Class: FabricCAServices

FabricCAServices

This is an implementation of the member service client which communicates with the Fabric CA server.

new FabricCAServices(url, tlsOptions, caName, cryptoSuite)

constructor
Parameters:
Name Type Description
url string The endpoint URL for Fabric CA services of the form: "http://host:port" or "https://host:port"
tlsOptions TLSOptions The TLS settings to use when the Fabric CA services endpoint uses "https"
caName string The optional name of the CA. Fabric-ca servers support multiple Certificate Authorities from a single server. If omitted or null or an empty string, then the default CA is the target of requests
cryptoSuite CryptoSuite The optional cryptoSuite instance to be used if options other than defaults are needed. If not specified, an instance of CryptoSuite will be constructed based on the current configuration settings: crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false) crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA is supported and the valid key sizes are 256 and 384 crypto-hash-algo: hashing algorithm key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A CryptoKeyStore is provided for this purpose, which can be used on top of any implementation of the KeyValueStore interface, such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting.

Methods


<static> newCryptoSuite(setting, KVSImplClass, opts)

Returns a new instance of the CryptoSuite API implementation
Parameters:
Name Type Description
setting object This optional parameter is an object with the following optional properties: - software {boolean}: Whether to load a software-based implementation (true) or HSM implementation (false) default is true (for software based implementation), specific implementation module is specified in the setting 'crypto-suite-software' - keysize {number}: The key size to use for the crypto suite instance. default is value of the setting 'crypto-keysize' - algorithm {string}: Digital signature algorithm, currently supporting ECDSA only with value "EC" - hash {string}: 'SHA2' or 'SHA3'
KVSImplClass function Optional. The built-in key store saves private keys. The key store may be backed by different KeyValueStore implementations. If specified, the value of the argument must point to a module implementing the KeyValueStore interface.
opts object Implementation-specific option object used in the constructor returns a new instance of the CryptoSuite API implementation

<static> normalizeX509()

Make sure there's a start line with '-----BEGIN CERTIFICATE-----' and end line with '-----END CERTIFICATE-----', so as to be compliant with x509 parsers

enroll(req)

Enroll the member and return an opaque member object.
Parameters:
Name Type Description
req Enrollment request
Properties
Name Type Description
enrollmentID string The registered ID to use for enrollment
enrollmentSecret string The secret associated with the enrollment ID
Returns:
Promise for an object with "key" for private key and "certificate" for the signed certificate

reenroll(currentUser)

Re-enroll the member in cases such as the existing enrollment certificate is about to expire, or it has been compromised
Parameters:
Name Type Description
currentUser User The identity of the current user that holds the existing enrollment certificate
Returns:
Promise for an object with "key" for private key and "certificate" for the signed certificate

register(req, registrar)

Register the member and return an enrollment secret.
Parameters:
Name Type Description
req Object Registration request with the following fields:
- enrollmentID {string}. ID which will be used for enrollment
- enrollmentSecret {string}. Optional enrollment secret to set for the registered user. If not provided, the server will generate one.
- role {string}. An arbitrary string representing a role value for the user
- affiliation {string}. Affiliation with which this user will be associated, like a company or an organization
- maxEnrollments {number}. The maximum number of times this user will be permitted to enroll
- attrs {KeyValueAttribute[]}. Array of key/value attributes to assign to the user.
registrar User . The identity of the registrar (i.e. who is performing the registration)
Returns:
The enrollment secret to use when this user enrolls
Type
Promise

revoke(request, registrar)

Revoke an existing certificate (enrollment certificate or transaction certificate), or revoke all certificates issued to an enrollment id. If revoking a particular certificate, then both the Authority Key Identifier and serial number are required. If revoking by enrollment id, then all future requests to enroll this id will be rejected.
Parameters:
Name Type Description
request Object Request object with the following fields:
- enrollmentID {string}. ID to revoke
- aki {string}. Authority Key Identifier string, hex encoded, for the specific certificate to revoke
- serial {string}. Serial number string, hex encoded, for the specific certificate to revoke
- reason {string}. The reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for valid values. The default value is 0 (ocsp.Unspecified).
registrar User The identity of the registrar (i.e. who is performing the revocation)
Returns:
The revocation results
Type
Promise

toString()

return a printable representation of this object