when I try to Create a request (proposal) and send it by using Execute,
ctxCh := sdk.ChannelContext("mychannel", fabsdk.WithUser("user1"))
chClient, err := channel.New(ctxCh)
if err != nil {
log.Fatalln("error from New channel", err)
}
req := channel.Request{
ChaincodeID: "fabcar",
Fcn: "createCar",
Args: [][]byte{[]byte("CAR10"), []byte("Honda"), []byte("Accord"), []byte("Black"), []byte("Tom")},
}
resp, err := chClient.Execute(req)
if err != nil {
log.Fatalln("error from Execute =", err)
}
I get this error:
calling orderer 'orderer.example.com:7050' failed: Orderer Client
Status Code: (2) CONNECTION_FAILED. Description: dialing connection
timed out [orderer.example.com:7050]
my config.yaml
channels:
# name of the channel
mychannel:
orderers:
- orderer.example.com
orderers:
orderer.example.com:
url: grpc://localhost:7050
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
ssl-target-name-override: orderer.example.com
tlsCACerts:
# Certificate location absolute path
path: ./crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
I think Execute function trying to connect with orderer service 'orderer.example.com:7050', and can't find it,
If I'm right, then how I can change orderer.example.com:7050 to grpc://localhost:7050
from rocketchat,
to slove this problem add to config.yaml
entityMatchers:
orderer:
- pattern: (\w+).example.(\w+)
urlSubstitutionExp: grpc://localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.example.com
mappedHost: orderer.example.com
to map grpc://localhost:7050 to orderer.example.com
Related
I run hyperledger fabric network with next configuration:
1 fabric-ca
1 orderer
6 peers
My common connection profile:
name: "Network"
version: "1.0"
channels:
mychannel:
orderers:
- orderer1-org0
peers:
peer1-org0:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer2-org0:
endorsingPeer: false
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1-org1:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
# discover: true
peer2-org1:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1-org2:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer2-org2:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
organizations:
org0:
mspid: org0MSP
cryptoPath: path/org0/msp
orderers:
- orderer1-org0
peers:
- peer1-org0
- peer2-org0
certificateAuthorities:
- rca-org1
org1:
mspid: org1MSP
cryptoPath: path/to/org1/msp
peers:
- peer1-org1
- peer2-org1
certificateAuthorities:
- rca-org1
org2:
mspid: org2MSP
cryptoPath: path/to/org2/msp
peers:
- peer1-org2
- peer2-org2
certificateAuthorities:
- rca-org1
orderers:
orderer1-org0:
url: grpc://XXXX:XX
grpcOptions:
grpc.keepalive_time_ms: 600000
grpc-wait-for-ready-timeout: 5000
peers:
peer1-org0:
url: grpc://XXXX:XX
grpcOptions:
grpc.keepalive_time_ms: 600000
grpc-wait-for-ready-timeout: 5000
peer2-org0:
url: grpc://XXXX:XX
grpcOptions:
grpc.keepalive_time_ms: 600000
grpc-wait-for-ready-timeout: 5000
peer1-org1:
url: grpc://XXXX:XX
grpcOptions:
grpc.keepalive_time_ms: 600000
grpc-wait-for-ready-timeout: 5000
peer2-org1:
url: grpc://XXXX:XX
grpcOptions:
grpc.keepalive_time_ms: 600000
grpc-wait-for-ready-timeout: 5000
peer1-org2:
url: grpc://XXXX:XX
grpcOptions:
grpc.keepalive_time_ms: 600000
grpc-wait-for-ready-timeout: 5000
peer2-org2:
url: grpc://XXXX:XX
grpcOptions:
grpc.keepalive_time_ms: 600000
grpc-wait-for-ready-timeout: 5000
certificateAuthorities:
rca-org1:
url: grpc://XXXX:XX
httpOptions:
verify: false
registrar:
- enrollId: XXXX
enrollSecret: XXXX
caName: rca-org1
I try to execute transfer tx from my node.js code:
async function sendTx(email) {
let wallet = await Wallets.newCouchDBWallet("http://XXXX.XXXX");
let couchDBURL = "http://XXXXX";
let stateStore = await new CDBKVS({
url: couchDBURL
});
let configPATH = 'path/to/config.yaml';
let client1 = Client.loadFromConfig(configPATH);
client1.setStateStore(stateStore);
let cryptoSuite = Client.newCryptoSuite();
let cryptoKS = Client.newCryptoKeyStore(CDBKVS, {
url: couchDBURL
});
cryptoSuite.setCryptoKeyStore(cryptoKS);
client1.setCryptoSuite(cryptoSuite);
let connectionProfile = client1._network_config._network_config;
// connect to the network
let gateway = new Gateway();
await gateway.connect(connectionProfile, {
wallet,
identity: email,
discovery: { enabled: false, asLocalhost: false }
});
let network = await gateway.getNetwork('mychannel');
// get contract
let tokenERC20Contract = network.getContract('erc-20');
let clientID = await tokenERC20Contract.evaluateTransaction('ClientAccountID');
console.log('client acc id: ', clientID.toString('ascii'));
let accBalancee = await tokenERC20Contract.evaluateTransaction('BalanceOf', clientID.toString('ascii'));
console.log('acc balance: ', accBalancee.toString('ascii'));
if (accBalancee > 5) {
let transferTx = tokenERC20Contract.createTransaction('Transfer');
let result = await transferTx.submit("XXXX", 1);
console.log('result transfer: ', result);
}
}
peer1-org1 logs:
2022-10-07 09:41:38.219 UTC 0577 WARN [endorser] ProcessProposal -> Failed to invoke chaincode channel=mychannel chaincode=token-erc-20 error="error in simulation: failed to execute transaction XXXX: error sending: txid: XXXX(mychannel) exists"
2022-10-07 09:41:38.217 UTC 0570 INFO [comm.grpc.server] 1 -> unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=10.38.66.18:52088 grpc.code=OK grpc.call_duration=896.107µs
2022-10-07 09:41:38.219 UTC 0578 INFO [comm.grpc.server] 1 -> unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=10.38.66.18:52092 grpc.code=OK grpc.call_duration=771.269µs
2022-10-07 09:41:38.265 UTC 0579 INFO [endorser] callChaincode -> finished chaincode: token-erc-20 duration: 49ms channel=mychannel txID=87af4e13
