Add fabric v2.4.0

pull/142/head
Baohua Yang 2022-01-18 13:49:57 -08:00
parent 4a5e597408
commit 087b6f06a6
548 changed files with 688406 additions and 358 deletions

View File

@ -14,25 +14,26 @@ If you're not familiar with Docker and Blockchain, can have a look at these book
Fabric Release | Description Fabric Release | Description
--- | --- --- | ---
[Fabric Latest](latest/) | latest fabric code, unstable. [Fabric Latest](latest/) | latest fabric code, unstable.
[Fabric v2.3.3](v2.3.3/) | stable fabric 2.3.3 release. [Fabric v2.4.0](v2.4.0/) | fabric 2.4.0 release.
[Fabric v2.3.0](v2.3.0/) | stable fabric 2.3.0 release. [Fabric v2.3.3](v2.3.3/) | fabric 2.3.3 release.
[Fabric v2.2.4](v2.2.4/) | stable fabric 2.2.4 LTS release. [Fabric v2.3.0](v2.3.0/) | fabric 2.3.0 release.
[Fabric v2.2.1](v2.2.1/) | stable fabric 2.2.1 LTS release. [Fabric v2.2.4](v2.2.4/) | fabric 2.2.4 LTS release.
[Fabric v2.2.0](v2.2.0/) | stable fabric 2.2.0 LTS release. [Fabric v2.2.1](v2.2.1/) | fabric 2.2.1 LTS release.
[Fabric v2.1.0](v2.1.0/) | stable fabric 2.1.0 release. [Fabric v2.2.0](v2.2.0/) | fabric 2.2.0 LTS release.
[Fabric v2.0.0](v2.0.0/) | stable fabric 2.0.0 release. [Fabric v2.1.0](v2.1.0/) | fabric 2.1.0 release.
[Fabric v1.4.9](v1.4.9/) | stable fabric 1.4.9 LTS release. [Fabric v2.0.0](v2.0.0/) | fabric 2.0.0 release.
[Fabric v1.4.8](v1.4.8/) | stable fabric 1.4.8 LTS release. [Fabric v1.4.9](v1.4.9/) | fabric 1.4.9 LTS release.
[Fabric v1.4.7](v1.4.7/) | stable fabric 1.4.7 LTS release. [Fabric v1.4.8](v1.4.8/) | fabric 1.4.8 LTS release.
[Fabric v1.4.6](v1.4.6/) | stable fabric 1.4.6 LTS release. [Fabric v1.4.7](v1.4.7/) | fabric 1.4.7 LTS release.
[Fabric v1.4.5](v1.4.5/) | stable fabric 1.4.5 LTS release. [Fabric v1.4.6](v1.4.6/) | fabric 1.4.6 LTS release.
[Fabric v1.4.4](v1.4.4/) | stable fabric 1.4.4 LTS release. [Fabric v1.4.5](v1.4.5/) | fabric 1.4.5 LTS release.
[Fabric v1.4.3](v1.4.3/) | stable fabric 1.4.3 release. [Fabric v1.4.4](v1.4.4/) | fabric 1.4.4 LTS release.
[Fabric v1.4.2](v1.4.2/) | stable fabric 1.4.2 release. [Fabric v1.4.3](v1.4.3/) | fabric 1.4.3 release.
[Fabric v1.4.0](v1.4.0/) | stable fabric 1.4.0 release. [Fabric v1.4.2](v1.4.2/) | fabric 1.4.2 release.
[Fabric v1.3.0](v1.3.0/) | stable fabric 1.3.0 release. [Fabric v1.4.0](v1.4.0/) | fabric 1.4.0 release.
[Fabric v1.2.0](v1.2.0/) | stable fabric 1.2.0 release. [Fabric v1.3.0](v1.3.0/) | fabric 1.3.0 release.
[Fabric v1.1.0](v1.1.0/) | stable fabric 1.1.0 release. [Fabric v1.2.0](v1.2.0/) | fabric 1.2.0 release.
[Fabric v1.1.0](v1.1.0/) | fabric 1.1.0 release.
[Fabric v1.0.6](v1.0.6/) | fabric v1.0.6 release. [Fabric v1.0.6](v1.0.6/) | fabric v1.0.6 release.
[Fabric v1.0.0](v1.0.0/) | fabric v1.0.0 release. [Fabric v1.0.0](v1.0.0/) | fabric v1.0.0 release.
[Fabric v0.6.0](v0.6.0/) | fabric v0.6.0 release (too old, not recommend to use). [Fabric v0.6.0](v0.6.0/) | fabric v0.6.0 release (too old, not recommend to use).

