一. pkg/client/msp 包msp支持在Fabric网络上创建和更新用户。 Msp客户端支持以下操作:Enroll,Reenroll,Register,Revoke和GetSigningIdentity。
- 基本流程:
1)准备客户端上下文
2)创建msp客户端
3)注册用户
4)注册用户
View Code1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 username := randomUsername() 11 12 enrollmentSecret, err := c.Register(&RegistrationRequest{Name: username}) 13 if err != nil { 14 fmt.Printf("Register return error %s ", err) 15 return 16 } 17 18 err = c.Enroll(username, WithSecret(enrollmentSecret)) 19 if err != nil { 20 fmt.Printf("failed to enroll user: %s ", err) 21 return 22 } 23 fmt.Println("enroll user is completed")
输出:enroll user is completed
- 变量:
var ( // ErrUserNotFound表示找不到用户 ErrUserNotFound = errors.New("user not found") ) - 类型Attribute:
type Attribute struct { Name string Value string ECert bool }: Attribute定义了在注册期间可以传递的其他属性 - 类型AttributeRequest:
type AttributeRequest struct { Name string Optional bool }: AttributeRequest是对attribute的请求。 - 类型Client:
type Client struct { // contains filtered or unexported fields }: 客户端可以访问客户端服务-
func New(clientProvider context.ClientProvider, opts ...ClientOption) (*Client, error): New创建一个新的Client实例
- 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 if c != nil { 11 fmt.Println("msp client created") 12 }
输出:msp client created
- 例:
-
func (c *Client) CreateIdentity(request *IdentityRequest) (*IdentityResponse, error): CreateIdentity使用Fabric CA服务器创建新标识。 返回登记密码,然后可以与登记ID一起使用以登记新身份。
- 参数:
请求包含有关身份的信息
返回:
返回包含秘密的身份信息 - 例:
View Code
1 // Create msp client 2 c, err := New(mockClientProvider()) 3 if err != nil { 4 fmt.Println("failed to create msp client") 5 return 6 } 7 8 identity, err := c.CreateIdentity(&IdentityRequest{ID: "123", Affiliation: "org2", 9 Attributes: []Attribute{{Name: "attName1", Value: "attValue1"}}}) 10 if err != nil { 11 fmt.Printf("Create identity return error %s ", err) 12 return 13 } 14 fmt.Printf("identity '%s' created ", identity.ID)
输出:identity '123' created
- 参数:
-
func (c *Client) CreateSigningIdentity(opts ...mspctx.SigningIdentityOption) (mspctx.SigningIdentity, error): CreateSigningIdentity使用给定选项创建签名标识
- 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 testPrivKey := `-----BEGIN PRIVATE KEY----- 11 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgp4qKKB0WCEfx7XiB 12 5Ul+GpjM1P5rqc6RhjD5OkTgl5OhRANCAATyFT0voXX7cA4PPtNstWleaTpwjvbS 13 J3+tMGTG67f+TdCfDxWYMpQYxLlE8VkbEzKWDwCYvDZRMKCQfv2ErNvb 14 -----END PRIVATE KEY-----` 15 16 testCert := `-----BEGIN CERTIFICATE----- 17 MIICGTCCAcCgAwIBAgIRALR/1GXtEud5GQL2CZykkOkwCgYIKoZIzj0EAwIwczEL 18 MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG 19 cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh 20 Lm9yZzEuZXhhbXBsZS5jb20wHhcNMTcwNzI4MTQyNzIwWhcNMjcwNzI2MTQyNzIw 21 WjBbMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN 22 U2FuIEZyYW5jaXNjbzEfMB0GA1UEAwwWVXNlcjFAb3JnMS5leGFtcGxlLmNvbTBZ 23 MBMGByqGSM49AgEGCCqGSM49AwEHA0IABPIVPS+hdftwDg8+02y1aV5pOnCO9tIn 24 f60wZMbrt/5N0J8PFZgylBjEuUTxWRsTMpYPAJi8NlEwoJB+/YSs29ujTTBLMA4G 25 A1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1UdIwQkMCKAIIeR0TY+iVFf 26 mvoEKwaToscEu43ZXSj5fTVJornjxDUtMAoGCCqGSM49BAMCA0cAMEQCID+dZ7H5 27 AiaiI2BjxnL3/TetJ8iFJYZyWvK//an13WV/AiARBJd/pI5A7KZgQxJhXmmR8bie 28 XdsmTcdRvJ3TS/6HCA== 29 -----END CERTIFICATE-----` 