无法反序列化creater身份,在Hyperledger

时间:2017-09-29 20:53:36

标签: hyperledger-fabric hyperledger

我一直在尝试使用SDK从已安装的链代码调用函数,但我遇到了一个问题,我正在努力解决这个问题。 我构建的javascript程序是test / integration / client.js文件和fabcar / invoke.js的混合。当我运行脚本时,运行事务提议时出现以下错误:

  

错误:[client-utils.js]:sendPeersProposal - 拒绝承诺:错误:无法反序列化创建者身份,错误提供的身份无效,Verify()返回x509:由未知权限签名的证书

我知道我的问题是由于没有使用正确的证书,但我不知道我没有使用正确的证书。我使用以下脚本创建了crypto-config目录:

 ../src/github.com/hyperledger/fabric/build//bin/cryptogen generate --config=./crypto-config.yaml
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile OrdererGenesis -outputBlock ./channel-artifacts/genesis.block
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel --outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/CorpMSPanchors.tx -channelID $CHANNEL_NAME -asOrg CorpMSP
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/EngMSPanchors.tx -channelID $CHANNEL_NAME -asOrg EngMSP

以下是我添加同伴和频道的代码:


    let data = fs.readFileSync(network[org].peers['peer1']['tls_cacerts']);
          var peer = client.newPeer(
                network[org].peers['peer1'].requests,
              {
                    pem: Buffer.from(data).toString(),
                    'ssl-target-name-override': network[org].peers['peer1']['server-hostname']
                });
            console.log("- Peer set up, setting up channel");
            channel = client.newChannel(utils.getConfigSetting('channelName'));
            channel.addPeer(peer);
            data = fs.readFileSync(network.orderer['tls_cacerts']);
            channel.addOrderer(client.newOrderer(network.orderer['url']), {
                pem: Buffer.from(data).toString(),
                'ssl-target-name-override': network.orderer['server-hostname']
            });
            target.push(peer);

以下是我的网络配置:

{
    "tmpdir": "/tmp/hfc_test_kvs",
    "channelName" : "mychannel",
    "chaincodeId" : "blockparty",
    "network-config": {
        "orderer": {
            "url": "grpcs://orderer.example.com:7050",
            "server-hostname": "orderer.example.com",
            "tls_cacerts": "./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
        },
        "org1": {
            "name": "Corp",
            "mspid": "CorpMSP",
            "username": "Admin",
            "peers": {
                "peer1": {
                    "requests": "grpcs://peer0.corp.example.com:7051",
                    "events": "grpcs://peer0.corp.example.com:7053",
                    "server-hostname": "peer0.corp.example.com",
                    "tls_cacerts": "./crypto-config/peerOrganizations/corp.example.com/peers/peer0.corp.example.com/tls/server.crt"
                },
            "admin": {
                "key": "./crypto-config/peerOrganizations/corp.example.com/users/Admin@corp.example.com/msp/keystore",
                "cert": "./crypto-config/peerOrganizations/corp.example.com/users/Admin@corp.example.com/msp/signcerts"
            }
        },

根据要求,以下是我的crypto-config.yaml的一些片段:

OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    Specs:
      - Hostname: orderer
PeerOrgs:
  - Name: Corp
    Domain: corp.example.com
    Specs:
      - Hostname: peer0
      - Hostname: peer1
      - Hostname: peer2
    Users:
      Count: 1

和我的configtx.yaml:

Profiles:

    OrdererGenesis:
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Corp
                    - *Eng
    Channel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Corp
                - *Eng

################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg

        # ID to load the MSP definition as
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/example.com/msp

    - &Corp
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: CorpMSP

        # ID to load the MSP definition as
        ID: CorpMSP

        MSPDir: crypto-config/peerOrganizations/corp.example.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.corp.example.com
              Port: 7051

有关我应该使用哪种证书来正确提交交易提案然后交易的任何想法?我没有使用ca-server,我也没有使用docker容器。环境工作,因为我能够使用peer chaincode invoke命令调用链代码,所以我知道它有效,但我不确定哪个证书,我应该在client.newPeer和{{1函数。

非常感谢阅读, 贝特朗。

1 个答案:

答案 0 :(得分:0)

我认为您需要一个客户端管理员证书。最好由corp.example.com或peer#.corp.example.com签名。 corp.example.com的证书链已存在于您的MSPDir / ca文件夹中。所以应该这样做。