如何解决带有 SoftHSM 的 Fabric-CA:无法初始化 BCCSP PKCS11:配置无效不能为零
我已经按照 softHSM2 repo 安装和初始化令牌,但是当我使用 PKCS11 环境变量启动 fabric-ca-server 容器时,我得到 无法初始化 BCCSP PKCS11:无效的配置。它不能为零。 根据fabric-ca 文档,使用 SoftHSM 只需要 4 个(默认值、库、引脚、标签)环境变量,但我尝试添加 pkcs11 下提到的所有字段,但问题仍然存在,不确定配置的哪一部分是 nil。
docker-compose-ca.yaml
version: '2'
networks:
org1_network:
external:
name: org1_network
services:
ca_org1:
image: hyperledger/fabric-ca:latest
environment:
- GODEBUG=netdns=go
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_BCCSP_DEFAULT=PKCS11
- FABRIC_CA_SERVER_BCCSP_PKCS11_HASH=SHA2
- FABRIC_CA_SERVER_BCCSP_PKCS11_SECURITY=256
- FABRIC_CA_SERVER_BCCSP_PKCS11_LIBRARY=/etc/hyperledger/fabric/libsofthsm2.so
- FABRIC_CA_SERVER_BCCSP_PKCS11_PIN=98765432
- FABRIC_CA_SERVER_BCCSP_PKCS11_FILEKEYSTORE_KEYSTORE=/etc/hyperledger/fabric-ca-server/msp
- SOFTHSM2_CONF=/etc/hyperledger/fabric/config.file
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b org1:adminpw -d'
volumes:
- ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
- ../../softhsm/config.file:/etc/hyperledger/fabric/config.file
- /../../../usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
container_name: ca_org1
networks:
- org1_network
config.file
# SoftHSM v2 configuration file
directories.tokendir = /tmp/
objectstore.backend = file
objectstore.umask = 0077
# ERROR,WARNING,INFO,DEBUG
log.level = DEBUG
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
# Enable and disable PKCS#11 mechanisms using slots.mechanisms.
slots.mechanisms = ALL
# If the library should reset the state on fork
library.reset_on_fork = false
fabric-ca-org1-container 日志
2021/07/11 21:22:08 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2021/07/11 21:22:08 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Set log level:
2021/07/11 21:22:08 [INFO] Server Version: 1.5.1-snapshot-38527387
2021/07/11 21:22:08 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/07/11 21:22:08 [DEBUG] Making server filenames absolute
2021/07/11 21:22:08 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:1.5.1-snapshot-38527387 Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca.org1.example.com Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc00033e210 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[dc6f304f9d43 localhost] KeyRequest:0xc0000bf520 CA:0xc0001d5bf0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc0001d5e00 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2021/07/11 21:22:08 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Checking configuration file version '1.5.1-snapshot-38527387' against server version: '1.5.1-snapshot-38527387'
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:0xc0001d5e60 PluginOpts:<nil> Pkcs11Opts:<nil>}
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc00035ee10 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/07/11 21:22:08 [DEBUG] Closing server DBs
Error: Failed to get BCCSP with opts: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil.
解决方法
我建议修改 fabric-ca-server (fabric-ca-server-config.yaml) 的配置文件,而不是尝试通过环境变量覆盖其中的条目,而这正是您正在尝试执行的操作。我认为问题在于您无法覆盖实际上未在配置文件中定义的条目。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
