Description of problem:

NextRange is pulled from the DS as a HEX, and Serial Increment is converted from Hex to Dec causing a calculation error resulting in what is written to the DS not matching what is written to the CS.cfg for the next range, and when rollover occurs for the begin and end of the new range.

How reproducible:

Create a CA with small range and instantiate certificate to fill the range. After few renewal some gaps are created between ranges.

Steps to Reproduce:

Following upstream test: https://github.com/dogtagpki/pki/blob/master/.github/workflows/ca-ssnv1-test.yml

1. Create a CA with the follwoing parameter:

1. pkispawn -f /usr/share/pki/server/examples/installation/ca.cfg \
   -s CA \
   -D pki_ds_url=ldap://ds.example.com:3389 \
   -D pki_request_id_generator=legacy \
   -D pki_request_number_range_start=1 \
   -D pki_request_number_range_end=10 \
   -D pki_request_number_range_increment=10 \
   -D pki_request_number_range_minimum=5 \
   -D pki_request_number_range_transfer=5 \
   -D pki_cert_id_generator=legacy \
   -D pki_serial_number_range_start=9 \
   -D pki_serial_number_range_end=18 \
   -D pki_serial_number_range_increment=12 \
   -D pki_serial_number_range_minimum=9 \
   -D pki_serial_number_range_transfer=9 \
   -v

2. Enable the serial management:

1. pki-server ca-config-set dbs.enableSerialManagement true

3. Enroll certificate to fill the entire range multiple time

4. Check the list of serial released.

A similar problem is present when clones are created. The range of the cloned CA and the one of the master CA could be not consecutive.

Actual results:

Certificate ids list show missing number, E.g. with above configuration there is a gap between 0x2a and 0x37.

Expected results:

Serial should be consecutive.

Additional info: