无法在Hyperledger Fabric 1.1中使用基于属性的访问控制(ABAC)访问用户属性 [英] Cannot access user attribute using Attribute Based Access Control (ABAC) in Hyperledger Fabric 1.1

查看:208
本文介绍了无法在Hyperledger Fabric 1.1中使用基于属性的访问控制(ABAC)访问用户属性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用GoLang进行基于属性的访问控制,并且在获取链式代码中的属性时遇到问题。我正在使用 cid.GetAttributeValue()函数,该函数什么也不返回。它打印空白,并且找到的变量设置为false。

I am trying out Attribute based access control using GoLang and facing an issue in getting the attribute in the chaincode. I'm using cid.GetAttributeValue() function and the function returns nothing. It prints blank and the found variable is set to false.

我所做的事情是:


  1. 注册用户给管理员定义的名为 firstName的属性,值为 *。 (也尝试将其设置为特定值)

  1. Registered a user defined attribute named "firstName" with value "*" to the admin. (Also tried setting it to a specific value)

将该管理员注册到网络中

Enrolled that admin to the network

使用相同的属性 firstName(将ecert标志设置为true)注册并注册用户

Registered and enrolled the user with the same attribute "firstName" (with ecert flag set to true)

调用链码以使用注册用户

Invoked a chaincode to get the attribute value using the enrolled user

相关代码段已附在下面:

Snippets of relevant code have been attached below:

Fabric-CA-Server配置文件

Fabric-CA-Server Config File

identities:
- name: admin
  pass: adminpw
  type: client
  affiliation: ""
  attrs:
     hf.Registrar.Roles: "*"
     hf.Registrar.DelegateRoles: "*"
     hf.Revoker: true
     hf.IntermediateCA: true
     hf.GenCRL: true
     hf.Registrar.Attributes: "firstName"
     hf.AffiliationMgr: true
     firstName: "*"





用于注册和

Code for registering and enrolling an user.

user = {
       enrollmentID: username,
       affiliation: orgName + '.department1',
       maxEnrollments: 5,
       role: 'client',
       attrs: [{ name: 'firstName', value: 'Mathan_sir', ecert: true }]
   }
   console.log(user);
   var enrollmentSecret = await fabric_CA_Client.register(user, admin);

   console.log('client registered');
   console.log('Successfully registered user - secret:' + enrollmentSecret);

   var enrollment = await fabric_CA_Client.enroll({
       enrollmentID: username,
       enrollmentSecret: enrollmentSecret,
       attr_reqs: [
           { name: "firstName", optional: false }
           // { name: "lastName", optional: false }
       ]
   });

Chaincode。

Chaincode.

value, found, err := cid.GetAttributeValue(stub, "firstName")

if err != nil {
    return shim.Error("could not do abac")
}

fmt.Println("value is ", value)
fmt.Println("found is ", found)

登录Fabric-CA:

Log in Fabric - CA :