View File

@ -1,339 +0,0 @@
#!/usr/bin/env sh
# Fetch a config block and update it. The new channel cfg section will be generated by $CAL_NEW_CFG_PY
# Usage: ./script channelListFile ordererURL mspId mspPath
# For testing a single channel, can use as: ./script channel ordererURL mspId mspPath
SYS_CHANNEL_NAME="testchainid" # default system channel name
CAL_NEW_CFG_PY="calc-new-channel-cfg.py" # script to calculate the new channel cfg section
# use configtxlator to decode pb to json
# Usage: configtxlatorDecode msgType input output
configtxlatorDecode() {
msgType=$1
input=$2
output=$3
if [ ! -f "$input" ]; then
echo "configDecode: input file not found"
exit 1
fi
if ! command -v configtxlator >/dev/null 2>&1; then
echo "configtxlator could not be found, please install it first"
exit 1
fi
echo "Decode $input --> $output using type $msgType"
configtxlator proto_decode \
--type="${msgType}" \
--input="${input}" \
--output="${output}"
[ $? -ne 0 ] && echo "Failed to decode config section from pb"
}
# use configtxlator to encode json to pb
# Usage: configtxlatorEncode msgType input output
configtxlatorEncode() {
msgType=$1
input=$2
output=$3
if [ ! -f "$input" ]; then
echo "configEncode: input file not found"
exit 1
fi
if ! command -v configtxlator >/dev/null 2>&1; then
echo "configtxlator could not be found, please install it first"
exit 1
fi
echo "Config Encode $input --> $output using type $msgType"
configtxlator proto_encode \
--type="${msgType}" \
--input="${input}" \
--output="${output}"
[ $? -eq 0 ] || echo "Failed to encode config section to pb"
}
# compute diff between two pb
# Usage: configtxlatorCompare channel origin_pb updated_pb output_pb
configtxlatorCompare() {
channel=$1
origin=$2
updated=$3
output=$4
echo "Config Compare $origin vs $updated > ${output} in channel $channel"
if [ ! -f "$origin" ] || [ ! -f "$updated" ]; then
echo "input file not found"
exit 1
fi
configtxlator compute_update \
--original="${origin}" \
--updated="${updated}" \
--channel_id="${channel}" \
--output="${output}"
[ $? -eq 0 ] || echo "Failed to compute config update"
}
# fetchConfigBlock fetch the latest config block, and parse the config section into channelCfgJson
# Usage: fetchConfigBlock channel mspId mspPath ordererURL ordererTLSRoot channelCfgJson
fetchConfigBlock() {
if [ $# -lt 6 ]; then
echo "Not enough argument supplied"
echo "$(basename $0) channel channel_config_block_cfg.json update_tx.pb"
exit 1
fi
channel=$1
mspId=$2
mspPath=$3
ordererURL=$4
ordererTLSRoot=$5
channelCfgJson=$6
config_block=${channel}_config.block
PAYLOAD_CFG_PATH=".data.data[0].payload.data.config"
export CORE_PEER_LOCALMSPID=${mspId}
export CORE_PEER_MSPCONFIGPATH=${mspPath}
export CORE_PEER_TLS_ROOTCERT_FILE=${ordererTLSRoot}
peer channel fetch config "${config_block}" \
-c "${channel}" \
-o "${ordererURL}" \
--tls \
--cafile "${ordererTLSRoot}"
echo "[${channel}] Decode config block into ${channel}_config.block.json"
configtxlatorDecode "common.Block" "${channel}_config.block" "${channel}_config_block.json"
echo "[${channel}] Export the config section ${PAYLOAD_CFG_PATH} from ${channel}_config_block.json into ${channelCfgJson}"
jq "${PAYLOAD_CFG_PATH}" "${channel}_config_block.json" >"${channelCfgJson}"
jq . "${channelCfgJson}" >/dev/null
[ $? -ne 0 ] && {
echo "${channel}_config_block_cfg.json is invalid"
exit 1
}
return 0
}
# Generate a new config section json from old config section, including the channel cfg updates
# Usage genNewCfgSection channel old_config_json new_config_json
calcNewCfgSection() {
if [ $# -lt 3 ]; then
echo "Not enough argument supplied"
echo "$(basename $0) channel channel_config_block_cfg.json channel_config_block_cfg_new.json"
exit 1
fi
channel=$1
oldCfgJson=$2 # ${channel}_config_block_cfg.json
newCfgJson=$3 # ${channel}_config_block_cfg_new.json
# TODO: here we calculate the new channel cfg json using python
if [ "${channel}" = "${SYS_CHANNEL_NAME}" ]; then
python3 $CAL_NEW_CFG_PY --sys --input $oldCfgJson --output $newCfgJson
else
python3 $CAL_NEW_CFG_PY --input $oldCfgJson --output $newCfgJson
fi
jq . "${newCfgJson}" >/dev/null
[ $? -ne 0 ] && {
echo "${newCfgJson} is invalid"
exit 1
}
}
# Generate a channel update transaction based on existing config block
# Usage genUpdateTx channel old_config_json update_tx_pb
genUpdateTx() {
if [ $# -lt 3 ]; then
echo "Not enough argument supplied"
echo "$(basename $0) channel channel_config_block_cfg.json update_tx.pb"
exit 1
fi
channel=$1
oldCfgJson=$2 # ${channel}_config_block_cfg.json
oldCfgPb=${channel}_config_block_cfg.pb
newCfgJson=${channel}_config_block_cfg_new.json
newCfgPb=${channel}_config_block_cfg_new.pb
deltaCfgPb=${channel}_config_block_cfg_delta.pb
deltaCfgJson=${channel}_config_block_cfg_delta.json
deltaCfgEnvJson=${channel}_config_block_cfg_delta_env.json
deltaCfgEnvPb=${3:-${channel}_config_block_cfg_delta_env.pb}
echo "[$channel] Start generating a channel update tx..."
echo "[$channel] Modify channel cfg section: ${oldCfgJson}-->${newCfgJson}"
calcNewCfgSection "${channel}" "${oldCfgJson}" "${newCfgJson}"
echo "[$channel] Convert channel cfg section json into pb files ..."
configtxlatorEncode "common.Config" "${oldCfgJson}" "${oldCfgPb}"
configtxlatorEncode "common.Config" "${newCfgJson}" "${newCfgPb}"
echo "[$channel] Calculate the config delta between pb files: ${oldCfgPb}+${newCfgPb}-->${deltaCfgPb}"
configtxlatorCompare "${channel}" "${oldCfgPb}" "${newCfgPb}" "${deltaCfgPb}"
echo "[$channel] Decode the config delta pb into json: ${deltaCfgPb}-->${deltaCfgJson}"
configtxlatorDecode "common.ConfigUpdate" "${deltaCfgPb}" "${deltaCfgJson}"
jq . "${deltaCfgJson}" >/dev/null
[ $? -ne 0 ] && {
echo "${deltaCfgJson} is invalid"
exit 1
}
echo "[$channel] Wrap the delta config section as an envelope: ${deltaCfgJson}-->${deltaCfgEnvJson}"
echo '{"payload":{"header":{"channel_header":{"channel_id":"'"$channel"'", "type":2}},"data":{"config_update":'$(cat ${deltaCfgJson})'}}}' | jq . >"${deltaCfgEnvJson}"
echo "[$channel] Encode the delta config update envelope into pb: ${deltaCfgEnvJson}-->${deltaCfgPb}"
configtxlatorEncode "common.Envelope" "${deltaCfgEnvJson}" "${deltaCfgEnvPb}"
echo "[$channel] Channel update tx is generated as ${deltaCfgPb}, now ready to sign and send the channel update tx"
return 0
}
# Sign a channel update transaction
# Usage: signUpdateTx update_tx mspId mspPath
signUpdateTx() {
if [ $# -lt 3 ]; then
echo "Not enough argument supplied, at least need 3"
echo "$(basename $0) udpate_tx mspId mspPath..."
fi
tx=$1; shift
for((i=1;i<=$#;)); do
mspId=${!i}
((i++))
mspPath=${!i}
((i++))
echo "Sign channel config tx $tx by $mspId $mspPath"
[ -f "${tx}" ] || {
echo "${tx} not exist"
exit 1
}
export CORE_PEER_LOCALMSPID=${mspId}
export CORE_PEER_MSPCONFIGPATH=${mspPath}
peer channel signconfigtx -f "${tx}" >log.txt 2>&1
rc=$?
[ $rc -ne 0 ] && cat log.txt
if [ $rc -ne 0 ]; then
echo "Sign channel config tx $tx by $mspId failed"
return 1
else
echo "Sign channel config tx $tx by $mspId is successful"
fi
done
return 0
}
# Send a channel update transaction
# Usage: sendUpdateTx "${channel}" "${mspId}" "${mspPath}" "${ordererURL}" "${ordererTLSRoot}" "${updateTx}"
sendUpdateTx() {
if [ $# -lt 6 ]; then
echo "Not enough argument supplied"
echo "$(basename $0) channel mspId mspPath ordererURL ordererTLSRoot updateTx"
exit 1
fi
channel=$1
mspId=$2
mspPath=$3
ordererURL=$4
ordererTLSRoot=$5
tx=$6
export CORE_PEER_LOCALMSPID=${mspId}
export CORE_PEER_MSPCONFIGPATH=${mspPath}
export CORE_PEER_TLS_ROOTCERT_FILE=${ordererTLSRoot}
echo "[${channel}] Send the channel update tx by $mspId $mspPath to $ordererURL"
peer channel update \
-c "${channel}" \
-o "${ordererURL}" \
-f "${tx}" \
--tls \
--cafile "${ordererTLSRoot}" \
>log.txt 2>&1
[ $? -ne 0 ] && { echo "[${channel}] Failed to send channel update tx to OSN" && cat log.txt; }
return 0
}
# Entrance function, will call other functions
# Update a single channel's config, need to be founder's admin
# Usage: updateChannel channel, ordererURL, mspId, mspPath, (mspId2, mspPath2...)
UpdateChannel() {
if [ $# -lt 3 ]; then
echo "Not enough argument supplied"
echo "$(basename $0) channel ordererURL mspId mspPath=${PWD}/msp-mspId msp1 mspPath1 msp2 mspPath2..."
exit 1
fi
channel=$1
ordererURL=$2
mspId=$3
mspPath=${4:-${PWD}/msp-${mspId}} # Suppose the msp path named as msp-${msp_id}
ordererTLSRoot=${mspPath}/tlscacerts/tlsca.cert
channelCfgJson=${channel}_config_block_cfg.json
updateTx="${channel}_config_block_cfg_delta_env.pb"
export FABRIC_LOGGING_SPEC="debug"
#export CORE_PEER_LOCALMSPID=${mspId}
#export CORE_PEER_MSPCONFIGPATH=${mspPath}
#export CORE_PEER_TLS_ROOTCERT_FILE=${ordererTLSRoot}
#export CORE_PEER_TLS_ENABLED=true # Let client use TLS connection when connecting to peer
echo "[${channel}] Fetch config block from ${ordererURL} and decode the cfg section into ${channelCfgJson}"
fetchConfigBlock "${channel}" "${mspId}" "${mspPath}" "${ordererURL}" "${ordererTLSRoot}" "$channelCfgJson"
[ $? -ne 0 ] && { echo "[${channel}] Failed to fetch latest config from OSN" && exit 1; }
echo "[${channel}] Generate the channel update tx"
genUpdateTx "${channel}" "${channelCfgJson}" "${updateTx}"
[ $? -ne 0 ] && { echo "[${channel}] Failed to generate new channel config" && exit 1; }
# TODO: do we support multiple msps?
echo "[${channel}] Sign the channel update tx ${updateTx} by $mspId $mspPath"
signUpdateTx "${updateTx}" "${mspId}" "${mspPath}" "${otherMSPs}"
[ $? -ne 0 ] && { echo "[${channel}] Failed to sign the channel config update tx" && exit 1; }
echo "[${channel}] Send the channel update tx ${updateTx} by $mspId $mspPath to ${ordererTLSRoot}"
sendUpdateTx "${channel}" "${mspId}" "${mspPath}" "${ordererURL}" "${ordererTLSRoot}" "${updateTx}"
[ $? -ne 0 ] && { echo "[${channel}] Failed to send the channel update tx to ${ordererURL}" && exit 1; }
}
if [ $# -lt 4 ]; then
echo "Not enough argument supplied, at least 4"
echo "$(basename $0) channelListFile ordererURL orderer-mspId orderer-mspPath other-mspId other-mspPath..."
exit 1
fi
channelListFile=$1
if [ -f ${channelListFile} ]; then
i=0
while read channel; do
((i++))
echo "Will process channel[$i]=$channel"
if [[ $channel =~ ^#.* ]]; then
echo "channel[$i]=$channel is ignored"
else
UpdateChannel "$channel" "${@:2}"
fi
done <${channelListFile}
else
# for test purpose only
UpdateChannel "$@" # channel, ordererURL, mspid, mspPath
fi

