Search code examples
hyperledger-fabricblockchainhyperledgerhyperledger-fabric-cacertificate-authority

Hyperledger Fabric "fabric-ca-client" Error Code: 71 - Authorization failure

I am trying to list identities of ca server using fabric-ca-client as below

fabric-ca-client identity list --id nameofidentityfromfabric-ca-server-config.yaml -u https://username:password@localhost:8054 --tls.certfiles <path to /tls/ca.crt> --mspdir <path to /peer0.org2.example.com/msp>

But ca servers responds with Error as below

Error: Response from server: Error Code: 71 - Authorization failure

Below is the code in fabric-ca-server-config.yaml

identities:
 - name: username
   pass: password
   type: client
   affiliation: ""
   attrs:
      hf.Registrar.Roles: "*"
      hf.Registrar.DelegateRoles: "*"
      hf.Revoker: true
      hf.IntermediateCA: true
      hf.GenCRL: true
      hf.Registrar.Attributes: "*"
      hf.AffiliationMgr: true
Solution

  • The issue was that I hadn't enrolled bootstrap identity yet. Below code does that

    const enrollment = await ca.enroll({ enrollmentID: 'adminusername', enrollmentSecret: 'adminpassword' });
        const x509Identity = {
        credentials: {
            certificate: enrollment.certificate,
            privateKey: enrollment.key.toBytes(),
          },
        mspId: 'Org2MSP',
        type: 'X.509',
        };
        await wallet.put('admin', x509Identity);

    Once bootstrap identity is enrolled, create user object for that identity with below code

    const walletPath = path.join(process.cwd(), 'wallet');
const wallet = await Wallets.newFileSystemWallet(walletPath);
const provider = wallet.getProviderRegistry().getProvider(adminIdentity.type);
const adminUser = await provider.getUserContext(adminIdentity, 'admin');

    Now invoke newIdentityService() of FabricCAServices class as below to get list of identities.

    const FabricCAServices = require('fabric-ca-client');
let connectionProfile = yaml.safeLoad(fs.readFileSync('../gateway/connection-org2.yaml', 'utf8'));
// Create a new CA client for interacting with the CA.
const caInfo = connectionProfile.certificateAuthorities['ca.org2.example.com'];
const caTLSCACerts = caInfo.tlsCACerts.pem;
const ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName);
let identityService = ca.newIdentityService();
let registeredidentities = await identityService.getAll(adminUser);
console.dir(registeredidentities, { depth: null })