I want to use Access Based Control in my blockchain network and am assigning the user with attributes for this purpose. However, the enrollment certificate stored in my wallet does not have the attribute values present in it.
My code snippet for registering and enrolling the user:
RegistrationRequest registrationRequest = new RegistrationRequest("appUser1");
registrationRequest.setAffiliation("org1.department1");
registrationRequest.setEnrollmentID("appUser1");
Attribute attr = new Attribute("Type","Approver",true);
registrationRequest.addAttribute(attr);
String enrollmentSecret = caClient.register(registrationRequest, admin);
Enrollment enrollment = caClient.enroll("appUser1", enrollmentSecret);
Identity user = Identities.newX509Identity("Org1MSP", adminIdentity.getCertificate(), adminIdentity.getPrivateKey());
wallet.put("appUser1", user);
System.out.println("Successfully enrolled user \"appUser1\" and imported it into the wallet");
Decrypted x509 certificate of the generated certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:b2:b9:02:cd:de:14:6b:00:dc:16:b4:e8:95:74:7d:03:52:3e:01
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = fabric-ca-server
Validity
Not Before: Jan 5 05:34:00 2023 GMT
Not After : Jan 5 06:37:00 2024 GMT
Subject: OU = client, CN = admin
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:9f:03:45:44:0b:b1:4d:78:c9:58:fe:c1:82:d4:
34:04:80:a9:a5:fe:7f:27:2d:5a:a4:54:c8:c2:bb:
86:61:00:3d:62:33:99:02:0a:65:75:dc:ce:62:44:
96:fd:10:88:2f:44:fa:1d:4a:04:3d:79:33:03:ac:
b1:cd:82:dc:5c
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:71:92:2E:B8:24:37:A3:13:78:EC:D1:11:D7:54:B6:BD:D6:43:9E
X509v3 Authority Key Identifier:
keyid:D5:DC:30:53:0C:B2:EF:74:76:6C:44:9F:45:B8:A3:46:EB:F0:05:2A
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:11:c6:fa:4a:bf:bb:57:89:63:4a:56:c0:bb:cf:
2d:49:19:9e:74:9b:ac:dc:05:d4:ed:ca:9c:9e:cf:48:be:f0:
02:20:53:0b:ed:57:88:26:9d:a9:38:c4:70:cd:8d:07:41:cc:
85:bf:32:dc:3b:15:41:11:fc:27:02:e4:cf:e8:cf:25
-----BEGIN CERTIFICATE-----
MIICITCCAcigAwIBAgIUcLK5As3eFGsA3Ba06JV0fQNSPgEwCgYIKoZIzj0EAwIw
aDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt
Y2Etc2VydmVyMB4XDTIzMDEwNTA1MzQwMFoXDTI0MDEwNTA2MzcwMFowITEPMA0G
A1UECxMGY2xpZW50MQ4wDAYDVQQDEwVhZG1pbjBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABJ8DRUQLsU14yVj+wYLUNASAqaX+fyctWqRUyMK7hmEAPWIzmQIKZXXc
zmJElv0QiC9E+h1KBD15MwOssc2C3FyjgZYwgZMwDgYDVR0PAQH/BAQDAgOoMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBT/cZIuuCQ3oxN47NER11S2vdZDnjAfBgNVHSMEGDAWgBTV3DBTDLLvdHZs
RJ9FuKNG6/AFKjAUBgNVHREEDTALgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAw
RAIgEcb6Sr+7V4ljSlbAu88tSRmedJus3AXU7cqcns9IvvACIFML7VeIJp2pOMRw
zY0HQcyFvzLcOxVBEfwnAuTP6M8l
-----END CERTIFICATE-----
Access Based Control on the chain code requires the attributes to be present in the certificate. Does anybody know what I am doing wrong?
