Hyperledger:在chaincode中登录用户tcert属性

时间:2016-09-30 14:54:55

标签: hyperledger hyperledger-fabric

我尝试使用以下步骤在Hyperledger Fabric区块链上开发一个非常简单的示例: INIT:设置一个包含给定资产的表" A"金额,由帐号引用 INVOKE:现在,没什么 QUERY:如果您拥有该帐户,或者您具有允许您观看所有帐户的特定角色,则打印给定帐户的资产余额。

所以,在我的membersrvc.yaml中,我添加了成员​​和这样的属性:

    eca:
        affiliations:
           banks_and_institutions:
              banks:
                  - bank_a
                  - bank_b
                  - bank_c
        users:
                # Users for usecase1
                client1: 1 client1 bank_a
                client2: 1 client2 bank_b
                client3: 1 client3 bank_c
                back_office: 1 back_office bank_c
                regulator: 1 regulator bank_c

    aca:
              # User attributes for usercase1
              attribute-entry-1: client1;bank_a;role;client;2015-01-01T00:00:00-03:00;;
              attribute-entry-2: client1;bank_a;account;client1;2015-01-01T00:00:00-03:00;;
              attribute-entry-3: client2;bank_b;role;client;2015-01-01T00:00:00-03:00;;
              attribute-entry-4: client2;bank_b;account;client2;2015-01-01T00:00:00-03:00;;
              attribute-entry-5: client3;bank_c;role;client;2015-01-01T00:00:00-03:00;;
              attribute-entry-6: client3;bank_c;account;client3;2015-01-01T00:00:00-03:00;;
              attribute-entry-7: back_office;bank_c;role;back_office;2015-01-01T00:00:00-03:00;;
              attribute-entry-8: back_office;bank_c;account;back_office;2015-01-01T00:00:00-03:00;;
              attribute-entry-9: regulator;bank_c;role;regulator;2015-01-01T00:00:00-03:00;;
              attribute-entry-10: regulator;bank_c;account;regulator;2015-01-01T00:00:00-03:00;;

          address: localhost:7054
          server-name: acap
          enabled: true

但我的问题是:

如何在链码的查询功能中获取和检查这些信息?

我的意思是,启用安全性并由给定用户启动命令:

peer network login client1 -p client1

peer chaincode query -u client1 -n usecase1 -c '{"Function":"assets", "Args": ["some_username"]}'

能够获得client1角色&帐户并应用我的规则。

谢谢!

1 个答案:

答案 0 :(得分:2)

有关如何使用属性的示例,请访问:

github.com/hyperledger/fabric/examples/chaincode/go/asset_management_with_roles

在Query中,您可以使用shim方法ReadCertAttribute:

callerRole, err := stub.ReadCertAttribute("role")
if err != nil {
   fmt.Printf("Error reading attribute 'role' [%v] \n", err)
   return nil, fmt.Errorf("Failed fetching caller role. Error was [%v]", err)
}

请记住,属性名称应在Deploy / Query / Invoke命令中明确声明(“attributes”:[“role”,“account”]):

部署的示例:

curl -XPOST -d  '{"jsonrpc": "2.0", "method": "deploy",  "params": {"type": 1,"chaincodeID": {"path": "github.com/PATH/TO/YOUR/CHAINCODE","language": "GOLANG"}, "ctorMsg": {"Function":"init",  "args": ["some_args"] },"secureContext": "client1", "attributes": ["role", "account"]},"id": 0}' http://localhost:7050/chaincode

查询示例:

curl -XPOST -d  '{"jsonrpc": "2.0", "method": "query", "params": {"type": 1, "chaincodeID": {"name": "!!CHAINCODE_ID!!"}, "ctorMsg": {"Function":"assets", "args": ["some_username"]}, "secureContext": "client1", "attributes": ["role", "account"]}, "id": 1}' http://localhost:7050/chaincode
相关问题
最新问题