Skip to content

Commit

Permalink
da_revocation: fix serial number formatting in revocation set generat… (
Browse files Browse the repository at this point in the history 
#37104)

* da_revocation: fix serial number formatting in revocation set generation script

Also update test data to ensure 2-byte alignment

* add comment explaining the change

* update comment
  • Loading branch information
@shubhamdp
shubhamdp authored Jan 23, 2025
1 parent 57ff3e6 commit c29c15c
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
8 changes: 7 additions & 1 deletion credentials/generate_revocation_set.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,13 @@ def generate_revocation_set_from_crl(crl_file: x509.CertificateRevocationList,
except Exception:
pass

serialnumber_list.append(bytes(str('{:02X}'.format(revoked_cert.serial_number)), 'utf-8').decode('utf-8'))
# Ensure the serial number is always a 2-byte aligned hex string.
# TestDACRevocationDelegateImpl encodes the serial number as an even-length hex string
# using BytesToHex in src/lib/support/BytesToHex.cpp.
# As the primary consumer of this data, we should use the same here.
serialnumber = '{:02X}'.format(revoked_cert.serial_number)
serialnumber = serialnumber if len(serialnumber) % 2 == 0 else '0' + serialnumber
serialnumber_list.append(serialnumber)

entry = {
"type": "revocation_set",
Expand Down
2 changes: 1 addition & 1 deletion ...entials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"issuer_subject_key_id": "63540E47F64B1C38D13884A462D16C195D8FFB3C",
"issuer_name": "MD0xJTAjBgNVBAMMHE1hdHRlciBEZXYgUEFJIDB4RkZGMSBubyBQSUQxFDASBgorBgEEAYKifAIBDARGRkYx",
"revoked_serial_numbers": [
"AB042494323FE54",
"0AB042494323FE54",
"19367D978EAC533A",
"2569383D24BB36EA"
],
Expand Down

0 comments on commit c29c15c

Please sign in to comment.