# PK妯″紡闀垮畨閾句粙缁�

## Public閫傜敤鍦烘櫙璇存槑

鍦ㄩ暱瀹夐摼2.X鐗堟湰涓�, 鎴戜滑瀹炵幇浜嗕笁绉嶈韩浠芥潈闄愮鐞嗘ā鍨嬶細

* PermissionedWithCert锛氬熀浜庢暟瀛楄瘉涔︾殑鐢ㄦ埛鏍囪瘑浣撶郴銆佸熀浜庤鑹茬殑鏉冮檺鎺у埗浣撶郴;
* PermissionedWithKey锛氬熀浜庡叕閽ョ殑鐢ㄦ埛鏍囪瘑浣撶郴銆佸熀浜庤鑹茬殑鏉冮檺鎺у埗浣撶郴銆�
* Public锛氬熀浜庡叕閽ョ殑鐢ㄦ埛鏍囪瘑浣撶郴銆佸熀浜庤鑹茬殑鏉冮檺鎺у埗浣撶郴銆�

鍏朵腑锛孭ermissionedWithCert鍜孭ermissionedWithKey妯″紡闈㈠悜寮烘潈闄愭帶鍒跺満鏅�(鑱旂洘閾�)锛孭ublic妯″紡闈㈠悜寮辨潈闄愭帶鍒跺満鏅�(鍏摼)

### 涓嶅悓閾捐处鎴锋ā寮忓姣�

| 瀵规瘮椤筡韬唤妯″紡 | PermissionWithCert                  | Public                     | PermissionWithKey           |
|----------|-------------------------------------|----------------------------|-----------------------------|
| 妯″紡鍚嶇О     | [璇佷功妯″紡](./Cert妯″紡闀垮畨閾句粙缁�.html)          | [鍏挜妯″紡](./PK妯″紡闀垮畨閾句粙缁�.html)   | [鍏挜娉ㄥ唽妯″紡](./PWK妯″紡闀垮畨閾句粙缁�.html) |
| 妯″紡绠€绉�     | cert妯″紡                              | pk妯″紡                       | pwk妯″紡                       |
| 璐︽埛绫诲瀷     | 鑺傜偣璐︽埛(鍏辫瘑鑺傜偣銆佸悓姝ヨ妭鐐广€佽交鑺傜偣), 鐢ㄦ埛璐︽埛(绠$悊鍛樸€佹櫘閫氱敤鎴�) | 鑺傜偣璐︽埛(鍏辫瘑鑺傜偣), 鐢ㄦ埛璐︽埛(绠$悊鍛樸€佹櫘閫氱敤鎴�) | 鍚岃瘉涔︽ā寮�                       | 
| 璐︽埛鏍囪瘑     | 鏁板瓧璇佷功                                | 鍏挜/鍦板潃                      | 鍏挜/鍦板潃                       | 
| 鏄惁闇€瑕佸噯鍏�   | 鏄紝璇佷功闇€瑕丆A绛惧彂                          | 鍚︼紝鏅€氱敤鎴峰彲鐩存帴璋冪敤鍚堢害              | 鏄紝璐︽埛闇€瑕佺鐞嗗憳鍦ㄩ摼涓婃敞鍐�              |
| 璐︽埛涓庣粍缁囧叧绯�  | 璐︽埛灞炰簬鏌愪釜缁勭粐                            | 璐︽埛鏃犵粍缁囨蹇�                    | 璐︽埛灞炰簬鏌愪釜缁勭粐                    |  
| 閫傜敤閾剧被鍨�    | 鑱旂洘閾�                                 | 鍏摼                         | 鑱旂洘閾�                         |
| 鍏辫瘑绠楁硶     | TBFT銆丷AFT銆丮axBFT                    | TBFT銆丏POS                  | TBFT銆丷AFT                   |

鍦≒ublic锛�**鍏挜**锛夎处鎴锋ā寮忎笅锛屼竴鏉¢摼浠呭瓨鍦ㄤ竴涓粯璁ょ粍缁囷紙public锛夛紝鍦ㄩ厤缃枃浠讹紙bc.yml锛夌殑`trust roots` 瀛楁涓畾涔夌鐞嗗憳鍏挜,鍦╜consensus`閲屽畾涔夌粍缁囩殑鍏辫瘑鑺傜偣鍒楄〃锛屼竴鏉¢摼鍙互鏈夊涓摼绠$悊鍛樸€佸涓叡璇嗚妭鐐广€傛櫘閫氱敤鎴峰姞鍏ユ病鏈夐棬妲涳紝浠绘剰鍏閽ュ垱寤虹殑閾捐处鎴烽兘鍙互鎴愪负閾剧殑鏅€氱敤鎴�,濡備笅鍥炬墍绀猴細

