Add hlf v2.2
parent
0ad6a98414
commit
23d3f3fdc2
|
@ -0,0 +1,3 @@
|
|||
# for docker-compose usage
|
||||
FABRIC_IMG_TAG=2.2.0
|
||||
NETWORK=hlf_net
|
|
@ -0,0 +1,312 @@
|
|||
# Makefile to bootup the network, and do testing with channel, chaincode
|
||||
# Run `make test` will pass all testing cases, and delete the network
|
||||
# Run `make ready` will create a network, pass testing cases, and stand there for manual test, e.g., make test_channel_list
|
||||
|
||||
|
||||
# support advanced bash grammar
|
||||
SHELL:=/bin/bash
|
||||
|
||||
# mode of the network: raft only for 2.x
|
||||
HLF_MODE ?= raft
|
||||
|
||||
# mode of db: golevel, couchdb
|
||||
DB_MODE ?= golevel
|
||||
|
||||
# mode of dev
|
||||
DEV_MODE ?= non-dev
|
||||
|
||||
NETWORK_INIT_WAIT ?= 2 # time to wait the fabric network finish initialization
|
||||
|
||||
COMPOSE_FILE ?= "docker-compose-2orgs-4peers-raft.yaml"
|
||||
|
||||
ifeq ($(HLF_MODE),raft)
|
||||
NETWORK_INIT_WAIT=5
|
||||
else
|
||||
NETWORK_INIT_WAIT=30
|
||||
endif
|
||||
|
||||
COMPOSE_FILE="docker-compose-2orgs-4peers-$(HLF_MODE).yaml"
|
||||
|
||||
LOG_PATH ?= $(HLF_MODE)/logs
|
||||
|
||||
ifeq ($(DB_MODE),couchdb)
|
||||
COMPOSE_FILE="docker-compose-2orgs-4peers-couchdb.yaml"
|
||||
endif
|
||||
|
||||
ifeq ($(DEV_MODE),dev)
|
||||
COMPOSE_FILE="docker-compose-2orgs-4peers-dev.yaml"
|
||||
endif
|
||||
|
||||
all: test
|
||||
|
||||
test:
|
||||
@echo "Run test with $(COMPOSE_FILE)"
|
||||
@echo "Please make sure u have setup Docker and pulled images by 'make setup download'."
|
||||
make ready # Run all testing till ready
|
||||
|
||||
make stop clean
|
||||
|
||||
ready: # create/join channel, install/instantiate cc
|
||||
make stop
|
||||
|
||||
# make clean_config_channel # Remove existing channel artifacts
|
||||
make gen_config_crypto # Will ignore if local config path exists
|
||||
make gen_config_channel # Will ignore if local config path exists
|
||||
|
||||
make start
|
||||
|
||||
sleep ${NETWORK_INIT_WAIT}
|
||||
|
||||
make channel_test
|
||||
|
||||
make update_anchors
|
||||
|
||||
make cc_test # test_cc_install test_cc_approveformyorg test_cc_checkcommitreadiness test_cc_commit test_cc_querycommitted test_cc_invoke_query
|
||||
|
||||
# make test_lscc # test lscc operations, in v2.0, legacy lscc won't work
|
||||
make test_qscc # test qscc operations
|
||||
make test_cscc # test cscc operations
|
||||
|
||||
make test_fetch_blocks # fetch block files
|
||||
|
||||
make test_config_update
|
||||
make test_channel_update
|
||||
|
||||
make test_fetch_blocks # fetch block files again
|
||||
make test_configtxlator
|
||||
|
||||
make test_channel_list
|
||||
make test_channel_getinfo
|
||||
|
||||
make logs_save
|
||||
|
||||
@echo "Now the fabric network is ready to play"
|
||||
@echo "* run 'make cli' to enter into the fabric-cli container."
|
||||
@echo "* run 'make stop' when done."
|
||||
|
||||
# channel related operations
|
||||
channel_test: test_channel_create test_channel_join test_channel_list test_channel_getinfo
|
||||
|
||||
# chaincode related operations
|
||||
cc_test: test_cc_install test_cc_queryinstalled test_cc_approveformyorg test_cc_checkcommitreadiness test_cc_commit test_cc_querycommitted test_cc_invoke_query
|
||||
|
||||
restart: stop start
|
||||
|
||||
start: # bootup the fabric network
|
||||
@echo "Start a fabric network with ${COMPOSE_FILE}..."
|
||||
@make clean
|
||||
@echo "Make sure the local hlf_net docker bridge exists"
|
||||
docker network ls|grep hlf_net > /dev/null || docker network create hlf_net
|
||||
@docker-compose -f ${COMPOSE_FILE} up -d # Start a fabric network
|
||||
|
||||
stop: # stop the fabric network
|
||||
@echo "Stop the fabric network with ${COMPOSE_FILE}..."
|
||||
@docker-compose -f ${COMPOSE_FILE} down >& /tmp/docker-compose.log
|
||||
|
||||
chaincode_dev: restart chaincode_init test_cc_peer0 stop
|
||||
|
||||
################## Channel testing operations ################
|
||||
|
||||
test_channel_list: # List the channel that peer joined
|
||||
@echo "List the joined channels"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_list.sh"
|
||||
|
||||
test_channel_getinfo: # Get info of a channel
|
||||
@echo "Get info of the app channel"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_getinfo.sh"
|
||||
|
||||
test_channel_create: # Init the channel
|
||||
@echo "Create channel on the fabric network"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_create.sh"
|
||||
|
||||
test_channel_join: # Init the channel
|
||||
@echo "Join channel"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_join.sh"
|
||||
|
||||
update_anchors: # Update the anchor peer
|
||||
@echo "Update anchors on the fabric network"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_update_anchors.sh"
|
||||
|
||||
test_channel_update: # send the channel update transaction
|
||||
@echo "Test channel update with adding new org"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_channel_update.sh"
|
||||
|
||||
################## Configtxlator testing operations ################
|
||||
test_configtxlator: # Test change config using configtxlator
|
||||
@echo "Testing decoding and encoding with configtxlator"
|
||||
bash scripts/test_configtxlator.sh ${HLF_MODE}
|
||||
@echo "Flattening the json files of all blocks"
|
||||
python3 scripts/json_flatter.py ${HLF_MODE}/channel-artifacts/
|
||||
|
||||
test_config_update: # Test change config to add new org
|
||||
bash scripts/test_config_update.sh ${HLF_MODE}
|
||||
|
||||
################## Chaincode testing operations ################
|
||||
test_cc: # test chaincode, deprecated
|
||||
if [ "$(HLF_MODE)" = "dev" ]; then \
|
||||
make test_cc_peer0; \
|
||||
else \
|
||||
make test_cc_invoke_query; \
|
||||
fi
|
||||
|
||||
test_cc_install: # Install the chaincode
|
||||
@echo "Install chaincode to all peers"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_install.sh"
|
||||
|
||||
test_cc_queryinstalled: # Query the installed chaincodes
|
||||
@echo "Query the installed chaincode"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_queryinstalled.sh"
|
||||
|
||||
test_cc_getinstalled: # Get the installed chaincodes package
|
||||
@echo "Get the installed chaincode package"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_getinstalled.sh"
|
||||
|
||||
test_cc_approveformyorg: # Approve the chaincode definition
|
||||
@echo "Approve the chaincode by all orgs"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_approveformyorg.sh"
|
||||
|
||||
test_cc_checkcommitreadiness: # Query the approval status of chaincode
|
||||
@echo "Query the chaincode approval status by all orgs"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_checkcommitreadiness.sh"
|
||||
|
||||
test_cc_commit: # Commit the chaincode definition
|
||||
@echo "Commit the chaincode by any org"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_commit.sh"
|
||||
|
||||
test_cc_querycommitted: # Query the commit status of the chaincode definition
|
||||
@echo "Query the commit status of chaincode"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_querycommitted.sh"
|
||||
|
||||
test_cc_instantiate: # Instantiate the chaincode
|
||||
@echo "Instantiate chaincode on the fabric network"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_instantiate.sh"
|
||||
|
||||
test_cc_upgrade: # Upgrade the chaincode
|
||||
@echo "Upgrade chaincode on the fabric network"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_upgrade.sh"
|
||||
|
||||
test_cc_list: # List the chaincode
|
||||
@echo "List chaincode information (installed and instantited)"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_list.sh"
|
||||
|
||||
test_cc_invoke_query: # test user chaincode on all peers
|
||||
@echo "Invoke and query cc example02 on all peers"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cc_invoke_query.sh"
|
||||
|
||||
test_cscc: # test cscc queries
|
||||
@echo "Test CSCC query"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_cscc.sh"
|
||||
|
||||
test_qscc: # test qscc queries
|
||||
@echo "Test QSCC query"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_qscc.sh"
|
||||
|
||||
test_lscc: # test lscc quries
|
||||
@echo "Test LSCC query"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_lscc.sh"
|
||||
|
||||
# FIXME: docker doesn't support wildcard in cp right now
|
||||
test_fetch_blocks: # test fetching channel blocks fetch
|
||||
@echo "Test fetching block files"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_fetch_blocks.sh"
|
||||
|
||||
test_eventsclient: # test get event notification in a loop
|
||||
@echo "Test fetching event notification"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/start_eventsclient.sh"
|
||||
|
||||
test_sidedb: # test sideDB/private data feature
|
||||
@echo "Test sideDB"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_sideDB.sh"
|
||||
|
||||
temp: # test temp instructions, used for experiment
|
||||
@echo "Test experimental instructions"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/test_temp.sh"
|
||||
|
||||
################## Env setup related, no need to see usually ################
|
||||
|
||||
setup: # setup the environment
|
||||
bash scripts/env_setup.sh # Installing Docker and Docker-Compose
