-
Notifications
You must be signed in to change notification settings - Fork 24
Permission_API_README
- Permission_api是基于fabric-ca,提供证书的分发和验证;使用casbin,提供权限规则的验证,为用户搭建一套完整的数字身份体系
- 如果已搭建好fabric-ca请忽略1、2两步
$ go get -u github.com/hyperledger/fabric-ca/cmd/...
$ cd $GOPATH/src/github.com/hyperledger/fabric-ca/
$ make fabric-ca-server
$ export PATH=$GOPATH/src/github.com/hyperledger/fabric-ca/bin:$PATH$ cd ~
$ mkdir cawork
$ cd cawork
$ mkdir root immediateca
$ cd root
# 初始化根CA
$ fabric-ca-server init -b admin:pass
# 修改配置文件 fabric-ca-server-config.yaml
# affiliations:
gptn:
- mediator1
- mediator2
# 启动CA
$ fabric-ca-server start -b admin:pass
# 进入immediateca
$ fabric-ca-server start -b admin:pass -p 7064 -u http://admin:pass@localhost:7054
# 如果启动失败 修改配置文件
# affiliations:
gptn:
- mediator1
- mediator2
operations:
# host and port for the operations server 替换端口
listenAddress: 127.0.0.1:9453-
下载palletone—acme联盟链源码及相关依赖项目
-
配置digital-identity/config/caconfig.yaml所监听ca服务器URL、admin、password
-
启动gptn前需要初始化根CA证书
"rootCABytes": "-----BEGIN CERTIFICATE-----\nMIICFjCCAb2gAwIBAgIUbT2DztWmxD68gXJAoa5i71StDtAwCgYIKoZIzj0EAwIw\naDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK\nEwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt\nY2Etc2VydmVyMB4XDTE5MDcyNjAyMjgwMFoXDTM0MDcyMjAyMjgwMFowaDELMAkG\nA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl\ncmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMtY2Etc2Vy\ndmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjwWZnIVDlq179jFbReVUpw1u\n8LQRoBZWVFPUjQR1M6aa15MznPK2aP39dtA951K0iH82Xd7pwWaGV738paH/RqNF\nMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE\nFNaIAOjWNawnsZ/OggdQWLXiGt9jMAoGCCqGSM49BAMCA0cAMEQCIGDWa73ZfnB2\nEYawXMdu3nQdUyIEI0xApf9GvXS6ZqlXAiAf6tLzS0ZBtlilsLN+l9QM2c4/WpEO\nf0Xn4OxYrqFJxw==\n-----END CERTIFICATE-----"}
$ gptn newgenesis $ vi ptn-genesis.json ### 将 rootCABytes 替换成 ~/cawork/root/ca-cert.pem 注意每行字节后添加\n字符 $ gptn init $ nohup gptn &
- gptn attach 进入console
###添加中间证书
>permission.addServerCert("P1AqKPs9eEzDoPwSjsop6EsoAt2X2NcP3NA", "-----BEGIN CERTIFICATE-----\nMIICKTCCAdCgAwIBAgIUCOPcNTsl5tacBiu/czmb+Yn8xLswCgYIKoZIzj0EAwIw\naDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK\nEwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt\nY2Etc2VydmVyMB4XDTE5MDcyNjAyMzIwMFoXDTI0MDcyNDAyMzcwMFowWjELMAkG\nA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl\ncmxlZGdlcjEPMA0GA1UECxMGY2xpZW50MQswCQYDVQQDEwJsazBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOOgHZHlcR8DfOP6fOjSGv4kqOj1f3LxxGe0YPp5g+sK\nBWaQvo9criTGal4owZ/QGoDpMO344J1ME3aybOtvAgqjZjBkMA4GA1UdDwEB/wQE\nAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSlC8LysiQRdQkVDEOn\nxoK5CXDI7TAfBgNVHSMEGDAWgBTWiADo1jWsJ7GfzoIHUFi14hrfYzAKBggqhkjO\nPQQDAgNHADBEAiAy+TesSIgxKzx/nqCIOxN2bN3GfzZZ9VG0GeU6NtRjYQIgJrVV\nDDGLTFjH5+vmHhmdACXxAT1yyb7omJec7fmwoBw=\n-----END CERTIFICATE-----")
