mirror of
https://github.com/hyperledger/fabric-samples.git
synced 2026-06-17 15:35:09 +00:00
839f79343b
Fix test-network-nano-bash orderer4 enrollment. Also improve error handling and messages in CA interaction. Signed-off-by: David Enyeart <enyeart@us.ibm.com>
133 lines
6.1 KiB
Bash
Executable file
133 lines
6.1 KiB
Bash
Executable file
#!/usr/bin/env sh
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
######################################################################################
|
|
# createEnrollment()
|
|
#
|
|
# This is a convenience method for creating enrollments only
|
|
# Primary purpose it to create enrollment certificates for CA admins.
|
|
######################################################################################
|
|
|
|
createEnrollment() {
|
|
|
|
local port=$1 # port of the CA used for creating the enrollment
|
|
local username=$2 # username of the registered user on the CA
|
|
local password=$3 # password of the registered user on the CA
|
|
local orgname=$4 # name of the org (e.g. Org1, Org2) can be blank
|
|
local component_dir=$5 # path of the component, this will be the directory where the artifacts will be created
|
|
local tlscert=$6 # tls cert for connecting to the CA
|
|
|
|
# Enroll the identity
|
|
fabric-ca-client enroll -d -u https://${username}:${password}@localhost:${port} --caname ca --mspdir "${component_dir}/msp" --tls.certfiles $tlscert
|
|
if [ $? -ne 0 ]; then
|
|
echo "fabric-ca-client admin enroll failed, make sure CA service is available. Exiting..."
|
|
exit 1
|
|
fi
|
|
|
|
# Rename private key to mimic cryptogen
|
|
find ${component_dir} -type f -name '*_sk' | sed -e 'p;s/\(.*\)\/\(.*\)$/\1\/priv_sk/' | xargs -n2 mv -v
|
|
|
|
# Rename the cacert to mimic cryptogen
|
|
mv ${component_dir}/msp/cacerts/localhost-${port}-ca.pem ${component_dir}/msp/cacerts/ca.${orgname:+$orgname.}example.com-cert.pem
|
|
|
|
}
|
|
|
|
######################################################################################
|
|
# createMSP()
|
|
#
|
|
# This is a convenience method for creating the Membership Service Provider directories
|
|
#
|
|
######################################################################################
|
|
|
|
createMSP() {
|
|
|
|
local caname=$1 # name of the ca (ordererca, org1ca, org2ca)
|
|
local orgname=$2 # name of the org (org1, org2) Ordering Org is blank
|
|
local org_dir=$3 # directory of the organizatio
|
|
|
|
mkdir -p ${org_dir}/msp/admincerts
|
|
mkdir -p ${org_dir}/msp/cacerts
|
|
mkdir -p ${org_dir}/msp/tlscacerts
|
|
|
|
cp data_ca/${caname}/ca/ca-cert.pem ${org_dir}/msp/cacerts/ca.${orgname:+$orgname.}example.com-cert.pem
|
|
cp data_ca/${caname}/tlsca/ca-cert.pem ${org_dir}/msp/tlscacerts/tlsca.${orgname:+$orgname.}example.com-cert.pem
|
|
awk -v cacert_name="ca.${orgname:+$orgname.}example.com-cert" '{gsub(/ca.example.com-cert/,cacert_name)}1' ca/config.yaml > ${org_dir}/msp/config.yaml
|
|
|
|
}
|
|
|
|
######################################################################################
