The following steps show how to setup Firefly MTLS Data Exchange for two organizations named org-a and org-b running on localhost.

org-a will use port 3000 for API and port 3001 for P2P. org-b will use port 4000 for API and port 4001 for P2P. Each organization will have its own private key and self-signed certificate.

Open a command line window and set the following environment variables, assigning an appropriate location to DATA_DIRECTORY. This is where configuration and certificate files will reside:

export DATA_DIRECTORY=/data-a
export LOG_LEVEL=info

Create config.json in the data directory and set its content to:

{
  "$schema": "../../src/schemas/config.json",
  "api": {
    "hostname": "0.0.0.0",
    "port": 3000
  },
  "p2p": {
    "hostname": "0.0.0.0",
    "port": 3001
  },
  "apiKey": "xxxxx",
  "peers": [
    {
      "id": "org-b",
      "endpoint": "https://localhost:4001"
    }
  ]
}

Based on this configuration:

• API will be accessed via 0.0.0.0:3000
• P2P communications will use 0.0.0.0:3001
• The API key will be set to xxxxx (this is optional)
• There is one peer named org-b whose P2P endpoint is https://localhost:4001

In the data directory, run the following command:

openssl req -new -x509 -nodes -days 365 -subj '/CN=localhost/O=org-a' -keyout key.pem -out cert.pem

This will generate files key.pem and cert.pem. Notice that the common name is localhost while the organization name is org-a.

Open a second command line window and set the following environment variables, assigning an appropriate location to DATA_DIRECTORY. This is where configuration and certificate files will reside:

export DATA_DIRECTORY=/data-b
export LOG_LEVEL=info

{
  "$schema": "../../src/schemas/config.json",
  "api": {
    "hostname": "0.0.0.0",
    "port": 4000
  },
  "p2p": {
    "hostname": "0.0.0.0",
    "port": 4001
  },
  "apiKey": "xxxxx",
  "peers": [
    {
      "id": "org-b",
      "endpoint": "https://0.0.0.0:3001"
    }
  ]
}

Based on this configuration:

• API will be accessed via 0.0.0.0:4000
• P2P communications will use 0.0.0.0:4001
• The API key will be set to xxxxx (this is optional)
• There is one peer named org-a whose P2P endpoint is https://localhost:3001

openssl req -new -x509 -nodes -days 365 -subj '/CN=localhost/O=org-b' -keyout key.pem -out cert.pem

This will generate files key.pem and cert.pem. Notice that the common name is localhost while the organization name is org-b.

• Copy /org-a/cert.pem to /org-b/peer-certs/org-a.pem.
• Copy /org-b/cert.pem to /org-a/peer-certs/org-b.pem.

This will make it possible for the organizations to establish MTLS communications with each other.

• Run npm run build.
• In the command line window for org-a run npm start
• In the command line window for org-b run npm start

• Open a new web browser window and navigate to http://localhost:3000
• Open another web browser window and navigate to http://localhost:4000

• After receiving a websocket message, a commit must be sent in order to receive the next one:

  { "action": "commit" }
  

• Messages arrive in the same order they were sent
• Up to 1,000 messages will be queued

Generate CA key and cert:

openssl req -new -x509 -nodes -days 365 -subj '/CN=blob-exchange-ca' -keyout ca-key.pem -out ca.crt

Generate org-a key:

openssl genrsa -out org-a.key 2048

Generate org-a CSR:

openssl req -new -key org-a.key -subj '/CN=localhost,O=org-a' -out org-a.csr

Create signed certificate using CSR, CA

openssl x509 -req -in org-a.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365 -out org-a.crt

Generate org-b key:

openssl genrsa -out org-b.key 2048

Generate org-b CSR:

openssl req -new -key org-b.key -subj '/CN=localhost,O=org-b' -out org-b.csr

Create signed certificate using CSR, CA

openssl x509 -req -in org-b.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365 -out org-b.crt