new FabricCAServices(url, tlsOptions, caName, cryptoSuite)
constructor
Parameters:
Name | Type | Description |
---|---|---|
url |
string | object | The endpoint URL for Fabric CA services of the form: "http://host:port" or "https://host:port" When this parameter is an object then it must include the parameters listed as key value pairs. |
tlsOptions |
TLSOptions | The TLS settings to use when the Fabric CA services endpoint uses "https" |
caName |
string | The optional name of the CA. Fabric-ca servers support multiple Certificate Authorities from a single server. If omitted or null or an empty string, then the default CA is the target of requests |
cryptoSuite |
CryptoSuite | The optional cryptoSuite instance to be used if options other than defaults are needed.
If not specified, an instance of CryptoSuite will be constructed based on the current configuration settings:
- crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false) - crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA is supported and the valid key sizes are 256 and 384 - crypto-hash-algo: hashing algorithm - key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A CryptoKeyStore is provided for this purpose, which can be used on top of any implementation of the KeyValueStore interface, such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting. |
Extends
Methods
-
<async> enroll(req)
-
Enroll the member and return an opaque member object.
Parameters:
Name Type Description req
the EnrollmentRequest If the request contains the field "csr", this csr will be used for getting the certificate from Fabric-CA. Otherwise , a new private key will be generated and be used to generate a csr later. Returns:
If the request does not contain the field "csr", the returned promise resolves an Enrollment object with "key" for the new generated private key. If the request contains the field "csr", the resolved Enrollment object does not contain the property "key".- Type
- Promise.<Enrollment>
-
generateCRL(request, registrar)
-
Parameters:
Name Type Description request
Restriction registrar
User The identity of the registrar (i.e. who is performing the revocation) Returns:
The Certificate Revocation List (CRL)- Type
- Promise
-
getCaName()
-
Returns the name of the certificate authority.
Returns:
caName- Type
- string
-
getCryptoSuite()
-
Returns the CryptoSuite object used by this client instance
- Inherited From:
- Overrides:
Returns:
-
newAffiliationService()
-
Create a new AffiliationService object
Returns:
object- Type
- AffiliationService
-
newCertificateService()
-
Create a new CertificateService instance
Returns:
object- Type
- CertificateService
-
newIdentityService()
-
Creates a new IdentityService object
Returns:
object- Type
- IdentityService
-
reenroll(currentUser, Optional)
-
Re-enroll the member in cases such as the existing enrollment certificate is about to expire, or it has been compromised
Parameters:
Name Type Description currentUser
User The identity of the current user that holds the existing enrollment certificate Optional
Array.<AttributeRequest> an array of AttributeRequest that indicate attributes to be included in the certificate Returns:
Promise for an object with "key" for private key and "certificate" for the signed certificate -
register(req, registrar)
-
Register the member and return an enrollment secret.
Parameters:
Name Type Description req
RegisterRequest The RegisterRequest registrar
User . The identity of the registrar (i.e. who is performing the registration) Returns:
The enrollment secret to use when this user enrolls- Type
- Promise
-
revoke(request, registrar)
-
Revoke an existing certificate (enrollment certificate or transaction certificate), or revoke all certificates issued to an enrollment id. If revoking a particular certificate, then both the Authority Key Identifier and serial number are required. If revoking by enrollment id, then all future requests to enroll this id will be rejected.
Parameters:
Name Type Description request
Object Request object with the following fields:
- enrollmentID {string}. ID to revoke
- aki {string}. Authority Key Identifier string, hex encoded, for the specific certificate to revoke
- serial {string}. Serial number string, hex encoded, for the specific certificate to revoke
- reason {string}. The reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for valid values. The default value is 0 (ocsp.Unspecified).registrar
User The identity of the registrar (i.e. who is performing the revocation) Returns:
The revocation results- Type
- Promise
-
setCryptoSuite(cryptoSuite)
-
Sets the client instance to use the CryptoSuite object for signing and hashing Creating and setting a CryptoSuite is optional because the client will construct an instance based on default configuration settings:
- crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false)
- crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA is supported and the valid key sizes are 256 and 384
- crypto-hash-algo: hashing algorithm
- key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A CryptoKeyStore is provided for this purpose, which can be used on top of any implementation of the KeyValueStore interface, such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting.
Parameters:
Name Type Description cryptoSuite
module:api.CryptoSuite the CryptoSuite object - Inherited From:
- Overrides:
-
toString()
-
return a printable representation of this object