<img loading="lazy" src="../images/Identity-UserSystem-public.png" style="zoom:70%;" />

## 璐︽埛瑙掕壊涓庢潈闄愯鏄�
### 瑙掕壊绫诲瀷

<span id="role_type"></span>

闀垮畨閾句腑锛屽畾涔変簡浠ヤ笅鍑犵瑙掕壊绫诲瀷锛�

- 鍏辫瘑鑺傜偣 `consensus`锛氭湁鏉冨弬涓庡尯鍧楀叡璇嗘祦绋嬬殑閾句笂鑺傜偣锛�
- 绠$悊鍛� `admin`锛氬彲浠h〃缁勭粐杩涜閾句笂娌荤悊鐨勭敤鎴凤紱
- 鏅€氱敤鎴� `client`锛氭棤鏉冭繘琛岄摼涓婃不鐞嗭紝浣嗗彲鍙戦€佸拰鏌ヨ浜ゆ槗鐨勭敤鎴枫€�

### 鏉冮檺璇存槑
鏉冮檺鏍囪瘑鏂规硶锛氶噰鐢�**鍏挜**鐨勬爣璇嗘柟寮忥紝鑳藉閬垮厤鍍忔暟瀛楄瘉涔︿綋绯婚偅鏍风箒鐞愮殑绛惧彂娴佺▼锛屼娇鐢ㄦ埛鍔犲叆鍖哄潡閾剧綉缁滄洿鍔犵畝鍗曞揩鎹凤紝浣嗘棤娉曟壙杞界敤鎴锋垨鑺傜偣鐨勭粍缁囦俊鎭互鍙婅鑹蹭俊鎭€�

鏉冮檺绠$悊鍙婁慨鏀瑰彲鍙傝€冿細[鏉冮檺绠$悊](绠$悊PK璐︽埛妯″紡鐨勯摼.html#鏉冮檺绠$悊)


