- Added mutual tls support

get_tls_certificates.sh

@@ -1,8 +1,37 @@
 #!/bin/bash
 set -x #echo on
 
-IP_ADDRESS="164.90.214.237"
-REMOTE_MACHINE_TLS_CERT_FILE="/root/hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem"
-LOCAL_TLS_CERT_FILE="./hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem"
+IP_ADDRESS="165.232.76.37"
+#REMOTE_MACHINE_TLS_CERT_FILE="/root/hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem"
+#LOCAL_TLS_CERT_FILE="./hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem"
 
-scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_TLS_CERT_FILE $LOCAL_TLS_CERT_FILE
+REMOTE_MACHINE_PEER2_TLS_CA_CERT_FILE="/root/hlft-store/tlsca/peer2/tls-msp/tlscacerts/tls-tlsca-7054.pem"
+LOCAL_PEER2_TLS_CA_CERT_FILE="./hlft-store/tlsca/peer2/tls-msp/tlscacerts/tls-tlsca-7054.pem"
+
+REMOTE_MACHINE_PEER2_TLS_SERVER_CERT_FILE="/root/hlft-store/orgca/peer2/msp/tls/server.crt"
+LOCAL_PEER2_TLS_SERVER_CERT_FILE="./hlft-store/orgca/peer2/msp/tls/server.crt"
+
+REMOTE_MACHINE_PEER2_TLS_SERVER_KEY_FILE="/root/hlft-store/orgca/peer2/msp/tls/server.key"
+LOCAL_PEER2_TLS_SERVER_KEY_FILE="./hlft-store/orgca/peer2/msp/tls/server.key"
+
+
+REMOTE_MACHINE_ORDERER_TLS_CA_CERT_FILE="/root/hlft-store/tlsca/orderer/tls-msp/tlscacerts/tls-tlsca-7054.pem"
+LOCAL_ORDERER_TLS_CA_CERT_FILE="./hlft-store/tlsca/orderer/tls-msp/tlscacerts/tls-tlsca-7054.pem"
+
+# REMOTE_MACHINE_ORDERER_TLS_SERVER_CERT_FILE="/root/hlft-store/orgca/orderer/msp/tls/server.crt"
+# LOCAL_ORDERER_TLS_SERVER_CERT_FILE="./hlft-store/orgca/orderer/msp/tls/server.crt"
+
+# REMOTE_MACHINE_ORDERER_TLS_SERVER_KEY_FILE="/root/hlft-store/orgca/orderer/msp/tls/server.key"
+# LOCAL_ORDERER_TLS_SERVER_KEY_FILE="./hlft-store/orgca/orderer/msp/tls/server.key"
+
+#scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_TLS_CERT_FILE $LOCAL_TLS_CERT_FILE
+
+scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_ORDERER_TLS_CA_CERT_FILE $LOCAL_ORDERER_TLS_CA_CERT_FILE
+# scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_ORDERER_TLS_SERVER_CERT_FILE $LOCAL_ORDERER_TLS_SERVER_CERT_FILE
+# scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_ORDERER_TLS_SERVER_KEY_FILE $LOCAL_ORDERER_TLS_SERVER_KEY_FILE
+
+
+
+scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_PEER2_TLS_CA_CERT_FILE $LOCAL_PEER2_TLS_CA_CERT_FILE
+scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_PEER2_TLS_SERVER_CERT_FILE $LOCAL_PEER2_TLS_SERVER_CERT_FILE
+scp -r root@$IP_ADDRESS:$REMOTE_MACHINE_PEER2_TLS_SERVER_KEY_FILE $LOCAL_PEER2_TLS_SERVER_KEY_FILE

hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem

@@ -1,13 +1,13 @@
 -----BEGIN CERTIFICATE-----
-MIICATCCAaegAwIBAgIUP/fI4qZbd8HE2ZTS4OHbB9ntc7gwCgYIKoZIzj0EAwIw
+MIICADCCAaegAwIBAgIUd+wnna1xsGjjHIQwfVrSyy55cQ4wCgYIKoZIzj0EAwIw
 XTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
 EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMQ4wDAYDVQQDEwV0bHNjYTAe
-Fw0yMDA4MTMwODU4MDBaFw0zNTA4MTAwODU4MDBaMF0xCzAJBgNVBAYTAlVTMRcw
+Fw0yMDA4MTQxNzQ2MDBaFw0zNTA4MTExNzQ2MDBaMF0xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEChMLSHlwZXJsZWRnZXIxDzAN
 BgNVBAsTBkZhYnJpYzEOMAwGA1UEAxMFdGxzY2EwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAASXGzTNSh2D/Fi2NaLTsygpLQshZppkQO9Wrq2km9VC5XFNUeaAtUSx
-hGepwgKuQ1ofcZVLBRh3IZ3So9MDfftko0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD
-VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUu7SghRZCw0VDPRR0CdUKoyfsMMkw
-CgYIKoZIzj0EAwIDSAAwRQIhAOlDaWS4YC7GN9UVqW5WJR4mOcHAaeXEmsXDM1yN
-CRUYAiAM+yZwJe11TbLSsmA0IaCN4tqU7DC4skR86CMcwhcT9A==
+PQMBBwNCAAQv3oAXZ5VSCoYmhKLFy65hTQumndtED6Czb8ne7xgRtahLllkxZ6XJ
+CcFLo/42k8uJmPQeZSnfDE2vMsDgZzM2o0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD
+VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUVScLDcZ4Ow8IjJxx3EfQpJVcPQQw
+CgYIKoZIzj0EAwIDRwAwRAIgESNo4V9wjgFp6lp7ObJSyIa/8QuxMzBVzWJGpdai
+WC4CICQhkGb+j4T4wimyt1hOFWsYZgFjh66pOGTxMun0HeDc
 -----END CERTIFICATE-----

hlft-store/orgca/peer2/msp/tls/server.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuzCCAmKgAwIBAgIUHBNrKcHKEkFQTDkf0RFwr0hRRFwwCgYIKoZIzj0EAwIw
+XTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
+EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMQ4wDAYDVQQDEwV0bHNjYTAe
+Fw0yMDA4MTQxNzQ2MDBaFw0yMTA4MTQxNzUxMDBaMFsxCzAJBgNVBAYTAlVTMRcw
+FQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEChMLSHlwZXJsZWRnZXIxDTAL
+BgNVBAsTBHBlZXIxDjAMBgNVBAMTBXBlZXIyMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEx8GA1o1Iwy8IpVVFWBzTtdBdk99GQ3YBKySzUYspMSrcWyRtxM4KGPUe
+EY9rMUvG+1PZ5XJkEioz7+4zFvGtEaOCAQAwgf0wDgYDVR0PAQH/BAQDAgOoMB0G
+A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
+DgQWBBT9i+Vi5YD8cUczEwzvD5xWnQxrczAfBgNVHSMEGDAWgBRVJwsNxng7DwiM
+nHHcR9CklVw9BDAmBgNVHREEHzAdggVwZWVyMYIFcGVlcjKCB29yZGVyZXKHBKXo
+TCUwVgYIKgMEBQYHCAEESnsiYXR0cnMiOnsiaGYuQWZmaWxpYXRpb24iOiIiLCJo
+Zi5FbnJvbGxtZW50SUQiOiJwZWVyMiIsImhmLlR5cGUiOiJwZWVyIn19MAoGCCqG
+SM49BAMCA0cAMEQCIG4a+qLC+Mg7/Hhr5Q6Izm5ULxTzQKU2g5o6ScAsuHCXAiBH
+VN8DqU36wonpcdjQbwPwgxRA6R8BL9pS2EWPsdPxHA==
+-----END CERTIFICATE-----

hlft-store/orgca/peer2/msp/tls/server.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgOutRzYFZ7WRIdHrd
+GwIr2/5UJBi+9ZuHo5obUY6zHc+hRANCAATHwYDWjUjDLwilVUVYHNO10F2T30ZD
+dgErJLNRiykxKtxbJG3EzgoY9R4Rj2sxS8b7U9nlcmQSKjPv7jMW8a0R
+-----END PRIVATE KEY-----

