Leveraging the Hyperledger fabric-config library for channel configuration updates

Introduction

Overview of channel configurations

Updating channel configurations

Using the fabric-config library for editing channel configurations

Introducing fabric-config

Channel configuration updates with fabric-config

import (
...
cb "github.com/hyperledger/fabric-protos-go/common"
...
)
func getConfigFromBlock(blockPath string) *cb.Config {
blockBin, err := ioutil.ReadFile(blockPath)
if err != nil {
panic(err)
}
block := &cb.Block {}
err = proto.Unmarshal(blockBin, block)
if err != nil {
panic(err)
}
blockDataEnvelope := &cb.Envelope {}
err = proto.Unmarshal(block.Data.Data[0], blockDataEnvelope)
if err != nil {
panic(err)
}
blockDataPayload := &cb.Payload {}
err = proto.Unmarshal(blockDataEnvelope.Payload, blockDataPayload)
if err != nil {
panic(err)
}
config := &cb.ConfigEnvelope {}
err = proto.Unmarshal(blockDataPayload.Data, config)
if err != nil {
panic(err)
}
return config.Config
}
import (
...
"github.com/hyperledger/fabric-config/configtx"
...
)
...
baseConfig := getConfigFromBlock(blockPath)
configTx := configtx.New(baseConfig)
...
var (
batchSizeMaxMessage uint32
batchSizeAbsoluteMax uint32
batchSizePreferredMax uint32
batchTimeout uint32
)
batchSizeMaxMessage = ...
batchSizeAbsoluteMax = ...
batchSizePreferredMax = ...
batchTimeout = ...
// Obtain OrdererGroup instance from ConfigTx instance
ordererGrp := configTx.Orderer()
// Use setter methods in the OrdererGroup instance to make configuration changes
ordererGrp.SetBatchTimeout(time.Second * time.Duration(batchTimeout))
ordererGrp.BatchSize().SetAbsoluteMaxBytes(batchSizeAbsoluteMax)ordererGrp.BatchSize().SetMaxMessageCount(batchSizeMaxMessage)ordererGrp.BatchSize().SetPreferredMaxBytes(batchSizePreferredMax)
var (
channelName string
)
...
configUpdateBytes, err := configTx.ComputeMarshaledUpdate(channelName)
...
func getSigningIdentity(sigIDPath string) *configtx.SigningIdentity {
// Read certificate, private key and MSP ID from sigIDPath
var (
certificate *x509.Certificate
privKey crypto.PrivateKey
mspID string
err error
)
mspUser := filepath.Base(sigIDPath)

certificate, err = readCertificate(filepath.Join(sigIDPath, "msp", "signcerts", fmt.Sprintf("%s-cert.pem", mspUser)))
if err != nil {
panic(err)
}
privKey, err = readPrivKey(filepath.Join(sigIDPath, "msp", "keystore", "priv_sk"))
if err != nil {
panic(err)
}
mspID = strings.Split(mspUser, "@")[1] return &configtx.SigningIdentity{
Certificate: certificate,
PrivateKey: privKey,
MSPID: mspID,
}
}
func readCertificate(certPath string) (*x509.Certificate, error) {
certBytes, err := ioutil.ReadFile(certPath)
if err != nil {
return nil, err
}
pemBlock, _ := pem.Decode(certBytes)
if pemBlock == nil {
return nil, fmt.Errorf("no PEM data found in cert[% x]", certBytes)
}
return x509.ParseCertificate(pemBlock.Bytes)
}
func readPrivKey(keyPath string) (crypto.PrivateKey, error) {
privKeyBytes, err := ioutil.ReadFile(keyPath)
if err != nil {
return nil, err
}
pemBlock, _ := pem.Decode(privKeyBytes)
if pemBlock == nil {
return nil, fmt.Errorf("no PEM data found in private key[% x]", privKeyBytes)
}
return x509.ParsePKCS8PrivateKey(pemBlock.Bytes)
}
<enrollment_id>@<MSP ID>  // sigIDPath
└── msp
├── admincerts
│ │ // The public cert for the org administrator
│ └─ admin-cert.pem
├─ cacerts
│ │ // The public cert for the root CA
│ └─ ca-cert.pem
├─ tlscacerts
│ │ // The public cert for the root TLS CA
│ └─ tlsca-cert.pem
├─ keystore
│ │ // The private key for the identity
│ └─ priv_sk
└─ signcerts
│ // The public cert for the identity
└─ <enrollment_id>@<MSP ID>-cert.pem
configSignatures := []*cb.ConfigSignature{}
...
signingIdentity := getSigningIdentity(pathToSigningIdentity)
...
configSignature, err := signingIdentity.CreateConfigSignature(configUpdateBytes)
...
configSignatures = append(configSignatures, configSignature)
env, err := configtx.NewEnvelope(configUpdateBytes, configSignatures...)
envelopeSigningIdentity := getSigningIdentity(pathToEnvelopeSigningIdentity)err = envelopeSigningIdentity.SignEnvelope(env)
envelopeBytes, err := proto.Marshal(env)
if err != nil {
panic(err)
}
err = ioutil.WriteFile(outputPath, envelopeBytes, 0640)

Considerations

Conclusion

Acknowledgements

enterprise-blockchain-labs

Sharing knowledge and expertise on enterprise, private blockchains

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store