Install, Configure, and Deploy the Solution

To implement this solution, there are three main areas to work on as described in the following section.

1. Blockchain infrastructure preparation.
2. Development and deployment of the smart contract.
3. Creation of the application(s) which will make use of our smart contract.

Description of the illustration oci_blockchain_cms_plan.png

oracle-blockchain-cms-plan-oracle.zip

Create a Hyperledger Fabric network, which initially will be composed of one single organization, but can be easily scaled to as many members as you need.

Then, we will proceed to create the smart contract to handle the logic needed to persist and manage into blockchain the entities required by our business use case.

Once the smart contract project gets created, we will install and deploy it into the blockchain network we created before, then we will configure the accounts, enrollments, and finally we will execute the initialization of the smartcontract and its NFTs.

At this point, the smart contract methods have already been published through the API Gateway of our Oracle Blockchain instance, also known as RESTPROXY, so they are ready to be used by the client applications, in our case the Web Application we have already created with VBCS, and we will provide in the last section.

Next to last step is the creation of the OCI Storage Bucket where the documents will be stored, and finally, last step is reconfiguration of the VBCS sample application to point to our newly created Blockchain Network and the new bucket configured in our tenancy. Once all the reconfiguration is done, application will be deployed into our tenancy.

Create an Oracle Blockchain Network

For the creation of a Hyperledger Fabric (HLF) network based in Oracle Blockchain, we are using the Oracle Blockchain Cloud Service.

We are going to create a single instance HLF network, as per the use case we can show the functionality within one single organization belonging to the network. New organizations can join the network by incorporating their own Blockchain instance, allowing new users from these organizations to own their folders, or review content from existing folders owned by other members.

Create the Founder Instance

1. In the OCI services menu, select Developer Services and click Blockchain Platform.
2. From the compartment combo selector located in the left side of the OCI Console, ensure the compartment where you want to create the instance is selected.
3. Click Create Blockchain Platform.
4. Give your platform a Display Name (for example, org1), optionally add a Description, and keep the remaining default selections as they are the settings to create a Founder instance, which will be the founder of a new Hyperledger Fabric Network, and using the standard shape, which has exactly the same functionality as the Enterprise shape but at a lower cost, but valid for development work. Click Create.
   The creation of the instance for this Organization (org1) has been submited, and will be ready in a few minutes.

When the Founder instance gets created, you will be able to access the Oracle Blockchain console for this instance by clicking Service Console.

Create a Channel

We need to join the organizations at the channel level to allow communication between the founder and the participant. This action will be executed using the Blockchain service console.

1. From the Blockchain service console of the founder instance (org1), select the Channels tab and click Create a New Channel.
2. Complete the required fields.
   • Set wedocms as your Channel Name or any name based on your preference.
   • Select the options (peer0 and peer1) for the Peers to Join Channel section.
3. Confirm the creation by clicking Yes in the confirmation popup.
   Check that the channel table displays the new channel. Click on the channel name (wedocms) to view channel details. You can see all details about the channel, like transactions saved into the blocks of the ledger, chaincodes deployed in the channel, configured Orderers and Peers, organizations belonging to the channel, and so on.

Create User Accounts

We will use Oracle Identity Cloud Service to create at least one user for each of the departments among the folders can be interchanged. To each of those users, an account will be created to hold in it the different folders they own.

We are going to create the user cmsrsk001 who belongs to the Risks Department, the user cmsfin001 who belongs to the Finance Department, and the user cmsleg001 who belongs to the Legal Department.

1. From the OCI console navigation menu in the top left-hand corner, click Identity & Security, and select the Federation option from the Identity section.
2. Click on the Identity Provider name link.
3. Click Create User.
4. Set as user name the value you want to use for login to the console or as the authorization user name to execute the REST APIs of our smart contract. In the email field, set the email of your OCI account, so you will receive the email to reset the password for this user, and click Create.
5. Click Assign Roles.
6. For the AUTOBLOCKCHAIN service, click the ellipsis on the right and select Manage Instance Access.
7. Depending on the user you have created, assign grants based on the following table, and after assigning the correct roles, click Update Instance Settings. You should see the roles properly assigned.

   Table - Role Assignment

   Username	Instance	Roles
   cmsrsk001	org1	ADMIN, REST_CLIENT
   cmsfin001	org1	ADMIN, REST_CLIENT
   cmsleg001	org1	ADMIN, REST_CLIENT

8. (Optional) You will be asked to send an email to the email address of the user informing the roles which have been granted.
9. During the user creation process, you will receive an email in the email account associated with the recently created user, to reset the password for this user. Use the link provided to set the password of the user just created.

Create Enrollments in the REST Proxy nodes

Oracle Blockchain Platform supports enrollments to the REST proxy. These enrollments are used in chaincodes where FT or NFT tokens exist, to map the identity of the caller to the role executing the transaction. To do this, you must create the relation of the user to the role defined in blockchain, and for simplicity you can name the role as the user.

Each enrollment must be created in the instance where the user with such role is allowed to execute transactions through the REST Proxy on that Blockchain instance. Therefore, enrollment cmsrsk001 assigned to the user cmsrsk001 needs to be created in the REST Proxy node of the founder instance (org1), and the same for the other two users as described in the following table.

Username	Enrollment	Instance
cmsrsk001	cmsrsk001	org1
cmsfin001	cmsfin001	org1
cmsleg001	cmsleg001	org1

1. From the Blockchain service console of the founder instance (org1), navigate to the Nodes tab.
2. Click on the hamburger menu besides restproxy and select View or manage enrollments.
3. Select Create New Enrollment.
4. Set Enrollment ID as cmsrsk001, User ID as cmsrsk001, and click Enroll.

