From 105413e533a4daf31c852a163a4259834b1cdec5 Mon Sep 17 00:00:00 2001
From: Stephen Seo <seo.disparate@gmail.com>
Date: Tue, 26 Dec 2023 15:16:42 +0900
Subject: [PATCH] Update generate_ssh_Key_and_cert.sh

Allow for up to 3 tries of signing the cert in case of incorrect
password entry.
---
 generate_ssh_key_and_cert.sh | 38 ++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/generate_ssh_key_and_cert.sh b/generate_ssh_key_and_cert.sh
index ef7b080..38de9c0 100755
--- a/generate_ssh_key_and_cert.sh
+++ b/generate_ssh_key_and_cert.sh
@@ -150,19 +150,33 @@ else
 fi
 
 if (( CA_KEY_THROUGH_SSH_AGENT )) && [[ -r "$CA_KEY_PATH" ]]; then
-    (( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null
-    ssh-keygen -Us "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}"
-    if (( $? != 0 )); then
-        echo "ERROR: Failed to sign certificate!"
-        exit 1
-    fi
+    for ((i=0; i<3; ++i)); do
+        echo 'Signing certificate...'
+        (( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null
+        ssh-keygen -Us "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}"
+        if (( $? != 0 )); then
+            echo "ERROR: Failed to sign certificate!"
+            if (( i >= 2 )); then
+                exit 1
+            fi
+        else
+            break
+        fi
+    done
 elif [[ -r "$CA_KEY_PATH" ]]; then
-    (( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null
-    ssh-keygen -s "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}"
-    if (( $? != 0 )); then
-        echo "ERROR: Failed to sign certificate!"
-        exit 1
-    fi
+    for ((i=0; i<3; ++i)); do
+        echo 'Signing certificate...'
+        (( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null
+        ssh-keygen -s "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}"
+        if (( $? != 0 )); then
+            echo "ERROR: Failed to sign certificate!"
+            if (( i >= 2 )); then
+                exit 1
+            fi
+        else
+            break
+        fi
+    done
 else
     echo "ERROR: Invalid settings for CA key!"
     exit 1