FAB-17243 Add support for Fabric CA for Org3 on the (#91)

test network. Signed-off-by: NIKHIL E GUPTA <negupta@us.ibm.com>
2026-06-22 09:35:10 +00:00 · 2020-01-16 16:32:12 -05:00 · 2020-01-16 16:32:12 -05:00 · b3b526728f
commit b3b526728f
parent ce41ff7733
17 changed files with 943 additions and 234 deletions
--- a/test-network/README.md
+++ b/test-network/README.md
@ -1,50 +1,5 @@
 ## Running the test network
-Use the `./network.sh` script to stand up a simple Fabric test network. The
+You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy the fabcar chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample.
 network has two peer peer organizations with one peer each and a single node
 raft ordering service. You can also use the script to create channels, and deploy
 the fabcar chaincode on those channels. The test network is being introduced in
 Fabric v2.0 as the long term replacement for the `first-network` sample.
-Before you can deploy the test network, you need follow the instructions to
+Before you can deploy the test network, you need to follow the instructions to [Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation.
 [Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation. You may experience problems if you run the
 sample using a local build.
 For more information, see `./network.sh -help`
 ```
 Usage:
  network.sh <Mode> [Flags]
    <Mode>
      - 'up' - bring up fabric orderer and peer nodes. No channel is created
      - 'up createChannel' - bring up fabric network with one channel
      - 'createChannel' - create and join a channel after the network is created
      - 'deployCC' - deploy the fabcar chaincode on the channel
      - 'down' - clear the network with docker-compose down
      - 'restart' - restart the network
    Flags:
    -ca <use CAs> -  create Certificate Authorities to generate the crypto material
    -c <channel name> - channel name to use (defaults to "mychannel")
    -s <dbtype> - the database backend to use: goleveldb (default) or couchdb
    -r <max retry> - CLI times out after certain number of attempts (defaults to 5)
    -d <delay> - delay duration in seconds (defaults to 3)
    -l <language> - the programming language of the chaincode to deploy: go (default), javascript, or java
    -v <version>  - chaincode version. Must be a round number, 1, 2, 3, etc
    -i <imagetag> - the tag to be used to launch the network (defaults to "latest")
    -verbose - verbose mode
  network.sh -h (print this message)
 Possible Mode and flags
  network.sh up -ca -c -r -d -s -i -verbose
  network.sh up createChannel -ca -c -r -d -s -i -verbose
  network.sh createChannel -c -r -d -verbose
  network.sh deployCC -l -v -r -d -verbose
 Taking all defaults:
 	network.sh up
 Examples:
  network.sh up createChannel -ca -c mychannel -s couchdb -i 1.4.0
  network.sh createChannel -c channelName
  network.sh deployCC -l node
 ```
--- a/test-network/addOrg3/README.md
+++ b/test-network/addOrg3/README.md
@ -0,0 +1,28 @@
 ## Adding Org3 to the test network
 You can use the `addOrg3.sh` script to add another organization to the Fabric test network. The `addOrg3.sh` script generates the Org3 crypto material, creates an Org3 organization definition, and adds Org3 to a channel on the test network.
 You first need to run `./network.sh up createChannel` in the `test-network` directory before you can run the `addOrg3.sh` script.
 ```
 ./network.sh up createChannel
 cd addOrg3
 ./addOrg3.sh up
 ```
 If you used `network.sh` to create a channel other than the default `mychannel`, you need pass that name to the `addorg3.sh` script.
 ```
 ./network.sh up createChannel -c channel1
 cd addOrg3
 ./addOrg3.sh up -c channel1
 ```
 You can also re-run the `addOrg3.sh` script to add Org3 to additional channels.
 ```
 cd ..
 ./network.sh createChannel -c channel2
 cd addOrg3
 ./addOrg3.sh up -c channel2
 ```
 For more information, use `./addOrg3.sh -h` to see the `addOrg3.sh` help text.
--- a/test-network/addOrg3/addOrg3.sh
+++ b/test-network/addOrg3/addOrg3.sh
@ -21,24 +21,24 @@ function printHelp () {
  echo "  addOrg3.sh up|down|generate [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>]"
  echo "  addOrg3.sh -h|--help (print this message)"
  echo "    <mode> - one of 'up', 'down', or 'generate'"
-  echo "      - 'up' - add org3 to the sample network. You need to create a channel first."
+  echo "      - 'up' - add org3 to the sample network. You need to bring up the test network and create a channel first."
-  echo "      - 'down' - clear the network with docker-compose down"
+  echo "      - 'down' - bring down the test network and org3 nodes"
  echo "      - 'generate' - generate required certificates and org definition"
-  echo "    -c <channel name> - channel name to use (defaults to \"mychannel\")"
+  echo "    -c <channel name> - test network channel name (defaults to \"mychannel\")"
  echo "    -ca <use CA> -  Use a CA to generate the crypto material"
  echo "    -t <timeout> - CLI timeout duration in seconds (defaults to 10)"
  echo "    -d <delay> - delay duration in seconds (defaults to 3)"
  echo "    -f <docker-compose-file> - specify which docker-compose file use (defaults to docker-compose-cli.yaml)"
  echo "    -s <dbtype> - the database backend to use: goleveldb (default) or couchdb"
  echo "    -i <imagetag> - the tag to be used to launch the network (defaults to \"latest\")"
-  echo "    -v - verbose mode"
+  echo "    -verbose - verbose mode"
  echo
  echo "Typically, one would first generate the required certificates and "
  echo "genesis block, then bring up the network. e.g.:"
  echo
  echo "	addOrg3.sh generate"
  echo "	addOrg3.sh up"
  echo "	addOrg3.sh up -c mychannel -s couchdb"
-  echo "	addOrg3.sh up -l node"
+  echo "	addOrg3.sh down"
  echo "	addOrg3.sh down -c mychannel"
  echo
  echo "Taking all defaults:"
  echo "	addOrg3.sh up"
@ -49,27 +49,76 @@ function printHelp () {
 # (x509 certs) for the new org.  After we run the tool, the certs will
 # be put in the organizations folder with org1 and org2
-# Generates Org3 certs using cryptogen tool
+# Create Organziation crypto material using cryptogen or CAs
-function generateOrg3 (){
+function generateOrg3() {
-  which cryptogen
+
-  if [ "$?" -ne 0 ]; then
+  # Create crypto material using cryptogen
-    echo "cryptogen tool not found. exiting"
+  if [ "$CRYPTO" == "cryptogen" ]; then
-    exit 1
+    which cryptogen
-  fi
+    if [ "$?" -ne 0 ]; then
-  echo
+      echo "cryptogen tool not found. exiting"
-  echo "###############################################################"
+      exit 1
-  echo "##### Generate Org3 certificates using cryptogen tool #########"
+    fi
-  echo "###############################################################"
+    echo
    echo "##########################################################"
    echo "##### Generate certificates using cryptogen tool #########"
    echo "##########################################################"
    echo
    echo "##########################################################"
    echo "############ Create Org1 Identities ######################"
    echo "##########################################################"
    set -x
    cryptogen generate --config=org3-crypto.yaml --output="../organizations"
    res=$?
