1. Hyperledger Fabric Application 구조
블록체인 네트워크의 구성과, 체인코드(스마트 컨트랙트)는 구축이 된 상태에서 Client와 연결할 수 있도록 node.js를 통해 아래 Application부분을(빨간색 박스 부분) 개발해야함
2. 'docker-compose-ca.yaml'파일 작성 및 컨테이너 실행
Hyperledger-Fabric-ca server를 구축해서 기존 조직들의 정보를 등록하고, 신규 사용자들도 등록함
'docker-compose-ca.yaml'파일은 네트워크 환경에 맞게 구성하고, 조직의 ca, msp등이 기록된 경로도 정확한 위치로 설정
network 이름: test
현재경로: fabric-samples/my-network/docker/docker-compose-ca.yaml
version: '2'
networks:
test:
# external:
# name: test
services:
ca.org1.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/priv_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
# Volumes 아래의 경로를 Crpytogen기반으로 구축한 조직의 경로 '...../ca'로 설정
volumes:
- ../organizations/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com
networks:
- test
ca.org2.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org2.example.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/priv_sk
ports:
- "8054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
# Volumes 아래의 경로를 Crpytogen기반으로 구축한 조직의 경로 '...../ca'로 설정
volumes:
- ../organizations/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org2.example.com
networks:
- testdocker 디렉토리에서 docker-compose-ca.yaml 실행해서 컨테이너에 올림
COMPOSE_PROJECT_NAME 도커이름 변수는 net으로 설정(이전 블록체인 네트워크 구성시 사용했을 경우 사용)
-d 는 백그라운드 실행
COMPOSE_PROJECT_NAME=net docker-compose -f docker-compose-ca.yaml up -d
3. node js로 Application 실행
Application 디렉토리 구성
※ app.js를 run하기 전에는 [app.js, package.json]파일만 존재
node로 app.js를 런하려면 아래 변수들의 경로, 설정한 이름(체인코드, 채널등) 구성한 이름으로 매핑해줘야함
- app.js
/*
* Copyright IBM Corp. All Rights Reserved.
*
* SPDX-License-Identifier: Apache-2.0
*/
'use strict';
const { Gateway, Wallets } = require('fabric-network');
const FabricCAServices = require('fabric-ca-client');
const path = require('path');
// admin 지정을 위해 CAUtils.js, AppUtil.js를 요청받아서 사용함
const { buildCAClient, registerAndEnrollUser, enrollAdmin } = require('../../test-application/javascript/CAUtil.js');
const { buildCCPOrg1, buildWallet } = require('../../test-application/javascript/AppUtil.js');
const channelName = 'mychannel';
//const chaincodeName = 'basic';
const chaincodeName = 'new5';
const mspOrg1 = 'Org1MSP';
const walletPath = path.join(__dirname, 'wallet');
const org1UserId = 'appUser';
function prettyJSONString(inputString) {
return JSON.stringify(JSON.parse(inputString), null, 2);
}
// pre-requisites:
// - fabric-sample two organization test-network setup with two peers, ordering service,
// and 2 certificate authorities
// ===> from directory /fabric-samples/test-network
// ./network.sh up createChannel -ca
// - Use any of the asset-transfer-basic chaincodes deployed on the channel "mychannel"
// with the chaincode name of "basic". The following deploy command will package,
// install, approve, and commit the javascript chaincode, all the actions it takes
// to deploy a chaincode to a channel.
// ===> from directory /fabric-samples/test-network
// ./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-javascript/ -ccl javascript
// - Be sure that node.js is installed
// ===> from directory /fabric-samples/asset-transfer-basic/application-javascript
// node -v
// - npm installed code dependencies
// ===> from directory /fabric-samples/asset-transfer-basic/application-javascript
// npm install
// - to run this test application
// ===> from directory /fabric-samples/asset-transfer-basic/application-javascript
// node app.js
// NOTE: If you see kind an error like these:
/*
2020-08-07T20:23:17.590Z - error: [DiscoveryService]: send[mychannel] - Channel:mychannel received discovery error:access denied
******** FAILED to run the application: Error: DiscoveryService: mychannel error: access denied
OR
Failed to register user : Error: fabric-ca request register failed with errors [[ { code: 20, message: 'Authentication failure' } ]]
******** FAILED to run the application: Error: Identity not found in wallet: appUser
*/
// Delete the /fabric-samples/asset-transfer-basic/application-javascript/wallet directory
// and retry this application.
//
// The certificate authority must have been restarted and the saved certificates for the
// admin and application user are not valid. Deleting the wallet store will force these to be reset
// with the new certificate authority.