2022-10-07 09:41:38.266 UTC 057a INFO [comm.grpc.server] 1 -> unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=10.38.66.18:52090 grpc.code=OK grpc.call_duration=50.344009ms
2022-10-07 09:41:38.267 UTC 057b INFO [peer.chaincode.dev-peer1-org1-token-erc-20-1.2] func2 -> 2022/10/07 09:41:38 client XXXX balance updated from 200 to 199
2022-10-07 09:41:38.267 UTC 057c INFO [peer.chaincode.dev-peer1-org1-token-erc-20-1.2] func2 -> 2022/10/07 09:41:38 recipient XXXX balance updated from 0 to 1
2022-10-07 09:41:40.495 UTC 057d INFO [gossip.privdata] StoreBlock -> Received block [30] from buffer channel=mychannel
2022-10-07 09:41:40.496 UTC 057e ERRO [protoutils] ValidateTransaction -> validateEndorserTransaction returns err proposal hash does not match
2022-10-07 09:41:40.496 UTC 057f ERRO [committer.txvalidator] validateTx -> Invalid transaction with index 0
2022-10-07 09:41:40.496 UTC 0580 INFO [committer.txvalidator] Validate -> [mychannel] Validated block [30] in 0ms
2022-10-07 09:41:40.496 UTC 0581 WARN [gossip.privdata] getTxInfoFromTransactionBytes -> Failed obtaining action from envelope: response payload is missing extension
2022-10-07 09:41:40.496 UTC 0582 WARN [validation] preprocessProtoBlock -> Channel [mychannel]: Block [30] Transaction index [0] TxId [XXXX] marked as invalid by committer. Reason code [INVALID_ENDORSER_TRANSACTION]
My transaction executed (peer1-org1 logs printed that balance updated), but I didn't understand, that I receive this logs in my terminal:
client acc id: XXX
acc balance: 200
2022-10-07T09:32:56.095Z - warn: [TransactionEventHandler]: strategyFail: commit failure for transaction "XXXX": TransactionError: Commit of transaction XXXX failed on peer peer1-org1 with status INVALID_ENDORSER_TRANSACTION
I know there are several errors like this one, but I see most of them are with the test-network, using a local environment and my case is different.
I have a blockchain running using k8s it used to be running in V1.4 and we migrated it to V2.3 so the certificates were generated without a SAN but to make them work with the new version we are using the env variable GODEBUG="x509ignoreCN=0" I can connect to it using a console client to do changes in the channel and configuration, and I can connect with a node js client and execute contracts, I want to connect using a Go client for a different app but I'm having trouble with the config.
I'm getting a TRANSIENT_FAILURE error in the Go Client and a tls: bad certificate in the peer but the certificates are the same that work for the other environments, the config.yaml I'm using is based on my configuration from the test-network that's also working.
Something weird though, is that the configPath doesn't seem to work and I need to add the users individualy to make it run.
So this is my config.yaml
---
name: network-company
version: 1.0.0
client:
organization: company
logging:
level: debug
connection:
timeout:
peer:
endorser: "300"
cryptoconfig:
path: /home/company
credentialStore:
path: /home/company/users
cryptoStore:
path: /home/company/users/admin#mycompany.com/msp
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
systemCertPool: false
client:
cert:
path: /home/company/users/admin#mycompany.com/tls/cert.pem
key:
path: /home/company/users/admin#mycompany.com/tls/key.pem
organizations:
company:
mspid: company
cryptoPath: /home/company/users/admin#mycompany.com/msp
users:
admin:
cert:
path: /home/company/users/admin#mycompany.com/msp/signcerts/cert.pem
key:
path: /home/company/users/admin#mycompany.com/msp/keystore/key.pem
peers:
- peer1.mycompany.com
- peer2.mycompany.com
peers:
peer1.mycompany.com:
url: grpcs://peer1.mycompany.com:443
tlsCACerts:
path: /home/company/users/admin#mycompany.com/tls/ca.pem
grpcOptions:
ssl-target-name-override: peer1.mycompany.com
hostnameOverride: peer1.mycompany.com
keep-alive-time: 10s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
httpOptions:
verify: false
peer2.mycompany.com:
url: grpcs://peer2.mycompany.com:443
tlsCACerts:
path: /home/company/users/admin#mycompany.com/tls/ca.pem
grpcOptions:
ssl-target-name-override: peer2.mycompany.com
hostnameOverride: peer2.mycompany.com
keep-alive-time: 10s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: true
httpOptions:
verify: false
channels:
mychannel:
peers:
peer1.mycompany.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer2.mycompany.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig:
minResponses: 1
maxTargets: 1
retryOpts:
attempts: 5
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
entityMatchers:
peer:
- pattern: peer1.mycompany.com
urlSubstitutionExp: peer1.mycompany.com:443
sslTargetOverrideUrlSubstitutionExp: peer1.mycompany.com
mappedHost: peer1.mycompany.com
- pattern: peer2.mycompany.com
urlSubstitutionExp: peer2.mycompany.com:443
sslTargetOverrideUrlSubstitutionExp: peer2.mycompany.com
mappedHost: peer2.mycompany.com
These are my certificates paths:
/home/company/users/admin#mycompany.com
+ msp
+ admincerts/<empty>
+ signcerts/cert.pem
+ cacerts/ca.pem
+ intermediatecerts/ca.pem
+ tlscacerts/ca.pem
+ tlsintermediatecerts/ca.pem
+ keystore/key.pem
+ tls
+ ca.pem
+ cert.pem
+ key.pem
These are the logs from the client:
[fabsdk/core] 2022/01/04 14:34:09 UTC - sw.getOptsByConfig -> DEBU Initialized SW cryptosuite
[fabsdk/fab] 2022/01/04 14:34:09 UTC - n/a -> DEBU KeyStore opened at [/home/company/users/admin#mycompany.com/msp/keystore]...done
