[FAB-5713] properly log x509 certs

yacovm · mastersingh24 · commit f2d52f5c1106 · 2017-08-28T15:52:19.000Z
Whenever new identity instances are created while the msp log module is configured with DEBUG level - the peer outputs gibberish such as: California1^V0^T^F^CU^D^G^S^MSan Francisco1^_0^]^F^CU^D^C^S^Vpe ^]^O^A^A�^D^D^C^B^G�0^L^F^CU^]^S^A^A�^D^B0^@0+^F^CU^]#^D$0"� m5��� ^�4^Pn$^U)c�z^L^M0 This not only makes it useless, but also might make text parsing utilities not work properly when parsing log files. With this, it logs: 2017-08-10 15:32:52.262 UTC [msp/identity] newIdentity -> DEBU 034 Creating identity instance for cert -----BEGIN CERTIFICATE----- MIICGTCCAb+gAwIBAgIQf9Nof+8cN6zuUYM/pHibLjAKBggqhkjOPQQDAjBzMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy YW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu b3JnMS5leGFtcGxlLmNvbTAeFw0xNzA4MTAxNTMyNDlaFw0yNzA4MDgxNTMyNDla MFsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T YW4gRnJhbmNpc2NvMR8wHQYDVQQDExZwZWVyMC5vcmcxLmV4YW1wbGUuY29tMFkw EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrov/lsUPTequQmGlpXEWaGns9q+LVtI 4igu+6DZxE1OYPfT9SoOvNyEYl4kj2xTjwuFaONH8K01moeeCsuQwaNNMEswDgYD VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgaJ7EjSXkGtFT IO81qYkZh2hj0w7MkHTty+UU4KMiUQUwCgYIKoZIzj0EAwIDSAAwRQIhAMoz2r0Y l9kdpALKAOOAgkuUf7h8OPmNERvachWqAR52AiA/NbGl5yeAsQYukxaOHUPz3/xr EZpIfwconq/5ASnnNA== -----END CERTIFICATE----- Change-Id: I3e1e5d2ddfc13ec3d83bf2cfa675071159f65eeb Signed-off-by: yacovm <yacovm@il.ibm.com> (cherry picked from commit 82f0bd9) Signed-off-by: Gari Singh <gari.r.singh@gmail.com>
diff --git a/msp/cert.go b/msp/cert.go
@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2017 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-		 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 
 package msp
@@ -22,11 +12,12 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
+	"encoding/pem"
+	"errors"
+	"fmt"
 	"math/big"
 	"time"
 
-	"errors"
-
 	"github.com/hyperledger/fabric/bccsp/sw"
 )
 
@@ -101,7 +92,7 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat
 	//    the lower level interface that represent an x509 certificate
 	//    encoding
 	var newCert certificate
-	_, err = asn1.Unmarshal(cert.Raw, &newCert)
+	newCert, err = certFromX509Cert(cert)
 	if err != nil {
 		return nil, err
 	}
@@ -119,3 +110,37 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat
 	// 4. parse newRaw to get an x509 certificate
 	return x509.ParseCertificate(newRaw)
 }
+
+func certFromX509Cert(cert *x509.Certificate) (certificate, error) {
+	var newCert certificate
+	_, err := asn1.Unmarshal(cert.Raw, &newCert)
+	if err != nil {
+		return certificate{}, err
+	}
+	return newCert, nil
+}
+
+// String returns a PEM representation of a certificate
+func (c certificate) String() string {
+	b, err := asn1.Marshal(c)
+	if err != nil {
+		return fmt.Sprintf("Failed marshaling cert: %v", err)
+	}
+	block := &pem.Block{
+		Bytes: b,
+		Type:  "CERTIFICATE",
+	}
+	b = pem.EncodeToMemory(block)
+	return string(b)
+}
+
+// certToPEM converts the given x509.Certificate to a PEM
+// encoded string
+func certToPEM(certificate *x509.Certificate) string {
+	cert, err := certFromX509Cert(certificate)
+	if err != nil {
+		mspIdentityLogger.Warning("Failed converting certificate to asn1", err)
+		return ""
+	}
+	return cert.String()
+}
diff --git a/msp/identities.go b/msp/identities.go
@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2016 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-		 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 
 package msp
@@ -49,7 +39,7 @@ type identity struct {
 }
 
 func newIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) {
-	mspIdentityLogger.Debugf("Creating identity instance for ID %s", id)
+	mspIdentityLogger.Debugf("Creating identity instance for ID %s", certToPEM(cert))
 
 	// Sanitize first the certificate
 	cert, err := msp.sanitizeCert(cert)
