fabric ca 使用案例

fabric-ca 有两个子项目:一个是fabric-ca-client,另一个是fabric-ca-server
启动一个fabric-ca-server

fabric-ca-server start -b admin:admin //会在当前目录生成证书相关的信息
[root@fabric-cli server01]# ls -l
总用量 60
-rw-r--r-- 1 root root   786 5月   8 15:52 ca-cert.pem
-rw-r--r-- 1 root root 15875 5月   8 15:52 fabric-ca-server-config.yaml
-rw-r--r-- 1 root root 40960 5月   8 16:21 fabric-ca-server.db
drwxr-xr-x 3 root root    22 5月   8 15:52 msp

enroll 启动用户,要不数据库里面没有相关的证书
enroll之前

sqlite> select * from users;
admin|$2a$10$3eNa8xBspcM11j37CgUVB.dDTkoOt1Sk/1NZEjqrHLjXEGdeJ5uUG|client||[{"name":"hf.Revoker","value":"1"},{"name":"hf.IntermediateCA","value":"1"},{"name":"hf.GenCRL","value":"1"},{"name":"hf.Registrar.Attributes","value":"*"},{"name":"hf.AffiliationMgr","value":"1"},{"name":"hf.Registrar.Roles","value":"peer,orderer,client,user"},{"name":"hf.Registrar.DelegateRoles","value":"peer,orderer,client,user"}]|0|-1|1
sqlite> select * from certificates;

enroll之后

[root@fabric-cli client-01]# fabric-ca-client enroll -u http://admin:admin@localhost:7054
2018/05/08 16:02:34 [INFO] generating key: &{A:ecdsa S:256}
2018/05/08 16:02:34 [INFO] encoded CSR
2018/05/08 16:02:34 [INFO] Stored client certificate at /root/.fabric-ca-client/msp/signcerts/cert.pem
2018/05/08 16:02:34 [INFO] Stored root CA certificate at /root/.fabric-ca-client/msp/cacerts/localhost-7054.pem
2018/05/08 16:02:34 [INFO] Stored intermediate CA certificates at /root/.fabric-ca-client/msp/intermediatecerts/localhost-7054.pem
[root@fabric-cli client-01]# fabric-ca-client enroll -u http://admin:admin@localhost:7054 --home $PWD/admin
2018/05/08 16:02:59 [INFO] Created a default configuration file at /root/client-01/admin/fabric-ca-client-config.yaml
2018/05/08 16:02:59 [INFO] generating key: &{A:ecdsa S:256}
2018/05/08 16:02:59 [INFO] encoded CSR
2018/05/08 16:02:59 [INFO] Stored client certificate at /root/client-01/admin/msp/signcerts/cert.pem
2018/05/08 16:02:59 [INFO] Stored root CA certificate at /root/client-01/admin/msp/cacerts/localhost-7054.pem
2018/05/08 16:02:59 [INFO] Stored intermediate CA certificates at /root/client-01/admin/msp/intermediatecerts/localhost-7054.pem
[root@fabric-cli client-01]# 
[root@fabric-cli client-01]# ls -l 
总用量 0
drwxr-xr-x 3 root root 53 58 16:02 admin
[root@fabric-cli client-01]# ls -l admin/
总用量 8
-rwxr-xr-x 1 root root 6506 58 16:02 fabric-ca-client-config.yaml
drwx------ 6 root root   79 58 16:02 msp
sqlite> select * from certificates;
admin|5c4c01ecd318537960c93365e99a92dec19f05b9|f1f042212126df52a9473983a4cdf18b69d719e8||good|0|2019-05-08 08:03:00+00:00|0001-01-01 00:00:00+00:00|-----BEGIN CERTIFICATE-----
MIICPjCCAeSgAwIBAgIUXEwB7NMYU3lgyTNl6ZqS3sGfBbkwCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTE4MDUwODA3NTgwMFoXDTE5MDUwODA4MDMwMFowXTELMAkG
A1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl
cmxlZGdlcjEPMA0GA1UECxMGY2xpZW50MQ4wDAYDVQQDEwVhZG1pbjBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABKhxvv2Tu8qaz6VaeLxxFhs33FfUnsBRdxmMAgaN
bt0ul9KpqlHLhplvsgEvzX32pvbOBPXt79UUllISqoxsCtijdzB1MA4GA1UdDwEB
/wQEAwIHgDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRkVq8Fj3elmE2jEUngx771
/WwMEzAfBgNVHSMEGDAWgBTx8EIhISbfUqlHOYOkzfGLadcZ6DAVBgNVHREEDjAM
ggpmYWJyaWMtY2xpMAoGCCqGSM49BAMCA0gAMEUCIQCHll5J+kUcmvix1pzVKIMG
A8rgDHwAG0/dgbidnsRtBwIgcwzPuqBuTAC95+D/FrGsfXWYTetRG1yPlXJH7HAe
+es=
-----END CERTIFICATE-----
|1

