hfc.fabric_ca.caservice
¶
Module Contents¶
Classes¶
|
Class represents enrollment. |
|
Client for communicating with the Fabric CA APIs. |
|
This is a ca server delegate. |
Functions¶
|
Create ca service |
-
hfc.fabric_ca.caservice.
DEFAULT_CA_ENDPOINT
= http://localhost:7054¶
-
hfc.fabric_ca.caservice.
DEFAULT_CA_BASE_URL
= /api/v1/¶
-
hfc.fabric_ca.caservice.
_logger
¶
-
hfc.fabric_ca.caservice.
reasons
= [[1, 'unspecified'], [2, 'keycompromise'], [3, 'cacompromise'], [4, 'affiliationchange'], [5, 'superseded'], [6, 'cessationofoperation'], [7, 'certificatehold'], [8, 'removefromcrl'], [9, 'privilegewithdrawn'], [10, 'aacompromise']]¶
-
class
hfc.fabric_ca.caservice.
Enrollment
(private_key, enrollmentCert, caCertChain=None, service=None)¶ Bases:
object
Class represents enrollment.
-
property
private_key
(self)¶ Get private key
- Returns
private key
-
property
cert
(self)¶ Get cert
- Returns
cert
-
property
caCert
(self)¶ Get caCert
- Returns
caCert
-
get_attrs
(self)¶
-
register
(self, enrollmentID, enrollmentSecret=None, role=None, affiliation=None, maxEnrollments=1, attrs=None)¶
-
revoke
(self, enrollmentID=None, aki=None, serial=None, reason=None, gencrl=False)¶
-
generateCRL
(self, revokedBefore=None, revokedAfter=None, expireBefore=None, expireAfter=None)¶
-
__str__
(self)¶ Return str(self).
-
property
-
class
hfc.fabric_ca.caservice.
CAClient
(target=DEFAULT_CA_ENDPOINT, ca_certs_path=None, base_url=DEFAULT_CA_BASE_URL, ca_name='', cryptoPrimitives=ecies())¶ Bases:
object
Client for communicating with the Fabric CA APIs.
-
generateAuthToken
(self, req, registrar)¶ Generate authorization token required for accessing fabric-ca APIs
- Parameters
req (dict) – request body
registrar – Required. The identity of the registrar
(i.e. who is performing the request) :type registrar: Enrollment :return: auth token
-
_send_ca_post
(self, path, **param)¶ Send a post request to the ca service
- Parameters
path – sub path after the base_url
**param –
post request params
- Returns
the response body in json
-
_send_ca_get
(self, path, **param)¶ Send a get request to the ca service
- Parameters
path – sub path after the base_url
**param –
get request params
- Returns
the response body in json
-
_send_ca_delete
(self, path, **param)¶ Send a delete request to the ca service
- Parameters
path – sub path after the base_url
**param –
delete request params
- Returns
the response body in json
-
_send_ca_update
(self, path, **param)¶ Send a update request to the ca service
- Parameters
path – sub path after the base_url
**param –
update request params
- Returns
the response body in json
-
get_cainfo
(self)¶ Query the ca service information.
- Returns
The base64 encoded CA PEM file content for the caname
-
enroll
(self, enrollment_id, enrollment_secret, csr, profile='', attr_reqs=None)¶
-
register
(self, req, registrar)¶
-
reenroll
(self, req, registrar)¶
-
revoke
(self, req, registrar)¶
-
generateCRL
(self, req, registrar)¶
-
newIdentityService
(self)¶
-
newAffiliationService
(self)¶
-
newCertificateService
(self)¶
-
-
class
hfc.fabric_ca.caservice.
CAService
(target=DEFAULT_CA_ENDPOINT, ca_certs_path=None, crypto=ecies(), ca_name='')¶ Bases:
object
This is a ca server delegate.
