From a55ac1b7ad81f9c7a0103cdeeca9591d6acfc3ba Mon Sep 17 00:00:00 2001
From: Philipp Bandow <p.bandow@outlook.de>
Date: Thu, 28 Feb 2019 01:27:14 +0100
Subject: [PATCH] Add option to use a ssh key signed with a certificate to
 authenticate

---
 src/duplicacy_storage.go | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/duplicacy_storage.go b/src/duplicacy_storage.go
index fd6493f..d06affc 100644
--- a/src/duplicacy_storage.go
+++ b/src/duplicacy_storage.go
@@ -367,7 +367,33 @@ func CreateStorage(preference Preference, resetPassword bool, threads int) (stor
 				}
 			}
 
-			if key != nil {
+			certFile := GetPasswordFromPreference(preference, "ssh_cert_file")
+			var pubKey ssh.PublicKey
+			var certSigner ssh.Signer
+
+			if certFile != "" {
+				LOG_DEBUG("SSH_CERTIFICATE", "Attempting to use ssh certificate from file %s", certFile)
+				var content []byte
+				content, err = ioutil.ReadFile(certFile)
+				if err != nil {
+					LOG_INFO("SSH_CERTIFICATE", "Failed to read ssh certificate file: %v", err)
+				} else {
+					pubKey, _, _, _, err = ssh.ParseAuthorizedKey(content)
+					if err != nil {
+						LOG_INFO("SSH_CERTIFICATE", "Failed parse ssh certificate file: %v", err)
+					} else {
+						certSigner, err = ssh.NewCertSigner(pubKey.(*ssh.Certificate), key)
+						if err != nil {
+							LOG_INFO("SSH_CERTIFICATE", "Failed to create certificate signer: %v", err)
+						}
+					}
+				}
+			}
+
+			// if we have a valid cert signer use it instead of the normal private key
+			if certSigner != nil {
+				signers = append(signers, certSigner)
+			} else if key != nil {
 				signers = append(signers, key)
 			}