30 31 // Create signing identity based on certificate and private key 32 id, err := c.CreateSigningIdentity(msp.WithCert([]byte(testCert)), msp.WithPrivateKey([]byte(testPrivKey))) 33 if err != nil { 34 fmt.Printf("failed when creating identity based on certificate and private key: %s ", err) 35 return 36 } 37 if string(id.EnrollmentCertificate()) != testCert { 38 fmt.Printf("certificate mismatch ") 39 return 40 } 41 42 // In this user case client might want to import keys directly into keystore 43 // out of band instead of enrolling the user via SDK. User enrolment creates a cert 44 // and stores it into local SDK user store, while user might not want SDK to manage certs. 45 err = importPrivateKeyOutOfBand([]byte(testPrivKey), c) 46 if err != nil { 47 fmt.Printf("failed to import key: %s ", err) 48 return 49 } 50 51 // Create signing identity using certificate. SDK will lookup the private key based on the certificate. 52 id, err = c.CreateSigningIdentity(msp.WithCert([]byte(testCert))) 53 if err != nil { 54 fmt.Printf("failed when creating identity using certificate: %s ", err) 55 return 56 } 57 if string(id.EnrollmentCertificate()) != testCert { 58 fmt.Printf("certificate mismatch ") 59 return 60 } 61 62 fmt.Println("create signing identity is completed")
输出:create signing identity is completed
- 例:
-
func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error: 注册注册用户以便接收签名的X509证书。为用户生成新的密钥对。由CA颁发的私钥和注册证书存储在SDK存储库中。可以通过调用IdentityManager.GetSigningIdentity()来检索它们。
- 参数:
enrollmentID注册用户的注册ID
opts是可选的注册选项返回:
如果注册失败,则会出错 - 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret")) 11 if err != nil { 12 fmt.Printf("failed to enroll user: %s ", err) 13 return 14 } 15 fmt.Println("enroll user is completed")
输出:enroll user is completed
- 参数:
-
func (c *Client) GetAllIdentities(options ...RequestOption) ([]*IdentityResponse, error): GetAllIdentities返回调用者有权查看的所有身份
- 参数:
options包含可选的请求选项
返回:
包含身份的回复 - 例:
View Code
1 // Create msp client 2 c, err := New(mockClientProvider()) 3 if err != nil { 4 fmt.Println("failed to create msp client") 5 return 6 } 7 8 results, err := c.GetAllIdentities() 9 if err != nil { 10 fmt.Printf("Get identities return error %s ", err) 11 return 12 } 13 fmt.Printf("%d identities retrieved ", len(results))
输出:2 identities retrieved
- 参数:
-
func (c *Client) GetIdentity(ID string, options ...RequestOption) (*IdentityResponse, error): GetIdentity检索身份信息
-
ID是必需的身份ID
options包含可选的请求选项返回:
包含身份信息的回复 - 例:
View Code
1 // Create msp client 2 c, err := New(mockClientProvider()) 3 if err != nil { 4 fmt.Println("failed to create msp client") 5 return 6 } 7 8 identity, err := c.GetIdentity("123") 9 if err != nil { 10 fmt.Printf("Get identity return error %s ", err) 11 return 12 } 13 fmt.Printf("identity '%s' retrieved ", identity.ID)
输出:identity '123' retrieved
-
-
func (c *Client) GetSigningIdentity(id string) (mspctx.SigningIdentity, error): GetSigningIdentity返回id的签名身份
- 参数:
id是用户ID
返回:
签署身份 - 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 username := randomUsername() 11 12 err = c.Enroll(username, WithSecret("enrollmentSecret")) 13 if err != nil { 14 fmt.Printf("failed to enroll user: %s ", err) 15 return 16 } 17 enrolledUser, err := c.GetSigningIdentity(username) 18 if err != nil { 19 fmt.Printf("user not found %s ", err) 20 return 21 } 22 23 if enrolledUser.Identifier().ID != username { 24 fmt.Println("Enrolled user name doesn't match") 25 return 26 } 27 28 fmt.Println("enroll user is complete
