[FAB-10422] Hide print of private keys

	+ some use log functions without variadic args
	when not passing other arguments then 1 string

Change-Id: Iedcec3d90a281551c0e82fc1383dfa8ee3521f6b
Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>

Author: Baha Shaaban

internal/github.com/hyperledger/fabric-ca/lib/client/credential/x509/credential.go

@@ -12,16 +12,14 @@ package x509
 
 import (
 	"encoding/hex"
-
-	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
-
 	"net/http"
 
-	factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge"
-	log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/logbridge"
+	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
 
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/client/credential"
+	factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge"
+	log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/logbridge"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/util"
 	"github.com/pkg/errors"
 )

internal/github.com/hyperledger/fabric-ca/util/csp.go

@@ -160,7 +160,6 @@ func ImportBCCSPKeyFromPEM(keyFile string, myCSP core.CryptoSuite, temporary boo
 // ImportBCCSPKeyFromPEMBytes attempts to create a private BCCSP key from a pem byte slice
 func ImportBCCSPKeyFromPEMBytes(keyBuff []byte, myCSP core.CryptoSuite, temporary bool) (core.Key, error) {
 	keyFile := "pem bytes"
-
 	key, err := factory.PEMtoPrivateKey(keyBuff, nil)
 	if err != nil {
 		return nil, errors.WithMessage(err, fmt.Sprintf("Failed parsing private key from %s", keyFile))
@@ -229,10 +228,10 @@ func LoadX509KeyPair(certFile, keyFile []byte, csp core.CryptoSuite) (*tls.Certi
 	if err != nil {
 		if keyFile != nil {
 			log.Debugf("Could not load TLS certificate with BCCSP: %s", err)
-			log.Debugf("Attempting fallback with certfile %s and keyfile %s", certFile, keyFile)
+			log.Debug("Attempting fallback with provided certfile and keyfile")
 			fallbackCerts, err := tls.X509KeyPair(certFile, keyFile)
 			if err != nil {
-				return nil, errors.Wrapf(err, "Could not get the private key %s that matches %s", keyFile, certFile)
+				return nil, errors.Wrap(err, "Could not get the private key that matches the provided cert")
 			}
 			cert = &fallbackCerts
 		} else {

internal/github.com/hyperledger/fabric-ca/util/util.go

@@ -31,10 +31,6 @@ import (
 	"io/ioutil"
 	"math/big"
 	mrand "math/rand"
-
-	factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge"
-	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
-
 	"net/http"
 	"os"
 	"path/filepath"
@@ -43,6 +39,9 @@ import (
 	"strings"
 	"time"
 
+	factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge"
+	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
+
 	"github.com/pkg/errors"
 
 	"golang.org/x/crypto/ocsp"

internal/github.com/hyperledger/fabric/bccsp/signer/signer.go

@@ -21,11 +21,10 @@ package signer
 
 import (
 	"crypto"
+	"io"
 
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
 
-	"io"
-
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils"
 	"github.com/pkg/errors"
 )

internal/github.com/hyperledger/fabric/msp/identities.go

@@ -25,12 +25,11 @@ import (
 	"crypto/rand"
 	"crypto/x509"
 	"encoding/hex"
-
-	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
-
 	"encoding/pem"
 	"time"
 
+	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
+
 	"github.com/golang/protobuf/proto"
 	bccsp "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge"
 	flogging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge"

pkg/msp/getsigid.go

@@ -179,7 +179,7 @@ func (mgr *IdentityManager) getEmbeddedPrivateKey(username string) (core.Key, er
 			// Try as a pem
 			privateKey, err = fabricCaUtil.ImportBCCSPKeyFromPEMBytes(pemBytes, mgr.cryptoSuite, true)
 			if err != nil {
-				return nil, errors.Wrapf(err, "import private key failed %v", keyPem)
+				return nil, errors.Wrap(err, "import private key failed")
 			}
 		}
 	}

