From 82f0bd94c9ef489ade6075d3e322a7cbac4bbb0d Mon Sep 17 00:00:00 2001 From: yacovm Date: Thu, 10 Aug 2017 18:22:10 +0300 Subject: [PATCH] [FAB-5713] properly log x509 certs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Whenever new identity instances are created while the msp log module is configured with DEBUG level - the peer outputs gibberish such as: California1^V0^T^F^CU^D^G^S^MSan Francisco1^_0^]^F^CU^D^C^S^Vpe ^]^O^A^A�^D^D^C^B^G�0^L^F^CU^]^S^A^A�^D^B0^@0+^F^CU^]#^D$0"� m5��� ^�4^Pn$^U)c�z^L^M0 This not only makes it useless, but also might make text parsing utilities not work properly when parsing log files. With this, it logs: 2017-08-10 15:32:52.262 UTC [msp/identity] newIdentity -> DEBU 034 Creating identity instance for cert -----BEGIN CERTIFICATE----- MIICGTCCAb+gAwIBAgIQf9Nof+8cN6zuUYM/pHibLjAKBggqhkjOPQQDAjBzMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy YW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu b3JnMS5leGFtcGxlLmNvbTAeFw0xNzA4MTAxNTMyNDlaFw0yNzA4MDgxNTMyNDla MFsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T YW4gRnJhbmNpc2NvMR8wHQYDVQQDExZwZWVyMC5vcmcxLmV4YW1wbGUuY29tMFkw EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrov/lsUPTequQmGlpXEWaGns9q+LVtI 4igu+6DZxE1OYPfT9SoOvNyEYl4kj2xTjwuFaONH8K01moeeCsuQwaNNMEswDgYD VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgaJ7EjSXkGtFT IO81qYkZh2hj0w7MkHTty+UU4KMiUQUwCgYIKoZIzj0EAwIDSAAwRQIhAMoz2r0Y l9kdpALKAOOAgkuUf7h8OPmNERvachWqAR52AiA/NbGl5yeAsQYukxaOHUPz3/xr EZpIfwconq/5ASnnNA== -----END CERTIFICATE----- Change-Id: I3e1e5d2ddfc13ec3d83bf2cfa675071159f65eeb Signed-off-by: yacovm --- msp/cert.go | 41 ++++++++++++++++++++++++++++++++++++++--- msp/identities.go | 4 +++- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/msp/cert.go b/msp/cert.go index d7bfc7d183b..8d50b7c0204 100644 --- a/msp/cert.go +++ b/msp/cert.go @@ -22,11 +22,12 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/asn1" + "encoding/pem" + "errors" + "fmt" "math/big" "time" - "errors" - "github.com/hyperledger/fabric/bccsp/sw" ) @@ -101,7 +102,7 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat // the lower level interface that represent an x509 certificate // encoding var newCert certificate - _, err = asn1.Unmarshal(cert.Raw, &newCert) + newCert, err = certFromX509Cert(cert) if err != nil { return nil, err } @@ -119,3 +120,37 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat // 4. parse newRaw to get an x509 certificate return x509.ParseCertificate(newRaw) } + +func certFromX509Cert(cert *x509.Certificate) (certificate, error) { + var newCert certificate + _, err := asn1.Unmarshal(cert.Raw, &newCert) + if err != nil { + return certificate{}, err + } + return newCert, nil +} + +// String returns a PEM representation of a certificate +func (c certificate) String() string { + b, err := asn1.Marshal(c) + if err != nil { + return fmt.Sprintf("Failed marshaling cert: %v", err) + } + block := &pem.Block{ + Bytes: b, + Type: "CERTIFICATE", + } + b = pem.EncodeToMemory(block) + return string(b) +} + +// certToPEM converts the given x509.Certificate to a PEM +// encoded string +func certToPEM(certificate *x509.Certificate) string { + cert, err := certFromX509Cert(certificate) + if err != nil { + mspIdentityLogger.Warning("Failed converting certificate to asn1", err) + return "" + } + return cert.String() +} diff --git a/msp/identities.go b/msp/identities.go index 6033a445a54..0d2704aa10d 100644 --- a/msp/identities.go +++ b/msp/identities.go @@ -49,7 +49,9 @@ type identity struct { } func newIdentity(cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) { - mspIdentityLogger.Debugf("Creating identity instance for cert %s", cert) + if mspIdentityLogger.IsEnabledFor(logging.DEBUG) { + mspIdentityLogger.Debugf("Creating identity instance for cert %s", certToPEM(cert)) + } // Sanitize first the certificate cert, err := msp.sanitizeCert(cert)