I want to try the idemix feature introduced by Fabric 1.3 version. based on the repo. I did some changes in order to support idemix. But when I run java -cp blockchain-client.jar org.example.chaincode.invocation.InvokeChaincode
,btw, I omitted the step 5 for Register and enroll users, I came across
2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms` from peer container.
I set up a fabric network with minimal components. Two organizations, each has two peers and a CA. The demo is from repo. The demo's network with no idemix feature supported works well. When I add idemix section to configtx.yaml, regenerate crypto material, create a channel, etc. And the network finally is up. All containers are work well. But I interact with fab car chaincode using java-sdk, the above error info was thrown.
The following are from configtx.yaml file(just show key parts here):
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
- &Org1Idemix
Name: idemixMSP1
ID: idemixMSPID1
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org3.example.com
- &Org2Idemix
Name: idemixMSP2
ID: idemixMSPID2
msptype: idemix
MSPDir: crypto-config/peerOrganizations/org4.example.com
Capabilities: Channel: &ChannelCapabilities V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
#V1_2: false
#V1_1: false
Application: &ApplicationDefaults Organizations: Channel: &ChannelDefaults Policies: Readers: Type: ImplicitMeta Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles: TwoOrgsOrdererGenesis: Capabilities: <<: *ChannelCapabilities Orderer: <<: *OrdererDefaults Organizations: - *OrdererOrg Capabilities: <<: *OrdererCapabilities Consortiums: SampleConsortium: Organizations: - *Org1 - *Org2 - *Org1Idemix - *Org2Idemix Application: <<: *ApplicationDefaults Organizations: - *OrdererOrg Capabilities: <<: *ApplicationCapabilities TwoOrgsChannel: Consortium: SampleConsortium Application: <<: *ApplicationDefaults Organizations: - *Org1 - *Org2 - *Org1Idemix - *Org2Idemix Capabilities: <<: *ApplicationCapabilities
The code I add in InvokeChaincode.java before creating channel client as follows:
// org/example/chaincode/invocation.java
UserContext normalUserContext = new UserContext();
String name = "user"+System.currentTimeMillis();
normalUserContext.setName(name);
normalUserContext.setAffiliation(Config.ORG1);
normalUserContext.setMspId(Config.ORG3_IDEMIX_MSP);
String enrollmentSecret = caClient.registerUser(name, Config.ORG1);
normalUserContext = caClient.idemixEnrollUser(normalUserContext, enrollmentSecret,normalUserContext.getMspId());
FabricClient fabClient = new FabricClient(normalUserContext);
The configuration file added code:
// org/example/config/Config.java
public static final String ORG3 = "org3";
public static final String ORG3_IDEMIX_MSP = "idemixMSPID1";
And docker-composer.yaml file remains unchanged. All the images used are 1.4.1
I expect the endorser peer able to verify tx proposal from client with idemix enabled. But now the peer side report 2019-10-18 03:20:10.312 UTC [protoutils] ValidateProposalMessage -> WARN 049 channel [mychannel]: creator certificate is not valid: Failed verifing with opts [&{<nil> <nil> [] [{1 [111 114 103 49]} {2 1} {0 <nil>} {0 <nil>}] 3 [] 0 0xc00000fab8 0}]: signature invalid: APrime and ABar don't have the expected structure
2019-10-18 03:20:10.312 UTC [comm.grpc.server] 1 -> INFO 04a unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.22.0.1:33960 error="access denied: channel [mychannel] creator org [idemixMSPID1]" grpc.code=Unknown grpc.call_duration=82.6484ms
I don't know why. I guess that if a peer does not support idemix tx verification. Are there some switches not open on peers? Help. Any replies will be thankful.