0

我已按照softHSM2 存储库安装和初始化令牌,但是当我使用 PKCS11 环境变量启动 fabric-ca-server 容器时,我得到无法初始化 BCCSP PKCS11:无效配置。它不能为零。根据fabric-ca docs,使用SoftHSM只需要4个(默认、库、引脚、标签)环境变量,但我尝试添加pkcs11下提到的所有字段,但问题仍然存在,不确定配置的哪一部分为零。

docker-compose-ca.yaml

version: '2'

networks: 
  org1_network:
      external: 
        name: org1_network

services: 
  
  ca_org1:
    image: hyperledger/fabric-ca:latest
    environment: 
      - GODEBUG=netdns=go
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_DEBUG=true
      - FABRIC_CA_SERVER_BCCSP_DEFAULT=PKCS11
      - FABRIC_CA_SERVER_BCCSP_PKCS11_HASH=SHA2
      - FABRIC_CA_SERVER_BCCSP_PKCS11_SECURITY=256
      - FABRIC_CA_SERVER_BCCSP_PKCS11_LIBRARY=/etc/hyperledger/fabric/libsofthsm2.so
      - FABRIC_CA_SERVER_BCCSP_PKCS11_PIN=98765432
      - FABRIC_CA_SERVER_BCCSP_PKCS11_FILEKEYSTORE_KEYSTORE=/etc/hyperledger/fabric-ca-server/msp
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/config.file
    ports: 
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b org1:adminpw -d'
    volumes: 
      - ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
      - ../../softhsm/config.file:/etc/hyperledger/fabric/config.file
      - /../../../usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
    container_name: ca_org1
    networks: 
      - org1_network

配置文件

# SoftHSM v2 configuration file

directories.tokendir = /tmp/
objectstore.backend = file
objectstore.umask = 0077

# ERROR, WARNING, INFO, DEBUG
log.level = DEBUG

# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false

# Enable and disable PKCS#11 mechanisms using slots.mechanisms.
slots.mechanisms = ALL

# If the library should reset the state on fork
library.reset_on_fork = false

fabric-ca-org1-container 日志

2021/07/11 21:22:08 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2021/07/11 21:22:08 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Set log level: 
2021/07/11 21:22:08 [INFO] Server Version: 1.5.1-snapshot-38527387
2021/07/11 21:22:08 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/07/11 21:22:08 [DEBUG] Making server filenames absolute
2021/07/11 21:22:08 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:1.5.1-snapshot-38527387 Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca.org1.example.com Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc00033e210 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[dc6f304f9d43 localhost] KeyRequest:0xc0000bf520 CA:0xc0001d5bf0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1]  }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc0001d5e00 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2021/07/11 21:22:08 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Checking configuration file version '1.5.1-snapshot-38527387' against server version: '1.5.1-snapshot-38527387'
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:0xc0001d5e60 PluginOpts:<nil> Pkcs11Opts:<nil>}
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc00035ee10 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/07/11 21:22:08 [DEBUG] Closing server DBs
Error: Failed to get BCCSP with opts: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil.
4

1 回答 1

0

我建议修改 fabric-ca-server (fabric-ca-server-config.yaml) 的配置文件,而不是尝试通过环境变量覆盖其中的条目,这正是您正在尝试做的。我相信问题是您不能覆盖配置文件中实际未定义的条目。

于 2021-07-12T06:47:34.100 回答