输出:enroll user is completed
- 参数:
-
func (c *Client) ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error): ModifyIdentity修改Fabric CA服务器的身份
- 参数:
请求包含有关身份的信息
返回:
返回更新的身份信息 - 例:
View Code
1 // Create msp client 2 c, err := New(mockClientProvider()) 3 if err != nil { 4 fmt.Println("failed to create msp client") 5 return 6 } 7 8 identity, err := c.ModifyIdentity(&IdentityRequest{ID: "123", Affiliation: "org2", Secret: "top-secret"}) 9 if err != nil { 10 fmt.Printf("Modify identity return error %s ", err) 11 return 12 } 13 fmt.Printf("identity '%s' modified ", identity.ID)
输出:identity '123' modified
- 参数:
-
func (c *Client) Reenroll(enrollmentID string) error: 重新注册一个已注册用户,以便获得一个新的签名X509证书
- 参数:
enrollmentID注册用户的注册ID
返回:
如果重新注册失败,则会出错 - 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 username := randomUsername() 11 12 err = c.Enroll(username, WithSecret("enrollmentSecret")) 13 if err != nil { 14 fmt.Printf("failed to enroll user: %s ", err) 15 return 16 } 17 18 err = c.Reenroll(username) 19 if err != nil { 20 fmt.Printf("failed to reenroll user: %s ", err) 21 return 22 } 23 24 fmt.Println("reenroll user is completed")
输出:reenroll user is completed
- 参数:
-
func (c *Client) Register(request *RegistrationRequest) (string, error): 注册使用Fabric CA注册用户
- 参数:
请求是注册请求
返回:
注册秘密 - 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 _, err = c.Register(&RegistrationRequest{Name: randomUsername()}) 11 if err != nil { 12 fmt.Printf("Register return error %s ", err) 13 return 14 } 15 fmt.Println("register user is completed")
输出:register user is completed
- 参数:
-
func (c *Client) RemoveIdentity(request *RemoveIdentityRequest) (*IdentityResponse, error): RemoveIdentity删除Fabric CA服务器的标识。
- 参数:
请求保存有关要删除的身份的信息
返回:
返回已删除的身份信息 - 例:
View Code
1 // Create msp client 2 c, err := New(mockClientProvider()) 3 if err != nil { 4 fmt.Println("failed to create msp client") 5 return 6 } 7 8 identity, err := c.RemoveIdentity(&RemoveIdentityRequest{ID: "123"}) 9 if err != nil { 10 fmt.Printf("Remove identity return error %s ", err) 11 return 12 } 13 fmt.Printf("identity '%s' removed ", identity.ID)
输出:identity '123' removed
- 参数:
-
func (c *Client) Revoke(request *RevocationRequest) (*RevocationResponse, error): 撤消撤消使用Fabric CA的用户
- 参数:
请求是撤销请求
返回:
撤销回应 - 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 _, err = c.Revoke(&RevocationRequest{Name: "testuser"}) 11 if err != nil { 12 fmt.Printf("revoke return error %s ", err) 13 } 14 fmt.Println("revoke user is completed")
输出:revoke user is completed
- 参数:
-
- 类型ClientOption:
type ClientOption func(*Client) error: ClientOption描述了New构造函数的功能参数
-
func WithOrg(orgName string) ClientOption: WithOrg选项
- 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx, WithOrg("org1")) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 if c != nil { 11 fmt.Println("msp client created with org") 12 }
输出:msp client created with org
- 例:
- 类型EnrollmentOption:
type EnrollmentOption func(*enrollmentOptions) error: EnrollmentOption描述了Enroll的功能参数
- 类型WithSecret:
