I want to connect to hyperledger fabric blockchain network on Amazon Managed Blockchain using nodejs sdk. Fabric client is a cloud9 instance, which already setup and successfully connected to peer node using fabric cli inside a docker container. But when I try to use nodejs sdk to connect to network with this code:
'use strict';
const FabricCAServices = require('fabric-ca-client');
const { Wallets, Gateway, X509Identity, User } = require('fabric-network');
const fs = require('fs');
const path = require('path');
const yaml = require('js-yaml');
const ccpPath = path.resolve(__dirname, 'connection_profile.yaml');
const ccp = yaml.load(fs.readFileSync(ccpPath, 'utf8'));
async function main() {
try {
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = await Wallets.newFileSystemWallet(walletPath);
const gateway = new Gateway();
const gatewayOptions = {identity: 'admin', wallet: wallet, discovery: {enabled: true, asLocalhost: false }}
await gateway.connect(ccp, gatewayOptions);
const network = await gateway.getNetwork('mychannel');
} catch (error) {
console.error(`Some error is occurred: ${error.stack}`);
process.exit(1);
}
}
main();
With content of "connection_profile.yaml" file is:
name: "ABC"
x-type: hlfv1
version: "1.0"
channels:
mychannel:
orderers:
- ABCOrderer
peers:
peer1:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
organizations:
abc:
mspid: m-***
peers:
- peer1
certificateAuthorities:
- abc
orderers:
ABCOrderer:
url: grpcs://orderer.n-***.managedblockchain.ap-northeast-1.amazonaws.com:30001
grpcOptions:
ssl-target-name-override: orderer.n-***.managedblockchain.ap-northeast-1.amazonaws.com
tlsCACerts:
# path: /home/ec2-user/managedblockchain-tls-chain.pem
path: /home/ec2-user/admin-msp/admincerts/cert.pem
peers:
peer1:
url: grpcs://nd-***.managedblockchain.ap-northeast-1.amazonaws.com:30003
eventUrl: grpcs://nd-***.managedblockchain.ap-northeast-1.amazonaws.com:30004
grpcOptions:
ssl-target-name-override: nd-***.managedblockchain.ap-northeast-1.amazonaws.com
tlsCACerts:
# path: /home/ec2-user/managedblockchain-tls-chain.pem
path: /home/ec2-user/admin-msp/admincerts/cert.pem
certificateAuthorities:
abc:
url: https://ca.m-***.managedblockchain.ap-northeast-1.amazonaws.com:30002
httpOptions:
verify: true
tlsCACerts:
# path: /home/ec2-user/managedblockchain-tls-chain.pem
path: /home/ec2-user/admin-msp/admincerts/cert.pem
caName: m-***
"/home/ec2-user/admin-msp/admincerts/cert.pem" is file is created by enroll member admin identity (follow this aws guide: https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-enroll-admin.html). Then after 3s the console show this error:
2022-07-05T13:22:52.812Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer1, url:grpcs://nd-***.managedblockchain.ap-northeast-1.amazonaws.com:30003, connected:false, connectAttempted:true
2022-07-05T13:22:52.814Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer1 url:grpcs://nd-***.managedblockchain.ap-northeast-1.amazonaws.com:30003 timeout:3000
2022-07-05T13:22:52.814Z - info: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer1 due to Error: Failed to connect before the deadline on Endorser- name: peer1, url:grpcs://nd-***.managedblockchain.ap-northeast-1.amazonaws.com:30003, connected:false, connectAttempted:true
2022-07-05T13:22:55.817Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Committer- name: ABCOrderer, url:grpcs://orderer.n-***.managedblockchain.ap-northeast-1.amazonaws.com:30001, connected:false, connectAttempted:true
2022-07-05T13:22:55.817Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server ABCOrderer url:grpcs://orderer.n-***.managedblockchain.ap-northeast-1.amazonaws.com:30001 timeout:3000
2022-07-05T13:22:55.818Z - info: [NetworkConfig]: buildOrderer - Unable to connect to the committer ABCOrderer due to Error: Failed to connect before the deadline on Committer- name: ABCOrderer, url:grpcs://orderer.n-***.managedblockchain.ap-northeast-1.amazonaws.com:30001, connected:false, connectAttempted:true
Some error is occurred: TypeError: Cannot read property 'toArray' of null
at EC.sign (/home/ec2-user/src-test/node_modules/elliptic/lib/elliptic/ec/index.js:104:30)
at CryptoSuite_ECDSA_AES.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/impl/CryptoSuite_ECDSA_AES.js:215:25)
at Signer.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/Signer.js:59:28)
at SigningIdentity.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/SigningIdentity.js:71:23)
at IdentityContext.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/IdentityContext.js:91:40)
at DiscoveryService.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/ServiceAction.js:69:40)
at NetworkImpl._initializeInternalChannel (/home/ec2-user/src-test/node_modules/fabric-network/lib/network.js:298:35)
at NetworkImpl._initialize (/home/ec2-user/src-test/node_modules/fabric-network/lib/network.js:250:20)
at Gateway.getNetwork (/home/ec2-user/src-test/node_modules/fabric-network/lib/gateway.js:350:26)
at main (/home/ec2-user/src-test/enrollUser.js:38:35)
So I think the problem probably is my connection_profile setting, which I mimic connection-profile-template.yaml file from aws blockchain samples code (https://github.com/aws-samples/non-profit-blockchain/tree/master/ngo-lambda).
