Hyperledger composer multi user identity - hyperledger-composer

I am following below tutorial
https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html
I am able to complete the steps till setting up default wallet identity. After this when i try system ping method I get the error.
{
"error": {
"statusCode": 500,
"name": "Error",
"message": "Error trying to ping. Error: Error trying to query chaincode. Error: chaincode error (status: 500, message: Error: The current identity has not been registered:maeid1)",
"stack": "Error: Error trying to ping. Error: Error trying to query chaincode. Error: chaincode error (status: 500, message: Error: The current identity has not been registered:maeid1)\n at _checkRuntimeVersions.then.catch (/home/praval/.nvm/versions/node/v6.11.1/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:696:34)"
}
}
The same error I get while testing from access token.
curl -v http://localhost:3000/api/system/ping?access_token=xxxxx
Though I can run network ping successfully.
composer network ping -p hlfv1 -n 'digitalproperty-network' -i maeid1 -s NfUhmXtiaSUH
Thanks for help.

The problem you are seeing is described by this issue
https://github.com/hyperledger/composer/issues/1761
Both the CLI and Rest server have enrolled the user but this results in both environments storing certificates for the same identity that differ (for example issue and expiry dates). Whichever environment used their certificate first for that identity and activated that identity/participant in the runtime has their certificate registered. When the other environment presents their certificate it isn't found (because it is different to the first environment) and so reports that the identity is not registered.
The way to address this is if you plan to use the identity in the rest server, don't ping it from the CLI first.

Related

Error starting hyperledger-composer network after Fabric and Composer version upgrade

I've come across an error starting the hyperledger-composer network that isn't answered in the composer-wiki.
✖ Starting business network definition. This may take a minute...
Error: Error trying to start business network. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: transaction returned with failure: can't find PEM header: undefined
Command failed
Checking pre-requisites,
Fabric 1.2
Composer 0.20.4
Node 8.12.0
Docker 18.01.1
"composer network install" was successful, with file appearing in the docker peer at /var/hyperleder/production/chaincodes
After running the "composer network start" command, a "docker ps" shows new docker instance with name:
dev-peer0.org1.example.com-<<business-network-name>>-0.0.7
But any attempt to ping this results in a failure like this:
Error: Error trying to ping. Error: make sure the chaincode <<business-network-name>> has been successfully instantiated and try again: getccdata composerchannel/<<business-network-name>> responded with error: could not find chaincode with name '<<business-network-name>>'
Checking the log of the dev-peer0, it ends with the following:
2018-11-05T05:03:18.227Z [4264161f] ERROR :Composer :Init() can't find PEM header: undefined
2018-11-05T05:03:18.227Z [4264161f] VERBOSE :Composer :#PERF Init() Total (ms) duration for txnID [4264161fc30a61c70884d4c7efb460fea6a755d07bc4852875c393346795227a]: 929.00
2018-11-05T05:03:18.228Z ERROR [lib/handler.js] [composerchannel-4264161f]Calling chaincode Init() returned error response [can't find PEM header: undefined]. Sending ERROR message back to peer
The corresponding error in the peer0 log is a big larger:
2018-11-05 05:03:18.229 UTC [endorser] SimulateProposal -> ERRO 439d [composerchannel][4264161f] failed to invoke chaincode name:"lscc" , error: transaction returned with failure: can't find PEM header: undefined
github.com/hyperledger/fabric/core/chaincode.(*ChaincodeSupport).Execute
/opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/chaincode_support.go:202
