From ff976ee1cca3047e4e74f6a66f7c0dd2821f4640 Mon Sep 17 00:00:00 2001 From: James Bhattarai Date: Fri, 6 Mar 2026 18:41:46 +0545 Subject: [PATCH] Fix: Serial uniqueness --- gatehouse_app/models/ssh_ca/ca.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gatehouse_app/models/ssh_ca/ca.py b/gatehouse_app/models/ssh_ca/ca.py index eee9909..91548fc 100644 --- a/gatehouse_app/models/ssh_ca/ca.py +++ b/gatehouse_app/models/ssh_ca/ca.py @@ -1,10 +1,15 @@ """Certificate Authority (CA) model.""" +import time from enum import Enum from datetime import datetime, timezone from gatehouse_app.extensions import db from gatehouse_app.models.base import BaseModel +def _serial_start() -> int: + return int(time.time() * 1000) + + class KeyType(str, Enum): """SSH CA key types.""" @@ -91,7 +96,9 @@ class CA(BaseModel): # Monotonically-increasing serial counter. Every cert this CA issues # gets the next value so serials are unique, ordered, and auditable. # Protected by a row-level SELECT … FOR UPDATE in get_next_serial(). - next_serial_number = db.Column(db.BigInteger, default=1, nullable=False) + # Initialised to the current Unix timestamp in milliseconds so serials + # are globally unique across CAs from the moment of creation. + next_serial_number = db.Column(db.BigInteger, default=_serial_start, nullable=False) # Relationships organization = db.relationship("Organization", back_populates="cas")