View File

@ -0,0 +1,3 @@
# for docker-compose usage
FABRIC_IMG_TAG=2.4.0
NETWORK=hlf_net

View File

@ -0,0 +1,316 @@
# Makefile to bootup the network, and do testing with channel, chaincode
# Run `make test` will pass all testing cases, and delete the network
# Run `make ready` will create a network, pass testing cases, and stand there for manual test, e.g., make test_channel_list
# support advanced bash grammar
SHELL:=/bin/bash
# mode of the network: raft only for 2.x
HLF_MODE ?= raft
# mode of db: golevel, couchdb
DB_MODE ?= golevel
# mode of dev
DEV_MODE ?= non-dev
NETWORK_INIT_WAIT ?= 2 # time to wait the fabric network finish initialization
COMPOSE_FILE ?= "docker-compose-2orgs-4peers-raft.yaml"
ifeq ($(HLF_MODE),raft)
NETWORK_INIT_WAIT=5
else
NETWORK_INIT_WAIT=30
endif
COMPOSE_FILE="docker-compose-2orgs-4peers-$(HLF_MODE).yaml"
LOG_PATH ?= $(HLF_MODE)/logs
ifeq ($(DB_MODE),couchdb)
COMPOSE_FILE="docker-compose-2orgs-4peers-couchdb.yaml"
endif
ifeq ($(DEV_MODE),dev)
COMPOSE_FILE="docker-compose-2orgs-4peers-dev.yaml"
endif
all: test
test:
@echo "Run test with $(COMPOSE_FILE)"
@echo "Please make sure u have setup Docker and pulled images by 'make setup download'."
make ready # Run all testing till ready
make stop clean
ready: # create/join channel, install/instantiate cc
make stop
# make clean_config_channel # Remove existing channel artifacts
make gen_config_crypto # Will ignore if local config path exists
make gen_config_channel # Will ignore if local config path exists
make start
sleep ${NETWORK_INIT_WAIT}
make channel_test
make update_anchors
make cc_test # test_cc_install test_cc_approveformyorg test_cc_checkcommitreadiness test_cc_commit test_cc_querycommitted test_cc_invoke_query
# make test_lscc # test lscc operations, in v2.0, legacy lscc won't work
make test_qscc # test qscc operations
make test_cscc # test cscc operations
make test_fetch_blocks # fetch block files
make test_gen_add_org3_tx
make test_channel_update
make test_fetch_blocks # fetch block files again
make test_configtxlator
make test_channel_list
make test_channel_getinfo
# make logs_save
@echo "Now the fabric network is ready to play"
@echo "* run 'make cli' to enter into the fabric-cli container."
@echo "* run 'make stop' when done."
# channel related operations
channel_test: test_channel_create test_channel_join test_channel_list test_channel_getinfo
# chaincode related operations
cc_test: test_cc_install test_cc_queryinstalled test_cc_approveformyorg test_cc_queryapproved test_cc_checkcommitreadiness test_cc_commit test_cc_querycommitted test_cc_invoke_query
restart: stop start
start: # bootup the fabric network
@echo "Start a fabric network with ${COMPOSE_FILE}..."
@make clean
@echo "Make sure the local hlf_net docker bridge exists"
docker network ls|grep hlf_net > /dev/null || docker network create hlf_net
@docker-compose -f ${COMPOSE_FILE} up -d # Start a fabric network
stop: # stop the fabric network
@echo "Stop the fabric network with ${COMPOSE_FILE}..."
@docker-compose -f ${COMPOSE_FILE} down >& /tmp/docker-compose.log
chaincode_dev: restart chaincode_init test_cc_peer0 stop
################## Channel testing operations ################
test_channel_list: # List the channel that peer joined
@echo "List the joined channels"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_list.sh"
test_channel_getinfo: # Get info of a channel
@echo "Get info of the app channel"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_getinfo.sh"
test_channel_create: # Init the channel
@echo "Create channel on the fabric network"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_create.sh"
test_channel_join: # Init the channel
@echo "Join channel"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_join.sh"
update_anchors: # Update the anchor peer
@echo "Update anchors on the fabric network"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_update_anchors.sh"
test_channel_update: # send the channel update transaction
@echo "Test channel update with adding new org"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_update.sh"
################## Configtxlator testing operations ################
test_configtxlator: # Test change config using configtxlator
@echo "Testing decoding and encoding with configtxlator"
bash scripts/test_configtxlator.sh ${HLF_MODE}
@echo "Flattening the json files of all blocks"
python3 scripts/json_flatter.py ${HLF_MODE}/channel-artifacts/
test_gen_add_org3_tx: # Test change config to add new org
bash scripts/test_gen_add_org3_tx.sh ${HLF_MODE}
################## Chaincode testing operations ################
test_cc: # test chaincode, deprecated
if [ "$(HLF_MODE)" = "dev" ]; then \
make test_cc_peer0; \
else \
make test_cc_invoke_query; \
fi
test_cc_install: # Install the chaincode
@echo "Install chaincode to all peers"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_install.sh"
test_cc_queryinstalled: # Query the installed chaincodes
@echo "Query the installed chaincode"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_queryinstalled.sh"
test_cc_getinstalled: # Get the installed chaincodes package
@echo "Get the installed chaincode package"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_getinstalled.sh"
test_cc_approveformyorg: # Approve the chaincode definition
@echo "Approve the chaincode by all orgs"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_approveformyorg.sh"
test_cc_queryapproved: # Query the approved chaincode definition
@echo "Query the approved status of chaincode"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_queryapproved.sh"
test_cc_checkcommitreadiness: # Query the approval status of chaincode
@echo "Query the chaincode approval status by all orgs"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_checkcommitreadiness.sh"
test_cc_commit: # Commit the chaincode definition
@echo "Commit the chaincode by any org"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_commit.sh"
test_cc_querycommitted: # Query the commit status of the chaincode definition
@echo "Query the commit status of chaincode"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_querycommitted.sh"
test_cc_instantiate: # Instantiate the chaincode
@echo "Instantiate chaincode on the fabric network"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_instantiate.sh"
test_cc_upgrade: # Upgrade the chaincode
@echo "Upgrade chaincode on the fabric network"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_upgrade.sh"
test_cc_list: # List the chaincode
@echo "List chaincode information (installed and instantited)"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_list.sh"
test_cc_invoke_query: # test user chaincode on all peers
@echo "Invoke and query cc example02 on all peers"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_invoke_query.sh"
test_cscc: # test cscc queries
@echo "Test CSCC query"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cscc.sh"
test_qscc: # test qscc queries
@echo "Test QSCC query"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_qscc.sh"
test_lscc: # test lscc quries
@echo "Test LSCC query"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_lscc.sh"
# FIXME: docker doesn't support wildcard in cp right now
test_fetch_blocks: # test fetching channel blocks fetch
@echo "Test fetching block files"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_fetch_blocks.sh"
test_eventsclient: # test get event notification in a loop
@echo "Test fetching event notification"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/start_eventsclient.sh"
test_sidedb: # test sideDB/private data feature
@echo "Test sideDB"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_sideDB.sh"
temp: # test temp instructions, used for experiment
@echo "Test experimental instructions"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_temp.sh"
################## Env setup related, no need to see usually ################
setup: # setup the environment
bash scripts/env_setup.sh # Installing Docker and Docker-Compose
check: # Check shell scripts grammar
@echo "Check shell scripts grammar"
[ `which shellcheck` ] && shellcheck scripts/*.sh
clean: # clean up containers and chaincode images
@echo "Clean all HLF containers and chaincode images"
@-docker ps -a | awk '{ print $$1,$$2 }' | grep "hyperledger/fabric" | awk '{ print $$1 }' | xargs -r -I {} docker rm -f {}
@-docker ps -a | awk '$$2 ~ /dev-peer/ { print $$1 }' | xargs -r -I {} docker rm -f {}
@-docker images | awk '$$1 ~ /dev-peer/ { print $$3 }' | xargs -r -I {} docker rmi -f {}
echo "May clean the config: HLF_MODE=${HLF_MODE} make clean_config_channel"
# Clean deeply by removing all generated files: container, artifacts, credentials
purge: clean
HLF_MODE=raft make clean_config_channel
make clean_config_crypto
env_clean: # clean up Docker environment
@echo "Clean all images and containers"
bash scripts/env_clean.sh
cli: # enter the cli container
docker exec -it fabric-cli bash
orderer: orderer0
orderer0: # enter the orderer0 container
docker exec -it orderer0.example.com bash
orderer1: # enter the orderer0 container
docker exec -it orderer1.example.com bash
peer: peer0
peer0: # enter the peer container
docker exec -it peer0.org1.example.com bash
peer1: # enter the peer container
docker exec -it peer1.org1.example.com bash
ps: # show existing docker images
docker ps -a
logs: # show logs
docker-compose -f ${COMPOSE_FILE} logs -f --tail 200
logs_check: logs_save logs_view
logs_save: # save logs
@echo "All tests done, saving logs locally"
[ -d $(LOG_PATH) ] || mkdir -p $(LOG_PATH)
docker logs peer0.org1.example.com >& $(LOG_PATH)/dev_peer0.log
docker logs orderer0.example.com >& $(LOG_PATH)/dev_orderer.log
docker-compose -f ${COMPOSE_FILE} logs >& $(LOG_PATH)/dev_all.log
logs_view: # view logs
less $(LOG_PATH)/dev_peer.log
elk: # insert logs into elk
# curl -XDELETE http://localhost:9200/logstash-\*
nc localhost 5000 < $(LOG_PATH)/dev_all.log
gen_config_crypto: # generate crypto config
bash scripts/gen_crypto_artifacts.sh
gen_config_channel: # generate channel artifacts
bash scripts/gen_channel_artifacts.sh ${HLF_MODE}
clean_config_channel: # clean channel related artifacts
rm -rf ${HLF_MODE}/channel-artifacts/*
clean_config_crypto: # clean config artifacts
echo "Warning: Cleaning credentials will affect artifacts in raft mode"
rm -rf crypto-config/*
rm -rf org3/crypto-config/*
download: # download required images
@echo "Download Docker images"
bash scripts/download_images.sh
################## chaincode dev mode ################
chaincode_init: # start chaincode in dev mode and do install/instantiate
@echo "Install and instantiate cc example02 on the fabric dev network"
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/init_chaincode_dev.sh"

