What are the step to create card with credentails as "Credentials set" hyperledger composer?
You can do so in Playground -> https://hyperledger.github.io/composer/latest/playground/id-cards-playground#manually-creating-a-business-network-card
From the CLI -> https://hyperledger.github.io/composer/latest/managing/id-cards-playground#creating-a-business-network-card-from-component-files
Programatically - as shown by the example here -> https://github.com/hyperledger/composer-knowledge-wiki/blob/latest/knowledge.md#card-api-errors--resolutions - see the section from the line
https://github.com/hyperledger/composer-knowledge-wiki/blob/latest/knowledge.md#card-api-errors--resolutions
onwards.
The important thing is that if you're using an enrol secret, you should connect() or ping the network first, so that the identity is activated and its credentials (certificate/key) can be downloaded to 'his/her' wallet (from where it can be exported and shared if that is the requirement). You can use it in Playground, or export it (eg. for importing into the REST API wallet, when interacting with the business network from the Composer REST APIs)
Related
In ChainCode development, When to have a Multiple organization in the network, In case only a specific Organisation can call a specific function of chain code.
Is it possible in Node-SDK of hyperledger Fabric? if possible then How can implement in development?
Just use stub.getCreator() and explore the returned object.
let sender = await stub.getCreator();
let senderOrg = sender.mspid;
if(senderOrg=='SpecialOrg'){
// do your business
} else {
// whatever
}
More information directly in interfaces.go: https://github.com/hyperledger/fabric/blob/release-1.4/core/chaincode/shim/interfaces.go
(Identity) Attribute Based Access Control (ABAC) can be written into the Smart Contract rather than the NodeSDK client app.
With Fabric 1.4 and the new programming model, the Client Identity object is included in the Context object and you can examine the attributes and write your access control logic based on these.
This is the doc for the client identity object.
And there is a short section about ABAC in the Fabric CA docs.
(ABAC requires that you add attributes to the users when they are registered! )
You could consider using the beforeTransaction() as a place to implement your access control.
There is a "shell" of how this could be implemented in a typescript example.
Trying to add a new organisation from a separate host.(Modifying steps from ./eyfn.sh when necessary).
Managed to create and import network admin card using Hyperledger Composer. (https://medium.com/#mahoney_33893/hyperledger-composer-adding-another-organization-to-an-existing-running-multi-organization-fff5c8104a82).
However when pinging the network I got:
Error: Error trying to ping. Error: 2 UNKNOWN: access denied: channel [composerchannel] creator org [Org3MSP]
Upon getting the logs from peer I got
-Principal deserialization failure (MSP Org3MSP is unknown) for identity
-[channel: composerchannel] Client authorization revoked for deliver request from 10.0.1.6:48262: Failed evaluating policy on signed data during check policy on channel [composerchannel] with policy [/Channel/Application/Readers]: [Failed to reach implicit threshold of 1 sub-policies, required 1 remaining]
My problem is actually similar to that of Hyperledger-Composer: Getting "access denied" when pinging network admin card.
The solution did mention to include msp files of my new org into volumes of the orderer which I did as
docker cp msp <containername>:/etc/hyperledger/msp/peerOrganizations/org3.example.com
My first organisation was set up using the default ./startFabric.sh
Take note that im not using TLS for the time being.
The error still persist though and Im wondering why. I do however suspect that the way im giving msp to the orderer is somehow wrong. or Im putting it in a wrong file.
Maybe you will need to migrate from Composer to other framework.
Hundreds of devs are taking is using Convector. Convector is a Hyperledger Labs project that was created before Hyperledger Composer was deprecated but that looks similar to developers. It follows a model controller pattern (similar to Composer assets and transactions) however it compiles natively to Fabric code and does not create a runtime.
Generating the public key but not able to generate the private key of admin user while registering a new user through REST services in blockchain network and also getting below mentioned error.
Error:Failed Error: Private key missing from key store. Can not
establish the signing identity for user admin.
Followed the below steps :
Created a network in hyperledger fabric.
Created new a node application to publish the rest services by
referring the existing "balance-transfer" application.
Then started the node application.
Testing the rest services url in postman tool.
Getting the above mentioned error while testing the url http://localhost:4000/users in Postman tool.
Error at code level:
app.js--->helper.js
let adminUserObj = await client.setUserContext({username: admins[0].username, password: admins[0].secret});
Please suggest.
Remove the folders holding key-value store for organizations -> fabric-client-kv-* from the balance-transfer fabric sample.
rm -rf fabric-client-kv-*
Then create the network again. This resolved the issue for me.
have you tried to restart the network completely? (by using the "runApp.sh" script for that?) Take a look inside this script to the restartNetwork() function, where the "fabric-client-kv-org" folders in your balance-transfer folder are removed.
Does it work?
