From ffac83dd80ece81e923e37e338d30866fe36f024 Mon Sep 17 00:00:00 2001 From: Gilbert Chen Date: Wed, 25 Mar 2020 23:50:35 -0400 Subject: [PATCH] Assume the signed certificate of a ssh key file has the suffix '-cert.pub'. So if the ssh key file is 'mykey' then Duplicacy will check if the signed certificate can be loaded from the file 'mykey-cert.pub'. This avoids the use of another preference variable 'ssh_cert_file'. --- src/duplicacy_storage.go | 54 +++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/src/duplicacy_storage.go b/src/duplicacy_storage.go index ffb927d..f3b0618 100644 --- a/src/duplicacy_storage.go +++ b/src/duplicacy_storage.go @@ -336,7 +336,7 @@ func CreateStorage(preference Preference, resetPassword bool, threads int) (stor keyFile = GetPassword(preference, "ssh_key_file", "Enter the path of the private key file:", true, resetPassword) - var key ssh.Signer + var keySigner ssh.Signer var err error if keyFile == "" { @@ -347,7 +347,7 @@ func CreateStorage(preference Preference, resetPassword bool, threads int) (stor if err != nil { LOG_INFO("SSH_PUBLICKEY", "Failed to read the private key file: %v", err) } else { - key, err = ssh.ParsePrivateKey(content) + keySigner, err = ssh.ParsePrivateKey(content) if err != nil { if strings.Contains(err.Error(), "cannot decode encrypted private keys") { LOG_TRACE("SSH_PUBLICKEY", "The private key file is encrypted") @@ -355,7 +355,7 @@ func CreateStorage(preference Preference, resetPassword bool, threads int) (stor if len(passphrase) == 0 { LOG_INFO("SSH_PUBLICKEY", "No passphrase to descrypt the private key file %s", keyFile) } else { - key, err = ssh.ParsePrivateKeyWithPassphrase(content, []byte(passphrase)) + keySigner, err = ssh.ParsePrivateKeyWithPassphrase(content, []byte(passphrase)) if err != nil { LOG_INFO("SSH_PUBLICKEY", "Failed to parse the encrypted private key file %s: %v", keyFile, err) } @@ -364,37 +364,35 @@ func CreateStorage(preference Preference, resetPassword bool, threads int) (stor LOG_INFO("SSH_PUBLICKEY", "Failed to parse the private key file %s: %v", keyFile, err) } } - } - } - certFile := GetPasswordFromPreference(preference, "ssh_cert_file") - var pubKey ssh.PublicKey - var certSigner ssh.Signer - - if certFile != "" { - LOG_DEBUG("SSH_CERTIFICATE", "Attempting to use ssh certificate from file %s", certFile) - var content []byte - content, err = ioutil.ReadFile(certFile) - if err != nil { - LOG_INFO("SSH_CERTIFICATE", "Failed to read ssh certificate file: %v", err) - } else { - pubKey, _, _, _, err = ssh.ParseAuthorizedKey(content) - if err != nil { - LOG_INFO("SSH_CERTIFICATE", "Failed parse ssh certificate file: %v", err) - } else { - certSigner, err = ssh.NewCertSigner(pubKey.(*ssh.Certificate), key) - if err != nil { - LOG_INFO("SSH_CERTIFICATE", "Failed to create certificate signer: %v", err) + if keySigner != nil { + certFile := keyFile + "-cert.pub" + if stat, err := os.Stat(certFile); err == nil && !stat.IsDir() { + LOG_DEBUG("SSH_CERTIFICATE", "Attempting to use ssh certificate from file %s", certFile) + var content []byte + content, err = ioutil.ReadFile(certFile) + if err != nil { + LOG_INFO("SSH_CERTIFICATE", "Failed to read ssh certificate file %s: %v", certFile, err) + } else { + pubKey, _, _, _, err := ssh.ParseAuthorizedKey(content) + if err != nil { + LOG_INFO("SSH_CERTIFICATE", "Failed parse ssh certificate file %s: %v", certFile, err) + } else { + certSigner, err := ssh.NewCertSigner(pubKey.(*ssh.Certificate), keySigner) + if err != nil { + LOG_INFO("SSH_CERTIFICATE", "Failed to create certificate signer: %v", err) + } else { + keySigner = certSigner + } + } + } } } } } - // if we have a valid cert signer use it instead of the normal private key - if certSigner != nil { - signers = append(signers, certSigner) - } else if key != nil { - signers = append(signers, key) + if keySigner != nil { + signers = append(signers, keySigner) } if len(signers) > 0 {