2018/07/17 04:23:00 [INFO] Created default configuration file at /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2018/07/17 04:23:00 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2018/07/17 04:23:00 [INFO] Server Version: 1.2.0-stable
2018/07/17 04:23:00 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2018/07/17 04:23:00 [DEBUG] Default CA configuration, if necessary, will be used to replace missing values for additional CAs: {Version:1.2.0-stable Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name: Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc420555bc0 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc4200ffec0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1 hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc4204e5080 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:0 NonceExpiration: NonceSweepInterval:}}
2018/07/17 04:23:00 [DEBUG] Additional CAs to be started: [/etc/hyperledger/fabric-ca-server/ca/ca-config.yaml]
2018/07/17 04:23:00 [INFO] Loading CA from /etc/hyperledger/fabric-ca-server/ca/ca-config.yaml
2018/07/17 04:23:00 [DEBUG] CA configuration after checking for missing values: &{Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:*]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:23:00 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server/ca and config {Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:23:00 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server/ca
2018/07/17 04:23:00 [DEBUG] Checking configuration file version '1.1.0' against server version: '1.2.0-stable'
2018/07/17 04:23:00 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc42059ec00 PluginOpts:<nil> Pkcs11Opts:<nil>}
2018/07/17 04:23:00 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc4205a1890 DummyKeystore:<nil>}
2018/07/17 04:23:00 [DEBUG] Initialize key material
2018/07/17 04:23:00 [DEBUG] Making CA filenames absolute
2018/07/17 04:23:00 [INFO] The CA key and certificate files already exist
2018/07/17 04:23:00 [INFO] Key file location: /etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk
2018/07/17 04:23:00 [INFO] Certificate file location: /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
2018/07/17 04:23:00 [DEBUG] Validating the CA certificate and key
2018/07/17 04:23:00 [DEBUG] Check CA certificate for valid dates
2018/07/17 04:23:00 [DEBUG] Check CA certificate for valid usages
2018/07/17 04:23:00 [DEBUG] Check CA certificate for valid IsCA value
2018/07/17 04:23:00 [DEBUG] Check that key type is supported
2018/07/17 04:23:00 [DEBUG] Check that key size is of appropriate length
2018/07/17 04:23:00 [DEBUG] Check that public key and private key match
2018/07/17 04:23:00 [DEBUG] Validation of CA certificate and key successful
2018/07/17 04:23:00 [DEBUG] Loading CN from existing enrollment information
2018/07/17 04:23:00 [DEBUG] Initializing DB
2018/07/17 04:23:00 [DEBUG] Initializing 'sqlite3' database at '/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db'
2018/07/17 04:23:00 [DEBUG] Using sqlite database, connect to database in home (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) directory
2018/07/17 04:23:00 [DEBUG] Creating SQLite database (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) if it does not exist...
2018/07/17 04:23:00 [DEBUG] Creating users table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating affiliations table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating certificates table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating credentials table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating revocation_authority_info table if it does not exist
2018/07/17 04:23:00 [DEBUG] Creating nonces table if it does not exist
2018/07/17 04:23:01 [DEBUG] Creating properties table if it does not exist
2018/07/17 04:23:02 [DEBUG] Successfully opened sqlite3 DB
2018/07/17 04:23:02 [DEBUG] Checking database schema...
2018/07/17 04:23:02 [DEBUG] Update SQLite schema, if using outdated schema
2018/07/17 04:23:02 [DEBUG] Upgrade identities table
2018/07/17 04:23:02 [DEBUG] Creating users table if it does not exist
2018/07/17 04:23:03 [DEBUG] Upgrade affiliation table
2018/07/17 04:23:03 [DEBUG] Creating affiliations table if it does not exist
2018/07/17 04:23:04 [DEBUG] Upgrade certificates table
2018/07/17 04:23:04 [DEBUG] Creating certificates table if it does not exist
2018/07/17 04:23:05 [DEBUG] Initializing identity registry
2018/07/17 04:23:05 [DEBUG] Initialized DB identity registry
2018/07/17 04:23:05 [DEBUG] DB: Get properties [identity.level affiliation.level certificate.level]
2018/07/17 04:23:05 [DEBUG] Checking database levels 'map[affiliation.level:0 certificate.level:0 identity.level:0]' against server levels '&{Identity:1 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}'
2018/07/17 04:23:05 [DEBUG] Loading identity table
2018/07/17 04:23:05 [DEBUG] Loading identity 'admin'
2018/07/17 04:23:05 [DEBUG] DB: Getting identity admin
2018/07/17 04:23:05 [DEBUG] Max enrollment value verification - User specified max enrollment: 0, CA max enrollment: -1
2018/07/17 04:23:05 [DEBUG] DB: Add identity admin
2018/07/17 04:23:05 [DEBUG] Successfully added identity admin to the database