View File

@ -0,0 +1,78 @@
# All elements in this file should depend on the base-solo.yaml
# Provided solo-base fabric network with:
# ca.org1.example.com
# ca.org2.example.com
# orderer.example.com
# peer0.org1.example.com
# peer1.org1.example.com
# peer0.org2.example.com
# peer1.org2.example.com
# cli
version: '2' # v3 does not support 'extends' yet
services:
ca.org1.example.com: # ca node for org1
extends:
file: base-solo.yaml
service: ca.org1.example.com
environment:
- FABRIC_CA_SERVER_TLS_ENABLED=false
ca.org2.example.com: # ca node for org1
extends:
file: base-solo.yaml
service: ca.org2.example.com
environment:
- FABRIC_CA_SERVER_TLS_ENABLED=false
orderer.example.com: # orderer node for example org
extends:
file: base-solo.yaml
service: orderer.example.com
environment:
- ORDERER_GENERAL_TLS_ENABLED=false
cli: # client node
extends:
file: base-solo.yaml
service: cli
environment:
#- GOPATH=/opt/gopath
- CORE_PEER_TLS_ENABLED=false # to enable TLS, change to false
## following are peer nodes ##
peer0.org1.example.com:
extends:
file: base-solo.yaml
service: peer0.org1.example.com
environment:
- CORE_PEER_TLS_ENABLED=false
peer1.org1.example.com:
extends:
file: base-solo.yaml
service: peer1.org1.example.com
environment:
- CORE_PEER_TLS_ENABLED=false
peer0.org2.example.com:
extends:
file: base-solo.yaml
service: peer0.org2.example.com
environment:
- CORE_PEER_TLS_ENABLED=false
peer1.org2.example.com:
extends:
file: base-solo.yaml
service: peer1.org2.example.com
environment:
- CORE_PEER_TLS_ENABLED=false
event-listener:
extends:
file: base-solo.yaml
service: event-listener

View File

@ -0,0 +1,207 @@
# All elements in this file should depend on the base.yaml
# Provided a Kafka enabled fabric network with:
# ca.org1.example.com
# ca.org2.example.com
# orderer0.example.com
# orderer1.example.com
# peer0.org1.example.com
# peer1.org1.example.com
# peer0.org2.example.com
# peer1.org2.example.com
# 3 zookeeper nodes
# 4 raft nodes
# cli
version: '2' # v3 does not support 'extends' yet
services:
ca.org1.example.com:
extends:
file: base.yaml
service: ca-base
container_name: ca.org1.example.com
hostname: ca.org1.example.com
environment:
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/c843d3f021118963ce5d340e95286e8869bb7bd051454cd4166aa2887a2ad451_sk
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/c843d3f021118963ce5d340e95286e8869bb7bd051454cd4166aa2887a2ad451_sk -b admin:adminpw -d'
ca.org2.example.com:
extends:
file: base.yaml
service: ca-base
container_name: ca.org2.example.com
hostname: ca.org2.example.com
environment:
- FABRIC_CA_SERVER_CA_NAME=ca-org2
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/1ee551a8753171c0377366e96a1d7ec01afddb868c9483cc501b6f8ac7ae752f_sk
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/1ee551a8753171c0377366e96a1d7ec01afddb868c9483cc501b6f8ac7ae752f_sk -b admin:adminpw -d'
orderer0.example.com: # There can be multiple orderers
extends:
file: base.yaml
service: orderer-base
container_name: orderer0.example.com
hostname: orderer0.example.com
ports:
- "7050:7050"
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
# below 4 must be defined/undefined together, for using separate network for raft
#- ORDERER_GENERAL_CLUSTER_LISTENADDRESS=0.0.0.0
#- ORDERER_GENERAL_CLUSTER_LISTENPORT=7050 # this must be the same with channel config
#- ORDERER_GENERAL_CLUSTER_SERVERCERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
#- ORDERER_GENERAL_CLUSTER_SERVERPRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
volumes:
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/:/etc/hyperledger/fabric/tls
- ./raft/channel-artifacts/orderer0.genesis.block:/etc/hyperledger/fabric/orderer.genesis.block
command: orderer start
orderer1.example.com: # There can be multiple orderers
extends:
file: base.yaml
service: orderer-base
container_name: orderer1.example.com
hostname: orderer1.example.com
ports:
- "8050:7050"
environment:
- ORDERER_GENERAL_CLUSTER_SENDBUFFERSIZE=10
volumes:
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/:/etc/hyperledger/fabric/tls
- ./raft/channel-artifacts/orderer1.genesis.block:/etc/hyperledger/fabric/orderer.genesis.block
command: orderer start
orderer2.example.com: # There can be multiple orderers
extends:
file: base.yaml
service: orderer-base
container_name: orderer2.example.com
hostname: orderer2.example.com
ports:
- "9050:7050"
environment:
- ORDERER_GENERAL_CLUSTER_SENDBUFFERSIZE=10
volumes:
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/etc/hyperledger/fabric/tls
- ./raft/channel-artifacts/orderer2.genesis.block:/etc/hyperledger/fabric/orderer.genesis.block
command: orderer start
## following are peer nodes ##
peer0.org1.example.com:
extends:
file: base.yaml
service: peer-base
container_name: peer0.org1.example.com
hostname: peer0.org1.example.com
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 7051:7051
peer1.org1.example.com:
extends:
file: base.yaml
service: peer-base
container_name: peer1.org1.example.com
hostname: peer1.org1.example.com
environment:
- CORE_PEER_ID=peer1.org1.example.com
- CORE_PEER_ADDRESS=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer1.org1.example.com:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 8051:7051
peer0.org2.example.com:
extends:
file: base.yaml
service: peer-base
container_name: peer0.org2.example.com
hostname: peer0.org2.example.com
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 9051:7051
peer1.org2.example.com:
extends:
file: base.yaml
service: peer-base
container_name: peer1.org2.example.com
hostname: peer1.org2.example.com
environment:
- CORE_PEER_ID=peer1.org2.example.com
- CORE_PEER_ADDRESS=peer1.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer1.org2.example.com:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 10051:7051
cli:
extends:
file: base.yaml
service: cli-base
container_name: fabric-cli
hostname: fabric-cli
tty: true
environment:
- CORE_PEER_ID=fabric-cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051 # default to operate on peer0.org1
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
volumes:
- ./scripts:/tmp/scripts
- ./crypto-config.yaml:/etc/hyperledger/fabric/crypto-config.yaml
- ./crypto-config:/etc/hyperledger/fabric/crypto-config
- ./raft/channel-artifacts:/tmp/channel-artifacts
- ./raft/configtx.yaml:/etc/hyperledger/fabric/configtx.yaml
- ./chaincodes:/go/src/chaincodes
#- $GOPATH/src/github.com/hyperledger/fabric:/go/src/github.com/hyperledger/fabric

View File

@ -0,0 +1,134 @@
# Contains the base template for all Hyperledger Fabric services
# Never directly use services in this template, but inherent
# All services are abstract without any names, config or port mapping
# https://github.com/yeasy/docker-compose-files
#
# * ca-base: base for fabric-ca
# * orderer-base: base for fabric-orderer
# * peer-base: base for fabric-peer
# * cli-base: base for fabric peer client
# * event-listener-base: base for fabric eventhub listener
# * kafka-base: base for kafka
# * zookeeper-base: base for fabric-zookeeper
# * couchdb-base: base for couchdb
# * explorer-base: base for Hyperledger blockchain-explorer
# * mysql-base: base for MySQL
version: '2' # compose v3 still doesn't support `extends`, shame!
services:
ca-base:
image: yeasy/hyperledger-fabric-ca:${FABRIC_IMG_TAG}
restart: always
network_mode: ${NETWORK}
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_TLS_ENABLED=true # change to false to disable TLS
orderer-base:
image: yeasy/hyperledger-fabric-orderer:${FABRIC_IMG_TAG}
restart: always
network_mode: ${NETWORK}
# Default config can be found at https://github.com/hyperledger/fabric/blob/master/orderer/common/localconfig/config.go
environment:
- FABRIC_LOGGING_SPEC=INFO # default: INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # default: 127.0.0.1
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file # default: provisional
- ORDERER_GENERAL_BOOTSTRAPFILE=/etc/hyperledger/fabric/orderer.genesis.block # by default, all materials should be put under $FABRIC_CFG_PATH, which defaults to /etc/hyperledger/fabric
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP # default: DEFAULT
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/fabric/msp
- ORDERER_GENERAL_LEDGERTYPE=file
#- ORDERER_GENERAL_LEDGERTYPE=json # default: file
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443 # operation RESTful API
- ORDERER_METRICS_PROVIDER=prometheus # prometheus will pull metrics from orderer via /metrics RESTful API
#- ORDERER_RAMLEDGER_HISTORY_SIZE=100 #only useful when use ram ledger
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true # default: false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
# Only required by raft mode
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
#volumes:
#- $GOPATH/src/github.com/hyperledger/fabric:/go/src/github.com/hyperledger/fabric
expose:
- "7050" # gRPC
- "8443" # Operation REST
#command: bash -c 'bash /tmp/orderer_build.sh; orderer start' # use this if to debug orderer
command: orderer start
peer-base: # abstract base for fabric-peer, will be used in peer.yaml
image: yeasy/hyperledger-fabric-peer:${FABRIC_IMG_TAG}
#image: hyperledger/fabric-peer:${FABRIC_IMG_TAG}
restart: always
network_mode: ${NETWORK}
environment:
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${NETWORK} # uncomment this to use specific network
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051 # change to external addr for peers in other orgs
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_CHAINCODE_BUILDER=hyperledger/fabric-ccenv:${FABRIC_IMG_TAG}
- CORE_CHAINCODE_NODE_RUNTIME=hyperledger/fabric-nodeenv:${FABRIC_IMG_TAG}
#- FABRIC_LOGGING_FORMAT=%{color}[%{id:03x} %{time:01-02 15:04:05.00 MST}] [%{longpkg}] %{callpath} -> %{level:.4s}%{color:reset} %{message}
volumes:
#- $GOPATH/src/github.com/hyperledger/fabric:/go/src/github.com/hyperledger/fabric
# docker.sock is mapped as the default CORE_VM_ENDPOINT
- /var/run/docker.sock:/var/run/docker.sock
expose:
- "7051" # gRPC
- "9443" # Operation REST
#command: bash -c 'bash /tmp/peer_build.sh; peer node start'
command: peer node start
cli-base:
image: yeasy/hyperledger-fabric:${FABRIC_IMG_TAG}
restart: always
network_mode: ${NETWORK}
tty: true
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_FORMAT=%{color}[%{id:03x} %{time:01-02 15:04:05.00 MST}] [%{module}] %{shortfunc} -> %{level:.4s}%{color:reset} %{message}
- CORE_PEER_TLS_ENABLED=true # to enable TLS, change to true
- ORDERER_CA=/etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: bash -c 'cd /tmp; source scripts/func.sh; while true; do sleep 20170504; done'
prometheus: # prometheus will pull metrics from fabric
image: prom/prometheus:v2.6.0
restart: always
network_mode: ${NETWORK}
tty: true
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
explorer-base:
image: yeasy/blockchain-explorer:0.1.0-preview # Till we have official image
expose:
- "8080" # HTTP port
command: bash -c 'sleep 10; node main.js'
mysql-base: # mysql service
image: mysql:8.0
restart: always
network_mode: ${NETWORK}
expose:
- "3306"
networks:
default:
external:
name: ${NETWORK}