github.com/hyperledger/fabric/core/endorser.(*SupportImpl).Execute
/opt/gopath/src/github.com/hyperledger/fabric/core/endorser/support.go:131
github.com/hyperledger/fabric/core/endorser.(*Endorser).callChaincode
/opt/gopath/src/github.com/hyperledger/fabric/core/endorser/endorser.go:173
github.com/hyperledger/fabric/core/endorser.(*Endorser).SimulateProposal
/opt/gopath/src/github.com/hyperledger/fabric/core/endorser/endorser.go:287
github.com/hyperledger/fabric/core/endorser.(*Endorser).ProcessProposal
/opt/gopath/src/github.com/hyperledger/fabric/core/endorser/endorser.go:501
github.com/hyperledger/fabric/core/handlers/auth/filter.(*expirationCheckFilter).ProcessProposal
/opt/gopath/src/github.com/hyperledger/fabric/core/handlers/auth/filter/expiration.go:61
github.com/hyperledger/fabric/core/handlers/auth/filter.(*filter).ProcessProposal
/opt/gopath/src/github.com/hyperledger/fabric/core/handlers/auth/filter/filter.go:31
github.com/hyperledger/fabric/protos/peer._Endorser_ProcessProposal_Handler
/opt/gopath/src/github.com/hyperledger/fabric/protos/peer/peer.pb.go:112
github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(*Server).processUnaryRPC
/opt/gopath/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:923
github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(*Server).handleStream
/opt/gopath/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:1148
github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1
/opt/gopath/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:637
runtime.goexit
/opt/go/src/runtime/asm_amd64.s:2361
2018-11-05 05:03:18.229 UTC [endorser] SimulateProposal -> DEBU 439e [composerchannel][4264161f] Exit
Since this last worked I have updated composer from 0.19 to 0.20.4, and taken Fabric from 1.1 to 1.2.
Googling suggests that this kind of error "can't find PEM header: undefined" is associated with a change in key signing. After tearing down Fabric I re-ran ./createPeerAdminCard.sh - is there another card or similar that needs to be re-created to accomodate the latest versions?
Thanks to #R Thatcher for putting me onto the right direction. This was all down to mismatching cards, and was resolved by clearing out everything and starting again.
Specifically, in /fabric-dev-servers:
./stopFabric.sh
./teardownFabric.sh
composer card list
composer card delete -c admin#<business-network-name>
composer card delete -c PeerAdmin#hlfv1
./startFabric.sh
./createPeerAdminCard.sh
Then changing into the composer/business-network-name directory:
composer network install --card PeerAdmin#hlfv1 --archiveFile business-network-name\#0.0.7.bna
composer network start -c PeerAdmin#hlfv1 -n business-network-name -V 0.0.7 -A admin -S adminpw --file networkadmin.card
composer card import --file networkadmin.card --card admin#business-network-name
composer network ping -c admin#business-network-name
So yes, it was about mismatching cards and not cleaning these up as part of a new deployment.
Although not part of the original problem, it's also worth noting that the -A and -S parameters of the composer network start command HAD to be set to admin and adminpw respectively. See composer issue #3781.
Answering the the last remark from #Capn Sparrow
"the -A and -S parameters of the composer network start command HAD to be set to admin and adminpw respectively."
This is the correct and expected behaviour :-)
with the composer network start command the -A and -S are specifying an existing user in the CA that we want a new set of Credentials (certificate and keys) for which is then bound to a Composer System participant.
When you use the 'standard development fabric' this has a CA configured with a user called 'admin' with a secret of 'adminpw'. If you had build your own Fabric from scratch you could choose the name and secret of your first default user. Alternatively you could work with the fabric-ca client software to create additional users in the CA.

