3

I am using balance transfer application with custom chaincode, when I use endorsement policy '1-of':[{ 'signed-by': 0 }, { 'signed-by': 1 }] then every thing works fine however if I use '2-of':[{ 'signed-by': 0 }, { 'signed-by': 1 }] invoke transaction fails with below error:

Fabric Peer Error log:

Validate -> ERRO 078 VSCC error: stateBasedValidator.Validate failed, err validation of endorsement policy for chaincode mycc in tx 4:0 failed: signature set did not satisfy policy 2019-01-02 07:24:40.782 UTC [committer.txvalidator] validateTx -> ERRO 079 VSCCValidateTx for transaction txId = 815553b7cabb383f59d4abd3c2bdc3deda5b74169048e3b3b837f46adbd85099 returned error: validation of endorsement policy for chaincode mycc in tx 4:0 failed: signature set did not satisfy policy

Node-SDK logs show the following

[2019-01-02 02:24:40.826] [ERROR] invoke-chaincode - The invoke chaincode transaction was invalid, code:ENDORSEMENT_POLICY_FAILURE [2019-01-02 02:24:40.827] [ERROR] invoke-chaincode - Error: The invoke chaincode transaction was invalid, code:ENDORSEMENT_POLICY_FAILURE

Any help in resolving this will be very helpful

Hiren Gohel
  • 4,942
  • 6
  • 29
  • 48
Sanket
  • 49
  • 2
  • Are you submitting request proposals to peers from both of the orgs? I believe balance transfer only requests endorsement from a peer from one org not from both. – Gari Singh Jan 06 '19 at 11:14
  • Hi Gari Singh, This is how my request looks Invoke Transaction: http://localhost:4000/channels/mychannel/chaincodes/mycc \ -H "authorization: Bearer $ORG1_TOKEN" \ -H "content-type: application/json" \ -d '{ "peers": ["peer0.org1.example.com","peer1.org2.example.com"], "fcn":"invoke", "operation":"commit", "args": ["commit","true","a","b","c"] }') So essentially i am sending the request to peers of both orgs. I will try with just one org at a time and share the response. Thanks – Sanket Jan 07 '19 at 05:09
  • Hi Gari Singh I tried with sending request to peer of one org but still the same issue. ENDORSEMENT FAILURE Here is the endorsement policy by default 'endorsement-policy': { identities: [ { role: { name: 'member', mspId: 'Org1MSP' }}, { role: { name: 'member', mspId: 'Org2MSP' }} ], policy: { '2-of':[{ 'signed-by': 0 }, { 'signed-by': 1 }] } } – Sanket Jan 08 '19 at 04:07
  • Hi @GariSingh I have uploaded my code to github [link](https://github.com/psanket/balance-transfer-modified) – Sanket Jan 10 '19 at 05:09
  • Hi @GariSingh The code that i am using is uploaded here https://github.com/psanket/balance-transfer-modified – Sanket Jan 10 '19 at 05:10

1 Answers1

2

I ran the environment on my own system and determined that it is not an issue with the chaincode, but rather an issue with the invoke requests that is being sent.

So the invoke request being made in testAPI.sh and testInvoke.sh is

TRX_ID=$(curl -s -X POST \
  http://localhost:4000/channels/mychannel/chaincodes/mycc \
  -H "authorization: Bearer $ORG1_TOKEN" \
  -H "content-type: application/json" \
  -d '{
    "peers":  **["peer0.org1.example.com","peer1.org1.example.com"]**,
    "fcn":"invoke",
    "operation":"commit",
    "args": ["commitPrivate","uuid3","uuid2-Owner"]
}')

What we can see is that the endorsements are being sent to both peers in org 1 and none in org 2. However, the 2-of policy is not saying that it needs 2 signature from any peers in org 1 and org 2, but instead that it needs a signature from a peers in org 1 and org 2. We can see this from the documentation for endorsement policies, https://hyperledger-fabric.readthedocs.io/en/latest/endorsement-policies.html#endorsement-policy-syntax.

Similarly, OutOf(2, 'Org1.member', 'Org2.member') is equivalent to AND('Org1.member', 'Org2.member')

So if you change your request to

TRX_ID=$(curl -s -X POST \
  http://localhost:4000/channels/mychannel/chaincodes/mycc \
  -H "authorization: Bearer $ORG1_TOKEN" \
  -H "content-type: application/json" \
  -d '{
    "peers":  **["peer0.org1.example.com","peer1.org2.example.com"]**,
    "fcn":"invoke",
    "operation":"commit",
    "args": ["commitPrivate","uuid3","uuid2-Owner"]
}')

it will work.

mathisonryan
  • 21
  • 2