...

Package tcert

import "github.com/hyperledger/fabric-ca/lib/tcert"
Overview
Index

Overview ▾

Index ▾

Package files

api.go keytree.go tcert.go util.go

Constants

const (
    // AESKeyLength is the default AES key length
    AESKeyLength = 32
)

Variables

var (
    // TCertEncTCertIndex is the ASN1 object identifier of the TCert index.
    TCertEncTCertIndex = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 7}

    // TCertEncEnrollmentID is the ASN1 object identifier of the enrollment id.
    TCertEncEnrollmentID = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 8}

    // TCertAttributesHeaders is the ASN1 object identifier of attributes header.
    TCertAttributesHeaders = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 9}

    // Padding for encryption.
    Padding = []byte{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255}
)
var (
    //RootPreKeySize is the default value of root key
    RootPreKeySize = 48
)

func CBCDecrypt 

func CBCDecrypt(key, src []byte) ([]byte, error)

CBCDecrypt decrypts using CBC mode

func CBCEncrypt 

func CBCEncrypt(key, s []byte) ([]byte, error)

CBCEncrypt encrypts using CBC mode

func CBCPKCS7Decrypt 

func CBCPKCS7Decrypt(key, src []byte) ([]byte, error)

CBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding

func CBCPKCS7Encrypt 

func CBCPKCS7Encrypt(key, src []byte) ([]byte, error)

CBCPKCS7Encrypt combines CBC encryption and PKCS7 padding

func ConvertDERToPEM 

func ConvertDERToPEM(der []byte, datatype string) []byte

ConvertDERToPEM returns data from DER to PEM format DERData is DER

func CreateRootPreKey 

func CreateRootPreKey() string

CreateRootPreKey method generates root key

func GenNumber 

func GenNumber(numlen *big.Int) (*big.Int, error)

GenNumber generates random numbers of type *big.Int with fixed length

func GenerateBytesUUID 

func GenerateBytesUUID() ([]byte, error)

GenerateBytesUUID returns a UUID based on RFC 4122 returning the generated bytes

func GenerateIntUUID 

func GenerateIntUUID() (*big.Int, error)

GenerateIntUUID returns a UUID based on RFC 4122 returning a big.Int

func GetCertificate 

func GetCertificate(certificate []byte) (*x509.Certificate, error)

GetCertificate returns interface containing *rsa.PublicKey or ecdsa.PublicKey

func GetCertitificateSerialNumber 

func GetCertitificateSerialNumber(certificatebyte []byte) (*big.Int, error)

GetCertitificateSerialNumber returns serial number for Certificate byte return -1 , if there is problem with the cert

func GetEnrollmentIDFromCert 

func GetEnrollmentIDFromCert(ecert *x509.Certificate) string

GetEnrollmentIDFromCert retrieves Enrollment Id from certificate

func GetPrivateKey 

func GetPrivateKey(buf []byte) (interface{}, error)

GetPrivateKey returns ecdsa.PrivateKey or rsa.privateKey object for the private Key Bytes

func LoadCert 

func LoadCert(path string) (*x509.Certificate, error)

LoadCert loads a certificate from a file

func LoadKey 

func LoadKey(path string) (interface{}, error)

LoadKey loads a private key from a file

func PKCS7Padding 

func PKCS7Padding(src []byte) []byte

PKCS7Padding pads as prescribed by the PKCS7 standard

func PKCS7UnPadding 

func PKCS7UnPadding(src []byte) ([]byte, error)

PKCS7UnPadding unpads as prescribed by the PKCS7 standard

func ParsePrivateKey 

func ParsePrivateKey(der []byte) (interface{}, error)

ParsePrivateKey parses private key

func ValidateCert 

func ValidateCert(cert *x509.Certificate) bool

ValidateCert checks for expiry in the certificate cert Does not check for revocation

type GetTCertBatchRequest

GetTCertBatchRequest defines input to the GetBatch API 

type GetTCertBatchRequest struct {
    api.GetTCertBatchRequest
    Attrs []api.Attribute
}

type KeyTree

KeyTree is a tree of derived keys 

type KeyTree struct {
    // contains filtered or unexported fields
}

func NewKeyTree 

func NewKeyTree(bccspMgr bccsp.BCCSP, rootKey bccsp.Key) *KeyTree

NewKeyTree is the constructor for a key tree

func (*KeyTree) GetKey 

func (m *KeyTree) GetKey(path []string) (bccsp.Key, error)

GetKey returns a key associated with a specific path in the tree.

type Mgr

Mgr is the manager for the TCert library 

type Mgr struct {
    // CAKey is used for signing a certificate request
    CAKey interface{}
    // CACert is used for extracting CA data to associate with issued certificates
    CACert *x509.Certificate
    // ValidityPeriod is the duration that the issued certificate will be valid
    // unless the user requests a shorter validity period.
    // The default value is 1 year.
    ValidityPeriod time.Duration
    // MaxAllowedBatchSize is the maximum number of TCerts which can be requested at a time.
    // The default value is 1000.
    MaxAllowedBatchSize int
}

func LoadMgr 

func LoadMgr(caKeyFile, caCertFile string, myCSP bccsp.BCCSP) (*Mgr, error)

LoadMgr is the constructor for a TCert manager given key and certificate file names @parameter caKeyFile is the file name for the CA's key @parameter caCertFile is the file name for the CA's cert

func NewMgr 

func NewMgr(caKey interface{}, caCert *x509.Certificate) (*Mgr, error)

NewMgr is the constructor for a TCert manager given a key and an x509 certificate @parameter caKey is used for signing a certificate request @parameter caCert is used for extracting CA data to associate with issued certificates

func (*Mgr) GetBatch 

func (tm *Mgr) GetBatch(req *GetTCertBatchRequest, ecert *x509.Certificate) (*api.GetTCertBatchResponse, error)

GetBatch gets a batch of TCerts @parameter req Is the TCert batch request @parameter ecert Is the enrollment certificate of the caller