用admin注册一个用户admin2

[root@fabric-cli client-01]# fabric-ca-client register --id.name admin2 --id.type user --id.affiliation org1.department1 --id.attrs 'hf.Revoker=true,foo=bar' -H $PWD/admin 
2018/05/08 16:06:05 [INFO] Configuration file location: /root/client-01/admin/fabric-ca-client-config.yaml
Password: HUynsYXMGlkP

注册完成之后在用户表中会有相应的用户信息,但是还没有相关的证书

sqlite> select * from users;
admin|$2a$10$3eNa8xBspcM11j37CgUVB.dDTkoOt1Sk/1NZEjqrHLjXEGdeJ5uUG|client||[{"name":"hf.Revoker","value":"1"},{"name":"hf.IntermediateCA","value":"1"},{"name":"hf.GenCRL","value":"1"},{"name":"hf.Registrar.Attributes","value":"*"},{"name":"hf.AffiliationMgr","value":"1"},{"name":"hf.Registrar.Roles","value":"peer,orderer,client,user"},{"name":"hf.Registrar.DelegateRoles","value":"peer,orderer,client,user"}]|2|-1|1
admin2|$2a$10$EjCadIqi0EFw4SuaKMYKveuXMQ0OxDXAwiyJ5lkR4CMLoJ3zl6NMC|user|org1.department1|[{"name":"hf.Revoker","value":"true"},{"name":"foo","value":"bar"},{"name":"hf.EnrollmentID","value":"admin2","ecert":true},{"name":"hf.Type","value":"user","ecert":true},{"name":"hf.Affiliation","value":"org1.department1","ecert":true}]|0|-1|1
sqlite> select * from users;
admin|$2a$10$3eNa8xBspcM11j37CgUVB.dDTkoOt1Sk/1NZEjqrHLjXEGdeJ5uUG|client||[{"name":"hf.Revoker","value":"1"},{"name":"hf.IntermediateCA","value":"1"},{"name":"hf.GenCRL","value":"1"},{"name":"hf.Registrar.Attributes","value":"*"},{"name":"hf.AffiliationMgr","value":"1"},{"name":"hf.Registrar.Roles","value":"peer,orderer,client,user"},{"name":"hf.Registrar.DelegateRoles","value":"peer,orderer,client,user"}]|2|-1|1
admin2|$2a$10$EjCadIqi0EFw4SuaKMYKveuXMQ0OxDXAwiyJ5lkR4CMLoJ3zl6NMC|user|org1.department1|[{"name":"hf.Revoker","value":"true"},{"name":"foo","value":"bar"},{"name":"hf.EnrollmentID","value":"admin2","ecert":true},{"name":"hf.Type","value":"user","ecert":true},{"name":"hf.Affiliation","value":"org1.department1","ecert":true}]|1|-1|1

enroll admin2之后才有,用之前返回的密码enroll admin2

root@fabric-cli client-01]# fabric-ca-client enroll -u http://admin2:HUynsYXMGlkP@localhost:7054 -H $PWD/admin2
2018/05/08 16:08:13 [INFO] Created a default configuration file at /root/client-01/admin2/fabric-ca-client-config.yaml
2018/05/08 16:08:13 [INFO] generating key: &{A:ecdsa S:256}
2018/05/08 16:08:13 [INFO] encoded CSR
2018/05/08 16:08:13 [INFO] Stored client certificate at /root/client-01/admin2/msp/signcerts/cert.pem
2018/05/08 16:08:13 [INFO] Stored root CA certificate at /root/client-01/admin2/msp/cacerts/localhost-7054.pem
2018/05/08 16:08:13 [INFO] Stored intermediate CA certificates at /root/client-01/admin2/msp/intermediatecerts/localhost-7054.pem

