Recently, Fabric CA was changed to restrict custom attributes
from starting with "hf." prefix. But fabric-ca sample was
using hf.admin custom attribute. Hence it was failing. This
change set changes custom attribute "hf.admin" to "admin".
Change-Id: I6c9324e62717c26aab3c2d308d9fb098ecd2fb65
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
The admin identity needs hf.Registrar.Roles attribute so
it can register other identities. This attribute was
introduced recently in fabric-ca v1.1.0-alpha.
Change-Id: Ie2a0ef705f07a35580c6bc8a85a34b9b9d937623
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
Steps include: revoking a user, generating a CRL,
updating the CRL in the configuration block of the
channel, and finally querying the chaincode using
the revoked user credentials. The query will fail as
it is invoked by a revoked user.
Change-Id: I3b0f26d9b5a78475b6f42543b0e17458e9ce2a73
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
When a CA starts, it creates its signing cert and then
starts listening on its listening port. The fix is to
wait for the server to start listening on the port rather
than waiting for the signing cert file to be created.
See the waitPort function in env.sh, and places where this
is called. I also had to increase the max time we wait before
failing.
WARNING: This change set is dependent upon the following
fabric-ca change set and should not be merged until it
has been merged:
https://gerrit.hyperledger.org/r/#/c/15089/
Change-Id: I781e3653bf6846e22f401fe64855fa155ffeb7cb
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
This sample uses fabric-ca to run an end-to-end test similar
to the BYFN sample. However, instead of using cryptogen, it
uses fabric-ca. All private keys are generated dynamically in
the container in which they are used.
This sample also demonstrates how to use abac
(Attribute-Based Access Control) to make access decisions.
See chaincode/abac/abac.go.
Change-Id: I5eddc9e35908e409ac07266c3183ce89a5a6cd82
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
