这是其中一个组织的 sdk 配置文件。
version: 1.0.0
#
# The client section used by GO SDK.
#
client:
# Which organization does this application instance belong to? The value must be the name of an org
# defined under "organizations"
organization: Seller
logging:
level: info
# Root of the MSP directories with keys and certs.
cryptoconfig:
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config
# Some SDKs support pluggable KV stores, the properties under "credentialStore"
# are implementation specific
credentialStore:
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration
# and enrollments are performed elswhere.
path: "/tmp/state-store"
# [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations
# requiring a key store. PKCS#11 based implementations does not.
cryptoStore:
# Specific to the underlying KeyValueStore that backs the crypto key store.
path: /tmp/msp
# BCCSP config for the client. Used by GO SDK.
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
systemCertPool: false
# [Optional]. Client key and cert for TLS handshake with peers and orderers
client:
key:
path:
cert:
path:
#
# [Optional]. But most apps would have this section so that channel objects can be constructed
# based on the content below. If an app is creating channels, then it likely will not need this
# section.
#
channels:
#[Required if _default not defined; Optional if _default defined].
# name of the channel
bzlchannel:
# list of orderers designated by the application to use for transactions on this
# channel. This list can be a result of access control ("FBI" can only access "ordererA"), or
# operational decisions to share loads from applications among the orderers. The values must
# be "names" of orgs defined under "organizations/peers"
# deprecated: not recommended, to override any orderer configuration items, entity matchers should be used.
# orderers:
# - orderer.baozhanglian.com
#[Required if _default peers not defined; Optional if _default peers defined].
# list of peers from participating orgs
peers:
peer0.seller.baozhanglian.com:
# [Optional]. will this peer be sent transaction proposals for endorsement? The peer must
# have the chaincode installed. The app can also use this property to decide which peers
# to send the chaincode install request. Default: true
endorsingPeer: true
# [Optional]. will this peer be sent query proposals? The peer must have the chaincode
# installed. The app can also use this property to decide which peers to send the
# chaincode install request. Default: true
chaincodeQuery: true
# [Optional]. will this peer be sent query proposals that do not require chaincodes, like
# queryBlock(), queryTransaction(), etc. Default: true
ledgerQuery: true
# [Optional]. will this peer be the target of the SDK's listener registration? All peers can
# produce events but the app typically only needs to connect to one to listen to events.
# Default: true
eventSource: true
peer0.buyer.baozhanglian.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.auctionhouse.baozhanglian.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
# list of participating organizations in this network
#
organizations:
Seller:
mspid: SellerMSP
# This org's MSP store (absolute path or relative to client.cryptoconfig)
cryptoPath: peerOrganizations/seller.baozhanglian.com/users/{username}@seller.baozhanglian.com/msp
peers:
- peer0.seller.baozhanglian.com
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
# network. Typically certificates provisioning is done in a separate process outside of the
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
# Fabric-CA servers.
certificateAuthorities:
- ca.seller.baozhanglian.com
# the profile will contain public information about organizations other than the one it belongs to.
# These are necessary information to make transaction lifecycles work, including MSP IDs and
# peers with a public URL to send transaction proposals. The file will not contain private
# information reserved for members of the organization, such as admin key and certificate,
# fabric-ca registrar enroll ID and secret, etc.
Buyer:
mspid: BuyerMSP
# This org's MSP store (absolute path or relative to client.cryptoconfig)
cryptoPath: peerOrganizations/buyer.baozhanglian.com/users/{username}@buyer.baozhanglian.com/msp
peers:
- peer0.buyer.baozhanglian.com
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
# network. Typically certificates provisioning is done in a separate process outside of the
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
# Fabric-CA servers.
certificateAuthorities:
- ca.buyer.baozhanglian.com
AuctionHouse:
mspid: AuctionHouseMSP
# This org's MSP store (absolute path or relative to client.cryptoconfig)
cryptoPath: peerOrganizations/auctionhouse.baozhanglian.com/users/{username}@auctionhouse.baozhanglian.com/msp
peers:
- peer0.auctionhouse.baozhanglian.com
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
# network. Typically certificates provisioning is done in a separate process outside of the
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
# Fabric-CA servers.
certificateAuthorities:
- ca.auctionhouse.baozhanglian.com
#
# List of orderers to send transaction and channel create/update requests to. For the time
# being only one orderer is needed. If more than one is defined, which one get used by the
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers.
