Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to set the endorsement strategy for Fabric2.0. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

1. Endorsement policy definition

The intelligent contract endorsement strategy is used to define the judgment conditions of whether the transaction is legal or not, and the strategy is expressed in the form of the subject. The principal format is' MSP.ROLE', MSP for the required MSPID, and ROLE represents the role. There are four legal roles: member, admin, client, and peer.

two。 Endorsement strategy grammar

The syntax of the endorsement strategy is as follows: EXPR (E [, E...]) EXPR can be AND, OR, OutOf,E can be the body of one of the above examples or another nested EXPR policy. The example is as follows: AND ('Org1.member',' Org2.member', 'Org3.member'): requires each of the three principals to sign. OR ('Org1.member',' Org2.member'): requires at least one principal signature among the three principals. OR ('Org1.member', AND (' Org2.member', 'Org3.member')): requires both the signature of the principal Org1.member and the signature of at least one principal in the principal Org2.member and Org3.member. OutOf (2, 'Org1.member',' Org2.member', 'Org3.member'): requires at least two principal signatures out of three principals.

3. Set endorsement policy

There are two main ways to set the endorsement strategy of fabric2.0 intelligent contract, one is through the contract submission, we call it the contract-level endorsement strategy, and the other is directly through the contract dynamic setting, we call it the key-level endorsement strategy.

3.1 contract level endorsement policy settings

The so-called contract-level endorsement strategy means that all transactions in this contract must follow this strategy, that is, no endorsement strategy is set by default, the contract endorsement strategy is majority of channel members, more than half of the channel members.

Enter the following command to set the contract level endorsement policy endorsement policy "OR ('Org1.member',' Org2.member')" endorsement by members of Organization 1 or Organization 2 is satisfied.

Peer lifecycle chaincode approveformyorg-signature-policy "OR ('Org1MSP.member','Org2MSP.member')"-tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-- channelID mychannel-- name mycc-- version 1-- init-required-- package-id mycc_1:4ad799ccef18d596f8c175fe1849cadc63f92a5efb1e7332712fbb2827a2ec6f-- sequence 2-- waitForEvent

-- signature-policy: set endorsement policy

The following error occurred: Error: proposal failed with status: 500-failed to invoke backing implementation of 'ApproveChaincodeDefinitionForMyOrg': currently defined sequence 3 is larger than requested sequence 2

The serial number is not the serial number of the current contract, just change it to the latest serial number. If it is here, the sequence value can be changed to 3.

Error: proposal failed with status: 500-failed to invoke backing implementation of 'ApproveChaincodeDefinitionForMyOrg': attempted to redefine uncommitted sequence (4) for namespace mycc with unchanged content

There is no commit in the current latest contract, so you can't make a new approve. You just need to use the latest commit before this new approve.

The switch node repeats the command until it meets the lifecycle policy.

If the approve is successful in operation, the following occurs:

My practice is to directly commit,commit success and then continue to go.

3.1.2 submission of contract

After each call to approve, commit is required to take effect.

The console enters the following command

Peer lifecycle chaincode commit-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-- channelID mychannel-- name mycc-- peerAddresses peer0.org1.example.com:7051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0 Org1.example.com/tls/ca.crt-peerAddresses peer0.org2.example.com:9051-tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt-version 1-sequence 2-init-required-signature-policy "OR ('Org1MSP.member' 'Org2MSP.member') "

The console outputs the following results to indicate success

The value of query an at this time is 90

3.1.3 verify endorsement policy

3.2 if the endorsement policy is set for either the member of organization 1 or the member of organization 2 to endorse, the endorsement node is specified as peer0.org1.example.com.

Peer chaincode invoke-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-C mychannel-n mycc-- peerAddresses peer0.org1.example.com:7051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example .com / tls/ca.crt-c'{"Args": ["invoke" "a", "b", "10"]}'

The console output is as follows:

The value of re-query an is 80. The update is successful.