2018/07/17 04:23:05 [DEBUG] Registered identity: { Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:-1 Attrs:map[hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:* hf.Registrar.DelegateRoles:*]  }
2018/07/17 04:23:05 [DEBUG] Successfully loaded identity table
2018/07/17 04:23:05 [DEBUG] Loading affiliations table
2018/07/17 04:23:05 [DEBUG] DB: Add affiliation org2
2018/07/17 04:23:06 [DEBUG] Affiliation 'org2' added
2018/07/17 04:23:06 [DEBUG] DB: Add affiliation org2.department1
2018/07/17 04:23:07 [DEBUG] Affiliation 'org2.department1' added
2018/07/17 04:23:07 [DEBUG] DB: Add affiliation org1
2018/07/17 04:23:07 [DEBUG] Affiliation 'org1' added
2018/07/17 04:23:07 [DEBUG] DB: Add affiliation org1.department1
2018/07/17 04:23:08 [DEBUG] Affiliation 'org1.department1' added
2018/07/17 04:23:08 [DEBUG] DB: Add affiliation org1.department2
2018/07/17 04:23:08 [DEBUG] Affiliation 'org1.department2' added
2018/07/17 04:23:08 [DEBUG] Successfully loaded affiliations table
2018/07/17 04:23:08 [DEBUG] Checking and performing migration, if needed
2018/07/17 04:23:18 [DEBUG] Initializing enrollment signer
2018/07/17 04:23:18 [DEBUG] No key found in BCCSP keystore, attempting fallback
2018/07/17 04:23:18 [DEBUG] validating configuration
2018/07/17 04:23:18 [DEBUG] validate local profile
2018/07/17 04:23:18 [DEBUG] profile is valid
2018/07/17 04:23:18 [DEBUG] validate local profile
2018/07/17 04:23:18 [DEBUG] profile is valid
2018/07/17 04:23:18 [DEBUG] validate local profile
2018/07/17 04:23:18 [DEBUG] profile is valid
2018/07/17 04:23:18 [DEBUG] CA initialization successful
2018/07/17 04:23:18 [INFO] The issuer key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/IssuerPublicKey, secret key is at: /etc/hyperledger/fabric-ca-server/msp/keystore/IssuerSecretKey
2018/07/17 04:23:18 [INFO] The revocation key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/IssuerRevocationPublicKey, private key is at: /etc/hyperledger/fabric-ca-server/msp/keystore/IssuerRevocationPrivateKey
2018/07/17 04:23:18 [DEBUG] Comparing DNs from certificates: /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem and /etc/hyperledger/fabric-ca-server/ca-cert.pem
2018/07/17 04:23:18 [DEBUG] Loading DNs from certificate /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
2018/07/17 04:23:18 [DEBUG] Loading DNs from certificate /etc/hyperledger/fabric-ca-server/ca-cert.pem
2018/07/17 04:23:18 [DEBUG] Check to see if two DNs are equal - &{issuer:CN=ca.org1.example.com,O=org1.example.com,L=San Francisco,ST=California,C=US subject:CN=ca.org1.example.com,O=org1.example.com,L=San Francisco,ST=California,C=US} and &{issuer:CN=example.com,OU=WWW,O=Internet Widgets\, Inc.,L=San Francisco,ST=California,C=US subject:CN=example.com,OU=WWW,O=Internet Widgets\, Inc.,L=San Francisco,ST=California,C=US}
2018/07/17 04:23:18 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
2018/07/17 04:23:18 [DEBUG] 2 CA instance(s) running on server
2018/07/17 04:23:18 [INFO] Listening on http://0.0.0.0:7054
2018/07/17 04:38:12 [DEBUG] Cleaning up expired nonces for CA 'ca-org1'
2018/07/17 04:38:18 [DEBUG] Cleaning up expired nonces for CA ''
2018/07/17 04:46:57 [DEBUG] Received request for /api/v1/enroll
2018/07/17 04:46:57 [DEBUG] ca.Config: &{Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:/etc/hyperledger/fabric-ca-server/ca/ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:ca.org1.example.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:*]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerPublicKey IssuerSecretKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerSecretKey RevocationPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerRevocationPublicKey RevocationPrivateKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerRevocationPrivateKey RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:46:57 [DEBUG] DB: Getting identity admin
2018/07/17 04:46:57 [DEBUG] DB: Login user admin with max enrollments of -1 and state of 0
2018/07/17 04:46:57 [DEBUG] DB: identity admin successfully logged in
2018/07/17 04:46:57 [DEBUG] DB: Getting identity admin
2018/07/17 04:46:57 [DEBUG] Processing sign request: id=admin, CommonName=admin, Subject=<nil>
2018/07/17 04:46:57 [DEBUG] Request is not for a CA signing certificate
2018/07/17 04:46:57 [DEBUG] Checking CSR fields to make sure that they do not exceed maximum character limits
2018/07/17 04:46:57 [DEBUG] Finished processing sign request
2018/07/17 04:46:57 [DEBUG] DB: Getting identity admin
2018-07-17T04:46:57.558556370Z 2018/07/17 04:46:57 [DEBUG] Attribute extension being added to certificate is: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a222a222c2268662e5265676973747261722e41747472696275746573223a2266697273744e616d65227d7d}
2018/07/17 04:46:57 [DEBUG] Adding attribute extension to CSR: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a222a222c2268662e5265676973747261722e41747472696275746573223a2266697273744e616d65227d7d}
2018/07/17 04:46:57 [INFO] signed certificate with serial number 624665886532998504441151201588115183399742601456
2018/07/17 04:46:57 [DEBUG] DB: Insert Certificate
2018/07/17 04:46:57 [DEBUG] Saved serial number as hex 6d6afcb3ed661e7f059b8a0b51829330fdfdf8f0
