第二步-同构多链互相访问:2台机器部署2个fabric网络,使用陆羽协议访问彼此的区块链并发送交易
实现的结构图如下及调用路径如下:
切换到102服务器:
下载router源码
cd /root/java/
git clone https://gitee.com/luyu-community/router.git
编译
cd router
gradle assemble
生成证书
切换到101服务器
由于102的router是想要与101的router相连,所以要使用同一个根证书生成新的证书,先在101生成证书并发送到102:
每个fabric相对于本机的配置是相同的,因此不需要修改ipfile文件
cd /root/java/router/dist
sh build_router.sh -n payment2 -f ipfile -o config-102 -c routers/cert/
scp -r config-102 root@192.168.92.102:/root/java/router/dist/routers
安装router
切换回102服务器
安装fabric插件
cd /root/java/
git clone https://gitee.com/luyu-community/fabric-plugin.git
cd fabric-plugin
gradle assemble
在/root/java/fabric-plugin/dist/apps目录下生成fabric1-stub-2.0.0-rc1.jar
回到router项目,把编译生成的插件放置于router的plugins目录下
cp /root/java/fabric-plugin/dist/apps/fabric1-stub-2.0.0-rc1.jar /root/java/router/dist/routers/127.0.0.1-8250-25500/plugin/
新建目录并进入(fabric102代表我虚拟机的ip尾数):
mkdir -p /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102
cd /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102
执行:
vi plugin.toml
[common]
name = 'fabric102'
type = 'Fabric1.4'
touch driver.toml
vi connection.toml
[fabricServices]
channelName = 'mychannel'
orgUserName = 'fabric_admin'
ordererTlsCaFile = 'orderer-tlsca.crt'
ordererAddress = 'grpcs://localhost:7050'
[orgs]
[orgs.Org1]
tlsCaFile = 'org1-tlsca.crt'
adminName = 'fabric_admin_org1' # 配置方式与fabric_admin相同
endorsers = ['grpcs://localhost:7051']
[orgs.Org2]
tlsCaFile = 'org2-tlsca.crt'
adminName = 'fabric_admin_org2' # 配置方式与fabric_admin相同,但account.toml 中的mspid为Org2MSP
endorsers = ['grpcs://localhost:9051']
cd /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/
目录下执行
mkdir fabric_admin fabric_admin_org1 fabric_admin_org2
vi fabric_admin/account.toml
[account]
type = 'Fabric1.4'
mspid = 'Org1MSP'
keystore = 'account.key'
signcert = 'account.crt'
vi fabric_admin_org1/account.toml
[account]
type = 'Fabric1.4'
mspid = 'Org1MSP'
keystore = 'account.key'
signcert = 'account.crt'
vi fabric_admin_org2/account.toml
[account]
type = 'Fabric1.4'
mspid = 'Org2MSP' # 此处不同
keystore = 'account.key'
signcert = 'account.crt'
拷贝证书:
连接排序节点的根证书
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102/orderer-tlsca.crt
连接org1的背书节点的根证书
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102/org1-tlsca.crt
连接org2的背书节点的根证书
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102/org2-tlsca.crt
org1账户证书
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric_admin/account.crt
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric_admin_org1/account.crt
org1账户私钥
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/*_sk /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric_admin/account.key
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/*_sk /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric_admin_org1/account.key
org2账户证书
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric_admin_org2/account.crt
org2账户私钥
cp $GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/*_sk /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric_admin_org2/account.key
完成后的目录结构:
tree -L 2 /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/
