我想尝试Fabric 1.3版本引入的idemix功能。基于repo。我做了一些更改以支持idemix。但是当我运行java -cp blockchain-client.jar org.example.chaincode.invocation.InvokeChaincode
,btw时,我省略了注册和注册用户的第5步,遇到了
2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms` from peer container.
我用最少的组件建立了一个光纤网络。两个组织,每个组织都有两个对等方和一个CA。该演示来自repo。不支持idemix功能的演示网络运行良好。当我将idemix部分添加到configtx.yaml时,重新生成加密材料,创建通道等。网络终于启动了。所有容器都工作良好。但是我使用java-sdk与fab car chaincode进行了交互,抛出了以上错误信息。
以下内容来自configtx.yaml文件(此处仅显示关键部分):
组织:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
- &Org1Idemix
Name: idemixMSP1
ID: idemixMSPID1
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org3.example.com
- &Org2Idemix
Name: idemixMSP2
ID: idemixMSPID2
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org4.example.com
功能: 频道:&ChannelCapabilities V1_3:是
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
#V1_2: false
#V1_1: false
应用程序:&ApplicationDefaults 机构: 频道:&ChannelDefaults 政策: 读者: 类型:ImplicitMeta 规则:“任何读者”
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
个人资料: TwoOrgsOrdererGenesis: 能力: <<:*频道功能 订购者: <<:* OrdererDefaults 机构: -*订购者组织 能力: <<:*订购者能力 财团: SampleConsortium: 机构: -*组织1 -*组织2 -* Org1Idemix -* Org2Idemix 应用: <<:* ApplicationDefaults 机构: -*订购者组织 能力: <<:*应用程序功能 TwoOrgsChannel: 财团:SampleConsortium 应用: <<:* ApplicationDefaults 机构: -*组织1 -*组织2 -* Org1Idemix -* Org2Idemix 能力: <<:* ApplicationCapabilities
在创建频道客户端之前,我在InvokeChaincode.java中添加的代码如下:
// org/example/chaincode/invocation.java
UserContext normalUserContext = new UserContext();
String name = "user"+System.currentTimeMillis();
normalUserContext.setName(name);
normalUserContext.setAffiliation(Config.ORG1);
normalUserContext.setMspId(Config.ORG3_IDEMIX_MSP);
String enrollmentSecret = caClient.registerUser(name, Config.ORG1);
normalUserContext = caClient.idemixEnrollUser(normalUserContext, enrollmentSecret,normalUserContext.getMspId());
FabricClient fabClient = new FabricClient(normalUserContext);
在配置文件中添加了代码:
// org/example/config/Config.java
public static final String ORG3 = "org3";
public static final String ORG3_IDEMIX_MSP = "idemixMSPID1";
并且docker-composer.yaml文件保持不变。 使用的所有图像均为1.4.1
我希望背书者对等方能够在启用idemix的情况下验证来自客户端的发送提议。但是现在,对等方报告2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms
我不知道为什么。我想如果一个对等点不支持idemix tx验证。是否有一些未在同级上打开的交换机?救命。任何答复将是感激的。