This is the main module for the "fabric-client" package. It provides the convenience APIs to the classes of the package including [Chain]{@link module:api.Chain}
Void
This module defines the API for the pluggable components of the node.js SDK. The APIs are defined according to the Hyperledger Fabric's [common SDK specification]{@link https://docs.google.com/document/d/1R5RtIBMW9fZpli37E5Li5_Q9ve3BnQ4q3gWmGZj6Sv4/edit?usp=sharing}
Void
Abstract class for a Key-Value store. The Chain class uses this store to save sensitive information such as authenticated user's private keys, certificates, etc.
The SDK provides a default implementation based on files. An alternative implementation can be specified using the "KEY_VALUE_STORE" environment variable pointing to a full path to the require() package for the module.
Void
Get the value associated with name.
Name | Type | Description | |
---|---|---|---|
name | string |
of the key |
- Promise for the value corresponding to the key. If the value does not exist in the store, returns null without rejecting the promise
Set the value associated with name.
Name | Type | Description | |
---|---|---|---|
name | string |
of the key to save | |
value | string |
to save |
Promise
Promise for the 'value' object upon successful write operation
Abstract class for a suite of crypto algorithms used by the SDK to perform encryption, decryption and secure hashing. A complete suite includes libraries for asymmetric keys (such as ECDSA or RSA), symmetric keys (such as AES) and secure hash (such as SHA2/3).
The SDK provides a default implementation based on ECDSA + AES + SHA2/3. An alternative implementation can be specified using the "CRYPTO_SUITE" environment variable, pointing to a full path to the require() package for the module.
Void
Generate a key using the opts
Name | Type | Description | |
---|---|---|---|
opts | Object |
algorithm: an identifier for the algorithm to be used, such as "ECDSA" |
ephemeral: true if the key to generate has to be ephemeral | |
Key
Promise of an instance of the Key class
Derives a key from k using opts.
Name | Type | Description | |
---|---|---|---|
key | Key |
the source key | |
opts | Object |
algorithm: an identifier for the algorithm to be used |
ephemeral: true if the key to generate has to be ephemeral | |
Key
derived key
Imports a key from its raw representation using opts. If the opts.ephemeral
parameter is false, the method, in addition to returning the imported {@link Key}
instance, also saves the imported key in the key store as PEM files that can be
retrieved using the 'getKey()' method
Name | Type | Description | |
---|---|---|---|
raw | Array.<byte> |
Raw bytes of the key to import | |
opts | Object |
type : type of information that 'raw' represents: x509 certificate, |
<br>`algorithm`: an identifier for the algorithm to be used
<br>`ephemeral`: true if the key to generate has to be ephemeral | |
Key
Promise of an instance of the Key class wrapping the raw key bytes
Returns the key this CSP associates to the Subject Key Identifier ski.
Name | Type | Description | |
---|---|---|---|
ski | Array.<byte> |
Subject Key Identifier specific to a Crypto Suite implementation |
Key
Promise of an instance of the Key class corresponding to the ski
Hashes messages msg using options opts.
Name | Type | Description | |
---|---|---|---|
msg | Array.<byte> |
Source message to be hashed | |
opts | Object |
algorithm: an identifier for the algorithm to be used, such as "SHA3" |
string
The hashed digest in hexidecimal string encoding
Signs digest using key k. The opts argument should be appropriate for the algorithm used.
Name | Type | Description | |
---|---|---|---|
key | Key |
Signing key (private key) | |
digest | Array.<byte> |
The message digest to be signed. Note that when a signature of a hash of a larger message is needed, the caller is responsible | |
for hashing the larger message and passing the hash (as digest) and the hash | |||
function (as opts) to sign. | |||
opts | Object |
hashingFunction: the function to use to hash |
Array.<byte>
the resulting signature
Verifies signature against key k and digest The opts argument should be appropriate for the algorithm used.
Name | Type | Description | |
---|---|---|---|
key | Key |
Signing verification key (public key) | |
signature | Array.<byte> |
The signature to verify | |
digest | Array.<byte> |
The digest that the signature was created for |
boolean
true if the signature verifies successfully
Encrypts plaintext using key k. The opts argument should be appropriate for the algorithm used.
Name | Type | Description | |
---|---|---|---|
key | Key |
Encryption key (public key) | |
plainText | Array.<byte> |
Plain text to encrypt | |
opts | Object |
Encryption options |
Array.<byte>
Cipher text after encryption
Decrypts ciphertext using key k. The opts argument should be appropriate for the algorithm used.
Name | Type | Description | |
---|---|---|---|
key | Key |
Decryption key (private key) | |
cipherText | Array.<byte> |
Cipher text to decrypt | |
opts | Object |
Decrypt options |
Array.<byte>
Plain text after decryption
Key represents a cryptographic key. It can be symmetric or asymmetric. In the case of an asymmetric key, the key can be public or private. In the case of a private asymmetric key, the getPublicKey() method allows to retrieve the corresponding public-key. A key can be referenced via the Subject Key Identifier in DER or PEM encoding
Void
Returns the subject key identifier of this key in DER encoding for private keys or PEM encoding for public keys.
Array.<byte>
the subject key identifier of this key
Returns true if this key is a symmetric key, false is this key is asymmetric
boolean
if this key is a symmetric key
Returns true if this key is an asymmetric private key, false otherwise.
boolean
if this key is an asymmetric private key
Returns the corresponding public key if this key is an asymmetric private key. If this key is already public, PublicKey returns this key itself.
Key
the corresponding public key if this key is an asymmetric private key. If this key is already public, PublicKey returns this key itself.
Converts this key to its byte representation, if this operation is allowed.
Array.<byte>
the byte representation of the key
This is a default implementation of the [KeyValueStore]{@link module:api.KeyValueStore} API. It uses files to store the key values.
Void
constructor
Name | Type | Description | |
---|---|---|---|
options | Object |
contains a single property 'path' which points to the top-level directory for the store |
Void
Get the value associated with name.
