進(jìn)入測(cè)試目錄

cd $GOPATH/src/github.com/hyperledger/fabric/examples/e2e_cli

docker-compose-cli.yaml為org1添加ca容器

ca0: 
  image: hyperledger/fabric-ca 
  environment: 
    - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server 
    - FABRIC_CA_SERVER_CA_NAME=ca0 
    - FABRIC_CA_SERVER_TLS_ENABLED=false 
  ports: 
    - "7054:7054" 
  command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${PRIVATE_KEY} -b admin:adminpw -d' 
  volumes: 
    - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config 
  container_name: ca0
  
ca.certfile CA的根證書(shū)
ca.keyfile 給新用戶簽發(fā)證書(shū)時(shí)的私鑰
-b參數(shù)指定了CA Client連接CA Server時(shí)使用的用戶名密碼

修改network_setup.sh腳本帶入CA容器啟動(dòng)的參數(shù)

folder="crypto-config/peerOrganizations/org1.example.com/ca" 
privName="" 
for file_a in ${folder}/* 
do 
  temp_file=`basename $file_a`

  if [ ${temp_file##*.} != "pem" ];then 
    privName=$temp_file 
  fi 
done 
echo $privName

CHANNEL_NAME=$CH_NAME TIMEOUT=$CLI_TIMEOUT docker-compose -f $COMPOSE_FILE up -d 2>&1
修改為
CHANNEL_NAME=$CH_NAME TIMEOUT=$CLI_TIMEOUT PRIVATE_KEY=$privName docker-compose -f $COMPOSE_FILE up -d 2>&1

啟動(dòng)fabric網(wǎng)絡(luò)

./network_setup.sh up

下載并安裝Fabric CA Client

git clone https://github.com/hyperledger/fabric-ca $GOPATH/src/github.com/hyperledger/fabric-ca
cd $GOPATH/src/github.com/hyperledger/fabric-ca
make all
cp -f bin/* $GOPATH/bin/

注冊(cè)認(rèn)證管理員

export FABRIC_CA_CLIENT_HOME=$HOME/ca && fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
$HOME/ca目錄下會(huì)創(chuàng)建fabric-ca-client-config.yaml文件和一個(gè)msp文件夾

注冊(cè)新用戶

fabric-ca-client register --id.name devin --id.type user --id.affiliation org1.department1 --id.attrs 'hf.Revoker=true,foo=bar'
2017/10/19 16:44:57 [INFO] User provided config file: /root/ca/fabric-ca-client-config.yaml
2017/10/19 16:44:57 [INFO] Configuration file location: /root/ca/fabric-ca-client-config.yaml
Password: vpjiGEcqJUHN

用密碼vpjiGEcqJUHN為用戶devin生成私鑰和證書(shū)

fabric-ca-client enroll -u http://devin:vpjiGEcqJUHN@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/devinmsp

拷貝新用戶私鑰和證書(shū)

cd $GOPATH/src/github.com/hyperledger/fabric/examples/e2e_cli/crypto-config/peerOrganizations/org1.example.com/users
mkdir devin
cp -rf ~/ca/devinmsp devin/msp

mkdir devin/msp/admincerts
cp devin/msp/signcerts/cert.pem devin/msp/admincerts/

創(chuàng)建測(cè)試鏈碼用于驗(yàn)證用戶

cd $GOPATH/src/github.com/hyperledger/fabric/examples/chaincode/go/
mkdir test1 && cd test1/
vim test1.go

package main

import (
    "bytes"
    "crypto/x509"
    "encoding/pem"
    "fmt"
    "github.com/hyperledger/fabric/core/chaincode/shim"
    pb "github.com/hyperledger/fabric/protos/peer"
)

type SimpleChaincode struct {
}

func (t *SimpleChaincode) Init(stub shim.ChaincodeStubInterface) pb.Response {
    return shim.Success(nil)
}

func (t *SimpleChaincode) Invoke(stub shim.ChaincodeStubInterface) pb.Response {
    function, args := stub.GetFunctionAndParameters()
    fmt.Println("invoke is running " + function)
    if function == "cert" {
        return t.testCertificate(stub, args)
    }

    return shim.Error("Received unknown function invocation")
}

func (t *SimpleChaincode) testCertificate(stub shim.ChaincodeStubInterface, args []string) pb.Response {
    creatorByte, _ := stub.GetCreator()
    certStart := bytes.IndexAny(creatorByte, "-----")
    if certStart == -1 {
        fmt.Errorf("No certificate found")
    }

    certText := creatorByte[certStart:]
    bl, _ := pem.Decode(certText)
    if bl == nil {
        fmt.Errorf("Could not decode the PEM structure")
    }
    fmt.Println(string(certText))

    cert, err := x509.ParseCertificate(bl.Bytes)
    if err != nil {
        fmt.Errorf("ParseCertificate failed")
    }
    fmt.Println(cert)

    uname := cert.Subject.CommonName
    fmt.Println("Name" + uname)

    return shim.Success([]byte("Called testCertificate " + uname))
}

func main() {
    err := shim.Start(new(SimpleChaincode))
    if err != nil {
        fmt.Printf("Error starting SimpleChaincode: %s", err)
    }
}

進(jìn)入cli安裝并執(zhí)行鏈碼

docker exec -it cli bash

peer chaincode install -n test1 -v 1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/test1
ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer chaincode instantiate -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA -C mychannel -n test1 -v 1.0 -c '{"Args":[]}'
peer chaincode query -C mychannel -n test1 -c '{"Args":["cert"]}'

Query Result: Called testCertificate Admin@org1.example.com

驗(yàn)證新用戶

仍舊在cli中執(zhí)行
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/devin/msp
peer chaincode query -C mychannel -n test1 -c '{"Args":["cert"]}'

Query Result: Called testCertificate devin

參考文檔

Fabric CA環(huán)境的集成
http://www.cnblogs.com/studyzy/p/7482451.html