Error: Invalid private key | Hyperledger Fabric Node SDK - hyperledger-fabric

I am using the balance transfer sample.
I have enabled the ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true in orderer container.
While creating a new channel(mychannel) it was throwing error of Handshake failed with fatal error
After the error I configured the client
client.setTlsClientCertAndKey(cert, key);
let adminClient = JSON.parse(
fs.readFileSync(path.join(__dirname, "../fabric-client-kv-org1/admin"))
);
logger.info(adminClient);
client.setTlsClientCertAndKey(
adminClient.enrollment.identity.certificate,
adminClient.enrollment.signingIdentity
);
I am importing admin and then using its signingIdentity and certificate to set the tls client.
Now, it is throwing error as Invalid private key
E0619 17:15:44.135000000 139448 ssl_transport_security.cc:671] Invalid private key.
E0619 17:15:44.136000000 139448 security_connector.cc:1087] Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
E0619 17:15:44.137000000 139448 secure_channel_create.cc:121] Failed to create secure subchannel for secure name 'localhost:7050'
E0619 17:15:44.137000000 139448 secure_channel_create.cc:154] Failed to create subchannel arguments during subchannel creation.
2019-06-19T11:45:47.132Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:7050
2019-06-19T11:45:47.133Z - error: [Orderer.js]: Orderer grpcs://localhost:7050 has an error Error: Failed to connect before the deadline URL:grpcs://localhost:7050
What is the cause of error and Am I using the correct client certificate and key? It is confusing in docs
https://fabric-sdk-node.github.io/tutorial-network-config.html

I figured out the reason for the invalid private key. The signing identity is not the private key.
After registering the user, I am enrolling it and saving its private key and certificate locally.
let req = {
enrollmentID: "admin",
enrollmentSecret: "adminpw",
profile: "tls"
};
const enrollment = await caClient.enroll(req);
client.setTlsClientCertAndKey(
enrollment.certificate,
enrollment.key.toBytes()
);

Related

Failed to connect to all addresses - gRPC with Go and NodeJS

"Failed to connect to all addresses" occurs while adding TLS certs to envoy.yaml, full error:
code: 14,
metadata: Metadata { _internal_repr: {}, flags: 0 },
details: 'failed to connect to all addresses'
Envoy config (Envoy is running on port 50000, and itemService on 50052):
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"#type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
common_tls_context:
tls_certificates:
- certificate_chain:
filename: server.cert
private_key:
filename: server.key
Client code Nodejs - (NextJS on server side - getServerSideProps)
options = {
key: readFileSync("certs/client.key"),
cert: readFileSync("certs/ca.crt"),
csr: readFileSync("certs/client.crt"),
};
const creds = credentials.createSsl(
options.cert,
options.key,
options.csr
);
grpcServer.servicesList.itemsService = new ItemsServiceClient(
"localhost:50000",
creds,
{
"grpc.ssl_target_name_override": "localhost",
"grpc.default_authority": "localhost",
}
);
Request works normally when removing TLS certs from envoy.yaml.
Error I get from grpcurl tool: Failed to dial target host "localhost:50000" x509: certificate relies on legacy Common Name field, use SANs instead.
When I set GODEBUG=x509ignoreCN=0, seems like error stays same.

