Shulou(Shulou.com)06/01 Report--

Editor to share with you what Fabric-CA is a tool, I believe that most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's go to understand it!

Fabric-CA is a certificate management tool that comes with Hyperledger Fabric, which is very convenient for development and testing. In this tutorial we will explore the use of Fabric-CA and use it to complete user registration / Register and registration / Enrollment.

Hyperledger Fabric is a licensed blockchain platform, which requires identification and access permission before accessing the Fabric network. Identity in the Fabric network is implemented using digital certificates, so CA is needed to handle certificate management.

Although Hyperledger Fabric allows the use of third-party CA software to manage user certificates, it also comes with a Fabric CA tool that can be used as a CA in Fabric networks for convenience. Since all the application examples that come with Fabric use Fabric CA, we will explore Fabric CA in this tutorial, especially its application in user registration.

In this article, we use the Fabcar application deployed on the First network, which contains chain codes and client applications, in which enrolAdmin.js and registerUser.js implement Fabric CA-based registration.

In order to make the whole process clearer, we adjusted the code. At the same time, we will also look at Fabric CA's database to better understand how Fabric CA works when registering and registering.

1. Installation

We need a Fabric node to run the Fabric CA demo, which should contain all the software related to Hyperledger Fabric. If you don't already have a Fabric node, you can refer to this article to create one.

Once the Fabric node is ready, you can start the Fabcar demo by running the following command:

Cd fabric-samples/fabcar./startFabric.sh

This script starts the First network, as well as the CA for each organization. Let's focus on Org1's Fabric-CA first.

We use JavaScript code in Fabcar applications, especially enrollAdmin.js and registerUser.js, because both parts of the code use SDK to access Fabric CA and Fabric networks.

This is how the First network and client applications interact with the Fabric network. Let's take a look at ca_peerOrg1 again and the code to register.

2. Fabric CA registration code

There are two processes involved in accessing Fabric CA. Enrollment means that the user requests and obtains the digital certificate from the specified CA. The registration (registration) is usually done by the registrar, who is responsible for telling the CA to sign the digital certificate.

There are several different ways to issue digital certificates to users. The process used by the Fabcar script looks like this:

Register the administrator in Fabric CA, and then the administrator receives the signed private key and certificate, which is stored in the wallet/admin directory

The administrator registers user1,CA in Fabric CA and returns a ciphertext

The ciphertext returned by CA is used to register user1 in Fabric CA, and the signed private key and certificate of user1 are obtained after registration. This data is stored in the wallet/user1 directory and will be used for subsequent chain code interactions (queries, transactions).

EnrollAdmin.js executes step 1 registerUser.js executes steps 2 and 3:

3. Modify the sample code of Fabric CA

We did not modify the enrollAdmin.js, it simply uses the default administrator information (admin:adminpw), which is preset in the docker-compose-ca.yaml under the fabric-samples/first-network/ directory. The result is admin's signed private key and certificate, which are stored in the wallet/admin directory.

RegsiterUser.js is split into two files, regUser.js and enrollUser.js, because:

We can observe the differences between Fabric CA user registration and registration.

We can see that these two steps are actually performed by different roles: the registration step is performed by the admin, while the registration step is done by the user's own ciphertext, which is important because only the user can know the key, and neither should the administrator.

We can extract the hard-coded part of the code as a parameter, which adapts the code to other Fabric CA application scenarios.

The following is a hint after rewriting the code:

4. Fabric CA user registration: regUser.js

RegUser.js requires one parameter: register ID, and the return result is a ciphertext, which will be used for user registration later. Note that the execution of regUser.js requires the presence of an admin wallet in Fabric CA.

Node regUser.js

Most of the code is copied from the original registerUser.js:

/ * * SPDX-License-Identifier: Apache-2.0 * / 'use strict';const {FileSystemWallet, Gateway, X509WalletMixin} = require (' fabric-network'); const path = require ('path'); const ccpPath = path.resolve (_ _ dirname,'..','..', 'first-network',' connection-org1.json'); async function main () {try {/ / Create a new file system based wallet for managing identities. Const walletPath = path.join (process.cwd (), 'wallet'); const wallet = new FileSystemWallet (walletPath); console.log (`Wallet path: ${walletPath} `); const user = process.argv [2]; / / Check to see if we've already enrolled the user. Const userExists = await wallet.exists (user); if (userExists) {console.log ('An identity for the user'+ user + 'already exists in the wallet'); return;} / / Check to see if we've already enrolled the admin user. Const adminExists = await wallet.exists ('admin'); if (! adminExists) {console.log (' An identity for the admin user "admin" does not exist in the wallet'); console.log ('Run the enrollAdmin.js application before retrying'); return;} / / Create a new gateway for connecting to our peer node. Const gateway = new Gateway (); await gateway.connect (ccpPath, {wallet, identity: 'admin', discovery: {enabled: true, asLocalhost: true}}); / / Get the CA client object from the gateway for interacting with the CA. Const ca = gateway.getClient (). GetCertificateAuthority (); const adminIdentity = gateway.getCurrentIdentity (); / / Register the user, enroll the user, and import the new identity into the wallet. Const secret = await ca.register ({affiliation: 'org1.department1', enrollmentID: user, role:' client'}, adminIdentity); console.log ('Successfully registered user' + user + 'and the secret is' + secret);} catch (error) {console.error (`Failed to register user ${user}: ${error} `); process.exit (1);}} main (); 5. Fabric CA registered user: enrollUser.js

EnrollUser.js requires two parameters, the registration ID and the ciphertext you get when you register, and the result returned is the wallet created in the wallet directory. Note that the operation of enrollUser.js does not require the existence of an admin wallet in Fabric CA. The file should be executed by the user.

