无法在Hyperledger Fabric 1.1中使用基于属性的访问控制(ABAC)访问用户属性

时间:2018-07-16 12:55:09

标签: hyperledger-fabric hyperledger abac

我正在尝试使用GoLang进行基于属性的访问控制,并且在获取链式代码中的属性时遇到问题。我正在使用cid.GetAttributeValue()函数,该函数什么也不返回。它打印空白,并且找到的变量设置为false。

我所做的事情是:

  1. 向管理员注册了用户定义的名为“ firstName”且值为“ *”的属性。 (也尝试将其设置为特定值)

  2. 将该管理员注册到网络上

  3. 使用相同的属性“ firstName”(将ecert标志设置为true)注册并注册用户

  4. 调用了一个链码以使用注册用户获取属性值

相关代码段如下:

Fabric-CA-Server配置文件

identities:
- name: admin
  pass: adminpw
  type: client
  affiliation: ""
  attrs:
     hf.Registrar.Roles: "*"
     hf.Registrar.DelegateRoles: "*"
     hf.Revoker: true
     hf.IntermediateCA: true
     hf.GenCRL: true
     hf.Registrar.Attributes: "firstName"
     hf.AffiliationMgr: true
     firstName: "*"

用于注册和注册用户的代码。

user = {
       enrollmentID: username,
       affiliation: orgName + '.department1',
       maxEnrollments: 5,
       role: 'client',
       attrs: [{ name: 'firstName', value: 'Mathan_sir', ecert: true }]
   }
   console.log(user);
   var enrollmentSecret = await fabric_CA_Client.register(user, admin);

   console.log('client registered');
   console.log('Successfully registered user - secret:' + enrollmentSecret);

   var enrollment = await fabric_CA_Client.enroll({
       enrollmentID: username,
       enrollmentSecret: enrollmentSecret,
       attr_reqs: [
           { name: "firstName", optional: false }
           // { name: "lastName", optional: false }
       ]
   });

Chaincode。

value, found, err := cid.GetAttributeValue(stub, "firstName")

if err != nil {
    return shim.Error("could not do abac")
}

fmt.Println("value is ", value)
fmt.Println("found is ", found)

登录Fabric-CA:

