Supplying custom CSR with EnrolmentRequest in node-sdk fails #fabric #fabricca #fabric-sdk-node #fabric-ca
I have a single-org setup running with one Fabric CA. CA Server is running with MySQL. I'm using NodeSDK to connect and issue transactions to chaincode.
I'm able to set Country, State, Locality, Organisation and Organisation Unit attributes for the peers and orderers. However, when I register and enroll "users" with the Fabric, not all attributes are being set. Only the Common Name and Organisation Unit attributes are set as seen from the certificate file.
Following is my snippet for registering and enrolling users:
Here, "user" is a model for a participant that I'm using in my application. The Common Name (CN) is set to "enrollmentID" and Organisation Unit is set to "role" + "affiliation" and the resultant certificate for the user has the following information:
As we can see, complete C, ST, L, O, OU and CN attributes of the Issuer is available. This belongs to MSP of the respective Org. However, only CN and OU of the user is available.
So is there a way with which we can set other attributes of the user (C, ST, L and O) while registering or enrolling user. Or do we have to infer these attributes from the issuer information?
Update: 1: I checked the fabric-ca-client cli options which the node-sdk calls internally. Checked the register api. It does not give an option to set C, ST, L, and O either.
Updates: Does fabric-ca support setting these attributes to the Subject Name?
Update: 2: Going through the documentation of fabric-ca-client and as suggested by @nyet, I observed that we can set these values in csr.names attribute and supply it to 'csr' argument of the enroll command. The updated code snippet below:
adminIdentity = gateway.getCurrentIdentity();
However, I get an error with this that says:
Similar JIRA issue: https://jira.hyperledger.org/browse/FAB-14051?jql=project%20%3D%20FAB%20AND%20statusCategory%20!%3D%20Done%20AND%20type%20%3D%20Bug%20AND%20component%20%3D%20fabric-sdk-node%20AND%20project%20%3D%20FAB%20ORDER%20BY%20createdDate%20ASC
Update: 3: The Node-SDK documentation states that the CSR field should be a PEM-encoded PKCS#10 certificate signing request.
Finally, tried generating the ECDSA keys and created a CSR offline using the following commands: 1. Keys generation: openssl ecparam -name prime256v1 -genkey -noout -out my-key.pem 2. CSR: openssl req -new -sha256 -key my-key.pem -out my.csr
Read this CSR from the file system and passed it to Enrolment Request as follows:
Was able to enroll the user successfully.
Now, when we're passing the CSR, fabric-ca does not return us the enrolment key back. Thus, I retrieved the private key from #1 command from the file system and tried saving this user's identity details in X509 wallet as follows:
However, this throws the following error:
Next, I tried checking the certificate that was saved for this user with the one that fabric-ca generates when we do not supply CSR. Both are quite identical in structure and the signature algorithms used for the public key.
Am I missing out on any critical portion?