diff --git a/msp/cert.go b/msp/cert.go index d7bfc7d183b..8d50b7c0204 100644 --- a/msp/cert.go +++ b/msp/cert.go @@ -22,11 +22,12 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/asn1" + "encoding/pem" + "errors" + "fmt" "math/big" "time" - "errors" - "github.com/hyperledger/fabric/bccsp/sw" ) @@ -101,7 +102,7 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat // the lower level interface that represent an x509 certificate // encoding var newCert certificate - _, err = asn1.Unmarshal(cert.Raw, &newCert) + newCert, err = certFromX509Cert(cert) if err != nil { return nil, err } @@ -119,3 +120,37 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat // 4. parse newRaw to get an x509 certificate return x509.ParseCertificate(newRaw) } + +func certFromX509Cert(cert *x509.Certificate) (certificate, error) { + var newCert certificate + _, err := asn1.Unmarshal(cert.Raw, &newCert) + if err != nil { + return certificate{}, err + } + return newCert, nil +} + +// String returns a PEM representation of a certificate +func (c certificate) String() string { + b, err := asn1.Marshal(c) + if err != nil { + return fmt.Sprintf("Failed marshaling cert: %v", err) + } + block := &pem.Block{ + Bytes: b, + Type: "CERTIFICATE", + } + b = pem.EncodeToMemory(block) + return string(b) +} + +// certToPEM converts the given x509.Certificate to a PEM +// encoded string +func certToPEM(certificate *x509.Certificate) string { + cert, err := certFromX509Cert(certificate) + if err != nil { + mspIdentityLogger.Warning("Failed converting certificate to asn1", err) + return "" + } + return cert.String() +} diff --git a/msp/identities.go b/msp/identities.go index 6033a445a54..0d2704aa10d 100644 --- a/msp/identities.go +++ b/msp/identities.go @@ -49,7 +49,9 @@ type identity struct { } func newIdentity(cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) { - mspIdentityLogger.Debugf("Creating identity instance for cert %s", cert) + if mspIdentityLogger.IsEnabledFor(logging.DEBUG) { + mspIdentityLogger.Debugf("Creating identity instance for cert %s", certToPEM(cert)) + } // Sanitize first the certificate cert, err := msp.sanitizeCert(cert)