我一直在尝试使用SDK从已安装的链代码调用函数,但我遇到了一个问题,我正在努力解决这个问题。 我构建的javascript程序是test / integration / client.js文件和fabcar / invoke.js的混合。当我运行脚本时,运行事务提议时出现以下错误:
错误:[client-utils.js]:sendPeersProposal - 拒绝承诺:错误:无法反序列化创建者身份,错误提供的身份无效,Verify()返回x509:由未知权限签名的证书
我知道我的问题是由于没有使用正确的证书,但我不知道我没有使用正确的证书。我使用以下脚本创建了crypto-config目录:
../src/github.com/hyperledger/fabric/build//bin/cryptogen generate --config=./crypto-config.yaml ../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile OrdererGenesis -outputBlock ./channel-artifacts/genesis.block ../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel --outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME ../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/CorpMSPanchors.tx -channelID $CHANNEL_NAME -asOrg CorpMSP ../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/EngMSPanchors.tx -channelID $CHANNEL_NAME -asOrg EngMSP
以下是我添加同伴和频道的代码:
let data = fs.readFileSync(network[org].peers['peer1']['tls_cacerts']); var peer = client.newPeer( network[org].peers['peer1'].requests, { pem: Buffer.from(data).toString(), 'ssl-target-name-override': network[org].peers['peer1']['server-hostname'] }); console.log("- Peer set up, setting up channel"); channel = client.newChannel(utils.getConfigSetting('channelName')); channel.addPeer(peer); data = fs.readFileSync(network.orderer['tls_cacerts']); channel.addOrderer(client.newOrderer(network.orderer['url']), { pem: Buffer.from(data).toString(), 'ssl-target-name-override': network.orderer['server-hostname'] }); target.push(peer);
以下是我的网络配置:
{ "tmpdir": "/tmp/hfc_test_kvs", "channelName" : "mychannel", "chaincodeId" : "blockparty", "network-config": { "orderer": { "url": "grpcs://orderer.example.com:7050", "server-hostname": "orderer.example.com", "tls_cacerts": "./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem" }, "org1": { "name": "Corp", "mspid": "CorpMSP", "username": "Admin", "peers": { "peer1": { "requests": "grpcs://peer0.corp.example.com:7051", "events": "grpcs://peer0.corp.example.com:7053", "server-hostname": "peer0.corp.example.com", "tls_cacerts": "./crypto-config/peerOrganizations/corp.example.com/peers/peer0.corp.example.com/tls/server.crt" }, "admin": { "key": "./crypto-config/peerOrganizations/corp.example.com/users/Admin@corp.example.com/msp/keystore", "cert": "./crypto-config/peerOrganizations/corp.example.com/users/Admin@corp.example.com/msp/signcerts" } },
根据要求,以下是我的crypto-config.yaml的一些片段:
OrdererOrgs: - Name: Orderer Domain: example.com Specs: - Hostname: orderer PeerOrgs: - Name: Corp Domain: corp.example.com Specs: - Hostname: peer0 - Hostname: peer1 - Hostname: peer2 Users: Count: 1
和我的configtx.yaml:
Profiles: OrdererGenesis: Orderer: <<: *OrdererDefaults Organizations: - *OrdererOrg Consortiums: SampleConsortium: Organizations: - *Corp - *Eng Channel: Consortium: SampleConsortium Application: <<: *ApplicationDefaults Organizations: - *Corp - *Eng ################################################################################ # # Section: Organizations # # - This section defines the different organizational identities which will # be referenced later in the configuration. # ################################################################################ Organizations: # SampleOrg defines an MSP using the sampleconfig. It should never be used # in production but may be used as a template for other definitions - &OrdererOrg # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: OrdererOrg # ID to load the MSP definition as ID: OrdererMSP # MSPDir is the filesystem path which contains the MSP configuration MSPDir: crypto-config/ordererOrganizations/example.com/msp - &Corp # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: CorpMSP # ID to load the MSP definition as ID: CorpMSP MSPDir: crypto-config/peerOrganizations/corp.example.com/msp AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: peer0.corp.example.com Port: 7051
有关我应该使用哪种证书来正确提交交易提案然后交易的任何想法?我没有使用ca-server,我也没有使用docker容器。环境工作,因为我能够使用peer chaincode invoke
命令调用链代码,所以我知道它有效,但我不确定哪个证书,我应该在client.newPeer
和{{1函数。
非常感谢阅读, 贝特朗。
答案 0 :(得分:0)
我认为您需要一个客户端管理员证书。最好由corp.example.com或peer#.corp.example.com签名。 corp.example.com的证书链已存在于您的MSPDir / ca文件夹中。所以应该这样做。