enroll成功之后,证书表会有相关的证书

admin2|392ee9ba3325e80e194a013571d910b1d837fe5a|f1f042212126df52a9473983a4cdf18b69d719e8||good|0|2019-05-08 08:08:00+00:00|0001-01-01 00:00:00+00:00|-----BEGIN CERTIFICATE-----
MIICyDCCAm+gAwIBAgIUOS7pujMl6A4ZSgE1cdkQsdg3/lowCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTE4MDUwODA4MDMwMFoXDTE5MDUwODA4MDgwMFowfTELMAkG
A1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl
cmxlZGdlcjEuMAsGA1UECxMEdXNlcjALBgNVBAsTBG9yZzEwEgYDVQQLEwtkZXBh
cnRtZW50MTEPMA0GA1UEAxMGYWRtaW4yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAER0NPvkZ7g/wOmncvaPzcESrQtVjSAhIBe5R3uHWBzmKKOGYnSOTAZPz8mQfd
tgjxuZnc8MuEgTeH9Wy0uyPew6OB4TCB3jAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUsF0jjj/KF6c/3XZY/7mI63E0WhMwHwYDVR0jBBgw
FoAU8fBCISEm31KpRzmDpM3xi2nXGegwFQYDVR0RBA4wDIIKZmFicmljLWNsaTBn
BggqAwQFBgcIAQRbeyJhdHRycyI6eyJoZi5BZmZpbGlhdGlvbiI6Im9yZzEuZGVw
YXJ0bWVudDEiLCJoZi5FbnJvbGxtZW50SUQiOiJhZG1pbjIiLCJoZi5UeXBlIjoi
dXNlciJ9fTAKBggqhkjOPQQDAgNHADBEAiA9puD24CEgOpoxjGx/0BHVjyoExiqk
mi3lj6JVXiAi3wIgQVMinjIj75s3SPBk5eROR0lKpXaOz627erKHZq3dh28=
-----END CERTIFICATE-----
|1

注册节点

[root@fabric-cli client-01]# fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw -H $PWD/admin
2018/05/08 16:09:46 [INFO] Configuration file location: /root/client-01/admin/fabric-ca-client-config.yaml
Password: peer1pw

登记节点

[root@fabric-cli client-01]# fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -H $PWD/peer01
2018/05/08 16:11:44 [INFO] Created a default configuration file at /root/client-01/peer01/fabric-ca-client-config.yaml
2018/05/08 16:11:44 [INFO] generating key: &{A:ecdsa S:256}
2018/05/08 16:11:44 [INFO] encoded CSR
2018/05/08 16:11:44 [INFO] Stored client certificate at /root/client-01/peer01/msp/signcerts/cert.pem
2018/05/08 16:11:44 [INFO] Stored root CA certificate at /root/client-01/peer01/msp/cacerts/localhost-7054.pem
2018/05/08 16:11:44 [INFO] Stored intermediate CA certificates at /root/client-01/peer01/msp/intermediatecerts/localhost-7054.pem
[root@fabric-cli client-01]# ls -l
总用量 0
drwxr-xr-x 3 root root 53 58 16:02 admin
drwxr-xr-x 3 root root 53 58 16:08 admin2
drwxr-xr-x 3 root root 53 58 16:11 peer01
[root@fabric-cli client-01]# 
[root@fabric-cli client-01]# ls -l peer01/
总用量 8
-rwxr-xr-x 1 root root 6506 58 16:11 fabric-ca-client-config.yaml
drwx------ 6 root root   79 58 16:11 msp

启动另一个fabric-ca-server服务

root@fabric-cli server03]# fabric-ca-server start -b admin:ca2pw -p 7055 -H /root/server01 -n ca2
2018/05/08 16:17:26 [INFO] Configuration file location: /root/server01/fabric-ca-server-config.yaml
2018/05/08 16:17:26 [INFO] Starting server in home directory: /root/server01
2018/05/08 16:17:26 [INFO] Server Version: 1.1.0
2018/05/08 16:17:26 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1}
2018/05/08 16:17:26 [INFO] The CA key and certificate already exist
2018/05/08 16:17:26 [INFO] The key is stored by BCCSP provider 'SW'
2018/05/08 16:17:26 [INFO] The certificate is at: /root/server01/ca-cert.pem
2018/05/08 16:17:26 [INFO] Initialized sqlite3 database at /root/server01/fabric-ca-server.db
2018/05/08 16:17:26 [INFO] Home directory for default CA: /root/server01
2018/05/08 16:17:26 [INFO] Listening on http://0.0.0.0:7055
2018/05/08 16:19:09 [INFO] [::1]:44680 POST /cainfo 200 0 "OK"

