Restrict invoke access for members at fabric chaincode level

Question

I am trying to restrict invoke access for members dynamically in chaincode level and had found this method in a tutorial "stub.GetCallerCertificate" but getting an error.

Error:stub.GetCallerCertificate undefined (type shim.ChaincodeStubInterface has no field or method GetCallerCertificate)

Could you please tell what mistake I made in the code and if possible please provide some working example for restricting access to members in chaincode level (only for invoking transactions, Just like checking for msg.sender in solidity)?

Chaincode language : Go

Code:

 xx, err1 := stub.GetCallerCertificate()
   if err1 != nil {
       matchLogger.Info(err1)
   }
   matchLogger.Info("Cert ----")
   matchLogger.Info(string(xx))

The error is pretty clear: You're calling a method that doesn't exist. Beyond that, I can't say, because you haven't included sufficient code (particularly, the type definition for `stub`). — Jonathan Hall, Nov 07 '19 at 13:39
Actually i am following this example http://qaru.site/questions/13580107/stubgetcallercertificate-stubgetcallermetadata-stubgetpayload-is-returning-blank — Dushyanth Kumar Reddy, Nov 08 '19 at 05:38
see my answer below, that article is old and not applicable to hyperledger fabric V1 — david_k, Nov 08 '19 at 07:19

score 1 · Accepted Answer · edited Nov 08 '19 at 08:56

1

GetCallerCertificate was probably the api for hyperledger fabric 0.6. In Hyperledger fabric V1 you can use the GetCreator call on the stub or use the ClientIdentity library which is referenced in this section of the hyperledger fabric docs.

Attribute-based access control is just one way you can perform access control. You can do it in other ways including making use of the certificate information which the cid library allows you to access.

edited Nov 08 '19 at 08:56

Jonathan Hall

75,165
16
143
189

answered Nov 07 '19 at 18:45

david_k

5,843
2
9
16

I was getting certificate of caller while using "ClientIdentity", can i also get msp id? – Dushyanth Kumar Reddy Nov 09 '19 at 05:21
see https://godoc.org/github.com/hyperledger/fabric/core/chaincode/lib/cid – david_k Nov 09 '19 at 11:57

score 0 · Answer 2 · answered Nov 08 '19 at 08:28

0

This is a sample that i had from node.js this might help you.

async function getInvokerID(stub) {
    let cid=new ClientIdentity(stub)
    let id = cid.getID(); // X509 Certificate invoker is in CN form
    console.log(id)
    let attributeValue=cid.getAttributeValue("attributeName")
    console.log(attributeValue)
    let CN = id.substring(id.indexOf("CN=") + 3, id.lastIndexOf("::"));
    return attributeValue;
}

answered Nov 08 '19 at 08:28

Simson Raj

1
2

Thanks for the answer!, But i am trying to develop my chaincode in go – Dushyanth Kumar Reddy Nov 08 '19 at 08:33

Restrict invoke access for members at fabric chaincode level

2 Answers2