2018/07/17 04:23:00 [INFO] Created default configuration file at /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2018/07/17 04:23:00 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2018/07/17 04:23:00 [INFO] Server Version: 1.2.0-stable
2018/07/17 04:23:00 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2018/07/17 04:23:00 [DEBUG] Default CA configuration, if necessary, will be used to replace missing values for additional CAs: {Version:1.2.0-stable Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name: Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc420555bc0 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc4200ffec0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1 hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc4204e5080 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:0 NonceExpiration: NonceSweepInterval:}}
2018/07/17 04:23:00 [DEBUG] Additional CAs to be started: [/etc/hyperledger/fabric-ca-server/ca/ca-config.yaml]
2018/07/17 04:23:00 [INFO] Loading CA from /etc/hyperledger/fabric-ca-server/ca/ca-config.yaml
2018/07/17 04:23:00 [DEBUG] CA configuration after checking for missing values: &{Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:*]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:23:00 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server/ca and config {Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:23:00 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server/ca
2018/07/17 04:23:00 [DEBUG] Checking configuration file version '1.1.0' against server version: '1.2.0-stable'
2018/07/17 04:23:00 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc42059ec00 PluginOpts:<nil> Pkcs11Opts:<nil>}
2018/07/17 04:23:00 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc4205a1890 DummyKeystore:<nil>}
2018/07/17 04:23:00 [DEBUG] Initialize key material
2018/07/17 04:23:00 [DEBUG] Making CA filenames absolute
2018/07/17 04:23:00 [INFO] The CA key and certificate files already exist
2018/07/17 04:23:00 [INFO] Key file location: /etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk
2018/07/17 04:23:00 [INFO] Certificate file location: /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
2018/07/17 04:23:00 [DEBUG] Validating the CA certificate and key
2018/07/17 04:23:00 [DEBUG] Check CA certificate for valid dates
2018/07/17 04:23:00 [DEBUG] Check CA certificate for valid usages
2018/07/17 04:23:00 [DEBUG] Check CA certificate for valid IsCA value
2018/07/17 04:23:00 [DEBUG] Check that key type is supported
2018/07/17 04:23:00 [DEBUG] Check that key size is of appropriate length
2018/07/17 04:23:00 [DEBUG] Check that public key and private key match
2018/07/17 04:23:00 [DEBUG] Validation of CA certificate and key successful
2018/07/17 04:23:00 [DEBUG] Loading CN from existing enrollment information
2018/07/17 04:23:00 [DEBUG] Initializing DB
2018/07/17 04:23:00 [DEBUG] Initializing 'sqlite3' database at '/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db'
2018/07/17 04:23:00 [DEBUG] Using sqlite database, connect to database in home (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) directory
2018/07/17 04:23:00 [DEBUG] Creating SQLite database (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) if it does not exist...
2018/07/17 04:23:00 [DEBUG] Creating users table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating affiliations table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating certificates table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating credentials table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating revocation_authority_info table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating nonces table if it does not exist
2018/07/17 04:23:01 [DEBUG] Creating properties table if it does not exist
2018/07/17 04:23:02 [DEBUG] Successfully opened sqlite3 DB
2018/07/17 04:23:02 [DEBUG] Checking database schema...
2018/07/17 04:23:02 [DEBUG] Update SQLite schema, if using outdated schema
2018/07/17 04:23:02 [DEBUG] Upgrade identities table
2018/07/17 04:23:02 [DEBUG] Creating users table if it does not exist
2018/07/17 04:23:03 [DEBUG] Upgrade affiliation table
2018/07/17 04:23:03 [DEBUG] Creating affiliations table if it does not exist
2018/07/17 04:23:04 [DEBUG] Upgrade certificates table
2018/07/17 04:23:04 [DEBUG] Creating certificates table if it does not exist
2018/07/17 04:23:05 [DEBUG] Initializing identity registry
2018/07/17 04:23:05 [DEBUG] Initialized DB identity registry
2018/07/17 04:23:05 [DEBUG] DB: Get properties [identity.level affiliation.level certificate.level]
2018/07/17 04:23:05 [DEBUG] Checking database levels 'map[affiliation.level:0 certificate.level:0 identity.level:0]' against server levels '&{Identity:1 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}'
2018/07/17 04:23:05 [DEBUG] Loading identity table
2018/07/17 04:23:05 [DEBUG] Loading identity 'admin'