    set +x
    if [ $res -ne 0 ]; then
      echo "Failed to generate certificates..."
      exit 1
    fi
  fi
  # Create crypto material using Fabric CAs
  if [ "$CRYPTO" == "Certificate Authorities" ]; then
    fabric-ca-client version > /dev/null 2>&1
    if [ $? -ne 0 ]; then
      echo "Fabric CA client not found locally, downloading..."
      cd ../..
      curl -s -L "https://github.com/hyperledger/fabric-ca/releases/download/v1.4.4/hyperledger-fabric-ca-${OS_ARCH}-1.4.4.tar.gz" | tar xz || rc=$?
    if [ -n "$rc" ]; then
        echo "==> There was an error downloading the binary file."
        echo "fabric-ca-client binary is not available to download"
    else
        echo "==> Done."
      cd test-network/addOrg3/
    fi
    fi
    echo
    echo "##########################################################"
    echo "##### Generate certificates using Fabric CA's ############"
    echo "##########################################################"
    IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_CA_ORG3 up -d 2>&1
    . fabric-ca/registerEnroll.sh
    sleep 10
    echo "##########################################################"
    echo "############ Create Org1 Identities ######################"
    echo "##########################################################"
    createOrg3
  fi
   set -x
   cryptogen generate --config=org3-crypto.yaml --output="../organizations"
   res=$?
   set +x
   if [ $res -ne 0 ]; then
     echo "Failed to generate certificates..."
     exit 1
   fi
  echo
  echo "Generate CCP files for Org3"
  ./ccp-generate.sh
 }
 # Generate channel configuration transaction
@ -80,7 +129,7 @@ function generateOrg3Definition() {
    exit 1
  fi
  echo "##########################################################"
-  echo "#########  Generating Org3 config material ###############"
+  echo "#######  Generating Org3 organization definition #########"
  echo "##########################################################"
   export FABRIC_CFG_PATH=$PWD
   set -x
@ -94,24 +143,40 @@ function generateOrg3Definition() {
  echo
 }
-
+function Org3Up () {
  # start org3 nodes
  if [ "${DATABASE}" == "couchdb" ]; then
    IMAGE_TAG=${IMAGETAG} docker-compose -f $COMPOSE_FILE_ORG3 -f $COMPOSE_FILE_COUCH_ORG3 up -d 2>&1
  else
    IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_ORG3 up -d 2>&1
  fi
  if [ $? -ne 0 ]; then
    echo "ERROR !!!! Unable to start Org3 network"
    exit 1
  fi
 }
 # Generate the needed certificates, the genesis block and start the network.
-function networkUp () {
+function addOrg3 () {
  # If the test network is not up, abort
  if [ ! -d ../organizations/ordererOrganizations ]; then
    echo
    echo "ERROR: Please, run ./network.sh up createChannel first."
    echo
    exit 1
  fi
  # generate artifacts if they don't exist
  if [ ! -d "../organizations/peerOrganizations/org3.example.com" ]; then
    generateOrg3
    generateOrg3Definition
  fi
-  # start org3 peers
+
-  if [ "${DATABASE}" == "couchdb" ]; then
+  CONTAINER_IDS=$(docker ps -a | awk '($2 ~ /fabric-tools/) {print $1}')
-      IMAGE_TAG=${IMAGETAG} docker-compose -f $COMPOSE_FILE_ORG3 -f $COMPOSE_FILE_COUCH_ORG3 up -d 2>&1
+  if [ -z "$CONTAINER_IDS" -o "$CONTAINER_IDS" == " " ]; then
-  else
+    echo "Bringing up network"
-      IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_ORG3 up -d 2>&1
+    Org3Up
  fi
  if [ $? -ne 0 ]; then
    echo "ERROR !!!! Unable to start Org3 network"
    exit 1
  fi
  # Use the CLI container to create the configuration transaction needed to add
@ -143,23 +208,18 @@ function networkDown () {
    cd ..
    ./network.sh down
 }
 # If the test network is not up, abort
 if [ ! -d ../organizations/peerOrganizations ]; then
  echo
  echo "ERROR: Please, run network.sh first."
  echo
  exit 1
 fi
 # Obtain the OS and Architecture string that will be used to select the correct
 # native binaries for your platform
 OS_ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')" | awk '{print tolower($0)}')
 # timeout duration - the duration the CLI should wait for a response from
 # another container before giving up
 # Using crpto vs CA. default is cryptogen
 CRYPTO="cryptogen"
 CLI_TIMEOUT=10
 #default for delay
 CLI_DELAY=3
@ -169,6 +229,8 @@ CHANNEL_NAME="mychannel"
 COMPOSE_FILE_COUCH_ORG3=docker/docker-compose-couch-org3.yaml
 # use this as the default docker-compose yaml definition
 COMPOSE_FILE_ORG3=docker/docker-compose-org3.yaml
 # certificate authorities compose file
 COMPOSE_FILE_CA_ORG3=docker/docker-compose-ca-org3.yaml
 # default image tag
 IMAGETAG="latest"
 # database
@ -176,32 +238,63 @@ DATABASE="leveldb"
 # Parse commandline args
-MODE=$1;
+## Parse mode
-shift
+if [[ $# -lt 1 ]] ; then
  printHelp
  exit 0
 else
  MODE=$1
  shift
 fi
-while getopts "h?c:t:d:f:s:l:i:v" opt; do
+# parse flags
-  case "$opt" in
+
-    h|\?)
