Hyperledger Fabric：从Idemix用户调用事务时访问被拒绝

Question

通过Idemix用户从Fabric Java sdk调用事务时出错：

  

通过交易向对等方发送提案{id：11，名称：   peer0.org2.example.com，channelName：mychannel，url：   grpcs：// localhost：9051}由于以下原因而失败：gRPC   failure =状态{code =未知，描述=访问被拒绝：通道   [mychannel]创建者组织[Org1IdemixMSP]，cause = null}

peer0.org1.example.com的Docker日志：

  

2019-05-02 13：31：37.733 UTC   [protoutils] ValidateProposalMessage-> WARN 196频道[mychannel]：   创建者证书无效：使用opts [＆{    [] [{1 [111114103 49 4610010111297114116 109101110116   49]} {2 1} {0} {0}] 3 [] 0 0xc00000f6f8 0}]：签名   无效：APrime和ABar没有预期的结构

该提案请求通过x509注册进行注册，但不适用于Idemix注册。

为生成idemix凭证而采取的步骤：

1. 使用idemixgen生成IssuerPublicKey

cd org1.idemix.example.com
idemixgen ca-keygen

1. 通过configtx.yaml包含在通道配置块中：

    &Org1Idemix
        name: Org1IdemixMSP
        id: Org1IdemixMSP
        msptype: idemix
        mspdir: crypto-config/peerOrganizations/org1.idemix.example.com/idemix-config

1. 在Docker容器中安装IssuerPublicKey：

    ca.org1.example.com:
        container_name: ca_org1
        image: hyperledger/fabric-ca:$IMAGE_TAG
        environment:
          - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
          - FABRIC_CA_SERVER_CA_NAME=ca_org1
          - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server/ca.org1.example.com-cert.pem
          - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server/CA1_PRIVATE_KEY
        command: sh -c 'cp -R /tmp/msp /etc/hyperledger/fabric-ca-server; mv /etc/hyperledger/fabric-ca-server/msp/*PublicKey /etc/hyperledger/fabric-ca-server; fabric-ca-server start -b admin:adminpw -d'
        #command: 'fabric-ca-server start -b admin:adminpw -d'
        volumes:
            - ../crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server
            - ../crypto-config/peerOrganizations/org1.idemix.example.com/idemix-config/msp/:/tmp/msp
        ports:
            - 7054:7054

在Fabric Java SDK代码中：

UserContext idemixUser = new UserContext();
idemixUser.setName("idemixTestUser1");
RegistrationRequest rr = new RegistrationRequest(idemixUser.getName(), "org1.department1");
String enrollmentSecret = ca_client.register(rr, caAdmin);
String mspID = "Org1IdemixMSP";
Enrollment x509Enrollment = ca_client.enroll(idemixUser.getName(), enrollmentSecret);
Enrollment idemixEnrollment = ca_client.idemixEnroll(x509Enrollment, mspID);
idemixUser.setEnrollment(idemixEnrollment);
idemixUser.setMspId(mspID);
client.setUserContext(idemixUser);