把证书复制到peer01

root@fabric-cli client-01]# fabric-ca-client getcacert -u http://localhost:7055 -M $PWD/peer01/msp 
2018/05/08 16:19:09 [INFO] Configuration file location: /root/.fabric-ca-client/fabric-ca-client-config.yaml
2018/05/08 16:19:09 [INFO] Stored root CA certificate at /root/client-01/peer01/msp/cacerts/localhost-7055.pem
2018/05/08 16:19:09 [INFO] Stored intermediate CA certificates at /root/client-01/peer01/msp/intermediatecerts/localhost-7055.pem
[root@fabric-cli peer01]# tree 
.
├── fabric-ca-client-config.yaml
└── msp
    ├── cacerts
    │   ├── localhost-7054.pem
    │   └── localhost-7055.pem
    ├── intermediatecerts
    │   ├── localhost-7054.pem
    │   └── localhost-7055.pem
    ├── keystore
    │   ├── 8c9aeba7773cbc8f66fb973f531c8a297297ecb17ab85597e75967432e5f8df0_sk
    │   └── c7a9d0000a72df0ab52cca03a83d19324e33e54ecebea6105f83ca64f7d2b7ae_sk
    └── signcerts
        └── cert.pem

5 directories, 8 files

重新登记peer01

[root@fabric-cli peer01]# fabric-ca-client reenroll --home $PWD
2018/05/08 16:20:31 [INFO] Configuration file location: /root/client-01/peer01/fabric-ca-client-config.yaml
2018/05/08 16:20:31 [INFO] generating key: &{A:ecdsa S:256}
2018/05/08 16:20:31 [INFO] encoded CSR
2018/05/08 16:20:31 [INFO] Stored client certificate at /root/client-01/peer01/msp/signcerts/cert.pem
2018/05/08 16:20:31 [INFO] Stored root CA certificate at /root/client-01/peer01/msp/cacerts/localhost-7054.pem
2018/05/08 16:20:31 [INFO] Stored intermediate CA certificates at /root/client-01/peer01/msp/intermediatecerts/localhost-7054.pem

数据库显示

peer1|3a5f382f399d14459b86ebaa182b29d4cfe8289|f1f042212126df52a9473983a4cdf18b69d719e8||good|0|2019-05-08 08:12:00+00:00|0001-01-01 00:00:00+00:00|-----BEGIN CERTIFICATE-----
MIICxjCCAm2gAwIBAgIUA6XzgvOZ0URZuG66oYKynUz+gokwCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTE4MDUwODA4MDcwMFoXDTE5MDUwODA4MTIwMFowfDELMAkG
A1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl
cmxlZGdlcjEuMAsGA1UECxMEcGVlcjALBgNVBAsTBG9yZzEwEgYDVQQLEwtkZXBh
cnRtZW50MTEOMAwGA1UEAxMFcGVlcjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AASVj5Sh7a9VyKlGy5nRgvw3osyvkZwDfyAzOWSnRBia/uLF2PmHCMo0gNRg2YmP
r652gXCpJJT2gbZXb/y2qPHqo4HgMIHdMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBSkptne3n917RG1GSBHTGPS4l1nczAfBgNVHSMEGDAW
gBTx8EIhISbfUqlHOYOkzfGLadcZ6DAVBgNVHREEDjAMggpmYWJyaWMtY2xpMGYG
CCoDBAUGBwgBBFp7ImF0dHJzIjp7ImhmLkFmZmlsaWF0aW9uIjoib3JnMS5kZXBh
cnRtZW50MSIsImhmLkVucm9sbG1lbnRJRCI6InBlZXIxIiwiaGYuVHlwZSI6InBl
ZXIifX0wCgYIKoZIzj0EAwIDRwAwRAIgQ0DdX5tCZVDU/4XN1rPm7qIU+VXaq4E9
di8U93EG488CIHggdMulPLTIjkylfcCSe0sBCcHbUV+Ao7FdqI5CPWd+
-----END CERTIFICATE-----
|1
peer1|5a4a45f968106f5455328d0da3085587023804a9|f1f042212126df52a9473983a4cdf18b69d719e8||good|0|2019-05-08 08:21:00+00:00|0001-01-01 00:00:00+00:00|-----BEGIN CERTIFICATE-----
MIICxjCCAm2gAwIBAgIUWkpF+WgQb1RVMo0NowhVhwI4BKkwCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTE4MDUwODA4MTYwMFoXDTE5MDUwODA4MjEwMFowfDELMAkG
A1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl
cmxlZGdlcjEuMAsGA1UECxMEcGVlcjALBgNVBAsTBG9yZzEwEgYDVQQLEwtkZXBh
cnRtZW50MTEOMAwGA1UEAxMFcGVlcjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AAS/T1I1sgdatxUfGdgpPdCld0GbgsjkrsZpCwb1WBfshPcI7VET8UYdmyhlV7xh
5Y1nv7Nyta3CQFKnpNlpk8Szo4HgMIHdMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBQ6z4Uyl78cWEgIqHPywYLxDYDeETAfBgNVHSMEGDAW
gBTx8EIhISbfUqlHOYOkzfGLadcZ6DAVBgNVHREEDjAMggpmYWJyaWMtY2xpMGYG
CCoDBAUGBwgBBFp7ImF0dHJzIjp7ImhmLkFmZmlsaWF0aW9uIjoib3JnMS5kZXBh
cnRtZW50MSIsImhmLkVucm9sbG1lbnRJRCI6InBlZXIxIiwiaGYuVHlwZSI6InBl
ZXIifX0wCgYIKoZIzj0EAwIDRwAwRAIgI1zzjAKQfzf8acKTPk2PtGeVJjB8yQUR
uaNjecEcbiECIFErHS8Q7Qxw1WXghXSSgxo8Q6DtGuSrO6ijOxti0ou2
-----END CERTIFICATE-----
|1

