agent/consul: encode issued cert serial number as hex encoded

pull/4275/head
Mitchell Hashimoto 2018-03-21 12:54:51 -10:00
parent 4210003c86
commit a54d1af421
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
3 changed files with 10 additions and 3 deletions

View File

@ -7,6 +7,7 @@ import (
"crypto/x509"
"encoding/pem"
"fmt"
"strings"
)
// ParseCert parses the x509 certificate from a PEM-encoded value.
@ -72,3 +73,9 @@ func KeyId(raw interface{}) ([]byte, error) {
h.Write(pub.Y.Bytes())
return h.Sum([]byte{}), nil
}
// HexString returns a standard colon-separated hex value for the input
// byte slice. This should be used with cert serial numbers and so on.
func HexString(input []byte) string {
return strings.Replace(fmt.Sprintf("% x", input), " ", ":", -1)
}

View File

@ -257,7 +257,7 @@ func (s *ConnectCA) Sign(
// Set the response
*reply = structs.IssuedCert{
SerialNumber: template.SerialNumber,
SerialNumber: connect.HexString(template.SerialNumber.Bytes()),
CertPEM: buf.String(),
Service: serviceId.Service,
ServiceURI: template.URIs[0].String(),

View File

@ -1,7 +1,6 @@
package structs
import (
"math/big"
"time"
)
@ -71,7 +70,8 @@ func (q *CASignRequest) RequestDatacenter() string {
// IssuedCert is a certificate that has been issued by a Connect CA.
type IssuedCert struct {
// SerialNumber is the unique serial number for this certificate.
SerialNumber *big.Int
// This is encoded in standard hex separated by :.
SerialNumber string
// CertPEM and PrivateKeyPEM are the PEM-encoded certificate and private
// key for that cert, respectively. This should not be stored in the