2018/07/17 04:23:05 [DEBUG] DB: Getting identity admin
2018/07/17 04:23:05 [DEBUG] Max enrollment value verification - User specified max enrollment: 0, CA max enrollment: -1
2018/07/17 04:23:05 [DEBUG] DB: Add identity admin
2018/07/17 04:23:05 [DEBUG] Successfully added identity admin to the database
2018/07/17 04:23:05 [DEBUG] Registered identity: { Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:-1 Attrs:map[hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:* hf.Registrar.DelegateRoles:*]  }
2018/07/17 04:23:05 [DEBUG] Successfully loaded identity table
2018/07/17 04:23:05 [DEBUG] Loading affiliations table
2018/07/17 04:23:05 [DEBUG] DB: Add affiliation org2
2018/07/17 04:23:06 [DEBUG] Affiliation 'org2' added
2018/07/17 04:23:06 [DEBUG] DB: Add affiliation org2.department1
2018/07/17 04:23:07 [DEBUG] Affiliation 'org2.department1' added
2018/07/17 04:23:07 [DEBUG] DB: Add affiliation org1
2018/07/17 04:23:07 [DEBUG] Affiliation 'org1' added
2018/07/17 04:23:07 [DEBUG] DB: Add affiliation org1.department1
2018/07/17 04:23:08 [DEBUG] Affiliation 'org1.department1' added
2018/07/17 04:23:08 [DEBUG] DB: Add affiliation org1.department2
2018/07/17 04:23:08 [DEBUG] Affiliation 'org1.department2' added
2018/07/17 04:23:08 [DEBUG] Successfully loaded affiliations table
2018/07/17 04:23:08 [DEBUG] Checking and performing migration, if needed
2018/07/17 04:23:18 [DEBUG] Initializing enrollment signer
2018/07/17 04:23:18 [DEBUG] No key found in BCCSP keystore, attempting fallback
2018/07/17 04:23:18 [DEBUG] validating configuration
2018/07/17 04:23:18 [DEBUG] validate local profile
2018/07/17 04:23:18 [DEBUG] profile is valid
2018/07/17 04:23:18 [DEBUG] validate local profile
2018/07/17 04:23:18 [DEBUG] profile is valid
2018/07/17 04:23:18 [DEBUG] validate local profile
2018/07/17 04:23:18 [DEBUG] profile is valid
2018/07/17 04:23:18 [DEBUG] CA initialization successful
2018/07/17 04:23:18 [INFO] The issuer key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/IssuerPublicKey, secret key is at: /etc/hyperledger/fabric-ca-server/msp/keystore/IssuerSecretKey
2018/07/17 04:23:18 [INFO] The revocation key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/IssuerRevocationPublicKey, private key is at: /etc/hyperledger/fabric-ca-server/msp/keystore/IssuerRevocationPrivateKey
2018/07/17 04:23:18 [DEBUG] Comparing DNs from certificates: /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem and /etc/hyperledger/fabric-ca-server/ca-cert.pem
2018/07/17 04:23:18 [DEBUG] Loading DNs from certificate /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
2018/07/17 04:23:18 [DEBUG] Loading DNs from certificate /etc/hyperledger/fabric-ca-server/ca-cert.pem
2018/07/17 04:23:18 [DEBUG] Check to see if two DNs are equal - &{issuer:CN=ca.org1.example.com,O=org1.example.com,L=San Francisco,ST=California,C=US subject:CN=ca.org1.example.com,O=org1.example.com,L=San Francisco,ST=California,C=US} and &{issuer:CN=example.com,OU=WWW,O=Internet Widgets\, Inc.,L=San Francisco,ST=California,C=US subject:CN=example.com,OU=WWW,O=Internet Widgets\, Inc.,L=San Francisco,ST=California,C=US}
2018/07/17 04:23:18 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
2018/07/17 04:23:18 [DEBUG] 2 CA instance(s) running on server
2018/07/17 04:23:18 [INFO] Listening on http://0.0.0.0:7054
2018/07/17 04:38:12 [DEBUG] Cleaning up expired nonces for CA 'ca-org1'
2018/07/17 04:38:18 [DEBUG] Cleaning up expired nonces for CA ''
2018/07/17 04:46:57 [DEBUG] Received request for /api/v1/enroll
2018/07/17 04:46:57 [DEBUG] ca.Config: &{Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:/etc/hyperledger/fabric-ca-server/ca/ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:ca.org1.example.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:*]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerPublicKey IssuerSecretKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerSecretKey RevocationPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerRevocationPublicKey RevocationPrivateKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerRevocationPrivateKey RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:46:57 [DEBUG] DB: Getting identity admin
2018/07/17 04:46:57 [DEBUG] DB: Login user admin with max enrollments of -1 and state of 0
2018/07/17 04:46:57 [DEBUG] DB: identity admin successfully logged in
2018/07/17 04:46:57 [DEBUG] DB: Getting identity admin
2018/07/17 04:46:57 [DEBUG] Processing sign request: id=admin, CommonName=admin, Subject=<nil>
2018/07/17 04:46:57 [DEBUG] Request is not for a CA signing certificate
2018/07/17 04:46:57 [DEBUG] Checking CSR fields to make sure that they do not exceed maximum character limits
2018/07/17 04:46:57 [DEBUG] Finished processing sign request
2018/07/17 04:46:57 [DEBUG] DB: Getting identity admin
2018-07-17T04:46:57.558556370Z 2018/07/17 04:46:57 [DEBUG] Attribute extension being added to certificate is: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a222a222c2268662e5265676973747261722e41747472696275746573223a2266697273744e616d65227d7d}