|
||||
|
||||
check: # Check shell scripts grammar
|
||||
@echo "Check shell scripts grammar"
|
||||
[ `which shellcheck` ] && shellcheck scripts/*.sh
|
||||
|
||||
clean: # clean up containers and chaincode images
|
||||
@echo "Clean all HLF containers and chaincode images"
|
||||
@-docker ps -a | awk '{ print $$1,$$2 }' | grep "hyperledger/fabric" | awk '{ print $$1 }' | xargs -r -I {} docker rm -f {}
|
||||
@-docker ps -a | awk '$$2 ~ /dev-peer/ { print $$1 }' | xargs -r -I {} docker rm -f {}
|
||||
@-docker images | awk '$$1 ~ /dev-peer/ { print $$3 }' | xargs -r -I {} docker rmi -f {}
|
||||
echo "May clean the config: HLF_MODE=${HLF_MODE} make clean_config_channel"
|
||||
|
||||
# Clean deeply by removing all generated files: container, artifacts, credentials
|
||||
purge: clean
|
||||
HLF_MODE=raft make clean_config_channel
|
||||
make clean_config_crypto
|
||||
|
||||
env_clean: # clean up Docker environment
|
||||
@echo "Clean all images and containers"
|
||||
bash scripts/env_clean.sh
|
||||
|
||||
cli: # enter the cli container
|
||||
docker exec -it fabric-cli bash
|
||||
|
||||
orderer: orderer0
|
||||
|
||||
orderer0: # enter the orderer0 container
|
||||
docker exec -it orderer0.example.com bash
|
||||
|
||||
orderer1: # enter the orderer0 container
|
||||
docker exec -it orderer1.example.com bash
|
||||
|
||||
peer: peer0
|
||||
|
||||
peer0: # enter the peer container
|
||||
docker exec -it peer0.org1.example.com bash
|
||||
|
||||
peer1: # enter the peer container
|
||||
docker exec -it peer1.org1.example.com bash
|
||||
|
||||
ps: # show existing docker images
|
||||
docker ps -a
|
||||
|
||||
logs: # show logs
|
||||
docker-compose -f ${COMPOSE_FILE} logs -f --tail 200
|
||||
|
||||
logs_check: logs_save logs_view
|
||||
|
||||
logs_save: # save logs
|
||||
@echo "All tests done, saving logs locally"
|
||||
[ -d $(LOG_PATH) ] || mkdir -p $(LOG_PATH)
|
||||
docker logs peer0.org1.example.com >& $(LOG_PATH)/dev_peer0.log
|
||||
docker logs orderer0.example.com >& $(LOG_PATH)/dev_orderer.log
|
||||
docker-compose -f ${COMPOSE_FILE} logs >& $(LOG_PATH)/dev_all.log
|
||||
|
||||
logs_view: # view logs
|
||||
less $(LOG_PATH)/dev_peer.log
|
||||
|
||||
elk: # insert logs into elk
|
||||
# curl -XDELETE http://localhost:9200/logstash-\*
|
||||
nc localhost 5000 < $(LOG_PATH)/dev_all.log
|
||||
|
||||
gen_config_crypto: # generate crypto config
|
||||
bash scripts/gen_config_crypto.sh
|
||||
|
||||
gen_config_channel: # generate channel artifacts
|
||||
bash scripts/gen_config_channel.sh ${HLF_MODE}
|
||||
|
||||
clean_config_channel: # clean channel related artifacts
|
||||
rm -rf ${HLF_MODE}/channel-artifacts/*
|
||||
|
||||
clean_config_crypto: # clean config artifacts
|
||||
echo "Warning: Cleaning credentials will affect artifacts in raft mode"
|
||||
rm -rf crypto-config/*
|
||||
rm -rf org3/crypto-config/*
|
||||
|
||||
download: # download required images
|
||||
@echo "Download Docker images"
|
||||
bash scripts/download_images.sh
|
||||
|
||||
################## chaincode dev mode ################
|
||||
chaincode_init: # start chaincode in dev mode and do install/instantiate
|
||||
@echo "Install and instantiate cc example02 on the fabric dev network"
|
||||
@docker exec -it fabric-cli bash -c "cd /tmp; bash scripts/init_chaincode_dev.sh"
|
|
@ -0,0 +1,78 @@
|
|||
# All elements in this file should depend on the base-solo.yaml
|
||||
# Provided solo-base fabric network with:
|
||||
|
||||
# ca.org1.example.com
|
||||
# ca.org2.example.com
|
||||
# orderer.example.com
|
||||
# peer0.org1.example.com
|
||||
# peer1.org1.example.com
|
||||
# peer0.org2.example.com
|
||||
# peer1.org2.example.com
|
||||
# cli
|
||||
|
||||
version: '2' # v3 does not support 'extends' yet
|
||||
|
||||
services:
|
||||
ca.org1.example.com: # ca node for org1
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: ca.org1.example.com
|
||||
environment:
|
||||
- FABRIC_CA_SERVER_TLS_ENABLED=false
|
||||
|
||||
ca.org2.example.com: # ca node for org1
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: ca.org2.example.com
|
||||
environment:
|
||||
- FABRIC_CA_SERVER_TLS_ENABLED=false
|
||||
|
||||
orderer.example.com: # orderer node for example org
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: orderer.example.com
|
||||
environment:
|
||||
- ORDERER_GENERAL_TLS_ENABLED=false
|
||||
|
||||
cli: # client node
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: cli
|
||||
environment:
|
||||
#- GOPATH=/opt/gopath
|
||||
- CORE_PEER_TLS_ENABLED=false # to enable TLS, change to false
|
||||
|
||||
## following are peer nodes ##
|
||||
|
||||
peer0.org1.example.com:
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: peer0.org1.example.com
|
||||
environment:
|
||||
- CORE_PEER_TLS_ENABLED=false
|
||||
|
||||
peer1.org1.example.com:
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: peer1.org1.example.com
|
||||
environment:
|
||||
- CORE_PEER_TLS_ENABLED=false
|
||||
|
||||
peer0.org2.example.com:
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: peer0.org2.example.com
|
||||
environment:
|
||||
- CORE_PEER_TLS_ENABLED=false
|
||||
|
||||
peer1.org2.example.com:
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: peer1.org2.example.com
|
||||
environment:
|
||||
- CORE_PEER_TLS_ENABLED=false
|
||||
|
||||
event-listener:
|
||||
extends:
|
||||
file: base-solo.yaml
|
||||
service: event-listener
|
|
@ -0,0 +1,207 @@
|
|||
# All elements in this file should depend on the base.yaml
|
||||
# Provided a Kafka enabled fabric network with:
|
||||
|
||||
# ca.org1.example.com
|
||||
# ca.org2.example.com
|
||||
# orderer0.example.com
|
||||
# orderer1.example.com
|
||||
# peer0.org1.example.com
|
||||
# peer1.org1.example.com
|
||||
# peer0.org2.example.com
|
||||
# peer1.org2.example.com
|
||||
# 3 zookeeper nodes
|
||||
# 4 raft nodes
|
||||
# cli
|
||||
|
||||
version: '2' # v3 does not support 'extends' yet
|
||||
|
||||
services:
|
||||
ca.org1.example.com:
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: ca-base
|
||||
container_name: ca.org1.example.com
|
||||
hostname: ca.org1.example.com
|
||||
environment:
|
||||
- FABRIC_CA_SERVER_CA_NAME=ca-org1
|
||||
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
|
||||
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/c843d3f021118963ce5d340e95286e8869bb7bd051454cd4166aa2887a2ad451_sk
|
||||
ports:
|
||||
- "7054:7054"
|
||||
volumes:
|
||||
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
|
||||
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/c843d3f021118963ce5d340e95286e8869bb7bd051454cd4166aa2887a2ad451_sk -b admin:adminpw -d'
|
||||
|
||||
ca.org2.example.com:
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: ca-base
|
||||
container_name: ca.org2.example.com
|
||||
hostname: ca.org2.example.com
|
||||
environment:
|
||||
- FABRIC_CA_SERVER_CA_NAME=ca-org2
|
||||
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
|
||||
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/1ee551a8753171c0377366e96a1d7ec01afddb868c9483cc501b6f8ac7ae752f_sk
|
||||
ports:
|
||||
- "8054:7054"
|
||||
volumes:
|
||||
- ./crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
|
||||
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/1ee551a8753171c0377366e96a1d7ec01afddb868c9483cc501b6f8ac7ae752f_sk -b admin:adminpw -d'
|
||||
|
||||
orderer0.example.com: # There can be multiple orderers
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: orderer-base
|
||||
container_name: orderer0.example.com
|
||||
hostname: orderer0.example.com
|
||||
ports:
|
||||
- "7050:7050"
|
||||
environment:
|
||||
- FABRIC_LOGGING_SPEC=DEBUG
|
||||
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
|
||||
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
|
||||
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
|
||||
# below 4 must be defined/undefined together, for using separate network for raft
|
||||
#- ORDERER_GENERAL_CLUSTER_LISTENADDRESS=0.0.0.0
|
||||
#- ORDERER_GENERAL_CLUSTER_LISTENPORT=7050 # this must be the same with channel config
|
||||
#- ORDERER_GENERAL_CLUSTER_SERVERCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
|
||||
#- ORDERER_GENERAL_CLUSTER_SERVERPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
|
||||
volumes:
|
||||
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/var/hyperledger/orderer/msp
|
||||
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/:/var/hyperledger/orderer/tls
|
||||
- ./raft/channel-artifacts/orderer0.genesis.block:/var/hyperledger/orderer/orderer.genesis.block
|
||||
command: orderer start
|
||||
|
||||
orderer1.example.com: # There can be multiple orderers
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: orderer-base
|
||||
container_name: orderer1.example.com
|
||||
hostname: orderer1.example.com
|
||||
ports:
|
||||
- "8050:7050"
|
||||
environment:
|
||||
- ORDERER_GENERAL_CLUSTER_SENDBUFFERSIZE=10
|
||||
volumes:
|
||||
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp:/var/hyperledger/orderer/msp
|
||||
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/:/var/hyperledger/orderer/tls
|
||||
- ./raft/channel-artifacts/orderer1.genesis.block:/var/hyperledger/orderer/orderer.genesis.block
|
||||
