J'ai essayé d'utiliser le client Fabric CA Node.js SDK pour révoquer soitImpossible de révoquer un certificat ou l'identifiant d'inscription avec le noeud de tissu sdk
- un certificat d'inscription
- un ID d'inscription (et tout ce qu'il est certificats)
J'ai suivi les échantillons sur les essais de ca (https://github.com/hyperledger/fabric-sdk-node/blob/release/test/integration/fabric-ca-services-tests.js)
Après la Révoquer functio n est appelé, je peux voir que la réponse donnée est
{
"success": true,
"result": {},
"errors": [],
"messages": []
}
Aussi, je peux voir que les journaux de CA qui Révoque réussissent
Révoquer du certificat:
Authorization: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI4RENDQVplZ0F3SUJBZ0lVYzV3Y3M2U0xGczYxYzBDS3dHUlRVVTBXN3dFd0NnWUlLb1pJemowRUF3SXcKY3pFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ1RDa05oYkdsbWIzSnVhV0V4RmpBVUJnTlZCQWNURFZOaApiaUJHY21GdVkybHpZMjh4R1RBWEJnTlZCQW9URUc5eVp6RXVaWGhoYlhCc1pTNWpiMjB4SERBYUJnTlZCQU1UCkUyTmhMbTl5WnpFdVpYaGhiWEJzWlM1amIyMHdIaGNOTVRjd09USTFNVEF5TnpBd1doY05NVGd3T1RJMU1UQXkKTnpBd1dqQVFNUTR3REFZRFZRUURFd1ZoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQQpCSmljVE1Td0hDclRBcWRGYjcwVHo2TXpKSHp1YmRqZE92ZDN5RC8yR3puNThCaFpKV243MHUxRHhxWFB6THVvClZ2KytrSjVFL1NoU1Z0bUwySVg2UEtpamJEQnFNQTRHQTFVZER3RUIvd1FFQXdJSGdEQU1CZ05WSFJNQkFmOEUKQWpBQU1CMEdBMVVkRGdRV0JCU0lFVTQzcWw0MENwU2tMZi9NT3U4b0s4QVVjREFyQmdOVkhTTUVKREFpZ0NCQwpPYW9OelhiYTdyaTZETnB3R0ZIUlJRVFRHcTBiTGQzYnJHcFhObDVKZkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFCkFpQllmZWZjdzc5eTAyWVNGZzJuUCtSdklMOWVxTWh1M0Y1WWp4R2pPc0dzZlFJZ2JtZmtUTENXRisveHpEZC8KTFEwUWQzZ2hsaXBuWk1xSENVRFBDa0RKbmhRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==.MEUCIQDlkBPmew/acbHt0o0Nm8HL9nKlo9EqCzW+REUP6Vh+SQIgcBt73ycUhYe6AT/S0aZNUCzErgsk7PNCsLo/E5La5QM=
{"aki":"4239AA0DCD76DAEEB8BA0CDA701851D14504D31AAD1B2DDDDBAC6A57365E497C","serial":"1A8C250C11C33E36752FFB4161D7E6C39AEF4F56","reason":null,"caName":"ca.example.com"}
2017/09/25 15:25:33 [DEBUG] Directing traffic to CA ca.example.com
2017/09/25 15:25:33 [DEBUG] Checking for revocation/expiration of certificate owned by 'admin'
2017/09/25 15:25:33 [DEBUG] DB: Get certificate by serial (739c1cb3a48b16ceb573408ac06453514d16ef01) and aki (4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c)
2017/09/25 15:25:33 [DEBUG] Successful authentication of 'admin'
2017/09/25 15:25:33 [DEBUG] Revoke request received
2017/09/25 15:25:33 [DEBUG] Revoke request: {RevocationRequest:{Name: Serial:1A8C250C11C33E36752FFB4161D7E6C39AEF4F56 AKI:4239AA0DCD76DAEEB8BA0CDA701851D14504D31AAD1B2DDDDBAC6A57365E497C Reason: CAName:ca.example.com}}
2017/09/25 15:25:33 [DEBUG] getUserAttrValue identity=admin, attr=hf.Revoker
2017/09/25 15:25:33 [DEBUG] DB: Getting identity admin
2017/09/25 15:25:33 [DEBUG] getUserAttrValue identity=admin, name=hf.Revoker, value=1
2017/09/25 15:25:33 [DEBUG] DB: Get certificate by serial (1a8c250c11c33e36752ffb4161d7e6c39aef4f56) and aki (4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c)
2017/09/25 15:25:33 [DEBUG] DB: Getting information for identity devorgId1-appId1
