Hyperledger - MSP错误:提供的标识无效:x509:由未知权限签名的证书

时间:2018-04-24 19:50:51

标签: docker-compose hyperledger-fabric hyperledger

我目前正在使用hyperledger fabric-samples。我已经根据可用的教程成功运行了第一网络和fabcar。我现在尝试将两者组合在一个组织中与3个对等体建立网络,并使用节点sdk进行查询等。我当前的fabric-samples目录的存储库可用here。我已经能够使用byfn.sh来构建网络,enrollAdmin.js和registerUser.js。在尝试查询或调用时,我遇到了这个问题:

Store path:/home/victor/fabric-samples/first-network/hfc-key-store
Successfully loaded user1 from persistence
Assigning transaction_id:  bc0240f672d075de2f84d50b292ed0e2214dacc0ef2888d0fa7e25d872a99b03
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP]
    at new createStatusError (/home/victor/fabric-samples/first-network/node_modules/grpc/src/client.js:64:15)
    at /home/victor/fabric-samples/first-network/node_modules/grpc/src/client.js:583:15
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP]
    at new createStatusError (/home/victor/fabric-samples/first-network/node_modules/grpc/src/client.js:64:15)
    at /home/victor/fabric-samples/first-network/node_modules/grpc/src/client.js:583:15
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP]
    at new createStatusError (/home/victor/fabric-samples/first-network/node_modules/grpc/src/client.js:64:15)
    at /home/victor/fabric-samples/first-network/node_modules/grpc/src/client.js:583:15
HERE
Transaction proposal was bad
Failed to send Proposal or receive valid response. Response null or status is not 200. exiting...
Failed to invoke successfully :: Error: Failed to send Proposal or receive valid response. Response null or status is not 200. exiting...

使用docker logs我查看了其中一个对等体的日志,发现了这个:

2018-04-24 19:05:09.370 UTC [msp] getMspConfig -> INFO 001 Loading NodeOUs
2018-04-24 19:05:09.392 UTC [nodeCmd] serve -> INFO 002 Starting peer:
 Version: 1.1.0
 Go version: go1.9.2
 OS/Arch: linux/amd64
 Experimental features: false
 Chaincode:
  Base Image Version: 0.4.6
  Base Docker Namespace: hyperledger
  Base Docker Label: org.hyperledger.fabric
  Docker Namespace: hyperledger

