使用Hyperledger-Fabric进行基于属性的访问控制

时间:2017-10-16 06:43:30

标签: blockchain hyperledger-fabric hyperledger abac

我从master分支中删除了fabric-repository。使用node-SDK

  1. 我正在尝试注册用户并为其注册属性hf.registrar.Role属性并请求具有相同属性的证书
  2. 然后我正在调用一个事务并尝试在chaincode中解码他的属性
  3. 我也在尝试在节点层解码他的属性 但我得到属性为null,属性状态为false

      var  attr1_req={name:"hf.Registrar.Roles",required:true};
     attr_req.push(attr1_req);
     var attr_req=[];
    
     var reg_attr=[];
     var attr_reg={name:"hf.Registrar.Roles",value:"this is roles"};
     reg_attr.push(attr_reg);
    
    
    return hfc.newDefaultKeyValueStore({
        path: getKeyStoreForOrg(getOrgName(userOrg))
    }).then((store) => {
        client.setStateStore(store);
        // clearing the user context before switching
        client._userContext = null;
        return client.getUserContext(username, true).then((user) => {
            logger.debug("User :"+user)
            if (user && user.isEnrolled()) {
                logger.info('Successfully loaded member from persistence');
                return user;
            } else {
                let caClient = caClients[userOrg];
                logger.debug("Ca client: "+caClient)
                return getAdminUser(userOrg).then(function(adminUserObj) {
                    member = adminUserObj;
    
                    return caClient.register({
                        enrollmentID: username,
                         affiliation: userOrg + '.department1',
                         attrs:reg_attr
                    }, member);
                }).then((secret) => {
                    enrollmentSecret = secret;
                    logger.debug(username + ' registered successfully');
                    return caClient.enroll({
                        enrollmentID: username,
                        enrollmentSecret: secret,
                        attr_reqs:attr_req
    
                    });
                }, (err) => {
                    logger.debug(username + ' failed to register');
                    return '' + err;
                    //return 'Failed to register '+username+'. Error: ' + err.stack ? err.stack : err;
                }).then((message) => {
                    if (message && typeof message === 'string' && message.includes(
                            'Error:')) {
                        logger.error(username + ' enrollment failed');
                        return message;
                    }
                    logger.debug(username + ' enrolled successfully');
    
                    logger.debug("message :"+message.certificate);
                    let cert = X509.parseCert(message.certificate);
                    logger.debug("parsed cert: "+cert);
                    logger.debug("cert extensions ")
                    logger.debug(cert.extensions)
                    logger.debug("cert extensions[......] "+cert.extensions['1.2.3.4.5.6.7.8.1'])
                    if(cert && cert.extensions && cert.extensions['1.2.3.4.5.6.7.8.1']) {
                        logger.debug("reached line 324 member")
                        let attr_string=cert.extensions['1.2.3.4.5.6.7.8.1'];
                        let attr_object = JSON.parse(attr_string);
                        let attrs = attr_object.attrs;
                        logger.debug("attributes: "+attrs)
                    }
    
  4. 来自chaincode部分: 这是chaincode中的代码

    attrvalue,status,_:=cid.GetAttributeValue(stub,"hf.Registrar.Roles")
        fmt.Printf("attr Value: %s status : %t", attrvalue ,status)
        fmt.Println("attr Value: %s status : %t", attrvalue ,status)
    

    来自节点部分: Cert.extension是

     { keyUsage: 'Digital Signature',
      basicConstraints: 'CA:FALSE',
      subjectKeyIdentifier: 'F3:66:26:E7:0D:1A:15:E9:F0:40:6F:FF:17:A8:5C:D3:CE:B8:4C:50',
      authorityKeyIdentifier: 'keyid:8D:0F:3C:42:48:8D:31:FE:72:06:99:4D:CE:1D:25:4E:A1:8C:DA:47:85:24:73:51:91:D4:CF:93:D6:7D:48:B2' }
    

1 个答案:

答案 0 :(得分:0)

问题已解决 步骤

  1. https://github.com/hyperledger/fabric-sdk-node/tree/release/fabric-ca-client/lib/FabricCAClientImpl.js粘贴到node_modules / fabric-ca-client / lib
  2. 从主分支克隆fabric-ca并提供make clean& make docker
  3. 来自主分支的克隆结构