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAElrxQZ6gowmj2lx/rvgwuJpw6N/lcmQ0p
Ev+ZnXuw1/p6b2ExvMQIZ5g3dQ5fXk9Cn6ZPkx9O9EVdNMFQHdcMUxw0TU/Aodwe
2iM2CTL4vlQyE1jPchTksA5TajJQCSCI
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICDTCCAbOgAwIBAgIUW+04RptN2graLOmClc14tpFScJMwCgYIKoZIzj0EAwIw
YjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtleGFtcGxlLmNvbTELMAkGA1UECxMCY2ExFzAVBgNVBAMTDmNhLmV4YW1wbGUu
Y29tMCAXDTE4MTAxMjA4NTcwMFoYDzIxNjgwOTA1MDg1NzAwWjBiMQswCQYDVQQG
EwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNVBAoTC2V4YW1wbGUu
Y29tMQswCQYDVQQLEwJjYTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20wWTATBgcq
hkjOPQIBBggqhkjOPQMBBwNCAATBR97JMKtWes7KiIHOD/Cm6ndD3gn92rgiqyNY
rjS5putZABmaK2PRc5JBrw9ee6BERJJTV0MphwSug3WPDSNIo0UwQzAOBgNVHQ8B
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU35gCrJjArRVf
c1H+xMDIBIGo64owCgYIKoZIzj0EAwIDSAAwRQIhAOReEs7Au22Ed3KVY/Wb9ArP
XomXnX951Cv6SJjohUixAiBS1d/qj2S8hC82STczs7wZU+vP841NOOU/j9fdFH16
8g==
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1nXDT9Gv5kyA/o3y
ElnE/KZ1gF8o4vVas+46SVpvk8qhRANCAATBR97JMKtWes7KiIHOD/Cm6ndD3gn9
2rgiqyNYrjS5putZABmaK2PRc5JBrw9ee6BERJJTV0MphwSug3WPDSNI
-----END PRIVATE KEY-----

View File

@ -0,0 +1,134 @@
version: 1.4.0
port: 7054
debug: false
crlsizelimit: 512000
tls:
enabled: false
certfile: null
keyfile: null
clientauth:
type: noclientcert
certfiles: null
ca:
name: ca.example.com
keyfile: ca.example.com_sk
certfile: ca.example.com-cert.pem
chainfile: null
crl:
expiry: 24h
registry:
maxenrollments: -1
identities:
- name: boot-admin
pass: boot-pass
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: '*'
hf.Registrar.DelegateRoles: '*'
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: '*'
hf.AffiliationMgr: true
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles: null
client:
certfile: null
keyfile: null
ldap:
enabled: false
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
tls:
certfiles: null
client:
certfile: null
keyfile: null
attribute:
names:
- uid
- member
converters:
- name: null
value: null
maps:
groups:
- name: null
value: null
affiliations:
org1:
- department1
- department2
org2:
- department1
signing:
default:
usage:
- digital signature
- cert sign
- crl sign
expiry: 87600h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 87600h
csr:
cn: ca.example.com
keyrequest:
algo: ecdsa
size: 256
names:
- C: US
ST: North Carolina
L: null
O: example.com
OU: ca
hosts:
- fabric-ca-server
- localhost
ca:
expiry: 1314000h
pathlength: 1
idemix:
rhpoolsize: 1000
nonceexpiration: 15s
noncesweepinterval: 15m
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore
cacount: null
cafiles: null
intermediate:
parentserver:
url: null
caname: null
enrollment:
hosts: null
profile: null
label: null
tls:
certfiles: null
client:
certfile: null
keyfile: null

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1nXDT9Gv5kyA/o3y
ElnE/KZ1gF8o4vVas+46SVpvk8qhRANCAATBR97JMKtWes7KiIHOD/Cm6ndD3gn9
2rgiqyNYrjS5putZABmaK2PRc5JBrw9ee6BERJJTV0MphwSug3WPDSNI
-----END PRIVATE KEY-----

View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIGkAgEBBDAjhzxjRaRZLGVOklgx7o9aZvyCx8kwYw2sWu8YSH0l1FqLHZ7Mgdle
Bpu5J7qJuPmgBwYFK4EEACKhZANiAASWvFBnqCjCaPaXH+u+DC4mnDo3+VyZDSkS
/5mde7DX+npvYTG8xAhnmDd1Dl9eT0Kfpk+TH070RV00wVAd1wxTHDRNT8Ch3B7a
IzYJMvi+VDITWM9yFOSwDlNqMlAJIIg=
-----END PRIVATE KEY-----

View File

@ -0,0 +1 @@
;—W F-™״²k[ה<><D794>®¯תִA¾LGˆ0Yד°J

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE6LMQZx53Kgp+gunfCKNehruZy1AYQ72D
cfzkbq9Ei3sSJzClK0cnNphae80+l61Ak5imq2SQvu4lhqyssp4JME8b8WvFVWhm
OdQv+XTm1bAPN8ZKOxjqDB2Fbb8RQmCZ
-----END PUBLIC KEY-----

View File

@ -0,0 +1,134 @@
version: 1.4.0
port: 7054
debug: false
crlsizelimit: 512000
tls:
enabled: false
certfile: null
keyfile: null
clientauth:
type: noclientcert
certfiles: null
ca:
name: tlsca.example.com
keyfile: tlsca.example.com_sk
certfile: tlsca.example.com-cert.pem
chainfile: null
crl:
expiry: 24h
registry:
maxenrollments: -1
identities:
- name: boot-admin
pass: boot-pass
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: '*'
hf.Registrar.DelegateRoles: '*'
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: '*'
hf.AffiliationMgr: true
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles: null
client:
certfile: null
keyfile: null
ldap:
enabled: false
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
tls:
certfiles: null
client:
certfile: null
keyfile: null
attribute:
names:
- uid
- member
converters:
- name: null
value: null
maps:
groups:
- name: null
value: null
affiliations:
org1:
- department1
- department2
org2:
- department1
signing:
default:
usage:
- digital signature
- cert sign
- crl sign
expiry: 87600h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 87600h
csr:
cn: tlsca.example.com
keyrequest:
algo: ecdsa
size: 256
names:
- C: US
ST: North Carolina
L: null
O: example.com
OU: tlsca
hosts:
- fabric-ca-server
- localhost
ca:
expiry: 1314000h
pathlength: 1
idemix:
rhpoolsize: 1000
nonceexpiration: 15s
noncesweepinterval: 15m
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore
cacount: null
cafiles: null
intermediate:
parentserver:
url: null
caname: null
enrollment:
hosts: null
profile: null
label: null
tls:
certfiles: null
client:
certfile: null
keyfile: null

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLUPdLlI4BVuCXdly
UQMuZ67vJYr2t4ybbr0jLHAIDdChRANCAATgOHkZzn6C6MieVWOZjGve0h/taMdx
QKLv8l08a1FScas16CDWIcDBSIWg1eRh/I/J7Ijjt6DEtHSt3ctGzAuq
-----END PRIVATE KEY-----

