0
我曾嘗試用織物CA客戶端的Node.js SDK撤銷或者無法撤銷證書或註冊ID與面料節點SDK
- 的註冊證書
- 的註冊ID(和所有它的 證書)
我按照上的CA測試的樣品()
的撤銷函數的後n稱爲我可以看到,給出的迴應是
{
"success": true,
"result": {},
"errors": [],
"messages": []
}
而且,我可以看到,在CA日誌,這些日誌撤銷成功
撤銷證書:
Authorization: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI4RENDQVplZ0F3SUJBZ0lVYzV3Y3M2U0xGczYxYzBDS3dHUlRVVTBXN3dFd0NnWUlLb1pJemowRUF3SXcKY3pFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ1RDa05oYkdsbWIzSnVhV0V4RmpBVUJnTlZCQWNURFZOaApiaUJHY21GdVkybHpZMjh4R1RBWEJnTlZCQW9URUc5eVp6RXVaWGhoYlhCc1pTNWpiMjB4SERBYUJnTlZCQU1UCkUyTmhMbTl5WnpFdVpYaGhiWEJzWlM1amIyMHdIaGNOTVRjd09USTFNVEF5TnpBd1doY05NVGd3T1RJMU1UQXkKTnpBd1dqQVFNUTR3REFZRFZRUURFd1ZoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQQpCSmljVE1Td0hDclRBcWRGYjcwVHo2TXpKSHp1YmRqZE92ZDN5RC8yR3puNThCaFpKV243MHUxRHhxWFB6THVvClZ2KytrSjVFL1NoU1Z0bUwySVg2UEtpamJEQnFNQTRHQTFVZER3RUIvd1FFQXdJSGdEQU1CZ05WSFJNQkFmOEUKQWpBQU1CMEdBMVVkRGdRV0JCU0lFVTQzcWw0MENwU2tMZi9NT3U4b0s4QVVjREFyQmdOVkhTTUVKREFpZ0NCQwpPYW9OelhiYTdyaTZETnB3R0ZIUlJRVFRHcTBiTGQzYnJHcFhObDVKZkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFCkFpQllmZWZjdzc5eTAyWVNGZzJuUCtSdklMOWVxTWh1M0Y1WWp4R2pPc0dzZlFJZ2JtZmtUTENXRisveHpEZC8KTFEwUWQzZ2hsaXBuWk1xSENVRFBDa0RKbmhRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==.MEUCIQDlkBPmew/acbHt0o0Nm8HL9nKlo9EqCzW+REUP6Vh+SQIgcBt73ycUhYe6AT/S0aZNUCzErgsk7PNCsLo/E5La5QM=
{"aki":"4239AA0DCD76DAEEB8BA0CDA701851D14504D31AAD1B2DDDDBAC6A57365E497C","serial":"1A8C250C11C33E36752FFB4161D7E6C39AEF4F56","reason":null,"caName":"ca.example.com"}
2017/09/25 15:25:33 [DEBUG] Directing traffic to CA ca.example.com
2017/09/25 15:25:33 [DEBUG] Checking for revocation/expiration of certificate owned by 'admin'
2017/09/25 15:25:33 [DEBUG] DB: Get certificate by serial (739c1cb3a48b16ceb573408ac06453514d16ef01) and aki (4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c)
2017/09/25 15:25:33 [DEBUG] Successful authentication of 'admin'
2017/09/25 15:25:33 [DEBUG] Revoke request received
2017/09/25 15:25:33 [DEBUG] Revoke request: {RevocationRequest:{Name: Serial:1A8C250C11C33E36752FFB4161D7E6C39AEF4F56 AKI:4239AA0DCD76DAEEB8BA0CDA701851D14504D31AAD1B2DDDDBAC6A57365E497C Reason: CAName:ca.example.com}}
2017/09/25 15:25:33 [DEBUG] getUserAttrValue identity=admin, attr=hf.Revoker
2017/09/25 15:25:33 [DEBUG] DB: Getting identity admin
2017/09/25 15:25:33 [DEBUG] getUserAttrValue identity=admin, name=hf.Revoker, value=1
2017/09/25 15:25:33 [DEBUG] DB: Get certificate by serial (1a8c250c11c33e36752ffb4161d7e6c39aef4f56) and aki (4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c)
2017/09/25 15:25:33 [DEBUG] DB: Getting information for identity devorgId1-appId1
2017/09/25 15:25:33 [DEBUG] Check to see if revoker admin has affiliations to revoke: devorgId1-appId1
2017/09/25 15:25:33 [DEBUG] getUserAffilliation identity=admin
2017/09/25 15:25:33 [DEBUG] DB: Getting information for identity admin
2017/09/25 15:25:33 [DEBUG] getUserAffiliation identity=admin, aff=
2017/09/25 15:25:33 [DEBUG] Affiliation of revoker: , affiliation of identity being revoked: org1
2017/09/25 15:25:33 [DEBUG] Identity with root affiliation revoking
2017/09/25 15:25:33 [DEBUG] DB: Revoke certificate by serial (1a8c250c11c33e36752ffb4161d7e6c39aef4f56) and aki (4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c)
2017/09/25 15:25:33 [DEBUG] Revoke was successful: {RevocationRequest:{Name: Serial:1a8c250c11c33e36752ffb4161d7e6c39aef4f56 AKI:4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c Reason: CAName:ca.example.com}}
撤銷註冊ID :
2017/09/25 16:39:19 [DEBUG] Successful authentication of 'admin'
2017/09/25 16:39:19 [DEBUG] Revoke request received
2017/09/25 16:39:19 [DEBUG] Revoke request: {RevocationRequest: {Name:devorgId1-appId1 Serial: AKI: Reason: CAName:ca.example.com}}
2017/09/25 16:39:19 [DEBUG] getUserAttrValue identity=admin, attr=hf.Revoker
2017/09/25 16:39:19 [DEBUG] DB: Getting identity admin
2017/09/25 16:39:19 [DEBUG] getUserAttrValue identity=admin, name=hf.Revoker, value=1
2017/09/25 16:39:19 [DEBUG] DB: Getting identity devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] DB: Getting information for identity devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] Check to see if revoker admin has affiliations to revoke: devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] getUserAffilliation identity=admin
2017/09/25 16:39:19 [DEBUG] DB: Getting information for identity admin
2017/09/25 16:39:19 [DEBUG] getUserAffiliation identity=admin, aff=
2017/09/25 16:39:19 [DEBUG] Affiliation of revoker: , affiliation of identity being revoked: org1
2017/09/25 16:39:19 [DEBUG] Identity with root affiliation revoking
2017/09/25 16:39:19 [DEBUG] DB: Update identity devorgId1-appId1
2017/09/25 16:39:19 [DEBUG] DB: Revoke certificate by ID (devorgId1-appId1)
2017/09/25 16:39:19 [WARNING] No certificates were revoked for 'devorgId1-appId1' but the ID was disabled
2017/09/25 16:39:19 [DEBUG] Revoked the following certificates owned by 'devorgId1-appId1': []
2017/09/25 16:39:19 [DEBUG] Revoke was successful: {RevocationRequest:{Name:devorgId1-appId1 Serial: AKI: Reason: CAName:ca.example.com}}
但是,撤銷後(無論是證書還是註冊ID)我仍然可以通過node.js SDK使用註冊ID執行調用(使用getUserContext並執行事務)。 這是設計嗎?我期待撤銷註冊ID或證書將不再能夠執行調用。
更多信息: 使用fabcar啓動腳本旋轉起來織物V1網: https://github.com/hyperledger/fabric-samples/tree/release/fabcar