Reputation: 71
Accessing Fabric CA Server with REST API (Authentication Error)
https://github.com/hyperledger/fabric-ca/blob/release-1.2/swagger/swagger-fabric-ca.json
Using the above link as reference, I've success with the cainfo method (using localhost:27054/api/v1/cainfo). However, when it comes to registering and enrolling a user, it require an authentication token in the header. This token comprises two base64-encoded segments separated by a period:
- An enrollment certificate.
- A signature over the certificate and the body of the request.
My question is from where I will get the enrollment certificate and perform the signature over it.
Note - I'm exploring the fabric-samples/token-sdk code and attempting to register and enroll users through the fabric-ca REST API.
This is what is expected:
{ "name": "Authorization", "in": "header", "description": "An enrollment token consisting of two base 64 encoded parts separated by a period: \n an enrollment certificate; \n a signature over the certificate and body of request.**", "required": true, "type": "string" }
Upvotes: 0
Views: 128
Answers (1)
Reputation: 1649
You would typically use a (previously registered/enrolled) admin identity for the organization to register organization users. The Fabric CA is initially created with a CA admin identity that can be used to register new identities, including admin identities. The enrollment name and secret for the CA admin identity are specified when the CA is initalized. See here for details:
The code within the Fabric CA client for generating the auth token is here. It seems that the auth token is certificate.signature, where:
certificateis the base64-encoded certificate PEM of the signer.signatureis the base64-encoded signature over a payload.
The payload is composed of method.uri.body.certificate, where:
methodis the HTTP method.uriis the base64-encoded request URI.bodyis the base64-encoded JSON request body.certificateis the base64-encoded certificate PEM of the signer.
Upvotes: 0
Related Questions
- can't enroll peer to hyperledger fabric on aks using hlf operator
- Deploy and expose chaincode as REST api on amazon managed blockchain hyperledger fabric 1.2
- How to manage user authentication for hyperledger using msp and fabric-ca-client?
- How to get certificates for identities from CA in Hyperledger Composer
- Accessing Fabric CA server REST Api (Methods that involve Authorization)
- how certificates get derived from the real fabric-ca-server certificate in hfc-key-store in hyperledger?
- Hyperledger Composer : Error: failed to request identity. Unsupported certificate purpose
- Client-side signing