Unable to connect to AWS Aurora Serverless with SSL

I'm working with AWS Aurora Serverless V1 (with Postgres engine) and I'm trying to connect using node-postgres. I was able to connect without SSL perfectly, but when I add the SSL config at the pg client I keep receiving this error:
{
"message": "unable to get local issuer certificate",
"stack": "Error: unable to get local issuer certificate\n at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n at TLSSocket.emit (events.js:315:20)\n at TLSSocket.EventEmitter.emit (domain.js:467:12)\n at TLSSocket._finishInit (_tls_wrap.js:932:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)"
}
This is how the SSL config object is been declared
const ca = `-----BEGIN CERTIFICATE-----
MIIEBjCCAu6gAwIBAgIJAMc0ZzaSUK51MA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD
VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi
MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h
em9uIFJEUzEgMB4GA1UEAwwXQW1hem9uIFJEUyBSb290IDIwMTkgQ0EwHhcNMTkw
ODIyMTcwODUwWhcNMjQwODIyMTcwODUwWjCBjzELMAkGA1UEBhMCVVMxEDAOBgNV
BAcMB1NlYXR0bGUxEzARBgNVBAgMCldhc2hpbmd0b24xIjAgBgNVBAoMGUFtYXpv
biBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxIDAeBgNV
BAMMF0FtYXpvbiBSRFMgUm9vdCAyMDE5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArXnF/E6/Qh+ku3hQTSKPMhQQlCpoWvnIthzX6MK3p5a0eXKZ
oWIjYcNNG6UwJjp4fUXl6glp53Jobn+tWNX88dNH2n8DVbppSwScVE2LpuL+94vY
0EYE/XxN7svKea8YvlrqkUBKyxLxTjh+U/KrGOaHxz9v0l6ZNlDbuaZw3qIWdD/I
6aNbGeRUVtpM6P+bWIoxVl/caQylQS6CEYUk+CpVyJSkopwJlzXT07tMoDL5WgX9
O08KVgDNz9qP/IGtAcRduRcNioH3E9v981QO1zt/Gpb2f8NqAjUUCUZzOnij6mx9
McZ+9cWX88CRzR0vQODWuZscgI08NvM69Fn2SQIDAQABo2MwYTAOBgNVHQ8BAf8E
BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUc19g2LzLA5j0Kxc0LjZa
pmD/vB8wHwYDVR0jBBgwFoAUc19g2LzLA5j0Kxc0LjZapmD/vB8wDQYJKoZIhvcN
AQELBQADggEBAHAG7WTmyjzPRIM85rVj+fWHsLIvqpw6DObIjMWokpliCeMINZFV
ynfgBKsf1ExwbvJNzYFXW6dihnguDG9VMPpi2up/ctQTN8tm9nDKOy08uNZoofMc
NUZxKCEkVKZv+IL4oHoeayt8egtv3ujJM6V14AstMQ6SwvwvA93EP/Ug2e4WAXHu
cbI1NAbUgVDqp+DRdfvZkgYKryjTWd/0+1fS8X1bBZVWzl7eirNVnHbSH2ZDpNuY
0SBd8dj5F6ld3t58ydZbrTHze7JJOd8ijySAp4/kiu9UfZWuTPABzDa/DSdz9Dk/
zPW4CXXvhLmE02TA9/HeCw3KEHIwicNuEfw=
-----END CERTIFICATE-----`
module.exports = {
rejectUnauthorized: true,
ca,
checkServerIdentity: (host, cert) => {
const error = tls.checkServerIdentity(host, cert)
if (
error &&
!cert.subject.CN.endsWith('.rds.amazonaws.com')
) {
return error
}
}
}
I am downloading the certificate directly from Amazon https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
Aurora Serverless docs say that SSL is enforced by default, so I think I'm doing all the neccesary things to make the connection right, but it isn't working though. Maybe there is something about "serverless connections" that work differently from classic ones and I'm not understanding it.

Error: error setting up new vSphere SOAP client: Post "https://example.com/sdk": dial tcp: i/o timeout

when I am running "terraform plan" I am getting this error
Error: error setting up new vSphere SOAP client: Post dial tcp: i/o timeout
on modules/control_plane_resources/main.tf line 2, in provider "vsphere":
2: provider "vsphere" {
The issue is most likely, the url you've provided to your Vsphere Client is incorrect. I had the exact same issue and that was the cause.
for example my provider.tf file looked something like this:
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server_uri
# If you have a self-signed cert
allow_unverified_ssl = true
}
and my tfvars file had this value:
vsphere_server_uri = "vra#domain.local"
and it should have been this instead:
vsphere_server_uri = "vsphere#domain.local"

Error: No valid responses from any peers. Failed to execute transaction could not launch chaincode