2018/07/17 04:46:57 [DEBUG] saved certificate with serial number 624665886532998504441151201588115183399742601456
2018/07/17 04:46:57 [DEBUG] Successfully incremented state for identity admin to 1
2018/07/17 04:46:57 [INFO] 172.18.0.1:47506 POST /api/v1/enroll 201 0 "OK"
2018/07/17 04:47:02 [DEBUG] Received request for /api/v1/register
2018/07/17 04:47:02 [DEBUG] Checking for revocation/expiration of certificate owned by 'admin'
2018/07/17 04:47:02 [DEBUG] DB: Get certificate by serial (6d6afcb3ed661e7f059b8a0b51829330fdfdf8f0) and aki (3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569)
2018/07/17 04:47:02 [DEBUG] DB: Getting identity admin
2018/07/17 04:47:02 [DEBUG] Successful token authentication of 'admin'
2018/07/17 04:47:02 [DEBUG] Received registration request from admin: { Name:vijay Type:client Secret:**** MaxEnrollments:5 Affiliation:org1.department1 Attributes:[{firstName Lohith true}] CAName:ca-org1  }
2018/07/17 04:47:02 [DEBUG] canRegister - Check to see if user 'admin' can register
2018/07/17 04:47:02 [DEBUG] Checking to see if caller 'admin' can act on type 'client'
2018/07/17 04:47:02 [DEBUG] Checking to see if caller 'admin' is a registrar
2018/07/17 04:47:02 [DEBUG] Validating affiliation: org1.department1
2018/07/17 04:47:02 [DEBUG] Checking to see if affiliation 'org1.department1' contains caller's affiliation ''
2018/07/17 04:47:02 [DEBUG] Caller has root affiliation
2018/07/17 04:47:02 [DEBUG] DB: Get affiliation org1.department1
2018/07/17 04:47:02 [DEBUG] Checking to see if registrar can register the requested attributes: [{Name:firstName Value:Lohith ECert:true}]
2018/07/17 04:47:02 [DEBUG] Validating that registrar with the following values for hf.Registrar.Attributes 'firstName' is authorized to register the requested attribute '&{Name:firstName Value:Lohith ECert:true}'
2018/07/17 04:47:02 [DEBUG] Checking if registrar can register attribute: firstName
2018/07/17 04:47:02 [DEBUG] Performing authorization check...
2018/07/17 04:47:02 [DEBUG] Registering user id: vijay
2018/07/17 04:47:02 [DEBUG] Max enrollment value verification - User specified max enrollment: 5, CA max enrollment: -1
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] DB: Add identity vijay
2018/07/17 04:47:02 [DEBUG] Successfully added identity vijay to the database
2018/07/17 04:47:02 [INFO] 172.18.0.1:47512 POST /api/v1/register 201 0 "OK"
2018/07/17 04:47:02 [DEBUG] Received request for /api/v1/enroll
2018/07/17 04:47:02 [DEBUG] ca.Config: &{Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1 Keyfile:/etc/hyperledger/fabric-ca-server-config/3099498edb13f731965246b01e74514e4b80e978a058cf4cb9b99ab1408e2569_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem Chainfile:/etc/hyperledger/fabric-ca-server/ca/ca-chain.pem} Signing:0xc4205a0e50 CSR:{CN:ca.org1.example.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e3c7da43b062 localhost] KeyRequest:<nil> CA:0xc42059cea0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.GenCRL:1 hf.Registrar.Attributes:firstName hf.AffiliationMgr:1 firstName:* hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc42059eba0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerPublicKey IssuerSecretKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerSecretKey RevocationPublicKeyfile:/etc/hyperledger/fabric-ca-server/ca/IssuerRevocationPublicKey RevocationPrivateKeyfile:/etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerRevocationPrivateKey RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] DB: Login user vijay with max enrollments of 5 and state of 0
2018/07/17 04:47:02 [DEBUG] DB: identity vijay successfully logged in
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] Processing sign request: id=vijay, CommonName=vijay, Subject=<nil>
2018/07/17 04:47:02 [DEBUG] Request is not for a CA signing certificate
2018/07/17 04:47:02 [DEBUG] Checking CSR fields to make sure that they do not exceed maximum character limits
2018/07/17 04:47:02 [DEBUG] Finished processing sign request
2018/07/17 04:47:02 [DEBUG] DB: Getting identity vijay
2018/07/17 04:47:02 [DEBUG] Attribute extension being added to certificate is: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a224c6f68697468227d7d}
2018/07/17 04:47:02 [DEBUG] Adding attribute extension to CSR: &{ID:[1 2 3 4 5 6 7 8 1] Critical:false Value:7b226174747273223a7b2266697273744e616d65223a224c6f68697468227d7d}
2018/07/17 04:47:02 [INFO] signed certificate with serial number 124540954052671924407683868974981960232864106719
2018/07/17 04:47:02 [DEBUG] DB: Insert Certificate
2018/07/17 04:47:02 [DEBUG] Saved serial number as hex 15d09c09d65b92d0f28dc7287fdd01d52764c8df
2018/07/17 04:47:02 [DEBUG] saved certificate with serial number 124540954052671924407683868974981960232864106719
2018/07/17 04:47:02 [DEBUG] Successfully incremented state for identity vijay to 1
2018/07/17 04:47:02 [INFO] 172.18.0.1:47516 POST /api/v1/enroll 201 0 "OK"


推荐答案

如果使用的是

        var tx_id = client.newTransactionID(true);

尝试将其设置为

        var tx_id = client.newTransactionID();

这篇关于无法在Hyperledger Fabric 1.1中使用基于属性的访问控制(ABAC)访问用户属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