## 閾鹃厤缃枃浠惰鏄�

### 鍒涗笘鍧楅厤缃枃浠惰鏄�

**閰嶇疆鏂囦欢锛歜c.yml**

- auth_type锛氳韩浠芥ā寮�

  public锛氶潰鍚戝急鏉冮檺鎺у埗鍦烘櫙锛屽熀浜庡叕閽ョ殑鐢ㄦ埛鏍囪瘑浣撶郴銆佸熀浜庤鑹茬殑鏉冮檺鎺у埗浣撶郴銆�

* consensus锛氬叡璇嗛厤缃�

  - nodes锛氬叡璇嗚妭鐐瑰垪琛�

    **TBFT鍏辫瘑妯″紡闇€瑕侀厤缃叡璇嗚妭鐐瑰垪琛紝DPOS鍏辫瘑妯″紡涓嶉渶瑕侀厤缃€�**

* trust_roots锛氫俊浠绘牴閰嶇疆鍒楄〃

  **榛樿鍙娇鐢ㄥ垪琛ㄤ笅绗竴涓厤缃�**

  - org_id锛歱ublic妯″紡閰嶇疆鏍囪瘑锛堥渶瑕佸~鍐檖ublic锛�

  ```yaml
  org_id: "public"
  ```

  - root锛氶摼绠$悊鍛樺叕閽ユ墍鍦ㄨ矾寰勫垪琛�

### 鍒涗笘鍧楅厤缃枃浠剁ず渚�


```yaml
chain_id: chain1                      # 閾炬爣璇�
version: v1.0.0                       # 閾剧増鏈�
sequence: 0                           # 閰嶇疆鐗堟湰
auth_type: "public"                   # 璁よ瘉绫诲瀷 permissionedWithCert / permissionedWithKey / public

crypto:
  hash: SHA256

# 鍚堢害鏀寔绫诲瀷鐨勯厤缃�
contract:
  enable_sql_support: false

# 浜ゆ槗銆佸尯鍧楃浉鍏抽厤缃�
block:
  tx_timestamp_verify: true # 鏄惁闇€瑕佸紑鍚氦鏄撴椂闂存埑鏍¢獙
  tx_timeout: 600  # 浜ゆ槗鏃堕棿鎴崇殑杩囨湡鏃堕棿(绉�)
  block_tx_capacity: 100  # 鍖哄潡涓渶澶т氦鏄撴暟
  block_size: 10  # 鍖哄潡鏈€澶ч檺鍒讹紝鍗曚綅MB
  block_interval: 2000 # 鍑哄潡闂撮殧锛屽崟浣�:ms

# core妯″潡
core:
  tx_scheduler_timeout: 10 #  [0, 60] 浜ゆ槗璋冨害鍣ㄤ粠浜ゆ槗姹犳嬁鍒颁氦鏄撳悗, 杩涜璋冨害鐨勬椂闂�
  tx_scheduler_validate_timeout: 10 # [0, 60] 浜ゆ槗璋冨害鍣ㄤ粠鍖哄潡涓嬁鍒颁氦鏄撳悗, 杩涜楠岃瘉鐨勮秴鏃舵椂闂�
  consensus_turbo_config:
    consensus_message_turbo: false # 鏄惁寮€鍚叡璇嗘姤鏂囧帇缂�
    retry_time: 500 # 鏍规嵁浜ゆ槗ID鍒楄〃浠庝氦鏄撴睜鑾峰彇浜ゆ槗鐨勯噸璇曟鏁�
    retry_interval: 20 # 閲嶈瘯闂撮殧锛屽崟浣�:ms

#鍏辫瘑閰嶇疆
consensus:
  # 鍏辫瘑绫诲瀷(0-SOLO,1-TBFT,2-MBFT,3-HOTSTUFF,4-RAFT,5-DPOS)
  type: 5
  ext_config: # 鎵╁睍瀛楁锛岃褰曢毦搴︺€佸鍔辩瓑鍏朵粬绫诲叡璇嗙畻娉曢厤缃�
    - key: aa
      value: chain01_ext11
  dpos_config: # DPoS
    #ERC20鍚堢害閰嶇疆
    - key: erc20.total
      value: "10000000"
    - key: erc20.owner
      value: "6CeSsjU5M62Ee3Gx9umUX6nXJoaBkWYufQdTZqEJM5di"
    - key: erc20.decimals
      value: "18"
    - key: erc20.account:DPOS_STAKE
      value: "10000000"
    #Stake鍚堢害閰嶇疆
    - key: stake.minSelfDelegation
      value: "2500000"
    - key: stake.epochValidatorNum
      value: "4"
    - key: stake.epochBlockNum
      value: "10"
    - key: stake.completionUnbondingEpochNum
      value: "1"
    - key: stake.candidate:6CeSsjU5M62Ee3Gx9umUX6nXJoaBkWYufQdTZqEJM5di
      value: "2500000"
    - key: stake.candidate:F5tJ4ca4vdbuyffpc1Szw3WHU3caGaTVAh52MRMS4qBt
      value: "2500000"
    - key: stake.candidate:FxfunVWGkKgYMjngxMtLkd4pUNYVNAHNAqiDqopg5zdw
      value: "2500000"
    - key: stake.candidate:DYt7DfcZnqKNpjgyJ6tU6GFixNfLMkkmnqdwB3NNiAP7
      value: "2500000"

    - key: stake.nodeID:6CeSsjU5M62Ee3Gx9umUX6nXJoaBkWYufQdTZqEJM5di
      value: "QmZcFcJFYYoZ3FNNGL88QaszUZwFwuBdFqYh6yPzJURc3s"
    - key: stake.nodeID:F5tJ4ca4vdbuyffpc1Szw3WHU3caGaTVAh52MRMS4qBt
      value: "QmXwtuPemSgH5ypzoKvcLdCLbd9jZ25FbpNf7VPjHF3HMS"
    - key: stake.nodeID:FxfunVWGkKgYMjngxMtLkd4pUNYVNAHNAqiDqopg5zdw
      value: "QmRmQLHJoqAYGkuLFaNY6HLzwtTNxr45UJsYpSjdKvBQw2"
    - key: stake.nodeID:DYt7DfcZnqKNpjgyJ6tU6GFixNfLMkkmnqdwB3NNiAP7
      value: "QmURUHTGsuzzjgh1Xg6s92G1Q3gK91A6JEZGPfYNWwJMiT"

# 瓒呯骇绠$悊鍛�
trust_roots:
  - org_id: "public"
    root:
      - "../config-pk/public/admin/admin1/admin1.pem"
      - "../config-pk/public/admin/admin2/admin2.pem"
      - "../config-pk/public/admin/admin3/admin3.pem"
      - "../config-pk/public/admin/admin4/admin4.pem"
```