//
/**
* A test application to show basic queries operations with any of the asset-transfer-basic chaincodes
* -- How to submit a transaction
* -- How to query and check the results
*
* To see the SDK workings, try setting the logging to show on the console before running
* export HFC_LOGGING='{"debug":"console"}'
*/
async function main() {
try {
// build an in memory object with the network configuration (also known as a connection profile)
const ccp = buildCCPOrg1();
console.log(ccp);
console.log("************END CCP*************");
// build an instance of the fabric ca services client based on
// the information in the network configuration
const caClient = buildCAClient(FabricCAServices, ccp, 'ca.org1.example.com');
console.log(caClient);
// setup the wallet to hold the credentials of the application user
const wallet = await buildWallet(Wallets, walletPath);
console.log(wallet);
console.log("****************EnrollAdmin Start********************");
// in a real application this would be done on an administrative flow, and only once
await enrollAdmin(caClient, wallet, mspOrg1);
// in a real application this would be done only when a new user was required to be added
// and would be part of an administrative flow
console.log("****************** EnrollUser ******************")
await registerAndEnrollUser(caClient, wallet, mspOrg1, org1UserId, 'org1.department1');
await registerAndEnrollUser(caClient, wallet, mspOrg1, "appuser2", 'org1.department2');
console.log("*****************END Register User*********************");
// Create a new gateway instance for interacting with the fabric network.
// In a real application this would be done as the backend server session is setup for
// a user that has been verified.
const gateway = new Gateway();
try {
// setup the gateway instance
// The user will now be able to create connections to the fabric network and be able to
// submit transactions and query. All transactions submitted by this gateway will be
// signed by this user using the credentials stored in the wallet.
await gateway.connect(ccp, {
wallet,
identity: org1UserId,
discovery: { enabled: true, asLocalhost: true } // using asLocalhost as this gateway is using a fabric network deployed locally
});
// Build a network instance based on the channel where the smart contract is deployed
const network = await gateway.getNetwork(channelName);
// Get the contract from the network.
const contract = network.getContract(chaincodeName);
// Initialize a set of asset data on the channel using the chaincode 'InitLedger' function.
// This type of transaction would only be run once by an application the first time it was started after it
// deployed the first time. Any updates to the chaincode deployed later would likely not need to run
// an "init" type function.
console.log('\n--> Submit Transaction: InitLedger, function creates the initial set of assets on the ledger');
// await contract.submitTransaction('InitLedger');
console.log('*** Result: committed');
// Let's try a query type operation (function).
// This will be sent to just one peer and the results will be shown.
console.log('\n--> EvSaluate Transaction: GetAllAssets, function returns all the current assets on the ledger');
let result = await contract.evaluateTransaction('GetAllAssets', '5');
console.log(`*** Result: ${prettyJSONString(result.toString())}`);
// Now let's try to submit a transaction.
// This will be sent to both peers and if both peers endorse the transaction, the endorsed proposal will be sent
// to the orderer to be committed by each of the peer's to the channel ledger.
// createAsset function
// console.log('\n--> Submit Transaction: CreateAsset, creates new asset with ID, color, owner, size, and appraisedValue arguments');
// result = await contract.submitTransaction('CreateAsset', 'asset22', 'brown', '5', 'Kignjae', '9900');
// console.log('*** Result: committed');
// if (`${result}` !== '') {
// console.log(`*** Result: ${prettyJSONString(result.toString())}`);
// }
console.log('\n--> Evaluate Transaction: ReadAsset, function returns an asset with a given assetID');
result = await contract.evaluateTransaction('ReadAsset', 'sc-1-1');
console.log(`*** Result: ${prettyJSONString(result.toString())}`);
// console.log('\n--> Evaluate Transaction: AssetExists, function returns "true" if an asset with given assetID exist');
// result = await contract.evaluateTransaction('AssetExists', 'asset1');
// console.log(`*** Result: ${prettyJSONString(result.toString())}`);
// console.log('\n--> Submit Transaction: UpdateAsset asset1, change the appraisedValue to 350');
// await contract.submitTransaction('UpdateAsset', 'asset1', 'blue', '5', 'Tomoko', '350');
// console.log('*** Result: committed');