: API error (404): network hlfv11_hyperledger not found

✖ Starting business network definition. This may take a minute...
Error: Error trying to start business network. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: failed to execute transaction b5c260c02b4792c4ae4b85b3d4ccb4565a495da399d27917dccc1a84244e631f: error starting container: error starting container: API error (404): network hlfv11_hyperledger not found
Response from attempted peer comms was an error: Error: failed to execute transaction b5c260c02b4792c4ae4b85b3d4ccb4565a495da399d27917dccc1a84244e631f: error starting container: error starting container: API error (404): network hlfv11_hyperledger not found
This looks like it is a Docker problem trying to start a new ChainCode container on a Docker Network bridge called "hlfv11_hyperledger" which doesn't exist.
(The word 'network' here is ambiguous in the error message :-( )
This is the same problem and hopefully the same solution as a previous post.

Composer 0.13.0 - Error: Missing id

I have a problem with the new version of composer. My chaincode worked fine with the 0.11, now with the 0.13, when I add an asset outside of a chaincode, I have the error:
Error: Missing id"
Of course, the ID is present in the new asset after the creation ;-)
When I put the analog code in a chaincode to add the asset, I have the following error:
Error: Error trying invoke business network. Error: chaincode error (status: 500, message: Error: Object with ID 'Resource {id=zzz.yyy.xxx.tttt#e60e56d92a6928d3f4d1c5bc9bb828c3fc0a292c26ccc35935c594ac0e160c28}' in collection with ID 'Asset:zzz.yyy.xxx.tttt' does not exist)
Here an extract of the code (nothing special)
return getAssetRegistry(NS + '.ttt')
.then(function (tttRegistry) {
// Create the asset
var ttt = factory.newResource(NS, 'ttt', '12345');
// Add new ttt
return tttRegistry.add(ttt)
.then(function () {
// Emit an event
The identity which plays the code is the default admin user
Perhaps, I found something in logs, but I don'y know how to interpret it
2017-09-26T20:09:39.841Z ERROR HLFConnectionManager :fabric-client() [client-utils.js]: sendPeersProposal - Promise is rejected: Error: chaincode error (status: 500, message: Error: The current identity must be activated (ACTIVATION_REQUIRED)) at /home/hyperledger/node_modules/grpc/src/node/src/client.js:554:15 {}$
2017-09-26T20:09:39.842Z ERROR HLFConnection :queryChainCode() {"message":"Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity must be activated (ACTIVATION_REQUIRED))","stack":"Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity must be activated (ACTIVATION_REQUIRED))\n at channel.queryByChaincode.then.catch (/home/hyperledger/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:754:34)"}$
2017-09-26T20:09:39.842Z ERROR HLFConnection :ping() {"message":"Error trying to ping. Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity must be activated (ACTIVATION_REQUIRED))","stack":"Error: Error trying to ping. Error: Error trying to query business network. Error: chaincode error (status: 500, message: Error: The current identity must be activated (ACTIVATION_REQUIRED))\n at _checkRuntimeVersions.then.catch (/home/hyperledger/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:668:34)"}$
The only info I found is this post Hyperledger Composer:: Error: The current identity must be activated (ACTIVATION_REQUIRED) but, in my case, versions of composer and packages are the same
I can't understand what's happening since I upgrade from 0.11 to 0.13
Any idea?
I found where the problem comes from.
It is not a design problem or something wrong with the ACL.
In Composer 0.11, in an event, if you have a relationship to an asset, in your code, you can access directly to its fields
Behavior change in Composer 0.13, the relationship to an element is only a reference, you can not access directly to its fields
Worst, the error is not rised when you call the method factory.newRelationship(), it is rised when you call the method assetRegistry.add()
So be careful
This sounds more like an issue with the model - you are trying to create a resource which has a required field called id and you are not supplying a value for that field.
Do you have a stack trace you can include?
If the Default rule - "All resource:" should be set to "zzz.yyy.xxx.*"
Then deploy your newly updated network and try again.

Hyperledger Composer:: Error: The current identity must be activated (ACTIVATION_REQUIRED)

