Switch to base 16 for TLS serial number in packetbeat in line with ECS changes

packetbeat/protos/tls/parse.go

@@ -18,7 +18,7 @@
 package tls
 
 import (
 	"crypto/dsa" //lint:ignore SA1019 Deprecated, but still used. So we have to handle it.
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"crypto/x509"
@@ -270,7 +270,7 @@
 				debugf("handshake completed")
 			}
 			// discard remaining data for this stream (encrypted)
 			buf.Advance(buf.Len())
 			return resultEncrypted
 
 		case recordTypeHandshake:
@@ -300,7 +300,7 @@
 			}
 		}
 
 		buf.Advance(limit)
 	}
 
 	if buf.Len() == 0 {
@@ -350,10 +350,10 @@
 		}
 		if !parser.parseHandshake(header.handshakeType,
 			bufferView{&parser.handshakeBuf, handshakeHeaderSize, limit}) {
 			parser.handshakeBuf.Advance(limit)
 			return fmt.Errorf("bad handshake %+v", header)
 		}
 		parser.handshakeBuf.Advance(limit)
 	}
 	if parser.handshakeBuf.Len() == 0 {
 		parser.handshakeBuf.Reset()
@@ -639,7 +639,7 @@
 	certMap := mapstr.M{
 		"signature_algorithm":  cert.SignatureAlgorithm.String(),
 		"public_key_algorithm": toString(cert.PublicKeyAlgorithm),
-		"serial_number":        cert.SerialNumber.Text(10),
+		"serial_number":        strings.ToUpper(cert.SerialNumber.Text(16)),
 		"issuer":               toMap(&cert.Issuer),
 		"subject":              toMap(&cert.Subject),
 		"not_before":           cert.NotBefore,

packetbeat/protos/tls/parse_test.go

@@ -302,7 +302,7 @@ func TestCertificates(t *testing.T) {
 		"not_before":                  "2015-11-03 00:00:00 +0000 UTC",
 		"public_key_algorithm":        "RSA",
 		"public_key_size":             "2048",
-		"serial_number":               "19132437207909210467858529073412672688",
+		"serial_number":               "E64C5FBC236ADE14B172AEB41C78CB0",
 		"signature_algorithm":         "SHA256-RSA",
 		"issuer.common_name":          "DigiCert SHA2 High Assurance Server CA",
 		"issuer.country":              "US",

packetbeat/protos/tls/tls_test.go

@@ -26,8 +26,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/google/go-cmp/cmp"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/elastic/beats/v7/libbeat/beat"
 	"github.com/elastic/beats/v7/libbeat/common"
@@ -312,7 +312,7 @@ func TestOCSPStatus(t *testing.T) {
 						"not_after":            time.Date(2035, 3, 4, 9, 0, 0, 0, time.UTC),
 						"public_key_algorithm": "RSA",
 						"public_key_size":      4096,
-						"serial_number":        "1492448539999078269498416841973088004758827",
+						"serial_number":        "1121E97D5D37348C572C555A3A59B7B65D2B",
 						"signature_algorithm":  "SHA256-RSA",
 						"subject": mapstr.M{
 							"common_name":         "Orange Devices PKI TV LAB CA",
@@ -335,7 +335,7 @@ func TestOCSPStatus(t *testing.T) {
 						"not_before":           time.Date(2020, 3, 2, 17, 0, 0, 0, time.UTC),
 						"public_key_algorithm": "RSA",
 						"public_key_size":      4096,
-						"serial_number":        "1492246295378596931754418352553114016724120",
+						"serial_number":        "112151567790FB40C755010CA9169CF4B498",
 						"signature_algorithm":  "SHA256-RSA",
 						"subject": mapstr.M{
 							"common_name":         "Orange Devices Root LAB CA",
@@ -402,7 +402,7 @@ func TestOCSPStatus(t *testing.T) {
 					"not_before":           time.Date(2021, 6, 3, 13, 38, 16, 0, time.UTC),
 					"public_key_algorithm": "ECDSA",
 					"public_key_size":      256,
-					"serial_number":        "189790697042017246339292011338547986350262673379",
+					"serial_number":        "213E825A875EB349390D11117C6C14F894135FE3",
 					"signature_algorithm":  "SHA256-RSA",
 					"subject": mapstr.M{
 						"common_name":         "server2 test PKI TV LAB",
@@ -421,9 +421,10 @@ func TestOCSPStatus(t *testing.T) {
 	}
 
 	got := results.events[0].Fields
-	if !cmp.Equal(got, want) {
-		t.Errorf("unexpected result: %s", cmp.Diff(got, want))
-	}
+	require.Equal(t, want, got)
+	// if !cmp.Equal(got, want) {
+	// 	t.Errorf("unexpected result: %s", cmp.Diff(got, want))
+	// }
 }
 
 func TestFragmentedHandshake(t *testing.T) {