From d63cf4e1ec6b28874f7010de168c849e749c145e Mon Sep 17 00:00:00 2001
From: Tero Mononen <tmo@ssh.com>
Date: Tue, 7 Jan 2025 22:16:56 +0200
Subject: [PATCH] issue - create random serial number

Also depend on click.
---
 pyproject.toml   |  3 +++
 src/nanoCA/ca.py | 17 +++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 58d3cf8..12c3546 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -7,6 +7,9 @@ authors = [
 description = "Nano CA with Secret Sharing"
 readme = "README.md"
 requires-python = ">=3.7"
+dependencies = [
+         "click"
+]
 classifiers = [
     "Programming Language :: Python :: 3",
     "License :: OSI Approved :: MIT License",
diff --git a/src/nanoCA/ca.py b/src/nanoCA/ca.py
index 7c82611..6786253 100644
--- a/src/nanoCA/ca.py
+++ b/src/nanoCA/ca.py
@@ -138,7 +138,7 @@ def index_issue(ctx, caname,
             new_index.write(f"V\t{expires}\t{revoked}\t{hex_serial}\t{certfile}\t/{subject}\n")
 
         # done; now atomic update with backups
-        for gen in range(0, 9):
+        for gen in range(0, 10):
             bd = old_idx_name + f".backup-{10-gen}"
             bs = old_idx_name + f".backup-{10-(gen+1)}"
             if os.path.exists(bs):
@@ -153,7 +153,7 @@ def index_find(ctx, caname: str, pattern: str) -> List[str]:
     with open(index_file, "r") as index:
         for line in index.readlines():
             r = line.strip().split('\t')
-            if not re.match(r'', r[4]):
+            if not re.match(pattern or r".*", r[5]):
                 continue
             result.append(r)
     return result
@@ -268,9 +268,14 @@ def cmd_list(obj):
 ##############################################################################
 @click.group()
 def show():
-    click.echo("list")
+    """Show certificates related to ISSUER.
+
+    Optionally a regex PATTERN can be used to filter by subject-name.
+    """
+    click.echo("show")
 
 
+#@click.option("--details/--no-details", default=False, help="show more details from certificate")
 @show.command(name="show")
 @click.argument("issuer", type=str)
 @click.argument("pattern", type=str, required=False)
@@ -505,7 +510,7 @@ def cmd_issue(obj: Global, *,
         certname = issuer
         issue_cmd.extend([
             "-key", key_name(obj, issuer),
-            "-CAcreateserial",
+            "-rand_serial",
             "-extensions", "certext_ca", "-days", validity
         ])
         # touch the index for CA
@@ -523,7 +528,7 @@ def cmd_issue(obj: Global, *,
         issue_cmd.extend([
             "-CA", crt_name(obj, issuer),
             "-CAkey", key_name(obj, issuer),
-            "-CAcreateserial",
+            "-rand_serial",
             "-extensions", "certext_ca", "-days", validity
         ])
         # touch the index for CA
@@ -539,7 +544,7 @@ def cmd_issue(obj: Global, *,
         issue_cmd.extend([
             "-CA", crt_name(obj, issuer),
             "-CAkey", key_name(obj, issuer),
-            "-CAcreateserial",
+            "-rand_serial",
             "-extensions", "certext", "-days", validity
         ])