#
orderers:
orderer.baozhanglian.com:
url: localhost:7050
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
ssl-target-name-override: orderer.baozhanglian.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/ordererOrganizations/baozhanglian.com/tlsca/tlsca.baozhanglian.com-cert.pem
#
# List of peers to send various requests to, including endorsement, query
# and event listener registration.
#
peers:
peer0.seller.baozhanglian.com:
# this URL is used to send endorsement and query requests
url: localhost:8051
eventUrl: localhost:8053
grpcOptions:
ssl-target-name-override: peer0.seller.baozhanglian.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/seller.baozhanglian.com/tlsca/tlsca.seller.baozhanglian.com-cert.pem
peer0.buyer.baozhanglian.com:
# this URL is used to send endorsement and query requests
url: localhost:7051
eventUrl: localhost:7053
grpcOptions:
ssl-target-name-override: peer0.buyer.baozhanglian.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/buyer.baozhanglian.com/tlsca/tlsca.buyer.baozhanglian.com-cert.pem
peer0.auctionhouse.baozhanglian.com:
# this URL is used to send endorsement and query requests
url: localhost:9051
eventUrl: localhost:9053
grpcOptions:
ssl-target-name-override: peer0.auctionhouse.baozhanglian.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/auctionhouse.baozhanglian.com/tlsca/tlsca.auctionhouse.baozhanglian.com-cert.pem
# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows
# certificate management to be done via REST APIs. Application may choose to use a standard
# Certificate Authority instead of Fabric-CA, in which case this section would not be specified.
#
certificateAuthorities:
ca.seller.baozhanglian.com:
url: localhost:8054
tlsCACerts:
# Comma-Separated list of paths
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/seller.baozhanglian.com/tlsca/tlsca.seller.baozhanglian.com-cert.pem
# Client key and cert for SSL handshake wit h Fabric CA
client:
key:
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/seller.baozhanglian.com/users/User1@seller.baozhanglian.com/tls/client.key
cert:
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/seller.baozhanglian.com/users/User1@seller.baozhanglian.com/tls/client.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: admin
enrollSecret: adminpw
# [Optional] The optional name of the CA.
caName: ca.seller.baozhanglian.com
ca.buyer.baozhanglian.com:
url: localhost:7054
tlsCACerts:
# Comma-Separated list of paths
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/buyer.baozhanglian.com/tlsca/tlsca.buyer.baozhanglian.com-cert.pem
# Client key and cert for SSL handshake with Fabric CA
client:
key:
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/buyer.baozhanglian.com/users/User1@buyer.baozhanglian.com/tls/client.key
cert:
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/buyer.baozhanglian.com/users/User1@buyer.baozhanglian.com/tls/client.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: admin
enrollSecret: adminpw
# [Optional] The optional name of the CA.
caName: ca.buyer.baozhanglian.com
ca.auctionhouse.baozhanglian.com:
url: localhost:9054
tlsCACerts:
# Comma-Separated list of paths
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/auctionhouse.baozhanglian.com/tlsca/tlsca.auctionhouse.baozhanglian.com-cert.pem
# Client key and cert for SSL handshake wit h Fabric CA
client:
key:
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/auctionhouse.baozhanglian.com/users/User1@auctionhouse.baozhanglian.com/tls/client.key
cert:
path: ${GOPATH}/src/github.com/baozhanglian/fixtures/crypto-config/peerOrganizations/auctionhouse.baozhanglian.com/users/User1@auctionhouse.baozhanglian.com/tls/client.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: admin