I have setup a dev hyperledger fabric blockchain successfully and added an user/participant to the network. Execute the operations again and the blockchain all worked fine with using the card that was generated initially. But now, I have lost this card, can I export/download it again? I tried using identity "revoke" api, but it is failing with this error -
Error: Error trying invoke business network. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: 2 UNKNOWN: error executing chaincode: transaction returned with failure: Error: attempt to get property state on an InvalidRelationship is not allowed. InvalidRelationship created due to Object with ID 'partcipant_1' in collection with ID 'Asset:org.hyperledger.composer.system.Identity' does not exist
I am not exactly sure what you mean when you say you "lost" the card.
The process goes like this:
you have an admin user with full rights to the network and an admin card to connect with, using this admin
you request a new identity, this gives you the required certificates, both public and private
you create a network card for this new identity using the certificates. This results in a physical .card file on disk
you import the physical file and you have a properly registered card and can now interact with the ledger, using this new identity.
if anything happens to the card itself, ie you deleted the registered card and got rid of the file as well, then you need to go through the process and recreate the card from scratch.
your commands could look like this:
composer identity request -c PeerAdmin#hlfv1 -u admin -s adminpw -d alice
this requests everything for a new user called alice, using the peer admin card which is created against the original network admin
composer card create -p your_connection.json -u alice -n your-network -c alice/admin-pub.pem -k alice/admin-priv.pem
this creates the card file
composer card import -f alice#your-network.card
this imports the card
composer network ping -c alice#your-network
check everything works
so, if you no longer have a registered card, you should still have the .card file and if you have that you can simply import it again.
if you don't have the .card file either, you should still have the certificates for "alice" and should be able to create the .card file
if you don't have the certs either then request them again ( I've never tried this particular scenario so we need to see what happens in that case )
I’m trying to deploy a developed network with the composer on first network sample. I have set the connection profile but it’s not enough because I have to set composer-credentials. I have tried to use the credential of developing environment (I have added the role of channel admin and peerAdmin) but it is firing the following error when I try to deploy the network:
Error: Error trying login and get user Context. Error: Private key missing from the key store. Can not establish the signing identity for user PeerAdmin
I have search information and there are two users on peers node one Admin#org1.example.com and User1#org1.example.com where there are 3 files: ca.crt, server.crt and server.key.
I have read that steps for creating a new ID card but it is using playground environment with the website but I need to do manually for the composer. So, what steps should I follow to create/update a connection profile for first network sample?
Thank you
My file
{
"name":"PeerAdmin",
"mspid":"Org1MSP",
"roles":["PeerAdmin", "ChannelAdmin"],
"affiliation":"",
"enrollmentSecret":"",
"enrollment":{
"signingIdentity":"114aab0e76bf0c78308f89efc4b8c9423e31568da0c340ca187a9b17aa9a4457",
"identity":{
"certificate":"-----BEGIN CERTIFICATE-----\n
MIICGjCCAcCgAwIBAgIRANuOnVN+yd/BGyoX7ioEklQwCgYIKoZIzj0EAwIwczEL\n
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\n
cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh\n
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMTcwNjI2MTI0OTI2WhcNMjcwNjI0MTI0OTI2\n
WjBbMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN\n
U2FuIEZyYW5jaXNjbzEfMB0GA1UEAwwWQWRtaW5Ab3JnMS5leGFtcGxlLmNvbTBZ\n
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGu8KxBQ1GkxSTMVoLv7NXiYKWj5t6Dh\n
WRTJBHnLkWV7lRUfYaKAKFadSii5M7Z7ZpwD8NS7IsMdPR6Z4EyGgwKjTTBLMA4G\n
A1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1UdIwQkMCKAIBmrZau7BIB9\n
rRLkwKmqpmSecIaOOr0CF6Mi2J5H4aauMAoGCCqGSM49BAMCA0gAMEUCIQC4sKQ6\n
CEgqbTYe48az95W9/hnZ+7DI5eSnWUwV9vCd/gIgS5K6omNJydoFoEpaEIwM97uS\n
XVMHPa0iyC497vdNURA=\n
-----END CERTIFICATE-----\n"
}
}
}
To create a profile, it is done with composer cli tool. You have to execute the following command:
composer identity import -p hlfv1 -u Admin -c ../Downloads/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/Admin#org1.example.com-cert.pem -k ../Downloads/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/072d0b5a2dfc61beb8120736a9aa836f5046148dcba178ba52d57a4e26def8b6_sk
I see you're using the sample Developer environment. Why not just go into the fabric-tools directory (you downloaded) and run ./createComposerProfile.sh . It will import the required crypto material into the composer credentials directory for the dev setup, and that represents a channel admin and admin for the peer of the development fabric server.
Here's a workaround:
create a BlockChain Starter Plan from IBM Cloud
define the peers & channels as you wish from the UI
click download the connection profile
the file downloaded contains all the information about the Fabric, including the public/private keys and enrollmentSecret.