View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIGkAgEBBDALaw+r+kOT0kY5O9E91HUwvqE7p4cTqrAJQ/ZFcgtUz9b8wPL23DOi
XM8Bf77RMaCgBwYFK4EEACKhZANiAATosxBnHncqCn6C6d8Io16Gu5nLUBhDvYNx
/ORur0SLexInMKUrRyc2mFp7zT6XrUCTmKarZJC+7iWGrKyyngkwTxvxa8VVaGY5
1C/5dObVsA83xko7GOoMHYVtvxFCYJk=
-----END PRIVATE KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICGTCCAb+gAwIBAgIUf6wM/e5Yoqad5ykzdyNMmFEkQpwwCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtleGFtcGxlLmNvbTEOMAwGA1UECxMFdGxzY2ExGjAYBgNVBAMTEXRsc2NhLmV4
YW1wbGUuY29tMCAXDTE4MTAxMjA4NTYwMFoYDzIxNjgwOTA1MDg1NjAwWjBoMQsw
CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNVBAoTC2V4
YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEaMBgGA1UEAxMRdGxzY2EuZXhhbXBs
ZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATgOHkZzn6C6MieVWOZjGve
0h/taMdxQKLv8l08a1FScas16CDWIcDBSIWg1eRh/I/J7Ijjt6DEtHSt3ctGzAuq
o0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E
FgQUnOwD/If5n4yCIxCc2kik9+mRsxYwCgYIKoZIzj0EAwIDSAAwRQIhAPNMC62d
5EsJjkqZLSuq9GyZDk+4fsHzNS6lgrlzZfuxAiBygZt2ee8Z8zwoZjTRXvcCj4Df
5+YwFqOjgPXdXg+nTA==
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLUPdLlI4BVuCXdly
UQMuZ67vJYr2t4ybbr0jLHAIDdChRANCAATgOHkZzn6C6MieVWOZjGve0h/taMdx
QKLv8l08a1FScas16CDWIcDBSIWg1eRh/I/J7Ijjt6DEtHSt3ctGzAuq
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://ca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: Admin@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8vMuirOjKSGHUNNF
qYlMP7ZlaOE8xD4BIV9UjYApuQyhRANCAATVFCmMnRB4YjYASeToLpW905Sr11d7
eJuWWVEXxRXweujA+2XIvJnu9oJzfctuEgAixaNfNLWaHo7AAdK1WOLw
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://tlsca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: Admin@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfRcMLZfkPxSPSjxY
LOcLxIeUCd7C71EfZH9Jyj8cstqhRANCAASpl1xmXmNMex/YmPK9ew9sI4JW7w5B
e4whAaHEMEr4K9QWbmGUtZPtr3EKEHYbhA8BM2RdFkl+09fvew76T9tQ
-----END PRIVATE KEY-----

View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDTCCArOgAwIBAgIUJbPbRHo+tTwYRVq0zJ2p3bzYtdMwCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
A1UECxMEdXNlcjEfMB0GA1UEAwwWQWRtaW5Ab3JnMS5leGFtcGxlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABKmXXGZeY0x7H9iY8r17D2wjglbvDkF7jCEB
ocQwSvgr1BZuYZS1k+2vcQoQdhuEDwEzZF0WSX7T1+97DvpP21CjggERMIIBDTAO
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPgf/xHQ/Nru2
+JEBpLOA2OClo6AwHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
VR0RBBowGIEWQWRtaW5Ab3JnMS5leGFtcGxlLmNvbTCBiQYIKgMEBQYHCAEEfXsi
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoidHJ1ZSIsImhmLkFm
ZmlsaWF0aW9uIjoiIiwiaGYuRW5yb2xsbWVudElEIjoiQWRtaW5Ab3JnMS5leGFt
cGxlLmNvbSIsImhmLlR5cGUiOiJ1c2VyIn19MAoGCCqGSM49BAMCA0gAMEUCIQCl
X+M3Rp7MEAVT6N8D7TgqOh9Rmtrv4By1WVmeNf/ZAAIgb6Cb7Thh7y60I6OlxdOw
A3bsWxA4xq8q3gCL+/I2kDE=
-----END CERTIFICATE-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://ca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: User1@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWUNovBTSm43w0Gne
wH+gjOv4wnAUOes4Rl5xRfJNkFChRANCAAQYGe+D/gw4IbjDBD5XQutFqjELjXz+
WayBTKOK/gZP4lqwqp9NqWNWI8uiVilHKrKD24GqsM3+h5d5q2UJG5Hf
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://tlsca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: User1@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2PYDX6UQs548jvq0
eP2rClDYv8JoiZeK6qJcXHzvQUqhRANCAAT6w4XqgWi8OOT6uYXZRaGkquFsFtsh
rfS8J4KB2c6WUDkUIHXOio6hLP2mNFTVNMGnRxF1LSpMPEFxie5jaN/W
-----END PRIVATE KEY-----

View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDTCCArSgAwIBAgIUH4qT7e5nHhIYhhXrdGPnEzHWMhswCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
A1UECxMEdXNlcjEfMB0GA1UEAwwWVXNlcjFAb3JnMS5leGFtcGxlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABPrDheqBaLw45Pq5hdlFoaSq4WwW2yGt9Lwn
goHZzpZQORQgdc6KjqEs/aY0VNU0wadHEXUtKkw8QXGJ7mNo39ajggESMIIBDjAO
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU/fDcOzrRHtLF
QnXNHSVg2ln0UmgwHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
VR0RBBowGIEWVXNlcjFAb3JnMS5leGFtcGxlLmNvbTCBigYIKgMEBQYHCAEEfnsi
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoiZmFsc2UiLCJoZi5B
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6IlVzZXIxQG9yZzEuZXhh
bXBsZS5jb20iLCJoZi5UeXBlIjoidXNlciJ9fTAKBggqhkjOPQQDAgNHADBEAiBK
C0p26m2dx0Y9IEJ93KWHgr+kCXtJHs+mLh56CbjkNwIgOyqY7vOQ6plgUpTT42b8
Xp2CkVyqaw+hsUg+F2lxGsA=
-----END CERTIFICATE-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://ca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: boot-admin
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGnD2h1/mDGeNIadf
fP/pROrbeZRifCe8Z9VIGAQ3GoShRANCAAR2wsRMRc5/mBRrTbjfZ/4FD6rb9fPz
y36ATZQx+o7Zj22paPHhXKHOOZliP/n0Ax5EPeY8DejzDY0mo3CV3voZ
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://tlsca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: boot-admin
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWPQgr/DLwEczolSb
mEznYJZXe4gNhPPAcnMmQrLgolehRANCAARyGsnOftmnTa+flGDLKdPJbj+C0Cla
aaY5zkuAUT1ojNk/ASQv22KGOi+V50QvzyK3QOqAKnPBGvpM9akBz92J
-----END PRIVATE KEY-----

View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICczCCAhqgAwIBAgIUc5cHVaZnLnq0g7UZ8bveQ2VJADEwCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
MDBaMHsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ8wDQYD
VQQLEwZjbGllbnQxEzARBgNVBAMTCmJvb3QtYWRtaW4wWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAARyGsnOftmnTa+flGDLKdPJbj+C0ClaaaY5zkuAUT1ojNk/ASQv
22KGOi+V50QvzyK3QOqAKnPBGvpM9akBz92Jo4GEMIGBMA4GA1UdDwEB/wQEAwIB
hjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQhJFtMm0+ApEOidrRbUd466PCe4jAf
BgNVHSMEGDAWgBRYLwES7lJq4i67F2AeLU35NxkbUzAhBgNVHREEGjAYgRZBZG1p
bkBvcmcxLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCICaXvUWDxu62xHmK
TXMvTTVgSYZE+Q8hCOfnlz9OQJyaAiAtKzb22ZNDjW/ZSjsKXJhsK1+CJC52CabN
ANE96bx2Xg==
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEVHAMGD123d5QVhI6LAq7sEU8frN4bN9p
gPiKwWBLljpCGQH8kBbQoyEyFFBGndyWgalkLrEXJNv/VGAWyDEeg6c8/fycfJW4
iq8Mk1AvRAVMJIF9VwjHdwQ3rMmzC15n
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICIDCCAcegAwIBAgIUDEK12gHn0vyqLETS3DWGJrqUksMwCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
MS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU3MDBaGA8yMTY4MDkwNTA4NTcwMFow
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
MS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN1A0nR0Orkp
ppOOnvCoIiIFfzpBdwWQCJ7FEx/iF2H/2PkOws6qEN2sBh2WqByWR2c7EIdmgvUu
ZxSIEXU2TO2jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEB
MB0GA1UdDgQWBBSpWdz/SpIKYXgSaEYa0XBEvF8TGzAKBggqhkjOPQQDAgNHADBE
AiAPu4EVW8V7ocl2hRGI+jAz4aBfCiiW5MX3+vYbDCtyxgIgJoeEFVulOhxdEBBe
YKUNAAVA2pkMYUzgEWT743z0jhY=
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvjKIcywt9dWmrXyU
EP5BS3QS2820krnIkXpMxcUfL5qhRANCAATdQNJ0dDq5KaaTjp7wqCIiBX86QXcF
kAiexRMf4hdh/9j5DsLOqhDdrAYdlqgclkdnOxCHZoL1LmcUiBF1Nkzt
-----END PRIVATE KEY-----

View File

@ -0,0 +1,134 @@
version: 1.4.0
port: 7054
debug: false
crlsizelimit: 512000
tls:
enabled: false
certfile: null
keyfile: null
clientauth:
type: noclientcert
certfiles: null
ca:
name: ca.org1.example.com
keyfile: ca.org1.example.com_sk
certfile: ca.org1.example.com-cert.pem
chainfile: null
crl:
expiry: 24h
registry:
maxenrollments: -1
identities:
- name: boot-admin
pass: boot-pass
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: '*'
hf.Registrar.DelegateRoles: '*'
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: '*'
hf.AffiliationMgr: true
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles: null
client:
certfile: null
keyfile: null
ldap:
enabled: false
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
tls:
certfiles: null
client:
certfile: null
keyfile: null
attribute:
names:
- uid
- member
converters:
- name: null
value: null
maps:
groups:
- name: null
value: null
affiliations:
org1:
- department1
- department2
org2:
- department1
signing:
default:
usage:
- digital signature
- cert sign
- crl sign
expiry: 87600h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 87600h
csr:
cn: ca.org1.example.com
keyrequest:
algo: ecdsa
size: 256
names:
- C: US
ST: North Carolina
L: null
O: org1.example.com
OU: ca
hosts:
- fabric-ca-server
- localhost
ca:
expiry: 1314000h
pathlength: 1
idemix:
rhpoolsize: 1000
nonceexpiration: 15s
noncesweepinterval: 15m
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore
cacount: null
cafiles: null
intermediate:
parentserver:
url: null
caname: null
enrollment:
hosts: null
profile: null
label: null
tls:
certfiles: null
client:
certfile: null
keyfile: null

