Skip to content

Commit da0039d

Browse files
adecaroadecaro
committed
[FAB-1929] Customized logger for identities.go
This change-set introduces a different logger for MSP identities. This way, logs generated by that logger can be filtered in the case they are found to contains confidential information. Change-Id: I723f6c7414bab0a04a2c3a00446a88dded1ec1a9 Signed-off-by: Angelo De Caro <[email protected]>
1 parent 132817b commit da0039d

File tree

1 file changed

+15
-15
lines changed

1 file changed

+15
-15
lines changed

msp/identities.go

+15-15
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,13 @@ import (
2727

2828
"github.com/golang/protobuf/proto"
2929
"github.com/hyperledger/fabric/bccsp"
30+
"github.com/hyperledger/fabric/common/flogging"
3031
"github.com/hyperledger/fabric/protos/msp"
3132
"github.com/op/go-logging"
3233
)
3334

35+
var mspIdentityLogger = flogging.MustGetLogger("msp/identity")
36+
3437
type identity struct {
3538
// id contains the identifier (MSPID and identity identifier) for this instance
3639
id *IdentityIdentifier
@@ -46,7 +49,7 @@ type identity struct {
4649
}
4750

4851
func newIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) {
49-
mspLogger.Debugf("Creating identity instance for ID %s", id)
52+
mspIdentityLogger.Debugf("Creating identity instance for ID %s", id)
5053

5154
cert, err := msp.sanitizeCert(cert)
5255
if err != nil {
@@ -83,7 +86,7 @@ func (id *identity) GetOrganizationalUnits() []*OUIdentifier {
8386

8487
cid, err := id.msp.getCertificationChainIdentifier(id)
8588
if err != nil {
86-
mspLogger.Errorf("Failed getting certification chain identifier for [%v]: [%s]", id, err)
89+
mspIdentityLogger.Errorf("Failed getting certification chain identifier for [%v]: [%s]", id, err)
8790

8891
return nil
8992
}
@@ -118,7 +121,7 @@ func NewSerializedIdentity(mspID string, certPEM []byte) ([]byte, error) {
118121
// to determine whether this identity produced the
119122
// signature; it returns nil if so or an error otherwise
120123
func (id *identity) Verify(msg []byte, sig []byte) error {
121-
// mspLogger.Infof("Verifying signature")
124+
// mspIdentityLogger.Infof("Verifying signature")
122125

123126
// Compute Hash
124127
hashOpt, err := id.getHashOpt(id.msp.cryptoConfig.SignatureHashFamily)
@@ -131,10 +134,9 @@ func (id *identity) Verify(msg []byte, sig []byte) error {
131134
return fmt.Errorf("Failed computing digest [%s]", err)
132135
}
133136

134-
// TODO: Are these ok to log ?
135-
if mspLogger.IsEnabledFor(logging.DEBUG) {
136-
mspLogger.Debugf("Verify: digest = %s", hex.Dump(digest))
137-
mspLogger.Debugf("Verify: sig = %s", hex.Dump(sig))
137+
if mspIdentityLogger.IsEnabledFor(logging.DEBUG) {
138+
mspIdentityLogger.Debugf("Verify: digest = %s", hex.Dump(digest))
139+
mspIdentityLogger.Debugf("Verify: sig = %s", hex.Dump(sig))
138140
}
139141

140142
valid, err := id.msp.bccsp.Verify(id.pk, sig, digest, nil)
@@ -159,7 +161,7 @@ func (id *identity) VerifyAttributes(proof []byte, spec *AttributeProofSpec) err
159161

160162
// Serialize returns a byte array representation of this identity
161163
func (id *identity) Serialize() ([]byte, error) {
162-
// mspLogger.Infof("Serializing identity %s", id.id)
164+
// mspIdentityLogger.Infof("Serializing identity %s", id.id)
163165

164166
pb := &pem.Block{Bytes: id.cert.Raw}
165167
pemBytes := pem.EncodeToMemory(pb)
@@ -196,7 +198,7 @@ type signingidentity struct {
196198
}
197199

198200
func newSigningIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp.Key, signer crypto.Signer, msp *bccspmsp) (SigningIdentity, error) {
199-
//mspLogger.Infof("Creating signing identity instance for ID %s", id)
201+
//mspIdentityLogger.Infof("Creating signing identity instance for ID %s", id)
200202
mspId, err := newIdentity(id, cert, pk, msp)
201203
if err != nil {
202204
return nil, err
@@ -206,7 +208,7 @@ func newSigningIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp
206208

207209
// Sign produces a signature over msg, signed by this instance
208210
func (id *signingidentity) Sign(msg []byte) ([]byte, error) {
209-
//mspLogger.Infof("Signing message")
211+
//mspIdentityLogger.Infof("Signing message")
210212

211213
// Compute Hash
212214
hashOpt, err := id.getHashOpt(id.msp.cryptoConfig.SignatureHashFamily)
@@ -219,14 +221,12 @@ func (id *signingidentity) Sign(msg []byte) ([]byte, error) {
219221
return nil, fmt.Errorf("Failed computing digest [%s]", err)
220222
}
221223

222-
// TODO - consider removing these debug statements in the future as they may
223-
// contain confidential information
224224
if len(msg) < 32 {
225-
mspLogger.Debugf("Sign: plaintext: %X \n", msg)
225+
mspIdentityLogger.Debugf("Sign: plaintext: %X \n", msg)
226226
} else {
227-
mspLogger.Debugf("Sign: plaintext: %X...%X \n", msg[0:16], msg[len(msg)-16:])
227+
mspIdentityLogger.Debugf("Sign: plaintext: %X...%X \n", msg[0:16], msg[len(msg)-16:])
228228
}
229-
mspLogger.Debugf("Sign: digest: %X \n", digest)
229+
mspIdentityLogger.Debugf("Sign: digest: %X \n", digest)
230230

231231
// Sign
232232
return id.signer.Sign(rand.Reader, digest, nil)

0 commit comments

Comments
 (0)