Documentation
Tutorials
Contributing Documentation For Developers
Test Results Test Coverage Github Repository Github Profile

Class

FabricEnrollmentService

FabricEnrollmentService(caConfig)

Constructor

# new FabricEnrollmentService(caConfig)

Provides high-level operations for managing identities against a Hyperledger Fabric Certificate Authority, including registration, enrollment, revocation, and administrative queries. Encapsulates lower-level Fabric CA client calls with consistent logging and error mapping.

Service wrapper for interacting with a Fabric CA.

sequenceDiagram autonumber participant App participant Svc as FabricEnrollmentService participant CA as Fabric CA App->>Svc: register(credentials, ...) Svc->>CA: register(request, adminUser) CA-->>Svc: enrollmentSecret Svc-->>App: secret App->>Svc: enroll(enrollmentId, secret) Svc->>CA: enroll({enrollmentID, secret}) CA-->>Svc: certificates Svc-->>App: Identity
Parameters:
Name Type Description
caConfig CAConfig

Connection and TLS configuration for the target CA.

View Source client/services/FabricEnrollmentService.ts, line 42

Example
// Register and enroll a new user
const svc = new FabricEnrollmentService({
  url: 'https://localhost:7054',
  caName: 'Org1CA',
  tls: { trustedRoots: ['/path/to/ca.pem'], verify: false },
  caCert: '/path/to/admin/certDir',
  caKey: '/path/to/admin/keyDir'
});
await svc.register({ userName: 'alice', password: 's3cr3t' }, false, 'org1.department1', CA_ROLE.USER);
const id = await svc.enroll('alice', 's3cr3t');

Methods

# async enroll(enrollmentId, registration) → {Promise.<Identity>}

Exchanges the enrollment ID and secret for certificates, returning a constructed Identity model.

Enroll an identity with the CA using a registration secret.

Parameters:
Name Type Description
enrollmentId string

Enrollment ID to enroll.
registration string

Enrollment secret returned at registration time.

View Source client/services/FabricEnrollmentService.ts, line 451

The enrolled identity object with credentials.

Promise.<Identity>

# async getAffiliations() → {string}

Queries the CA for the list of affiliations available under the configured CA.

Retrieve affiliations from the CA.

View Source client/services/FabricEnrollmentService.ts, line 418

The affiliations result payload.

string

# async getCertificates(requestopt, doMapopt) → {Promise.<(Array.<string>|CertificateResponse)>}

Calls the CA certificate service to list certificates, optionally mapping to PEM strings only.

Retrieve certificates from the CA.

Parameters:
Name Type Attributes Default Description
request GetCertificatesRequest <optional>

Optional filter request for certificate lookup.
doMap boolean <optional>
 true

When true, returns array of PEM strings; otherwise returns full response object.

View Source client/services/FabricEnrollmentService.ts, line 402

Array of PEM strings or the full certificate response.

Promise.<(Array.<string>|CertificateResponse)>

# async getIdentities() → {Promise.<Array.<FabricIdentity>>}

Queries the CA identity service to fetch all identities and returns the list as FabricIdentity objects.

List identities registered in the CA.

View Source client/services/FabricEnrollmentService.ts, line 410

The list of identities registered in the CA.

Promise.<Array.<FabricIdentity>>

# async read(enrollmentId) → {Promise.<FabricIdentity>}

Retrieves and validates a single identity, throwing NotFoundError when missing.

Read identity details from the CA by enrollment ID.

Parameters:
Name Type Description
enrollmentId string

Enrollment ID to lookup.

View Source client/services/FabricEnrollmentService.ts, line 427

The identity details stored in the CA.

Promise.<FabricIdentity>

# async register(model, isSuperUseropt, affiliationopt, userRoleopt, attrsopt, maxEnrollmentsopt) → {Promise.<string>}

Submits a registration request for a new enrollment ID, returning the enrollment secret upon success.

Register a new identity with the CA.

Parameters:
Name Type Attributes Default Description
model Credentials

Credentials containing userName and password for the new identity.
isSuperUser boolean <optional>
 false

Whether to register the identity as a super user.
affiliation string <optional>
 ""

Affiliation string (e.g., org1.department1).
userRole CA_ROLE | string <optional>

Role to assign to the identity.
attrs IKeyValueAttribute <optional>

Optional attributes to attach to the identity.
maxEnrollments number <optional>

Maximum number of enrollments allowed for the identity.

View Source client/services/FabricEnrollmentService.ts, line 441

The enrollment secret for the registered identity.

Promise.<string>

# async registerAndEnroll(model, isSuperUseropt, affiliationopt, userRoleopt, attrsopt, maxEnrollmentsopt) → {Promise.<Identity>}

Registers a new enrollment ID with the CA and immediately exchanges the secret to enroll, returning the created Identity.

Register and enroll a new identity in one step.

Parameters:
Name Type Attributes Default Description
model Credentials

Credentials for the new identity containing userName and password.
isSuperUser boolean <optional>
 false

Whether to register the identity as a super user.
affiliation string <optional>
 ""

Affiliation string (e.g., org1.department1).
userRole CA_ROLE | string <optional>

Role to assign to the identity.
attrs IKeyValueAttribute <optional>

Optional attributes to attach to the identity.
maxEnrollments number <optional>

Maximum number of enrollments allowed for the identity.

View Source client/services/FabricEnrollmentService.ts, line 465

The enrolled identity.

Promise.<Identity>

# async revoke(enrollmentId)

Revokes the enrollment of an identity with the specified enrollment ID.

Revokes the enrollment of an identity with the specified enrollment ID.

Parameters:
Name Type Description
enrollmentId

The enrollment ID of the identity to be revoked.

View Source client/services/FabricEnrollmentService.ts, line 478

If the enrollment with the specified ID does not exist.

NotFoundError

If there is an error during the revocation process.

InternalError

A Promise that resolves to the result of the revocation operation.