Change the endorsement policy to "AND ('Org1MSP.member','Org2MSP.member')"

Peer lifecycle chaincode approveformyorg-signature-policy "AND ('Org1MSP.member' 'Org2MSP.member') "--tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-- channelID mychannel-- name mycc-- version 1-- init-required-- package-id mycc_1:4ad799ccef18d596f8c175fe1849cadc63f92a5efb1e7332712fbb2827a2ec6f-- sequence 3-- waitForEvent peer lifecycle chaincode commit-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/ Src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-channelID mychannel-name mycc-peerAddresses peer0.org1.example.com:7051-tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt-peerAddresses peer0.org2.example.com:9051-- TlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt-version 1-sequence 3-init-required-signature-policy "AND ('Org1MSP.member' 'Org2MSP.member') "

Similarly, only set the peer0.org1.example.com node, re-invoke, and view the node log results as follows:

ERRO 0ed VSCC error: stateBasedValidator.Validate failed, err validation of endorsement policy for chaincode mycc in tx 15:0 failed: signature set did not satisfy policy

The endorsement policy is not satisfied because we have reset it to "AND ('Org1MSP.member','Org2MSP.member')"

Next, we complete the above operation by setting the key-level endorsement policy

3.2 key-level endorsement policy settings

The key-level endorsement strategy is accomplished by calling SDK inside the intelligent contract.

The shim package provides the following function settings or endorsement policies for recovery keys. The following ep stands for "endorsement policy".

For private data, the following features apply:

Go shim provides extension capabilities that allow chain code developers to handle approval policies based on the organization's MSP identifier

According to the official instructions, if you need two specific organizations to approve key changes, set the endorsement policy for key, please pass both org to AddOrgs (), and then call Policy () to construct an array of approved policy bytes that can be passed to SetStateValidationParameter (). Then let's practice.

3.2.1 Editing contract provides a way to modify endorsement strategy

First import related dependency packages

New function setting endorsement policy

The specific implementation of endorsement is as follows:

Due to the addition of the introduction package, first download the dependency to enter the contract directory and enter the following command

Go mod vendor

3.2.2 upgrade contract

Refer to Fabric2.0 Smart contract practice-upgrade Smart contract

3.2.3 verify endorsement policy

Set the endorsement policy of a to AND ("Org1MSP.member", "Org2MSP.member")

Peer chaincode invoke-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-C mychannel-n mycc-- peerAddresses peer0.org1.example.com:7051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example Com / tls/ca.crt-- peerAddresses peer0.org2.example.com:9051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt-c'{"Args": ["endorsement" "a", "Org1MSP" "add"} 'peer chaincode invoke-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-C mychannel-n mycc-- peerAddresses peer0.org1.example.com:7051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers / peer0.org1.example.com/tls/ca.crt-peerAddresses peer0.org2.example.com:9051-tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt-c'{"Args": ["endorsement" "a", "Org2MSP", "add"]}'

Check the peer log. The transaction is successful.

Only set the peer0.org1 node as the endorsement node

Peer chaincode invoke-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-C mychannel-n mycc-- peerAddresses peer0.org1.example.com:7051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example .com / tls/ca.crt-c'{"Args": ["addTen" "a"]}'

Check the node log as follows, indicating that the policy is not satisfied, because the previous setting is AND ("Org1MSP.member", "Org2MSP.member")

Modify endorsement policy and delete Org2MSP

Peer chaincode invoke-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-C mychannel-n mycc-- peerAddresses peer0.org1.example.com:7051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example Com / tls/ca.crt-- peerAddresses peer0.org2.example.com:9051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt-c'{"Args": ["endorsement" "a", "Org2MSP", "del"]}'

Modified successfully

Re-execute the following command:

Peer chaincode invoke-o orderer.example.com:7050-- tls true-- cafile / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem-C mychannel-n mycc-- peerAddresses peer0.org1.example.com:7051-- tlsRootCertFiles / opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example .com / tls/ca.crt-c'{"Args": ["addTen" "a"]}'

Change the a value from 110 to 120, and the execution is successful.

This is the end of the article on "how to set the endorsement strategy for Fabric2.0". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.