// console.log('\n--> Evaluate Transaction: ReadAsset, function returns "asset1" attributes');
// result = await contract.evaluateTransaction('ReadAsset', 'asset1');
// console.log(`*** Result: ${prettyJSONString(result.toString())}`);
// try {
// // How about we try a transactions where the executing chaincode throws an error
// // Notice how the submitTransaction will throw an error containing the error thrown by the chaincode
// console.log('\n--> Submit Transaction: UpdateAsset asset70, asset70 does not exist and should return an error');
// await contract.submitTransaction('UpdateAsset', 'asset70', 'blue', '5', 'Tomoko', '300');
// console.log('******** FAILED to return an error');
// } catch (error) {
// console.log(`*** Successfully caught the error: \n ${error}`);
// }
console.log('\n--> Submit Transaction: TransferAsset asset1, transfer to new owner of Tom');
await contract.submitTransaction('TransferAsset', 'asset1', 'Tom');
console.log('*** Result: committed');
// console.log('\n--> Evaluate Transaction: ReadAsset, function returns "asset1" attributes');
// result = await contract.evaluateTransaction('ReadAsset', 'asset1');
// console.log(`*** Result: ${prettyJSONString(result.toString())}`);
} finally {
// Disconnect from the gateway when the application is closing
// This will close all connections to the network
gateway.disconnect();
}
} catch (error) {
console.error(`******** FAILED to run the application: ${error}`);
}
}
main();
- package.json
{
"name": "asset-transfer-basic",
"version": "1.0.0",
"description": "Asset-transfer-basic application implemented in JavaScript",
"engines": {
"node": ">=12",
"npm": ">=5"
},
"engineStrict": true,
"author": "Hyperledger",
"license": "Apache-2.0",
"dependencies": {
"fabric-ca-client": "^2.2.4",
"fabric-network": "^2.2.4"
}
}
App.js를 실행하기 위해서는 connection.json 생성하고 Apputill과 연결해 줘야함
fabric-samples/test-application 디렉토르 구조
- connection.json
※ Orderer, 조직(Org1, Org2), 들의 msp, ca경로를 맞춰주세요
{
"name": "test",
"version": "1.0",
"channels": {
"channel1": {
"orderers": [
"orderer.example.com"
],
"peers": [
"peer0.org1.example.com",
"peer0.org2.example.com"
]
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.example.com"
]
},
"Org2": {
"mspid": "Org2MSP",
"peers": [
"peer0.org2.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://localhost:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
},
"tlsCACerts": {
# app.js 실행하는 위치에서부터 orderer msp의 인증서가 있는 곳까지 경로 설정해줘야함
# 'tlsCACerts' 경로에 맞게 설정해줘야함
"path": "../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
}
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://localhost:7051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
},
"tlsCACerts": {
"path": "../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem"
}
},
"peer0.org2.example.com": {
"url": "grpcs://localhost:9051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org2.example.com"
},
"tlsCACerts": {
"path": "../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "http://localhost:7054",
"caName": "ca.org1.example.com",
"tlsCACerts": {
"path": "../organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"
},
"registrar":{
"enrollId": "admin",
"enrollSecret": "adminpw",
"caName": "casales1"
},
"httpOptions": {
"verify": false
}
}
}
}
- javascript/Apptutil.js
buildCCPOrg1의 ccpPath경로를 'connection.json'의 경로로 지정해줘야함
/*
* Copyright IBM Corp. All Rights Reserved.
*
* SPDX-License-Identifier: Apache-2.0
*/
'use strict';
const fs = require('fs');
const path = require('path');
exports.buildCCPOrg1 = () => {
// load the common connection configuration file
// const ccpPath = path.resolve(__dirname, '..', '..', 'test-network', 'organizations', 'peerOrganizations', 'org1.example.com', 'connection-org1.json');
const ccpPath = path.resolve(__dirname, '..', 'connection.json');
const fileExists = fs.existsSync(ccpPath);
if (!fileExists) {
throw new Error(`no such file or directory: ${ccpPath}`);
}
const contents = fs.readFileSync(ccpPath, 'utf8');
// build a JSON object from the file contents
const ccp = JSON.parse(contents);
console.log(`Loaded the network configuration located at ${ccpPath}`);
return ccp;
};
exports.buildCCPOrg2 = () => {
// load the common connection configuration file
const ccpPath = path.resolve(__dirname, '..', '..', 'test-network',
'organizations', 'peerOrganizations', 'org2.example.com', 'connection-org2.json');
const fileExists = fs.existsSync(ccpPath);
if (!fileExists) {
throw new Error(`no such file or directory: ${ccpPath}`);
}
const contents = fs.readFileSync(ccpPath, 'utf8');
// build a JSON object from the file contents
const ccp = JSON.parse(contents);
console.log(`Loaded the network configuration located at ${ccpPath}`);
return ccp;
};
exports.buildWallet = async (Wallets, walletPath) => {
// Create a new wallet : Note that wallet is for managing identities.
