我在运行IBM提供的官方代码,enrollAdmin.js运行成功了,但是我的enrollUser.js一直在报错,以下是enrollUser.js的代码
Fabric_Client.newDefaultKeyValueStore({path: store_path
}).then((state_store) =>{
// assign the store to the fabric client
fabric_client.setStateStore(state_store);
var crypto_suite = Fabric_Client.newCryptoSuite();
// use the same location for the state store (where the users' certification are kept)
// and the crypto store (where the users' keys are kept)
var crypto_store = Fabric_Client.newCryptoKeyStore({path: store_path});
crypto_suite.setCryptoKeyStore(crypto_store);
fabric_client.setCryptoSuite(crypto_suite);
var tlsOptions = {
trustedRoots: [],
verify: false
};
// be sure to change http to https when CA is running TLS enabled
fabric_ca_client = new Fabric_CA_Client('http://localhost:7054', tlsOptions, 'ca.example.com', crypto_suite);
// first check to see if the admin is already enrolled
return fabric_client.getUserContext('admin', true);
}).then((user_from_store) => {
if (user_from_store && user_from_store.isEnrolled()) {
console.log('Successfully loaded admin from persistence');
admin_user = user_from_store;
} else {
throw new Error('Failed to get admin... run enrollAdmin.js');
}
// at this point we should have the admin user
// first need to register the user with the CA server
return fabric_ca_client.register({enrollmentID: 'user1', affiliation: 'org1.department1', role: 'client'}, admin_user);
}).then((secret) => {
// next we need to enroll the user with CA server
console.log('Successfully registered user1 - secret' + secret);
return fabric_ca_client.enroll({ enrollmentID: 'user1', enrollmentSecret: secret } );
}).then((enrollment) => {
console.log('Successfully enrolled member user "user1"');
return fabric_client.createUser({
username: 'user1',
mspid: 'Org1MSP',
cryptoContent: {privateKeyPEM: enrollment.key.toBytes(), signedCertPEM: enrollment.certificate}
});
}).then((user) => {
member_user = user;
return fabric_client.setUserContext(member_user);
}).then(() => {
console.log('User1 was successfully registered and enrolled and is ready to interact with the fabric network');
}).catch((err) => {
console.error('failed to register:' + err);
if (err.toString().indexOf('Authorization') > -1) {
console.error('Authorization failures may be caused by having admin credentials from a previous CA instance.\n' +
'Try again after deleting the contents of the store dircetory' + store_path);
}
});然后终端提示是
Successfully loaded admin from persistence
Failed to register: Error: fabric-ca request register failed with errors [[ { code: 20, message: 'Authorization failure' } ]]
Authorization failures may be caused by having admin credentials from a previous CA instance.
Try again after deleting the contents of the store directory /home/swenw/hyfa/fabric-samples/fish/fishnetwork/webapp/hfc-key-store我看了看docker的ca日志
2021/03/13 06:48:59 [DEBUG] Received request for /api/v1/register
2021/03/13 06:49:00 [DEBUG] Received registration request from : { Name:user1 Type:client Secret:**** MaxEnrollments:1 Affiliation:org1.department1 Attributes:[] CAName:ca.example.com }
2021/03/13 06:49:00 [INFO] 172.23.0.1:60634 POST /api/v1/register 401 25 "Invalid token in authorization header: Token signature validation failed"请问这个问题该怎么解决
解决办法是删掉hfc-key-store重新生成,试了很多次都没成功,最后不知道咋成功了,玄学
您需要在fabric-ca上注册一个具有注册用户能力的ID。
然后,您需要使用该ID注册要用于订购者的ID。
然后,您将在订购者容器中使用enroll命令(不注册)。
FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca
FABRIC_CA_SERVER_CSR_CN=rca-orderer
FABRIC_CA_SERVER_CSR_HOSTS=rca-orderer
#初始化 CA
fabric-ca-server init -b $BOOTSTRAP_USER_PASS
cp $FABRIC_CA_SERVER_HOME/ca-cert.pem /data/ca-certs/rca-orderer.pem
#加上自定义orgs:
aff="orderer: []\n org1: []\n org2: []"
aff="${aff#\\n }"
sed -i "/affiliations:/a \\ $aff" \
$FABRIC_CA_SERVER_HOME/fabric-ca-server-config.yaml
# 开始启动根服务 CA
fabric-ca-server start
export FABRIC_CA_CLIENT_HOME=$HOME/ca-admins/rca-orderer
export FABRIC_CA_CLIENT_TLS_CERTFILES=/data/ca-certs/rca-orderer.pem
fabric-ca-client enroll -d -u https://rca-orderer-admin:adminpw@rca-orderer:7054
ORDERER_NAME=orderer0
ORDERER_PASS=adminpw
fabric-ca-client register -d --id.name $ORDERER_NAME --id.secret $ORDERER_PASS --id.type orderer
https://blog.csdn.net/it_zhouzhenfeng/article/details/86096525