0

我正在尝试遵循超级账本结构教程 [1] 并让 Node.js SDK 与我的网络一起运行。我已经在我的 ca 服务器上成功注册了管理员,但是,在尝试下一步(注册新用户)时,我收到关于使用自签名证书的错误。

我什至不明白错误指的是哪个证书。CA 服务器使用的显然是自签名的,因为它们是根证书。adminIdentity 的证书来自 CA 服务器本身,在前面的注册步骤中获得。

我的 ca-server 容器上的日志不包含任何错误,触发请求甚至不会在那里产生任何日志条目。

(未更改的)示例代码显然工作fabric-samples/fabcarfabric-samples/basic-network很好。据我所知,SDK 代码在功能上与示例相同,因此我怀疑错误隐藏在配置中的某个位置。

这是我的registerUser.js文件:

/*
 * SPDX-License-Identifier: Apache-2.0
 */

'use strict';

const FabricCAServices = require('fabric-ca-client');
const { FileSystemWallet, X509WalletMixin } = require('fabric-network');
const fs = require('fs');
const path = require('path');

const ccpPath = path.resolve(__dirname, '..', '..', 'fabric-network', 'connection.json');
const ccpJSON = fs.readFileSync(ccpPath, 'utf8');
const ccp = JSON.parse(ccpJSON);

async function main() {
    try {

        // Create a new CA client for interacting with the CA.
        const caURL = ccp.certificateAuthorities['ca.org1.org'].url;
        const ca = new FabricCAServices(caURL);

        // Create a new file system based wallet for managing identities.
        const walletPath = path.join(process.cwd(), 'org1', 'wallet');
        const wallet = new FileSystemWallet(walletPath);
        console.log(`Wallet path: ${walletPath}`);

        // Check to see if we've already enrolled the admin user.
        const adminExists = await wallet.exists('admin');
        if (adminExists) {
            console.log('An identity for the admin user "admin" already exists in the wallet');
            return;
        }

        // Enroll the admin user, and import the new identity into the wallet.
        const enrollment = await ca.enroll({ enrollmentID: 'admin', enrollmentSecret: 'adminpw' });
        const identity = X509WalletMixin.createIdentity('Org1MSP', enrollment.certificate, enrollment.key.toBytes());
        wallet.import('admin', identity);
        console.log('Successfully enrolled admin user "admin" and imported it into the wallet');

    } catch (error) {
        console.error(`Failed to enroll admin user "admin": ${error}`);
        process.exit(1);
    }
}

main();

...和我的connection.json文件:

{
    "name": "OrganisationOne",
    "version": "1.0.0",
    "client": {
        "organization": "Org1",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300"
                }
            }
        }
    },
    "organizations": {
        "Org1": {
            "mspid": "Org1MSP",
            "peers": [
                "peer0.org1.org",
                "peer1.org1.org"
            ],
      "certificateAuthorities": [
        "ca.org1.org"
      ]
        }
    },
    "peers": {
        "peer0.org1.org": {
            "url": "grpcs://localhost:7051",
            "tlsCACerts": {
                "path": "crypto-config/peerOrganizations/org1.org/tlsca/tlsca.org1.org-cert.pem"
            },
            "grpcOptions": {
                "ssl-target-name-override": "peer0.org1.org"
            }
        },
        "peer1.org1.org": {
            "url": "grpcs://localhost:8051",
            "tlsCACerts": {
                "path": "crypto-config/peerOrganizations/org1.org/tlsca/tlsca.org1.org-cert.pem"
            },
            "grpcOptions": {
                "ssl-target-name-override": "peer1.org1.org"
            }
        }
    },
  "certificateAuthorities": {
    "ca.org1.org": {
      "url": "https://localhost:7054",
      "caName": "ca.org1.org"
    }
  }
}

我希望用户成功注册,但我收到以下错误:

Failed to register user "user1": Error: Calling register endpoint failed with error [Error: self signed certificate]

我可以做些什么来修复这个错误,甚至获得更多有用的信息?

4

2 回答 2

0

certificateAuthorities属性的 connection.json 文件中指定这个

 "httpOptions": {
                "verify": false
            }

它对我有用

于 2020-03-17T10:22:19.953 回答
0

最近自己打了,我应该知道的更好;)

该错误是因为注册用户的 CLI 不喜欢从 CA 接收回自签名证书。在许多环境中,这是默认设置,因此在 1.4.10 中听到默认更改为 false 会很有帮助。

于 2020-07-09T14:20:40.503 回答