Change serial number from bytes to string (#944)

oliveromahony · web-flow · commit 6a82a2ea5c21 · 2024-12-17T13:37:39.000Z
* change serial from bytes to string and removed max length validation from the serial number fields
diff --git a/api/grpc/mpi/v1/files.pb.go b/api/grpc/mpi/v1/files.pb.go
diff --git a/api/grpc/mpi/v1/files.proto b/api/grpc/mpi/v1/files.proto
@@ -151,8 +151,8 @@ message UpdateFileResponse {
 // Define the certificate message based on https://pkg.go.dev/crypto/x509#Certificate 
 // and https://github.com/googleapis/googleapis/blob/005df4681b89bd204a90b76168a6dc9d9e7bf4fe/google/cloud/iot/v1/resources.proto#L341
 message CertificateMeta {
-    // Serial number of the certificate, usually a unique identifier, RFC5280 states the upper limit for serial number is 20 octets
-    bytes serial_number = 1 [(buf.validate.field).bytes.min_len = 0, (buf.validate.field).bytes.max_len = 21];
+    // Serial number of the certificate, usually a unique identifier, the max length is the length of an interger
+    string serial_number = 1 [(buf.validate.field).string.min_len = 0];
     
     // Issuer details (who issued the certificate)
     X509Name issuer = 2;
@@ -270,7 +270,7 @@ message X509Name {
     repeated string postal_code = 7 [(buf.validate.field).repeated.items.string.min_len = 1];
     
     // Serial Number (SN): Unique identifier or serial number.
-    string serial_number = 8 [(buf.validate.field).string.min_len = 0, (buf.validate.field).string.max_len = 21];
+    string serial_number = 8 [(buf.validate.field).string.min_len = 0];
     
     // Common Name (CN): Typically the person’s or entity's full name.
     string common_name = 9 [(buf.validate.field).string.min_len = 1];
diff --git a/docs/proto/protos.md b/docs/proto/protos.md
@@ -256,7 +256,7 @@ and https://github.com/googleapis/googleapis/blob/005df4681b89bd204a90b76168a6dc
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| serial_number | [bytes](#bytes) |  | Serial number of the certificate, usually a unique identifier, RFC5280 states the upper limit for serial number is 20 octets |
+| serial_number | [string](#string) |  | Serial number of the certificate, usually a unique identifier, the max length is the length of an interger |
 | issuer | [X509Name](#mpi-v1-X509Name) |  | Issuer details (who issued the certificate) |
 | subject | [X509Name](#mpi-v1-X509Name) |  | Subject details (to whom the certificate is issued) |
 | sans | [SubjectAlternativeNames](#mpi-v1-SubjectAlternativeNames) |  | Subject Alternative Names (SAN) including DNS names and IP addresses |
diff --git a/internal/file/file_manager_service_test.go b/internal/file/file_manager_service_test.go
@@ -648,13 +648,13 @@ func TestParseX509Certificates(t *testing.T) {
 		certName       string
 		certContent    string
 		name           string
-		expectedSerial []byte
+		expectedSerial string
 	}{
 		{
 			name:           "Test 1: generated cert",
 			certName:       "public_cert",
 			certContent:    "",
-			expectedSerial: []byte{0x1, 0xe0, 0xf3},
+			expectedSerial: "123123",
 		},
 		{
 			name:     "Test 2: open ssl cert",
@@ -680,15 +680,7 @@ X/vYrzgKRoKSUWUt1ejKTntrVuaJK4NMxANOTTjIXgxyoV3YcgEmL9KzribCqILi
 p79Nno9d+kovtX5VKsJ5FCcPw9mEATgZDOQ4nLTk/HHG6bwtpubp6Zb7H1AjzBkz
 rQHX6DP4w6IwZY8JB8LS
 -----END CERTIFICATE-----`,
-			expectedSerial: []byte{
-				0x47, 0xe6, 0x6,
-				0x81, 0x11, 0xe1,
-				0x63, 0xa, 0x2d,
-				0x17, 0x20, 0x4e,
-				0xbd, 0x27, 0x35,
-				0x28, 0x3f, 0x5d,
-				0xe3, 0x99,
-			},
+			expectedSerial: "410468082718062724391949173062901619571168240537",
 		},
 	}
 
diff --git a/pkg/files/file_helpers.go b/pkg/files/file_helpers.go
@@ -64,7 +64,7 @@ func FileMetaWithCertificate(filePath string) (*mpi.FileMeta, error) {
 	// Populate certificate-specific metadata
 	fileMeta.FileType = &mpi.FileMeta_CertificateMeta{
 		CertificateMeta: &mpi.CertificateMeta{
-			SerialNumber: loadedCert.SerialNumber.Bytes(),
+			SerialNumber: loadedCert.SerialNumber.String(),
 			Issuer: &mpi.X509Name{
 				Country:            loadedCert.Issuer.Country,
 				Organization:       loadedCert.Issuer.Organization,
diff --git a/test/protos/files.go b/test/protos/files.go
@@ -31,7 +31,7 @@ func CertMeta(fileName, fileHash string) *mpi.FileMeta {
 		Permissions:  "0600",
 		FileType: &mpi.FileMeta_CertificateMeta{
 			CertificateMeta: &mpi.CertificateMeta{
-				SerialNumber: []byte("12345-67890"),
+				SerialNumber: "12345-67890",
 				Issuer: &mpi.X509Name{
 					Country:            []string{"IE"},
 					Organization:       []string{"F5"},
