From e3c90a0b82f93580f9ab5538ef5b60b26efbe4e0 Mon Sep 17 00:00:00 2001
From: Dane Strandboge <dstrandboge@influxdata.com>
Date: Wed, 29 Jan 2025 10:52:35 -0600
Subject: [PATCH] fix(inputs.x509_cert): Fix serial number leading zeroes
 trimmed

---
 plugins/inputs/x509_cert/x509_cert.go      | 9 +++++++--
 plugins/inputs/x509_cert/x509_cert_test.go | 8 ++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/plugins/inputs/x509_cert/x509_cert.go b/plugins/inputs/x509_cert/x509_cert.go
index 97097ded3d80f..5743243a00962 100644
--- a/plugins/inputs/x509_cert/x509_cert.go
+++ b/plugins/inputs/x509_cert/x509_cert.go
@@ -215,7 +215,7 @@ func (c *X509Cert) Gather(acc telegraf.Accumulator) error {
 func (c *X509Cert) processCertificate(certificate *x509.Certificate, opts x509.VerifyOptions) error {
 	chains, err := certificate.Verify(opts)
 	if err != nil {
-		c.Log.Debugf("Invalid certificate %v", certificate.SerialNumber.Text(16))
+		c.Log.Debugf("Invalid certificate %v", getSerialNumberString(certificate))
 		c.Log.Debugf("  cert DNS names:    %v", certificate.DNSNames)
 		c.Log.Debugf("  cert IP addresses: %v", certificate.IPAddresses)
 		c.Log.Debugf("  cert subject:      %v", certificate.Subject)
@@ -470,7 +470,7 @@ func getTags(cert *x509.Certificate, location string) map[string]string {
 	tags := map[string]string{
 		"source":               location,
 		"common_name":          cert.Subject.CommonName,
-		"serial_number":        cert.SerialNumber.Text(16),
+		"serial_number":        getSerialNumberString(cert),
 		"signature_algorithm":  cert.SignatureAlgorithm.String(),
 		"public_key_algorithm": cert.PublicKeyAlgorithm.String(),
 	}
@@ -524,6 +524,11 @@ func (c *X509Cert) collectCertURLs() []*url.URL {
 	return urls
 }
 
+func getSerialNumberString(cert *x509.Certificate) string {
+	// Rather than calling '.Text(16)' this retains leading zeroes
+	return hex.EncodeToString(cert.SerialNumber.Bytes())
+}
+
 func init() {
 	inputs.Add("x509_cert", func() telegraf.Input {
 		return &X509Cert{
diff --git a/plugins/inputs/x509_cert/x509_cert_test.go b/plugins/inputs/x509_cert/x509_cert_test.go
index bb4f72cc14d07..b7b1f3a1f212b 100644
--- a/plugins/inputs/x509_cert/x509_cert_test.go
+++ b/plugins/inputs/x509_cert/x509_cert_test.go
@@ -482,6 +482,14 @@ func TestServerName(t *testing.T) {
 	}
 }
 
+func TestCertificateSerialNumberRetainsLeadingZeroes(t *testing.T) {
+	bi := &big.Int{}
+	bi.SetString("0123456789abcdef", 16)
+	require.Equal(t, "0123456789abcdef", getSerialNumberString(&x509.Certificate{
+		SerialNumber: bi,
+	}))
+}
+
 // Bases on code from
 // https://medium.com/@shaneutt/create-sign-x509-certificates-in-golang-8ac4ae49f903
 func TestClassification(t *testing.T) {