I am trying to run the app.js file in the provided asset-transfer-ledger-queries folder with a slight modification.
I made a change to the asset-transfer-ledger-chaincode.js file as shown below:
async CreateAsset(ctx, assetID, color, size, owner, appraisedValue) {
const exists = await this.AssetExists(ctx, assetID);
if (exists) {
throw new Error(`The asset ${assetID} already exists`);
}
// ==== Create asset object and marshal to JSON ====
let asset = {
docType: 'asset',
assetID: assetID,
color: color,
size: size,
owner: owner,
appraisedValue: appraisedValue,
couponID: assetID,
value: color,
expiration: size,
user: sha256(owner),
uuid: uuid.v5(),
redeemed: false
};
basically I just added some properties to the asset object.
After updating the chaincode and running node app.js, I get the following error:
--> Submit Transaction: InitLedger, function creates the initial set of assets on the ledger
2020-12-08T18:22:27.975Z - error: [Transaction]: Error: No valid responses from any peers. Errors:
peer=peer0.org1.example.com:7051, status=500, message=error in simulation: failed to execute transaction 3832a02eeafd57382fb4810bc263d41693764f0d8cb76c27e5613c359b14d42f: could not launch chaincode ledger_1.0:7230409065bcd9da163bc285287935a7d6a3799c99ee59b8a77c93883b607bdb: chaincode registration failed: container exited with 1
peer=peer0.org2.example.com:9051, status=500, message=error in simulation: failed to execute transaction 3832a02eeafd57382fb4810bc263d41693764f0d8cb76c27e5613c359b14d42f: could not launch chaincode ledger_1.0:7230409065bcd9da163bc285287935a7d6a3799c99ee59b8a77c93883b607bdb: chaincode registration failed: container exited with 1
******** initLedger failed :: Error: No valid responses from any peers. Errors:
peer=peer0.org1.example.com:7051, status=500, message=error in simulation: failed to execute transaction 3832a02eeafd57382fb4810bc263d41693764f0d8cb76c27e5613c359b14d42f: could not launch chaincode ledger_1.0:7230409065bcd9da163bc285287935a7d6a3799c99ee59b8a77c93883b607bdb: chaincode registration failed: container exited with 1
peer=peer0.org2.example.com:9051, status=500, message=error in simulation: failed to execute transaction 3832a02eeafd57382fb4810bc263d41693764f0d8cb76c27e5613c359b14d42f: could not launch chaincode ledger_1.0:7230409065bcd9da163bc285287935a7d6a3799c99ee59b8a77c93883b607bdb: chaincode registration failed: container exited with 1
It works fine if I don't make any changes to the chaincode file. Does anyone know what I can do?
I tried to reproduce your situation.
# fabric-samples/test-network
./network.sh down
./network.sh up createChannel -c mychannel -ca
./network.sh deployCC -ccn ledger -ccl javascript
# fabric-samples/asset-transfer-ledger-queries/application-javascript
node -v
# v12.13.1
npm install
node app.js
You can also, see error logs in chaincode container
# check <your_chaincode_container_name>
docker ps -a
# view logs
docker logs <your_chaincode_container_name>
1. Import library [chaincode.js]
#[ERROR CODE] - `node app.js`
--> Submit Transaction: InitLedger, function creates the initial set of assets on the ledger
2020-12-10T00:53:48.061Z - error: [Transaction]: Error: No valid responses from any peers. Errors:
peer=peer0.org2.example.com:9051, status=500, message=error in simulation: transaction returned with failure: ReferenceError: sha256 is not defined
peer=peer0.org1.example.com:7051, status=500, message=error in simulation: transaction returned with failure: ReferenceError: sha256 is not defined
do it
# asset_transfer_ledger_chaincode.js
const {Contract} = require('fabric-contract-api');
const sha256 = require('sha256'); // added
const uuid = require('uuid'); // added
# package.json
"dependencies": {
"fabric-contract-api": "^2.0.0",
"fabric-shim": "^2.0.0", // added ','
"sha256": "^0.2.0", // added
"uuid": "^8.3.2" // added
}
2. Fix wrong module code
#[ERROR CODE] - `node app.js`
--> Submit Transaction: InitLedger, function creates the initial set of assets on the ledger
2020-12-10T01:03:27.583Z - error: [Transaction]: Error: No valid responses from any peers. Errors:
peer=peer0.org1.example.com:7051, status=500, message=error in simulation: failed to execute transaction 62c19fbb84394ba1de399745c46f781078134b84de6b3d73419b9f65c5fa692b: could not launch chaincode ledger_1.0:5303ef138ca9cdb054cd3d814835fffca2706aa0c8e387611b93e4d6d1773742: chaincode registration failed: container exited with 1
peer=peer0.org2.example.com:9051, status=500, message=error in simulation: failed to execute transaction 62c19fbb84394ba1de399745c46f781078134b84de6b3d73419b9f65c5fa692b: could not launch chaincode ledger_1.0:5303ef138ca9cdb054cd3d814835fffca2706aa0c8e387611b93e4d6d1773742: chaincode registration failed: container exited with 1
******** initLedger failed :: Error: No valid responses from any peers. Errors:
peer=peer0.org1.example.com:7051, status=500, message=error in simulation: failed to execute transaction 62c19fbb84394ba1de399745c46f781078134b84de6b3d73419b9f65c5fa692b: could not launch chaincode ledger_1.0:5303ef138ca9cdb054cd3d814835fffca2706aa0c8e387611b93e4d6d1773742: chaincode registration failed: container exited with 1
peer=peer0.org2.example.com:9051, status=500, message=error in simulation: failed to execute transaction 62c19fbb84394ba1de399745c46f781078134b84de6b3d73419b9f65c5fa692b: could not launch chaincode ledger_1.0:5303ef138ca9cdb054cd3d814835fffca2706aa0c8e387611b93e4d6d1773742: chaincode registration failed: container exited with 1
uuid.v4() Create a version 4 (random) UUID
uuid.v5() Create a version 5 (namespace w/ SHA-1) UUID
uuid.v5() requires input parameters
do it
# asset_transfer_ledger_chaincode.js
// ==== Create asset object and marshal to JSON ====
let asset = {
docType: 'asset',
assetID: assetID,
color: color,
size: size,
owner: owner,
appraisedValue: appraisedValue,
couponID: assetID,
value: color,
expiration: size,
user: sha256(owner),
uuid: uuid.v5('Hello, World!', '1b671a64-40d5-491e-99b0-da01ff1f3341'), // modified
redeemed: false
};
3. Result (Solved)
# fabric-samples/asset-transfer-ledger-queries/application-javascript
# node app.js
Loaded the network configuration located at /Users/kmk/Project/src/github.com/hyperledger/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/connection-org1.json
Built a CA Client named ca-org1
Built a file system wallet at /Users/kmk/Project/src/github.com/hyperledger/fabric-samples/asset-transfer-ledger-queries/application-javascript/wallet
Successfully enrolled admin user and imported it into the wallet
Successfully registered and enrolled user appUser and imported it into the wallet
--> Submit Transaction: InitLedger, function creates the initial set of assets on the ledger
*** Result: committed
*** application ending