### 鑺傜偣閰嶇疆鏂囦欢璇存槑

**閰嶇疆鏂囦欢锛歝hainmaker.yml**

- auth_type锛氳韩浠芥ā寮�

  public锛氶潰鍚戝急鏉冮檺鎺у埗鍦烘櫙锛屽熀浜庡叕閽ョ殑鐢ㄦ埛鏍囪瘑浣撶郴銆佸熀浜庤鑹茬殑鏉冮檺鎺у埗浣撶郴銆�

- node锛氳妭鐐归厤缃�

  - priv_key_file锛氳妭鐐圭閽ュ湴鍧€
  - cert_file锛氫笉闇€瑕侀厤缃�

- net锛氱綉缁滈厤缃�

  - tls锛歍LS閰嶇疆
    - priv_key_file锛氳妭鐐圭閽ュ湴鍧€
    - cert_file锛氫笉闇€瑕侀厤缃�

**娉細node鍜宯et閲岄渶瑕侀厤缃悓涓€涓閽ョ殑鍦板潃**銆�

### 鑺傜偣閰嶇疆鏂囦欢绀轰緥


```yaml
auth_type: "public"                                                        # permissionedWithCert / permissionedWithKey / public

log:
  config_file: ../config-pk/public/node/node1/log.yml                           # config file of logger configuration.

blockchain:
  - chainId: chain1
    genesis: ../config-pk/public/node/node1/chainconfig/bc1.yml

node:
  # 鑺傜偣绫诲瀷锛歠ull
  type:              full
  org_id:            wx-org1.chainmaker.org
  priv_key_file:     ../config-pk/public/node/node1/node1.key
  signer_cache_size: 1000
  cert_cache_size:   1000

net:
  provider: LibP2P
  listen_addr: /ip4/0.0.0.0/tcp/11351
  seeds:
    - "/ip4/127.0.0.1/tcp/11351/p2p/QmZcFcJFYYoZ3FNNGL88QaszUZwFwuBdFqYh6yPzJURc3s"
    - "/ip4/127.0.0.1/tcp/11352/p2p/QmXwtuPemSgH5ypzoKvcLdCLbd9jZ25FbpNf7VPjHF3HMS"
    - "/ip4/127.0.0.1/tcp/11353/p2p/QmRmQLHJoqAYGkuLFaNY6HLzwtTNxr45UJsYpSjdKvBQw2"
    - "/ip4/127.0.0.1/tcp/11354/p2p/QmURUHTGsuzzjgh1Xg6s92G1Q3gK91A6JEZGPfYNWwJMiT"
  tls:
    enabled: true
    priv_key_file: ../config-pk/public/node/node1/node1.key

txpool:
  max_txpool_size: 5120 # 鏅€氫氦鏄撴睜涓婇檺
  max_config_txpool_size: 10 # config浜ゆ槗姹犵殑涓婇檺
  full_notify_again_time: 30 # 浜ゆ槗姹犳孩鍑哄悗锛屽啀娆¢€氱煡鐨勬椂闂撮棿闅�(绉�)

rpc:
  provider: grpc
  port: 12301
  tls:
    # TLS妯″紡:
    #   disable - 涓嶅惎鐢═LS
    #   oneway  - 鍗曞悜璁よ瘉
    #   twoway  - 鍙屽悜璁よ瘉
    #mode: disable
    #mode: oneway
    mode: disable

monitor:
  enabled: false
  port: 14321

pprof:
  enabled: false
  port: 24321

storage:
  store_path: ../data/node1/ledgerData1
  blockdb_config:
    provider: leveldb
    leveldb_config:
      store_path: ../data/node1/blocks
  statedb_config:
    provider: leveldb
    leveldb_config:
      store_path: ../data/node1/state
  historydb_config:
    provider: leveldb
    leveldb_config:
      store_path: ../data/node1/history
  resultdb_config:
    provider: leveldb
    leveldb_config:
      store_path: ../data/node1/result
  disable_contract_eventdb: true  #鏄惁绂佹鍚堢害浜嬩欢瀛樺偍鍔熻兘锛岄粯璁や负true锛屽鏋滆缃负false,闇€瑕侀厤缃甿ysql
  contract_eventdb_config:
    provider: sql                 #濡傛灉寮€鍚痗ontract event db 鍔熻兘锛岄渶瑕佹寚瀹歱rovider涓簊ql
    sqldb_config:
      sqldb_type: mysql           #contract event db 鍙敮鎸乵ysql
      dsn: root:password@tcp(127.0.0.1:3306)/  #mysql鐨勮繛鎺ヤ俊鎭紝鍖呮嫭鐢ㄦ埛鍚嶃€佸瘑鐮併€乮p銆乸ort绛夛紝绀轰緥锛歳oot:admin@tcp(127.0.0.1:3306)/
debug:
  # 鏄惁寮€鍚疌LI鍔熻兘锛岃繃搴︽湡闂翠娇鐢�
  is_cli_open: true
  is_http_open: false
```