let wallet;
if (walletPath) {
wallet = await Wallets.newFileSystemWallet(walletPath);
console.log(`Built a file system wallet at ${walletPath}`);
} else {
wallet = await Wallets.newInMemoryWallet();
console.log('Built an in memory wallet');
}
return wallet;
};
exports.prettyJSONString = (inputString) => {
if (inputString) {
return JSON.stringify(JSON.parse(inputString), null, 2);
}
else {
return inputString;
}
}
- javascript/CAUtil.js
/*
* Copyright IBM Corp. All Rights Reserved.
*
* SPDX-License-Identifier: Apache-2.0
*/
'use strict';
const adminUserId = 'admin';
const adminUserPasswd = 'adminpw';
/**
*
* @param {*} FabricCAServices
* @param {*} ccp
*/
exports.buildCAClient = (FabricCAServices, ccp, caHostName) => {
// Create a new CA client for interacting with the CA.
const caInfo = ccp.certificateAuthorities[caHostName]; //lookup CA details from config
const caTLSCACerts = caInfo.tlsCACerts.pem;
const caClient = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName);
console.log(`Built a CA Client named ${caInfo.caName}`);
return caClient;
};
exports.enrollAdmin = async (caClient, wallet, orgMspId) => {
try {
// Check to see if we've already enrolled the admin user.
const identity = await wallet.get(adminUserId);
if (identity) {
console.log('An identity for the admin user already exists in the wallet');
return;
}
// Enroll the admin user, and import the new identity into the wallet.
const enrollment = await caClient.enroll({ enrollmentID: adminUserId, enrollmentSecret: adminUserPasswd });
const x509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.key.toBytes(),
},
mspId: orgMspId,
type: 'X.509',
};
await wallet.put(adminUserId, x509Identity);
console.log('Successfully enrolled admin user and imported it into the wallet');
} catch (error) {
console.error(`Failed to enroll admin user : ${error}`);
}
};
exports.registerAndEnrollUser = async (caClient, wallet, orgMspId, userId, affiliation) => {
try {
// Check to see if we've already enrolled the user
const userIdentity = await wallet.get(userId);
if (userIdentity) {
console.log(`An identity for the user ${userId} already exists in the wallet`);
return;
}
// Must use an admin to register a new user
const adminIdentity = await wallet.get(adminUserId);
if (!adminIdentity) {
console.log('An identity for the admin user does not exist in the wallet');
console.log('Enroll the admin user before retrying');
return;
}
// build a user object for authenticating with the CA
const provider = wallet.getProviderRegistry().getProvider(adminIdentity.type);
const adminUser = await provider.getUserContext(adminIdentity, adminUserId);
// Register the user, enroll the user, and import the new identity into the wallet.
// if affiliation is specified by client, the affiliation value must be configured in CA
const secret = await caClient.register({
affiliation: affiliation,
enrollmentID: userId,
role: 'client'
}, adminUser);
const enrollment = await caClient.enroll({
enrollmentID: userId,
enrollmentSecret: secret
});
const x509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.key.toBytes(),
},
mspId: orgMspId,
type: 'X.509',
};
await wallet.put(userId, x509Identity);
console.log(`Successfully registered and enrolled user ${userId} and imported it into the wallet`);
} catch (error) {
console.error(`Failed to register user : ${error}`);
}
};
application-javascript 에서 node app.js 실행하면 체인코드 결과값 반환
※ 향후 웹 서버를 하나 구축해서 값을 전달하고 반환하게 하면 블록체인 기반 서비스 만들 수 있을듯
node app.js
'보안 및 블록체인 > 블록체인' 카테고리의 다른 글
| 하이퍼레저 패브릭(Hyperledger Fabric) v2.2 - Hyperledger Dapp블록생성자 변경 (0) | 2022.09.16 |
|---|---|
| 하이퍼레저 패브릭(Hyperledger Fabric) v2.2 - #6 Hyperledger Explorer v1.1.8 구축(Docker기반) (0) | 2022.09.08 |
| 하이퍼레저 패브릭(Hyperledger Fabric) v2.2 - #4 go언어 체인코드 개발 (0) | 2022.08.19 |
| 블록체인 보안이슈 및 위협요소 정리 51%공격 #2 (0) | 2022.08.16 |
| 블록체인 보안이슈 및 위협요소 정리 #1 - [블록체인] (0) | 2022.08.12 |