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU Client is: {Organization:company TLSCerts:{Client:{Key:{Path:/home/company/users/admin-tls#mycompany.com/tls/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin-tls#mycompany.com/tls/cert.pem Pem: bytes:[]}}}}
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU channels are: map[mychannel:{Orderers:[] Peers:map[peer1.mycompany.com:{EndorsingPeer:true ChaincodeQuery:true LedgerQuery:true EventSource:true} peer2.mycompany.com:{EndorsingPeer:true ChaincodeQuery:true LedgerQuery:true EventSource:true}] Policies:{QueryChannelConfig:{MinResponses:1 MaxTargets:1 RetryOpts:{Attempts:5 InitialBackoff:500ms MaxBackoff:5s BackoffFactor:2 RetryableCodes:map[]}} Discovery:{MinResponses:0 MaxTargets:0 RetryOpts:{Attempts:0 InitialBackoff:0s MaxBackoff:0s BackoffFactor:0 RetryableCodes:map[]}} Selection:{SortingStrategy: Balancer: BlockHeightLagThreshold:0} EventService:{ResolverStrategy: MinBlockHeightResolverMode: Balancer: BlockHeightLagThreshold:0 PeerMonitor: ReconnectBlockHeightLagThreshold:0 PeerMonitorPeriod:0s}}}]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU organizations are: map[company:{MSPID:company CryptoPath:/home/company/users/admin#mycompany.com/msp Users:map[admin:{Key:{Path:/home/company/users/admin#mycompany.com/msp/keystore/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin#mycompany.com/msp/signcerts/cert.pem Pem: bytes:[]}}] Peers:[peer1.mycompany.com peer2.mycompany.com] CertificateAuthorities:[]}]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU orderers are: map[]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU peers are: map[peer1.mycompany.com:{URL:grpcs://peer1.mycompany.com:443 GRPCOptions:map[allow-insecure:true fail-fast:false hostnameoverride:peer1.mycompany.com keep-alive-permit:false keep-alive-time:10s keep-alive-timeout:20s ssl-target-name-override:peer1.mycompany.com] TLSCACerts:{Path:/home/company/users/admin#mycompany.com/tls/ca.pem Pem: bytes:[]}} peer2.mycompany.com:{URL:grpcs://peer2.mycompany.com:443 GRPCOptions:map[allow-insecure:true fail-fast:false hostnameoverride:peer2.mycompany.com keep-alive-permit:false keep-alive-time:10s keep-alive-timeout:20s ssl-target-name-override:peer2.mycompany.com] TLSCACerts:{Path:/home/company/users/admin#mycompany.com/tls/ca.pem Pem: bytes:[]}}]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).compileMatchers -> DEBU Matchers are: {matchers:map[]}
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).compileMatchers -> DEBU Entity matchers are not configured
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadTLSClientCerts -> DEBU Reading pk from config, unable to retrieve from cert: Could not find matching key for SKI: Failed getting key for SKI [[91 7 147 74 144 157 11 46 234 18 159 199 54 134 208 140 16 147 185 225 158 7 112 91 182 170 49 46 139 190 194 99]]: key with SKI 5b07934a909d0b2eea129fc73686d08c1093b9e19e07705bb6aa312e8bbec263 not found in /home/company/users/admin#mycompany.com/msp/keystore
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadPrivateKeyFromConfig -> DEBU pk read from config successfully
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).loadIdentityConfigEntities -> DEBU Client is: {Organization:company Logging:{Level:debug} CryptoConfig:{Path:/home/company} TLSCerts:{Client:{Key:{Path:/home/company/users/admin-tls#mycompany.com/tls/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin-tls#mycompany.com/tls/cert.pem Pem: bytes:[]}} SystemCertPool:false} CredentialStore:{Path:/home/company/users CryptoStore:{Path:/home/company/users/admin#mycompany.com/msp}}}
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).loadIdentityConfigEntities -> DEBU organizations are: map[company:{MSPID:company CryptoPath:/home/company/users/admin#mycompany.com/msp Users:map[admin:{Key:{Path:/home/company/users/admin#mycompany.com/msp/keystore/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin#mycompany.com/msp/signcerts/cert.pem Pem: bytes:[]}}] Peers:[peer1.mycompany.com peer2.mycompany.com] CertificateAuthorities:[]}]
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).loadIdentityConfigEntities -> DEBU certificateAuthorities are: map[]
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).compileMatchers -> DEBU Matchers are: {matchers:map[]}
[fabsdk] 2022/01/04 14:34:09 UTC - fabsdk.initSDK -> DEBU SDK initialized successfully
SDK created
resourceManagerClient created
[fabsdk/fab] 2022/01/04 14:34:09 UTC - chconfig.(*params).SetChConfigRefreshInterval -> DEBU RefreshInterval: 1m30s
[fabsdk/util] 2022/01/04 14:34:09 UTC - lazyref.WithRefreshInterval.func1 -> DEBU Checking refreshIntervalSetter
[fabsdk/fab] 2022/01/04 14:34:09 UTC - peer.(*peerEndorser).ProcessTransactionProposal -> DEBU Processing proposal using endorser: peer2.mycompany.com:443
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).DialContext -> DEBU DialContext: peer2.mycompany.com:443
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).createConn -> DEBU creating connection [peer2.mycompany.com:443]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).createConn -> DEBU storing connection [peer2.mycompany.com:443]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).removeConn -> DEBU removing connection [peer2.mycompany.com:443]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - txn.SendProposal.func1 -> DEBU Received error response from txn proposal processing: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE
[fabsdk/common] 2022/01/04 14:34:09 UTC - retry.(*RetryableInvoker).Invoke -> DEBU Failed with err [queryChaincode failed: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE] on attempt #1. Checking if retry is warranted...
