Class: FabricCAClient

FabricCAClient

Client for communciating with the Fabric CA APIs

new FabricCAClient(connect_opts)

constructor
Parameters:
Name Type Description
connect_opts object Connection options for communciating with the Fabric CA server
Properties
Name Type Description
protocol string The protocol to use (either HTTP or HTTPS)
hostname string The hostname of the Fabric CA server endpoint
port number The port of the Fabric CA server endpoint
tlsOptions TLSOptions The TLS settings to use when the Fabric CA endpoint uses "https"
caname string The optional name of the CA. Fabric-ca servers support multiple Certificate Authorities from a single server. If omitted or null or an empty string, then the default CA is the target of requests

Methods


<static> pemToDER({string))

Convert a PEM encoded certificate to DER format
Parameters:
Name Type Description
{string) pem PEM encoded public or private key
Throws:
Will throw an error if the conversation fails
Returns:
hex Hex-encoded DER bytes
Type
string

enroll(enrollmentID, enrollmentSecret, csr)

Enroll a registered user in order to receive a signed X509 certificate
Parameters:
Name Type Description
enrollmentID string The registered ID to use for enrollment
enrollmentSecret string The secret associated with the enrollment ID
csr string PEM-encoded PKCS#10 certificate signing request
Throws:
  • Will throw an error if all parameters are not provided
  • Will throw an error if calling the enroll API fails for any reason
Returns:
Type
Promise

reenroll(csr, signingIdentity)

Re-enroll an existing user.
Parameters:
Name Type Description
csr string PEM-encoded PKCS#10 certificate signing request
signingIdentity SigningIdentity The instance of a SigningIdentity encapsulating the
Returns:
Type
Promise

register(enrollmentID, enrollmentSecret, role, affiliation, maxEnrollments, attrs, signingIdentity)

Register a new user and return the enrollment secret
Parameters:
Name Type Description
enrollmentID string ID which will be used for enrollment
enrollmentSecret string Optional enrollment secret to set for the registered user. If not provided, the server will generate one.
role string Type of role for this user
affiliation string Affiliation with which this user will be associated
maxEnrollments number The maximum number of times the user is permitted to enroll
attrs Array.<KeyValueAttribute> Array of key/value attributes to assign to the user
signingIdentity SigningIdentity The instance of a SigningIdentity encapsulating the signing certificate, hash algorithm and signature algorithm
Returns:
The enrollment secret to use when this user enrolls
Type
Promise

revoke(enrollmentID, aki, serial, reason, signingIdentity)

Revoke an existing certificate (enrollment certificate or transaction certificate), or revoke all certificates issued to an enrollment id. If revoking a particular certificate, then both the Authority Key Identifier and serial number are required. If revoking by enrollment id, then all future requests to enroll this id will be rejected.
Parameters:
Name Type Description
enrollmentID string ID to revoke
aki string Authority Key Identifier string, hex encoded, for the specific certificate to revoke
serial string Serial number string, hex encoded, for the specific certificate to revoke
reason string The reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for valid values
signingIdentity SigningIdentity The instance of a SigningIdentity encapsulating the signing certificate, hash algorithm and signature algorithm
Returns:
The revocation results
Type
Promise