Include and use normalizeSerial func

builtin/logical/pki/cert_util.go

@@ -188,7 +188,7 @@ func fetchCertBySerial(req *logical.Request, prefix, serial string) (*logical.St
 	var err error
 	var certEntry *logical.StorageEntry
 
-	hyphenSerial := strings.Replace(strings.ToLower(serial), ":", "-", -1)
+	hyphenSerial := normalizeSerial(serial)
 	colonSerial := strings.Replace(strings.ToLower(serial), "-", ":", -1)
 
 	switch {

builtin/logical/pki/cert_util_test.go

@@ -55,7 +55,7 @@ func TestPki_FetchCertBySerial(t *testing.T) {
 		}
 
 		// Ensure that cert serials are converted/updated after fetch
-		expectedKey := fmt.Sprintf("%s%s", tc.Prefix, strings.Replace(strings.ToLower(tc.Serial), ":", "-", -1))
+		expectedKey := tc.Prefix + normalizeSerial(tc.Serial)
 		se, err := storage.Get(expectedKey)
 		if err != nil {
 			t.Fatalf("error on %s for colon-based storage path:%s", name, err)
@@ -70,7 +70,7 @@ func TestPki_FetchCertBySerial(t *testing.T) {
 
 	// Test for hyphen-base paths in storage
 	for name, tc := range cases {
-		storageKey := fmt.Sprintf("%s%s", tc.Prefix, strings.Replace(strings.ToLower(tc.Serial), ":", "-", -1))
+		storageKey := tc.Prefix + normalizeSerial(tc.Serial)
 		err := storage.Put(&logical.StorageEntry{
 			Key:   storageKey,
 			Value: []byte("some data"),

builtin/logical/pki/crl_util.go

@@ -5,7 +5,6 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"fmt"
-	"strings"
 	"time"
 
 	"github.com/hashicorp/vault/helper/errutil"
@@ -87,7 +86,7 @@ func revokeCert(b *backend, req *logical.Request, serial string, fromLease bool)
 		revInfo.RevocationTime = currTime.Unix()
 		revInfo.RevocationTimeUTC = currTime.UTC()
 
-		revEntry, err = logical.StorageEntryJSON("revoked/"+strings.ToLower(strings.Replace(serial, ":", "-", -1)), revInfo)
+		revEntry, err = logical.StorageEntryJSON("revoked/"+normalizeSerial(serial), revInfo)
 		if err != nil {
 			return nil, fmt.Errorf("Error creating revocation entry")
 		}

builtin/logical/pki/path_intermediate.go

@@ -3,7 +3,6 @@ package pki
 import (
 	"encoding/base64"
 	"fmt"
-	"strings"
 
 	"github.com/hashicorp/vault/helper/certutil"
 	"github.com/hashicorp/vault/helper/errutil"
@@ -197,7 +196,7 @@ func (b *backend) pathSetSignedIntermediate(
 		return nil, err
 	}
 
-	entry.Key = "certs/" + strings.ToLower(strings.Replace(cb.SerialNumber, ":", "-", -1))
+	entry.Key = "certs/" + normalizeSerial(cb.SerialNumber)
 	entry.Value = inputBundle.CertificateBytes
 	err = req.Storage.Put(entry)
 	if err != nil {

builtin/logical/pki/path_issue_sign.go

@@ -3,7 +3,6 @@ package pki
 import (
 	"encoding/base64"
 	"fmt"
-	"strings"
 	"time"
 
 	"github.com/hashicorp/vault/helper/certutil"
@@ -243,7 +242,7 @@ func (b *backend) pathIssueSignCert(
 
 	if !role.NoStore {
 		err = req.Storage.Put(&logical.StorageEntry{
-			Key:   "certs/" + strings.ToLower(strings.Replace(cb.SerialNumber, ":", "-", -1)),
+			Key:   "certs/" + normalizeSerial(cb.SerialNumber),
 			Value: parsedBundle.CertificateBytes,
 		})
 		if err != nil {

builtin/logical/pki/path_root.go

@@ -3,7 +3,6 @@ package pki
 import (
 	"encoding/base64"
 	"fmt"
-	"strings"
 
 	"github.com/hashicorp/vault/helper/errutil"
 	"github.com/hashicorp/vault/logical"
@@ -146,7 +145,7 @@ func (b *backend) pathCAGenerateRoot(
 	// Also store it as just the certificate identified by serial number, so it
 	// can be revoked
 	err = req.Storage.Put(&logical.StorageEntry{
-		Key:   "certs/" + strings.ToLower(strings.Replace(cb.SerialNumber, ":", "-", -1)),
+		Key:   "certs/" + normalizeSerial(cb.SerialNumber),
 		Value: parsedBundle.CertificateBytes,
 	})
 	if err != nil {
@@ -278,7 +277,7 @@ func (b *backend) pathCASignIntermediate(
 	}
 
 	err = req.Storage.Put(&logical.StorageEntry{
-		Key:   "certs/" + strings.ToLower(strings.Replace(cb.SerialNumber, ":", "-", -1)),
+		Key:   "certs/" + normalizeSerial(cb.SerialNumber),
 		Value: parsedBundle.CertificateBytes,
 	})
 	if err != nil {

builtin/logical/pki/util.go

@@ -0,0 +1,7 @@
+package pki
+
+import "strings"
+
+func normalizeSerial(serial string) string {
+	return strings.Replace(strings.ToLower(serial), ":", "-", -1)
+}