2018/07/17 04:46:57 [DEBUG] Adding attribute extension to CSR: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a222a222c2268662e5265676973747261722e41747472696275746573223a2266697273744e616d65227d7d}
2018/07/17 04:46:57 [INFO] signed certificate with serial number 624665886532998504441151201588115183399742601456
2018/07/17 04:46:57 [DEBUG] DB: Insert Certificate
2018/07/17 04:46:57 [DEBUG] Saved serial number as hex 6d6afcb3ed661e7f059b8a0b51829330fdfdf8f0
2018/07/17 04:46:57 [DEBUG] saved certificate with serial number 624665886532998504441151201588115183399742601456
2018/07/17 04:46:57 [DEBUG] Successfully incremented state for identity admin to 1
2018/07/17 04:46:57 [INFO] 172.18.0.1:47506 POST /api/v1/enroll 201 0 "OK"
2018/07/17 04:47:02 [DEBUG] Received request for /api/v1/register
2018/07/17 04:47:02 [DEBUG] Checking for revocation/expiration of certificate owned by 'admin'
2018/07/17 04:47:02 [DEBUG] DB: Get certificate by serial (6d6afcb3ed661e7f059b8a0b51829330fdfdf8f0) and aki (3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569)
2018/07/17 04:47:02 [DEBUG] DB: Getting identity admin
2018/07/17 04:47:02 [DEBUG] Successful token authentication of 'admin'
2018/07/17 04:47:02 [DEBUG] Received registration request from admin: { Name:vijay Type:client Secret:**** MaxEnrollments:5 Affiliation:org1.department1 Attributes:[{firstName Lohith true}] CAName:ca-org1  }
2018/07/17 04:47:02 [DEBUG] canRegister - Check to see if user 'admin' can register
2018/07/17 04:47:02 [DEBUG] Checking to see if caller 'admin' can act on type 'client'
2018/07/17 04:47:02 [DEBUG] Checking to see if caller 'admin' is a registrar
2018/07/17 04:47:02 [DEBUG] Validating affiliation: org1.department1
2018/07/17 04:47:02 [DEBUG] Checking to see if affiliation 'org1.department1' contains caller's affiliation ''
2018/07/17 04:47:02 [DEBUG] Caller has root affiliation
2018/07/17 04:47:02 [DEBUG] DB: Get affiliation org1.department1
2018/07/17 04:47:02 [DEBUG] Checking to see if registrar can register the requested attributes: [{Name:firstName Value:Lohith ECert:true}]
2018/07/17 04:47:02 [DEBUG] Validating that registrar with the following values for hf.Registrar.Attributes 'firstName' is authorized to register the requested attribute '&{Name:firstName Value:Lohith ECert:true}'
2018/07/17 04:47:02 [DEBUG] Checking if registrar can register attribute: firstName
2018/07/17 04:47:02 [DEBUG] Performing authorization check...
2018/07/17 04:47:02 [DEBUG] Registering user id: vijay
2018/07/17 04:47:02 [DEBUG] Max enrollment value verification - User specified max enrollment: 5, CA max enrollment: -1
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] DB: Add identity vijay
2018/07/17 04:47:02 [DEBUG] Successfully added identity vijay to the database
2018/07/17 04:47:02 [INFO] 172.18.0.1:47512 POST /api/v1/register 201 0 "OK"
2018/07/17 04:47:02 [DEBUG] Received request for /api/v1/enroll
2018/07/17 04:47:02 [DEBUG] ca.Config: &{Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:/etc/hyperledger/fabric-ca-server/ca/ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:ca.org1.example.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerPublicKey IssuerSecretKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerSecretKey RevocationPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerRevocationPublicKey RevocationPrivateKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerRevocationPrivateKey RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] DB: Login user vijay with max enrollments of 5 and state of 0
2018/07/17 04:47:02 [DEBUG] DB: identity vijay successfully logged in
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] Processing sign request: id=vijay, CommonName=vijay, Subject=<nil>
2018/07/17 04:47:02 [DEBUG] Request is not for a CA signing certificate
2018/07/17 04:47:02 [DEBUG] Checking CSR fields to make sure that they do not exceed maximum character limits
2018/07/17 04:47:02 [DEBUG] Finished processing sign request
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] Attribute extension being added to certificate is: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a224c6f68697468227d7d}
2018/07/17 04:47:02 [DEBUG] Adding attribute extension to CSR: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a224c6f68697468227d7d}
2018/07/17 04:47:02 [INFO] signed certificate with serial number 124540954052671924407683868974981960232864106719
2018/07/17 04:47:02 [DEBUG] DB: Insert Certificate
2018/07/17 04:47:02 [DEBUG] Saved serial number as hex 15d09c09d65b92d0f28dc7287fdd01d52764c8df
2018/07/17 04:47:02 [DEBUG] saved certificate with serial number 124540954052671924407683868974981960232864106719
2018/07/17 04:47:02 [DEBUG] Successfully incremented state for identity vijay to 1
2018/07/17 04:47:02 [INFO] 172.18.0.1:47516 POST /api/v1/enroll 201 0 "OK"