[fabsdk/common] 2022/01/04 14:34:09 UTC - retry.(*RetryableInvoker).Invoke -> DEBU ... retry for err [queryChaincode failed: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE] is NOT warranted after 1 attempt(s).
2022/01/04 14:34:09 error inicializando el SDK: error creando el cliente del canal: event service creation failed: could not get chConfig cache reference: QueryBlockConfig failed: QueryBlockConfig failed: queryChaincode failed: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE
These are the logs from the peer:
2022-01-04 15:23:56.740 UTC [core.comm] ServerHandshake -> ERRO 335 Server TLS handshake failed in 7.869808ms with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.250.37.211:33666
2022-01-04 15:23:56.740 UTC [grpc] WarningDepth -> DEBU 336 [core]grpc: Server.Serve failed to complete security handshake from "10.250.37.211:33666": remote error: tls: bad certificate
A couple of weird things: I need to add the users to the organization, some how it's not able to extract the users from the configPath and I get an error user not found.
It's looking for the tls private key in the msp/keystore folder and of course that isn't there
I tried adding the GODEBUG="x509ignoreCN=0" but it doesn't change the result
I generated an extra TLS certificates just for the client adding the SAN to them as "email:admin-tls#mycompany.com" and mapped it to the configuration with the same result.
I have tried adding and removing the entityMatchers with the same result.
I also did a tcp dump on it server answers to the Client hello with Server hello and then fails with a 400 bad request error.
I have used the configurations referenced from here and here but everything looks good to me.
I'm running out of ideas, is my configuration right? why do I need to force the clients and configPath doesn't work? why is it looking for the tls key in the msp keystore? but mostly why do I get a tls bad certificate if the certificates are good and pass an openssl verify against the ca.pem?
Thanks
UPDATE
This is my certificate info using openssl x509 -in certificate.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:00:01:ba:18:d9:cf:ed:a7:00:b9:af:b3:00:01:00:01:ba:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CO, L = Medellin, O = mycompany, CN = CA My Company, emailAddress = admin#mycompany.com
Validity
Not Before: Jan 5 12:36:08 2022 GMT
Not After : Jan 5 12:36:08 2023 GMT
Subject: C = CO, ST = ANTIOQUIA, L = MEDELLIN, O = mycompany, OU = admin, CN = admin-tls#mycompany.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d0:c8:3b:20:2f:8f:3b:91:72:f8:71:27:30:cf:
b5:6e:38:e3:5f:e6:1b:42:77:fd:00:f2:8c:1b:ae:
6c:2e:7d:50:03:75:d5:03:db:72:d5:33:27:f3:65:
c1:2a:09:72:6a:d5:cc:c5:45:ca:e5:e5:8c:65:4b:
f2:51:dc:dd:ac
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage:
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, Microsoft Encrypted File System, E-mail Protection, TLS Web Client Authentication, Any Extended Key Usage
X509v3 Subject Alternative Name:
DNS:mycompany.com
X509v3 Subject Key Identifier:
9E:C5:4B:E8:67:B1:84:BF:67:E9:BE:A3:DE:B5:EB:E3:3B:4E:D3:D0
X509v3 Authority Key Identifier:
keyid:40:54:B4:93:16:92:20:E3:DB:AA:7A:A3:13:06:EC:65:4F:83:B3:58
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.epm.com.co/CRL/CAEPMClaseI.crl
URI:http://crl2.epm.com.co/CRL/CAEPMClaseI.crl
Authority Information Access:
OCSP - URI:http://ocsp.epm.com.co/OCSP
CA Issuers - URI:http://crl.epm.com.co/CRL/CAEPMClaseI.crt
1.3.6.1.4.1.311.21.7:
0-.%+.....7.....-...K..=...>...k8...,...A..d..
S/MIME Capabilities:
......0...+....0050...*.H..
..*.H..
Signature Algorithm: sha256WithRSAEncryption
6f:d6:85:b1:08:cd:07:78:3d:92:50:85:14:3a:f0:2e:1f:84:
10:7c:1d:15:10:0f:9f:66:e7:1a:41:63:12:83:0c:7c:04:c7:
c8:f4:8b:97:d9:6e:28:78:cb:9b:af:89:6b:1a:f3:06:40:1e:
6f:90:81:8f:f9:03:ff:92:5a:de:8c:7c:35:f9:21:00:fd:85:
c0:73:48:71:c0:82:7a:17:6d:09:ce:b6:03:5a:c5:1f:4f:47:
6d:95:94:a3:e2:cd:19:03:3d:85:a0:7e:5e:cf:a5:55:32:9f:
28:cf:d4:10:c8:42:57:a1:9b:cc:9a:4b:82:75:86:15:92:b9:
ef:d2:b2:1c:5d:a9:fe:ff:d4:f2:83:9d:31:46:50:26:ea:78:
88:9c:72:0a:1e:81:42:88:7b:04:4b:4b:2b:86:3d:ed:f9:4d:
8f:5e:47:1b:0b:8e:a9:8a:ed:ed:8a:09:92:58:6b:14:6e:aa:
50:c1:ae:2f:75:41:5b:e9:28:2b:85:9f:70:0a:d3:27:64:44:
f4:f6:61:99:a0:db:90:05:8c:af:09:fa:36:a5:67:3a:b8:f5:
b3:06:fe:ba:50:aa:1f:2e:43:af:a6:3a:81:01:d1:26:cc:61:
3b:c3:d9:b5:50:d7:27:61:f6:3e:a3:1d:99:0f:f1:37:20:d4:
ea:6d:59:a9:56:09:09:74:90:d4:52:64:69:b5:ad:09:b8:67:
74:ca:52:76:0a:37:0e:29:e0:5b:5a:bc:24:42:a1:14:77:1f:
72:f5:e9:f8:64:17:2e:fc:57:e1:d3:74:3a:1d:a5:fb:f4:c3:
a3:1e:97:f3:ba:d6:33:6a:24:d5:79:d7:9c:07:b4:9d:d0:52:
24:dc:0d:d5:a1:37:42:25:09:3b:96:a5:91:19:6c:7e:58:71:
99:ff:04:14:4d:ea:25:57:23:58:2b:44:84:f9:c3:c4:f6:a6:
ed:81:75:0a:07:e4:ab:bf:74:ec:e6:8c:9e:b8:75:82:47:20:
75:64:94:45:93:2f:ec:8b:8f:2c:19:c8:b0:29:a0:4c:f7:05:
6d:c8:3d:54:78:9e:ac:17:1c:19:5e:3c:1a:ba:93:db:1c:41:
ab:09:e2:d7:e3:11:87:eb:b7:38:e6:cf:85:1e:8a:75:9d:8c:
68:44:5d:d6:60:e7:91:52:ec:08:5b:26:7b:a4:42:d6:49:fc:
3c:74:6c:96:23:99:86:6b:6b:57:89:94:ad:08:98:35:1d:38:
07:09:ae:c3:8c:1f:3c:36:94:a9:da:74:73:ff:5e:c1:0d:f7:
45:a6:85:94:1d:34:46:56:fd:82:3f:8d:c0:d0:a1:20:1b:76:
d3:2e:f8:a7:6c:3f:25:f4
So the issue seemed to be with the TLS certificates from the peers, they where generated before go 1.16 and didn't had the SANs in them, and the error seemed to be getting reflected to the go SDK. #yacovm thank you for your help figuring it out.