hlft-store/tlsca/orderer/tls-msp/tlscacerts/tls-tlsca-7054.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICADCCAaegAwIBAgIUd+wnna1xsGjjHIQwfVrSyy55cQ4wCgYIKoZIzj0EAwIw
+XTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
+EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMQ4wDAYDVQQDEwV0bHNjYTAe
+Fw0yMDA4MTQxNzQ2MDBaFw0zNTA4MTExNzQ2MDBaMF0xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEChMLSHlwZXJsZWRnZXIxDzAN
+BgNVBAsTBkZhYnJpYzEOMAwGA1UEAxMFdGxzY2EwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQv3oAXZ5VSCoYmhKLFy65hTQumndtED6Czb8ne7xgRtahLllkxZ6XJ
+CcFLo/42k8uJmPQeZSnfDE2vMsDgZzM2o0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD
+VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUVScLDcZ4Ow8IjJxx3EfQpJVcPQQw
+CgYIKoZIzj0EAwIDRwAwRAIgESNo4V9wjgFp6lp7ObJSyIa/8QuxMzBVzWJGpdai
+WC4CICQhkGb+j4T4wimyt1hOFWsYZgFjh66pOGTxMun0HeDc
+-----END CERTIFICATE-----

hlft-store/tlsca/peer2/tls-msp/tlscacerts/tls-tlsca-7054.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICADCCAaegAwIBAgIUd+wnna1xsGjjHIQwfVrSyy55cQ4wCgYIKoZIzj0EAwIw
+XTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
+EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMQ4wDAYDVQQDEwV0bHNjYTAe
+Fw0yMDA4MTQxNzQ2MDBaFw0zNTA4MTExNzQ2MDBaMF0xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEChMLSHlwZXJsZWRnZXIxDzAN
+BgNVBAsTBkZhYnJpYzEOMAwGA1UEAxMFdGxzY2EwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQv3oAXZ5VSCoYmhKLFy65hTQumndtED6Czb8ne7xgRtahLllkxZ6XJ
+CcFLo/42k8uJmPQeZSnfDE2vMsDgZzM2o0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD
+VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUVScLDcZ4Ow8IjJxx3EfQpJVcPQQw
+CgYIKoZIzj0EAwIDRwAwRAIgESNo4V9wjgFp6lp7ObJSyIa/8QuxMzBVzWJGpdai
+WC4CICQhkGb+j4T4wimyt1hOFWsYZgFjh66pOGTxMun0HeDc
+-----END CERTIFICATE-----

invoke.js

@@ -2,75 +2,83 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-'use strict';
+"use strict";
 
-const { FileSystemWallet, Gateway } = require('fabric-network');
-const path = require('path');
-
-const ccpPath = path.resolve(__dirname, '.', 'network_profile.json');
-
-
-
-const user_name = "lion";
-const CHANNEL_NAME  = "appchannel";
-const CHAIN_CODE_NAME = "carcc";
-const CHAIN_CODE_FUNCTION_NAME = "createCar";
+const { FileSystemWallet, Gateway } = require("fabric-network");
+const fs = require("fs");
+const path = require("path");
 
+const ccpPath = path.resolve(__dirname, ".", "network_profile.json");
 
 // const user_name = "lion";
 // const CHANNEL_NAME  = "appchannel";
-// const CHAIN_CODE_NAME = "testcc";
-// const CHAIN_CODE_FUNCTION_NAME = "invoke";
+// const CHAIN_CODE_NAME = "carcc";
+// const CHAIN_CODE_FUNCTION_NAME = "createCar";
 
+const user_name = "lion";
+const CHANNEL_NAME = "appchannel";
+const CHAIN_CODE_NAME = "testcc";
+const CHAIN_CODE_FUNCTION_NAME = "invoke";
 
