From 497363b31b240a4b3788bd889398e237e93cc09d Mon Sep 17 00:00:00 2001
From: Lucas <lucas@domain.invalid>
Date: Tue, 19 Apr 2022 03:41:28 +0000
Subject: [PATCH] Make serial a simple counter

While at it, error out when ssh-keygen fails, not after writing the
serial.
---
 cassh.sh | 48 ++++++------------------------------------------
 1 file changed, 6 insertions(+), 42 deletions(-)

diff --git a/cassh.sh b/cassh.sh
index 209b2b7..f3ea2b0 100644
--- a/cassh.sh
+++ b/cassh.sh
@@ -29,24 +29,6 @@ err()
 	exit 1
 }
 
-strip_leading_zeros()
-{
-	_s=$1
-	if [ -z "$_s" ]; then
-		return
-	fi
-	while [ X"${_s#0}" != X"$_s" ]; do
-		_s=${_s#0}
-	done
-	echo "${_s:-0}"
-}
-
-strcmp()
-{
-	_r=$(expr "X$1" "$2" "X$3")
-	[ "${_r:-0}" -eq 1 ]
-}
-
 # Returns comment from the ssh-agent if any is returned, otherwise it
 # returns the public key's fingerprint.
 get_ca_comment_from_sk()
@@ -149,24 +131,12 @@ main_issue()
 	fi
 
 	if [ ! -f "$PATH_CA_SERIAL" ]; then
-		date -u +%Y%m%d000000000 >"$PATH_CA_SERIAL"
+		echo 0 >"$PATH_CA_SERIAL"
 	fi
 	read -r serial <"$PATH_CA_SERIAL"
-	# Remove NNNNNNNNN suffix
-	serial_date=${serial%?????????}
-	current_date=$(date -u +%Y%m%d)
-	if strcmp "$current_date" ">" "$serial_date"; then
-		serial_date=$current_date
-		serial_counter=0
-	else
-		# Remove YYYYmmdd prefix and leading 
-		serial_counter=$(strip_leading_zeros "${serial#????????}")
-	fi
-	serial=$(printf "%s%09u\n" "$serial_date" "$serial_counter")
 
 	_template_fmt_C=$(get_ca_comment_from_sk "$PATH_CA_PUB")
 	find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | {
-		rc=0
 		while read -r pk; do
 			pkname=${pk%.pub}
 			pkname=${pkname#$PATH_PUBKEYS_DIR/}
@@ -182,20 +152,14 @@ main_issue()
 				ssh-keygen "$@" -n "$principals" "$pk"
 			else
 				ssh-keygen "$@" "$pk"
-			fi || rc=1
-
-			serial_counter=$(($serial_counter + 1))
-			if [ $serial_counter -ge 1000000000 ]; then
-				err "can't issue more certificates today"
 			fi
-			serial=$(printf "%s%09u\n" "$serial_date" \
-			    "$serial_counter" | tee "$PATH_CA_SERIAL")
-
-			if [ $rc -ne 0 ]; then
-				break
+			if [ $? -ne 0 ]; then
+				exit 1
 			fi
+
+			serial=$(($serial + 1))
+			echo $serial >"$PATH_CA_SERIAL"
 		done
-		return $rc
 	}
 }