command: orderer start
|
||||
|
||||
orderer2.example.com: # There can be multiple orderers
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: orderer-base
|
||||
container_name: orderer2.example.com
|
||||
hostname: orderer2.example.com
|
||||
ports:
|
||||
- "9050:7050"
|
||||
environment:
|
||||
- ORDERER_GENERAL_CLUSTER_SENDBUFFERSIZE=10
|
||||
volumes:
|
||||
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp
|
||||
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls
|
||||
- ./raft/channel-artifacts/orderer2.genesis.block:/var/hyperledger/orderer/orderer.genesis.block
|
||||
command: orderer start
|
||||
|
||||
## following are peer nodes ##
|
||||
|
||||
peer0.org1.example.com:
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: peer-base
|
||||
container_name: peer0.org1.example.com
|
||||
hostname: peer0.org1.example.com
|
||||
environment:
|
||||
- CORE_PEER_ID=peer0.org1.example.com
|
||||
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
|
||||
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
|
||||
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
|
||||
- CORE_PEER_LOCALMSPID=Org1MSP
|
||||
- FABRIC_LOGGING_SPEC=DEBUG
|
||||
volumes:
|
||||
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
|
||||
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
|
||||
ports:
|
||||
- 7051:7051
|
||||
|
||||
peer1.org1.example.com:
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: peer-base
|
||||
container_name: peer1.org1.example.com
|
||||
hostname: peer1.org1.example.com
|
||||
environment:
|
||||
- CORE_PEER_ID=peer1.org1.example.com
|
||||
- CORE_PEER_ADDRESS=peer1.org1.example.com:7051
|
||||
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051
|
||||
- CORE_PEER_CHAINCODELISTENADDRESS=peer1.org1.example.com:7052
|
||||
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
|
||||
- CORE_PEER_LOCALMSPID=Org1MSP
|
||||
volumes:
|
||||
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp
|
||||
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls
|
||||
ports:
|
||||
- 8051:7051
|
||||
|
||||
peer0.org2.example.com:
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: peer-base
|
||||
container_name: peer0.org2.example.com
|
||||
hostname: peer0.org2.example.com
|
||||
environment:
|
||||
- CORE_PEER_ID=peer0.org2.example.com
|
||||
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
|
||||
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
|
||||
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
|
||||
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
|
||||
- CORE_PEER_LOCALMSPID=Org2MSP
|
||||
volumes:
|
||||
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
|
||||
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
|
||||
ports:
|
||||
- 9051:7051
|
||||
|
||||
peer1.org2.example.com:
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: peer-base
|
||||
container_name: peer1.org2.example.com
|
||||
hostname: peer1.org2.example.com
|
||||
environment:
|
||||
- CORE_PEER_ID=peer1.org2.example.com
|
||||
- CORE_PEER_ADDRESS=peer1.org2.example.com:7051
|
||||
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051
|
||||
- CORE_PEER_CHAINCODELISTENADDRESS=peer1.org2.example.com:7052
|
||||
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051
|
||||
- CORE_PEER_LOCALMSPID=Org2MSP
|
||||
volumes:
|
||||
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp
|
||||
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls
|
||||
ports:
|
||||
- 10051:7051
|
||||
|
||||
cli:
|
||||
extends:
|
||||
file: base.yaml
|
||||
service: cli-base
|
||||
container_name: fabric-cli
|
||||
hostname: fabric-cli
|
||||
tty: true
|
||||
environment:
|
||||
- CORE_PEER_ID=fabric-cli
|
||||
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051 # default to operate on peer0.org1
|
||||
- CORE_PEER_LOCALMSPID=Org1MSP
|
||||
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
|
||||
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
|
||||
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
|
||||
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
|
||||
volumes:
|
||||
- ./scripts:/tmp/scripts
|
||||
- ./crypto-config.yaml:/etc/hyperledger/fabric/crypto-config.yaml
|
||||
- ./crypto-config:/etc/hyperledger/fabric/crypto-config
|
||||
- ./raft/channel-artifacts:/tmp/channel-artifacts
|
||||
- ./raft/configtx.yaml:/etc/hyperledger/fabric/configtx.yaml
|
||||
- ./examples:/go/src/examples
|
||||
#- $GOPATH/src/github.com/hyperledger/fabric:/go/src/github.com/hyperledger/fabric
|
|
@ -0,0 +1,134 @@
|
|||
# Contains the base template for all Hyperledger Fabric services
|
||||
# Never directly use services in this template, but inherent
|
||||
# All services are abstract without any names, config or port mapping
|
||||
# https://github.com/yeasy/docker-compose-files
|
||||
#
|
||||
# * ca-base: base for fabric-ca
|
||||
# * orderer-base: base for fabric-orderer
|
||||
# * peer-base: base for fabric-peer
|
||||
# * cli-base: base for fabric peer client
|
||||
# * event-listener-base: base for fabric eventhub listener
|
||||
# * kafka-base: base for kafka
|
||||
# * zookeeper-base: base for fabric-zookeeper
|
||||
# * couchdb-base: base for couchdb
|
||||
# * explorer-base: base for Hyperledger blockchain-explorer
|
||||
# * mysql-base: base for MySQL
|
||||
|
||||
version: '2' # compose v3 still doesn't support `extends`, shame!
|
||||
|
||||
services:
|
||||
ca-base:
|
||||
image: yeasy/hyperledger-fabric-ca:${FABRIC_IMG_TAG}
|
||||
restart: always
|
||||
network_mode: ${NETWORK}
|
||||
environment:
|
||||
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
|
||||
- FABRIC_CA_SERVER_TLS_ENABLED=true # change to false to disable TLS
|
||||
|
||||
orderer-base:
|
||||
image: yeasy/hyperledger-fabric-orderer:${FABRIC_IMG_TAG}
|
||||
restart: always
|
||||
network_mode: ${NETWORK}
|
||||
# Default config can be found at https://github.com/hyperledger/fabric/blob/master/orderer/common/localconfig/config.go
|
||||
environment:
|
||||
- FABRIC_LOGGING_SPEC=INFO # default: INFO
|
||||
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
|
||||
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # default: 127.0.0.1
|
||||
- ORDERER_GENERAL_LISTENPORT=7050
|
||||
- ORDERER_GENERAL_GENESISMETHOD=file # default: provisional
|
||||
- ORDERER_GENERAL_BOOTSTRAPFILE=/var/hyperledger/orderer/orderer.genesis.block
|
||||
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP # default: DEFAULT
|
||||
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
|
||||
- ORDERER_GENERAL_LEDGERTYPE=file
|
||||
#- ORDERER_GENERAL_LEDGERTYPE=json # default: file
|
||||
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443 # operation RESTful API
|
||||
- ORDERER_METRICS_PROVIDER=prometheus # prometheus will pull metrics from orderer via /metrics RESTful API
|
||||
#- ORDERER_RAMLEDGER_HISTORY_SIZE=100 #only useful when use ram ledger
|
||||
# enabled TLS
|
||||
- ORDERER_GENERAL_TLS_ENABLED=true # default: false
|
||||
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
|
||||
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
|
||||
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
|
||||
# Only required by raft mode
|
||||
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
|
||||
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
|
||||
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
|
||||
#volumes:
|
||||
#- $GOPATH/src/github.com/hyperledger/fabric:/go/src/github.com/hyperledger/fabric
|
||||
expose:
|
||||
- "7050" # gRPC
|
||||
- "8443" # Operation REST
|
||||
#command: bash -c 'bash /tmp/orderer_build.sh; orderer start' # use this if to debug orderer
|
||||
command: orderer start
|
||||
|
||||
peer-base: # abstract base for fabric-peer, will be used in peer.yaml
|
||||
image: yeasy/hyperledger-fabric-peer:${FABRIC_IMG_TAG}
|
||||
restart: always
|
||||
network_mode: ${NETWORK}
|
||||
environment:
|
||||
- FABRIC_LOGGING_SPEC=INFO
|
||||
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
|
||||
- CORE_PEER_ADDRESSAUTODETECT=false
|
||||
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${NETWORK} # uncomment this to use specific network
|
||||
- CORE_PEER_GOSSIP_USELEADERELECTION=true
|
||||
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
|
||||
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051 # change to external addr for peers in other orgs
|
||||
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 # operation RESTful API
|
||||
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
|
||||
- CORE_PEER_PROFILE_ENABLED=false
|
||||
- CORE_PEER_TLS_ENABLED=true
|
||||
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
|
||||
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
|
||||
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
|
||||
- CORE_CHIANCODE_BUILDER=hyperledger/fabric-ccenv:${FABRIC_IMG_TAG}
|
||||
- CORE_CHIANCODE_NODE_RUNTIME=hyperledger/fabric-nodeenv:${FABRIC_IMG_TAG}
|
||||
- FABRIC_LOGGING_SPEC=DEBUG
|
||||
- FABRIC_LOGGING_FORMAT=%{color}[%{id:03x} %{time:01-02 15:04:05.00 MST}] [%{longpkg}] %{callpath} -> %{level:.4s}%{color:reset} %{message}
|
||||
volumes:
|
||||
#- $GOPATH/src/github.com/hyperledger/fabric:/go/src/github.com/hyperledger/fabric
|
||||
# docker.sock is mapped as the default CORE_VM_ENDPOINT
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
expose:
|
||||
- "7051" # gRPC
|
||||
- "9443" # Operation REST
|
||||
#command: bash -c 'bash /tmp/peer_build.sh; peer node start'
|
||||
command: peer node start
|
||||
|
||||
cli-base:
|
||||
image: yeasy/hyperledger-fabric:${FABRIC_IMG_TAG}
|
||||
restart: always
|
||||
network_mode: ${NETWORK}
|
||||
tty: true
|
||||
environment:
|
||||
- FABRIC_LOGGING_SPEC=DEBUG
|
||||
- FABRIC_LOGGING_FORMAT=%{color}[%{id:03x} %{time:01-02 15:04:05.00 MST}] [%{module}] %{shortfunc} -> %{level:.4s}%{color:reset} %{message}
|
||||
- CORE_PEER_TLS_ENABLED=true # to enable TLS, change to true
|
||||
- ORDERER_CA=/etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
|
||||
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
|
||||
command: bash -c 'cd /tmp; source scripts/func.sh; while true; do sleep 20170504; done'
|
||||
|
||||
prometheus: # prometheus will pull metrics from fabric
|
||||
image: prom/prometheus:v2.6.0
|
||||
restart: always
|
||||
network_mode: ${NETWORK}
|
||||
tty: true
|
||||
volumes:
|
||||
- ./prometheus.yml:/etc/prometheus/prometheus.yml
|
||||
|
||||
explorer-base:
|
||||
image: yeasy/blockchain-explorer:0.1.0-preview # Till we have official image
|
||||
expose:
|
||||
- "8080" # HTTP port
|
||||
command: bash -c 'sleep 10; node main.js'
|
||||
|
||||
mysql-base: # mysql service
|
||||
image: mysql:8.0
|
||||
restart: always
|
||||
network_mode: ${NETWORK}
|
||||
expose:
|
||||
- "3306"
|
||||
|
||||
networks:
|
||||
default:
|
||||
external:
|
||||
name: ${NETWORK}
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAElrxQZ6gowmj2lx/rvgwuJpw6N/lcmQ0p
|
||||
Ev+ZnXuw1/p6b2ExvMQIZ5g3dQ5fXk9Cn6ZPkx9O9EVdNMFQHdcMUxw0TU/Aodwe
|
||||
2iM2CTL4vlQyE1jPchTksA5TajJQCSCI
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICDTCCAbOgAwIBAgIUW+04RptN2graLOmClc14tpFScJMwCgYIKoZIzj0EAwIw
|
||||
YjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
|
||||
EwtleGFtcGxlLmNvbTELMAkGA1UECxMCY2ExFzAVBgNVBAMTDmNhLmV4YW1wbGUu
|
||||
Y29tMCAXDTE4MTAxMjA4NTcwMFoYDzIxNjgwOTA1MDg1NzAwWjBiMQswCQYDVQQG
|
||||
EwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNVBAoTC2V4YW1wbGUu
|
||||
Y29tMQswCQYDVQQLEwJjYTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20wWTATBgcq
|
||||
hkjOPQIBBggqhkjOPQMBBwNCAATBR97JMKtWes7KiIHOD/Cm6ndD3gn92rgiqyNY
|
||||
rjS5putZABmaK2PRc5JBrw9ee6BERJJTV0MphwSug3WPDSNIo0UwQzAOBgNVHQ8B
|
||||
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU35gCrJjArRVf
|
||||
c1H+xMDIBIGo64owCgYIKoZIzj0EAwIDSAAwRQIhAOReEs7Au22Ed3KVY/Wb9ArP
|
||||
XomXnX951Cv6SJjohUixAiBS1d/qj2S8hC82STczs7wZU+vP841NOOU/j9fdFH16
|
||||
8g==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1nXDT9Gv5kyA/o3y
|
||||
ElnE/KZ1gF8o4vVas+46SVpvk8qhRANCAATBR97JMKtWes7KiIHOD/Cm6ndD3gn9
|
||||
2rgiqyNYrjS5putZABmaK2PRc5JBrw9ee6BERJJTV0MphwSug3WPDSNI
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,134 @@
|
|||
version: 1.4.0
|
||||
port: 7054
|
||||
debug: false
|
||||
crlsizelimit: 512000
|
||||
tls:
|
||||
enabled: false
|
||||
certfile: null
|
||||
keyfile: null
|
||||
clientauth:
|
||||
type: noclientcert
|
||||
certfiles: null
|
||||
ca:
|
||||
name: ca.example.com
|
||||
keyfile: ca.example.com_sk
|
||||
certfile: ca.example.com-cert.pem
|
||||
chainfile: null
|
||||
crl:
|
||||
expiry: 24h
|
||||
registry:
|
||||
maxenrollments: -1
|
||||
identities:
|
||||
- name: boot-admin
|
||||
pass: boot-pass
|
||||
type: client
|
||||
affiliation: ""
|
||||
attrs:
|
||||
hf.Registrar.Roles: '*'
|
||||
hf.Registrar.DelegateRoles: '*'
|
||||
hf.Revoker: true
|
||||
hf.IntermediateCA: true
|
||||
hf.GenCRL: true
|
||||
hf.Registrar.Attributes: '*'
|
||||
hf.AffiliationMgr: true
|
||||
db:
|
||||
type: sqlite3
|
||||
datasource: fabric-ca-server.db
|
||||
tls:
|
||||
enabled: false
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
ldap:
|
||||
enabled: false
|
||||
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
attribute:
|
||||
names:
|
||||
- uid
|
||||
- member
|
||||
converters:
|
||||
- name: null
|
||||
value: null
|
||||
maps:
|
||||
groups:
|
||||
- name: null
|
||||
value: null
|
||||
affiliations:
|
||||
org1:
|
||||
- department1
|
||||
- department2
|
||||
org2:
|
||||
- department1
|
||||
signing:
|
||||
default:
|
||||
usage:
|
||||
- digital signature
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 87600h
|
||||
profiles:
|
||||
ca:
|
||||
usage:
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 43800h
|
||||
caconstraint:
|
||||
isca: true
|
||||
maxpathlen: 0
|
||||
tls:
|
||||
usage:
|
||||
- signing
|
||||
- key encipherment
|
||||
- server auth
|
||||
- client auth
|
||||
- key agreement
|
||||
expiry: 87600h
|
||||
csr:
|
||||
cn: ca.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L: null
|
||||
O: example.com
|
||||
OU: ca
|
||||
hosts:
|
||||
- fabric-ca-server
|
||||
- localhost
|
||||
ca:
|
||||
expiry: 1314000h
|
||||
pathlength: 1
|
||||
idemix:
|
||||
rhpoolsize: 1000
|
||||
nonceexpiration: 15s
|
||||
noncesweepinterval: 15m
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
keystore: msp/keystore
|
||||
cacount: null
|
||||
cafiles: null
|
||||
intermediate:
|
||||
parentserver:
|
||||
url: null
|
||||
caname: null
|
||||
enrollment:
|
||||
hosts: null
|
||||
profile: null
|
||||
label: null
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1nXDT9Gv5kyA/o3y
|
||||
ElnE/KZ1gF8o4vVas+46SVpvk8qhRANCAATBR97JMKtWes7KiIHOD/Cm6ndD3gn9
|
||||
2rgiqyNYrjS5putZABmaK2PRc5JBrw9ee6BERJJTV0MphwSug3WPDSNI
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,6 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGkAgEBBDAjhzxjRaRZLGVOklgx7o9aZvyCx8kwYw2sWu8YSH0l1FqLHZ7Mgdle
|
||||
Bpu5J7qJuPmgBwYFK4EEACKhZANiAASWvFBnqCjCaPaXH+u+DC4mnDo3+VyZDSkS
|
||||
/5mde7DX+npvYTG8xAhnmDd1Dl9eT0Kfpk+TH070RV00wVAd1wxTHDRNT8Ch3B7a
|
||||
IzYJMvi+VDITWM9yFOSwDlNqMlAJIIg=
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1 @@
|
|||
;—WF-™״²k[ה<><D794>®¯תִA¾LGˆ0Yד°J
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE6LMQZx53Kgp+gunfCKNehruZy1AYQ72D
|
||||
cfzkbq9Ei3sSJzClK0cnNphae80+l61Ak5imq2SQvu4lhqyssp4JME8b8WvFVWhm
|
||||
OdQv+XTm1bAPN8ZKOxjqDB2Fbb8RQmCZ
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,134 @@
|
|||
version: 1.4.0
|
||||
port: 7054
|
||||
debug: false
|
||||
crlsizelimit: 512000
|
||||
tls:
|
||||
enabled: false
|
||||
certfile: null
|
||||
keyfile: null
|
||||
clientauth:
|
||||
type: noclientcert
|
||||
certfiles: null
|
||||
ca:
|
||||
name: tlsca.example.com
|
||||
keyfile: tlsca.example.com_sk
|
||||
certfile: tlsca.example.com-cert.pem
|
||||
chainfile: null
|
||||
crl:
|
||||
expiry: 24h
|
||||
registry:
|
||||
maxenrollments: -1
|
||||
identities:
|
||||
- name: boot-admin
|
||||
pass: boot-pass
|
||||
type: client
|
||||
affiliation: ""
|
||||
attrs:
|
||||
hf.Registrar.Roles: '*'
|
||||
hf.Registrar.DelegateRoles: '*'
|
||||
hf.Revoker: true
|
||||
hf.IntermediateCA: true
|
||||
hf.GenCRL: true
|
||||
hf.Registrar.Attributes: '*'
|
||||
hf.AffiliationMgr: true
|
||||
db:
|
||||
type: sqlite3
|
||||
datasource: fabric-ca-server.db
|
||||
tls:
|
||||
enabled: false
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
ldap:
|
||||
enabled: false
|
||||
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
attribute:
|
||||
names:
|
||||
- uid
|
||||
- member
|
||||
converters:
|
||||
- name: null
|
||||
value: null
|
||||
maps:
|
||||
groups:
|
||||
- name: null
|
||||
value: null
|
||||
affiliations:
|
||||
org1:
|
||||
- department1
|
||||
- department2
|
||||
org2:
|
||||
- department1
|
||||
signing:
|
||||
default:
|
||||
usage:
|
||||
- digital signature
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 87600h
|
||||
profiles:
|
||||
ca:
|
||||
usage:
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 43800h
|
||||
caconstraint:
|
||||
isca: true
|
||||
maxpathlen: 0
|
||||
tls:
|
||||
usage:
|
||||
- signing
|
||||
- key encipherment
|
||||
- server auth
|
||||
- client auth
|
||||
- key agreement
|
||||
expiry: 87600h
|
||||
csr:
|
||||
cn: tlsca.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L: null
|
||||
O: example.com
|
||||
OU: tlsca
|
||||
hosts:
|
||||
- fabric-ca-server
|
||||
- localhost
|
||||
ca:
|
||||
expiry: 1314000h
|
||||
pathlength: 1
|
||||
idemix:
|
||||
rhpoolsize: 1000
|
||||
nonceexpiration: 15s
|
||||
noncesweepinterval: 15m
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
keystore: msp/keystore
|
||||
cacount: null
|
||||
cafiles: null
|
||||
intermediate:
|
||||
parentserver:
|
||||
url: null
|
||||
caname: null
|
||||
enrollment:
|
||||
hosts: null
|
||||
profile: null
|
||||
label: null
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLUPdLlI4BVuCXdly
|
||||
UQMuZ67vJYr2t4ybbr0jLHAIDdChRANCAATgOHkZzn6C6MieVWOZjGve0h/taMdx
|
||||
QKLv8l08a1FScas16CDWIcDBSIWg1eRh/I/J7Ijjt6DEtHSt3ctGzAuq
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,6 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGkAgEBBDALaw+r+kOT0kY5O9E91HUwvqE7p4cTqrAJQ/ZFcgtUz9b8wPL23DOi
|
||||
XM8Bf77RMaCgBwYFK4EEACKhZANiAATosxBnHncqCn6C6d8Io16Gu5nLUBhDvYNx
|
||||
/ORur0SLexInMKUrRyc2mFp7zT6XrUCTmKarZJC+7iWGrKyyngkwTxvxa8VVaGY5
|
||||
1C/5dObVsA83xko7GOoMHYVtvxFCYJk=
|
||||
-----END PRIVATE KEY-----
|
Binary file not shown.