Any one came across hyperledger composer's chaincode error like : Error: The current identity must be activated (ACTIVATION_REQUIRED)?? The identity which I am using showing ISSUED in composer-playground. But once I am using System/ping through REST server, chaincode log showing this error. I hope at the time when a participant submits a transaction using an enrollment certificate, the Composer chaincode extracts the enrollment ID from the enrollment certificate, and uses it to look up the participant instance that the identity was issued to. I issued identity through CLI and then I am using it in REST server without doing anything in CLI. I am not sure how to overcome this error. Appreciate! any help.
I updated all composer components to 0.12.2. I used the following CLI commands to issue identity:
composer participant add -p jiyababa -n 'digitalproperty-network' -i PeerAdmin -s adminpw -d '{"$class":"net.biz.digitalPropertyNetwork.Person","personId":"dcsen#abc.com","firstName":"Dul","lastName":"Sen"}'
composer identity issue -p jiyababa -n 'digitalproperty-network' -i admin -s adminpw -u dcsen1 -a "resource:net.biz.digitalPropertyNetwork.Person#dcsen#abc.com"
Still getting the same error at composer chaincode.
2017-09-17 14:56:12.599 UTC [Composer] Error -> ERRO 01e #JS : IdentityManager :getIdentity() Error: The current identity has not been registered:admin 2017-09-17 14:56:12.682 UTC [Composer] Error -> ERRO 01f #JS : IdentityManager :getIdentity() Error: The current identity has not been registered:admin 2017-09-17 15:09:58.641 UTC [Composer] Error -> ERRO 020 #JS : IdentityManager :validateIdentity() Error: The current identity must be activated (ACTIVATION_REQUIRED)
I also tried using "admin" user to add participant and issue identity but no luck: getting composer chaincode error::
Error: Unhandled promise rejection {activationRequired:true} at [anon] (/chaincode/input/src/composer/vendor/gopkg.in/olebedev/go-duktape.v3/duk_console.c:55) internal
#JS : IdentityManager :validateIdentity() Error: The current identity must be activated (ACTIVATION_REQUIRED)
But I can ACTIVATE the identity through composer CLI using the following command:
composer network ping -n digitalproperty-network -p jiyababa -i dcsen1 -s BEkeKFlLVnBL
Once I ACTIVATED through CLI, I could NOT use the identity in REST Server. That means, first transaction request from REST server not activating the identity in identity registry.
This can happen if you are using an old version of the CLI/Client Application/Rest Server trying to connect to a much newer version of the composer runtime that is deployed when you deploy the business network.
It sounds like you deployed a business network and issued identities using a newver version of the CLI, but haven't updated the Rest Server to the same version.
Information about updating can be found at
https://hyperledger.github.io/composer/managing/updating-composer.html
A temporary work around is to ACTIVATE the card yourself:
$ composer identity list -c admin#basic-sample-network
✔ List all identities in the business network
-
$class: org.hyperledger.composer.system.Identity
identityId: 8dc315997a5ad0ade3b4343c6b81ae37a3c2c7f22eddab90dd09717e7459772e
name: admin
issuer: ac3dbcbe135ba48b29f97665bb103f8260c38d3872473e584314392797c595f3
certificate:
"""
-----BEGIN CERTIFICATE-----
MIICAjCCAaigAwIBAgIUOA7RAw1TbKo2UjwkeS9YRCSFupowCgYIKoZIzj0EAwIw
czELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMT
E2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTgwODA4MDYzODAwWhcNMTkwODA4MDY0
MzAwWjAhMQ8wDQYDVQQLEwZjbGllbnQxDjAMBgNVBAMTBWFkbWluMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEeBeSqbzishSi0Q0+f0HavwPsN1240zIxuL12iWUR
U9aEO/cLusEr9fg44UUh3xzp4VQGChJ5TNRu4s/uBbuFxqNsMGowDgYDVR0PAQH/
BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFF1ZYXNpBsGXEomhlTBT9NeJ
CUqIMCsGA1UdIwQkMCKAIBmrZau7BIB9rRLkwKmqpmSecIaOOr0CF6Mi2J5H4aau
MAoGCCqGSM49BAMCA0gAMEUCIQCMuttwm6sSCjtwl8xk4FZM4PHH0F5YGxJvNUjn
SeeCCQIgAmmD9aabcY7jHttdfAZ2zNepihdRKjN1xsxy4i7KaQ4=
-----END CERTIFICATE-----
"""
state: ACTIVATED
participant: resource:org.hyperledger.composer.system.NetworkAdmin#admin
Command succeeded

Getting an error while calling GET /system/ping

I am getting an error while calling GET /system/ping
{
"error": {
"statusCode": 500,
"name": "Error",
"message": "error trying login and get user Context. Error: error trying to enroll user. Error: Enrollment failed with errors [[{\"code\":400,\"message\":\"Authorization failure\"}]]",
}
}
I have made the participant
Blockchain Participant
{
'$class': 'org.optum.blockchainv5.Participant',
ParticipantId: 'ParticipantId:2',
Name: 'Vipul Bajaj'
}
Then issued an identity to the participant
System Identity
{
userID: 'ParticipantId:2',
userSecret: 'dPJbJBsaOLaf'
}
And then added that identity to default wallet
Wallet Identity
{
enrollmentID: 'ParticipantId:2',
enrollmentSecret: 'dPJbJBsaOLaf',
id: 3
}
And then set this wallet identity default by calling the POST /wallets/1/identities/3/setDefault
Got response code 204
And after calling GET system/ping gave me error.
just following up - if you're still getting this error, could you attach a trace log setting export DEBUG=composer:* ` then re-running the rest server - the log file is in a 'logs' directory (from where you start the composer-rest-server). Then we can see what's going on with the POST.
I had a similar issue.
I was trying to deploy a composer hlfv1 network instance locally. I was running the ./createComposerProfile.sh script. This script has this line cp "${DIR}"/hlfv1/composer/creds/* ~/.hfc-key-store
This copies all the credentials on your creds folder and overrides the ones created by composer identity import on your ~/.hfc-key-store
You could copy the credentials from ~/.hfc-key-store to the creds folder or comment out this line.

Resources