Name | Type | Description | |
---|---|---|---|
name | string |
- Promise for the value
Set the value associated with name.
Name | Type | Description | |
---|---|---|---|
name | string |
||
value | string |
- Promise for a "true" value on successful completion
This is a sample database implementation of the [KeyValueStore]{@link module:api.KeyValueStore} API. It uses a local or remote CouchDB database instance to store the keys.
Void
constructor
Name | Type | Description | |
---|---|---|---|
options | Object |
Contains the properties: |
Void
Get the value associated with name.
Name | Type | Description | |
---|---|---|---|
name | string |
- Promise for the value
Set the value associated with name.
Name | Type | Description | |
---|---|---|---|
name | string |
||
value | string |
- Promise for a 'true' value on successful completion
The {@link module:api.CryptoSuite} implementation for ECDSA, and AES algorithms using software key generation. This class implements a software-based key generation (as opposed to Hardware Security Module based key management)
Void
constructor
Name | Type | Description | |
---|---|---|---|
keySize | number |
Key size for the ECDSA algorithm, can only be 256 or 384 | |
opts | object |
Implementation-specific options object for the {@link KeyValueStore} class to instantiate an instance | |
KVSImplClass | string |
Optional. The built-in key store saves private keys. The key store may be backed by different {@link KeyValueStore} implementations. If specified, the value of the argument must point to a module implementing the | |
KeyValueStore interface. | |||
hash | string |
Optional. Hash algorithm, supported values are "SHA2" and "SHA3" |
Void
This is an implementation of {@link module:api.CryptoSuite#generateKey} Returns an instance of {@link module.api.Key} representing the private key, which also encapsulates the public key. It'll also save the private key in the KeyValueStore
Key
Promise of an instance of {@link module:ECDSA_KEY} containing the private key and the public key
This is an implementation of {@link module:api.CryptoSuite#deriveKey} To be implemented
Void
This is an implementation of {@link module:api.CryptoSuite#importKey}
Void
This is an implementation of {@link module:api.CryptoSuite#getKey} Returns the key this CSP associates to the Subject Key Identifier ski.
Void
This is an implementation of {@link module:api.CryptoSuite#hash} Hashes messages msg using options opts.
Void
This is an implementation of {@link module:api.CryptoSuite#sign} Signs digest using key k.
The opts argument is not needed.
Void
This is an implementation of {@link module:api.CryptoSuite#verify} Verifies signature against key k and digest The opts argument should be appropriate for the algorithm used.
Void
This is an implementation of {@link module:api.CryptoSuite#encrypt} Encrypts plaintext using key k. The opts argument should be appropriate for the algorithm used.
Void
This is an implementation of {@link module:api.CryptoSuite#decrypt} Decrypts ciphertext using key k. The opts argument should be appropriate for the algorithm used.
Void
This module implements the {@link module:api.Key} interface, for ECDSA.
Void
this class represents the private or public key of an ECDSA key pair.
Name | Type | Description | |
---|---|---|---|
key | Object |
This must be the "privKeyObj" or "pubKeyObj" part of the object generated by jsrsasign.KEYUTIL.generateKeypair() |
Void
string
a string representation of the hash from a sequence based on the private key bytes
Generates a CSR/PKCS#10 certificate signing request for this key
Name | Type | Description | |
---|---|---|---|
subjectDN | string |
The X500Name for the certificate request in LDAP(RFC 2253) format |
string
PEM-encoded PKCS#10 certificate signing request
Function name and line number for logger.
Void
Option is the form { lib: string, slot: number, pin: string }
If lib is not specified or null, its value will be taken from the CRYPTO_PKCS11_LIB env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-lib key in the configuration file.
If slot is not specified or null, its value will be taken from the CRYPTO_PKCS11_SLOT env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-slot key in the configuration file.
If pin is not specified or null, its value will be taken from the CRYPTO_PKCS11_PIN env var, and if the env var is not set, its value will be taken from the crypto-pkcs11-pin key in the configuration file.
Void
If no lib specified, get it from env var or config file.
Void
If no slot specified, get it from env var or config file.
Void
If no pin specified, get it from env var or config file.
Void
Load native PKCS11 library, open PKCS11 session and login.
Void
SKI to key cache for getKey(ski) function.
Void
16-byte front 0 padded time of day in hex for computing SKI.
Void
sha256 of tod as SKI.
Void
Workaround for opencryptoki bug.
Void
Open pkcs11 session and login.
Void
Open session.
Void
Generate PKCS11 AES key.
Return SKI and key handle.
Void
Call PKCS11 API to generate the key.
Void
Template for querying key attributes (debug only).
Void
Generate PKCS11 ECDSA key pair.
Return SKI, EC point, and key handles.
Void
Call PKCS11 API to generate the key pair.
Return public and private key handles.
Void
Template for querying key attributes (debug only).
Void
Get the public key EC point.
Void
Set CKA_ID of public and private key to be SKI.
Void
Search PKCS11 for AES secret key or ECDSA key pair with given SKI.
Return key handle(s) if found.
Void
First look for AES key.
Void
Then look for ECDSA key pair.
Void
Query PKCS11 EC params (OID) and EC point of an ECDSA key pair.
Void
Get EC params (to derive key size) and EC point.
Void
PKCS11 signing digest with an ECDSA private key.
Void
ASN1 DER encoding against malleability.
Void
PKCS11 verify signature of digest signed with an ECDSA private key.
Void
Restore ASN1 DER signature to raw signature. Error will be thrown if signature is not properly encoded.
Void
Error is thrown when signature verification fails.
Void
PKCS11 encrypt plain text with an AES key.
Void
key has been checked to be an AES key.
Void
PKCS11 decrypt cipher text encrypted with an AES key.
Void
key has been checked to be an AES key.
Void
PKCS11 derive key with ECDH mechanism.
Void
Query PKCS11 object attributes.
Return array of [ { type:..., value:... }, ... ]
Void
Set PKCS11 object attributes.