|
|
# registerAndEnroll()
|
|
#
|
|
# This is a convenience method for creating enrollments and TLS certificates
|
|
# Primary purpose it to create enrollment certificates for org admin identities, and
|
|
# enrollent and TLS certificates for peers and orderers.
|
|
######################################################################################
|
|
|
|
registerAndEnroll() {
|
|
|
|
local port=$1 # port of the CA used for creating the enrollment
|
|
local username=$2 # username of the user to register on the CA
|
|
local password=$3 # password of the user to register on the CA
|
|
local type=$4 # type of registation, must be one of (peer, orderer, admin)
|
|
local orgname=$5 # name of the org (e.g. Org1, Org2) can be blank
|
|
local component_dir=$6 # directory of the component, this will be the directory where the artifacts will be created
|
|
local org_dir=$7 # directory of the organization, this is the directory that contains the credentials for the registration
|
|
local tlscert=$8 # tls cert for connecting to the CA
|
|
|
|
if [ "$type" = "admin" ]; then
|
|
local attrs="hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"
|
|
else
|
|
local attrs=""
|
|
fi
|
|
|
|
# Register the username
|
|
fabric-ca-client register -d -u https://localhost:${port} --id.name ${username} --id.secret ${password} --id.type ${type} --id.attrs "${attrs}" --caname ca --tls.certfiles $tlscert --mspdir "${org_dir}/ca/msp"
|
|
if [ $? -ne 0 ]; then
|
|
echo "fabric-ca-client register failed, make sure CA service is available. Exiting..."
|
|
exit 1
|
|
fi
|
|
|
|
# Enroll the identity
|
|
fabric-ca-client enroll -d -u https://${username}:${password}@localhost:${port} --caname ca --mspdir "${component_dir}/msp" --tls.certfiles $tlscert
|
|
if [ $? -ne 0 ]; then
|
|
echo "fabric-ca-client enroll failed, make sure CA service is available. Exiting..."
|
|
exit 1
|
|
fi
|
|
|
|
# Rename private key to mimic cryptogen
|
|
find ${component_dir} -type f -name '*_sk' | sed -e 'p;s/\(.*\)\/\(.*\)$/\1\/priv_sk/' | xargs -n2 mv -v
|
|
|
|
# Rename the cacert to mimic cryptogen
|
|
mv ${component_dir}/msp/cacerts/localhost-${port}-ca.pem ${component_dir}/msp/cacerts/ca.${orgname:+$orgname.}example.com-cert.pem
|
|
|
|
# Set the cacert name and copy the config.json for NodeOU
|
|
awk -v cacert_name="ca.${orgname:+$orgname.}example.com-cert" '{gsub(/ca.example.com-cert/,cacert_name)}1' ca/config.yaml > ${component_dir}/msp/config.yaml
|
|
|
|
# If this is a peer or orderer type then create a TLS cert
|
|
if [ "$type" = "peer" ] || [ "$type" = "orderer" ]; then
|
|
|
|
# Enroll the TLS cert
|
|
fabric-ca-client enroll -d -u https://${username}:${password}@localhost:${port} --caname tlsca --mspdir "${component_dir}/tls" --tls.certfiles $tlscert --csr.hosts 'localhost,127.0.0.1'
|
|
if [ $? -ne 0 ]; then
|
|
echo "fabric-ca-client TLS enroll failed, make sure CA service is available. Exiting..."
|
|
exit 1
|
|
fi
|
|
|
|
# Rename private key to mimic cryptogen
|
|
find ${component_dir} -type f -name '*_sk' | sed -e 'p;s/\(.*\)\/\(.*\)$/\1\/priv_sk/' | xargs -n2 mv -v
|
|
|
|
# Copy and rename TLS certs and keys to mimic cryptogen
|
|
cp ${component_dir}/tls/cacerts/localhost-${port}-tlsca.pem ${component_dir}/tls/ca.crt
|
|
cp ${component_dir}/tls/keystore/priv_sk ${component_dir}/tls/server.key
|
|
cp ${component_dir}/tls/signcerts/cert.pem ${component_dir}/tls/server.crt
|
|
|
|
# Rename the tls cacert to mimic cryptogen
|
|
mv ${component_dir}/tls/cacerts/localhost-${port}-tlsca.pem ${component_dir}/tls/cacerts/tlsca.${orgname:+$orgname.}example.com-cert.pem
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|