10. SDK connection certificate configuration

Tags: “SDK,” “Certificate Configuration”

---

When you use the SDK to develop an application, you need to use the certificate file of the node to interact with the node。FISCO BCOS 3.x provides three node deployment modes. The node SDK certificate files in each deployment mode are slightly different(./java_sdk/index.md) For example, describe the correct way to configure the SDK application certificate in each of the three node modes。

Single-group blockchain (Air version) deployment mode

Single Group Blockchain (Air Version) The all-in-one encapsulation mode is used to compile all modules into a binary (process), and a process is a blockchain node。

For installation and deployment of Air version, please refer to: link 。

The configurations related to SDK connection in the node configuration generated by ‘build _ chain.sh’ are as follows:

• SDK connection certificate: Generated by ‘build _ chain.sh’, the client can copy the certificate to establish an SSL connection with the node。

Single Quad Node Air VersionNon-State Secret BlockchainAn example of the configuration file organization for is as follows (files that are not relevant to this article have been ignored):

nodes/
├── 127.0.0.1
│   │.....
│   ├── sdk # SDK Certificate
│   │   ├── ca.crt 		# SSL Connection Root Certificate
│   │   ├── cert.cnf 	# SSL Certificate Configuration
│   │   ├── sdk.crt 	# SSL Connection Certificate
│   │   └── sdk.key 	# SSL certificate private key
│   ├── ......

Single Quad Node Air VersionState Secret BlockchainAn example of the configuration file organization for is as follows (files that are not relevant to this article have been ignored):

nodes/
├── 127.0.0.1
│   │.....
│   ├── sdk # SDK Certificate
│   │   ├── sm_ca.crt 		# State Secret SSL Connection Root Certificate
│   │   ├── sm_ensdk.crt 	# State Secret SSL Encryption Certificate
│   │   ├── sm_ensdk.key	#	State Secret SSL Encryption Certificate Private Key
│   │   ├── sm_sdk.crt		# State Secret SSL Connection Signature Certificate
│   │   ├── sm_sdk.key		# State Secret SSL Connection Signature Certificate Private Key
│   │   └── sm_sdk.nodeid	# State Secret Node ID
│   ├── ......

When using the Java SDK, copy the node SSL certificate to the ‘conf’ directory in the compiled ‘dist’ directory of the project:

Note: For ease of demonstration, the SDK application path here is’ ~ / fisco ‘by default. Please refer to the actual path when using it。

# For the convenience of demonstration, there is a Java SDK application in the ~ / fisco directory, and a blockchain node is built using the build _ chain.sh build script
tree -L 1 ~/fisco
~/fisco
├── java-sdk-demo		# Java SDK Application
├── build_chain.sh 	# build chain script
└── nodes						# Node Directory

# Enter the SDK application directory
# Please refer to the actual SDK application path
cd ~/fisco/java-sdk-demo/

# Compiling an SDK application
bash gradlew build

# When the compilation is complete, the dist folder will be generated in the project root directory
cd dist

# Copy all the certificates of the node into the SDK configuration folder
cp -r ~/fisco/nodes/127.0.0.1/sdk/* ~/fisco/java-sdk-demo/dist/conf

# Done, configure the usage configuration file of the SDK. Have fun:)

Multi-group blockchain (Pro version) deployment mode

Multi-Group Blockchain (Pro version) It consists of RPC, Gateway access layer services, and multiple blockchain node services. One node service represents a group, and the storage uses local RocksDB. All nodes share access layer services。

For installation and deployment of Pro version, please refer to: link 。

On completion Deploy RPC ServiceAfter that, all required configuration files will be generated under ‘generated / rpc / chain’。The configuration of the SSL connection to the SDK is as follows (files unrelated to this article have been ignored):

tree generated/rpc/chain
generated/rpc/chain
├── 172.25.0.3 # Please refer to the actual IP
│   ├── agencyABcosRpcService # RPC Service Directory for Institution A
│   │   ├── sdk               # The SDK certificate directory. The SDK client can copy certificates from this directory to connect to the RPC service
│   │   │   ├── ca.crt				# SSL Connection Root Certificate
│   │   │   ├── cert.cnf			# SSL Certificate Configuration
│   │   │   ├── sdk.crt				# SSL Connection Certificate
│   │   │   └── sdk.key				# SSL certificate private key
│   │   └── ssl               # RPC Service Certificate Directory
│   └── agencyBBcosRpcService # RPC Service Configuration Directory for Institution B
│       ├── config.ini.tmp    # Configuration file for RPC service of institution B
│       ├── sdk               # The SDK certificate directory. The SDK client copies the certificate from this directory to connect to the RPC service
│       │   ├── ca.crt
│       │   ├── cert.cnf
│       │   ├── sdk.crt
│       │   └── sdk.key
│       └── ssl              # RPC Service Certificate Directory
└── ca                       # CA Certificate Directory

When using the Java SDK, copy the node SSL certificate to the ‘conf’ directory in the compiled ‘dist’ directory of the project:

Note: For ease of demonstration, the SDK application path here is’ ~ / fisco ‘by default. Please refer to the actual path when using it。

# For the convenience of demonstration, there is a Java SDK application in the ~ / fisco directory, and a blockchain node is built using the build _ chain.sh build script
tree -L 2 ~/fisco
~/fisco
├── java-sdk-demo		# Java SDK Application
└── BcosBuilder
    ├── build_chain.py
    ├── conf
    ├── docker
    ├── generated		# Generate Node Directory
    ├── requirements.txt
    └── src

# Enter the SDK application directory
# Please refer to the actual SDK application path
cd ~/fisco/java-sdk-demo/

# Compiling an SDK application
bash gradlew build

# When the compilation is complete, the dist folder will be generated in the project root directory
cd dist

# Copy all the certificates of the node into the SDK configuration folder
cp -r ~/fisco/BcosBuilder/generated/rpc/chain0/agencyABcosRpcService/172.25.0.3/sdk/* ~/fisco/java-sdk-demo/dist/conf

# Done, configure the usage configuration file of the SDK. Have fun:)

Appendix: Identifying the Cryptographic Environment Type of Blockchain (Non-State Secret / State Secret)

In the Air version mode and the Pro version mode, the node configuration file ‘config.ini’ is generated after the blockchain node is built。From the file ‘config.ini’, you can determine whether the password box environment type of the current blockchain is national secret or non-national secret。

Since the SDK is directly connected to the RPC module of the blockchain node, we only need to pay attention to the RPC configuration here:

[rpc]
    listen_ip=0.0.0.0
    listen_port=20200
    thread_count=4
    ; whether ssl uses state secret mode to connect
    sm_ssl=false

For more information about configuring RPC for the Air version, please refer to the following link: Configure RPC

For details of RPC configuration for Pro version, please refer to the link: rpc service