2018-04-24 19:05:09.392 UTC [ledgermgmt] initialize -> INFO 003 Initializing ledger mgmt
2018-04-24 19:05:09.393 UTC [kvledger] NewProvider -> INFO 004 Initializing ledger provider
2018-04-24 19:05:12.811 UTC [couchdb] CreateDatabaseIfNotExist -> INFO 005 Created state database _users
2018-04-24 19:05:13.215 UTC [couchdb] CreateDatabaseIfNotExist -> INFO 006 Created state database _replicator
2018-04-24 19:05:14.086 UTC [couchdb] CreateDatabaseIfNotExist -> INFO 007 Created state database _global_changes
2018-04-24 19:05:14.433 UTC [kvledger] NewProvider -> INFO 008 ledger provider Initialized
2018-04-24 19:05:14.433 UTC [ledgermgmt] initialize -> INFO 009 ledger mgmt initialized
2018-04-24 19:05:14.433 UTC [peer] func1 -> INFO 00a Auto-detected peer address: 172.18.0.9:7051
2018-04-24 19:05:14.433 UTC [peer] func1 -> INFO 00b Returning peer0.org1.example.com:7051
2018-04-24 19:05:14.433 UTC [peer] func1 -> INFO 00c Auto-detected peer address: 172.18.0.9:7051
2018-04-24 19:05:14.434 UTC [peer] func1 -> INFO 00d Returning peer0.org1.example.com:7051
2018-04-24 19:05:14.435 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 00e Entering computeChaincodeEndpoint with peerHostname: peer0.org1.example.com
2018-04-24 19:05:14.436 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 00f Exit with ccEndpoint: peer0.org1.example.com:7052
2018-04-24 19:05:14.436 UTC [nodeCmd] createChaincodeServer -> WARN 010 peer.chaincodeListenAddress is not set, using peer0.org1.example.com:7052
2018-04-24 19:05:14.436 UTC [eventhub_producer] start -> INFO 011 Event processor started
2018-04-24 19:05:14.437 UTC [chaincode] NewChaincodeSupport -> INFO 012 Chaincode support using peerAddress: peer0.org1.example.com:7052
2018-04-24 19:05:14.438 UTC [sccapi] registerSysCC -> INFO 013 system chaincode cscc(github.com/hyperledger/fabric/core/scc/cscc) registered
2018-04-24 19:05:14.438 UTC [sccapi] registerSysCC -> INFO 014 system chaincode lscc(github.com/hyperledger/fabric/core/scc/lscc) registered
2018-04-24 19:05:14.438 UTC [sccapi] registerSysCC -> INFO 015 system chaincode escc(github.com/hyperledger/fabric/core/scc/escc) registered
2018-04-24 19:05:14.438 UTC [sccapi] registerSysCC -> INFO 016 system chaincode vscc(github.com/hyperledger/fabric/core/scc/vscc) registered
2018-04-24 19:05:14.438 UTC [sccapi] registerSysCC -> INFO 017 system chaincode qscc(github.com/hyperledger/fabric/core/chaincode/qscc) registered
2018-04-24 19:05:14.440 UTC [gossip/service] func1 -> INFO 018 Initialize gossip with endpoint peer0.org1.example.com:7051 and bootstrap set [peer1.org1.example.com:7051]
2018-04-24 19:05:14.442 UTC [msp] DeserializeIdentity -> INFO 019 Obtaining identity
2018-04-24 19:05:14.444 UTC [gossip/discovery] NewDiscoveryService -> INFO 01a Started {peer0.org1.example.com:7051 [] [98 55 107 77 184 123 189 240 183 227 157 211 146 161 226 74 43 48 67 169 32 99 66 147 109 71 222 49 249 172 59 136] peer0.org1.example.com:7051 <nil>} incTime is 1524596714444440316
2018-04-24 19:05:14.444 UTC [gossip/gossip] NewGossipService -> INFO 01b Creating gossip service with self membership of {peer0.org1.example.com:7051 [] [98 55 107 77 184 123 189 240 183 227 157 211 146 161 226 74 43 48 67 169 32 99 66 147 109 71 222 49 249 172 59 136] peer0.org1.example.com:7051 <nil>}
2018-04-24 19:05:14.447 UTC [gossip/gossip] start -> INFO 01c Gossip instance peer0.org1.example.com:7051 started
2018-04-24 19:05:14.449 UTC [cscc] Init -> INFO 01d Init CSCC
2018-04-24 19:05:14.449 UTC [sccapi] deploySysCC -> INFO 01e system chaincode cscc/(github.com/hyperledger/fabric/core/scc/cscc) deployed
2018-04-24 19:05:14.449 UTC [sccapi] deploySysCC -> INFO 01f system chaincode lscc/(github.com/hyperledger/fabric/core/scc/lscc) deployed
2018-04-24 19:05:14.450 UTC [escc] Init -> INFO 020 Successfully initialized ESCC
2018-04-24 19:05:14.450 UTC [sccapi] deploySysCC -> INFO 021 system chaincode escc/(github.com/hyperledger/fabric/core/scc/escc) deployed
2018-04-24 19:05:14.450 UTC [sccapi] deploySysCC -> INFO 022 system chaincode vscc/(github.com/hyperledger/fabric/core/scc/vscc) deployed
2018-04-24 19:05:14.451 UTC [qscc] Init -> INFO 023 Init QSCC
2018-04-24 19:05:14.451 UTC [sccapi] deploySysCC -> INFO 024 system chaincode qscc/(github.com/hyperledger/fabric/core/chaincode/qscc) deployed
2018-04-24 19:05:14.451 UTC [nodeCmd] initSysCCs -> INFO 025 Deployed system chaincodes
2018-04-24 19:05:14.451 UTC [nodeCmd] serve -> INFO 026 Starting peer with ID=[name:"peer0.org1.example.com" ], network ID=[dev], address=[peer0.org1.example.com:7051]
2018-04-24 19:05:14.452 UTC [nodeCmd] serve -> INFO 027 Started peer with ID=[name:"peer0.org1.example.com" ], network ID=[dev], address=[peer0.org1.example.com:7051]
2018-04-24 19:05:14.452 UTC [nodeCmd] func7 -> INFO 028 Starting profiling server with listenAddress = 0.0.0.0:6060
2018-04-24 19:05:16.371 UTC [ledgermgmt] CreateLedger -> INFO 029 Creating ledger [mychannel] with genesis block
2018-04-24 19:05:16.409 UTC [fsblkstorage] newBlockfileMgr -> INFO 02a Getting block information from block storage
2018-04-24 19:05:16.757 UTC [couchdb] CreateDatabaseIfNotExist -> INFO 02b Created state database mychannel_
2018-04-24 19:05:16.945 UTC [kvledger] CommitWithPvtData -> INFO 02c Channel [mychannel]: Committed block [0] with 1 transaction(s)
2018-04-24 19:05:17.557 UTC [ledgermgmt] CreateLedger -> INFO 02d Created ledger [mychannel] with genesis block
2018-04-24 19:05:17.626 UTC [cscc] Init -> INFO 02e Init CSCC
2018-04-24 19:05:17.627 UTC [sccapi] deploySysCC -> INFO 02f system chaincode cscc/mychannel(github.com/hyperledger/fabric/core/scc/cscc) deployed
2018-04-24 19:05:17.628 UTC [sccapi] deploySysCC -> INFO 030 system chaincode lscc/mychannel(github.com/hyperledger/fabric/core/scc/lscc) deployed
2018-04-24 19:05:17.628 UTC [escc] Init -> INFO 031 Successfully initialized ESCC
2018-04-24 19:05:17.628 UTC [sccapi] deploySysCC -> INFO 032 system chaincode escc/mychannel(github.com/hyperledger/fabric/core/scc/escc) deployed
2018-04-24 19:05:17.629 UTC [sccapi] deploySysCC -> INFO 033 system chaincode vscc/mychannel(github.com/hyperledger/fabric/core/scc/vscc) deployed
2018-04-24 19:05:17.629 UTC [qscc] Init -> INFO 034 Init QSCC
2018-04-24 19:05:17.629 UTC [sccapi] deploySysCC -> INFO 035 system chaincode qscc/mychannel(github.com/hyperledger/fabric/core/chaincode/qscc) deployed
2018-04-24 19:05:27.629 UTC [deliveryClient] try -> WARN 036 Got error: rpc error: code = Canceled desc = context canceled , at 1 attempt. Retrying in 1s
2018-04-24 19:05:27.629 UTC [blocksProvider] DeliverBlocks -> WARN 037 [mychannel] Receive error: Client is closing
2018-04-24 19:05:28.925 UTC [gossip/service] updateEndpoints -> WARN 038 Failed to update ordering service endpoints, due to Channel with mychannel id was not found
2018-04-24 19:05:29.302 UTC [kvledger] CommitWithPvtData -> INFO 039 Channel [mychannel]: Committed block [1] with 1 transaction(s)
2018-04-24 19:05:33.013 UTC [couchdb] CreateDatabaseIfNotExist -> INFO 03a Created state database mychannel_lscc
2018-04-24 19:05:33.016 UTC [lscc] executeInstall -> INFO 03b Installed Chaincode [fabcar] Version [1.0] to peer
2018-04-24 19:05:34.803 UTC [golang-platform] GenerateDockerBuild -> INFO 03c building chaincode with ldflagsOpt: '-ldflags "-linkmode external -extldflags '-static'"'
2018-04-24 19:05:34.804 UTC [golang-platform] GenerateDockerBuild -> INFO 03d building chaincode with tags: 
2018-04-24 19:06:06.351 UTC [cceventmgmt] HandleStateUpdates -> INFO 03e Channel [mychannel]: Handling LSCC state update for chaincode [fabcar]
2018-04-24 19:06:06.868 UTC [couchdb] CreateDatabaseIfNotExist -> INFO 03f Created state database mychannel_fabcar
2018-04-24 19:06:07.278 UTC [kvledger] CommitWithPvtData -> INFO 040 Channel [mychannel]: Committed block [2] with 1 transaction(s)
2018-04-24 19:06:15.476 UTC [protoutils] ValidateProposalMessage -> WARN 041 channel [mychannel]: MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority
2018-04-24 19:06:15.689 UTC [protoutils] ValidateProposalMessage -> WARN 042 channel [mychannel]: MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority

这些错误让我相信我的证书配置不正确,但到目前为止,搜索有关该问题的信息并不富有成效。如何找到此错误的来源?我将在这里发布我的docker-compose-cli.yaml:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  orderer.example.com:
  ca.example.com:
  peer0.org1.example.com:
  peer1.org1.example.com:
  peer2.org1.example.com:

networks:
  byfn:

services:

  ca.example.com:
    image: hyperledger/fabric-ca:x86_64-1.1.0
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca.example.com
      - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.example.com-cert.pem
      - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca.example.com
    networks:
      - byfn

  orderer.example.com:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.example.com
    container_name: orderer.example.com
    networks:
      - byfn

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org1.example.com
    depends_on:
      - orderer.example.com
      - couchdb0
    networks:
      - byfn

  peer1.org1.example.com:
    container_name: peer1.org1.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer1.org1.example.com
    depends_on:
      - orderer.example.com
      - couchdb1
    networks:
      - byfn

  peer2.org1.example.com:
    container_name: peer2.org1.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer2.org1.example.com
    depends_on:
      - orderer.example.com
      - couchdb2
    networks:
      - byfn

  couchdb0:
    container_name: couchdb0
    image: hyperledger/fabric-couchdb
    # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
    # for CouchDB.  This will prevent CouchDB from operating in an "Admin Party" mode.
    environment:
      - COUCHDB_USER=
      - COUCHDB_PASSWORD=
    ports:
      - 5984:5984
    networks:
      - byfn

  couchdb1:
    container_name: couchdb1
    image: hyperledger/fabric-couchdb
    # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
    # for CouchDB.  This will prevent CouchDB from operating in an "Admin Party" mode.
    environment:
      - COUCHDB_USER=
      - COUCHDB_PASSWORD=
    ports:
      - 6984:5984
    networks:
      - byfn

  couchdb2:
    container_name: couchdb2
    image: hyperledger/fabric-couchdb
    # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
    # for CouchDB.  This will prevent CouchDB from operating in an "Admin Party" mode.
    environment:
      - COUCHDB_USER=
      - COUCHDB_PASSWORD=
    ports:
      - 7984:5984
    networks:
      - byfn            

  cli:
    container_name: cli
    image: hyperledger/fabric-tools:$IMAGE_TAG
    tty: true
    stdin_open: true
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_LOGGING_LEVEL=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_TLS_ENABLED=false
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    depends_on:
      - orderer.example.com
      - peer0.org1.example.com
      - peer1.org1.example.com
      - peer2.org1.example.com
    networks:
      - byfn

3 个答案:

答案 0 :(得分:2)

您的SDK正在从配置不正确的CA获取证书。

建议:

fetch('http://192.168.120.101:5000/register', {
 method: 'POST',
body: JSON.stringify(RegisterData),
headers: {
'Content-Type': 'application/json'
 }
 })
.then((response)=>response.json())
.then((data)=>{
alert("Success!", "You've registered successfully!")
.then((value) => {

  this.props.navigation.navigate('ScrollTab');
});
})
.catch((error)=>{
console.log("Error, with message::",error)
});
}

如果您使用的是cryptogen,则您将在相应的组织文件夹中找到上述两个文件,并提供正确的文件来引导CA。它将正常工作。

答案 1 :(得分:0)

例如,您必须转到抱怨该证书的容器,打开相应的终端并将CA权限证书添加到系统的可信CA存储库中。

在ubuntu中:

  1. 转至/ usr / local / share / ca-certificates /
  2. 创建一个新文件夹,即 &#34; sudo mkdir HyperledgerCerts&#34;
  3. 将.crt文件复制到 &#34; HyperledgerCerts&#34;文件夹
  4. 确保权限正常(755 for 文件夹,文件644)
  5. 运行&#34; sudo update-ca-certificates&#34;
  6. 这应该可以解决问题。
    希望这有帮助

答案 2 :(得分:0)

确保将 FABRIC_CA_CLIENT_HOME 设置为正确的目录,尤其是在 docker 容器外使用 fabric-ca-client 时。

例如,在调用 fabric-ca-client registerfabric-ca-client enroll 之前,您应该设置

export FABRIC_CA_CLIENT_HOME=/path/to/organizations/peerOrganizations/org1.example.com/