+while [[ $# -ge 1 ]] ; do
-      printHelp
+  key="$1"
-      exit 0
+  case $key in
  -h )
    printHelp
    exit 0
    ;;
-    c)  CHANNEL_NAME=$OPTARG
+  -c )
    CHANNEL_NAME="$2"
    shift
    ;;
-    t)  CLI_TIMEOUT=$OPTARG
+  -ca )
    CRYPTO="Certificate Authorities"
    ;;
-    d)  CLI_DELAY=$OPTARG
+  -t )
    CLI_TIMEOUT="$2"
    shift
    ;;
-    f)  COMPOSE_FILE=$OPTARG
+  -d )
    CLI_DELAY="$2"
    shift
    ;;
-    s)  DATABASE=$OPTARG
+  -s )
    DATABASE="$2"
    shift
    ;;
-    i)  IMAGETAG=$OPTARG
+  -i )
    IMAGETAG=$(go env GOARCH)"-""$2"
    shift
    ;;
-    v)  VERBOSE=true
+  -verbose )
    VERBOSE=true
    shift
    ;;
  * )
    echo
    echo "Unknown flag: $key"
    echo
    printHelp
    exit 1
    ;;
  esac
  shift
 done
 # Determine whether starting, stopping, restarting or generating for announce
 if [ "$MODE" == "up" ]; then
  echo "Add Org3 to channel '${CHANNEL_NAME}' with '${CLI_TIMEOUT}' seconds and CLI delay of '${CLI_DELAY}' seconds and using database '${DATABASE}'"
@ -217,7 +310,7 @@ fi
 #Create the network using docker compose
 if [ "${MODE}" == "up" ]; then
-  networkUp
+  addOrg3
 elif [ "${MODE}" == "down" ]; then ## Clear the network
  networkDown
 elif [ "${MODE}" == "generate" ]; then ## Generate Artifacts
--- a/test-network/addOrg3/ccp-generate.sh
+++ b/test-network/addOrg3/ccp-generate.sh
@ -0,0 +1,36 @@
 #!/bin/bash
 function one_line_pem {
    echo "`awk 'NF {sub(/\\n/, ""); printf "%s\\\\\\\n",$0;}' $1`"
 }
 function json_ccp {
    local PP=$(one_line_pem $4)
    local CP=$(one_line_pem $5)
    sed -e "s/\${ORG}/$1/" \
        -e "s/\${P0PORT}/$2/" \
        -e "s/\${CAPORT}/$3/" \
        -e "s#\${PEERPEM}#$PP#" \
        -e "s#\${CAPEM}#$CP#" \
        ccp-template.json
 }
 function yaml_ccp {
    local PP=$(one_line_pem $4)
    local CP=$(one_line_pem $5)
    sed -e "s/\${ORG}/$1/" \
        -e "s/\${P0PORT}/$2/" \
        -e "s/\${CAPORT}/$3/" \
        -e "s#\${PEERPEM}#$PP#" \
        -e "s#\${CAPEM}#$CP#" \
        ccp-template.yaml | sed -e $'s/\\\\n/\\\n        /g'
 }
 ORG=3
 P0PORT=11051
 CAPORT=11054
 PEERPEM=../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
 CAPEM=../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem
 echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.json
 echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.yaml
--- a/test-network/addOrg3/ccp-template.json
+++ b/test-network/addOrg3/ccp-template.json
@ -0,0 +1,49 @@
 {
    "name": "first-network-org${ORG}",
    "version": "1.0.0",
    "client": {
        "organization": "Org${ORG}",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300"
                }
            }
        }
    },
    "organizations": {
        "Org${ORG}": {
            "mspid": "Org${ORG}MSP",
            "peers": [
                "peer0.org${ORG}.example.com"
            ],
            "certificateAuthorities": [
                "ca.org${ORG}.example.com"
            ]
        }
    },
    "peers": {
        "peer0.org${ORG}.example.com": {
            "url": "grpcs://localhost:${P0PORT}",
            "tlsCACerts": {
                "pem": "${PEERPEM}"
            },
            "grpcOptions": {
                "ssl-target-name-override": "peer0.org${ORG}.example.com",
                "hostnameOverride": "peer0.org${ORG}.example.com"
            }
        }
    },
    "certificateAuthorities": {
        "ca.org${ORG}.example.com": {
            "url": "https://localhost:${CAPORT}",
            "caName": "ca-org${ORG}",
            "tlsCACerts": {
                "pem": "${CAPEM}"
            },
            "httpOptions": {
                "verify": false
            }
        }
    }
 }
--- a/test-network/addOrg3/ccp-template.yaml
+++ b/test-network/addOrg3/ccp-template.yaml
@ -0,0 +1,34 @@
 ---
 name: first-network-org${ORG}
 version: 1.0.0
 client:
  organization: Org${ORG}
  connection:
    timeout:
      peer:
        endorser: '300'
 organizations:
  Org${ORG}:
    mspid: Org${ORG}MSP
    peers:
    - peer0.org${ORG}.example.com
    certificateAuthorities:
    - ca.org${ORG}.example.com
 peers:
  peer0.org${ORG}.example.com:
    url: grpcs://localhost:${P0PORT}
    tlsCACerts:
      pem: |
        ${PEERPEM}
    grpcOptions:
      ssl-target-name-override: peer0.org${ORG}.example.com
      hostnameOverride: peer0.org${ORG}.example.com
 certificateAuthorities:
  ca.org${ORG}.example.com:
    url: https://localhost:${CAPORT}
    caName: ca-org${ORG}
    tlsCACerts:
      pem: |
        ${CAPEM}
    httpOptions:
      verify: false
--- a/test-network/addOrg3/docker/docker-compose-ca-org3.yaml
+++ b/test-network/addOrg3/docker/docker-compose-ca-org3.yaml
@ -0,0 +1,22 @@
 # Copyright IBM Corp. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 version: '2'
 services:
  ca_org3:
    image: hyperledger/fabric-ca:$IMAGE_TAG
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org3
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=11054
    ports:
      - "11054:11054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server
    container_name: ca_org3
--- a/test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml
+++ b/test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml
@ -0,0 +1,406 @@
 #############################################################################
 #   This is a configuration file for the fabric-ca-server command.
 #
 #   COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
 #   ------------------------------------------------
 #   Each configuration element can be overridden via command line
 #   arguments or environment variables.  The precedence for determining
 #   the value of each element is as follows:
 #   1) command line argument
 #      Examples:
 #      a) --port 443
 #         To set the listening port
 #      b) --ca.keyfile ../mykey.pem
 #         To set the "keyfile" element in the "ca" section below;
 #         note the '.' separator character.
 #   2) environment variable
 #      Examples:
 #      a) FABRIC_CA_SERVER_PORT=443
 #         To set the listening port
 #      b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem"
 #         To set the "keyfile" element in the "ca" section below;
 #         note the '_' separator character.
 #   3) configuration file
 #   4) default value (if there is one)
 #      All default values are shown beside each element below.
 #
 #   FILE NAME ELEMENTS
 #   ------------------
 #   The value of all fields whose name ends with "file" or "files" are
 #   name or names of other files.
 #   For example, see "tls.certfile" and "tls.clientauth.certfiles".
 #   The value of each of these fields can be a simple filename, a
 #   relative path, or an absolute path.  If the value is not an
 #   absolute path, it is interpretted as being relative to the location
 #   of this configuration file.
 #
 #############################################################################
 # Version of config file
 version: 1.2.0
 # Server's listening port (default: 7054)
 port: 11054
 # Enables debug logging (default: false)
 debug: false
 # Size limit of an acceptable CRL in bytes (default: 512000)
 crlsizelimit: 512000
 #############################################################################
 #  TLS section for the server's listening port
 #
 #  The following types are supported for client authentication: NoClientCert,
 #  RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven,
 #  and RequireAndVerifyClientCert.
 #
 #  Certfiles is a list of root certificate authorities that the server uses
 #  when verifying client certificates.
 #############################################################################
 tls:
  # Enable TLS (default: false)
  enabled: true
  # TLS for the server's listening port
  certfile:
  keyfile:
  clientauth:
    type: noclientcert
    certfiles:
 #############################################################################
 #  The CA section contains information related to the Certificate Authority
 #  including the name of the CA, which should be unique for all members
 #  of a blockchain network.  It also includes the key and certificate files
 #  used when issuing enrollment certificates (ECerts) and transaction
 #  certificates (TCerts).
 #  The chainfile (if it exists) contains the certificate chain which
 #  should be trusted for this CA, where the 1st in the chain is always the
 #  root CA certificate.
 #############################################################################
 ca:
  # Name of this CA
  name: Org3CA
  # Key file (is only used to import a private key into BCCSP)
  keyfile:
  # Certificate file (default: ca-cert.pem)
  certfile:
  # Chain file
  chainfile:
 #############################################################################
 #  The gencrl REST endpoint is used to generate a CRL that contains revoked
 #  certificates. This section contains configuration options that are used
 #  during gencrl request processing.
 #############################################################################
 crl:
  # Specifies expiration for the generated CRL. The number of hours
  # specified by this property is added to the UTC time, the resulting time
  # is used to set the 'Next Update' date of the CRL.
  expiry: 24h
 #############################################################################
 #  The registry section controls how the fabric-ca-server does two things:
 #  1) authenticates enrollment requests which contain a username and password
 #     (also known as an enrollment ID and secret).
 #  2) once authenticated, retrieves the identity's attribute names and
 #     values which the fabric-ca-server optionally puts into TCerts
 #     which it issues for transacting on the Hyperledger Fabric blockchain.
 #     These attributes are useful for making access control decisions in
 #     chaincode.
 #  There are two main configuration options:
 #  1) The fabric-ca-server is the registry.
 #     This is true if "ldap.enabled" in the ldap section below is false.
 #  2) An LDAP server is the registry, in which case the fabric-ca-server
 #     calls the LDAP server to perform these tasks.
 #     This is true if "ldap.enabled" in the ldap section below is true,
 #     which means this "registry" section is ignored.
 #############################################################################
 registry:
  # Maximum number of times a password/secret can be reused for enrollment
  # (default: -1, which means there is no limit)
  maxenrollments: -1
  # Contains identity information which is used when LDAP is disabled
  identities:
     - name: admin
       pass: adminpw
       type: client
       affiliation: ""
       attrs:
          hf.Registrar.Roles: "*"
          hf.Registrar.DelegateRoles: "*"
          hf.Revoker: true
          hf.IntermediateCA: true
          hf.GenCRL: true
          hf.Registrar.Attributes: "*"
          hf.AffiliationMgr: true
 #############################################################################
 #  Database section
 #  Supported types are: "sqlite3", "postgres", and "mysql".
 #  The datasource value depends on the type.
 #  If the type is "sqlite3", the datasource value is a file name to use
 #  as the database store.  Since "sqlite3" is an embedded database, it
 #  may not be used if you want to run the fabric-ca-server in a cluster.
 #  To run the fabric-ca-server in a cluster, you must choose "postgres"
 #  or "mysql".
 #############################################################################
 db:
  type: sqlite3
  datasource: fabric-ca-server.db
  tls:
      enabled: false
      certfiles:
      client:
        certfile:
        keyfile:
 #############################################################################
 #  LDAP section
 #  If LDAP is enabled, the fabric-ca-server calls LDAP to:
 #  1) authenticate enrollment ID and secret (i.e. username and password)
 #     for enrollment requests;
 #  2) To retrieve identity attributes
 #############################################################################
 ldap:
   # Enables or disables the LDAP client (default: false)
   # If this is set to true, the "registry" section is ignored.
   enabled: false
   # The URL of the LDAP server
   url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
   # TLS configuration for the client connection to the LDAP server
   tls:
      certfiles:
      client:
         certfile:
         keyfile:
   # Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
   attribute:
      # 'names' is an array of strings containing the LDAP attribute names which are
      # requested from the LDAP server for an LDAP identity's entry
      names: ['uid','member']
      # The 'converters' section is used to convert an LDAP entry to the value of
      # a fabric CA attribute.
      # For example, the following converts an LDAP 'uid' attribute
      # whose value begins with 'revoker' to a fabric CA attribute
      # named "hf.Revoker" with a value of "true" (because the boolean expression
      # evaluates to true).
      #    converters:
      #       - name: hf.Revoker
      #         value: attr("uid") =~ "revoker*"
      converters:
         - name:
           value:
      # The 'maps' section contains named maps which may be referenced by the 'map'
      # function in the 'converters' section to map LDAP responses to arbitrary values.
      # For example, assume a user has an LDAP attribute named 'member' which has multiple
      # values which are each a distinguished name (i.e. a DN). For simplicity, assume the
      # values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'.
      # Further assume the following configuration.
      #    converters:
      #       - name: hf.Registrar.Roles
      #         value: map(attr("member"),"groups")
      #    maps:
      #       groups:
      #          - name: dn1
      #            value: peer
      #          - name: dn2
      #            value: client
      # The value of the user's 'hf.Registrar.Roles' attribute is then computed to be
      # "peer,client,dn3".  This is because the value of 'attr("member")' is
      # "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
      # "group" replaces "dn1" with "peer" and "dn2" with "client".
      maps:
         groups:
            - name:
              value:
 #############################################################################
 # Affiliations section. Fabric CA server can be bootstrapped with the
 # affiliations specified in this section. Affiliations are specified as maps.
 # For example:
 #   businessunit1:
 #     department1:
 #       - team1
 #   businessunit2:
 #     - department2
 #     - department3
 #
 # Affiliations are hierarchical in nature. In the above example,
 # department1 (used as businessunit1.department1) is the child of businessunit1.
 # team1 (used as businessunit1.department1.team1) is the child of department1.
 # department2 (used as businessunit2.department2) and department3 (businessunit2.department3)
 # are children of businessunit2.
 # Note: Affiliations are case sensitive except for the non-leaf affiliations
 # (like businessunit1, department1, businessunit2) that are specified in the configuration file,
 # which are always stored in lower case.
 #############################################################################
 affiliations:
   org1:
      - department1
      - department2
   org2:
      - department1
 #############################################################################
 #  Signing section
 #
 #  The "default" subsection is used to sign enrollment certificates;
 #  the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
 #
 #  The "ca" profile subsection is used to sign intermediate CA certificates;
 #  the default expiration ("expiry" field) is "43800h" which is 5 years in hours.
 #  Note that "isca" is true, meaning that it issues a CA certificate.
 #  A maxpathlen of 0 means that the intermediate CA cannot issue other
 #  intermediate CA certificates, though it can still issue end entity certificates.
 #  (See RFC 5280, section 4.2.1.9)
 #
 #  The "tls" profile subsection is used to sign TLS certificate requests;
 #  the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
 #############################################################################
 signing:
    default:
      usage:
        - digital signature
      expiry: 8760h
    profiles:
      ca:
         usage:
           - cert sign
           - crl sign
         expiry: 43800h
         caconstraint:
           isca: true
           maxpathlen: 0
      tls:
         usage:
            - signing
            - key encipherment
            - server auth
            - client auth
            - key agreement
         expiry: 8760h
 ###########################################################################
 #  Certificate Signing Request (CSR) section.
 #  This controls the creation of the root CA certificate.
 #  The expiration for the root CA certificate is configured with the
 #  "ca.expiry" field below, whose default value is "131400h" which is
 #  15 years in hours.
 #  The pathlength field is used to limit CA certificate hierarchy as described
 #  in section 4.2.1.9 of RFC 5280.
 #  Examples:
 #  1) No pathlength value means no limit is requested.
 #  2) pathlength == 1 means a limit of 1 is requested which is the default for
 #     a root CA.  This means the root CA can issue intermediate CA certificates,
 #     but these intermediate CAs may not in turn issue other CA certificates
 #     though they can still issue end entity certificates.
 #  3) pathlength == 0 means a limit of 0 is requested;
 #     this is the default for an intermediate CA, which means it can not issue
 #     CA certificates though it can still issue end entity certificates.
 ###########################################################################
 csr:
   cn: ca.org3.example.com
   names:
      - C: US
        ST: "North Carolina"
        L: "Raleigh"
        O: org3.example.com
        OU:
   hosts:
     - localhost
     - org3.example.com
   ca:
      expiry: 131400h
      pathlength: 1
 #############################################################################
 # BCCSP (BlockChain Crypto Service Provider) section is used to select which
 # crypto library implementation to use
 #############################################################################
 bccsp:
    default: SW
    sw:
        hash: SHA2
        security: 256
        filekeystore:
            # The directory used for the software file-based keystore
            keystore: msp/keystore
 #############################################################################
 # Multi CA section
 #
 # Each Fabric CA server contains one CA by default.  This section is used
 # to configure multiple CAs in a single server.
 #
 # 1) --cacount <number-of-CAs>
 # Automatically generate <number-of-CAs> non-default CAs.  The names of these
 # additional CAs are "ca1", "ca2", ... "caN", where "N" is <number-of-CAs>
 # This is particularly useful in a development environment to quickly set up
 # multiple CAs. Note that, this config option is not applicable to intermediate CA server
 # i.e., Fabric CA server that is started with intermediate.parentserver.url config
 # option (-u command line option)
 #
 # 2) --cafiles <CA-config-files>
 # For each CA config file in the list, generate a separate signing CA.  Each CA
 # config file in this list MAY contain all of the same elements as are found in
 # the server config file except port, debug, and tls sections.
 #
 # Examples:
 # fabric-ca-server start -b admin:adminpw --cacount 2
 #
 # fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml
 # --cafiles ca/ca2/fabric-ca-server-config.yaml
 #
 #############################################################################
 cacount:
 cafiles:
 #############################################################################
 # Intermediate CA section
 #
 # The relationship between servers and CAs is as follows:
 #   1) A single server process may contain or function as one or more CAs.
 #      This is configured by the "Multi CA section" above.
 #   2) Each CA is either a root CA or an intermediate CA.
 #   3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA.
 #
 # This section pertains to configuration of #2 and #3.
 # If the "intermediate.parentserver.url" property is set,
 # then this is an intermediate CA with the specified parent
 # CA.
 #
 # parentserver section
 #    url - The URL of the parent server
 #    caname - Name of the CA to enroll within the server
 #
 # enrollment section used to enroll intermediate CA with parent CA
 #    profile - Name of the signing profile to use in issuing the certificate
 #    label - Label to use in HSM operations
 #
 # tls section for secure socket connection
 #   certfiles - PEM-encoded list of trusted root certificate files
 #   client:
 #     certfile - PEM-encoded certificate file for when client authentication
 #     is enabled on server
 #     keyfile - PEM-encoded key file for when client authentication
 #     is enabled on server
 #############################################################################
 intermediate:
  parentserver:
    url:
    caname:
  enrollment:
    hosts:
    profile:
    label:
  tls:
    certfiles:
    client:
      certfile:
      keyfile:
--- a/test-network/addOrg3/fabric-ca/registerEnroll.sh
+++ b/test-network/addOrg3/fabric-ca/registerEnroll.sh
@ -0,0 +1,108 @@
 function createOrg3 {
  echo
 	echo "Enroll the CA admin"
  echo
 	mkdir -p ../organizations/peerOrganizations/org3.example.com/
 	export FABRIC_CA_CLIENT_HOME=${PWD}/../organizations/peerOrganizations/org3.example.com/
 #  rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
 #  rm -rf $FABRIC_CA_CLIENT_HOME/msp
  set -x
  fabric-ca-client enroll -u https://admin:adminpw@localhost:11054 --caname ca-org3 --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org3.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org3.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org3.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org3.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml
  echo
 	echo "Register peer0"
  echo
  set -x
 	fabric-ca-client register --caname ca-org3 --id.name peer0 --id.secret peer0pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
  echo
  echo "Register user"
  echo
  set -x
  fabric-ca-client register --caname ca-org3 --id.name user1 --id.secret user1pw --id.type client --id.attrs '"hf.Registrar.Roles=client"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
  echo
  echo "Register the org admin"
  echo
  set -x
  fabric-ca-client register --caname ca-org3 --id.name org3admin --id.secret org3adminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
 	mkdir -p ../organizations/peerOrganizations/org3.example.com/peers
  mkdir -p ../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com
  echo
  echo "## Generate the peer0 msp"
  echo
  set -x
 	fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp --csr.hosts peer0.org3.example.com --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/config.yaml
  echo
  echo "## Generate the peer0-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls --enrollment.profile tls --csr.hosts peer0.org3.example.com --csr.hosts localhost --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/signcerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/keystore/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
  mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts/ca.crt
  mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
  mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/ca
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/cacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem
  mkdir -p ../organizations/peerOrganizations/org3.example.com/users
  mkdir -p ../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com
  echo
  echo "## Generate the user msp"
  echo
  set -x
 	fabric-ca-client enroll -u https://user1:user1pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
  mkdir -p ../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com
  echo
  echo "## Generate the org admin msp"
  echo
  set -x
 	fabric-ca-client enroll -u https://org3admin:org3adminpw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
  set +x
  cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/config.yaml
 }
--- a/test-network/docker/docker-compose-ca.yaml
+++ b/test-network/docker/docker-compose-ca.yaml
@ -7,7 +7,7 @@ version: '2'
 services:
-  ca0:
+  ca_org1:
    image: hyperledger/fabric-ca:$IMAGE_TAG
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
@ -21,7 +21,7 @@ services:
      - ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
    container_name: ca_org1
-  ca1:
+  ca_org2:
    image: hyperledger/fabric-ca:$IMAGE_TAG
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
@ -35,7 +35,7 @@ services:
      - ../organizations/fabric-ca/org2:/etc/hyperledger/fabric-ca-server
    container_name: ca_org2
-  ca2:
+  ca_orderer:
    image: hyperledger/fabric-ca:$IMAGE_TAG
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
--- a/test-network/network.sh
+++ b/test-network/network.sh
@ -50,9 +50,9 @@ function printHelp() {
  echo "	network.sh up"
  echo
  echo " Examples:"
-  echo "  network.sh up createChannel -ca -c mychannel -s couchdb -i 1.4.0"
+  echo "  network.sh up createChannel -ca -c mychannel -s couchdb -i 2.0.0-beta"
  echo "  network.sh createChannel -c channelName"
-  echo "  network.sh deployCC -l node"
+  echo "  network.sh deployCC -l javascript"
 }
 # Obtain CONTAINER_IDS and remove them
@ -350,8 +350,7 @@ function createChannel() {
 ## Bring up the network if it is not arleady up.
-  CONTAINER_IDS=$(docker ps -a | awk '($2 ~ /fabric-peer/) {print $1}')
+  if [ ! -d "organizations/peerOrganizations" ]; then
  if [ -z "$CONTAINER_IDS" -o "$CONTAINER_IDS" == " " ]; then
    echo "Bringing up network"
    networkUp
  fi
@ -371,14 +370,6 @@ function createChannel() {
 ## Call the script to isntall and instantiate a chaincode on the channel
 function deployCC() {
  if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ]; then
    echo Vendoring Go dependencies ...
    pushd ../chaincode/fabcar/go
    GO111MODULE=on go mod vendor
    popd
    echo Finished vendoring Go dependencies
  fi
  scripts/deployCC.sh $CHANNEL_NAME $CC_RUNTIME_LANGUAGE $VERSION $CLI_DELAY $MAX_RETRY $VERBOSE
  if [ $? -ne 0 ]; then
@ -410,6 +401,9 @@ function networkDown() {
    rm -rf organizations/fabric-ca/org1/msp organizations/fabric-ca/org1/tls-cert.pem organizations/fabric-ca/org1/ca-cert.pem organizations/fabric-ca/org1/IssuerPublicKey organizations/fabric-ca/org1/IssuerRevocationPublicKey organizations/fabric-ca/org1/fabric-ca-server.db
    rm -rf organizations/fabric-ca/org2/msp organizations/fabric-ca/org2/tls-cert.pem organizations/fabric-ca/org2/ca-cert.pem organizations/fabric-ca/org2/IssuerPublicKey organizations/fabric-ca/org2/IssuerRevocationPublicKey organizations/fabric-ca/org2/fabric-ca-server.db