/root/java/router/dist/routers/127.0.0.1-8251-25501/conf/accounts/
├── fabric_admin
│ ├── account.crt
│ ├── account.key
│ └── account.toml
├── fabric_admin_org1
│ ├── account.crt
│ ├── account.key
│ └── account.toml
└── fabric_admin_org2
├── account.crt
├── account.key
└── account.toml
tree /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102 -L 2
/root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102
├── connection.toml
├── driver.toml
├── orderer-tlsca.crt
├── org1-tlsca.crt
├── org2-tlsca.crt
└── plugin.toml
router项目默认启动8250端口是只监听本机的,如果想从其他服务器访问本机的8250端口,需要修改配置文件
vi /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/application.toml
[rpc] # rpc ip & port
address = '0.0.0.0'
port = 8250
enableSignVerify = false #改成false,后面调用的时候就可以不用签名,测试环境方便一些
启动router
cd /root/java/router/dist/routers
sh start_all.sh
在/root/java/router/dist/routers/127.0.0.1-8250-25500/logs/info.log中可以看日志,可以看到
2021-12-02 18:27:00.299 [mainLoop] INFO RouterHost() - Current active chains: [chain=payment2.fabric1,blockNumber=4]
2021-12-02 18:27:00.299 [mainLoop] INFO RouterHost() - Current active resources: payment2.fabric1.mycc
就代表着fabric网络已经纳入router管理
发送:
curl -H "Content-Type: application/json" -X POST -d '{"version": "1", "data":{"ignoreRemote": false}}' "http://localhost:8250/sys/listResources"
返回链上信息
{"version":"1.0.0","errorCode":0,"message":"Success","data":{"total":1,"resources":[{"path":"payment2.fabric1.mycc","type":"Fabric1.4","methods":null,"properties":{"ORG_NAMES":["Org1","Org2"],"PROPOSAL_WAIT_TIME":"300000","CHAINCODE_VERSION":"1.0","CHANNEL_NAME":"mychannel","CHAINCODE_NAME":"mycc"}}]}}
此时还不能发送交易,因为没有配置二级账户
安装account-manage
接下来配置二级账户
编译account-manager项目
cd /root/java/
git clone https://gitee.com/luyu-community/account-manager.git
编译,生成dist文件夹
cd account-manager
gradle assemble
把router生成的证书拷贝到dist/conf目录下
cd dist
cp /root/java/router/dist/routers/cert/account-manager/* conf/
配置文件
cp conf/application-sample.toml conf/application.toml
vim conf/application.toml # 一般情况下无需编辑,采用默认配置即可
启动服务
bash start.sh
安装java-sdk
下载luyu-java-sdk
cd /root/java/
git clone https://gitee.com/luyu-community/luyu-java-sdk.git
编译
cd luyu-java-sdk/
gradle assemble
cd dist
生成一个一级账户地址
bash gen_account.sh
[SUCCESS] Account secret key generated: 0xfca9d31bad28ca5d754652b28a9d9ada7cabdfff.key
添加二级账户
由于Fabric的二级账户无法自动生成,需手动将其配置到相关一级账户下
在配置了本插件的路由下执行命令
cd /root/java/router/dist/routers/127.0.0.1-8250-25500
java -cp conf/:lib/*:plugin/* link.luyu.protocol.link.fabric1.tools.AddAlgAccountRequestPacketBuilder 0xfca9d31bad28ca5d754652b28a9d9ada7cabdfff payment2.fabric102 fabric_admin
得到需要请求的json:
{
"data" : {
"luyuSign" : "",
"type" : "ECDSA_SECP256R1_WITH_SHA256",
"nonce" : 1640068235326,
"identity" : "0xfca9d31bad28ca5d754652b28a9d9ada7cabdfff",
"pubKey" : "BKNRFv63jahYEMeUoFlQLnuY/7D8GsAbyUZFU9NX6qQq1Qz4AHV9PDV6WOvFTFmD2/FKJnj/923NlHsiHQT7EoE=",
"secKey" : "ZfJGgdwZiDlpuf1wCGwGxsUL7FXJqmjGZIGatspXK/U=",
"properties" : {
"Fabric1.4:payment2.fabric102:name" : "fabric_admin",
"Fabric1.4:payment2.fabric102:mspid" : "Org1MSP",
