Re: How to get peer x509 certifi ate in chaincode? #fabric #fabric-chaincode


Yacov
 

You can use a custom decorator. https://jira.hyperledger.org/browse/FAB-4207

Unfortunately there is no documentation on how to use them. They were introduced in https://github.com/hyperledger/fabric/commit/82507b1cc319d4e6aea766db9ab6d77eab8ddb81
and then in https://github.com/hyperledger/fabric/commit/8b9bfa2062e03b1cf97dae775acdb11c5a31a7bb


Look at this design doc https://docs.google.com/document/d/1vaWnE4TypKmA9j-2W-gA6YmmPMkco2uFgRx-rtf9PI8/edit

You need to specify it here: https://github.com/hyperledger/fabric/blob/master/sampleconfig/core.yaml#L397-L428

Specifically you need to edit this plugin https://github.com/hyperledger/fabric/blob/master/core/handlers/decoration/plugin/decorator.go
compile it into a golang plugin (.so file)
and then make the peer load it via the peer configuration.

Then you can access the decorators via the decoration map which is part of the chaincode input in the chaincode shim.



From:        "Kevin X" <kevinx8888@...>
To:        Artem Barger1 <BARTEM@...>
Cc:        fabric@...
Date:        01/25/2021 03:45 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] How to get peer x509 certifi ate in chaincode? #fabric #fabric-chaincode
Sent by:        fabric@...




Thanks for your response. This will get client's certificate...                                                                                                                                                                                      
This Message Is From an External Sender
This message came from outside your organization.




Thanks for your response. This will get client's certificate (the entity calling chaincode), not the peer's cert.

There isn a method to get peer msp id (ChaincodeStub.getMspID() - returns string), but l do not see a method to get the cert.

Is there a way to get the cert from msp id of peer or is there any other way?


On Mon, Jan 25, 2021, 2:14 AM Artem Barger1 <BARTEM@...> wrote:
Following should do the work:

 

        serializedID, _ := stub.GetCreator()
        sId := &msp.SerializedIdentity{}
        err := proto.Unmarshal(serializedID, sId)
        if err != nil {
                return shim.Error(fmt.Sprintf("Could not deserialize a SerializedIdentity, err %s", err))
        }

        bl, _ := pem.Decode(sId.IdBytes)
        if bl == nil {
                return shim.Error(fmt.Sprintf("Could not decode the PEM structure"))
        }
        cert, err := x509.ParseCertificate(bl.Bytes)
        if err != nil {
                return shim.Error(fmt.Sprintf("ParseCertificate failed %s", err))
        }

Best regards,
                      Artem Barger

----- Original message -----
From: "Kevin X" <
kevinx8888@...>
Sent by:
fabric@...
To:
fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] How to get peer x509 certifi ate in chaincode? #fabric #fabric-chaincode
Date: Mon, Jan 25, 2021 6:28 AM
 
How can I get peer's x509 certificate in chaincode? I need to access attributes from peer certificate in the chaincode.

I can get perer's MSP ID using
ChaincodeStub.getMspID()method. What is the recommended way to get peer certificate from within chaincode
 




Join fabric@lists.hyperledger.org to automatically receive all group messages.