-
enroll
(self, enrollment_id, enrollment_secret, csr=None, profile='', attr_reqs=None)¶ - Enroll a registered user in order to receive a signed X509
certificate
- Parameters
enrollment_id (str) – The registered ID to use for enrollment
enrollment_secret (str) – The secret associated with the enrollment ID
profile (str) – The profile name. Specify the ‘tls’ profile for a TLS certificate; otherwise, an enrollment certificate is issued. (Default value = ‘’)
csr (str) –
Optional. PEM-encoded PKCS#10 Certificate Signing Request. The message sent from client side to Fabric-ca for the
digital identity certificate. (Default value = None)
attr_reqs (list) – An array of AttributeRequest
- Returns
PEM-encoded X509 certificate (Default value = None)
- Raises
RequestException – errors in requests.exceptions
ValueError – Failed response, json parse error, args missing
-
reenroll
(self, currentUser, attr_reqs=None)¶ - Re-enroll the member in cases such as the existing enrollment
certificate is about to expire, or it has been compromised
- Parameters
currentUser (Enrollment) – The identity of the current user that holds the existing enrollment certificate
attr_reqs (list) – Optional. An array of AttributeRequest that indicate attributes to be included in the certificate
- Returns
PEM-encoded X509 certificate (Default value = None)
- Raises
RequestException – errors in requests.exceptions
ValueError – Failed response, json parse error, args missing
-
register
(self, enrollmentID, enrollmentSecret, role, affiliation, maxEnrollments, attrs, registrar)¶ Register a user in order to receive a secret
- Parameters
registrar (Enrollment) – The registrar
enrollmentID (str) – enrollmentID ID which will be used for enrollment
enrollmentSecret (str) – enrollmentSecret Optional enrollment secret to set for the registered user. If not provided, the server will generate one. When not including, use a null for this parameter.
role (str) – Optional type of role for this user. When not including, use a null for this parameter.
affiliation (str) – Affiliation with which this user will be associated
maxEnrollments (number) – The maximum number of times the user is permitted to enroll
attrs – Array of key/value attributes to assign to the user
- :return The enrollment secret to use when this user
enrolls
- Raises
RequestException – errors in requests.exceptions
ValueError – Failed response, json parse error, args missing
-
revoke
(self, enrollmentID, aki, serial, reason, gencrl, registrar)¶ - Revoke an existing certificate (enrollment certificate or
- transaction certificate), or revoke all certificates issued to an
- enrollment id. If revoking a particular certificate, then both the
- Authority Key Identifier and serial number are required. If
- revoking by enrollment id, then all future requests to enroll this
id will be rejected.
- Parameters
registrar (Enrollment) – The registrar
enrollmentID (str) – enrollmentID ID to revoke
aki (str) – Authority Key Identifier string, hex encoded, for the specific certificate to revoke
serial (str) – Serial number string, hex encoded, for the specific certificate to revoke
reason (str) – The reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for valid values
gencrl (bool) – GenCRL specifies whether to generate a CRL
- Returns
The revocation results
- Raises
RequestException – errors in requests.exceptions
ValueError – Failed response, json parse error, args missing
-
generateCRL
(self, revokedBefore, revokedAfter, expireBefore, expireAfter, registrar)¶ Generate CRL
- Parameters
revokedBefore – Include certificates that were revoked before this UTC timestamp (in RFC3339 format) in the CRL
revokedAfter – Include certificates that were revoked after this UTC timestamp (in RFC3339 format) in the CRL
expireBefore – Include revoked certificates that expire before this UTC timestamp (in RFC3339 format) in the CRL
expireAfter – Include revoked certificates that expire after this UTC timestamp (in RFC3339 format) in the CRL
registrar – registrar
- Returns
The Certificate Revocation List (CRL)
-
newIdentityService
(self)¶
-
newAffiliationService
(self)¶
-
newCertificateService
(self)¶
-
-
hfc.fabric_ca.caservice.
ca_service
(target=DEFAULT_CA_ENDPOINT, ca_certs_path=None, crypto=ecies(), ca_name='')¶ Create ca service
- Parameters
target – url (Default value = DEFAULT_CA_ENDPOINT)
ca_certs_path – certs path (Default value = None)
crypto – crypto (Default value = ecies())
ca_name – CA name
- Returns
ca service instance (Default value = “”)