 async function main() {
-    try {
-
-
-
-        // Create a new file system based wallet for managing identities.
-        const walletPath = path.join(process.cwd(), 'wallet');
-        const wallet = new FileSystemWallet(walletPath);
-        console.log(`Wallet path: ${walletPath}`);
-
-        // Check to see if we've already enrolled the user.
-        const userExists = await wallet.exists(user_name);
-        if (!userExists) {
-            console.log('An identity for the user "user1" does not exist in the wallet');
-            console.log('Run the registerUser.js application before retrying');
-            return;
-        }
-
-        // Create a new gateway for connecting to our peer node.
-        const gateway = new Gateway();
-        await gateway.connect(ccpPath, { wallet, identity: user_name, discovery: { enabled: false, asLocalhost: false } });
-
-        // Get the network (channel) our contract is deployed to.
-        const network = await gateway.getNetwork(CHANNEL_NAME);
-
-        // Get the contract from the network.
-        const contract = network.getContract(CHAIN_CODE_NAME);
-
-        // Submit the specified transaction.
-        // createCar transaction - requires 5 argument, ex: ('createCar', 'CAR12', 'Honda', 'Accord', 'Black', 'Tom')
-        // changeCarOwner transaction - requires 2 args , ex: ('changeCarOwner', 'CAR10', 'Dave')
-
-
-        await contract.submitTransaction(CHAIN_CODE_FUNCTION_NAME, "BE8800","Opel","Corsa","Light Blue","7","2050","1");
-
-        //await contract.submitTransaction(CHAIN_CODE_FUNCTION_NAME, "b","a","1");
-
-
-
-        console.log('Transaction has been submitted');
-
-        // Disconnect from the gateway.
-        await gateway.disconnect();
-
-    } catch (error) {
-        console.error(`Failed to submit transaction: ${error}`);
-        process.exit(1);
+  try {
+    // Create a new file system based wallet for managing identities.
+    const walletPath = path.join(process.cwd(), "wallet");
+    const wallet = new FileSystemWallet(walletPath);
+    console.log(`Wallet path: ${walletPath}`);
+
+    // Check to see if we've already enrolled the user.
+    const userExists = await wallet.exists(user_name);
+    if (!userExists) {
+      console.log(
+        'An identity for the user "user1" does not exist in the wallet'
+      );
+      console.log("Run the registerUser.js application before retrying");
+      return;
     }
+    const clientKey = fs.readFileSync(
+      path.join(__dirname, "./hlft-store/orgca/peer2/msp/tls/server.key")
+    );
+    const clientCert = fs.readFileSync(
+      path.join(__dirname, "./hlft-store/orgca/peer2/msp/tls/server.crt")
+    );
+    // Create a new gateway for connecting to our peer node.
+    const gateway = new Gateway();
+    await gateway.connect(ccpPath, {
+      wallet,
+      identity: user_name,
+      discovery: { enabled: false, asLocalhost: false },
+    });
+
+    //set TLS certs for CLIENTAUTH
+    const client = await gateway.getClient();
+    client.setTlsClientCertAndKey(
+      Buffer.from(clientCert).toString(),
+      Buffer.from(clientKey).toString()
+    );
+
+    // Get the network (channel) our contract is deployed to.
+    const network = await gateway.getNetwork(CHANNEL_NAME);
+
+    // Get the contract from the network.
+    const contract = network.getContract(CHAIN_CODE_NAME);
+
+    // Submit the specified transaction.
+    // createCar transaction - requires 5 argument, ex: ('createCar', 'CAR12', 'Honda', 'Accord', 'Black', 'Tom')
+    // changeCarOwner transaction - requires 2 args , ex: ('changeCarOwner', 'CAR10', 'Dave')
+
+    //await contract.submitTransaction(CHAIN_CODE_FUNCTION_NAME, "BE8800","Opel","Corsa","Light Blue","7","2050","1");
+
+    await contract.submitTransaction(CHAIN_CODE_FUNCTION_NAME, "b", "a", "15");
+
+    console.log("Transaction has been submitted");
+
+    // Disconnect from the gateway.
+    await gateway.disconnect();
+  } catch (error) {
+    console.error(`Failed to submit transaction: ${error}`);
+    process.exit(1);
+  }
 }
 
 main();

network_profile.json

@@ -42,9 +42,9 @@
 
   "orderers": {
     "orderer": {
-      "url": "grpcs://164.90.214.237:8053",
+      "url": "grpcs://165.232.76.37:8053",
       "tlsCACerts": {
-        "path": "./hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem"
+        "path": "./hlft-store/tlsca/orderer/tls-msp/tlscacerts/tls-tlsca-7054.pem"
       },
       "grpcOptions": {
         "ssl-target-name-override": "orderer"
@@ -54,10 +54,10 @@
 
   "peers": {
     "peer2": {
-      "url": "grpcs://164.90.214.237:8055",
+      "url": "grpcs://165.232.76.37:8055",
 
       "tlsCACerts": {
-        "path": "./hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem"
+        "path": "./hlft-store/tlsca/peer2/tls-msp/tlscacerts/tls-tlsca-7054.pem"
       },
       "grpcOptions": {
         "ssl-target-name-override": "peer2"
@@ -67,15 +67,15 @@
   "certificateAuthorities": {
     "orgca": {
       "caName": "orgca",
-      "url": "https://164.90.214.237:8052",
+      "url": "https://165.232.76.37:8052",
       "httpOptions": {
         "verify": false
       }
     },
 
     "tlsca": {
       "caName": "tlsca",
-      "url": "https://164.90.214.237:8081",
+      "url": "https://165.232.76.37:8081",
       "httpOptions": {
         "verify": false
       }