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICGTCCAb+gAwIBAgIUf6wM/e5Yoqad5ykzdyNMmFEkQpwwCgYIKoZIzj0EAwIw
|
||||
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
|
||||
EwtleGFtcGxlLmNvbTEOMAwGA1UECxMFdGxzY2ExGjAYBgNVBAMTEXRsc2NhLmV4
|
||||
YW1wbGUuY29tMCAXDTE4MTAxMjA4NTYwMFoYDzIxNjgwOTA1MDg1NjAwWjBoMQsw
|
||||
CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNVBAoTC2V4
|
||||
YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEaMBgGA1UEAxMRdGxzY2EuZXhhbXBs
|
||||
ZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATgOHkZzn6C6MieVWOZjGve
|
||||
0h/taMdxQKLv8l08a1FScas16CDWIcDBSIWg1eRh/I/J7Ijjt6DEtHSt3ctGzAuq
|
||||
o0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4E
|
||||
FgQUnOwD/If5n4yCIxCc2kik9+mRsxYwCgYIKoZIzj0EAwIDSAAwRQIhAPNMC62d
|
||||
5EsJjkqZLSuq9GyZDk+4fsHzNS6lgrlzZfuxAiBygZt2ee8Z8zwoZjTRXvcCj4Df
|
||||
5+YwFqOjgPXdXg+nTA==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLUPdLlI4BVuCXdly
|
||||
UQMuZ67vJYr2t4ybbr0jLHAIDdChRANCAATgOHkZzn6C6MieVWOZjGve0h/taMdx
|
||||
QKLv8l08a1FScas16CDWIcDBSIWg1eRh/I/J7Ijjt6DEtHSt3ctGzAuq
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://ca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: Admin@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg8vMuirOjKSGHUNNF
|
||||
qYlMP7ZlaOE8xD4BIV9UjYApuQyhRANCAATVFCmMnRB4YjYASeToLpW905Sr11d7
|
||||
eJuWWVEXxRXweujA+2XIvJnu9oJzfctuEgAixaNfNLWaHo7AAdK1WOLw
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://tlsca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: Admin@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
|
||||
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
|
||||
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
|
||||
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
|
||||
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
|
||||
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
|
||||
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
|
||||
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
|
||||
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfRcMLZfkPxSPSjxY
|
||||
LOcLxIeUCd7C71EfZH9Jyj8cstqhRANCAASpl1xmXmNMex/YmPK9ew9sI4JW7w5B
|
||||
e4whAaHEMEr4K9QWbmGUtZPtr3EKEHYbhA8BM2RdFkl+09fvew76T9tQ
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDDTCCArOgAwIBAgIUJbPbRHo+tTwYRVq0zJ2p3bzYtdMwCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
|
||||
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
|
||||
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
|
||||
A1UECxMEdXNlcjEfMB0GA1UEAwwWQWRtaW5Ab3JnMS5leGFtcGxlLmNvbTBZMBMG
|
||||
ByqGSM49AgEGCCqGSM49AwEHA0IABKmXXGZeY0x7H9iY8r17D2wjglbvDkF7jCEB
|
||||
ocQwSvgr1BZuYZS1k+2vcQoQdhuEDwEzZF0WSX7T1+97DvpP21CjggERMIIBDTAO
|
||||
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPgf/xHQ/Nru2
|
||||
+JEBpLOA2OClo6AwHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
|
||||
VR0RBBowGIEWQWRtaW5Ab3JnMS5leGFtcGxlLmNvbTCBiQYIKgMEBQYHCAEEfXsi
|
||||
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoidHJ1ZSIsImhmLkFm
|
||||
ZmlsaWF0aW9uIjoiIiwiaGYuRW5yb2xsbWVudElEIjoiQWRtaW5Ab3JnMS5leGFt
|
||||
cGxlLmNvbSIsImhmLlR5cGUiOiJ1c2VyIn19MAoGCCqGSM49BAMCA0gAMEUCIQCl
|
||||
X+M3Rp7MEAVT6N8D7TgqOh9Rmtrv4By1WVmeNf/ZAAIgb6Cb7Thh7y60I6OlxdOw
|
||||
A3bsWxA4xq8q3gCL+/I2kDE=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://ca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: User1@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWUNovBTSm43w0Gne
|
||||
wH+gjOv4wnAUOes4Rl5xRfJNkFChRANCAAQYGe+D/gw4IbjDBD5XQutFqjELjXz+
|
||||
WayBTKOK/gZP4lqwqp9NqWNWI8uiVilHKrKD24GqsM3+h5d5q2UJG5Hf
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://tlsca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: User1@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
|
||||
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
|
||||
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
|
||||
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
|
||||
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
|
||||
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
|
||||
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
|
||||
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
|
||||
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2PYDX6UQs548jvq0
|
||||
eP2rClDYv8JoiZeK6qJcXHzvQUqhRANCAAT6w4XqgWi8OOT6uYXZRaGkquFsFtsh
|
||||
rfS8J4KB2c6WUDkUIHXOio6hLP2mNFTVNMGnRxF1LSpMPEFxie5jaN/W
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDDTCCArSgAwIBAgIUH4qT7e5nHhIYhhXrdGPnEzHWMhswCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
|
||||
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
|
||||
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
|
||||
A1UECxMEdXNlcjEfMB0GA1UEAwwWVXNlcjFAb3JnMS5leGFtcGxlLmNvbTBZMBMG
|
||||
ByqGSM49AgEGCCqGSM49AwEHA0IABPrDheqBaLw45Pq5hdlFoaSq4WwW2yGt9Lwn
|
||||
goHZzpZQORQgdc6KjqEs/aY0VNU0wadHEXUtKkw8QXGJ7mNo39ajggESMIIBDjAO
|
||||
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU/fDcOzrRHtLF
|
||||
QnXNHSVg2ln0UmgwHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
|
||||
VR0RBBowGIEWVXNlcjFAb3JnMS5leGFtcGxlLmNvbTCBigYIKgMEBQYHCAEEfnsi
|
||||
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoiZmFsc2UiLCJoZi5B
|
||||
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6IlVzZXIxQG9yZzEuZXhh
|
||||
bXBsZS5jb20iLCJoZi5UeXBlIjoidXNlciJ9fTAKBggqhkjOPQQDAgNHADBEAiBK
|
||||
C0p26m2dx0Y9IEJ93KWHgr+kCXtJHs+mLh56CbjkNwIgOyqY7vOQ6plgUpTT42b8
|
||||
Xp2CkVyqaw+hsUg+F2lxGsA=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://ca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: boot-admin
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGnD2h1/mDGeNIadf
|
||||
fP/pROrbeZRifCe8Z9VIGAQ3GoShRANCAAR2wsRMRc5/mBRrTbjfZ/4FD6rb9fPz
|
||||
y36ATZQx+o7Zj22paPHhXKHOOZliP/n0Ax5EPeY8DejzDY0mo3CV3voZ
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://tlsca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: boot-admin
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
|
||||
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
|
||||
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
|
||||
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
|
||||
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
|
||||
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
|
||||
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
|
||||
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
|
||||
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWPQgr/DLwEczolSb
|
||||
mEznYJZXe4gNhPPAcnMmQrLgolehRANCAARyGsnOftmnTa+flGDLKdPJbj+C0Cla
|
||||
aaY5zkuAUT1ojNk/ASQv22KGOi+V50QvzyK3QOqAKnPBGvpM9akBz92J
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICczCCAhqgAwIBAgIUc5cHVaZnLnq0g7UZ8bveQ2VJADEwCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
|
||||
MDBaMHsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
|
||||
Ew1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ8wDQYD
|
||||
VQQLEwZjbGllbnQxEzARBgNVBAMTCmJvb3QtYWRtaW4wWTATBgcqhkjOPQIBBggq
|
||||
hkjOPQMBBwNCAARyGsnOftmnTa+flGDLKdPJbj+C0ClaaaY5zkuAUT1ojNk/ASQv
|
||||
22KGOi+V50QvzyK3QOqAKnPBGvpM9akBz92Jo4GEMIGBMA4GA1UdDwEB/wQEAwIB
|
||||
hjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQhJFtMm0+ApEOidrRbUd466PCe4jAf
|
||||
BgNVHSMEGDAWgBRYLwES7lJq4i67F2AeLU35NxkbUzAhBgNVHREEGjAYgRZBZG1p
|
||||
bkBvcmcxLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCICaXvUWDxu62xHmK
|
||||
TXMvTTVgSYZE+Q8hCOfnlz9OQJyaAiAtKzb22ZNDjW/ZSjsKXJhsK1+CJC52CabN
|
||||
ANE96bx2Xg==
|
||||
-----END CERTIFICATE-----
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEVHAMGD123d5QVhI6LAq7sEU8frN4bN9p
|
||||
gPiKwWBLljpCGQH8kBbQoyEyFFBGndyWgalkLrEXJNv/VGAWyDEeg6c8/fycfJW4
|
||||
iq8Mk1AvRAVMJIF9VwjHdwQ3rMmzC15n
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICIDCCAcegAwIBAgIUDEK12gHn0vyqLETS3DWGJrqUksMwCgYIKoZIzj0EAwIw
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
MS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU3MDBaGA8yMTY4MDkwNTA4NTcwMFow
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
MS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN1A0nR0Orkp
|
||||
ppOOnvCoIiIFfzpBdwWQCJ7FEx/iF2H/2PkOws6qEN2sBh2WqByWR2c7EIdmgvUu
|
||||
ZxSIEXU2TO2jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEB
|
||||
MB0GA1UdDgQWBBSpWdz/SpIKYXgSaEYa0XBEvF8TGzAKBggqhkjOPQQDAgNHADBE
|
||||
AiAPu4EVW8V7ocl2hRGI+jAz4aBfCiiW5MX3+vYbDCtyxgIgJoeEFVulOhxdEBBe
|
||||
YKUNAAVA2pkMYUzgEWT743z0jhY=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvjKIcywt9dWmrXyU
|
||||
EP5BS3QS2820krnIkXpMxcUfL5qhRANCAATdQNJ0dDq5KaaTjp7wqCIiBX86QXcF
|
||||
kAiexRMf4hdh/9j5DsLOqhDdrAYdlqgclkdnOxCHZoL1LmcUiBF1Nkzt
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,134 @@
|
|||
version: 1.4.0
|
||||
port: 7054
|
||||
debug: false
|
||||
crlsizelimit: 512000
|
||||
tls:
|
||||
enabled: false
|
||||
certfile: null
|
||||
keyfile: null
|
||||
clientauth:
|
||||
type: noclientcert
|
||||
certfiles: null
|
||||
ca:
|
||||
name: ca.org1.example.com
|
||||
keyfile: ca.org1.example.com_sk
|
||||
certfile: ca.org1.example.com-cert.pem
|
||||
chainfile: null
|
||||
crl:
|
||||
expiry: 24h
|
||||
registry:
|
||||
maxenrollments: -1
|
||||
identities:
|
||||
- name: boot-admin
|
||||
pass: boot-pass
|
||||
type: client
|
||||
affiliation: ""
|
||||
attrs:
|
||||
hf.Registrar.Roles: '*'
|
||||
hf.Registrar.DelegateRoles: '*'
|
||||
hf.Revoker: true
|
||||
hf.IntermediateCA: true
|
||||
hf.GenCRL: true
|
||||
hf.Registrar.Attributes: '*'
|
||||
hf.AffiliationMgr: true
|
||||
db:
|
||||
type: sqlite3
|
||||
datasource: fabric-ca-server.db
|
||||
tls:
|
||||
enabled: false
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
ldap:
|
||||
enabled: false
|
||||
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
attribute:
|
||||
names:
|
||||
- uid
|
||||
- member
|
||||
converters:
|
||||
- name: null
|
||||
value: null
|
||||
maps:
|
||||
groups:
|
||||
- name: null
|
||||
value: null
|
||||
affiliations:
|
||||
org1:
|
||||
- department1
|
||||
- department2
|
||||
org2:
|
||||
- department1
|
||||
signing:
|
||||
default:
|
||||
usage:
|
||||
- digital signature
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 87600h
|
||||
profiles:
|
||||
ca:
|
||||
usage:
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 43800h
|
||||
caconstraint:
|
||||
isca: true
|
||||
maxpathlen: 0
|
||||
tls:
|
||||
usage:
|
||||
- signing
|
||||
- key encipherment
|
||||
- server auth
|
||||
- client auth
|
||||
- key agreement
|
||||
expiry: 87600h
|
||||
csr:
|
||||
cn: ca.org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L: null
|
||||
O: org1.example.com
|
||||
OU: ca
|
||||
hosts:
|
||||
- fabric-ca-server
|
||||
- localhost
|
||||
ca:
|
||||
expiry: 1314000h
|
||||
pathlength: 1
|
||||
idemix:
|
||||
rhpoolsize: 1000
|
||||
nonceexpiration: 15s
|
||||
noncesweepinterval: 15m
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
keystore: msp/keystore
|
||||
cacount: null
|
||||
cafiles: null
|
||||
intermediate:
|
||||
parentserver:
|
||||
url: null
|
||||
caname: null
|
||||
enrollment:
|
||||
hosts: null
|
||||
profile: null
|
||||
label: null
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
Binary file not shown.
