本文档展示了如何使用Fabric Java SDK配置TLS连接到Hyperledger Fabric网络。通过创建HFCAClient,注册并激活用户,然后建立与Peers、Orderers和EventHubs的TLS连接,实现安全的通道通信。
package org.edu.fabric.sdk.testtls;
import org.edu.fabric.sdk.config.ConfigUrl;
import org.edu.fabric.sdk.config.FactoryConfig;
import org.edu.fabric.sdk.impl.UserImpl;
import org.hyperledger.fabric.sdk.*;
import org.hyperledger.fabric.sdk.security.CryptoSuite;
import org.hyperledger.fabric_ca.sdk.HFCAClient;
import org.hyperledger.fabric_ca.sdk.RegistrationRequest;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Collection;
import java.util.Properties;
import java.util.concurrent.CompletableFuture;
public class InvokdeChaincodeOpenTls {
public static void main(String args[]) throws Exception {
//这里的userContext使用的是CA节点生成的userContext,此外也可以采用cryptogen二进制文件生成的组织org1.example.com的管理员:Admin@org1.example.com
//create hfcaClient
String CA1_Cert=new String(Files.readAllBytes(Paths.get(ConfigUrl.CA1_Root_Cert)),"UTF-8");
Properties properties=new Properties();
properties.put("pemBytes",CA1_Cert.getBytes());
properties.setProperty("allowAllHostNames","true");
HFCAClient hfcaClient=HFCAClient.createNewInstance(ConfigUrl.CA1_Name,ConfigUrl.CA1_Url,properties);
hfcaClient.setCryptoSuite(CryptoSuite.Factory.getCryptoSuite());
//create admin
UserImpl adminUserContext=new UserImpl();
adminUserContext.setName(ConfigUrl.Admin);
adminUserContext.setAffiliation(ConfigUrl.Org1);
adminUserContext.setMspId(ConfigUrl.Org1_Msp);
//create admin Enrollment
Enrollment adminEnrollment=hfcaClient.enroll(ConfigUrl.Admin,ConfigUrl.Admin_Passwd);
adminUserContext.setEnrollment(adminEnrollment);
//save adminUserContext
FileOutputStream fio=new FileOutputStream("/root/IdeaProjects/fabricProject/src/main/resources/adminContext/adminContext.txt");
ObjectOutputStream obj=new ObjectOutputStream(fio);
obj.writeObject(adminUserContext);
obj.close();
fio.close();
//create userContext,user1只能在CA节点处注册一次,可以把使用user1生成的userContext保存成本地文件,下次直接使用时直接读入,不能再重新由CA节点注册user1
UserImpl userContext=new UserImpl();
userContext.setName("user1");
userContext.setAffiliation(ConfigUrl.Org1);
userContext.setMspId(ConfigUrl.Org1_Msp);
//register user
RegistrationRequest registrationRequest=new RegistrationRequest("user1",ConfigUrl.Org1);
String enrollmentSecret =hfcaClient.register(registrationRequest,adminUserContext);
//enroll user
Enrollment userEnrollment=hfcaClient.enroll(userContext.getName(),enrollmentSecret);
userContext.setEnrollment(userEnrollment);
//save user
FileOutputStream fio1=new FileOutputStream("/root/IdeaProjects/fabricProject/src/main/resources/adminContext/userContext.txt");
ObjectOutputStream obj1=new ObjectOutputStream(fio1);
obj1.writeObject(userContext);
obj1.close();
fio1.close();
/* userContext也可以直接使用这个
UserImpl userContext=new UserImpl();
userContext.setName(ConfigUrl.Admin);
userContext.setMspId(ConfigUrl.Org1_Msp);
Enrollment enrollment= FactoryConfig.getEnrollment(ConfigUrl.Org1_Usr_Admin_Cert,ConfigUrl.Org1_Usr_Admin_PK_Base_Path);
userContext.setEnrollment(enrollment);*/
//create hfClient
CryptoSuite cryptoSuite=CryptoSuite.Factory.getCryptoSuite();
HFClient hfClient=HFClient.createNewInstance();
hfClient.setCryptoSuite(cryptoSuite);
hfClient.setUserContext(userContext);
//create peer ,orderer,Eventhub
String peerCert=new String(Files.readAllBytes(Paths.get("/root/IdeaProjects/fabricProject/src/main/resources/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt")),"UTF-8");
Properties peerProperties=new Properties();
peerProperties.put("pemBytes",peerCert.getBytes());
peerProperties.setProperty("sslProvider","openSSL");
peerProperties.setProperty("negotiationType","TLS");
peerProperties.setProperty("hostnameOverride",ConfigUrl.Peer0_Org1_Name);
Peer peer=hfClient.newPeer(ConfigUrl.Peer0_Org1_Name,ConfigUrl.Peer0_Org1_Url,peerProperties);
String ordererCert=new String(Files.readAllBytes(Paths.get("/root/IdeaProjects/fabricProject/src/main/resources/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt")),"UTF-8");
Properties ordererProperties=new Properties();
ordererProperties.put("pemBytes",ordererCert.getBytes());
ordererProperties.setProperty("sslProvider","openSSL");
ordererProperties.setProperty("negotiationType","TLS");
ordererProperties.setProperty("hostnameOverride",ConfigUrl.OrdererName);
Orderer orderer=hfClient.newOrderer(ConfigUrl.OrdererName,ConfigUrl.OrdererUrl,ordererProperties);
EventHub eventHub=hfClient.newEventHub(ConfigUrl.Peer0_Org1_Name,"grpcs://localhost:7053",peerProperties);
Channel channel=hfClient.newChannel(ConfigUrl.ChannelName);
channel.addPeer(peer);
channel.addOrderer(orderer);
channel.addEventHub(eventHub);
channel.initialize();
//create Transaction proposal Request
TransactionProposalRequest request=hfClient.newTransactionProposalRequest();
ChaincodeID chaincodeID=ChaincodeID.newBuilder().setName("mycc").build();
request.setChaincodeID(chaincodeID);
request.setFcn("invoke");
request.setArgs(new String[]{"a","b","22"});
// send Transaction Proposal request To ensoder peer
Collection responses=channel.sendTransactionProposal(request);
//send Transaction Ensoder Result to orderer
channel.sendTransaction(responses);
}
}
扫一扫
883
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