View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIGkAgEBBDAeHTZpAnNYS17/22SSARJQbFhM0QMN0URv5wTBgUkEWL5dBzQQ3TJb
EOjTlsC57wOgBwYFK4EEACKhZANiAARUcAwYPXbd3lBWEjosCruwRTx+s3hs32mA
+IrBYEuWOkIZAfyQFtCjITIUUEad3JaBqWQusRck2/9UYBbIMR6Dpzz9/Jx8lbiK
rwyTUC9EBUwkgX1XCMd3BDesybMLXmc=
-----END PRIVATE KEY-----

View File

@ -0,0 +1 @@
 xRُWه<EFBFBD>اQ@5Fئ<46>P[<5B> 2<>v<19><>bظ5H<35>J<EFBFBD>

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvjKIcywt9dWmrXyU
EP5BS3QS2820krnIkXpMxcUfL5qhRANCAATdQNJ0dDq5KaaTjp7wqCIiBX86QXcF
kAiexRMf4hdh/9j5DsLOqhDdrAYdlqgclkdnOxCHZoL1LmcUiBF1Nkzt
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://ca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: peer0@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGbiPTe+OO8PG2TQu
00tnxr7sU1D/DrPshhXHyyND/7uhRANCAAT0Du/ENv0FsDjpCcRxrlW8zJqU3mYB
YengujzLKbirqcKlmmon2uWm4vZDiLS60b6Aa/5nfLSNatAfhyenKtez
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://tlsca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: peer0@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgt8+ZSv6BYejhJK/E
peNwqBja0KCe2vKwffqny1Frd2mhRANCAAQKmzIKjGZnFmh/yK0FRRiY+dnfPubf
RsFhSlE0li5JXcBhyBpgi9+7R3280q/SW9+xuEMQK0nSqoXLPeC+UrZU
-----END PRIVATE KEY-----

View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDTCCArSgAwIBAgIUB9LSFJbuP69HlDI8K2SpPTBn2nUwCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
A1UECxMEcGVlcjEfMB0GA1UEAwwWcGVlcjBAb3JnMS5leGFtcGxlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABAqbMgqMZmcWaH/IrQVFGJj52d8+5t9GwWFK
UTSWLkldwGHIGmCL37tHfbzSr9Jb37G4QxArSdKqhcs94L5StlSjggESMIIBDjAO
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU+wgV82ZCI689
LNyFs4c7B56yCRwwHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
VR0RBBowGIEWcGVlcjBAb3JnMS5leGFtcGxlLmNvbTCBigYIKgMEBQYHCAEEfnsi
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoiZmFsc2UiLCJoZi5B
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6InBlZXIwQG9yZzEuZXhh
bXBsZS5jb20iLCJoZi5UeXBlIjoicGVlciJ9fTAKBggqhkjOPQQDAgNHADBEAiAe
MRREuRJHh2iXJ2WPf7R1KvxecnPMloR3yDG50jOYNwIgKBoK5xErYt1DWgnVkEZS
1ZEVaQDJlz/x6sEqnJmkmPg=
-----END CERTIFICATE-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://ca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: peer1@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghB1MF5YZXvp0exC/
ilHXOoMC65o9zOVFC2oc7DPGqO+hRANCAAQcmOyY+LZZTLSHLmuAUniwy5Q3mE3f
x+GHmBHaCNrIJzZUITw0XKQRS2FCT5UC89OY1SSc9WrhR+MXgJVQkvtF
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://tlsca.org1.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: peer1@org1.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsxgf5OvUl/sjxL9e
iu74qhsKNsyAY6u99fumKce+ooOhRANCAASx6/D/olnbL9yJRaLqZ5s78OByGvb1
/yeEs+YxR9eyKNnZ4O6IKqf2IF3hxNP5rY+mcey3Khxi41aoDv++BOFV
-----END PRIVATE KEY-----

View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDjCCArSgAwIBAgIUDpmSDWSCx8uN1ybq8hBHpqHk4+IwCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
A1UECxMEcGVlcjEfMB0GA1UEAwwWcGVlcjFAb3JnMS5leGFtcGxlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABLHr8P+iWdsv3IlFoupnmzvw4HIa9vX/J4Sz
5jFH17Io2dng7ogqp/YgXeHE0/mtj6Zx7LcqHGLjVqgO/74E4VWjggESMIIBDjAO
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUUmH/JVFmmsgN
1VsrQfNCA63B0u4wHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
VR0RBBowGIEWcGVlcjFAb3JnMS5leGFtcGxlLmNvbTCBigYIKgMEBQYHCAEEfnsi
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoiZmFsc2UiLCJoZi5B
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6InBlZXIxQG9yZzEuZXhh
bXBsZS5jb20iLCJoZi5UeXBlIjoicGVlciJ9fTAKBggqhkjOPQQDAgNIADBFAiEA
s0HoNc7f21bNcod5zq4wjE5aKWNP4qLfePX04KGlQA0CIDZw8DUTR4AOuPoM37Dm
MKEFHoiOD9QajnX09mkaCbOf
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
-----END PUBLIC KEY-----

View File

@ -0,0 +1,134 @@
version: 1.4.0
port: 7054
debug: false
crlsizelimit: 512000
tls:
enabled: false
certfile: null
keyfile: null
clientauth:
type: noclientcert
certfiles: null
ca:
name: tlsca.org1.example.com
keyfile: tlsca.org1.example.com_sk
certfile: tlsca.org1.example.com-cert.pem
chainfile: null
crl:
expiry: 24h
registry:
maxenrollments: -1
identities:
- name: boot-admin
pass: boot-pass
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: '*'
hf.Registrar.DelegateRoles: '*'
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: '*'
hf.AffiliationMgr: true
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles: null
client:
certfile: null
keyfile: null
ldap:
enabled: false
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
tls:
certfiles: null
client:
certfile: null
keyfile: null
attribute:
names:
- uid
- member
converters:
- name: null
value: null
maps:
groups:
- name: null
value: null
affiliations:
org1:
- department1
- department2
org2:
- department1
signing:
default:
usage:
- digital signature
- cert sign
- crl sign
expiry: 87600h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 87600h
csr:
cn: tlsca.org1.example.com
keyrequest:
algo: ecdsa
size: 256
names:
- C: US
ST: North Carolina
L: null
O: org1.example.com
OU: tlsca
hosts:
- fabric-ca-server
- localhost
ca:
expiry: 1314000h
pathlength: 1
idemix:
rhpoolsize: 1000
nonceexpiration: 15s
noncesweepinterval: 15m
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore
cacount: null
cafiles: null
intermediate:
parentserver:
url: null
caname: null
enrollment:
hosts: null
profile: null
label: null
tls:
certfiles: null
client:
certfile: null
keyfile: null

View File

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIGkAgEBBDCIN8r9Ce4UVyH5grrWB+Vi5vdSJcU6/KQm+EEEV1MBsrAzeywcTUgC
wDCVFoDm4P+gBwYFK4EEACKhZANiAARt2aAL6hskukohTXl4ULUwk0sx2Sk5yE/1
sbTEVZPTCTr0QQUB5JicMd0MXAkfeCZISZJpxytFEYlS2zjIELPi+kDLGSU0QlQl
BX1MtYDBazojClhJ0jkVlvU63hha9R0=
-----END PRIVATE KEY-----

View File

@ -0,0 +1 @@
zU7¹œÌ­UüºÜd¦L­4ºÅPO½Ãº1ølX

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggsGwkVZtE7AfrOIT
ylDXxMAUDxau5fx7CHiNJGAyVUuhRANCAAQ04hgVlZw5Wx8dKpLoxd6+K+YO3xtx
RbmF8+FIDdlpjZNs+pxeBWg/mEIAs2sqdHi09+5CtAUiR6hCqIiayrWe
-----END PRIVATE KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggsGwkVZtE7AfrOIT
ylDXxMAUDxau5fx7CHiNJGAyVUuhRANCAAQ04hgVlZw5Wx8dKpLoxd6+K+YO3xtx
RbmF8+FIDdlpjZNs+pxeBWg/mEIAs2sqdHi09+5CtAUiR6hCqIiayrWe
-----END PRIVATE KEY-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://ca.org2.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: Admin@org2.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPVA6lM9Hu7HVgkVMNGdx3LlqjDLWwgrB
2meNOi2gU7vJc7P+08aH8VO5Ei0gDdY98EVCrO5EktGid1FLrLFpfVFIYZjicfBP
NoGyHdb18NKNtNb9kQ53BZJGpKiH+sUm
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICITCCAcegAwIBAgIUZ7jMmKdx/engWidCBBAel1RL43owCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU3MDBaGA8yMTY4MDkwNTA4NTcwMFow
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH8Dtmztvf9n
Jl2z4VhoyD7N2AAokv9GnKP0EdO1piYFbXtpJLL/ABF9HBFNXeGq8RfkOILyO/sc
wPNKRLJkPrmjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEB
MB0GA1UdDgQWBBT9WLnGJJ/6w/Mj6Ke9opqJ/Iu3ETAKBggqhkjOPQQDAgNIADBF
AiEA4DVUfbHvC5wIjsL8Lbpmhq4bdsz9puUkeS7h3NlhANkCIFIdUw5qQezJudts
Kzbbqt/QA1h+00JyeT5TqHYgIwfl
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggqc1zbFFuHAzpMBx
PW/o2Nd1QaF2T2HhxnCElZs7mMihRANCAATbIGXRjemfzFkvZULl7J28kaj1LpFk
vdL/1Bugo1NOND7S3wKz4Ch0XbY5JEVnjHAstd/zgmlVOeO32LILbT7D
-----END PRIVATE KEY-----