When trying to install and instantiate the chaincode I'm getting below error:
error coming on WSL(Windows subsystem for Linux)
Unable to install and instantiate the chaincode: failed to instantiate the chaincode: failed to get discovery service: could not get chConfig cache reference: read configuration for channel peers failed
error on Ubuntu 16.04
Unable to install and instantiate the chaincode: failed to instantiate the chaincode: failed to get discovery service: could not get chConfig cache reference: no channel peers configured for channel [mychannel]
I'm following the chainHero example. below is the complete output after running make command.
Build done
Start environment ...
Creating network "firstproject-network_default" with the default driver
Creating orderer.firstproject.com ... done
Creating ca.org1.firstproject.com ... done
Creating peer0.org1.firstproject.com ... done
Creating peer1.org1.firstproject.com ... done
Docker environment up
Start app and initializing skd with local network...
SDK created
Resource management client created
value of req is: {mychannel <nil> /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/artifacts/channel.tx [0xc0001d4fa0]}
Value of setup.Orderer is: orderer.firstproject.com
Channel created
Channel joined
Initialization Successful
ccPkg created
Chaincode installed
Unable to install and instantiate the chaincode: failed to instantiate the chaincode: failed to get discovery service: could not get chConfig cache reference: read configuration for channel peers failed
config.yaml
name: "firstproject-network"
version: 1.0.0
client:
organization: org1
logging:
level: info
peer:
timeout:
connection: 10s
response: 180s
discovery:
greylistExpiry: 10s
eventService:
timeout:
connection: 15s
registrationResponse: 15s
orderer:
timeout:
connection: 15s
response: 15s
cryptoconfig:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config
credentialStore:
path: /tmp/firstproject-store
cryptoStore:
path: /tmp/firstproject-msp
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
systemCertPool: false
client:
keyfile:
certfile:
channels:
OneOrgChannel:
peers:
peer0.org1.firstproject.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org1.firstproject.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig:
minResponses: 1
maxTargets: 1
retryOpts:
attempts: 5
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
# list of participating organizations in this network
organizations:
org1:
mspid: Org1MSP
cryptoPath: peerOrganizations/org1.firstproject.com/users/{userName}#org1.firstproject.com/msp
peers:
- peer0.org1.firstproject.com
- peer1.org1.firstproject.com
certificateAuthorities:
- ca.org1.firstproject.com
orderers:
orderer.firstproject.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.firstproject.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/ordererOrganizations/firstproject.com/tlsca/tlsca.firstproject.com-cert.pem
peers:
peer0.org1.firstproject.com:
# this URL is used to send endorsement and query requests
url: grpcs://localhost:7051
# eventUrl is only needed when using eventhub (default is delivery service)
eventUrl: grpcs://localhost:7053
grpcOptions:
ssl-target-name-override: peer0.org1.firstproject.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/peerOrganizations/org1.firstproject.com/tlsca/tlsca.org1.firstproject.com-cert.pem
peer1.org1.firstproject.com:
url: grpcs://localhost:8051
eventUrl: grpcs://localhost:8053
grpcOptions:
ssl-target-name-override: peer1.org1.firstproject.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/peerOrganizations/org1.firstproject.com/tlsca/tlsca.org1.firstproject.com-cert.pem
certificateAuthorities:
ca.org1.firstproject.com:
url: http://localhost:7054
httpOptions:
verify: false
registrar:
enrollId: admin
enrollSecret: adminpw
caName: ca.org1.firstproject.com
tlsCACerts:
path: /c/Projects/Go/src/github.com/hyperledger/firstproject/firstproject-network/crypto-config/peerOrganizations/org1.firstproject.com/ca/ca.org1.firstproject.com-cert.pem
entityMatchers:
peer:
- pattern: (\w*)peer0.org1.firstproject.com(\w*)
urlSubstitutionExp: grpcs://localhost:7051
eventUrlSubstitutionExp: grpcs://localhost:7053
sslTargetOverrideUrlSubstitutionExp: peer0.org1.firstproject.com
mappedHost: peer0.org1.firstproject.com
- pattern: (\w*)peer1.org1.firstproject.com(\w*)
urlSubstitutionExp: grpcs://localhost:8051
eventUrlSubstitutionExp: grpcs://localhost:8053
sslTargetOverrideUrlSubstitutionExp: peer1.org1.firstproject.com
mappedHost: peer1.org1.firstproject.com
orderer:
- pattern: (\w+).firstproject.(\w+):(\d+)
urlSubstitutionExp: grpcs://localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.firstproject.com
mappedHost: orderer.firstproject.com
- pattern: (\w+).firstproject.(\w+)
urlSubstitutionExp: grpcs://localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.firstproject.com
mappedHost: orderer.firstproject.com
certificateAuthorities:
- pattern: (\w*)ca.org1.firstproject.com(\w*)
urlSubstitutionExp: http://localhost:7054
mappedHost: ca.org1.firstproject.com
docker-compose.yaml
version: '2'
networks:
default:
services:
orderer.firstproject.com:
container_name: orderer.firstproject.com
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ./crypto-config/ordererOrganizations/firstproject.com/orderers/orderer.firstproject.com/msp:/var/hyperledger/orderer/msp