ENDORSEMENT_POLICY_FAILURE in hyperledger fabric in case of private data

We are working a project in which we are using the latest private data collection.
We are running the peers in a kubernetes setup. We have a collection config as described below,
{
"name": "Org1_PDC2",
"policy": "OR ('Org1.member')",
"requiredPeerCount": 0,
"maxPeerCount": 2,
"memberOnlyRead": true,
"memberOnlyWrite": true,
"blockToLive": 0,
"endorsementPolicy": {
"signaturePolicy": "OR('Org1.member')"
}
}
we have 2 organisation in the channel with 2 peers each. Since we have already mentioned the endorsementPolicy for "Org1_PDC2" only needs signature from Org1. but we see that the transaction is also send to the peer1 of Org2. But it fails in org2 since it cannot access "Org1_PDC2". We also observe that from nodejs application that when we submit the transaction it gives us an endorsementPolicy Failure and I could see in the peer1 logs of Org1 that the chaincode is executed successfully but in the peer2 of Org1 logs i see the error as
2020-11-02 13:18:24.249 UTC [gossip.privdata] fetchPrivateData -> DEBU 566a286 Total members that fit some digest: []
2020-11-02 13:18:24.249 UTC [gossip.privdata] fetchPrivateData -> WARN 566a287 Do not know any peer in the channel( mychannel ) that matches the policies , aborting
2020-11-02 13:18:24.249 UTC [gossip.privdata] populateFromRemotePeers -> WARN 566a288 Failed fetching private data from remote peers for dig2src:
2020-11-02 13:18:25.249 UTC [gossip.privdata] RetrievePvtdata -> DEBU 566a28b Could not fetch all missing collection private write sets from remote peers for block [291588] channel=mychannel
2020-11-02 13:18:25.249 UTC [gossip.privdata] prepareBlockPvtdata -> WARN 566a28c Could not fetch all missing eligible collection private write sets for block [291588]. Will commit block with missing private write sets:[txID: 6d14a881ecc6b437f553fc5df7f8fd29d10d92f22f752a2488fc382d535b62e8, seq: 0, namespace: mycc, collection: Org1_PDC2, hash: b8317508d3b677563bb5119626eabfc866ad561358e2d1a7116749d86c952ebe
] channel=mychannel
We are using the discovery option in the nodejs application with option as
await gateway.connect(connectionProfile, {discovery: { enabled: true, asLocalhost: false}});
const network = await gateway.getNetwork('mychannel');
const contract = await network.getContract(contractName);
and in the connection Profile of org1 client we only kept the information of the peers from org1 and orderer. The error message we get when we invoke any transaction from the client is
[TransactionEventHandler]: strategyFail: commit failure for transaction "e7080f63ff9be02002d2723b7431b1e9f236c8119c7c37e7dd21bf924a8a5b7a": TransactionError: Commit of transaction e7080f63ff9be02002d2723b7431b1e9f236c8119c7c37e7dd21bf924a8a5b7a failed on peer peer1.org1.svc.cluster.local with status ENDORSEMENT_POLICY_FAILURE
You may need to let the client SDK know about the collections accessed by the chaincode using contract.addDiscoveryInterest() before using that Contract to invoke transactions, as described in this tutorial page:
https://hyperledger.github.io/fabric-sdk-node/release-2.2/tutorial-discovery-fabric-network.html
If that isn't successful then you can explicitly set the organizations used for endorsement with transaction.setEndorsingOrganizations():
https://hyperledger.github.io/fabric-sdk-node/release-2.2/module-fabric-network.Transaction.html#setEndorsingOrganizations

Resources