enrollSecret: adminpw
# [Optional] The optional name of the CA.
caName: ca.auctionhouse.baozhanglian.com
# EntityMatchers enable substitution of network hostnames with static configurations
# so that properties can be mapped. Regex can be used for this purpose
# UrlSubstitutionExp can be empty which means the same network hostname will be used
# UrlSubstitutionExp can be given same as mapped peer url, so that mapped peer url can be used
# UrlSubstitutionExp can have golang regex matchers like $1.local.example.$2:$3 for pattern
# like peer0.teachers.baozhanglian.com:1234 which converts peer0.teachers.baozhanglian.com to peer0.FBI.local.baozhanglian.com:1234
# sslTargetOverrideUrlSubstitutionExp follow in the same lines as
# SubstitutionExp for the fields gprcOptions.ssl-target-name-override respectively
# In any case mappedHost's config will be used, so mapped host cannot be empty, if entityMatchers are used
#entityMatchers:
#entityMatchers:
# peer:
# - pattern: (\w+).teachers.baozhanglian.com:(\d+)
# urlSubstitutionExp: $1.teachers.baozhanglian.com:$2
# sslTargetOverrideUrlSubstitutionExp: $1.teachers.baozhanglian.com
# mappedHost: peer0.teachers.baozhanglian.com
#
#
# - pattern: (\w+).example1.(\w+):(\d+)
# urlSubstitutionExp: $1.teachers.baozhanglian.com.$2:$3
# sslTargetOverrideUrlSubstitutionExp: $1.teachers.baozhanglian.com.$2
# mappedHost: peer0.teachers.baozhanglian.com
#
# - pattern: (\w+).teachers.baozhanglian.com.(\w+):(\d+)
# urlSubstitutionExp: peer0.teachers.baozhanglian.com:7051
# sslTargetOverrideUrlSubstitutionExp: peer0.teachers.baozhanglian.com
# mappedHost: peer0.teachers.baozhanglian.com
#
# orderer:
# - pattern: (\w+).example.(\w+)
# urlSubstitutionExp: orderer.baozhanglian.com:7050
# sslTargetOverrideUrlSubstitutionExp: orderer.baozhanglian.com
# mappedHost: orderer.baozhanglian.com
#
# - pattern: (\w+).example2.(\w+)
# urlSubstitutionExp: localhost:7050
# sslTargetOverrideUrlSubstitutionExp: localhost
# mappedHost: orderer.baozhanglian.com
#
# - pattern: (\w+).example3.(\w+)
# urlSubstitutionExp:
# sslTargetOverrideUrlSubstitutionExp:
# mappedHost: orderer.baozhanglian.com
#
# - pattern: (\w+).example4.(\w+):(\d+)
# urlSubstitutionExp: $1.example.$2:$3
# sslTargetOverrideUrlSubstitutionExp: $1.example.$2
# mappedHost: orderer.baozhanglian.com
#
# certificateAuthority:
# - pattern: (\w+).teachers.baozhanglian.com.(\w+)
# urlSubstitutionExp:
# mappedHost: ca.teachers.baozhanglian.com
#
entityMatchers:
peer:
- pattern: (\w*)peer0.seller.baozhanglian.com(\w*)
urlSubstitutionExp: localhost:8051
eventUrlSubstitutionExp: localhost:8053
sslTargetOverrideUrlSubstitutionExp: peer0.seller.baozhanglian.com
mappedHost: peer0.seller.baozhanglian.com
- pattern: (\w*)peer0.buyer.baozhanglian.com(\w*)
urlSubstitutionExp: localhost:7051
eventUrlSubstitutionExp: localhost:7053
sslTargetOverrideUrlSubstitutionExp: peer0.buyer.baozhanglian.com
mappedHost: peer0.buyer.baozhanglian.com
- pattern: (\w*)peer0.auctionhouse.baozhanglian.com(\w*)
urlSubstitutionExp: localhost:9051
eventUrlSubstitutionExp: localhost:9053
sslTargetOverrideUrlSubstitutionExp: peer0.auctionhouse.baozhanglian.com
mappedHost: peer0.auctionhouse.baozhanglian.com
orderer:
- pattern: (\w*)orderer.baozhanglian.com(\w*)
urlSubstitutionExp: localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.baozhanglian.com
mappedHost: orderer.baozhanglian.com
certificateAuthorities:
- pattern: (\w*)ca.seller.baozhanglian.com(\w*)
urlSubstitutionExp: localhost:8054
mappedHost: ca.seller.baozhanglian.com
- pattern: (\w*)ca.buyer.baozhanglian.com(\w*)
urlSubstitutionExp: localhost:7054
mappedHost: ca.buyer.baozhanglian.com
- pattern: (\w*)ca.auctionhouse.baozhanglian.com(\w*)
urlSubstitutionExp: localhost:9054
mappedHost: ca.auctionhouse.baozhanglian.com