[FAB-5713] properly log x509 certs

Whenever new identity instances are created while the msp log module
is configured with DEBUG level - the peer outputs gibberish such as:

California1^V0^T^F^CU^D^G^S^MSan Francisco1^_0^]^F^CU^D^C^S^Vpe
^]^O^A^A�^D^D^C^B^G�0^L^F^CU^]^S^A^A�^D^B0^@0+^F^CU^]#^D$0"� m5���
^�4^Pn$^U)c�z^L^M0

This not only makes it useless, but also might make text parsing
utilities not work properly when parsing log files.

With this, it logs:
2017-08-10 15:32:52.262 UTC [msp/identity] newIdentity -> DEBU 034 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICGTCCAb+gAwIBAgIQf9Nof+8cN6zuUYM/pHibLjAKBggqhkjOPQQDAjBzMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu
b3JnMS5leGFtcGxlLmNvbTAeFw0xNzA4MTAxNTMyNDlaFw0yNzA4MDgxNTMyNDla
MFsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMR8wHQYDVQQDExZwZWVyMC5vcmcxLmV4YW1wbGUuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrov/lsUPTequQmGlpXEWaGns9q+LVtI
4igu+6DZxE1OYPfT9SoOvNyEYl4kj2xTjwuFaONH8K01moeeCsuQwaNNMEswDgYD
VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgaJ7EjSXkGtFT
IO81qYkZh2hj0w7MkHTty+UU4KMiUQUwCgYIKoZIzj0EAwIDSAAwRQIhAMoz2r0Y
l9kdpALKAOOAgkuUf7h8OPmNERvachWqAR52AiA/NbGl5yeAsQYukxaOHUPz3/xr
EZpIfwconq/5ASnnNA==
-----END CERTIFICATE-----

Change-Id: I3e1e5d2ddfc13ec3d83bf2cfa675071159f65eeb
Signed-off-by: yacovm <yacovm@il.ibm.com>

msp/cert.go

@@ -22,11 +22,12 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
+	"encoding/pem"
+	"errors"
+	"fmt"
 	"math/big"
 	"time"
 
-	"errors"
-
 	"github.com/hyperledger/fabric/bccsp/sw"
 )
 
@@ -101,7 +102,7 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat
 	//    the lower level interface that represent an x509 certificate
 	//    encoding
 	var newCert certificate
-	_, err = asn1.Unmarshal(cert.Raw, &newCert)
+	newCert, err = certFromX509Cert(cert)
 	if err != nil {
 		return nil, err
 	}
@@ -119,3 +120,37 @@ func sanitizeECDSASignedCert(cert *x509.Certificate, parentCert *x509.Certificat
 	// 4. parse newRaw to get an x509 certificate
 	return x509.ParseCertificate(newRaw)
 }
+
+func certFromX509Cert(cert *x509.Certificate) (certificate, error) {
+	var newCert certificate
+	_, err := asn1.Unmarshal(cert.Raw, &newCert)
+	if err != nil {
+		return certificate{}, err
+	}
+	return newCert, nil
+}
+
+// String returns a PEM representation of a certificate
+func (c certificate) String() string {
+	b, err := asn1.Marshal(c)
+	if err != nil {
+		return fmt.Sprintf("Failed marshaling cert: %v", err)
+	}
+	block := &pem.Block{
+		Bytes: b,
+		Type:  "CERTIFICATE",
+	}
+	b = pem.EncodeToMemory(block)
+	return string(b)
+}
+
+// certToPEM converts the given x509.Certificate to a PEM
+// encoded string
+func certToPEM(certificate *x509.Certificate) string {
+	cert, err := certFromX509Cert(certificate)
+	if err != nil {
+		mspIdentityLogger.Warning("Failed converting certificate to asn1", err)
+		return ""
+	}
+	return cert.String()
+}

msp/identities.go

@@ -49,7 +49,9 @@ type identity struct {
 }
 
 func newIdentity(cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) {
-	mspIdentityLogger.Debugf("Creating identity instance for cert %s", cert)
+	if mspIdentityLogger.IsEnabledFor(logging.DEBUG) {
+		mspIdentityLogger.Debugf("Creating identity instance for cert %s", certToPEM(cert))
+	}
 
 	// Sanitize first the certificate
 	cert, err := msp.sanitizeCert(cert)