Hyperledger Fabric "fabric-ca-client" 错误代码:71 - 授权失败
Hyperledger Fabric "fabric-ca-client" Error Code: 71 - Authorization failure
我正在尝试使用 fabric-ca-client 列出 ca 服务器的身份,如下所示
fabric-ca-client identity list --id nameofidentityfromfabric-ca-server-config.yaml -u https://username:password@localhost:8054 --tls.certfiles <path to /tls/ca.crt> --mspdir <path to /peer0.org2.example.com/msp>
但是 ca 服务器响应如下错误
Error: Response from server: Error Code: 71 - Authorization failure
下面是fabric-ca-server-config.yaml
中的代码
identities:
- name: username
pass: password
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
fabric-ca 不使用密码身份验证(这是您尝试做的),它使用通过其证书和私钥从注册身份创建的令牌身份验证。您需要先注册您的 bootstrap 身份,在上面的示例中看起来是 username
,然后使用该注册身份执行 fabric-ca 注册任务。
文档中的这一部分提供了一些有关注册的更多详细信息https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#enrolling-the-bootstrap-identity,然后继续展示在您注册了 bootstrap 身份后执行其他任务的示例
问题是我还没有注册 bootstrap 身份。
下面的代码就是这样做的
const enrollment = await ca.enroll({ enrollmentID: 'adminusername', enrollmentSecret: 'adminpassword' });
const x509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.key.toBytes(),
},
mspId: 'Org2MSP',
type: 'X.509',
};
await wallet.put('admin', x509Identity);
注册 bootstrap 身份后,使用以下代码为该身份创建用户对象
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = await Wallets.newFileSystemWallet(walletPath);
const provider = wallet.getProviderRegistry().getProvider(adminIdentity.type);
const adminUser = await provider.getUserContext(adminIdentity, 'admin');
现在如下调用 FabricCAServices class 的 newIdentityService() 来获取身份列表。
const FabricCAServices = require('fabric-ca-client');
let connectionProfile = yaml.safeLoad(fs.readFileSync('../gateway/connection-org2.yaml', 'utf8'));
// Create a new CA client for interacting with the CA.
const caInfo = connectionProfile.certificateAuthorities['ca.org2.example.com'];
const caTLSCACerts = caInfo.tlsCACerts.pem;
const ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName);
let identityService = ca.newIdentityService();
let registeredidentities = await identityService.getAll(adminUser);
console.dir(registeredidentities, { depth: null })
我正在尝试使用 fabric-ca-client 列出 ca 服务器的身份,如下所示
fabric-ca-client identity list --id nameofidentityfromfabric-ca-server-config.yaml -u https://username:password@localhost:8054 --tls.certfiles <path to /tls/ca.crt> --mspdir <path to /peer0.org2.example.com/msp>
但是 ca 服务器响应如下错误
Error: Response from server: Error Code: 71 - Authorization failure
下面是fabric-ca-server-config.yaml
中的代码identities:
- name: username
pass: password
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
fabric-ca 不使用密码身份验证(这是您尝试做的),它使用通过其证书和私钥从注册身份创建的令牌身份验证。您需要先注册您的 bootstrap 身份,在上面的示例中看起来是 username
,然后使用该注册身份执行 fabric-ca 注册任务。
文档中的这一部分提供了一些有关注册的更多详细信息https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#enrolling-the-bootstrap-identity,然后继续展示在您注册了 bootstrap 身份后执行其他任务的示例
问题是我还没有注册 bootstrap 身份。 下面的代码就是这样做的
const enrollment = await ca.enroll({ enrollmentID: 'adminusername', enrollmentSecret: 'adminpassword' });
const x509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.key.toBytes(),
},
mspId: 'Org2MSP',
type: 'X.509',
};
await wallet.put('admin', x509Identity);
注册 bootstrap 身份后,使用以下代码为该身份创建用户对象
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = await Wallets.newFileSystemWallet(walletPath);
const provider = wallet.getProviderRegistry().getProvider(adminIdentity.type);
const adminUser = await provider.getUserContext(adminIdentity, 'admin');
现在如下调用 FabricCAServices class 的 newIdentityService() 来获取身份列表。
const FabricCAServices = require('fabric-ca-client');
let connectionProfile = yaml.safeLoad(fs.readFileSync('../gateway/connection-org2.yaml', 'utf8'));
// Create a new CA client for interacting with the CA.
const caInfo = connectionProfile.certificateAuthorities['ca.org2.example.com'];
const caTLSCACerts = caInfo.tlsCACerts.pem;
const ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName);
let identityService = ca.newIdentityService();
let registeredidentities = await identityService.getAll(adminUser);
console.dir(registeredidentities, { depth: null })