Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.

builtin/logical/pki/backend_test.go

@@ -986,7 +986,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 				if len(revokedList) != 1 {
 					t.Fatalf("length of revoked list not 1; %d", len(revokedList))
 				}
-				revokedString := certutil.GetOctalFormatted(revokedList[0].SerialNumber.Bytes(), ":")
+				revokedString := certutil.GetHexFormatted(revokedList[0].SerialNumber.Bytes(), ":")
 				if revokedString != reqdata["serial_number"].(string) {
 					t.Fatalf("got serial %s, expecting %s", revokedString, reqdata["serial_number"].(string))
 				}
@@ -1144,7 +1144,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 				}
 				found := false
 				for _, revEntry := range revokedList {
-					revokedString := certutil.GetOctalFormatted(revEntry.SerialNumber.Bytes(), ":")
+					revokedString := certutil.GetHexFormatted(revEntry.SerialNumber.Bytes(), ":")
 					if revokedString == reqdata["serial_number"].(string) {
 						found = true
 					}
@@ -1259,7 +1259,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 				foundRsa := false
 				foundEc := false
 				for _, revEntry := range revokedList {
-					revokedString := certutil.GetOctalFormatted(revEntry.SerialNumber.Bytes(), ":")
+					revokedString := certutil.GetHexFormatted(revEntry.SerialNumber.Bytes(), ":")
 					if revokedString == reqdata["rsa_int_serial_number"].(string) {
 						foundRsa = true
 					}

helper/certutil/certutil_test.go

@@ -13,7 +13,7 @@ import (
 
 // Tests converting back and forth between a CertBundle and a ParsedCertBundle.
 //
-// Also tests the GetSubjKeyID, GetOctalFormatted, and
+// Also tests the GetSubjKeyID, GetHexFormatted, and
 // ParsedCertBundle.getSigner functions.
 func TestCertBundleConversion(t *testing.T) {
 	cbuts := []*CertBundle{
@@ -189,7 +189,7 @@ func compareCertBundleToParsedCertBundle(cbut *CertBundle, pcbut *ParsedCertBund
 		return fmt.Errorf("CertBundle has unknown private key type")
 	}
 
-	if cb.SerialNumber != GetOctalFormatted(pcbut.Certificate.SerialNumber.Bytes(), ":") {
+	if cb.SerialNumber != GetHexFormatted(pcbut.Certificate.SerialNumber.Bytes(), ":") {
 		return fmt.Errorf("Bundle serial number does not match")
 	}
 

helper/certutil/helpers.go

@@ -20,10 +20,9 @@ import (
 	"github.com/mitchellh/mapstructure"
 )
 
-// GetOctalFormatted returns the byte buffer formatted in octal with
+// GetHexFormatted returns the byte buffer formatted in hex with
 // the specified separator between bytes.
-// FIXME: where did I originally copy this code from? This ain't octal, it's hex.
-func GetOctalFormatted(buf []byte, sep string) string {
+func GetHexFormatted(buf []byte, sep string) string {
 	var ret bytes.Buffer
 	for _, cur := range buf {
 		if ret.Len() > 0 {

helper/certutil/types.go

@@ -14,6 +14,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"math/big"
 	"strings"
 
 	"github.com/hashicorp/vault/helper/errutil"
@@ -86,6 +87,7 @@ type ParsedCertBundle struct {
 	IssuingCA        *x509.Certificate
 	CertificateBytes []byte
 	Certificate      *x509.Certificate
+	SerialNumber     *big.Int
 }
 
 // CSRBundle contains a key type, a PEM-encoded private key,
@@ -173,8 +175,11 @@ func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error) {
 		}
 	}
 
+	result.SerialNumber = result.Certificate.SerialNumber
+
+	// Populate if it isn't there already
 	if len(c.SerialNumber) == 0 && len(c.Certificate) > 0 {
-		c.SerialNumber = GetOctalFormatted(result.Certificate.SerialNumber.Bytes(), ":")
+		c.SerialNumber = GetHexFormatted(result.Certificate.SerialNumber.Bytes(), ":")
 	}
 
 	return result, nil
@@ -189,7 +194,7 @@ func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error) {
 	}
 
 	if p.Certificate != nil {
-		result.SerialNumber = strings.TrimSpace(GetOctalFormatted(p.Certificate.SerialNumber.Bytes(), ":"))
+		result.SerialNumber = strings.TrimSpace(GetHexFormatted(p.Certificate.SerialNumber.Bytes(), ":"))
 	}
 
 	if p.CertificateBytes != nil && len(p.CertificateBytes) > 0 {