Repeat Step 4 to create enrollments for the other two users: cmsfin001, and cmsleg001. In case users from other organization were created, the enrollments for those users should be created in the REST Proxy of the blockchain instance to which they belong.

Prepare the Oracle Blockchain App Builder development environment

The creation of a Hyperledger Fabric (HLF) smart contract requires knowledge of intrinsics about HLF, how to code in Java, Typescript, or GoLang, and how to deploy and manage the whole lifecycle of the smart contract project.

The Oracle Blockchain App Builder has been created to simplify the creation of a smart contract project, in fact Oracle Blockchain App Builder is a low-code tool which is able to create the whole chaincode project from scratch, excluding any custom code required by your business case. Oracle Blockchain App Builder will also help you in the testing phases, packaging of the project, and also, in the deployment of the chaincode locally in your own computer for unitary testing, or remotely into a real Hyperledger Fabric Network.

Description of the illustration oracle-app-builder.png

oracle-app-builder-oracle.zip

The Oracle Blockchain App Builder has been created in two flavors, you can use it as a command line tool aimed to automate build and deployment steps in CI/CD processes, or you can use it as a Microsoft Visual Code Plugin. Both of them will allow you to execute exactly the same functionality, just select the one you prefer depending on your preferences. Oracle Blockchain App Builder has the following features:

• Development: The Oracle Blockchain App Builder will create the whole chaincode project just creating what is known as a customized specification file. The project will include all the coded entities, all their accessors together with all the CRUD methods to manage those entities, and also the signature of any custom method required for any non-standard or complex business logic required by your application, which will become the only code needed to be manually implemented.
• Deployment: Once the chaincode project is ready to be tested, you can deploy it locally into the pre-configured Hyperledger Fabric Network, or remotely to any existing cloud or on-premises Oracle Blockchain Platform instance. Another option is to package the project to be deployed manually through the Oracle Blockchain console.
• Testing: Once the project has been deployed, you can test any of the auto-generated methods or the custom methods of the chaincode project.
• Debug: In case you are using the Visual Studio Code extension, you will also be able to perform line-by-line debugging of the chaincode.

You can install any of the following two available Oracle Blockchain App Builder versions:

• If you want to use Oracle Blockchain App Builder as a Microsoft Visual Studio plugin, follow the instructions from Install and Configure the Blockchain App Builder Extension for Visual Studio Code.
• If you prefer to use Oracle Blockchain App Builder as a command line tool, follow the instructions from Install and Configure Blockchain App Builder CLI.

If you are not comfortable installing this kind of development tools and all their dependencies, but you have access to Oracle Cloud, you can opt to create a dedicated development box with all these products already installed and prepared to be used in the cloud, and access it remotely. These machines are cost effective because of the compute shape required, and they are only billed while they are up and running.

Oracle LiveLabs has a Lab in which you can deploy a remote machine in minutes, based on a VM image already preconfigured by the Oracle Blockchain development team. For more information, see Developing Low Code Blockchain Applications using Apex and Blockchain App Builder.

Note:

In the Lab, to get a cloud machine ready with Visual Code Studio and the Oracle Blockchain App Builder low code plugin installed on it, you only need to execute the Prepare Setup and Environment Setup steps.

Create and Configure the OCI Object Storage Bucket

We will configure the OCI Object Storage Bucket that will allow you to store and retrieve documents from the Oracle Visual Builder web application.

The actions are executed by the web application in sync with the creation of the hash of the document which will be stored in Blockchain during the upload of the document to the Bucket, and the verification of the validity of the hash when the document is downloaded.

Note:

For more details about how to code a Oracle Visual Builder application to upload or download files from OCI Object Storage, see: Upload / Download files from OCI Storage in a Visual Builder app.

To enable the usage of Buckets through the REST API offered by OCI Object Storage Buckets, we must create an OCI API Key related with user allowed to execute the REST API. Execute the following two configuration tasks to use the OCI Object Storage Buckets in our VBCS Web Application.

To enable the usage of OCI Object Storage Buckets from your Oracle Visual Builder App, you must create an OCI API Key to get access to the OCI Services via REST API.

1. Log in to the OCI Console and click on the Profile icon at the top right of the console to access the user Settings.
2. Scroll down and click API Keys in the Resources menu.
3. Click Add API Key to add a new API Key.
4. Select Generate API Key Pair.

   Note:

   You can use your own public and private keys in pem format, but in this solution playbook, we will use the auto generated keys.
5. Download the Private and Public Keys and mark one .pem file as Public.
6. Click Add.
7. Click in the copy link to copy your OCI API credentials to a text file in your local computer as you will need them for later steps.
8. Click Close.
   You should have a new API key created and you should see the Fingerprint key in the OCI web console. You can access the Config file that you copied before to your desktop by clicking the ellipses in the Fingerprint row and selecting View Config File.

   Note:

   Save the details as you will need some of them together with the private key for the next steps.
9. Create a bucket where our objects will be stored. Navigate to Storage, and then click Buckets.
   For simplicity it can be created as Public, so that it does not require authentication, but you can achieve the same with Private visibility buckets as well.
10. Select a compartment where you want to create the Bucket, and click Create Bucket.
11. In the Create Bucket screen, give a name to the bucket, leave the other configuration parameters as default, and click Create to finish the creation of the bucket.
    The new bucket will display in the selected compartment. Select the bucket name to view details. Click Objects in the left menu to see the objects uploaded to this bucket.