pkg/msp/identitymgr.go

@@ -58,11 +58,11 @@ func NewIdentityManager(orgName string, userStore msp.UserStore, cryptoSuite cor
 		}
 		mspPrivKeyStore, err = NewFileKeyStore(orgCryptoPathTemplate)
 		if err != nil {
-			return nil, errors.Wrapf(err, "creating a private key store failed")
+			return nil, errors.Wrap(err, "creating a private key store failed")
 		}
 		mspCertStore, err = NewFileCertStore(orgCryptoPathTemplate)
 		if err != nil {
-			return nil, errors.Wrapf(err, "creating a cert store failed")
+			return nil, errors.Wrap(err, "creating a cert store failed")
 		}
 	} else {
 		logger.Warnf("Cryptopath not provided for organization [%s], MSP stores not created", orgName)

pkg/msp/user_test.go

@@ -54,14 +54,14 @@ func TestUserMethods(t *testing.T) {
 	}
 	_, err = newUser(userData, cryptoSuite)
 	if err == nil {
-		t.Fatalf("Expected newUser to fail when missing enrollment cert")
+		t.Fatal("Expected newUser to fail when missing enrollment cert")
 	}
 
 	// User not enrolled (have cert, but private key is not in crypto store)
 	userData.EnrollmentCertificate = generatedCertBytes
 	_, err = newUser(userData, cryptoSuite)
 	if err == nil {
-		t.Fatalf("Expected newUser to fail when user is not enrolled")
+		t.Fatal("Expected newUser to fail when user is not enrolled")
 	}
 
 	// Import the key into the crypto suite's private key storage.
@@ -85,7 +85,7 @@ func verifyUserIdentity(cryptoSuite core.CryptoSuite, t *testing.T, userData *ms
 	}
 	// Check Name
 	if user.Identifier().ID != testUsername {
-		t.Fatalf("NewUser create wrong user")
+		t.Fatal("NewUser create wrong user")
 	}
 	// Check EnrolmentCert
 	verifyBytes(t, user.EnrollmentCertificate(), generatedCertBytes)
@@ -101,11 +101,11 @@ func verifyBytes(t *testing.T, v interface{}, expected []byte) error {
 	} else {
 		vbytes, ok = v.([]byte)
 		if !ok {
-			t.Fatalf("value is not []byte")
+			t.Fatal("value is not []byte")
 		}
 	}
 	if !bytes.Equal(vbytes, expected) {
-		t.Fatalf("value from store comparison failed")
+		t.Fatal("value from store comparison failed")
 	}
 	return nil
 }

scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh

@@ -273,8 +273,8 @@ sed -i'' -e 's/errors.Errorf("Failed to find certificate PEM data in file %s, bu
 sed -i'' -e 's/errors.Errorf("Failed to find \"CERTIFICATE\" PEM block in file %s after skipping PEM blocks of the following types: %v", certFile, skippedBlockTypes)/errors.Errorf("Failed to find \"CERTIFICATE\" PEM block in bytes after skipping PEM blocks of the following types: %v", skippedBlockTypes)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}"
 sed -i'' -e 's/keyFile != ""/keyFile != nil/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}"
 sed -i'' -e 's/tls.LoadX509KeyPair(certFile, keyFile)/tls.X509KeyPair(certFile, keyFile)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}"
-
-
+sed -i'' -e 's/log.Debugf("Attempting fallback with certfile %s and keyfile %s", certFile, keyFile)/log.Debug("Attempting fallback with provided certfile and keyfile")/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}"
+sed -i'' -e 's/return nil, errors.Wrapf(err, "Could not get the private key %s that matches %s", keyFile, certFile)/return nil, errors.Wrap(err, "Could not get the private key that matches the provided cert")/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}"
 
 FILTER_FILENAME="util/util.go"
 FILTER_FN="ReadFile,HTTPRequestToString,HTTPResponseToString"