View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBzCCAq2gAwIBAgIUSOvvLzUR89ElH1ZGMFz9GIrxsFAwCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAyMDBaMIGF
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2Fu
IEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTENMAsGA1UECxME
dXNlcjEfMB0GA1UEAwwWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABNsgZdGN6Z/MWS9lQuXsnbyRqPUukWS90v/UG6CjU040
PtLfArPgKHRdtjkkRWeMcCy13/OCaVU547fYsgttPsOjggERMIIBDTAOBgNVHQ8B
Af8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgmokzoyDPqRjnwgxsrSN
rHXjcU8wHwYDVR0jBBgwFoAU/Vi5xiSf+sPzI+invaKaifyLtxEwIQYDVR0RBBow
GIEWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTCBiQYIKgMEBQYHCAEEfXsiYXR0cnMi
OnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoidHJ1ZSIsImhmLkFmZmlsaWF0
aW9uIjoiIiwiaGYuRW5yb2xsbWVudElEIjoiQWRtaW5Ab3JnMi5leGFtcGxlLmNv
bSIsImhmLlR5cGUiOiJ1c2VyIn19MAoGCCqGSM49BAMCA0gAMEUCIQDg1Ml8qNlg
w4wmPOgLUPFlgRRhRhcitTq7Ufy2KYt6SQIgOKF6UW4XT3a0eMUJeNYBfvXqbb+g
tlBmZSkhTB960JM=
-----END CERTIFICATE-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://tlsca.org2.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: Admin@org2.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPIU7ckxiUbplOh7KM39TqBaKc+PMPcZc
x9RCxqCuwHY4LMBd5gyXm8erOUyKN0EpEKiLc3PHYvssda4zH9tdyAuUZryhW0co
GaPuz5FRrtrfy59d1eqneZ2KBLaz7r6L
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLTCCAdOgAwIBAgIUOya/oTe+7qMcKY3TkoQfUUz9zE8wCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcyLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMi5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
FwYDVQQKExBvcmcyLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
AxMWdGxzY2Eub3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABMEU5dpAp0tg/aUsZbtKJawjYfU5rPXprVXtVnhWCbqTB0YqQSRhqbuLBXyZ
0fC69aj5hM/pNaZ/rQbHL1vitfKjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBTHXy/A06QOhfnvBqXicOlXG6eIJjAKBggq
hkjOPQQDAgNIADBFAiEAmsZj2wdRwaq3n4oDEp6mWvv8rcAxfuGqZJfjvhSZujMC
ID3hvwL0Y0zZEnFQozSX2bkqajwNnHiXyCbnCbwVOnE1
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgibr/EHRtUeZnJFjT
4+TaAv+8+Yd40trfoyh3SMC59eGhRANCAATMwHNJnMsvTB/wkG8u1iGl/mhGNMt7
f/iDuX0F/QVaMkSlIDLWP1qZItvC2dsaYC0So33uT6Dl3U6A6mh91PTT
-----END PRIVATE KEY-----

View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDTCCArOgAwIBAgIUV8dC0+C17LEvSnznbpXNNbl9b8kwCgYIKoZIzj0EAwIw
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcyLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
Y2Eub3JnMi5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTENMAsG
A1UECxMEdXNlcjEfMB0GA1UEAwwWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABMzAc0mcyy9MH/CQby7WIaX+aEY0y3t/+IO5
fQX9BVoyRKUgMtY/Wpki28LZ2xpgLRKjfe5PoOXdToDqaH3U9NOjggERMIIBDTAO
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbUJkMvze/dgB
qB2bYunHIe2TaIswHwYDVR0jBBgwFoAUx18vwNOkDoX57wal4nDpVxuniCYwIQYD
VR0RBBowGIEWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTCBiQYIKgMEBQYHCAEEfXsi
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoidHJ1ZSIsImhmLkFm
ZmlsaWF0aW9uIjoiIiwiaGYuRW5yb2xsbWVudElEIjoiQWRtaW5Ab3JnMi5leGFt
cGxlLmNvbSIsImhmLlR5cGUiOiJ1c2VyIn19MAoGCCqGSM49BAMCA0gAMEUCIQDz
kLhFKXaRBAiCo1ehUBS3xtpS/d1BGhmerQ2tbG71hgIgJivLVLsE89/7XfuXxic3
bNJiNW4NnqZUNCR6n8fHgiw=
-----END CERTIFICATE-----

View File

@ -0,0 +1,162 @@
#############################################################################
# This is a configuration file for the fabric-ca-client command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --url https://localhost:7054
# To set the fabric-ca server url
# b) --tls.client.certfile certfile.pem
# To set the client certificate for TLS
# 2) environment variable
# Examples:
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
# To set the fabric-ca server url
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
# To set the client certificate for TLS
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfiles" and "tls.client.certfile".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
#############################################################################
# Client Configuration
#############################################################################
# URL of the Fabric-ca-server (default: http://localhost:7054)
url: http://ca.org2.example.com:7054
# Membership Service Provider (MSP) directory
# This is useful when the client is used to enroll a peer or orderer, so
# that the enrollment artifacts are stored in the format expected by MSP.
mspdir: msp
#############################################################################
# TLS section for secure socket connection
#
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
tls:
# TLS section for secure socket connection
certfiles:
client:
certfile:
keyfile:
#############################################################################
# Certificate Signing Request section for generating the CSR for an
# enrollment certificate (ECert)
#
# cn - Used by CAs to determine which domain the certificate is to be generated for
#
# serialnumber - The serialnumber field, if specified, becomes part of the issued
# certificate's DN (Distinguished Name). For example, one use case for this is
# a company with its own CA (Certificate Authority) which issues certificates
# to its employees and wants to include the employee's serial number in the DN
# of its issued certificates.
# WARNING: The serialnumber field should not be confused with the certificate's
# serial number which is set by the CA but is not a component of the
# certificate's DN.
#
# names - A list of name objects. Each name object should contain at least one
# "C", "L", "O", or "ST" value (or any combination of these) where these
# are abbreviations for the following:
# "C": country
# "L": locality or municipality (such as city or town name)
# "O": organization
# "OU": organizational unit, such as the department responsible for owning the key;
# it can also be used for a "Doing Business As" (DBS) name
# "ST": the state or province
#
# Note that the "OU" or organizational units of an ECert are always set according
# to the values of the identities type and affiliation. OUs are calculated for an enroll
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
#
# hosts - A list of host names for which the certificate should be valid
#
#############################################################################
csr:
cn: User1@org2.example.com
keyrequest:
algo: ecdsa
size: 256
serialnumber:
names:
- C: US
ST: North Carolina
L:
O: Hyperledger
OU: Fabric
hosts:
- ca-client
#############################################################################
# Registration section used to register a new identity with fabric-ca server
#
# name - Unique name of the identity
# type - Type of identity being registered (e.g. 'peer, app, user')
# affiliation - The identity's affiliation
# maxenrollments - The maximum number of times the secret can be reused to enroll.
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
# value.
# attributes - List of name/value pairs of attribute for identity
#############################################################################
id:
name:
type:
affiliation:
maxenrollments: 0
attributes:
# - name:
# value:
#############################################################################
# Enrollment section used to enroll an identity with fabric-ca server
#
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#############################################################################
enrollment:
profile:
label:
#############################################################################
# Name of the CA to connect to within the fabric-ca server
#############################################################################
caname:
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
# crypto implementation library to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore

View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPVA6lM9Hu7HVgkVMNGdx3LlqjDLWwgrB
2meNOi2gU7vJc7P+08aH8VO5Ei0gDdY98EVCrO5EktGid1FLrLFpfVFIYZjicfBP
NoGyHdb18NKNtNb9kQ53BZJGpKiH+sUm
-----END PUBLIC KEY-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICITCCAcegAwIBAgIUZ7jMmKdx/engWidCBBAel1RL43owCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU3MDBaGA8yMTY4MDkwNTA4NTcwMFow
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH8Dtmztvf9n
Jl2z4VhoyD7N2AAokv9GnKP0EdO1piYFbXtpJLL/ABF9HBFNXeGq8RfkOILyO/sc
wPNKRLJkPrmjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEB
MB0GA1UdDgQWBBT9WLnGJJ/6w/Mj6Ke9opqJ/Iu3ETAKBggqhkjOPQQDAgNIADBF
AiEA4DVUfbHvC5wIjsL8Lbpmhq4bdsz9puUkeS7h3NlhANkCIFIdUw5qQezJudts
Kzbbqt/QA1h+00JyeT5TqHYgIwfl
-----END CERTIFICATE-----

View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqnm0pBGWkoFnN+uy
qF7zUkayuu4UD3O+Zz4QoAQh6sahRANCAAQruxJMsAqp0N9niEbYOnJRaPz6nHFw
5jX4uG2WRA3BvnvpvzzARHEDdYXNdkQ1foDkR4DNXYK3MWdnJcceDk/B
-----END PRIVATE KEY-----

Some files were not shown because too many files have changed in this diff Show More