Class: FabricCAServices

FabricCAServices

This is an implementation of the member service client which communicates with the Fabric CA server.

new FabricCAServices(url, tlsOptions, caName, cryptoSuite)

constructor
Parameters:
Name Type Description
url string | object The endpoint URL for Fabric CA services of the form: "http://host:port" or "https://host:port" When this parameter is an object then it must include the parameters listed as key value pairs.
tlsOptions TLSOptions The TLS settings to use when the Fabric CA services endpoint uses "https"
caName string The optional name of the CA. Fabric-ca servers support multiple Certificate Authorities from a single server. If omitted or null or an empty string, then the default CA is the target of requests
cryptoSuite CryptoSuite The optional cryptoSuite instance to be used if options other than defaults are needed. If not specified, an instance of CryptoSuite will be constructed based on the current configuration settings:
- crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false)
- crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA is supported and the valid key sizes are 256 and 384
- crypto-hash-algo: hashing algorithm
- key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A CryptoKeyStore is provided for this purpose, which can be used on top of any implementation of the KeyValueStore interface, such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting.

Extends

Methods


<async> enroll(req)

Enroll the member and return an opaque member object.
Parameters:
Name Type Description
req the EnrollmentRequest If the request contains the field "csr", this csr will be used for getting the certificate from Fabric-CA. Otherwise , a new private key will be generated and be used to generate a csr later.
Returns:
If the request does not contain the field "csr", the returned promise resolves an Enrollment object with "key" for the new generated private key. If the request contains the field "csr", the resolved Enrollment object does not contain the property "key".
Type
Promise.<Enrollment>

generateCRL(request, registrar)

Parameters:
Name Type Description
request Restriction
registrar User The identity of the registrar (i.e. who is performing the revocation)
Returns:
The Certificate Revocation List (CRL)
Type
Promise

getCaName()

Returns the name of the certificate authority.
Returns:
caName
Type
string

getCryptoSuite()

Returns the CryptoSuite object used by this client instance
Inherited From:
Overrides:
Returns:
Type
module:api.CryptoSuite

newAffiliationService()

Create a new AffiliationService object
Returns:
object
Type
AffiliationService

newCertificateService()

Create a new CertificateService instance
Returns:
object
Type
CertificateService

newIdentityService()

Creates a new IdentityService object
Returns:
object
Type
IdentityService

reenroll(currentUser, Optional)

Re-enroll the member in cases such as the existing enrollment certificate is about to expire, or it has been compromised
Parameters:
Name Type Description
currentUser User The identity of the current user that holds the existing enrollment certificate
Optional Array.<AttributeRequest> an array of AttributeRequest that indicate attributes to be included in the certificate
Returns:
Promise for an object with "key" for private key and "certificate" for the signed certificate

register(req, registrar)

Register the member and return an enrollment secret.
Parameters:
Name Type Description
req RegisterRequest The RegisterRequest
registrar User . The identity of the registrar (i.e. who is performing the registration)
Returns:
The enrollment secret to use when this user enrolls
Type
Promise

revoke(request, registrar)

Revoke an existing certificate (enrollment certificate or transaction certificate), or revoke all certificates issued to an enrollment id. If revoking a particular certificate, then both the Authority Key Identifier and serial number are required. If revoking by enrollment id, then all future requests to enroll this id will be rejected.
Parameters:
Name Type Description
request Object Request object with the following fields:
- enrollmentID {string}. ID to revoke
- aki {string}. Authority Key Identifier string, hex encoded, for the specific certificate to revoke
- serial {string}. Serial number string, hex encoded, for the specific certificate to revoke
- reason {string}. The reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for valid values. The default value is 0 (ocsp.Unspecified).
registrar User The identity of the registrar (i.e. who is performing the revocation)
Returns:
The revocation results
Type
Promise

setCryptoSuite(cryptoSuite)

Sets the client instance to use the CryptoSuite object for signing and hashing Creating and setting a CryptoSuite is optional because the client will construct an instance based on default configuration settings:
  • crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false)
  • crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA is supported and the valid key sizes are 256 and 384
  • crypto-hash-algo: hashing algorithm
  • key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A CryptoKeyStore is provided for this purpose, which can be used on top of any implementation of the KeyValueStore interface, such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting.
  • Parameters:
    Name Type Description
    cryptoSuite module:api.CryptoSuite the CryptoSuite object
    Inherited From:
    Overrides:

    toString()

    return a printable representation of this object