吊销admin2的证书

[root@fabric-cli admin2]# fabric-ca-client revoke -e admin2 -r unspecified -H $PWD
2018/05/08 16:21:27 [INFO] Configuration file location: /root/client-01/admin2/fabric-ca-client-config.yaml
2018/05/08 16:21:27 [INFO] Sucessfully revoked certificates: [{Serial:392ee9ba3325e80e194a013571d910b1d837fe5a AKI:f1f042212126df52a9473983a4cdf18b69d719e8}]

数据库显示

admin2|392ee9ba3325e80e194a013571d910b1d837fe5a|f1f042212126df52a9473983a4cdf18b69d719e8||revoked|0|2019-05-08 08:08:00+00:00|2018-05-08 08:21:27|-----BEGIN CERTIFICATE-----
MIICyDCCAm+gAwIBAgIUOS7pujMl6A4ZSgE1cdkQsdg3/lowCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTE4MDUwODA4MDMwMFoXDTE5MDUwODA4MDgwMFowfTELMAkG
A1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl
cmxlZGdlcjEuMAsGA1UECxMEdXNlcjALBgNVBAsTBG9yZzEwEgYDVQQLEwtkZXBh
cnRtZW50MTEPMA0GA1UEAxMGYWRtaW4yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAER0NPvkZ7g/wOmncvaPzcESrQtVjSAhIBe5R3uHWBzmKKOGYnSOTAZPz8mQfd
tgjxuZnc8MuEgTeH9Wy0uyPew6OB4TCB3jAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUsF0jjj/KF6c/3XZY/7mI63E0WhMwHwYDVR0jBBgw
FoAU8fBCISEm31KpRzmDpM3xi2nXGegwFQYDVR0RBA4wDIIKZmFicmljLWNsaTBn
BggqAwQFBgcIAQRbeyJhdHRycyI6eyJoZi5BZmZpbGlhdGlvbiI6Im9yZzEuZGVw
YXJ0bWVudDEiLCJoZi5FbnJvbGxtZW50SUQiOiJhZG1pbjIiLCJoZi5UeXBlIjoi
dXNlciJ9fTAKBggqhkjOPQQDAgNHADBEAiA9puD24CEgOpoxjGx/0BHVjyoExiqk
mi3lj6JVXiAi3wIgQVMinjIj75s3SPBk5eROR0lKpXaOz627erKHZq3dh28=
-----END CERTIFICATE-----
|1

参考:
Fabric CA 用户指南
fabric-ca

你可能感兴趣的:(区块链)