func WithSecret(secret string) EnrollmentOption: WithSecret注册选项
- 例:
View Code
1 ctx := mockClientProvider() 2 3 // Create msp client 4 c, err := New(ctx) 5 if err != nil { 6 fmt.Println("failed to create msp client") 7 return 8 } 9 10 err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret")) 11 if err != nil { 12 fmt.Printf("failed to enroll user: %s ", err) 13 return 14 } 15 fmt.Println("enroll user is completed")
输出:enroll user is completed
- 例:
- 类型IdentityManager:
type IdentityManager interface { GetSigningIdentity(name string) (msp.SigningIdentity, error) CreateSigningIdentity(ops ...msp.SigningIdentityOption) (msp.SigningIdentity, error) }: IdentityManager提供Fabric网络中的身份管理 - 类型IdentityRequest:
type IdentityRequest struct { // 唯一标识身份的enrollment ID(必填) ID string // 身份的隶属关系(必填) Affiliation string // 要分配给用户的属性数组 Attributes []Attribute // 正在注册的身份类型(例如“同伴,应用,用户”)。 默认为“用户”。 Type string // 可以重复使用密钥进行注册的最大次数(默认CA的最大注册) MaxEnrollments int // 注册秘密。 如果未提供,则生成随机秘密 Secret string // 在Fabric CA服务器内发送请求的CA的名称(可选) CAName string }: IdentityRequest表示向fabric-ca-server添加/更新标识的请求 - 类型IdentityResponse:
type IdentityResponse struct { // 唯一标识身份的注册ID ID string // 身份的隶属关系 Affiliation string // 分配给用户的属性数组 Attributes []Attribute // 身份类型(例如'peer,应用,用户') Type string // 可以重复使用密钥进行注册的最大次数 MaxEnrollments int // 注册秘密 Secret string // CA的名称 CAName string }: IdentityResponse是来自任何读取/添加/修改/删除身份调用的响应 - 类型RegistrationRequest:
type RegistrationRequest struct { // Name是标识的唯一名称 Name string // 正在注册的身份类型(例如“同行,应用,用户”) Type string // Max Enrollments是可以重新注册秘密的次数,如果省略,则默认为服务器上配置的最大注册数 MaxEnrollments int // 身份的隶属关系,例如org1.department1 Affiliation string // 与此标识关联的可选属性 Attributes []Attribute // CAName是要连接的CA的名称 CAName string// Secret是一个可选密码。 如果没有指定,
//生成随机密码。 在这两种情况下,秘密
//从注册中返回。Secret string }: RegistrationRequest定义向CA注册用户所需的属性 - 类型RemoveIdentityRequest:
type RemoveIdentityRequest struct { // 唯一标识身份的enrollment ID ID string // 强制删除 Force bool // ca 名称 CAName string }: RemoveIdentityRequest表示从fabric-ca-server删除现有标识的请求 - 类型RequestOption:
type RequestOption func(ctx context.Client, opts *requestOptions) error: 每个Opts参数的RequestOption func
-
func WithCA(caname string) RequestOption: WithCA允许指定可选的CA名称
- 例:
View Code
1 // Create msp client 2 c, err := New(mockClientProvider()) 3 if err != nil { 4 fmt.Println("failed to create msp client") 5 return 6 } 7 8 results, err := c.GetAllIdentities(WithCA("CA")) 9 if err != nil { 10 fmt.Printf("Get identities return error %s ", err) 11 return 12 } 13 fmt.Printf("%d identities retrieved ", len(results))
输出:2 identities retrieved
- 例:
- 类型RevocationRequest:
type RevocationRequest struct { // 应撤销其证书的标识的名称 // 如果省略该字段,则必须指定Serial和AKI。 Name string // 要撤销的证书的序列号 // 如果省略,则必须指定Name Serial string // 要撤销的证书的AKI(授权密钥标识符) AKI string // 原因是撤销的原因。 请参阅https://godoc.org/golang.org/x/crypto/ocsp // 有效值。 默认值为0(ocsp.Unspecified)。 Reason string // CAName是要连接的CA的名称 CAName string }: RevocationRequest定义撤消CA凭据所需的属性 - 类型RevocationResponse:
type RevocationResponse struct { // RevokedCerts是已撤销的证书数组 RevokedCerts []RevokedCert // CRL是PEM编码的证书吊销列表(CRL),其中包含所有未过期的吊销证书 CRL []byte }: RevocationResponse表示服务器对撤销请求的响应 - 类型RevokedCert:
type RevokedCert struct { // 撤销证书的序列号 Serial string // 撤销证书的AKI AKI string }: RevokedCert表示已撤销的证书
