can service multiple CAs. The server's configuration 37 # file contains configuration information for the default CA, and each of these 38 # CA-specific files define configuration settings for a non-default CA. 39 # 40 # The only required configuration item in each CA-specific file is a unique 41 # CA name (see "ca.name" below). Each CA name in the same fabric-ca-server 42 # must be unique. All other configuration settings needed for this CA are 43 # taken from the default CA settings, or you may override those settings by 44 # adding the setting to this file. 45 # 46 # For example, you should provide a different username and password for the 47 # bootstrap identity as found in the "identities" subsection of the "registry" 48 # section. 49 # 50 # See the server's configuration file for comments on all settings. 51 # All settings pertaining to the server's listening endpoint are by definition 52 # server-specific and so will be ignored in a CA configuration file. 53 ############################################################################# 54 ca: 55 # Name of this CA 56 name: <<<CANAME>>> 57 # The CA certificate file 58 certfile: ca-cert.pem 59 # The CA key file 60 keyfile: ca-key.pem 61 62 ############################################################################# 63 # Database section 64 # Supported types are: "sqlite3", "postgres", and "mysql". 65 # The datasource value depends on the type. 66 # If the type is "sqlite3", the datasource value is a file name to use 67 # as the database store. Since "sqlite3" is an embedded database, it 68 # may not be used if you want to run the fabric-ca-server in a cluster. 69 # To run the fabric-ca-server in a cluster, you must choose "postgres" 70 # or "mysql". 71 ############################################################################# 72 db: 73 datasource: <<<DATASOURCE>>> 74 75 ########################################################################### 76 # Certificate Signing Request section for generating the CA certificate 77 ########################################################################### 78 csr: 79 cn: <<<COMMONNAME>>> 80 ` 81 ) 82 83 // CAConfig is the CA instance's config 84 // The tags are recognized by the RegisterFlags function in fabric-ca/lib/util.go 85 // and are as follows: 86 // "def" - the default value of the field; 87 // "opt" - the optional one character short name to use on the command line; 88 // "help" - the help message to display on the command line; 89 // "skip" - to skip the field. 90 type CAConfig struct { 91 Version string `skip:"true"` 92 Cfg cfgOptions 93 CA CAInfo 94 Signing *config.Signing 95 CSR api.CSRInfo 96 Registry CAConfigRegistry 97 Affiliations map[string]interface{} 98 LDAP ldap.Config 99 DB CAConfigDB 100 CSP *factory.FactoryOpts `mapstructure:"bccsp"` 101 // Optional client config for an intermediate server which acts as a client 102 // of the root (or parent) server 103 Client *ClientConfig 104 Intermediate IntermediateCA 105 CRL CRLConfig 106 } 107 108 // cfgOptions is a CA configuration that allows for setting different options 109 type cfgOptions struct { 110 Identities identitiesOptions 111 Affiliations affiliationsOptions 112 } 113 114 // identitiesOptions are options that are related to identities 115 type identitiesOptions struct { 116 AllowRemove bool `help:"Enables removal of identities dynamically"` 117 } 118 119 // affiliationsOptions are options that are related to affiliations 120 type affiliationsOptions struct { 121 AllowRemove bool `help:"Enables removal of affiliations dynamically"` 122 } 123 124 // CAInfo is the CA information on a fabric-ca-server 125 type CAInfo struct { 126 Name string `opt:"n" help:"Certificate Authority name"` 127 Keyfile string `help:"PEM-encoded CA key file"` 128 Certfile string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"` 129 Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"` 130 } 131 132 // CAConfigDB is the database part of the server's config 133 type CAConfigDB struct { 134 Type string `def:"sqlite3" help:"Type of database; one of: sqlite3, postgres, mysql"` 135 Datasource string `def:"fabric-ca-server.db" help:"Data source which is database specific"` 136 TLS tls.ClientTLSConfig 137 } 138 139 // Implements Stringer interface for CAConfigDB 140 // Calls util.StructToString to convert the CAConfigDB struct to 141 // string and masks the password from the database URL. Returns 142 // resulting string. 143 func (c CAConfigDB) String() string { 144 str := util.StructToString(&c) 145 return dbutil.MaskDBCred(str) 146 } 147 148 // CAConfigRegistry is the registry part of the server's config 149 type CAConfigRegistry struct { 150 MaxEnrollments int `def:"-1" help:"Maximum number of enrollments; valid if LDAP not enabled"` 151 Identities []CAConfigIdentity 152 } 153 154 // CAConfigIdentity is identity information in the server's config 155 type CAConfigIdentity struct { 156 Name string `mask:"username"` 157 Pass string `mask:"password"` 158 Type string 159 Affiliation string 160 MaxEnrollments int 161 Attrs map[string]string 162 } 163 164 // ParentServer contains URL for the parent server and the name of CA inside 165 // the server to connect to 166 type ParentServer struct { 167 URL string `opt:"u" help:"URL of the parent fabric-ca-server (e.g. http://<username>:<password>@<address>:<port)" mask:"url"` 168 CAName string `help:"Name of the CA to connect to on fabric-ca-server"` 169 } 170 171 // IntermediateCA contains parent server information, TLS configuration, and 172 // enrollment request for an intermetiate CA 173 type IntermediateCA struct { 174 ParentServer ParentServer 175 TLS tls.ClientTLSConfig 176 Enrollment api.EnrollmentRequest 177 } 178 179 // CRLConfig contains configuration options used by the gencrl request handler 180 type CRLConfig struct { 181 // Specifies expiration for the CRL generated by the gencrl request 182 // The number of hours specified by this property is added to the UTC time, resulting time 183 // is used to set the 'Next Update' date of the CRL 184 Expiry time.Duration `def:"24h" help:"Expiration for the CRL generated by the gencrl request"` 185 } 186 187 func (cc CAConfigIdentity) String() string { 188 return util.StructToString(&cc) 189 } 190 191 func (parent ParentServer) String() string { 192 return util.StructToString(&parent) 193 }