"Fabric1.4:payment2.fabric102:cert" : "-----BEGIN CERTIFICATE-----\nMIICKTCCAc+gAwIBAgIQNR0imAw5wnfxLdsjqDCpeDAKBggqhkjOPQQDAjBzMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu\nb3JnMS5leGFtcGxlLmNvbTAeFw0yMTEyMjEwNTU3MDBaFw0zMTEyMTkwNTU3MDBa\nMGsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMQ4wDAYDVQQLEwVhZG1pbjEfMB0GA1UEAwwWQWRtaW5Ab3Jn\nMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKNRFv63jahY\nEMeUoFlQLnuY/7D8GsAbyUZFU9NX6qQq1Qz4AHV9PDV6WOvFTFmD2/FKJnj/923N\nlHsiHQT7EoGjTTBLMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1Ud\nIwQkMCKAILdoIXfTrRdnX6kgw7mPBl8bcAOe78P9cFpQ0kb6xebOMAoGCCqGSM49\nBAMCA0gAMEUCIQCF8rxoaEPHNIPRpi6EeMfRhY+qFCOnIV8lXKa7o+lIWQIgKd1Y\nzwE3J1jXhx67I5vNWZO62LFx7j8z640P1l3oL3A=\n-----END CERTIFICATE-----\n"
},
"isDefault" : true
}
}
将账户服务的RPC接口采用非SSL的模式,并重启账户服务
vim /root/java/account-manager/dist/conf/application.toml # sslOn 设置为 false
cd /root/java/account-manager/dist/
sh stop.sh
sh start.sh
调用账户服务的RPC接口,发送json
Method:POST
URL:http://192.168.92.102:8340/auth/addAlgAccount
Body:上述生成的json字段
成功后data.errorCode中返回0
{
"version": "1.0",
"errorCode": 0,
"message": "success",
"data": {
"errorCode": 0,
"message": "success"
}
}
调用RPC接口查询是否添加成功
Method:POST
URL:http://192.168.92.102:8340/auth/listAccount
Body:如下,指定一级账户地址(sender):0xfca9d31bad28ca5d754652b28a9d9ada7cabdfff
{
"data":{
"luyuSign": [],
"signData":{
"sender": "0xfca9d31bad28ca5d754652b28a9d9ada7cabdfff"
}
}
}
可查询到已添加的二级账户
调用接口
将账户服务的RPC接口改回SSL模式,以便能和路由交互。此处sslOn设置成ture之后,listAccount接口就不能用了,因为开启了ssl认证
vim /root/java/account-manager/dist/conf/application.toml # sslOn 设置为 true
调用call接口查询mycc中a的值(postman)
http://192.168.92.102:8250/resource/payment2/fabric102/mycc/call
{
"version":"1",
"data":{
"path": "payment2.fabric102.mycc",
"method": "query",
"args": ["a"],
"nonce":123456,
"luyuSign":"",
"sender": "0xfca9d31bad28ca5d754652b28a9d9ada7cabdfff"
}
}
调用sendTransaction发送交易
http://192.168.92.102:8250/resource/payment2/fabric102/mycc/sendTransaction
{
"version":"1",
"data":{
"path": "payment2.fabric102.mycc",
"method": "invoke",
"args": ["a","b","1"],
"nonce":1,
"luyuSign":"",
"sender": "0xfca9d31bad28ca5d754652b28a9d9ada7cabdfff"
}
}
到这一步,101和102还是两座孤岛,互相运行自己的系统以及fabric网络,接下来先让两个router连接起来,可以看到对方的区块链网络
连接两个网络
切换到101:
cd /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains
mkdir fabric102 && cd fabric102
vi plugin.toml
[common]
name = 'fabric102'
type = 'Fabric1.4'
vi driver.toml
[verifier]
[verifier.endorserCA] # 机构的CA列表
Org1MSP = 'verifier/org1CA/ca.org1.example.com-cert.pem' # 相对路径:验证证书所在位置的
Org2MSP = 'verifier/org2CA/ca.org2.example.com-cert.pem'
[verifier.ordererCA] # 排序节点的CA证书
OrdererMSP = 'verifier/ordererCA/ca.example.com-cert.pem'
mkdir verifier && cd verifier
mkdir ordererCA org1CA org2CA
scp root@192.168.92.102:/root/go/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/ordererOrganizations/example.com/ca/ca.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102/verifier/ordererCA/
scp root@192.168.92.102:/root/go/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102/verifier/org1CA/
scp root@192.168.92.102:/root/go/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric102/verifier/org2CA/
vi /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/application.toml