Node enrollUser.js

Most of the code comes from the original enrollAdmin.js:

/ * * SPDX-License-Identifier: Apache-2.0 * / 'use strict';const FabricCAServices = require (' fabric-ca-client'); const {FileSystemWallet, X509WalletMixin} = require ('fabric-network'); const fs = require (' fs'); const path = require ('path'); const ccpPath = path.resolve (_ _ dirname,'..', 'first-network',' connection-org1.json'); const ccpJSON = fs.readFileSync (ccpPath, 'utf8') Const ccp = JSON.parse (ccpJSON); async function main () {try {/ / Create a new CA client for interacting with the CA. Const caInfo = ccp.certificateAuthorities ['ca.org1.example.com']; const caTLSCACerts = caInfo.tlsCACerts.pem; const ca = new FabricCAServices (caInfo.url, {trustedRoots: caTLSCACerts, verify: false}, caInfo.caName); / / Create a new file system based wallet for managing identities. Const walletPath = path.join (process.cwd (), 'wallet'); const wallet = new FileSystemWallet (walletPath); console.log (`Wallet path: ${walletPath} `); const user = process.argv [2]; const secret = process.argv [3]; / / Check to see if we've already enrolled the admin user. Const userExists = await wallet.exists (user); if (userExists) {console.log ('An identity for this user already exists in the wallet'); return;} / / Enroll the admin user, and import the new identity into the wallet. Const enrollment = await ca.enroll ({enrollmentID: user, enrollmentSecret: secret}); const identity = X509WalletMixin.createIdentity ('Org1MSP', enrollment.certificate, enrollment.key.toBytes ()); await wallet.import (user, identity); console.log (`Successfully enrolled user ${user} and imported it into the wallet`);} catch (error) {console.error (`Failed to enroll admin user "admin": ${error} `); process.exit (1) }} main (); 6. Demonstration

Now let's look at how to use these three scripts to register user1 users in Fabric CA for the Fabcar application.

First step, run fabcar/startFabric.sh

Make sure Fabric CA's wallet directory is empty before running.

Cd fabric-samples/fabcar./startFabric.shcd javascriptrm-rf wallet

The results are as follows:

The second step is to install dependency modules.

Npm install

Step 3, install sqlite3 for org1's Fabric CA

Because we want to view Fabric CA's database, all install sqlite3.

Open another terminal:

Docker exec-it ca_peerOrg1 bash

Install sqlite3 for ca_peerOrg1:

Apt-get updateapt-get install sqlite3

The database path of Fabric CA is: / etc/hyperledger/fabric-ca-server/fabric-ca-server.db. Now we can look at the database:

Cd / etc/hyperledger/fabric-ca-serversqlite3 fabric-ca-server.db

You have now entered the command line of sqlite3:

Sqlite > .tables

The results are as follows:

We are interested in Fabric CA's users table and certificates table, using SQL statements to view their contents:

Sqlite > select * from users;sqlite > select * from certificates

The results are as follows:

We see that the user admin is already in the database. This is generated when Fabric CA starts, and this admin has almost all the roles, but no certificates have been generated yet.

Now we can start the first registration: register admin.

Step 4, register the admin in Fabric CA

First, register admin to get its signed private key and certificate, and the results are stored in wallet/admin:

Node enrollAdmin.js

Results:

Now take a look at the users table:

You can see that a field in admin has changed from 0 to 1, which is its status field, indicating that a certificate has been issued.

If we quickly compare it with the files in the Fabric CA wallet directory wallet/admin, we will see the real certificate of admin:

Now register user1 with Fabric CA:

Node regUser.js user1

The results are as follows:

We have now received the ciphertext MDfRiAUccsna, which is needed when the user registers. In Fabric CA's wallet directory, we haven't seen user1's wallet yet.

At this point, you can clearly see what is happening by looking at the Fabric CA database. We see that users1 has been added to the users table, but its certificate has not been issued. The properties of user1 are consistent with the information of regUser.js. In addition, the status of user1 is 0, indicating that its certificate has not been issued.

Step 5, register the user1 in Fabric CA to obtain the private key and certificate

Run enrollUser.js to register for user1:

Node enrollUser.js user1 MDfRiAUccsna

The results are as follows:

We see user1 in Fabri CA's wallet now. We also see that the certificate for user1 has been created in the Fabric CA database:

Status is migrated from 0 to 1, indicating that the certificate has been issued:

Step 6, run the query script with user1 to check if you have permissions

Node query.js

The results are as follows:

The above is all the content of this article "what is Fabric-CA?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.