Void
Find PKCS11 objects matching attribute template.
Return array of object handles.
Void
This is an implementation of {@link module:api.CryptoSuite#generateKey} Returns an instance of {@link module.api.Key} representing the private key, which also encapsulates the public key. By default the generated key (keypar) is (are) ephemeral unless opts.ephemeral is set to false, in which case the key (keypair) will be saved across PKCS11 sessions by the HSM hardware.
Key
Promise of an instance of {@link module:PKCS11_ECDSA_KEY} containing the private key and the public key.
Put key in the session cache and return promise of the key.
Void
Put key in the session cache and return promise of the key.
Void
This is an implementation of {@link module:api.CryptoSuite#getKey} Returns the key this CSP associates to the Subject Key Identifier ski.
Void
Found the ski in the session key cache.
Void
This is an implementation of {@link module:api.CryptoSuite#sign} Signs digest using key k.
The opts argument is not needed.
Void
This is an implementation of {@link module:api.CryptoSuite#verify} Verifies signature against key k and digest
Void
This is an implementation of {@link module:api.CryptoSuite#encrypt} Encrypts plainText using key. The opts argument should be appropriate for the algorithm used.
Void
This is an implementation of {@link module:api.CryptoSuite#decrypt} Decrypts cipherText using key. The opts argument should be appropriate for the algorithm used.
Void
This is an implementation of {@link module:api.CryptoSuite#deriveKey}
Void
This is an implementation of {@link module:api.CryptoSuite#importKey}
Void
Put key in the session cache and return promise of the key.
Void
Common for both private and public key.
Void
private key: ski set, ecpt set, priv set, pub set public key: ski set, ecpt set, priv unset, pub set
Void
bits
Void
The class representing a chain with which the client SDK interacts.
The “Chain” object captures settings for a channel, which is created by the orderers to isolate transactions delivery to peers participating on channel. A chain must be initialized after it has been configured with the list of peers and orderers. The initialization sends a get configuration block request to the primary orderer to retrieve the configuration settings for this channel.
Void
Name | Type | Description | |
---|---|---|---|
name | string |
to identify different chain instances. The naming of chain instances is enforced by the ordering service and must be unique within the blockchain network | |
clientContext | Client |
An instance of {@link Client} that provides operational context such as submitting User etc. |
Void
Retrieve the configuration from the primary orderer and initialize this chain (channel) with those values. Currently only the MSP config value of the channel is loaded into this chain.
Void
Get the chain name.
string
The name of the chain.
Determine if security is enabled.
Void
Determine if pre-fetch mode is enabled to prefetch tcerts.
Void
Set prefetch mode to true or false.
Void
Determine if dev mode is enabled.
Void
Set dev mode to true or false.
Void
Get the tcert batch size.
Void
Set the tcert batch size.
Void
Get organizational unit identifiers from the MSP's for this channel
Array.<string>
Set the MSP Manager for this channel
This utility method will not normally be use as the
initialize()
method will read this channel's
current configuration and reset MSPManager with
the MSP's found.
Name | Type | Description | |
---|---|---|---|
the | MSPManager |
msp manager for this channel |
Void
Get the MSP Manager for this channel
MSPManager
Add peer endpoint to chain.
Name | Type | Description | |
---|---|---|---|
peer | Peer |
An instance of the Peer class that has been initialized with URL, TLC certificate, and enrollment certificate. |
Void
Remove peer endpoint from chain.
Name | Type | Description | |
---|---|---|---|
peer | Peer |
An instance of the Peer class. |
Void
Get peers of a chain from local information.
Array.<Peer>
The peer list on the chain.
Set the primary peer The peer to use for doing queries. Peer must be a peer on this chain's peer list. Default: When no primary peer has been set the first peer on the list will be used.
Name | Type | Description | |
---|---|---|---|
peer | Peer |
An instance of the Peer class. |
Void
Get the primary peer The peer to use for doing queries. Default: When no primary peer has been set the first peer on the list will be used.
Peer
peer An instance of the Peer class.
Add orderer endpoint to a chain object, this is a local-only operation. A chain instance may choose to use a single orderer node, which will broadcast requests to the rest of the orderer network. Or if the application does not trust the orderer nodes, it can choose to use more than one by adding them to the chain instance. All APIs concerning the orderer will broadcast to all orderers simultaneously.
Name | Type | Description | |
---|---|---|---|
orderer | Orderer |
An instance of the Orderer class. |
Void
Remove orderer endpoint from a chain object, this is a local-only operation.
Name | Type | Description | |
---|---|---|---|
orderer | Orderer |
An instance of the Orderer class. |
Void
Get orderers of a chain.
Void
Calls the orderer(s) to start building the new chain. Only one of the application instances needs to call this method. Once the chain is successfully created, this and other application instances only need to call joinChannel() to participate on the channel.
Name | Type | Description | |
---|---|---|---|
request | Object |
- An object containing the following field: envelope : required - byte[] of the envelope object containing |
all required settings to initialize this channel | |
boolean
Whether the chain initialization process was successful.
Sends a join channel proposal to one or more endorsing peers Will get the genesis block from the defined orderer to be used in the proposal.
Name | Type | Description | |
---|---|---|---|
request | Object |
- An object containing the following fields: targets : required - An array of Peer objects that will join |
this channel
<br>`txId` : required - String of the transaction id
<br>`nonce` : required - Integer of the once time number | |
Promise
A Promise for aProposalResponse
Queries for the current config block for this chain(channel). This transaction will be made to the orderer.
ConfigEnvelope
Object containing the configuration items.
Utility method to load this chain with configuration information from a Configuration block
Name | Type | Description | |
---|---|---|---|
the | ConfigEnvelope |
envelope with the configuration items |
Void
utility method to load in a config group
Name | Type | Description | |
---|---|---|---|
- | bool |
top - to handle the differences in the structure of groups | |
- | bool |
keep_children - once we start keeping a group, want to keep all children's settings |
Void
utility method to load in a config value
Void
utility method to load in a config policy
Void
Calls the orderer(s) to update an existing chain. This allows the addition and deletion of Peer nodes to an existing chain, as well as the update of Peer certificate information upon certificate renewals.
boolean
Whether the chain update process was successful.
Get chain status to see if the underlying channel has been terminated, making it a read-only chain, where information (transactions and states) can be queried but no new transactions can be submitted.
boolean
Is read-only, true or not.
Queries for various useful information on the state of the Chain (height, known peers). This query will be made to the primary peer.
object
With height, currently the only useful info.
Queries the ledger for Block by block hash. This query will be made to the primary peer.
Name | Type | Description | |
---|---|---|---|
block | Array.<byte> |
hash of the Block. |
object
Object containing the block.
Queries the ledger for Block by block number. This query will be made to the primary peer.
Name | Type | Description | |
---|---|---|---|
blockNumber | number |
The number which is the ID of the Block. |
object
Object containing the block.
Queries the ledger for Transaction by number. This query will be made to the primary peer.
Name | Type | Description | |
---|---|---|---|
transactionID | number |
object
Transaction information containing the transaction.
Queries the installed chaincodes on a peer returning the details of all chaincodes installed on a peer.
Name | Type | Description | |
---|---|---|---|
peer | Peer |
object
ChaincodeQueryResponse proto
Queries the instantiated chaincodes on this channel.
object
ChaincodeQueryResponse proto
Queries the names of all the channels that a peer has joined.
Name | Type | Description | |
---|---|---|---|
peer | Peer |
object
ChannelQueryResponse proto
Sends an install proposal to one or more endorsing peers.
Name | Type | Description | |
---|---|---|---|
request | Object |
- An object containing the following fields: chaincodePath : required - String of the path to location of |
the source code of the chaincode
<br>`chaincodeId` : required - String of the name of the chaincode
<br>`chaincodeVersion` : required - String of the version of the chaincode
<br>`chaincodePackage` : optional - Byte array of the archive content for
the chaincode source. The archive must have a 'src'
folder containing subfolders corresponding to the
'chaincodePath' field. For instance, if the chaincodePath
is 'mycompany/myproject', then the archive must contain a
folder at the path 'src/mycompany/myproject', where the
GO source code resides.
<br>`chaincodeType` : optional - Type of chaincode ['golang', 'car', 'java']
(default 'golang')
<br>`txId` : required - String of the transaction id
<br>`nonce` : required - Integer of the once time number | |
Promise
A Promise for aProposalResponse
Sends an instantiate proposal to one or more endorsing peers.
Name | Type | Description | |
---|---|---|---|
request | Object |
- An object containing the following fields: chaincodeType : optional -- Type of chaincode ['golang', 'car', 'java'] |
(default 'golang')
<br>`chaincodePath` : required - String of the path to location of
the source code of the chaincode
<br>`chaincodeId` : required - String of the name of the chaincode
<br>`chaincodeVersion` : required - String of the version of the chaincode
<br>`chainId` : required - String of the name of the chain
<br>`txId` : required - String of the transaction id
<br>`nonce` : required - Integer of the once time number
<br>`fcn` : optional - String of the function to be called on
the chaincode once instantiated (default 'init')
<br>`args` : optional - String Array arguments specific to
the chaincode being instantiated | |
Promise
A Promise for aProposalResponse
Sends a transaction proposal to one or more endorsing peers.
Name | Type | Description | |
---|---|---|---|
request | Object |
chaincodeId : The id of the chaincode to perform the transaction proposal |
<br>`chainId` : required - String of the name of the chain
<br>`txId` : required - String of the transaction id
<br>`nonce` : required - Integer of the once time number
<br>`args` : an array of arguments specific to the chaincode 'invoke' | |
Promise
A Promise for aProposalResponse
Sends the orderer an endorsed proposal. The caller must use the proposal response returned from the endorser along with the original proposal request sent to the endorser.
Name | Type | Description | |
---|---|---|---|
proposalResponses | Array |
- An array or single {ProposalResponse} objects containing the response from the endorsement | |
chaincodeProposal | Proposal |
- A Proposal object containing the original request for endorsement(s) |
Promise
A Promise for aBroadcastResponse
. This will be an acknowledgement from the orderer of successfully submitted transaction.
Sends a proposal to one or more endorsing peers that will be handled by the chaincode. This request will be presented to the chaincode 'invoke' and must understand from the arguments that this is a query request. The chaincode must also return results in the byte array format and the caller will have to be able to decode these results
Name | Type | Description | |
---|---|---|---|
request | Object |
A JSON object with the following targets : An array or single Endorsing {@link Peer} objects as the targets of the request |
<br>chaincodeId : The id of the chaincode to perform the query
<br>`args` : an array of arguments specific to the chaincode 'innvoke'
that represent a query invocation on that chaincode | |
Promise
A Promise for an array of byte array results from the chaincode on all Endorsing Peers
Void
Void
Void
Void
Void
Void
Utility method to build an unique transaction id based on a nonce and this chain's user.
Name | Type | Description | |
---|---|---|---|
nonce | int |
- a one time use number | |
userContext | User |
- the user context |
string
An unique string
Utility method to build an unique transaction id based on a nonce and this chain's user. Gets the user context.
Name | Type | Description | |
---|---|---|---|
nonce | int |
- a one time use number |
Promise
A promise for the transaction id
Void
return a printable representation of this object
Void
The Peer class represents a peer in the target blockchain network to which HFC sends endorsement proposals, transaction ordering or query requests.
The Peer class represents the remote Peer node and its network membership materials, aka the ECert used to verify signatures. Peer membership represents organizations, unlike User membership which represents individuals.
When constructed, a Peer instance can be designated as an event source, in which case a “eventSourceUrl” attribute should be configured. This allows the SDK to automatically attach transaction event listeners to the event stream.
It should be noted that Peer event streams function at the Peer level and not at the chain and chaincode levels.
Void
Constructs a Peer given its endpoint configuration settings.
Name | Type | Description | |
---|---|---|---|
url | string |
The URL with format of "grpcs://host:port". | |
opts | Object |
The options for the connection to the peer. |
Void
Since practically all Peers are event producers, when constructing a Peer instance, an application can designate it as the event source for the application. Typically only one of the Peers on a Chain needs to be the event source, because all Peers on the Chain produce the same events. This method tells the SDK which Peer(s) to use as the event source for the client application. It is the responsibility of the SDK to manage the connection lifecycle to the Peer’s EventHub. It is the responsibility of the Client Application to understand and inform the selected Peer as to which event types it wants to receive and the call back functions to use.
Promise
This gives the app a handle to attach “success” and “error” listeners
A network call that discovers if at least one listener has been connected to the target Peer for a given event. This helps application instance to decide whether it needs to connect to the event source in a crash recovery or multiple instance instantiation.
Name | Type | Description | |
---|---|---|---|
eventName | string |
required | |
chain | Chain |
optional |
Void
For a Peer that is connected to eventSource, the addListener registers an EventCallBack for a set of event types. addListener can be invoked multiple times to support differing EventCallBack functions receiving different types of events.
Note that the parameters below are optional in certain languages, like Java, that constructs an instance of a listener interface, and pass in that instance as the parameter.
Name | Type | Description | |
---|---|---|---|
eventType | string |
: ie. Block, Chaincode, Transaction | |
eventTypeData | object |
: Object Specific for event type as necessary, currently needed for “Chaincode” event type, specifying a matching pattern to the event name set in the chaincode(s) | |
being executed on the target Peer, and for “Transaction” event type, specifying the transaction ID | |||
eventCallback | class |
Client Application class registering for the callback. |
string
An ID reference to the event listener.
Unregisters a listener.
Name | Type | Description | |
---|---|---|---|
eventListenerRef | string |
Reference returned by SDK for event listener. |
boolean
Success / Failure status
Get the Peer name. Required property for the instance objects.
string
The name of the Peer
Set the Peer name / id.
Name | Type | Description | |
---|---|---|---|
name | string |
Void
Get the user’s roles the Peer participates in. It’s an array of possible values in “client”, and “auditor”. The member service defines two more roles reserved for peer membership: “peer” and “validator”, which are not exposed to the applications.
Array.<string>
The roles for this user.
Set the user’s roles the Peer participates in. See getRoles() for legitimate values.
Name | Type | Description | |
---|---|---|---|
roles | Array.<string> |
The list of roles for the user. |
Void
Returns the Peer's enrollment certificate.
object
Certificate in PEM format signed by the trusted CA
Set the Peer’s enrollment certificate.
Name | Type | Description | |
---|---|---|---|
enrollment | object |
Certificate in PEM format signed by the trusted CA |
Void
Send an endorsement proposal to an endorser.
Name | Type | Description | |
---|---|---|---|
proposal | Proposal |
A proposal of type Proposal |
- Promise for a ProposalResponse
return a printable representation of this object
Void
The User class represents users that have been enrolled and represented by an enrollment certificate (ECert) and a signing key. The ECert must have been signed by one of the CAs the blockchain network has been configured to trust. An enrolled user (having a signing key and ECert) can conduct chaincode instantiate, transactions and queries with the Chain.
User ECerts can be obtained from a CA beforehand as part of installing and instantiating the application, or it can be obtained from the optional Fabric CA service via its enrollment process.
Sometimes User identities are confused with Peer identities. User identities represent signing capability because it has access to the private key, while Peer identities in the context of the application/SDK only has the certificate for verifying signatures. An application cannot use the Peer identity to sign things because the application doesn’t have access to the Peer identity’s private key.
Void
Constructor for a member.
Name | Type | Description | |
---|---|---|---|
cfg | string |
- The member name or an object with the following attributes: - enrollmentID {string}: user name |
- name {string}: user name, if "enrollmentID" is also specified, the "name" is ignored
- roles {string[]}: optional. array of roles
- affiliation {string}: optional. affiliation with a group or organization | |
Void
Get the member name.
string
The member name.
Get the roles.
Array.<string>
The roles.
Set the roles.
Name | Type | Description | |
---|---|---|---|
roles | {string[]} The roles. |
Void
Get the affiliation.
string
The affiliation.
Set the affiliation.
Name | Type | Description | |
---|---|---|---|
affiliation | string |
The affiliation. |
Void
Get the {@link Identity} object for this User instance, used to verify signatures
Identity
the identity object that encapsulates the user's enrollment certificate
Get the {@link SigningIdentity} object for this User instance, used to generate signatures
SigningIdentity
the identity object that encapsulates the user's private key for signing
Set the enrollment object for this User instance
Name | Type | Description | |
---|---|---|---|
privateKey | Key |
the private key object | |
certificate | string |
the PEM-encoded string of certificate | |
mspId | string |
The Member Service Provider id for the local signing identity | |
opts | object |
optional. an object with the following attributes, all optional: - cryptoSettings: {object} an object with the following attributes: |
- software {boolean}: Whether to load a software-based implementation (true) or HSM implementation (false)
default is true (for software based implementation), specific implementation module is specified in the setting 'crypto-suite-software' - keysize {number}: The key size to use for the crypto suite instance. default is value of the setting 'crypto-keysize' - algorithm {string}: Digital signature algorithm, currently supporting ECDSA only with value "EC" - hash {string}: 'SHA2' or 'SHA3'
- KVSImplClass: {function} the User class persists crypto keys in a {@link CryptoKeyStore}, there is a file-based implementation that is provided as the default. Application can use this parameter to override the default, such as saving the keys in a key store backed by database. If present, the value must be the class for the alternative implementation.
- kvsOpts: {object}: an options object specific to the implementation in KVSImplClass | |
Promise
Promise for successful completion of creating the user's signing Identity
Get the transaction certificate (tcert) batch size, which is the number of tcerts retrieved from member services each time (i.e. in a single batch).
int
The tcert batch size.
Set the transaction certificate (tcert) batch size.
Name | Type | Description | |
---|---|---|---|
batchSize | int |
Void
Determine if this name has been enrolled.
boolean
True if enrolled; otherwise, false.
Set the current state of this member from a string based JSON object
Member
Promise of the unmarshalled Member object represented by the serialized string
Save the current state of this member as a string
string
The state of this member as a string
Main interaction handler with end user. A client instance provides a handler to interact with a network of peers, orderers and optionally member services. An application using the SDK may need to interact with multiple networks, each through a separate instance of the Client.
Each client when initially created should be initialized with configuration data from the consensus service, which includes a list of trusted roots, orderer certificates and IP addresses, and a list of peer certificates and IP addresses that it can access. This must be done out of band as part of bootstrapping the application environment. It is also the responsibility of the application to maintain the configuration of a client as the SDK does not persist this object.
Each Client instance can maintain several {@link Chain} instances representing channels and the associated private ledgers.
Void
Returns a chain instance with the given name. This represents a channel and its associated ledger (as explained above), and this call returns an empty object. To initialize the chain in the blockchain network, a list of participating endorsers and orderer peers must be configured first on the returned object.
Name | Type | Description | |
---|---|---|---|
name | string |
The name of the chain. Recommend using namespaces to avoid collision. |
Chain
The uninitialized chain instance.
Get a {@link Chain} instance from the state storage. This allows existing chain instances to be saved for retrieval later and to be shared among instances of the application. Note that it’s the application/SDK’s responsibility to record the chain information. If an application is not able to look up the chain information from storage, it may call another API that queries one or more Peers for that information.
Name | Type | Description | |
---|---|---|---|
name | string |
The name of the chain. |
Chain
The chain instance
This is a network call to the designated Peer(s) to discover the chain information. The target Peer(s) must be part of the chain to be able to return the requested information.
Name | Type | Description | |
---|---|---|---|
name | string |
The name of the chain. | |
peers | Array.<Peer> |
Array of target Peers to query. |
Chain
The chain instance for the name or error if the target Peer(s) does not know anything about the chain.
The enrollment materials for Users that have appeared in the instances of the application.
The SDK should have a built-in key value store file-based implementation to allow easy setup during development. Production systems would use a store backed by database for more robust storage and clustering, so that multiple app instances can share app state via the database. This API makes this pluggable so that different store implementations can be selected by the application.
Name | Type | Description | |
---|---|---|---|
keyValueStore | KeyValueStore |
Instance of an alternative KeyValueStore implementation provided by the consuming app. |
Void
Save the state of this member to the key value store.
Promise
A Promise for the user context object upon successful save
Sets an instance of the User class as the security context of self client instance. This user’s credentials (ECert), or special transaction certificates that are derived from the user's ECert, will be used to conduct transactions and queries with the blockchain network. Upon setting the user context, the SDK saves the object in a persistence cache if the “state store” has been set on the Client instance. If no state store has been set, this cache will not be established and the application is responsible for setting the user context again if the application crashes and is recovered.
Name | Type | Description | |
---|---|---|---|
user | User |
An instance of the User class encapsulating the authenticated user’s signing materials (private key and enrollment certificate) | |
skipPersistence | boolean |
Whether to skip saving the user object into persistence. Default is false and the method will attempt to save the user object to the state store. |
Promise
Promise of the 'user' object upon successful persistence of the user to the state store
As explained above, the client instance can have an optional state store. The SDK saves enrolled users in the storage which can be accessed by authorized users of the application (authentication is done by the application outside of the SDK). This function attempts to load the user by name from the local storage (via the KeyValueStore interface). The loaded user object must represent an enrolled user with a valid enrollment certificate signed by a trusted CA (such as the CA server).
Name | Type | Description | |
---|---|---|---|
name | String |
Optional. If not specified, will only return the in-memory user context object, or null if not found in memory. If "name" is specified, will also attempt to load it from the state store if search | |
in memory failed. |
Promise
The user object corresponding to the name, or null if the user does not exist or if the state store has not been set.
Restore the state of this member from the key value store (if found). If not found, do nothing.
Promise
A Promise for a {User} object upon successful restore, or if the user by the name does not exist in the state store, returns null without rejecting the promise
A convenience method for obtaining the state store object in use for this client.
KeyValueStore
The KeyValueStore implementation object set within this Client, or null if it does not exist.
Obtains an instance of the [KeyValueStore]{@link module:api.KeyValueStore} class. By default it returns the built-in implementation, which is based on files ([FileKeyValueStore]{@link module:api.FileKeyValueStore}). This can be overriden with an environment variable KEY_VALUE_STORE, the value of which is the full path of a CommonJS module for the alternative implementation.
Name | Type | Description | |
---|---|---|---|
options | Object |
is whatever the implementation requires for initializing the instance. For the built-in file-based implementation, this requires a single property "path" to the top-level folder for the store |
- [KeyValueStore]{@link module:api.KeyValueStore} an instance of the KeyValueStore implementation
Configures a logger for the entire HFC SDK to use and override the default logger. Unless this method is called, HFC uses a default logger (based on winston). When using the built-in "winston" based logger, use the environment variable HFC_LOGGING to pass in configurations in the following format:
{ 'error': 'error.log', // 'error' logs are printed to file 'error.log' relative of the current working dir for node.js 'debug': '/tmp/myapp/debug.log', // 'debug' and anything more critical ('info', 'warn', 'error') can also be an absolute path 'info': 'console' // 'console' is a keyword for logging to console }
Name | Type | Description | |
---|---|---|---|
logger | Object |
a logger instance that defines the following methods: debug(), info(), warn(), error() with string interpolation methods like [util.format]{@link https://nodejs.org/api/util.html#util_util_format_format}. |
Void
Adds a file to the top of the list of configuration setting files that are part of the hierarchical configuration. These files will override the default settings and be overriden by environment, command line arguments, and settings programmatically set into configuration settings.
