From c488267598ad5833b9faa4cce77adf09b0c65868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emirhan=20Durmu=C5=9F?= Date: Fri, 14 Nov 2025 00:24:31 +0300 Subject: [PATCH] cert serialnumber generation logic fixed & viewer version upgraded --- package-lock.json | 12 ++++++------ package.json | 4 ++-- src/utils/cert.js | 13 +++++++++++-- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1c0c914e..7116378e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,16 +1,16 @@ { "name": "@datasance/iofogcontroller", - "version": "3.5.7", + "version": "3.5.8", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@datasance/iofogcontroller", - "version": "3.5.7", + "version": "3.5.8", "hasInstallScript": true, "license": "EPL-2.0", "dependencies": { - "@datasance/ecn-viewer": "1.2.2", + "@datasance/ecn-viewer": "1.2.3", "@kubernetes/client-node": "^0.22.3", "@msgpack/msgpack": "^3.1.2", "@opentelemetry/api": "^1.9.0", @@ -426,9 +426,9 @@ } }, "node_modules/@datasance/ecn-viewer": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/@datasance/ecn-viewer/-/ecn-viewer-1.2.2.tgz", - "integrity": "sha512-IpDHtj90jg6AvEsZ3oj+y1K3FkJHem7HoIjQE+Tce4LE9Sk/hqgUsI5gW+VgjmWUIyME9W3Nw86S4AYx0uINEw==" + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@datasance/ecn-viewer/-/ecn-viewer-1.2.3.tgz", + "integrity": "sha512-Q2fc4cCpzBrISo97itDuTgZnBfnx5vg+wKBG8IdkvbFIG253u2Su+DKyd6lJpf0kKZK8Ic6vei0XaTDBubNYrw==" }, "node_modules/@eslint-community/eslint-utils": { "version": "4.7.0", diff --git a/package.json b/package.json index 9f981962..50e83052 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@datasance/iofogcontroller", - "version": "3.5.7", + "version": "3.5.8", "description": "ioFog Controller project for Datasance PoT @ datasance.com \\nCopyright (c) 2023 Datasance Teknoloji A.S.", "main": "./src/main.js", "author": "Emirhan Durmus", @@ -55,7 +55,7 @@ "iofog-controller": "src/main.js" }, "dependencies": { - "@datasance/ecn-viewer": "1.2.2", + "@datasance/ecn-viewer": "1.2.3", "@kubernetes/client-node": "^0.22.3", "@msgpack/msgpack": "^3.1.2", "@opentelemetry/api": "^1.9.0", diff --git a/src/utils/cert.js b/src/utils/cert.js index 8865ab47..c2dccf4f 100644 --- a/src/utils/cert.js +++ b/src/utils/cert.js @@ -139,11 +139,20 @@ async function loadCA (name) { /** * Generates a random serial number between 0 and 2^128-1 + * Ensures the serial number is always positive by making sure the first byte < 0x80 * @returns {string} - Serial number as a decimal string */ function generateSerialNumber () { // Create a random 16-byte buffer - const randomBytes = forge.random.getBytesSync(16) + let randomBytes = forge.random.getBytesSync(16) + // Ensure first byte is < 0x80 to prevent negative serial numbers in ASN.1 encoding + // In ASN.1, INTEGER is signed, so if MSB of first byte is set (>= 0x80), it's negative + let firstByte = randomBytes.charCodeAt(0) + // Regenerate first byte if it's >= 0x80 to ensure positive serial number + while (firstByte >= 0x80) { + firstByte = forge.random.getBytesSync(1).charCodeAt(0) + } + randomBytes = String.fromCharCode(firstByte) + randomBytes.substring(1) // Convert to BigNumber const serialNumber = new BigNumber('0x' + forge.util.bytesToHex(randomBytes)) return serialNumber.toString() @@ -348,7 +357,7 @@ async function generateCertificate ({ // Set certificate fields cert.publicKey = keys.publicKey - cert.serialNumber = forge.util.bytesToHex(forge.random.getBytesSync(16)) + cert.serialNumber = generateSerialNumber() // Set validity period const now = new Date()