    rm -rf organizations/fabric-ca/ordererOrg/msp organizations/fabric-ca/ordererOrg/tls-cert.pem organizations/fabric-ca/ordererOrg/ca-cert.pem organizations/fabric-ca/ordererOrg/IssuerPublicKey organizations/fabric-ca/ordererOrg/IssuerRevocationPublicKey organizations/fabric-ca/ordererOrg/fabric-ca-server.db
    rm -rf addOrg3/fabric-ca/org3/msp addOrg3/fabric-ca/org3/tls-cert.pem addOrg3/fabric-ca/org3/ca-cert.pem addOrg3/fabric-ca/org3/IssuerPublicKey addOrg3/fabric-ca/org3/IssuerRevocationPublicKey addOrg3/fabric-ca/org3/fabric-ca-server.db
    # remove channel and script artifacts
    rm -rf channel-artifacts log.txt fabcar.tar.gz fabcar
@ -479,7 +473,6 @@ while [[ $# -ge 1 ]] ; do
    printHelp
    exit 0
    ;;
  -c )
    CHANNEL_NAME="$2"
    shift
--- a/test-network/organizations/ccp-generate.sh
+++ b/test-network/organizations/ccp-generate.sh
@ -5,24 +5,22 @@ function one_line_pem {
 }
 function json_ccp {
-    local PP=$(one_line_pem $5)
+    local PP=$(one_line_pem $4)
-    local CP=$(one_line_pem $6)
+    local CP=$(one_line_pem $5)
    sed -e "s/\${ORG}/$1/" \
        -e "s/\${P0PORT}/$2/" \
-        -e "s/\${P1PORT}/$3/" \
+        -e "s/\${CAPORT}/$3/" \
        -e "s/\${CAPORT}/$4/" \
        -e "s#\${PEERPEM}#$PP#" \
        -e "s#\${CAPEM}#$CP#" \
        organizations/ccp-template.json
 }
 function yaml_ccp {
-    local PP=$(one_line_pem $5)
+    local PP=$(one_line_pem $4)
-    local CP=$(one_line_pem $6)
+    local CP=$(one_line_pem $5)
    sed -e "s/\${ORG}/$1/" \
        -e "s/\${P0PORT}/$2/" \
-        -e "s/\${P1PORT}/$3/" \
+        -e "s/\${CAPORT}/$3/" \
        -e "s/\${CAPORT}/$4/" \
        -e "s#\${PEERPEM}#$PP#" \
        -e "s#\${CAPEM}#$CP#" \
        organizations/ccp-template.yaml | sed -e $'s/\\\\n/\\\n        /g'
@ -30,20 +28,18 @@ function yaml_ccp {
 ORG=1
 P0PORT=7051
 P1PORT=8051
 CAPORT=7054
 PEERPEM=organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
 CAPEM=organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
-echo "$(json_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json
+echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json
-echo "$(yaml_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml
+echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml
 ORG=2
 P0PORT=9051
 P1PORT=10051
 CAPORT=8054
 PEERPEM=organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
 CAPEM=organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
-echo "$(json_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json
+echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json
-echo "$(yaml_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml
+echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml
--- a/test-network/organizations/ccp-template.json
+++ b/test-network/organizations/ccp-template.json
@ -15,8 +15,7 @@
        "Org${ORG}": {
            "mspid": "Org${ORG}MSP",
            "peers": [
-                "peer0.org${ORG}.example.com",
+                "peer0.org${ORG}.example.com"
                "peer1.org${ORG}.example.com"
            ],
            "certificateAuthorities": [
                "ca.org${ORG}.example.com"
@ -33,16 +32,6 @@
                "ssl-target-name-override": "peer0.org${ORG}.example.com",
                "hostnameOverride": "peer0.org${ORG}.example.com"
            }
        },
        "peer1.org${ORG}.example.com": {
            "url": "grpcs://localhost:${P1PORT}",
            "tlsCACerts": {
                "pem": "${PEERPEM}"
            },
            "grpcOptions": {
                "ssl-target-name-override": "peer1.org${ORG}.example.com",
                "hostnameOverride": "peer1.org${ORG}.example.com"
            }
        }
    },
    "certificateAuthorities": {
--- a/test-network/organizations/ccp-template.yaml
+++ b/test-network/organizations/ccp-template.yaml
@ -12,7 +12,6 @@ organizations:
    mspid: Org${ORG}MSP
    peers:
    - peer0.org${ORG}.example.com
    - peer1.org${ORG}.example.com
    certificateAuthorities:
    - ca.org${ORG}.example.com
 peers:
@ -24,14 +23,6 @@ peers:
    grpcOptions:
      ssl-target-name-override: peer0.org${ORG}.example.com
      hostnameOverride: peer0.org${ORG}.example.com
  peer1.org${ORG}.example.com:
    url: grpcs://localhost:${P1PORT}
    tlsCACerts:
      pem: |
        ${PEERPEM}
    grpcOptions:
      ssl-target-name-override: peer1.org${ORG}.example.com
      hostnameOverride: peer1.org${ORG}.example.com
 certificateAuthorities:
  ca.org${ORG}.example.com:
    url: https://localhost:${CAPORT}
--- a/test-network/scripts/createChannel.sh
+++ b/test-network/scripts/createChannel.sh
@ -9,7 +9,6 @@ VERBOSE="$4"
 : ${DELAY:="3"}
 : ${MAX_RETRY:="5"}
 : ${VERBOSE:="false"}
 COUNTER=1
 # import utils
 . scripts/envVar.sh
@ -54,8 +53,8 @@ createChannel() {
 	# Poll in case the raft leader is not set yet
 	local rc=1
-	if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
+	local COUNTER=1
-		COUNTER=$(expr $COUNTER + 1)
+	while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
 		sleep $DELAY
 		if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then
        set -x
@ -68,12 +67,12 @@ createChannel() {
 				res=$?
 				set +x
 		fi
-		test $res -eq 0 || let rc=1
+		let rc=$res
-	else
+		COUNTER=$(expr $COUNTER + 1)
-		COUNTER=1
+	done
 	fi
 	cat log.txt
 	verifyResult $res "Channel creation failed"
 	echo
 	echo "===================== Channel '$CHANNEL_NAME' created ===================== "
 	echo
 }
@ -83,19 +82,17 @@ joinChannel() {
  ORG=$1
  setGlobals $ORG
 	local rc=1
 	local COUNTER=1
 	## Sometimes Join takes time, hence retry
-	if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
+	while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
    COUNTER=$(expr $COUNTER + 1)
    sleep $DELAY
    set -x
    peer channel join -b ./channel-artifacts/$CHANNEL_NAME.block >&log.txt
    res=$?
    set +x
-		test $res -eq 0 || let rc=1
+		let rc=$res
-	else
+		COUNTER=$(expr $COUNTER + 1)
-		COUNTER=1
+	done
 		echo "peer0.org${ORG} failed to join the channel, Retry after $DELAY seconds"
 	fi
 	cat log.txt
 	echo
 	verifyResult $res "After $MAX_RETRY attempts, peer0.org${ORG} has failed to join channel '$CHANNEL_NAME' "
--- a/test-network/scripts/deployCC.sh
+++ b/test-network/scripts/deployCC.sh
@ -12,19 +12,33 @@ VERBOSE="$6"
 : ${MAX_RETRY:="5"}
 : ${VERBOSE:="false"}
 CC_RUNTIME_LANGUAGE=`echo "$CC_RUNTIME_LANGUAGE" | tr [:upper:] [:lower:]`
 COUNTER=1
 FABRIC_CFG_PATH=$PWD/../config/
-if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ]; then
+if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ] ; then
 	CC_RUNTIME_LANGUAGE=golang
 	CC_SRC_PATH="../chaincode/fabcar/go/"
 	echo Vendoring Go dependencies ...
 	pushd ../chaincode/fabcar/go
 	GO111MODULE=on go mod vendor
 	popd
 	echo Finished vendoring Go dependencies
 elif [ "$CC_RUNTIME_LANGUAGE" = "javascript" ]; then
 	CC_RUNTIME_LANGUAGE=node # chaincode runtime language is node.js
 	CC_SRC_PATH="../chaincode/fabcar/javascript/"
 elif [ "$CC_RUNTIME_LANGUAGE" = "java" ]; then
 	CC_RUNTIME_LANGUAGE=java
-	CC_SRC_PATH="../chaincode/fabcar/java/"
+	CC_SRC_PATH="../chaincode/fabcar/java/build/install/fabcar"
 	echo Compiling Java code ...
 	pushd ../chaincode/fabcar/java
 	./gradlew installDist
 	popd
 	echo Finished compiling Java code
 else
 	echo The chaincode language ${CC_RUNTIME_LANGUAGE} is not supported by this script
 	echo Supported chaincode languages are: go, javascript, java
@ -83,7 +97,7 @@ approveForMyOrg() {
  ORG=$1
  setGlobals $ORG
-  if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then
+  if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ] ; then
    set -x
    peer lifecycle chaincode approveformyorg -o localhost:7050 --channelID $CHANNEL_NAME --name fabcar --version ${VERSION} --init-required --package-id ${PACKAGE_ID} --sequence ${VERSION} --waitForEvent >&log.txt
    set +x
@ -98,6 +112,42 @@ approveForMyOrg() {
  echo
 }
 # checkCommitReadiness VERSION PEER ORG
 checkCommitReadiness() {
  ORG=$1
  shift 1
  setGlobals $ORG
  echo "===================== Checking the commit readiness of the chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
 	local rc=1
 	local COUNTER=1
 	# continue to poll
  # we either get a successful response, or reach MAX RETRY
 	while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
    sleep $DELAY
    echo "Attempting to check the commit readiness of the chaincode definition on peer0.org${ORG} secs"
    set -x
    peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --output json --init-required >&log.txt
    res=$?
    set +x
 		#test $res -eq 0 || continue
    let rc=0
    for var in "$@"
    do
      grep "$var" log.txt &>/dev/null || let rc=1
    done
 		COUNTER=$(expr $COUNTER + 1)
 	done
  cat log.txt
  if test $rc -eq 0; then
    echo "===================== Checking the commit readiness of the chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
  else
    echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Check commit readiness result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
    echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
    echo
    exit 1
  fi
 }
 # commitChaincodeDefinition VERSION PEER ORG (PEER ORG)...
 commitChaincodeDefinition() {
  parsePeerConnectionParameters $@
@ -107,7 +157,7 @@ commitChaincodeDefinition() {
  # while 'peer chaincode' command can get the orderer endpoint from the
  # peer (if join was successful), let's supply it directly as we know
  # it using the "-o" option
-  if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then
+  if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ] ; then
    set -x
    peer lifecycle chaincode commit -o localhost:7050 --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --init-required >&log.txt
    res=$?
@ -124,43 +174,6 @@ commitChaincodeDefinition() {
  echo
 }
 # checkCommitReadiness VERSION PEER ORG
 checkCommitReadiness() {
  ORG=$1
  shift 1
  setGlobals $ORG
  echo "===================== Checking the commit readiness of the chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
 	local rc=1
 	# continue to poll
  # we either get a successful response, or reach MAX RETRY
 	if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
    COUNTER=$(expr $COUNTER + 1)
    sleep $DELAY
    echo "Attempting to check the commit readiness of the chaincode definition on peer0.org${ORG} secs"
    set -x
    peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --output json --init-required >&log.txt
    res=$?
    set +x
    test $res -eq 0 || let rc=1
 	else
 		COUNTER=1
 	fi
    for var in "$@"
    do
        grep "$var" log.txt &>/dev/null || let rc=1
    done
  echo
  cat log.txt
  if test $rc -eq 1; then
    echo "===================== Checking the commit readiness of the chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
  else
    echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Check commit readiness result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
    echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
    echo
    exit 1
  fi
 }
 # queryCommitted ORG
 queryCommitted() {
  ORG=$1
@ -168,27 +181,27 @@ queryCommitted() {
  EXPECTED_RESULT="Version: ${VERSION}, Sequence: ${VERSION}, Endorsement Plugin: escc, Validation Plugin: vscc"
  echo "===================== Querying chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
 	local rc=1
 	local COUNTER=1
 	# continue to poll
  # we either get a successful response, or reach MAX RETRY
-	if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
+	while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
    COUNTER=$(expr $COUNTER + 1)
    sleep $DELAY
    echo "Attempting to Query committed status on peer0.org${ORG}, Retry after $DELAY seconds."
    set -x
    peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name fabcar >&log.txt
    res=$?
    set +x
-		test $res -eq 0 || let rc=1
+		test $res -eq 0 && VALUE=$(cat log.txt | grep -o '^Version: [0-9], Sequence: [0-9], Endorsement Plugin: escc, Validation Plugin: vscc')
-	else
+    test "$VALUE" = "$EXPECTED_RESULT" && let rc=0
-		COUNTER=1
+		COUNTER=$(expr $COUNTER + 1)
-	fi
+	done
  echo
  cat log.txt
-  if test $rc -eq 1; then
+  if test $rc -eq 0; then
    echo "===================== Query chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
 		echo
  else
    echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Query chaincode definition result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
    echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
    echo
    exit 1
  fi
@ -249,27 +262,26 @@ chaincodeQuery() {
  setGlobals $ORG
  echo "===================== Querying on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
 	local rc=1
 	local COUNTER=1
 	# continue to poll
  # we either get a successful response, or reach MAX RETRY
-	if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
+	while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
    COUNTER=$(expr $COUNTER + 1)
    sleep $DELAY
    echo "Attempting to Query peer0.org${ORG} ...$(($(date +%s) - starttime)) secs"
    set -x
    peer chaincode query -C $CHANNEL_NAME -n fabcar -c '{"Args":["queryAllCars"]}' >&log.txt
    res=$?
    set +x
-    test $res -eq 0 || let rc=1
+		let rc=$res
-	else
+		COUNTER=$(expr $COUNTER + 1)
-		COUNTER=1
+	done
 	fi
  echo
  cat log.txt
-  if test $rc -eq 1; then
+  if test $rc -eq 0; then
    echo "===================== Query successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
 		echo
  else
    echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Query result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
    echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
    echo
    exit 1
  fi
--- a/test-network/scripts/org3-scripts/step2org3.sh
+++ b/test-network/scripts/org3-scripts/step2org3.sh
@ -12,7 +12,7 @@
 #
 echo
-echo "========= Getting Org3 on to your first network ========= "
+echo "========= Getting Org3 on to your test network ========= "
 echo
 CHANNEL_NAME="$1"
 DELAY="$2"
@ -62,7 +62,7 @@ joinChannelWithRetry 3
 echo "===================== peer0.org3 joined channel '$CHANNEL_NAME' ===================== "
 echo
-echo "========= Finished adding Org3 to your first network! ========= "
+echo "========= Finished adding Org3 to your test network! ========= "
 echo
 exit 0