我正在尝试通过超级账本结构节点sdk创建频道,但遇到以下错误。
由于错误而从172.25.0.1:34196拒绝广播配置消息:验证新通道'arun1'的通道创建事务的错误,无法成功将更新应用于模板配置:错误授权更新:验证DeltaSet的错误:[Group的策略] /渠道/应用程序不满足:隐式策略评估失败-满足0个子策略,但是此策略需要满足“管理员”子策略中的1个]
这是我的Nodes方法
try {
console.log("api hit");
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.exists('user2');
if (!userExists) {
console.log('An identity for the user "user2" does not exist in the wallet');
console.log('Run the registerUser.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccpPath, { wallet, identity: 'user2', discovery: { enabled: false, asLocalhost: true } });
var client = gateway.getClient()
// first read in the file, this gives us a binary config envelope
let envelope_bytes = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/channel-artifacts/channel1.tx'));
let adminKey = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/keystore/pem.key'));
let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/ca.org1.example.com-cert.pem'));
client.setAdminSigningIdentity(adminKey.toString(),adminCert.toString(),"Org1MSP")
console.log(`admin key===== ${adminKey}`);
console.log(`admin cert===== ${adminCert}`);
// have the nodeSDK extract out the config update
var signatures = new Array();
var config_update = client.extractChannelConfig(envelope_bytes);
var configSignature=client.signChannelConfig(config_update)
signatures.push(configSignature);
// create an orderer object to represent the orderer of the network
var orderer=client.getOrderer("orderer.example.com")
let request = {
config: config_update, //the binary config
signatures: signatures, // the collected signatures
name: 'arun1', // the channel name
orderer: orderer, //the orderer from above
txId: client.newTransactionID(true) //the generated transaction id
};
console.log(`configupdate${config_update}`);
// this call will return a Promise
console.log("Transaction sent 2");
const result = await client.createChannel(request)
return {
status: 200,
data: {
data: JSON.parse(result.toString())
}
};
} catch (error) {
console.error(`Failed to evaluate transaction: ${error}`);
// process.exit(1);
return {
status: 400,
data: {
data: `${error}`
}
};
}
这是我的connection.json
{
"name": "first-network-org1",
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"adminPrivateKey": {
"path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/keystore/pem.key"
},
"signedCert": {
"path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/ca.org1.example.com-cert.pem"
},
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://localhost:7050",
"tlsCACerts": {
"path": "crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
}
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://localhost:7051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
}
},
"peer1.org1.example.com": {
"url": "grpcs://localhost:8051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.example.com"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"httpOptions": {
"verify": false
}
}
}
}
我认为这可能是Fabric安全性的问题,而不是您的代码的问题。
您的Fabric设置如何,您使用的是configtx.yaml的“旧”副本吗?我不知道它何时更改,但是现在您需要在configtx.yaml中指定通道策略,因此在文件的“个人资料”部分下将需要一行,例如<<: *ChannelDefaults。因此,例如:
Profiles:
ThreeOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
constrade:
Organizations:
- *Org1
- *Org2
- *Org3
ThreeOrgsChannel:
Consortium: constrade
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities
并且您显然会需要在文件的ChannelDefaults部分中定义的策略。
[fabric-samples中最新的第一网络示例具有正确的文件格式。
根据您的错误响应,它被拒绝,因为您在创建新频道时未通过管理员凭据。
这是一个结构频道编写者政策,只有管理员才能创建频道
"adminPrivateKey": {
"path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/keystore/pem.key
您确定是pem.key吗?
我发现错误,我的admincert路径错误
let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/ca.org1.example.com-cert.pem'));
用管理员证书替换了证书
let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/admincerts/[email protected]'));