version: 1.0.0
client: //SDK使用的客户端部分 意思就是换客户端 从这里换
organization: org1 //应用程序所属的Org组织名
logging: //日志级别
level: info
cryptoconfig: //指定存储证书所在目录
path: /home/tianzhiwei/go/src/education/conf/crypto-config
//这种方式就是把用户名和密码直接存储在本地的一个文件中,而用户和密码对通过一个别名来引用,这样可以避免密码铭文格式可能会存在的安全问题
credentialStore: //指定密钥存储库
path: “/tmp/state-store”
cryptoStore:
path: /tmp/msp
BCCSP: //为客户端配置BCCSP 密码算法模块 基本都这样写
security:
enabled: true
default:
provider: “SW”
hashAlgorithm: “SHA2”
softVerify: true
level: 256
tlsCerts:
systemCertPool: true //证书池策略,默认为false,提高身份认证速率
client:
key: //客户端密钥路径
path: /home/tianzhiwei/go/src/education/conf/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.key
cert: //证书路径
path: /home/tianzhiwei/go/src/education/conf/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.crt
channels: //指定通道信息
mychannel:
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
endorsingPeer: true //是否为背书节点,默认为true
chaincodeQuery: true //是否接受链码查询,默认为true
ledgerQuery: true //是否接受不需要链码的查询,默认为true
eventSource: true //是否为SDK侦听器注册的目标,默认为true
peer1.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig: //检索通道配置块选项
minResponses: 1 //从目标/peers的最小响应数
maxTargets: 1 //通道配置随机检索目标数量
retryOpts: //查询区块配置的重试选项
attempts: 5 //重试次数
initialBackoff: 500ms //第一次重试的间隔时间
maxBackoff: 5s //重试的最大间隔时间
backoffFactor: 2.0
organizations: //指定网络环境中的组织信息
org1:
mspid: Org1MSP
cryptoPath: peerOrganizations/org1.example.com/users/{username}@org1.example.com/msp
peers:
- peer0.org1.example.com
- peer1.org1.example.com
ordererorg:
mspID: OrdererMSP
cryptoPath: ordererOrganizations/example.com/users/{username}@example.com/msp
orderers:
orderer.example.com:
url: orderer.example.com:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts: //指定orderer列表信息
path: /home/tianzhiwei/go/src/education/conf/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
peers: //不同的请求发送到的peers列表,包括背书、查询、事件监听器注册
peer0.org1.example.com:
url: peer0.org1.example.com:7051
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts: //证书位置的绝对路径
path: /home/tianzhiwei/go/src/education/conf/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
peer1.org1.example.com:
url: peer1.org1.example.com:9051
grpcOptions:
ssl-target-name-override: peer1.org1.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: /home/tianzhiwei/go/src/education/conf/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
#certificateAuthorities: //指定标准证书颁发机构 具体这段咋用还在摸索中
ca.org1.example.com:
url: https://ca.org1.example.com:7054
grpcOptions:
ssl-target-name-override: ca.org1.example.com
tlsCACerts:
path: path/to/tls/cert/for/ca-org1
registrar:
enrollId: usually-it-is_admin
enrollSecret: adminpasswd
caName: ca.org1.example.com
entityMatchers:
peer:
- pattern: (\w+).org1.example.com:(\d+)
urlSubstitutionExp: ${1}.org1.example.com:${2}
sslTargetOverrideUrlSubstitutionExp: ${1}.org1.example.com
mappedHost: peer0.org1.example.com