R3 Docs R3 Docs Home

Build and Upload the Member CPI heading-link-icon

This section describes how to build a member Corda identity that has been granted admission to a membership group. Synonym for a virtual node or group member. CPI Corda Package Installer. A signed ZIP/JAR combination of a CPB and a Group Policy File that defines not only the application code that a virtual node will run, but also the details of the MGM with which to register, and the details of network PKI requirements. and upload it to the network. It contains the following:

  1. Set Variables
  2. Generate the Group Policy File
  3. Create the CPI File
  4. Import Code Signing Certificates
  5. Upload the CPI

Set the values of variables for use in later commands:

  1. Set the P2P gateway host and port and the REST API host and port. For example:

    export REST_API_HOST=localhost
export REST_API_PORT=8888
export P2P_GATEWAY_HOST=localhost
export P2P_GATEWAY_PORT=8080

    $REST_API_HOST = "localhost"
$REST_API_PORT = 8888
$P2P_GATEWAY_HOST = "localhost"
$P2P_GATEWAY_PORT = 8080

    These values vary depending on where you have deployed your clusters A complete set of worker processes. Clusters require a fully functioning virtual node infrastructure. and how you have forwarded the ports. For example, if corda-p2p-gateway-worker is the name of the P2P gateway Kubernetes A powerful tool for managing containerized applications at scale, making it easier for teams to deploy and manage their applications with high reliability and efficiency. service and corda-cluster-a is the namespace that the Corda cluster is deployed within, set $P2P_GATEWAY_HOST to corda-p2p-gateway-worker.corda-cluster-a. Alternatively, you can specify the IP address of the gateway, instead of the hostname; for example, 192.168.0.1.

    If you are using an Ingress service in front of the P2P gateway, the hostname should be one of the values under hosts and the port set to 443 (the default port for HTTPS).

  2. Set the REST API URL. This may vary depending on where you have deployed your cluster(s) and how you have forwarded the ports.

    export REST_API_URL="https://$REST_API_HOST:$REST_API_PORT/api/v5_1"

    $REST_API_URL = "https://${REST_API_HOST}:${REST_API_PORT}/api/v5_1"

  3. Set the authentication information for the REST API:

    export REST_API_USER="<username>"
export REST_API_PASSWORD="<password>"

     $REST_API_USER = "<username>"
 $REST_API_PASSWORD = "<password>"
 $AUTH_INFO = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("${REST_API_USER}:${REST_API_PASSWORD}" -f $username,$password)))

  4. Set the working directory for storing temporary files.

    export WORK_DIR=creating-members-cpi
mkdir -p "$WORK_DIR"

    $WORK_DIR = "creating-members-cpi"
md $WORK_DIR

To join a group, members must use a group policy A JSON file containing network information that is bundled with a CPB to create a CPI. file exported from the MGM Membership Group Manager. May also be referred to as the Network Manager. It is a virtual node and Corda identity that acts as a central registrar for group membership. of that group. To retrieve the GroupPolicy.json file from the MGM:

export MGM_REST_HOST=localhost
export MGM_REST_PORT=8888
export MGM_REST_URL="https://$MGM_REST_HOST:$MGM_REST_PORT/api/v5_1"
export MGM_HOLDING_ID=<MGM-holding-ID>

$MGM_REST_HOST = "localhost"
$MGM_REST_PORT = "8888"
$MGM_REST_URL = "https://$MGM_REST_HOST:$MGM_REST_PORT/api/v5_1"
$MGM_HOLDING_ID = <MGM-holding-ID>
Invoke-RestMethod -SkipCertificateCheck  -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Uri "$MGM_REST_URL/mgm/$MGM_HOLDING_ID/info" | ConvertTo-Json -Depth 4 > $WORK_DIR/GroupPolicy.json
If using Bash, create the GroupPolicy.json by exporting it using the MGM, by running this Curl command:

curl -k -u $REST_API_USER:$REST_API_PASSWORD -X GET $MGM_REST_URL/mgm/$MGM_HOLDING_ID/info > "$WORK_DIR/GroupPolicy.json"

Build a CPI using the Corda CLI A command line tool that supports various Corda-related tasks, including Corda Package Installer (CPI) creation and Corda cluster management. , passing in the member CPB, the GroupPolicy.json file exported from the MGM, and the details of the keystore certificate used to sign the CPB.

./corda-cli.sh package create-cpi \
 --cpb <CPB_FILE> \
 --group-policy <GROUP_POLICY_FILE_> \
 --cpi-name "<CPI_Name>" \
 --cpi-version "1.0.0.0-SNAPSHOT" \
 --file <CPI_FILE_NAME> \
 --keystore <SIGNING_KEY> \
 --storepass "<SIGNING_KEY_PASSWORD>" \
 --key "<SIGNING_KEY_NAME>"

corda-cli.cmd package create-cpi `
 --cpb <CPB_FILE> `
 --group-policy <GROUP_POLICY_FILE_> `
 --cpi-name "<CPI_Name>" `
 --cpi-version "1.0.0.0-SNAPSHOT" `
 --file <CPI_FILE_NAME>`
 --keystore <SIGNING_KEY> `
 --storepass "<SIGNING_KEY_PASSWORD>" `
 --key "<SIGNING_KEY_NAME>"

Corda validates that uploaded CPIs are signed with a trusted key. To trust your signing keys:

  1. Export the signing key certificate from the keystore:

    keytool -exportcert -rfc -alias "<key-alias>" -keystore <signingkeys.pfx> -storepass "<keystore-password>" -file <signingkey1.pem>

  2. Import the signing key into Corda:

    curl -k -u $REST_API_USER:$REST_API_PASSWORD -X PUT -F alias="<unique-key-alias>" -F certificate=@<signingkey1.pem> $REST_API_URL/certificates/cluster/code-signer

    Invoke-RestMethod -SkipCertificateCheck  -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Method Put -Uri "$REST_API_URL/certificates/cluster/code-signer"  -Form @{
certificate=@<signingkey1.pem>
alias="<unique-key-alias>"
}

To upload the CPI to the network, run the following:

export CPI_PATH="$WORK_DIR\mgm-5.1.0.0-SNAPSHOT-package.cpi"
curl -k -u $REST_API_USER:$REST_API_PASSWORD -F upload=@$CPI_PATH $REST_API_URL/cpi/

$CPI_PATH = "$WORK_DIR\mgm-5.1.0.0-SNAPSHOT-package.cpi"
$CPI_UPLOAD_RESPONSE = Invoke-RestMethod -SkipCertificateCheck  -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Uri "$REST_API_URL/cpi/" -Method Post -Form @{
    upload = Get-Item -Path $CPI_PATH
}

The returned identifier (for example f0a0f381-e0d6-49d2-abba-6094992cef02) is the CPI ID. Use this identifier to get the checksum of the CPI:

export CPI_ID=<CPI-ID>
curl -k -u $REST_API_USER:$REST_API_PASSWORD $REST_API_URL/cpi/status/$CPI_ID

$CPI_ID = $CPI_UPLOAD_RESPONSE.id
$CPI_STATUS_RESPONSE = Invoke-RestMethod -SkipCertificateCheck  -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Uri "$REST_API_URL/cpi/status/$CPI_ID"

The result contains the cpiFileChecksum. You need this to create the member virtual node.

Previous
Onboarding Members
Next
Create a Virtual Node for the Member

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Chat with us
Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

Learn how

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Chat with us
Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Create a new issue
Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

Learn how