- ./artifacts/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/firstproject.com/orderers/orderer.firstproject.com/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
ca.org1.firstapplication.com:
image: hyperledger/fabric-ca:latest
container_name: ca.org1.firstproject.com
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.firstproject.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.firstproject.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/78da3186373e52832b71dd83ec4d36ef84722a3e3ed15e8df214b482fe2723e7_sk
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.firstproject.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/78da3186373e52832b71dd83ec4d36ef84722a3e3ed15e8df214b482fe2723e7_sk
ports:
- 7054:7054
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.firstproject.com/ca/:/etc/hyperledger/fabric-ca-server-config
peer0.org1.firstproject.com:
container_name: peer0.org1.firstproject.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_NETWORKID=firstproject
- CORE_PEER_ID=peer0.org1.firstproject.com
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_PEER_ADDRESS=peer0.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_TLS_SERVERHOSTOVERRIDE=peer0.org1.firstproject.com
#- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.firstapplication.com:7051
volumes:
- ./var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer0.org1.firstproject.com/msp:/var/hyperledger/msp
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer0.org1.firstproject.com/tls:/var/hyperledger/tls
ports:
- 7051:7051
- 7053:7053
depends_on:
- orderer.firstproject.com
links:
- orderer.firstproject.com
networks:
default:
aliases:
- peer0.org1.firstproject.com
peer1.org1.firstproject.com:
container_name: peer1.org1.firstproject.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_NETWORKID=firstproject
- CORE_PEER_ID=peer1.org1.firstproject.com
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_PEER_ADDRESS=peer1.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.firstproject.com:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_TLS_SERVERHOSTOVERRIDE=peer1.org1.firstproject.com
#- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.firstapplication.com:7051
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer1.org1.firstproject.com/msp:/var/hyperledger/msp
- ./crypto-config/peerOrganizations/org1.firstproject.com/peers/peer1.org1.firstproject.com/tls:/var/hyperledger/tls
ports:
- 8051:7051
- 8053:7053
depends_on:
- orderer.firstproject.com
links:
- orderer.firstproject.com
networks:
default:
aliases:
- peer1.org1.firstproject.com
peer-base.yaml
version: '2'
services:
peer-base:
image: hyperledger/fabric-peer:latest
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_ATTACHSTDOUT=true
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/var/hyperledger/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/var/hyperledger/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/var/hyperledger/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/var/hyperledger/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
orderer-base:
image: hyperledger/fabric-orderer:latest
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
You're using the wrong channel name to instantiate the chaincode, in the config.yaml you have defined a channel OneOrgChannel with peer peer0, peer1. However, you seem to be using a channel mychannel to instantiate chaincode.
Either change the channel name to OneOrgChannelor add mychannel in the config.yaml.
I am attemping the to execute the following statement after instantiation of my chaincode:
response, err := client.Query(channel.Request{
ChaincodeID: heligo.fsConfig.ChainCodeID,
Fcn: "invoke",
Args: defaultQueryArgs},
channel.WithRetry(retry.DefaultChannelOpts),
)
But I am getting the following debug log errors:
[fabsdk/fab] 2019/03/06 13:09:55 UTC - fab.(*EndpointConfig).PeerConfig -> DEBU Found MatchingPeerConfig for name/url [peer1.org1.example.com:7051]
[fabsdk/client] 2019/03/06 13:09:55 UTC - options.(*Params).SetPeerFilter -> DEBU PeerFilter: (options.PeerFilter)(0x8ffd50)
[fabsdk/util] 2019/03/06 13:09:55 UTC - lazyref.(*Reference).setTimerRunning -> DEBU Timer started
[fabsdk/util] 2019/03/06 13:09:55 UTC - lazyref.checkTimeStarted -> DEBU Starting timer
[fabsdk/client] 2019/03/06 13:09:55 UTC - fabricselection.(*selectionFilter).Exclude -> DEBU Calling peer filter on endpoint [peer0.org2.example.com:7051]
[fabsdk/client] 2019/03/06 13:09:55 UTC - fabricselection.(*selectionFilter).Exclude -> DEBU Excluding peer [peer0.org2.example.com:7051] since it isn't in the set of peers returned by the discovery service
[fabsdk/common] 2019/03/06 13:09:55 UTC - retry.(*RetryableInvoker).Invoke -> DEBU Failed with err [Failed to get endorsing peers: error getting endorsers from channel response: no endorsement combination can be satisfied] on attempt #1. Checking if retry is warranted...
[fabsdk/common] 2019/03/06 13:09:55 UTC - retry.(*RetryableInvoker).Invoke -> DEBU ... retry for err [Failed to get endorsing peers: error getting endorsers from channel response: no endorsement combination can be satisfied] is NOT warranted after %!d(MISSING) attempt(s).
Failed to make client query: Failed to get endorsing peers: error getting endorsers from channel response: no endorsement combination can be satisfied
I cannot figure out why my peer is being excluded, I am modifying the BYFN sample project and adding my own chaincode.