2017/09/25 15:25:33 [DEBUG] Check to see if revoker admin has affiliations to revoke: devorgId1-appId1
2017/09/25 15:25:33 [DEBUG] getUserAffilliation identity=admin
2017/09/25 15:25:33 [DEBUG] DB: Getting information for identity admin
2017/09/25 15:25:33 [DEBUG] getUserAffiliation identity=admin, aff=
2017/09/25 15:25:33 [DEBUG] Affiliation of revoker: , affiliation of identity being revoked: org1
2017/09/25 15:25:33 [DEBUG] Identity with root affiliation revoking
2017/09/25 15:25:33 [DEBUG] DB: Revoke certificate by serial (1a8c250c11c33e36752ffb4161d7e6c39aef4f56) and aki (4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c)
2017/09/25 15:25:33 [DEBUG] Revoke was successful: {RevocationRequest:{Name: Serial:1a8c250c11c33e36752ffb4161d7e6c39aef4f56 AKI:4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c Reason: CAName:ca.example.com}}
Révoquer id d'inscription :
2017/09/25 16:39:19 [DEBUG] Successful authentication of 'admin'
2017/09/25 16:39:19 [DEBUG] Revoke request received
2017/09/25 16:39:19 [DEBUG] Revoke request: {RevocationRequest: {Name:devorgId1-appId1 Serial: AKI: Reason: CAName:ca.example.com}}
2017/09/25 16:39:19 [DEBUG] getUserAttrValue identity=admin, attr=hf.Revoker
2017/09/25 16:39:19 [DEBUG] DB: Getting identity admin
2017/09/25 16:39:19 [DEBUG] getUserAttrValue identity=admin, name=hf.Revoker, value=1
2017/09/25 16:39:19 [DEBUG] DB: Getting identity devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] DB: Getting information for identity devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] Check to see if revoker admin has affiliations to revoke: devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] getUserAffilliation identity=admin
2017/09/25 16:39:19 [DEBUG] DB: Getting information for identity admin
2017/09/25 16:39:19 [DEBUG] getUserAffiliation identity=admin, aff=
2017/09/25 16:39:19 [DEBUG] Affiliation of revoker: , affiliation of identity being revoked: org1
2017/09/25 16:39:19 [DEBUG] Identity with root affiliation revoking
2017/09/25 16:39:19 [DEBUG] DB: Update identity devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] DB: Revoke certificate by ID (devorgId1-appId1)
2017/09/25 16:39:19 [WARNING] No certificates were revoked for 'devorgId1-appId1' but the ID was disabled
2017/09/25 16:39:19 [DEBUG] Revoked the following certificates owned by 'devorgId1-appId1': []
2017/09/25 16:39:19 [DEBUG] Revoke was successful: {RevocationRequest:{Name:devorgId1-appId1 Serial: AKI: Reason: CAName:ca.example.com}}
Cependant, après la révocation (que ce soit juste un certificat ou l'ID d'inscription) Je suis toujours capable d'effectuer des invocations en utilisant l'ID d'inscription via le SDK node.js (en utilisant getUserContext et en effectuant des transactions). Est-ce voulu? Je m'attendais à un identifiant d'inscription révoqué ou les certificats ne seraient plus en mesure d'effectuer des invocations.
Plus d'info: En utilisant le script de démarrage de FABCAR pour faire tourner un réseau tissu v1: https://github.com/hyperledger/fabric-samples/tree/release/fabcar