修改[p2p]标签下面的peers
peers = ['192.168.92.102:25500']
重启router
切换到102:
cd /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains
mkdir fabric101 && cd fabric101
vi plugin.toml
[common]
name = 'fabric101'
type = 'Fabric1.4'
vi driver.toml
[verifier]
[verifier.endorserCA] # 机构的CA列表
Org1MSP = 'verifier/org1CA/ca.org1.example.com-cert.pem' # 相对路径:验证证书所在位置的
Org2MSP = 'verifier/org2CA/ca.org2.example.com-cert.pem'
[verifier.ordererCA] # 排序节点的CA证书
OrdererMSP = 'verifier/ordererCA/ca.example.com-cert.pem'
mkdir verifier && cd verifier
mkdir ordererCA org1CA org2CA
scp root@192.168.92.101:/root/go/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/ordererOrganizations/example.com/ca/ca.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric101/verifier/ordererCA/
scp root@192.168.92.101:/root/go/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric101/verifier/org1CA/
scp root@192.168.92.101:/root/go/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/chains/fabric101/verifier/org2CA/
vi /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/application.toml
修改[p2p]标签下面的peers
peers = ['192.168.92.101:25500']
重启router
可以看到后台日志:
Current active chains: [chain=payment2.fabric102,blockNumber=7], [chain=payment2.fabric101,blockNumber=10]
Current active resources: payment2.fabric102.mycc, payment2.fabric101.mycc
表示两个router已经连上了
现在还不能完成从101服务器调用fabric102
想要实现router101调用fabric102,就要在router101下配置fabric102的账户证书文件,有两种方式。
方法1:在一个一级账户下管理多个二级账户,但是两个二级账户有其中一个是default属性,使用其中一个账户无法调用另一个账户所属链,而切换default账户需要设置account-manage的ssl属性并重启。
方法2:生成两个一级账户,不同的一级账户各自管理不同的二级账户,这样在调用时,只需要切换sender就可以了
一个二级账户不能同时纳入两个一级账户管理,所以两个方法只能二选一
方法1:
现在要在101的机器上配置fabric102账户,才能在101的router调用fabric102
cd /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/
mkdir fabric102_admin
vi fabric102_admin/account.toml
[account]
type = 'Fabric1.4'
mspid = 'Org1MSP'
keystore = 'account.key'
signcert = 'account.crt'
102的account证书拷贝过来
scp root@192.168.92.102:$GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/*_sk /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric102_admin/account.key
scp root@192.168.92.102:$GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric102_admin/account.crt
cd /root/java/router/dist/routers/127.0.0.1-8250-25500
java -cp conf/:lib/*:plugin/* link.luyu.protocol.link.fabric1.tools.AddAlgAccountRequestPacketBuilder 0x1dfa97d759404d8b6400c26207adcc17d6f8363d payment2.fabric102 fabric102_admin
得到:
{
"data" : {
"luyuSign" : "",
"type" : "ECDSA_SECP256R1_WITH_SHA256",
"nonce" : 1639117425628,
"identity" : "0x1dfa97d759404d8b6400c26207adcc17d6f8363d",
"pubKey" : "BDaGM5omtQhQemOF+7oTC+7hkcqwpuE+mYbwzw4Kgkswt3tprgWKx1Cqfkx3GHBcGAEcKlpU51d3S2wvckVTfoo=",
"secKey" : "APKyhboHQzhWHzaY/F1I8XV5ini1ZaO/iDyDOFmfL4RF",
"properties" : {
"Fabric1.4:payment2.fabric102:name" : "fabric102_admin",
"Fabric1.4:payment2.fabric102:mspid" : "Org1MSP",
