Fix USE_INTERMEDIATE_CA variable to allow
exclusive use of RootCA for sample tests.
Change-Id: If10f9a768ba17943f03b416f5a68edb9eb65a27a
Signed-off-by: rennman <eabailey@us.ibm.com>
Add --gencrl flag to revoke command to illustrate
the ability to generate a CRL while performing
a revocation.
Change-Id: I7521cfee54f8704675236d7afb2876b87eb339bf
Signed-off-by: Saad Karim <skarim@us.ibm.com>
Fabric CA sample fails with TLS error when
running against latest 1.1 code because orderer
was expecting client certificate but was not receiving
on during TLS handshake. This change set fixes the
problem by specifying --clientauth, --keyfile and
--certfile command line arguments to the peer commands
that need to communicate with orderer, like 'peer channel
create'.
Change-Id: I34ad39c919c0121916116c3711c7429009db7fc8
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
Currently client authentication is not enabled on
any peers and orderer in the fabric-ca sample. This
change set will enable client authentication on all
the peers and orderer.
Change-Id: If3c6a5dc6d1dc3a38096608617971945bde359c0
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
Steps include: revoking a user, generating a CRL,
updating the CRL in the configuration block of the
channel, and finally querying the chaincode using
the revoked user credentials. The query will fail as
it is invoked by a revoked user.
Change-Id: I3b0f26d9b5a78475b6f42543b0e17458e9ce2a73
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
When a CA starts, it creates its signing cert and then
starts listening on its listening port. The fix is to
wait for the server to start listening on the port rather
than waiting for the signing cert file to be created.
See the waitPort function in env.sh, and places where this
is called. I also had to increase the max time we wait before
failing.
WARNING: This change set is dependent upon the following
fabric-ca change set and should not be merged until it
has been merged:
https://gerrit.hyperledger.org/r/#/c/15089/
Change-Id: I781e3653bf6846e22f401fe64855fa155ffeb7cb
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
This sample uses fabric-ca to run an end-to-end test similar
to the BYFN sample. However, instead of using cryptogen, it
uses fabric-ca. All private keys are generated dynamically in
the container in which they are used.
This sample also demonstrates how to use abac
(Attribute-Based Access Control) to make access decisions.
See chaincode/abac/abac.go.
Change-Id: I5eddc9e35908e409ac07266c3183ce89a5a6cd82
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
