之前稍微了解过Client Identity Chaincode Library,这几天正好开始实际应用。
虽然了解过,还是发现了不少之前理解的不足,也踩了不少坑。
先列出官方介绍: https://github.com/hyperledger/fabric/blob/release-1.1/core/chaincode/lib/cid/README.md
1,首先要给注册的user添加attrs,但是在ca 数据库中看不到,chaincode 层也查不到
查看CA的log,并没有报错,user也成功enroll,
chaincode层查找fabric 默认的attrs,则可以查到。然后意识到,需要在ca-server-config.yaml中添加需要的attrs。
2,在chaincode中 import http://github.com/hyperledger/fabric/core/chaincode/lib/cid,compile的时候总是说找不到 github.com/hyperledger/fabric/core/chaincode/lib/cid
错误消息说的很明确,但是由于对go语言及扩展知识理解不做,踩了不少坑。
shim包可以引入成功,但是并不知道shim包在哪里,也不知道应该怎么引入新包。于是系统中搜索shim,但是找不到结果。
上网查找,很确认这里是正解:https://stackoverflow.com/questions/49560104/cannot-find-package-cid-in-goroot-or-gopath
但是还是不是很明白,最后参考abac的例子和govendor的文档,才搞定
下面是一些关键代码:
ca-config.yaml
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "peer,orderer,client,user"
hf.Registrar.DelegateRoles: "peer,orderer,client,user"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
permissions: "*"
node js
let secret = await caClient.register({
enrollmentID: username,
affiliation: userOrg.toLowerCase() + '.department1',
attrs:[{name:"hf.Registrar.Attributes",value:"query",ecert:true},
{name:"permissions",value:"query",ecert:true}]
//attrs:reg_attr
}, adminUserObj);
fmt.Printf("%+v\n", cert)
fmt.Println("cert.Extensions :")
fmt.Printf("%+v\n", cert.Extensions)
fmt.Println("cert.Subject.CommonName:")
fmt.Println(cert.Subject.CommonName)
val, ok, err := cid.GetAttributeValue(stub, "hf.Registrar.Attributes")
if err != nil {
return shim.Error(err.Error())
if !ok {
return shim.Error("The client identity does not possess the attribute:hf.Registrar.Attributes")
fmt.Println("hf.Registrar.Attributes:")
fmt.Println(val)
val, ok, err = cid.GetAttributeValue(stub, "permissions")
if err != nil {
return shim.Error(err.Error())
if !ok {
return shim.Error("The client identity does not possess the attribute:permissions")
fmt.Println("permissions:")
fmt.Println(val)