"Fabric1.4:payment2.fabric102:cert" : "-----BEGIN CERTIFICATE-----\nMIICKTCCAdCgAwIBAgIRALYU1Cx69F0+YyIPrLXMGicwCgYIKoZIzj0EAwIwczEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh\nLm9yZzEuZXhhbXBsZS5jb20wHhcNMjExMjA2MDYzOTAwWhcNMzExMjA0MDYzOTAw\nWjBrMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN\nU2FuIEZyYW5jaXNjbzEOMAwGA1UECxMFYWRtaW4xHzAdBgNVBAMMFkFkbWluQG9y\nZzEuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ2hjOaJrUI\nUHpjhfu6Ewvu4ZHKsKbhPpmG8M8OCoJLMLd7aa4FisdQqn5MdxhwXBgBHCpaVOdX\nd0tsL3JFU36Ko00wSzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNV\nHSMEJDAigCBJBZqB9vyILQBRmEc0D2c9gg9oQawJdkaw2eZ5ITWyEjAKBggqhkjO\nPQQDAgNHADBEAiB/G3T6KxesQj9uvPH/ua72KZXzLEGjrhysnGD4IqEUwAIgccDx\nJvVZ674WSoZdY5UkoQ+pWhyEVa1VQV5Tb+R8hQw=\n-----END CERTIFICATE-----\n"
},
"isDefault" : true
}
}
将account-manage的RPC接口采用非SSL的模式,并重启账户服务
调用账户服务的RPC接口,发送json
http://192.168.92.101:8340/auth/addAlgAccount
Body:上述生成的json字段
返回success
调用http://192.168.92.101:8340/auth/listAccount查看是否添加成功
能够看到fabric102_admin所属的账户isDefault的属性被设置成了true,而原本fabric_admin的账户的isDefault属性被设置成了false
成功后,将账户服务的RPC接口改回SSL模式,向101服务器发请求,去调用102的链,注意修改路径:
http://192.168.92.101:8250/resource/payment2/fabric102/mycc/call
{
"version":"1",
"data":{
"path": "payment2.fabric102.mycc",
"method": "query",
"args": ["a"],
"nonce":123456,
"luyuSign":"",
"sender": "0x1dfa97d759404d8b6400c26207adcc17d6f8363d"
}
}
可以成功返回,再试试调用sendTransaction接口,注意修改路径
http://192.168.92.101:8250/resource/payment2/fabric102/mycc/sendTransaction
{
"version":"1",
"data":{
"path": "payment2.fabric102.mycc",
"method": "invoke",
"args": ["a","b","1"],
"nonce":1,
"luyuSign":"",
"sender": "0x1dfa97d759404d8b6400c26207adcc17d6f8363d"
}
}
返回success后,再去调用call接口确认一下
如果想再去调用fabric101,发现会报错:“Fabric account has not been added”
这是因为新添加的账户被设置成了default账户,可以调用下面接口去切换default账户
http://192.168.92.101:8340/auth/setDefaultAlgAccount
{
"data": {
"luyuSign": "",
"type": "ECDSA_SECP256R1_WITH_SHA256",
"nonce": 123,
"identity": "0xabcdef", #一级账户地址
"keyID": 0 #二级账户id
}
}
这种方式太过繁琐,因为需要修改account-manage的配置文件,并且重启数次
方法2:
可以使用多个一级账户管理不同的二级账户的方式,来实现对不同链的调用,在每次调用时,切换sender地址即可。
cd /root/java/luyu-java-sdk/dist
bash gen_account.sh
生成一个新的一级账户 0x346be6fc044cfa03000bf2f5ea906a761c6ae843
cd /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/
mkdir fabric102_admin
vi fabric102_admin/account.toml
[account]
type = 'Fabric1.4'
mspid = 'Org1MSP'
keystore = 'account.key'
signcert = 'account.crt'
scp root@192.168.92.102:$GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/*_sk /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric102_admin/account.key
scp root@192.168.92.102:$GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric102_admin/account.crt
cd /root/java/router/dist/routers/127.0.0.1-8250-25500
java -cp conf/:lib/*:plugin/* link.luyu.protocol.link.fabric1.tools.AddAlgAccountRequestPacketBuilder 0x346be6fc044cfa03000bf2f5ea906a761c6ae843 payment2.fabric102 fabric102_admin
设置ssl证书为false后,调用addAlgAccount
{
"data" : {
"luyuSign" : "",
"type" : "ECDSA_SECP256R1_WITH_SHA256",
"nonce" : 1639127916462,
"identity" : "0x346be6fc044cfa03000bf2f5ea906a761c6ae843",
"pubKey" : "BF0OjgRN4AGmWrezxX8aY+D4DmcVYo2ca/p1LlRmoPiK809n4GQJNuzN4X0O54fHAmgJV4dd8UZaWhiGInmjWIw=",
"secKey" : "APegol7W+Ofxn0TjR+LgLPN0279oFtAXj7qzN0/9B0ap",
"properties" : {
"Fabric1.4:payment2.fabric102:name" : "fabric102_admin",