- 用户注册证书需要提供地址和密码,以及注册证书的相关信息
- 默认一个地址对应一名用户
###注册新地址
> personal.newAccount()
> P1CnVz1KKWFNDTmLzWBZphCJBfccZohqj6E
### !!!新地址需要持有一定数量PTN
### 初始化用户,添加用户证书
### 1 密码 lk 名字 palletone 附加信息 user 证书属性 gptn.mediator1 分发证书组织
>permission.newUser("P1CnVz1KKWFNDTmLzWBZphCJBfccZohqj6E","1","lk","hello","user","gptn.mediator1")
### 查看是否初始化成功
> permission.getUserCertId("P1CnVz1KKWFNDTmLzWBZphCJBfccZohqj6E")
> permission.getUserInfo("642726270539168647596947224829194146247936126553")- 目前默认无任何权限操作
- 只有用户注册证书后,才会进行权限控制
- 当交易权限为空时,将不受权限控制
- 添加交易权限
> permission.addTxPerm("P1Ebjxz3ysLHuNzk9chPXs2csdjfftB3byX","1","m = r.sub.Affiliation == \"gptn.mediator1\"")参数 :地址 密码 权限规则
判断规则:
m = r.sub.Affiliation == \"gptn.mediator1\""规则介绍:当前只允许在gptn-mediator1 组织内 的用户可进行交易
- 当规则为空,不受权限控制
- 查询当前交易权限
> permission.getTxPerm()- 添加某个token权限
>permission.addTokenPerm("P14cAvFEZRg4Ettj5V9jrMzXzcqN6C8Z1CM","1","DOG+0B2N0AITSKT0NUA7XQI-00000000000000000000000000000001","m = r.sub.Address == \"P14cAvFEZRg4Ettj5V9jrMzXzcqN6C8Z1CM\"")参数: 调用合约地址 密码 资产ID 权限规则
判断规则:
- 查询某个token权限
> permission.getTokenPerm("DOG+0B2N0AITSKT0NUA7XQI-00000000000000000000000000000001")- 添加某个合约权限
>permission.addContractPerm("P17MMJrqsALHFMYvC2gLpLNmfMFfKDaTX5q","1","P17MMJrqsALHFMYvC2gLpLNmfMFfKDaTX5q","PCGTta3M4t3yXu8uRgkKvaWd2d8DREThG43","createToken","m = r.sub.Address in (r.obj.ExecuteAddr)")
参数:调用合约地址 密码 允许执行合约地址 合约地址 合约方法 权限规则
- 当合约方法为空,默认支持合约内所有方法调用
权限规则:m = r.sub.Address in (r.obj.ExecuteAddr)
规则介绍:调用合约的地址P17MMJrqsALHFMYvC2gLpLNmfMFfKDaTX5q
允许执行合约内所有方法(createToken)除外
- 添加可执行合约的地址
>permission.addExecuteAddr("P1X3jxM2FWrUMjxPCfJEWpdhQPyn9HLpto","1","P1X3jxM2FWrUMjxPCfJEWpdhQPyn9HLpto","PCGTta3M4t3yXu8uRgkKvaWd2d8DREThG43")参数:调用合约地址 密码 允许执行合约地址 合约地址
- 添加所控制合约方法
>permission.addContractMethod("P1X3jxM2FWrUMjxPCfJEWpdhQPyn9HLpto","1","createToken","PCGTta3M4t3yXu8uRgkKvaWd2d8DREThG43")参数:调用合约地址 密码 合约方法 合约地址
- 查询合约权限
>permission.getContractPerm("PCGTta3M4t3yXu8uRgkKvaWd2d8DREThG43")参数: 合约地址
PalletOne©2018-2019
Home
Getting started
- Install and build
- Create a private chain
- Launch the PalletOne Client
- Create a PalletOne Account
- Send and Receive PTN
- Create and send your token
- Backing up your account and data
- Restoring your account
- Deposit contract
- Mediator Node Installation and Joining
- Howto Become a Mediator
- Howto Run a Unit-producing Mediator
Developer Tools
- Getting PTNs from PalletOne's Testnet Faucet
- Wallet restful and console API Usage
- Third-Party-Wallet-Support
- Third-Party-Wallet-Contract-Invoke
- API Document
FAQ