我想试试 Fabric 1.3 版本引入的 idemix 功能。基于回购。为了支持 idemix,我做了一些更改。但是当我运行时java -cp blockchain-client.jar org.example.chaincode.invocation.InvokeChaincode
,顺便说一句,我省略了注册和注册用户的步骤 5,我遇到了
2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms` from peer container.
我用最少的组件建立了一个结构网络。两个组织,每个组织都有两个对等点和一个 CA。该演示来自repo。不支持 idemix 功能的演示网络运行良好。当我将 idemix 部分添加到 configtx.yaml 时,重新生成加密材料,创建通道等。网络终于启动了。所有容器都运行良好。但是我使用 java-sdk 与 fab car 链代码进行交互,抛出了上述错误信息。
以下来自 configtx.yaml 文件(此处仅显示关键部分):
组织:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
- &Org1Idemix
Name: idemixMSP1
ID: idemixMSPID1
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org3.example.com
- &Org2Idemix
Name: idemixMSP2
ID: idemixMSPID2
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org4.example.com
能力:频道:&ChannelCapabilities V1_3:真
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
#V1_2: false
#V1_1: false
应用程序:&ApplicationDefaults 组织:通道:&ChannelDefaults 策略:读者:类型:ImplicitMeta 规则:“任何读者”
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
配置文件:TwoOrgsOrdererGenesis:功能:<<:*ChannelCapabilities 订购者:<<:*OrdererDefaults 组织:- *OrdererOrg 功能:<<:*OrdererCapabilities 联盟:SampleConsortium:组织:- *Org1 - *Org2 - *Org1Idemix - *Org2Idemix 应用程序: <<: *ApplicationDefaults Organizations: - *OrdererOrg Capabilities: <<: *ApplicationCapabilities TwoOrgsChannel: Consortium: SampleConsortium Application: <<: *ApplicationDefaults Organizations:- *Org1 - *Org2 - *Org1Idemix - *Org2Idemix 功能:<<: *ApplicationCapabilities
在创建通道客户端之前,我在 InvokeChaincode.java 中添加的代码如下:
// org/example/chaincode/invocation.java
UserContext normalUserContext = new UserContext();
String name = "user"+System.currentTimeMillis();
normalUserContext.setName(name);
normalUserContext.setAffiliation(Config.ORG1);
normalUserContext.setMspId(Config.ORG3_IDEMIX_MSP);
String enrollmentSecret = caClient.registerUser(name, Config.ORG1);
normalUserContext = caClient.idemixEnrollUser(normalUserContext, enrollmentSecret,normalUserContext.getMspId());
FabricClient fabClient = new FabricClient(normalUserContext);
配置文件添加代码:
// org/example/config/Config.java
public static final String ORG3 = "org3";
public static final String ORG3_IDEMIX_MSP = "idemixMSPID1";
并且 docker-composer.yaml 文件保持不变。使用的所有图像都是 1.4.1
我希望背书节点能够在启用 idemix 的情况下验证来自客户端的 tx 提案。但现在同行方报告2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms
我不知道为什么。我猜如果对等点不支持 idemix tx 验证。是否有一些开关未在对等点上打开?帮助。任何答复将不胜感激。