|
@ -0,0 +1,6 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGkAgEBBDAeHTZpAnNYS17/22SSARJQbFhM0QMN0URv5wTBgUkEWL5dBzQQ3TJb
|
||||
EOjTlsC57wOgBwYFK4EEACKhZANiAARUcAwYPXbd3lBWEjosCruwRTx+s3hs32mA
|
||||
+IrBYEuWOkIZAfyQFtCjITIUUEad3JaBqWQusRck2/9UYBbIMR6Dpzz9/Jx8lbiK
|
||||
rwyTUC9EBUwkgX1XCMd3BDesybMLXmc=
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1 @@
|
|||
xRُWه<EFBFBD>اQ@5Fئ<46>P[<5B>2<>v<19><>bظ5H<35>J<EFBFBD>
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvjKIcywt9dWmrXyU
|
||||
EP5BS3QS2820krnIkXpMxcUfL5qhRANCAATdQNJ0dDq5KaaTjp7wqCIiBX86QXcF
|
||||
kAiexRMf4hdh/9j5DsLOqhDdrAYdlqgclkdnOxCHZoL1LmcUiBF1Nkzt
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://ca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: peer0@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGbiPTe+OO8PG2TQu
|
||||
00tnxr7sU1D/DrPshhXHyyND/7uhRANCAAT0Du/ENv0FsDjpCcRxrlW8zJqU3mYB
|
||||
YengujzLKbirqcKlmmon2uWm4vZDiLS60b6Aa/5nfLSNatAfhyenKtez
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://tlsca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: peer0@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
|
||||
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
|
||||
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
|
||||
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
|
||||
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
|
||||
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
|
||||
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
|
||||
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
|
||||
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgt8+ZSv6BYejhJK/E
|
||||
peNwqBja0KCe2vKwffqny1Frd2mhRANCAAQKmzIKjGZnFmh/yK0FRRiY+dnfPubf
|
||||
RsFhSlE0li5JXcBhyBpgi9+7R3280q/SW9+xuEMQK0nSqoXLPeC+UrZU
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDDTCCArSgAwIBAgIUB9LSFJbuP69HlDI8K2SpPTBn2nUwCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
|
||||
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
|
||||
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
|
||||
A1UECxMEcGVlcjEfMB0GA1UEAwwWcGVlcjBAb3JnMS5leGFtcGxlLmNvbTBZMBMG
|
||||
ByqGSM49AgEGCCqGSM49AwEHA0IABAqbMgqMZmcWaH/IrQVFGJj52d8+5t9GwWFK
|
||||
UTSWLkldwGHIGmCL37tHfbzSr9Jb37G4QxArSdKqhcs94L5StlSjggESMIIBDjAO
|
||||
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU+wgV82ZCI689
|
||||
LNyFs4c7B56yCRwwHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
|
||||
VR0RBBowGIEWcGVlcjBAb3JnMS5leGFtcGxlLmNvbTCBigYIKgMEBQYHCAEEfnsi
|
||||
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoiZmFsc2UiLCJoZi5B
|
||||
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6InBlZXIwQG9yZzEuZXhh
|
||||
bXBsZS5jb20iLCJoZi5UeXBlIjoicGVlciJ9fTAKBggqhkjOPQQDAgNHADBEAiAe
|
||||
MRREuRJHh2iXJ2WPf7R1KvxecnPMloR3yDG50jOYNwIgKBoK5xErYt1DWgnVkEZS
|
||||
1ZEVaQDJlz/x6sEqnJmkmPg=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://ca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: peer1@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghB1MF5YZXvp0exC/
|
||||
ilHXOoMC65o9zOVFC2oc7DPGqO+hRANCAAQcmOyY+LZZTLSHLmuAUniwy5Q3mE3f
|
||||
x+GHmBHaCNrIJzZUITw0XKQRS2FCT5UC89OY1SSc9WrhR+MXgJVQkvtF
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://tlsca.org1.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: peer1@org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
|
||||
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
|
||||
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
|
||||
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
|
||||
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
|
||||
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
|
||||
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
|
||||
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
|
||||
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsxgf5OvUl/sjxL9e
|
||||
iu74qhsKNsyAY6u99fumKce+ooOhRANCAASx6/D/olnbL9yJRaLqZ5s78OByGvb1
|
||||
/yeEs+YxR9eyKNnZ4O6IKqf2IF3hxNP5rY+mcey3Khxi41aoDv++BOFV
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDDjCCArSgAwIBAgIUDpmSDWSCx8uN1ybq8hBHpqHk4+IwCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
|
||||
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
|
||||
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTENMAsG
|
||||
A1UECxMEcGVlcjEfMB0GA1UEAwwWcGVlcjFAb3JnMS5leGFtcGxlLmNvbTBZMBMG
|
||||
ByqGSM49AgEGCCqGSM49AwEHA0IABLHr8P+iWdsv3IlFoupnmzvw4HIa9vX/J4Sz
|
||||
5jFH17Io2dng7ogqp/YgXeHE0/mtj6Zx7LcqHGLjVqgO/74E4VWjggESMIIBDjAO
|
||||
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUUmH/JVFmmsgN
|
||||
1VsrQfNCA63B0u4wHwYDVR0jBBgwFoAUWC8BEu5SauIuuxdgHi1N+TcZG1MwIQYD
|
||||
VR0RBBowGIEWcGVlcjFAb3JnMS5leGFtcGxlLmNvbTCBigYIKgMEBQYHCAEEfnsi
|
||||
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoiZmFsc2UiLCJoZi5B
|
||||
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6InBlZXIxQG9yZzEuZXhh
|
||||
bXBsZS5jb20iLCJoZi5UeXBlIjoicGVlciJ9fTAKBggqhkjOPQQDAgNIADBFAiEA
|
||||
s0HoNc7f21bNcod5zq4wjE5aKWNP4qLfePX04KGlQA0CIDZw8DUTR4AOuPoM37Dm
|
||||
MKEFHoiOD9QajnX09mkaCbOf
|
||||
-----END CERTIFICATE-----
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbdmgC+obJLpKIU15eFC1MJNLMdkpOchP
|
||||
9bG0xFWT0wk69EEFAeSYnDHdDFwJH3gmSEmSaccrRRGJUts4yBCz4vpAyxklNEJU
|
||||
JQV9TLWAwWs6IwpYSdI5FZb1Ot4YWvUd
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,134 @@
|
|||
version: 1.4.0
|
||||
port: 7054
|
||||
debug: false
|
||||
crlsizelimit: 512000
|
||||
tls:
|
||||
enabled: false
|
||||
certfile: null
|
||||
keyfile: null
|
||||
clientauth:
|
||||
type: noclientcert
|
||||
certfiles: null
|
||||
ca:
|
||||
name: tlsca.org1.example.com
|
||||
keyfile: tlsca.org1.example.com_sk
|
||||
certfile: tlsca.org1.example.com-cert.pem
|
||||
chainfile: null
|
||||
crl:
|
||||
expiry: 24h
|
||||
registry:
|
||||
maxenrollments: -1
|
||||
identities:
|
||||
- name: boot-admin
|
||||
pass: boot-pass
|
||||
type: client
|
||||
affiliation: ""
|
||||
attrs:
|
||||
hf.Registrar.Roles: '*'
|
||||
hf.Registrar.DelegateRoles: '*'
|
||||
hf.Revoker: true
|
||||
hf.IntermediateCA: true
|
||||
hf.GenCRL: true
|
||||
hf.Registrar.Attributes: '*'
|
||||
hf.AffiliationMgr: true
|
||||
db:
|
||||
type: sqlite3
|
||||
datasource: fabric-ca-server.db
|
||||
tls:
|
||||
enabled: false
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
ldap:
|
||||
enabled: false
|
||||
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
||||
attribute:
|
||||
names:
|
||||
- uid
|
||||
- member
|
||||
converters:
|
||||
- name: null
|
||||
value: null
|
||||
maps:
|
||||
groups:
|
||||
- name: null
|
||||
value: null
|
||||
affiliations:
|
||||
org1:
|
||||
- department1
|
||||
- department2
|
||||
org2:
|
||||
- department1
|
||||
signing:
|
||||
default:
|
||||
usage:
|
||||
- digital signature
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 87600h
|
||||
profiles:
|
||||
ca:
|
||||
usage:
|
||||
- cert sign
|
||||
- crl sign
|
||||
expiry: 43800h
|
||||
caconstraint:
|
||||
isca: true
|
||||
maxpathlen: 0
|
||||
tls:
|
||||
usage:
|
||||
- signing
|
||||
- key encipherment
|
||||
- server auth
|
||||
- client auth
|
||||
- key agreement
|
||||
expiry: 87600h
|
||||
csr:
|
||||
cn: tlsca.org1.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L: null
|
||||
O: org1.example.com
|
||||
OU: tlsca
|
||||
hosts:
|
||||
- fabric-ca-server
|
||||
- localhost
|
||||
ca:
|
||||
expiry: 1314000h
|
||||
pathlength: 1
|
||||
idemix:
|
||||
rhpoolsize: 1000
|
||||
nonceexpiration: 15s
|
||||
noncesweepinterval: 15m
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
keystore: msp/keystore
|
||||
cacount: null
|
||||
cafiles: null
|
||||
intermediate:
|
||||
parentserver:
|
||||
url: null
|
||||
caname: null
|
||||
enrollment:
|
||||
hosts: null
|
||||
profile: null
|
||||
label: null
|
||||
tls:
|
||||
certfiles: null
|
||||
client:
|
||||
certfile: null
|
||||
keyfile: null
|
Binary file not shown.