2 个答案:

答案 0 :(得分:1)

我建议尝试以下方法:

添加更多条件语句以评估应用程序出了什么问题,例如:

func (t* SimpleChaincode) get_attribute(stub shim.ChaincodeStubInterface, args []string) pb.Response {
 var attribute_name string
 if len(args) != 1 {
     return shim.Error("Incorrect number of arguments. Expecting only attribute name")
 }
 attribute_name = args[0]
 val, ok, err := cid.GetAttributeValue(stub, attribute_name)
 if err != nil {
     return shim.Error("Error retriving attribute " + attribute_name + ", error: " + err.Error())
 }
 if !ok {
     return shim.Error("User does not have attribute " + attribute_name)
 }
 return shim.Success([]byte(val))
}

查看有关如何查询链码的示例:

var Fabric_Client = require('fabric-client');
var path = require('path');
var util = require('util');
var os = require('os');

//
var fabric_client = new Fabric_Client();
var attribute = ''
var user = ''
if ((process.argv).length > 3) {
    user = process.argv[2]
    attribute = process.argv[3]
} else {
    console.log("Usage: node " + process.argv[1] + " username attribute")
    process.exit(1)
}
// setup the fabric network
var channel = fabric_client.newChannel('mychannel');
var peer = fabric_client.newPeer('grpc://peer0.org1.example.com:7051');
channel.addPeer(peer);

//
var member_user = null;
var store_path = path.join(__dirname, 'hfc-key-store');
console.log('Store path:'+store_path);
var tx_id = null;

// create the key value store as defined in the fabric-client/config/default.json 'key-value-store' setting
Fabric_Client.newDefaultKeyValueStore({ path: store_path
}).then((state_store) => {
    // assign the store to the fabric client
    fabric_client.setStateStore(state_store);
    var crypto_suite = Fabric_Client.newCryptoSuite();
    // use the same location for the state store (where the users' certificate are kept)
    // and the crypto store (where the users' keys are kept)
    var crypto_store = Fabric_Client.newCryptoKeyStore({path: store_path});
    crypto_suite.setCryptoKeyStore(crypto_store);
    fabric_client.setCryptoSuite(crypto_suite);

    // get the enrolled user from persistence, this user will sign all requests
    return fabric_client.getUserContext(user, true);
}).then((user_from_store) => {
    if (user_from_store && user_from_store.isEnrolled()) {
        console.log('Successfully loaded ' + user + ' from persistence');
        member_user = user_from_store;
    } else {
        throw new Error('Failed to get ' + user + ' run registerUser.js');
    }

    // queryCar chaincode function - requires 1 argument, ex: args: ['CAR4'],
    // queryAllCars chaincode function - requires no arguments , ex: args: [''],
    const request = {
        //targets : --- letting this default to the peers assigned to the channel
        chaincodeId: 'acl',
        fcn: 'get_attribute',
        args: [attribute]
    };

    // send the query proposal to the peer
    return channel.queryByChaincode(request);
}).then((query_responses) => {
    console.log("Query has completed, checking results");
    // query_responses could have more than one  results if there multiple peers were used as targets
    if (query_responses && query_responses.length == 1) {
        if (query_responses[0] instanceof Error) {
            console.error("error from query = ", query_responses[0]);
        } else {
            console.log("Response is ", query_responses[0].toString());
        }
    } else {
        console.log("No payloads were returned from query");
    }
}).catch((err) => {
    console.error('Failed to query successfully :: ' + err);
});

代码的源URL:https://gist.github.com/tboloo/e06e2a86f99fc8e7fca295daf4d3f34c

实施ABAC

我不清楚您如何使用Hyperledger Fabric来为ABAC实施决策。我的理解是Hyperledger Fabric并没有内置的体系结构来处理此问题(PDP等)。我建议使用XACML的实现从外部处理动态授权。

答案 1 :(得分:1)

如果您使用

        var tx_id = client.newTransactionID(true);

尝试将其设置为

        var tx_id = client.newTransactionID();