hierarchy search order:
- memory - all settings added with sdkUtils.setConfigSetting(name,value)
- Command-line arguments
- Environment variables (names will be change from AAA-BBB to aaa-bbb)
- Custom Files - all files added with the addConfigFile(path) will be ordered by when added, were last one added will override previously added files
- The file located at 'config/default.json' with default settings
Name | Type | Description | |
---|---|---|---|
path | String |
- The path to the file to be added to the top of list of configuration files |
Void
Adds a setting to override all settings that are part of the hierarchical configuration.
hierarchy search order:
- memory - settings added with this call
- Command-line arguments
- Environment variables (names will be change from AAA-BBB to aaa-bbb)
- Custom Files - all files added with the addConfigFile(path) will be ordered by when added, were last one added will override previously added files
- The file located at 'config/default.json' with default settings
Name | Type | Description | |
---|---|---|---|
name | String |
- The name of a setting | |
value | Object |
- The value of a setting |
Void
Retrieves a setting from the hierarchical configuration and if not found will return the provided default value.
hierarchy search order:
- memory - settings added with sdkUtils.setConfigSetting(name,value)
- Command-line arguments
- Environment variables (names will be change from AAA-BBB to aaa-bbb)
- Custom Files - all files added with the addConfigFile(path) will be ordered by when added, were last one added will override previously added files
- The file located at 'config/default.json' with default settings
Name | Type | Description | |
---|---|---|---|
name | String |
- The name of a setting | |
default_value | Object |
- The value of a setting if not found in the hierarchical configuration |
Void
The ChainCodeCBE is used internal to the EventHub to hold chaincode event registration callbacks.
Void
Constructs a chaincode callback entry
Name | Type | Description | |
---|---|---|---|
ccid | string |
chaincode id | |
eventNameFilter | string |
The regex used to filter events | |
cb | function |
Callback for filter matches |
Void
The EventHub class is used to distribute events from an event source(peer)
Void
Constructs an unconnected EventHub
Void
Set peer url for event source
Note: Only use this if creating your own EventHub. The chain class creates a default eventHub that most Node clients can use (see eventHubConnect, eventHubDisconnect and getEventHub).
Name | Type | Description | |
---|---|---|---|
peeraddr | string |
peer url | |
opts | object |
An Object that may contain options to pass to grpcs calls - pem {string} The certificate file, in PEM format, |
|
to use with the gRPC protocol (that is, with TransportCredentials). | |||
Required when using the grpcs protocol. | |||
- ssl-target-name-override {string} Used in test environment only, when the server certificate's |
|||
hostname (in the 'CN' field) does not match the actual host endpoint that the server process runs | |||
at, the application can work around the client TLS verify failure by setting this property to the | |||
value of the server certificate's hostname | |||
- any other standard grpc call options will be passed to the grpc service calls directly |
Void
Get connected state of eventhub
- true if connected to event source, false otherwise
Establishes connection with peer event source
Note: Only use this if creating your own EventHub. The chain class creates a default eventHub that most Node clients can use (see eventHubConnect, eventHubDisconnect and getEventHub).
Void
Disconnects peer event source
Note: Only use this if creating your own EventHub. The chain class creates a default eventHub that most Node clients can use (see eventHubConnect, eventHubDisconnect and getEventHub).
Void
Register a callback function to receive chaincode events.
Name | Type | Description | |
---|---|---|---|
ccid | string |
string chaincode id | |
eventname | string |
string The regex string used to filter events | |
callback | function |
Function Callback function for filter matches that takes a single parameter which is a json object representation | |
of type "message ChaincodeEvent" from lib/proto/chaincodeevent.proto |
object
ChainCodeCBE object that should be treated as an opaque handle used to unregister (see unregisterChaincodeEvent)
Unregister chaincode event registration
Name | Type | Description | |
---|---|---|---|
ChainCodeCBE | object |
handle returned from call to registerChaincodeEvent. |
Void
Register a callback function to receive block events.
Name | Type | Description | |
---|---|---|---|
callback | function |
Function that takes a single parameter which is a json object representation of type "message Block" | |
from lib/proto/fabric.proto |
Void
Unregister block event registration
Name | Type | Description | |
---|---|---|---|
callback | function |
Function to unregister |
Void
Register a callback function to receive transactional events.
Note: transactional event registration is primarily used by the sdk to track instantiate and invoke completion events. Nodejs clients generally should not need to call directly.
Name | Type | Description | |
---|---|---|---|
txid | string |
string transaction id | |
callback | function |
Function that takes a parameter which is a json object representation of type "message Transaction" | |
from lib/proto/fabric.proto and a parameter which is a boolean | |||
that indicates if the transaction is invalid (true=invalid) |
Void
Unregister transactional event registration.
Name | Type | Description | |
---|---|---|---|
txid | string transaction id |
Void
private internal callback for processing tx events
Name | Type | Description | |
---|---|---|---|
block | object |
json object representing block of tx from the fabric |
Void
The Remote class represents a the base class for all remote nodes, Peer, Orderer , and MemberServicespeer.
Void
Constructs an object with the endpoint configuration settings.
Name | Type | Description | |
---|---|---|---|
url | string |
The orderer URL with format of 'grpc(s)://host:port'. | |
opts | object |
An Object that may contain options to pass to grpcs calls - pem {string} The certificate file, in PEM format, |
|
to use with the gRPC protocol (that is, with TransportCredentials). | |||
Required when using the grpcs protocol. | |||
- ssl-target-name-override {string} Used in test environment only, when the server certificate's |
|||
hostname (in the 'CN' field) does not match the actual host endpoint that the server process runs | |||
at, the application can work around the client TLS verify failure by setting this property to the | |||
value of the server certificate's hostname | |||
- any other standard grpc call options will be passed to the grpc service calls directly |
Void
Get the URL of the orderer.
string
Get the URL associated with the Orderer.
return a printable representation of this object
Void
This is the main module for the "fabric-ca-client" package. It communicates with the "fabric-ca" server to manage user certificates lifecycle including register, enroll, renew and revoke, so that the application can use the properly signed certificates to authenticate with the fabric
Void
This is an implementation of the member service client which communicates with the Fabric CA server.
Void
constructor
Name | Type | Description | |
---|---|---|---|
url | string |
The endpoint URL for Fabric CA services of the form: "http://host:port" or "https://host:port" | |
tlsOptions | TLSOptions |
The TLS settings to use when the Fabric CA services endpoint uses "https" | |
cryptoSetting | object |
This optional parameter is an object with the following optional properties: - software {boolean}: Whether to load a software-based implementation (true) or HSM implementation (false) |
default is true (for software based implementation), specific implementation module is specified
in the setting 'crypto-suite-software'
- keysize {number}: The key size to use for the crypto suite instance. default is value of the setting 'crypto-keysize'
- algorithm {string}: Digital signature algorithm, currently supporting ECDSA only with value "EC" | |
| KVSImplClass |
function
| Optional. The built-in key store saves private keys. The key store may be backed by different {@link KeyValueStore} implementations. If specified, the value of the argument must point to a module implementing the KeyValueStore interface. | | | opts |object
| Implementation-specific options object for the {@link KeyValueStore} class to instantiate an instance | |
Void
Register the member and return an enrollment secret.
Name | Type | Description | |
---|---|---|---|
req | Object |
Registration request with the following fields: - enrollmentID {string}. ID which will be used for enrollment |
|
- role {string}. An arbitrary string representing a role value for the user |
|||
- affiliation {string}. Affiliation with which this user will be associated, like a company or an organization |
|||
- maxEnrollments {number}. The maximum number of times this user will be permitted to enroll |
|||
- attrs {{@link KeyValueAttribute}[]}. Array of key/value attributes to assign to the user. |
|||
registrar | {User}. The identity of the registrar (i.e. who is performing the registration) |
Promise
The enrollment secret to use when this user enrolls
Enroll the member and return an opaque member object.
Name | Type | Description | |
---|---|---|---|
req | Enrollment request | ||
req.enrollmentID | string |
The registered ID to use for enrollment | |
req.enrollmentSecret | string |
The secret associated with the enrollment ID |
- Promise for an object with "key" for private key and "certificate" for the signed certificate
Revoke an existing certificate (enrollment certificate or transaction certificate), or revoke all certificates issued to an enrollment id. If revoking a particular certificate, then both the Authority Key Identifier and serial number are required. If revoking by enrollment id, then all future requests to enroll this id will be rejected.
Name | Type | Description | |
---|---|---|---|
request | Object |
Request object with the following fields: - enrollmentID {string}. ID to revoke |
|
- aki {string}. Authority Key Identifier string, hex encoded, for the specific certificate to revoke |
|||
- serial {string}. Serial number string, hex encoded, for the specific certificate to revoke |
|||
- reason {string}. The reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp |
|||
for valid values. The default value is 0 (ocsp.Unspecified). | |||
registrar | User |
The identity of the registrar (i.e. who is performing the revocation) |
Promise
The revocation results
Utility function which parses an HTTP URL into its component parts
Name | Type | Description | |
---|---|---|---|
url | string |
HTTP or HTTPS url including protocol, host and port |
HTTPEndpoint
return a printable representation of this object
Void
Client for communciating with the Fabric CA APIs
Void
constructor
Name | Type | Description | |
---|---|---|---|
connect_opts | object |
Connection options for communciating with the Fabric CA server | |
connect_opts.protocol | string |
The protocol to use (either HTTP or HTTPS) | |
connect_opts.hostname | string |
The hostname of the Fabric CA server endpoint | |
connect_opts.port | number |
The port of the Fabric CA server endpoint | |
connect_opts.tlsOptions | TLSOptions |
The TLS settings to use when the Fabric CA endpoint uses "https" |
Void
Register a new user and return the enrollment secret
Name | Type | Description | |
---|---|---|---|
enrollmentID | string |
ID which will be used for enrollment | |
role | string |
Type of role for this user | |
affiliation | string |
Affiliation with which this user will be associated | |
maxEnrollments | number |
The maximum number of times the user is permitted to enroll | |
attrs | Array.<KeyValueAttribute> |
Array of key/value attributes to assign to the user | |
signingIdentity | SigningIdentity |
The instance of a SigningIdentity encapsulating the signing certificate, hash algorithm and signature algorithm |
Promise
The enrollment secret to use when this user enrolls
Revoke an existing certificate (enrollment certificate or transaction certificate), or revoke all certificates issued to an enrollment id. If revoking a particular certificate, then both the Authority Key Identifier and serial number are required. If revoking by enrollment id, then all future requests to enroll this id will be rejected.
Name | Type | Description | |
---|---|---|---|
enrollmentID | string |
ID to revoke | |
aki | string |
Authority Key Identifier string, hex encoded, for the specific certificate to revoke | |
serial | string |
Serial number string, hex encoded, for the specific certificate to revoke | |
reason | string |
The reason for revocation. See https://godoc.org/golang.org/x/crypto/ocsp for valid values | |
signingIdentity | SigningIdentity |
The instance of a SigningIdentity encapsulating the signing certificate, hash algorithm and signature algorithm |
Promise
The revocation results
Generate authorization token required for accessing fabric-ca APIs
Void
Enroll a registered user in order to receive a signed X509 certificate
Name | Type | Description | |
---|---|---|---|
enrollmentID | string |
The registered ID to use for enrollment | |
enrollmentSecret | string |
The secret associated with the enrollment ID | |
csr | string |
PEM-encoded PKCS#10 certificate signing request |
Promise
{@link EnrollmentResponse}
Convert a PEM encoded certificate to DER format
Name | Type | Description | |
---|---|---|---|
{string) pem PEM encoded public or private key |
string
hex Hex-encoded DER bytes
Validate the connection options
Void
Documentation generated with doxdox.