|
@ -0,0 +1,6 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGkAgEBBDCIN8r9Ce4UVyH5grrWB+Vi5vdSJcU6/KQm+EEEV1MBsrAzeywcTUgC
|
||||
wDCVFoDm4P+gBwYFK4EEACKhZANiAARt2aAL6hskukohTXl4ULUwk0sx2Sk5yE/1
|
||||
sbTEVZPTCTr0QQUB5JicMd0MXAkfeCZISZJpxytFEYlS2zjIELPi+kDLGSU0QlQl
|
||||
BX1MtYDBazojClhJ0jkVlvU63hha9R0=
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1 @@
|
|||
zU7¹œÌUüºÜd¦L4ºÅPO›½Ãº1ølX
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggsGwkVZtE7AfrOIT
|
||||
ylDXxMAUDxau5fx7CHiNJGAyVUuhRANCAAQ04hgVlZw5Wx8dKpLoxd6+K+YO3xtx
|
||||
RbmF8+FIDdlpjZNs+pxeBWg/mEIAs2sqdHi09+5CtAUiR6hCqIiayrWe
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICLTCCAdOgAwIBAgIUZtbUdoKq2gdiBI4t9xAYtKb0l1swCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMS5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
|
||||
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
|
||||
FwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
|
||||
AxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABDTiGBWVnDlbHx0qkujF3r4r5g7fG3FFuYXz4UgN2WmNk2z6nF4FaD+YQgCz
|
||||
ayp0eLT37kK0BSJHqEKoiJrKtZ6jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBRYLwES7lJq4i67F2AeLU35NxkbUzAKBggq
|
||||
hkjOPQQDAgNIADBFAiEAvfkVNhBjlw8ApIorDAvqMA2DmLckOjX1HS2aN8MleT8C
|
||||
IBIrfl1rq9rz/PuvEmGB15oKXPiTHOWqZ3Mkdlc4Uddd
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggsGwkVZtE7AfrOIT
|
||||
ylDXxMAUDxau5fx7CHiNJGAyVUuhRANCAAQ04hgVlZw5Wx8dKpLoxd6+K+YO3xtx
|
||||
RbmF8+FIDdlpjZNs+pxeBWg/mEIAs2sqdHi09+5CtAUiR6hCqIiayrWe
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://ca.org2.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: Admin@org2.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPVA6lM9Hu7HVgkVMNGdx3LlqjDLWwgrB
|
||||
2meNOi2gU7vJc7P+08aH8VO5Ei0gDdY98EVCrO5EktGid1FLrLFpfVFIYZjicfBP
|
||||
NoGyHdb18NKNtNb9kQ53BZJGpKiH+sUm
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICITCCAcegAwIBAgIUZ7jMmKdx/engWidCBBAel1RL43owCgYIKoZIzj0EAwIw
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
Mi5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU3MDBaGA8yMTY4MDkwNTA4NTcwMFow
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
Mi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH8Dtmztvf9n
|
||||
Jl2z4VhoyD7N2AAokv9GnKP0EdO1piYFbXtpJLL/ABF9HBFNXeGq8RfkOILyO/sc
|
||||
wPNKRLJkPrmjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEB
|
||||
MB0GA1UdDgQWBBT9WLnGJJ/6w/Mj6Ke9opqJ/Iu3ETAKBggqhkjOPQQDAgNIADBF
|
||||
AiEA4DVUfbHvC5wIjsL8Lbpmhq4bdsz9puUkeS7h3NlhANkCIFIdUw5qQezJudts
|
||||
Kzbbqt/QA1h+00JyeT5TqHYgIwfl
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggqc1zbFFuHAzpMBx
|
||||
PW/o2Nd1QaF2T2HhxnCElZs7mMihRANCAATbIGXRjemfzFkvZULl7J28kaj1LpFk
|
||||
vdL/1Bugo1NOND7S3wKz4Ch0XbY5JEVnjHAstd/zgmlVOeO32LILbT7D
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBzCCAq2gAwIBAgIUSOvvLzUR89ElH1ZGMFz9GIrxsFAwCgYIKoZIzj0EAwIw
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
Mi5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAyMDBaMIGF
|
||||
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2Fu
|
||||
IEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTENMAsGA1UECxME
|
||||
dXNlcjEfMB0GA1UEAwwWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49
|
||||
AgEGCCqGSM49AwEHA0IABNsgZdGN6Z/MWS9lQuXsnbyRqPUukWS90v/UG6CjU040
|
||||
PtLfArPgKHRdtjkkRWeMcCy13/OCaVU547fYsgttPsOjggERMIIBDTAOBgNVHQ8B
|
||||
Af8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgmokzoyDPqRjnwgxsrSN
|
||||
rHXjcU8wHwYDVR0jBBgwFoAU/Vi5xiSf+sPzI+invaKaifyLtxEwIQYDVR0RBBow
|
||||
GIEWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTCBiQYIKgMEBQYHCAEEfXsiYXR0cnMi
|
||||
OnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoidHJ1ZSIsImhmLkFmZmlsaWF0
|
||||
aW9uIjoiIiwiaGYuRW5yb2xsbWVudElEIjoiQWRtaW5Ab3JnMi5leGFtcGxlLmNv
|
||||
bSIsImhmLlR5cGUiOiJ1c2VyIn19MAoGCCqGSM49BAMCA0gAMEUCIQDg1Ml8qNlg
|
||||
w4wmPOgLUPFlgRRhRhcitTq7Ufy2KYt6SQIgOKF6UW4XT3a0eMUJeNYBfvXqbb+g
|
||||
tlBmZSkhTB960JM=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://tlsca.org2.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: Admin@org2.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPIU7ckxiUbplOh7KM39TqBaKc+PMPcZc
|
||||
x9RCxqCuwHY4LMBd5gyXm8erOUyKN0EpEKiLc3PHYvssda4zH9tdyAuUZryhW0co
|
||||
GaPuz5FRrtrfy59d1eqneZ2KBLaz7r6L
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICLTCCAdOgAwIBAgIUOya/oTe+7qMcKY3TkoQfUUz9zE8wCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMi5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU2MDBaGA8yMTY4MDkwNTA4
|
||||
NTYwMFowcjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkw
|
||||
FwYDVQQKExBvcmcyLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UE
|
||||
AxMWdGxzY2Eub3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABMEU5dpAp0tg/aUsZbtKJawjYfU5rPXprVXtVnhWCbqTB0YqQSRhqbuLBXyZ
|
||||
0fC69aj5hM/pNaZ/rQbHL1vitfKjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBTHXy/A06QOhfnvBqXicOlXG6eIJjAKBggq
|
||||
hkjOPQQDAgNIADBFAiEAmsZj2wdRwaq3n4oDEp6mWvv8rcAxfuGqZJfjvhSZujMC
|
||||
ID3hvwL0Y0zZEnFQozSX2bkqajwNnHiXyCbnCbwVOnE1
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgibr/EHRtUeZnJFjT
|
||||
4+TaAv+8+Yd40trfoyh3SMC59eGhRANCAATMwHNJnMsvTB/wkG8u1iGl/mhGNMt7
|
||||
f/iDuX0F/QVaMkSlIDLWP1qZItvC2dsaYC0So33uT6Dl3U6A6mh91PTT
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDDTCCArOgAwIBAgIUV8dC0+C17LEvSnznbpXNNbl9b8kwCgYIKoZIzj0EAwIw
|
||||
cjELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQ4wDAYDVQQLEwV0bHNjYTEfMB0GA1UEAxMWdGxz
|
||||
Y2Eub3JnMi5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAy
|
||||
MDBaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
|
||||
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTENMAsG
|
||||
A1UECxMEdXNlcjEfMB0GA1UEAwwWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTBZMBMG
|
||||
ByqGSM49AgEGCCqGSM49AwEHA0IABMzAc0mcyy9MH/CQby7WIaX+aEY0y3t/+IO5
|
||||
fQX9BVoyRKUgMtY/Wpki28LZ2xpgLRKjfe5PoOXdToDqaH3U9NOjggERMIIBDTAO
|
||||
BgNVHQ8BAf8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbUJkMvze/dgB
|
||||
qB2bYunHIe2TaIswHwYDVR0jBBgwFoAUx18vwNOkDoX57wal4nDpVxuniCYwIQYD
|
||||
VR0RBBowGIEWQWRtaW5Ab3JnMi5leGFtcGxlLmNvbTCBiQYIKgMEBQYHCAEEfXsi
|
||||
YXR0cnMiOnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoidHJ1ZSIsImhmLkFm
|
||||
ZmlsaWF0aW9uIjoiIiwiaGYuRW5yb2xsbWVudElEIjoiQWRtaW5Ab3JnMi5leGFt
|
||||
cGxlLmNvbSIsImhmLlR5cGUiOiJ1c2VyIn19MAoGCCqGSM49BAMCA0gAMEUCIQDz
|
||||
kLhFKXaRBAiCo1ehUBS3xtpS/d1BGhmerQ2tbG71hgIgJivLVLsE89/7XfuXxic3
|
||||
bNJiNW4NnqZUNCR6n8fHgiw=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://ca.org2.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: User1@org2.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPVA6lM9Hu7HVgkVMNGdx3LlqjDLWwgrB
|
||||
2meNOi2gU7vJc7P+08aH8VO5Ei0gDdY98EVCrO5EktGid1FLrLFpfVFIYZjicfBP
|
||||
NoGyHdb18NKNtNb9kQ53BZJGpKiH+sUm
|
||||
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICITCCAcegAwIBAgIUZ7jMmKdx/engWidCBBAel1RL43owCgYIKoZIzj0EAwIw
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
Mi5leGFtcGxlLmNvbTAgFw0xODEwMTIwODU3MDBaGA8yMTY4MDkwNTA4NTcwMFow
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
Mi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH8Dtmztvf9n
|
||||
Jl2z4VhoyD7N2AAokv9GnKP0EdO1piYFbXtpJLL/ABF9HBFNXeGq8RfkOILyO/sc
|
||||
wPNKRLJkPrmjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEB
|
||||
MB0GA1UdDgQWBBT9WLnGJJ/6w/Mj6Ke9opqJ/Iu3ETAKBggqhkjOPQQDAgNIADBF
|
||||
AiEA4DVUfbHvC5wIjsL8Lbpmhq4bdsz9puUkeS7h3NlhANkCIFIdUw5qQezJudts
|
||||
Kzbbqt/QA1h+00JyeT5TqHYgIwfl
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqnm0pBGWkoFnN+uy
|
||||
qF7zUkayuu4UD3O+Zz4QoAQh6sahRANCAAQruxJMsAqp0N9niEbYOnJRaPz6nHFw
|
||||
5jX4uG2WRA3BvnvpvzzARHEDdYXNdkQ1foDkR4DNXYK3MWdnJcceDk/B
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBzCCAq6gAwIBAgIUOrSF3KOx/0RDTXWnyzsSZkCQNAQwCgYIKoZIzj0EAwIw
|
||||
bDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRkwFwYDVQQK
|
||||
ExBvcmcyLmV4YW1wbGUuY29tMQswCQYDVQQLEwJjYTEcMBoGA1UEAxMTY2Eub3Jn
|
||||
Mi5leGFtcGxlLmNvbTAeFw0xODEwMTIwODU3MDBaFw0yODEwMDkwOTAyMDBaMIGF
|
||||
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2Fu