My endorsement policy is:
-P "AND ('Org1MSP.peer','Org2MSP.peer')"
And my configuration file is:
name: "byfn"
version: 1.0.0
client:
organization: org1
logging:
level: debug
cryptoconfig:
path: ../../crypto-config/
credentialStore:
path: "/tmp/state-store"
cryptoStore:
path: "/tmp/crypto-store"
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
client:
keyfile:
certfile:
channels:
heligo-channel:
peers:
peer0.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org2.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org2.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig:
minResponses: 1
maxTargets: 1
retryOpts:
attempts: 5
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
organizations:
org1:
mspid: Org1MSP
cryptoPath: ../../crypto-config/peerOrganizations/org1.example.com/users/{username}#org1.example.com/msp
users:
Admin:
cert:
path: ../../crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/Admin#org1.example.com-cert.pem
User1:
cert:
path: ../../crypto-config/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp/signcerts/User1#org1.example.com-cert.pem
peers:
- peer0.org1.example.com
- peer1.org1.example.com
certificateAuthorities:
- ca_peerOrg1
org2:
mspid: Org2MSP
cryptoPath: ../../crypto-config/peerOrganizations/org2.example.com/users/{username}#org2.example.com/msp
users:
Admin:
cert:
path: ../../crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/signcerts/Admin#org2.example.com-cert.pem
User1:
cert:
path: ../../crypto-config/peerOrganizations/org2.example.com/users/User1#org2.example.com/msp/signcerts/User1#org2.example.com-cert.pem
peers:
- peer0.org2.example.com
- peer1.org2.example.com
certificateAuthorities:
- ca_peerOrg2
orderers:
orderer.example.com:
url: localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ../../crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
peers:
peer0.org1.example.com:
url: localhost:7051
eventUrl: localhost:7053
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ../../crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
peer1.org1.example.com:
url: localhost:8051
eventUrl: localhost:8053
grpcOptions:
ssl-target-name-override: peer1.org1.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ../../crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
peer0.org2.example.com:
url: localhost:9051
eventUrl: localhost:9053
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ../../crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
peer1.org2.example.com:
url: localhost:10051
eventUrl: localhost:10053
grpcOptions:
ssl-target-name-override: peer1.org2.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ../../crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
certificateAuthorities:
ca_peerOrg1:
url: http://localhost:7054
httpOptions:
verify: false
registrar:
enrollId: admin
enrollSecret: adminpw
caName: ca_peerOrg1
tlsCACerts:
path: ../../crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
ca_peerOrg2:
url: http://localhost:7064
httpOptions:
verify: false
registrar:
enrollId: admin
enrollSecret: adminpw
caName: ca_peerOrg2
tlsCACerts:
path: ../../crypto-config/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
entityMatchers:
peer:
- pattern: (\w*)peer0.org1.example.com(\w*)
urlSubstitutionExp: localhost:7051
eventUrlSubstitutionExp: localhost:7053
sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com
mappedHost: peer0.org1.example.com
- pattern: (\w*)peer1.org1.example.com(\w*)
urlSubstitutionExp: localhost:8051
eventUrlSubstitutionExp: localhost:8053
sslTargetOverrideUrlSubstitutionExp: peer1.org1.example.com
mappedHost: peer1.org1.example.com
- pattern: (\w*)peer0.org2.example.com(\w*)
urlSubstitutionExp: localhost:9051
eventUrlSubstitutionExp: localhost:9053
sslTargetOverrideUrlSubstitutionExp: peer0.org2.example.com
mappedHost: peer0.org2.example.com
- pattern: (\w*)peer1.org2.example.com(\w*)
urlSubstitutionExp: localhost:10051
eventUrlSubstitutionExp: localhost:10053
sslTargetOverrideUrlSubstitutionExp: peer1.org2.example.com
mappedHost: peer1.org2.example.com
orderer:
- pattern: (\w*)orderer.example.com(\w*)
urlSubstitutionExp: localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.example.com
mappedHost: orderer.example.com
certificateAuthorities:
- pattern: (\w*)ca_peerOrg1(\w*)
urlSubstitutionExp: localhost:7054
mappedHost: ca_peerOrg1
- pattern: (\w*)ca_peerOrg2(\w*)
urlSubstitutionExp: localhost:7064
mappedHost: ca_peerOrg2
I have really tried to get to grasp with the issue but am not5 getting anywhere due to the lack of depth in the documentation. Any help is greatly appreciated!!
The issue was that I had the wrong values for urlSubstitutionExp and eventUrlSubstitutionExp in the entity matcher section. Instead of localhost the values should have been the peer name.
I am trying to implement Node.js SDK for my Hyperledger Fabric business network. My network has one organisation, four peers, one channel, solo ordered and one CA.
I have successful managed to issue the JWT identity for user Jim and org1 organization.
When I try to invoke the the chaincode using:
curl -s -X POST \
http://localhost:4000/channels/c1/chaincodes/txman \
-H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTAwODIyNzMsInVzZXJuYW1lIjoiSmltIiwib3JnTmFtZSI6Im9yZzEiLCJpYXQiOjE1MTAwNDYyNzN9.NTDYky6jj_y1COP163Z_HA6q4v7S1_jN6BxL00Bo-Xo" \
-H "content-type: application/json" \
-d '{
"fcn":"queryTx",
"args":["TX0"]
}'
I am getting the following error:
2017-11-07 11:18:34.286] [DEBUG] SampleWebApp - Decoded from JWT token: username - Jim, orgname - org1
[2017-11-07 11:18:34.287] [DEBUG] SampleWebApp - ==================== INVOKE ON CHAINCODE ==================
[2017-11-07 11:18:34.287] [DEBUG] SampleWebApp - USERNAME: Jim
[2017-11-07 11:18:34.287] [DEBUG] SampleWebApp - ORGNAME: org1
[2017-11-07 11:18:34.287] [DEBUG] SampleWebApp - channelName : c1
[2017-11-07 11:18:34.288] [DEBUG] SampleWebApp - chaincodeName : txman
[2017-11-07 11:18:34.288] [DEBUG] SampleWebApp - fcn : queryTx
[2017-11-07 11:18:34.288] [DEBUG] SampleWebApp - args : TX0
[2017-11-07 11:18:34.292] [DEBUG] invoke-chaincode -
============ invoke transaction on organization org1 ============
[2017-11-07 11:18:34.292] [DEBUG] Helper - [FileKeyValueStore.js]: FileKeyValueStore.js - constructor
[2017-11-07 11:18:34.293] [DEBUG] Helper - [FileKeyValueStore.js]: FileKeyValueStore -- getValue
[2017-11-07 11:18:34.298] [DEBUG] Helper - [crypto_ecdsa_aes]: importKey - start
[2017-11-07 11:18:34.298] [DEBUG] Helper - [crypto_ecdsa_aes]: importKey - have the key [Circular]
[2017-11-07 11:18:34.300] [DEBUG] Helper - [utils.CryptoKeyStore]: _getKeyStore resolving store
[2017-11-07 11:18:34.300] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param X: c3cd1a318e957b0200852e4ed6c9601eadc8225eb9f79acc11b1c65df142446a
[2017-11-07 11:18:34.300] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param Y: f7bbe9fd43eaae1a0a1d2eb3024ecd79bd63c39a8d1b3b978bc8b4a652d0ef63
[2017-11-07 11:18:34.301] [DEBUG] Helper - [FileKeyValueStore.js]: FileKeyValueStore -- setValue
[2017-11-07 11:18:34.303] [DEBUG] Helper - [utils.CryptoKeyStore]: _getKeyStore resolving store
[2017-11-07 11:18:34.303] [DEBUG] Helper - [FileKeyValueStore.js]: FileKeyValueStore -- getValue
[2017-11-07 11:18:34.304] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param X: c3cd1a318e957b0200852e4ed6c9601eadc8225eb9f79acc11b1c65df142446a
[2017-11-07 11:18:34.304] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param Y: f7bbe9fd43eaae1a0a1d2eb3024ecd79bd63c39a8d1b3b978bc8b4a652d0ef63
[2017-11-07 11:18:34.305] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param X: c3cd1a318e957b0200852e4ed6c9601eadc8225eb9f79acc11b1c65df142446a
[2017-11-07 11:18:34.306] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param Y: f7bbe9fd43eaae1a0a1d2eb3024ecd79bd63c39a8d1b3b978bc8b4a652d0ef63
[2017-11-07 11:18:34.308] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param X: c3cd1a318e957b0200852e4ed6c9601eadc8225eb9f79acc11b1c65df142446a
[2017-11-07 11:18:34.308] [DEBUG] Helper - [ecdsa/key.js]: ECDSA curve param Y: f7bbe9fd43eaae1a0a1d2eb3024ecd79bd63c39a8d1b3b978bc8b4a652d0ef63
[2017-11-07 11:18:34.309] [DEBUG] Helper - [FileKeyValueStore.js]: FileKeyValueStore -- setValue
[2017-11-07 11:18:34.309] [INFO] Helper - Successfully loaded member from persistence
[2017-11-07 11:18:34.313] [DEBUG] invoke-chaincode - Sending transaction "{"_nonce":{"type":"Buffer","data":[218,130,209,154,87,123,73,36,118,155,194,91,27,250,14,216,117,202,164,5,16,237,96,208]},"_transaction_id":"dba107be47745c51eb75b6a927d68f0afd58b325c5e36326b40a729f9d858f43"}"
[2017-11-07 11:18:34.341] [DEBUG] Helper - [crypto_ecdsa_aes]: ecdsa signature: Signature {
r: <BN: cf5e0aaef0fd10d9abf468e025c6f6c1e8991d0dcddf5f5aa6b285ebdcd920ad>,
s: <BN: 8de356dcfda3ba3fb0d6decfc0e43995b3297bc7037fd3997bfba561e6d626d>,
recoveryParam: 0 }
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")
at /home/brankoterzic/Desktop/devGC/txman/node_modules/grpc/src/client.js:554:15
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")
at /home/brankoterzic/Desktop/devGC/txman/node_modules/grpc/src/client.js:554:15
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")
at /home/brankoterzic/Desktop/devGC/txman/node_modules/grpc/src/client.js:554:15
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")
at /home/brankoterzic/Desktop/devGC/txman/node_modules/grpc/src/client.js:554:15
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")
at /home/brankoterzic/Desktop/devGC/txman/node_modules/grpc/src/client.js:554:15
[2017-11-07 11:18:34.400] [ERROR] invoke-chaincode - transaction proposal was bad
[2017-11-07 11:18:34.401] [ERROR] invoke-chaincode - transaction proposal was bad
[2017-11-07 11:18:34.401] [ERROR] invoke-chaincode - transaction proposal was bad
[2017-11-07 11:18:34.401] [ERROR] invoke-chaincode - transaction proposal was bad
[2017-11-07 11:18:34.401] [ERROR] invoke-chaincode - transaction proposal was bad
[2017-11-07 11:18:34.401] [ERROR] invoke-chaincode - Failed to send Proposal or receive valid response. Response null or status is not 200. exiting...
[2017-11-07 11:18:34.401] [ERROR] invoke-chaincode - Failed to order the transaction. Error code: undefined
I was following the balance-transfer Node.js example: https://github.com/hyperledger/fabric-samples/tree/release/balance-transfer
Thank you for your answers!
I have solved this by setting up the generated crypto for CA
crypto-config/peerOrganizations/org1.example.com/ca/361a9254173cb1a97c057432094a20db9578ca69a152725f96323e00379c5ad6_sk
to
FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/361a9254173cb1a97c057432094a20db9578ca69a152725f96323e00379c5ad6_sk
in docker-compose-base.yaml env variable.