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
name: "ngo"
x-type: "hlfv1"
description: "NGO Network"
version: "1.0"
channels:
mychannel:
orderers:
- orderer.com
peers:
peer1:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
organizations:
Org1:
mspid: %MEMBERID%
peers:
- peer1
certificateAuthorities:
- ca-org1
orderers:
orderer.com:
url: grpcs://%ORDERINGSERVICEENDPOINT%
grpcOptions:
ssl-target-name-override: %ORDERINGSERVICEENDPOINTNOPORT%
tlsCACerts:
path: %CAFILE%
peers:
peer1:
url: grpcs://%PEERSERVICEENDPOINT%
eventUrl: grpcs://%PEEREVENTENDPOINT%
grpcOptions:
ssl-target-name-override: %PEERSERVICEENDPOINTNOPORT%
tlsCACerts:
path: %CAFILE%
certificateAuthorities:
ca-org1:
url: https://%CASERVICEENDPOINT%
httpOptions:
verify: false
tlsCACerts:
path: %CAFILE%
caName: %MEMBERID%
So, any idea or suggestion on how can I fix it? Any help would be appreciated. Thank You!
Updated_1: I try both key file from AWS S3(managedblockchain-tls-chain.pem) and key created by CA for admin. But both do not seem to work. Here is the error when I try with key file from S3:
Some error is occurred: TypeError: Cannot read property 'toArray' of null
at EC.sign (/home/ec2-user/src-test/node_modules/elliptic/lib/elliptic/ec/index.js:104:30)
at CryptoSuite_ECDSA_AES.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/impl/CryptoSuite_ECDSA_AES.js:215:25)
at Signer.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/Signer.js:59:28)
at SigningIdentity.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/SigningIdentity.js:71:23)
at IdentityContext.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/IdentityContext.js:91:40)
at DiscoveryService.sign (/home/ec2-user/src-test/node_modules/fabric-common/lib/ServiceAction.js:69:40)
at NetworkImpl._initializeInternalChannel (/home/ec2-user/src-test/node_modules/fabric-network/lib/network.js:298:35)
at NetworkImpl._initialize (/home/ec2-user/src-test/node_modules/fabric-network/lib/network.js:250:20)
at Gateway.getNetwork (/home/ec2-user/src-test/node_modules/fabric-network/lib/gateway.js:350:26)
at main (/home/ec2-user/src-test/enrollUser.js:38:35)
Updated 2: Maybe the problem is my admin identity inside wallet, so I update the code to save admin identity to the wallet:
const caURL = ccp.certificateAuthorities['abc'].url;
const ca = new FabricCAServices(caURL);
const enrollment = await ca.enroll({ enrollmentID: 'admin', enrollmentSecret: 'Adminpassword' });
const X509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.rootCertificate,
},
mspId: ccp.organizations['abc'].mspid,
type: 'X.509',
};
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = await Wallets.newFileSystemWallet(walletPath);
await wallet.put('admin', X509Identity);
Updated_3:
As @david_k suggests, the problem is my identity inside the wallet is wrong, and as the result, it is denied by the gateway. So the line privateKey in Update_2 needs to be changed from privateKey: enrollment.rootCertificate,
to privateKey: enrollment.key.toBytes(),
Thank you very much @david_k!