|
||||
IEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTENMAsGA1UECxME
|
||||
dXNlcjEfMB0GA1UEAwwWVXNlcjFAb3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49
|
||||
AgEGCCqGSM49AwEHA0IABCu7EkywCqnQ32eIRtg6clFo/PqccXDmNfi4bZZEDcG+
|
||||
e+m/PMBEcQN1hc12RDV+gORHgM1dgrcxZ2clxx4OT8GjggESMIIBDjAOBgNVHQ8B
|
||||
Af8EBAMCAYYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJaJVR9h35V4NZBolzpIB
|
||||
IXNxuWQwHwYDVR0jBBgwFoAU/Vi5xiSf+sPzI+invaKaifyLtxEwIQYDVR0RBBow
|
||||
GIEWVXNlcjFAb3JnMi5leGFtcGxlLmNvbTCBigYIKgMEBQYHCAEEfnsiYXR0cnMi
|
||||
OnsiYWJhYy5pbml0IjoidHJ1ZSIsImFkbWluIjoiZmFsc2UiLCJoZi5BZmZpbGlh
|
||||
dGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6IlVzZXIxQG9yZzIuZXhhbXBsZS5j
|
||||
b20iLCJoZi5UeXBlIjoidXNlciJ9fTAKBggqhkjOPQQDAgNHADBEAiB7RFHSsAcG
|
||||
B/TozCo1T3/dZwXIuMrE+DW6d2tRI/wSVwIgN0W5IbMTpdj6BVFHXIfgPrDvEM7o
|
||||
NA4KFpWG4k9ijBU=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,162 @@
|
|||
|
||||
#############################################################################
|
||||
# This is a configuration file for the fabric-ca-client command.
|
||||
#
|
||||
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
|
||||
# ------------------------------------------------
|
||||
# Each configuration element can be overridden via command line
|
||||
# arguments or environment variables. The precedence for determining
|
||||
# the value of each element is as follows:
|
||||
# 1) command line argument
|
||||
# Examples:
|
||||
# a) --url https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) --tls.client.certfile certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 2) environment variable
|
||||
# Examples:
|
||||
# a) FABRIC_CA_CLIENT_URL=https://localhost:7054
|
||||
# To set the fabric-ca server url
|
||||
# b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
|
||||
# To set the client certificate for TLS
|
||||
# 3) configuration file
|
||||
# 4) default value (if there is one)
|
||||
# All default values are shown beside each element below.
|
||||
#
|
||||
# FILE NAME ELEMENTS
|
||||
# ------------------
|
||||
# The value of all fields whose name ends with "file" or "files" are
|
||||
# name or names of other files.
|
||||
# For example, see "tls.certfiles" and "tls.client.certfile".
|
||||
# The value of each of these fields can be a simple filename, a
|
||||
# relative path, or an absolute path. If the value is not an
|
||||
# absolute path, it is interpretted as being relative to the location
|
||||
# of this configuration file.
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# Client Configuration
|
||||
#############################################################################
|
||||
|
||||
# URL of the Fabric-ca-server (default: http://localhost:7054)
|
||||
url: http://tlsca.org2.example.com:7054
|
||||
|
||||
# Membership Service Provider (MSP) directory
|
||||
# This is useful when the client is used to enroll a peer or orderer, so
|
||||
# that the enrollment artifacts are stored in the format expected by MSP.
|
||||
mspdir: msp
|
||||
|
||||
#############################################################################
|
||||
# TLS section for secure socket connection
|
||||
#
|
||||
# certfiles - PEM-encoded list of trusted root certificate files
|
||||
# client:
|
||||
# certfile - PEM-encoded certificate file for when client authentication
|
||||
# is enabled on server
|
||||
# keyfile - PEM-encoded key file for when client authentication
|
||||
# is enabled on server
|
||||
#############################################################################
|
||||
tls:
|
||||
# TLS section for secure socket connection
|
||||
certfiles:
|
||||
client:
|
||||
certfile:
|
||||
keyfile:
|
||||
|
||||
#############################################################################
|
||||
# Certificate Signing Request section for generating the CSR for an
|
||||
# enrollment certificate (ECert)
|
||||
#
|
||||
# cn - Used by CAs to determine which domain the certificate is to be generated for
|
||||
#
|
||||
# serialnumber - The serialnumber field, if specified, becomes part of the issued
|
||||
# certificate's DN (Distinguished Name). For example, one use case for this is
|
||||
# a company with its own CA (Certificate Authority) which issues certificates
|
||||
# to its employees and wants to include the employee's serial number in the DN
|
||||
# of its issued certificates.
|
||||
# WARNING: The serialnumber field should not be confused with the certificate's
|
||||
# serial number which is set by the CA but is not a component of the
|
||||
# certificate's DN.
|
||||
#
|
||||
# names - A list of name objects. Each name object should contain at least one
|
||||
# "C", "L", "O", or "ST" value (or any combination of these) where these
|
||||
# are abbreviations for the following:
|
||||
# "C": country
|
||||
# "L": locality or municipality (such as city or town name)
|
||||
# "O": organization
|
||||
# "OU": organizational unit, such as the department responsible for owning the key;
|
||||
# it can also be used for a "Doing Business As" (DBS) name
|
||||
# "ST": the state or province
|
||||
#
|
||||
# Note that the "OU" or organizational units of an ECert are always set according
|
||||
# to the values of the identities type and affiliation. OUs are calculated for an enroll
|
||||
# as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
|
||||
# of type "client" with an affiliation of "org1.dept2.team3" would have the following
|
||||
# organizational units: OU=client, OU=org1, OU=dept2, OU=team3
|
||||
#
|
||||
# hosts - A list of host names for which the certificate should be valid
|
||||
#
|
||||
#############################################################################
|
||||
csr:
|
||||
cn: User1@org2.example.com
|
||||
keyrequest:
|
||||
algo: ecdsa
|
||||
size: 256
|
||||
serialnumber:
|
||||
names:
|
||||
- C: US
|
||||
ST: North Carolina
|
||||
L:
|
||||
O: Hyperledger
|
||||
OU: Fabric
|
||||
hosts:
|
||||
- ca-client
|
||||
|
||||
#############################################################################
|
||||
# Registration section used to register a new identity with fabric-ca server
|
||||
#
|
||||
# name - Unique name of the identity
|
||||
# type - Type of identity being registered (e.g. 'peer, app, user')
|
||||
# affiliation - The identity's affiliation
|
||||
# maxenrollments - The maximum number of times the secret can be reused to enroll.
|
||||
# Specially, -1 means unlimited; 0 means to use CA's max enrollment
|
||||
# value.
|
||||
# attributes - List of name/value pairs of attribute for identity
|
||||
#############################################################################
|
||||
id:
|
||||
name:
|
||||
type:
|
||||
affiliation:
|
||||
maxenrollments: 0
|
||||
attributes:
|
||||
# - name:
|
||||
# value:
|
||||
|
||||
#############################################################################
|
||||
# Enrollment section used to enroll an identity with fabric-ca server
|
||||
#
|
||||
# profile - Name of the signing profile to use in issuing the certificate
|
||||
# label - Label to use in HSM operations
|
||||
#############################################################################
|
||||
enrollment:
|
||||
profile:
|
||||
label:
|
||||
|
||||
#############################################################################
|
||||
# Name of the CA to connect to within the fabric-ca server
|
||||
#############################################################################
|
||||
caname:
|
||||
|
||||
#############################################################################
|
||||
# BCCSP (BlockChain Crypto Service Provider) section allows to select which
|
||||
# crypto implementation library to use
|
||||
#############################################################################
|
||||
bccsp:
|
||||
default: SW
|
||||
sw:
|
||||
hash: SHA2
|
||||
security: 256
|
||||
filekeystore:
|
||||
# The directory used for the software file-based keystore
|
||||
keystore: msp/keystore
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue