在工作中,我们使用的是ibm云区块链1.1.0,需要创建一个具有在证书中编码的属性的用户。 不幸的是,尝试对此进行编码失败并显示以下错误。
Error Code: 20 - Authorization failure
github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib.(*Client).SendReq
/go/src/github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/client.go:470
github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib.(*Identity).Post
/go/src/github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/identity.go:328
github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib.(*Identity).Register
/go/src/github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/identity.go:80
github.com/hyperledger/fabric-sdk-go/pkg/msp.(*fabricCAAdapter).Register
/go/src/github.com/hyperledger/fabric-sdk-go/pkg/msp/fabcaadapter.go:110
github.com/hyperledger/fabric-sdk-go/pkg/msp.(*CAClientImpl).Register
/go/src/github.com/hyperledger/fabric-sdk-go/pkg/msp/caclient.go:314
github.com/hyperledger/fabric-sdk-go/pkg/client/msp.(*Client).Register
/go/src/github.com/hyperledger/fabric-sdk-go/pkg/client/msp/client.go:374
这是我用来调用mspClient.Register的Register new user function body。
// Register the new user
func (e *HfcEndpoint) RegisterUser(username string, args []string) error {
attributes := []msp.Attribute{}
// normal user with id attribute
attributes = append(attributes, msp.Attribute{
Name: "hf.Registrar.Roles",
Value: "validator",
ECert: true,
})
registrationRequest := &msp.RegistrationRequest{
Name: username,
Type: "validator",
Affiliation: e.orgID,
Attributes: attributes,
}
enrollmentSecret, err := e.mspClient.Register(registrationRequest)
if err != nil {
return errors.Wrapf(err, "Failed to register user - %s", username)
}
err = e.mspClient.Enroll(username, msp.WithSecret(enrollmentSecret))
if err != nil {
return errors.Wrapf(err, "Failed to enroll user - %s", username)
}
return nil
}
我试图确保在此示例中仅使用由该托管ibm区块链创建管理员的标准属性。因此,管理员也应该能够为其他用户编码此属性。
(admin atributes: hf.Registrar.Roles:client,user,peer,validator,auditor)
但是我尝试了一下,但是失败了。 我遵循了fabric-sdk-go的单元测试和fabric-ca的文档:
Register new Identity 1.1.0 documentation
我在文档中读到,管理员需要具有适当的属性才能为其他人注册。 但是,令人困惑的是,如果我提取了fabric-sdk-go单元测试中使用的管理证书,那么我也找不到用于这些测试的管理证书中编码的任何属性。
$>openssl x509 -in admin.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
84:24:6e:1f:67:b0:69:cb:98:36:a5:01:59:63:f2:c5
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=San Francisco, O=org1.example.com, CN=ca.org1.example.com
Validity
Not Before: Jul 28 14:27:20 2017 GMT
Not After : Jul 26 14:27:20 2027 GMT
Subject: C=US, ST=California, L=San Francisco, CN=Admin@org1.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:7e:61:10:27:f1:d1:69:0d:00:f2:bc:30:3b:24:
a3:e5:e4:fa:19:7a:78:f7:9b:52:8e:9c:ca:f2:fe:
63:99:72:75:e7:4c:88:76:01:25:78:b2:cf:15:96:
ec:c1:73:21:c6:02:fe:c1:0a:6c:57:c4:39:23:71:
5f:5e:c9:bb:fc
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:87:91:D1:36:3E:89:51:5F:9A:FA:04:2B:06:93:A2:C7:04:BB:8D:D9:5D:28:F9:7D:35:49:A2:B9:E3:C4:35:2D
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:d5:7f:c7:0b:36:b7:d3:a2:23:f3:26:91:05:
3c:61:7e:ff:c0:a9:cc:e9:25:f7:5a:33:f9:72:6c:bd:d8:1f:
e7:02:20:23:f7:bc:9a:9b:e9:a6:55:10:6d:4e:76:f8:b7:a3:
03:7e:83:0a:c6:d6:11:1b:d9:3e:34:7f:18:51:03:12:f7
我希望有人可以帮助我解决如何通过fabric-sdk-go创建具有属性的用户,或者能够指出我错过的东西。 预先感谢