"Fabric1.4:payment2.fabric102:mspid" : "Org1MSP",
"Fabric1.4:payment2.fabric102:cert" : "-----BEGIN CERTIFICATE-----\nMIICKDCCAc+gAwIBAgIQJDZsf5pCMt5++dsPXbwy8DAKBggqhkjOPQQDAjBzMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu\nb3JnMS5leGFtcGxlLmNvbTAeFw0yMTEyMTAwNzM3MDBaFw0zMTEyMDgwNzM3MDBa\nMGsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMQ4wDAYDVQQLEwVhZG1pbjEfMB0GA1UEAwwWQWRtaW5Ab3Jn\nMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABF0OjgRN4AGm\nWrezxX8aY+D4DmcVYo2ca/p1LlRmoPiK809n4GQJNuzN4X0O54fHAmgJV4dd8UZa\nWhiGInmjWIyjTTBLMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1Ud\nIwQkMCKAIPZ8ilacNvCkiDf+LRVoXNGf2gB+eA4i6zPJbM0zk9HOMAoGCCqGSM49\nBAMCA0cAMEQCID11BuOOB309nDME9B7+dmXxUH+avtxEdtcqVLMMadfJAiBXt9xM\nDaKXBvfC21KRar7dRgEZ3l7uB3NQaMBKzmNSfg==\n-----END CERTIFICATE-----\n"
},
"isDefault" : true
}
}
到这里,已经可以调用101的router接口访问fabric101和fabric102网络
102添加二级账户方式同理,不再赘述,简单记录一下命令
cd /root/java/luyu-java-sdk/dist
bash gen_account.sh
生成一个新的一级账户 0x7bbe2de276e57e7f4901a7b834e0934143f5f073
cd /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/
mkdir fabric101_admin
vi fabric101_admin/account.toml
[account]
type = 'Fabric1.4'
mspid = 'Org1MSP'
keystore = 'account.key'
signcert = 'account.crt'
scp root@192.168.92.101:$GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/*_sk /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric101_admin/account.key
scp root@192.168.92.101:$GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem /root/java/router/dist/routers/127.0.0.1-8250-25500/conf/accounts/fabric101_admin/account.crt
cd /root/java/router/dist/routers/127.0.0.1-8250-25500
java -cp conf/:lib/*:plugin/* link.luyu.protocol.link.fabric1.tools.AddAlgAccountRequestPacketBuilder 0x7bbe2de276e57e7f4901a7b834e0934143f5f073 payment1.fabric101 fabric101_admin
设置ssl证书为false后,调用addAlgAccount
{
"data" : {
"luyuSign" : "",
"type" : "ECDSA_SECP256R1_WITH_SHA256",
"nonce" : 1639469184477,
"identity" : "0x7bbe2de276e57e7f4901a7b834e0934143f5f073",
"pubKey" : "BBzoEgIvT0aChexixrHrWRFC38mY/X/Rc8RQr0RIi9MH7F5uOagTdjSRgu7BBp8UN1vUIBjZxWIqK5gbWR0rQPI=",
"secKey" : "ZsfaGPJyOrjW3g5ymoGHGldZbNbOTJVp3jamAc2Z2zs=",
"properties" : {
"Fabric1.4:payment1.fabric101:cert" : "-----BEGIN CERTIFICATE-----\nMIICKTCCAdCgAwIBAgIRAIYI5mQWM5XGrVo9UrykoLYwCgYIKoZIzj0EAwIwczEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh\nLm9yZzEuZXhhbXBsZS5jb20wHhcNMjExMjEwMDczNjAwWhcNMzExMjA4MDczNjAw\nWjBrMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN\nU2FuIEZyYW5jaXNjbzEOMAwGA1UECxMFYWRtaW4xHzAdBgNVBAMMFkFkbWluQG9y\nZzEuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQc6BICL09G\ngoXsYsax61kRQt/JmP1/0XPEUK9ESIvTB+xebjmoE3Y0kYLuwQafFDdb1CAY2cVi\nKiuYG1kdK0Dyo00wSzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNV\nHSMEJDAigCDFGXEd4czKARLr7jOCwRnw8A+p5Do9CJudFGgHPQ6S1zAKBggqhkjO\nPQQDAgNHADBEAiBlabjSFOZDCcBxuqdmrR4noPBOaTskt64T/QOxqX8RJQIgNsHi\nx4x8pLUjAf7hOu0WQEel06/QKegmC+kjpM6av8I=\n-----END CERTIFICATE-----\n",
"Fabric1.4:payment1.fabric101:name" : "fabric101_admin",
"Fabric1.4:payment1.fabric101:mspid" : "Org1MSP"
},
"isDefault" : true
}
}
转载请注明来源
