From 51f796b218bd693f05f29a85be0f9aa6450de239 Mon Sep 17 00:00:00 2001
From: nbari <nbari@tequila.io>
Date: Fri, 7 Oct 2016 19:54:19 +0200
Subject: [PATCH] fixed edit

---
 cmd/ssh-vault/main.go | 22 +++++++++++++++---
 edit.go               | 36 ++++++++++++++++++++++++++++++
 sopas                 |  3 +++
 view.go               | 52 ++++++++++++++++++++++++-------------------
 4 files changed, 87 insertions(+), 26 deletions(-)
 create mode 100644 edit.go
 create mode 100644 sopas

diff --git a/cmd/ssh-vault/main.go b/cmd/ssh-vault/main.go
index 0e91a86..4a6fe69 100644
--- a/cmd/ssh-vault/main.go
+++ b/cmd/ssh-vault/main.go
@@ -105,11 +105,27 @@ func main() {
 			exit1(err)
 		}
 	case "edit":
-		fmt.Println("edit")
-	case "view":
-		err := vault.View()
+		data, err := vault.View()
 		if err != nil {
 			exit1(err)
 		}
+		out, err := vault.Edit(data)
+		if err != nil {
+			exit1(err)
+		}
+		out, err = vault.Encrypt(out)
+		if err != nil {
+			exit1(err)
+		}
+		err = vault.Close(out)
+		if err != nil {
+			exit1(err)
+		}
+	case "view":
+		out, err := vault.View()
+		if err != nil {
+			exit1(err)
+		}
+		fmt.Printf("\n%s", out)
 	}
 }
diff --git a/edit.go b/edit.go
new file mode 100644
index 0000000..742a3ce
--- /dev/null
+++ b/edit.go
@@ -0,0 +1,36 @@
+package sshvault
+
+import (
+	"io/ioutil"
+	"os"
+	"os/exec"
+)
+
+// Edit opens $EDITOR default to vi
+func (v *vault) Edit(data []byte) ([]byte, error) {
+	tmpfile, err := ioutil.TempFile("", v.Fingerprint)
+	if err != nil {
+		return nil, err
+	}
+	defer os.Remove(tmpfile.Name())
+	err = ioutil.WriteFile(tmpfile.Name(), data, 0600)
+	if err != nil {
+		return nil, err
+	}
+	editor := os.Getenv("EDITOR")
+	if editor == "" {
+		editor = "vi"
+	}
+	cmd := exec.Command(editor, tmpfile.Name())
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	err = cmd.Run()
+	if err != nil {
+		return nil, err
+	}
+	b, err := ioutil.ReadFile(tmpfile.Name())
+	if err != nil {
+		return nil, err
+	}
+	return b, nil
+}
diff --git a/sopas b/sopas
new file mode 100644
index 0000000..8cea0fa
--- /dev/null
+++ b/sopas
@@ -0,0 +1,3 @@
+$SSH-VAULT;AES256;fd:c9:a5:ab:67:c2:6a:3b:6b:c9:72:d6:32:f8:a8:09
+43fd4bf54db6c83baa44a18ad1e0070ceee2258ac87751709dff570bf0ecc54c9f3d781de889ea926d5849162a6482d21f1af3499328999b6e619823107215d2605842b09b7240ac228cb7034bd5a3e57d30ce20a2b86b275d480e6d7264520b70b20616c7f86514b710f5c44456ceff8c4013a12c0c9e3a99c128eb013c0b88b25276056be23804ceb12cec4fa8058931c9da55aad682f70603ac089b0a2edb15791a6296cba1095d44e3906dc4d421712927090cd3e5fe8eca3db78ffcb0c229e7b7a85aac0d14db4f5ce973f4d5cf98412b6a4d16c7ff65954482f6786c06ac9031197ced692d203610c4186b5490308b7840e210fc3d7448b4715782b433d90dd883146d28aa066d4f8d6b05457b53bc88f43c426bb10ff2a29ccbce8c5ca5560ba6ca5e9bde2f296f6cf0ebb506dd9b42d2991f01415d8f7ccc55ded53b3ef102c497f5d0432df45890280ec2a771bb1f302420d861884c8d0f3b8c9409c046b12cd1c4739d228840a5f1f7d804046f87144068f70cde65e12f078298625c4b0c04dfa275bf72ea84ee914d67981126d41a2ecad8aad72a636df9fc2639546b91dc0850a4d1f7c043e7d92ffdc6a8e77a8354dc4da513df2c8616d7f479bf5418852ee3ef29b35ef49513ed6099381db5bd9d46e3a888492d2a65e8920c8bf2dca419c883fbbd5908337ba56b62b50e40059ec817becfb369204202f804
+51a3315d00f1c1ec1616c90d1b58cb0d6f870fe6a42eeca3a98181661bf72a29f4af09976e828d00a79aa242416bb2a41e79015a7320726e67b3b6921982ebe70af7700a3fc38cb64cffb4
\ No newline at end of file
diff --git a/view.go b/view.go
index 6266827..5602c99 100644
--- a/view.go
+++ b/view.go
@@ -10,69 +10,75 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io/ioutil"
-	"log"
+	"strings"
 	"syscall"
 
 	"golang.org/x/crypto/ssh/terminal"
 )
 
 // View decrypts data and print it to stdout
-func (v *vault) View() error {
+func (v *vault) View() ([]byte, error) {
 	vault, err := ioutil.ReadFile(v.vault)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	// head, pass, body
+
+	// head, password, body
 	parts := bytes.Split(vault, []byte("\n"))
 
-	// get pem
-	pemData, err := ioutil.ReadFile(v.key)
+	// use private key only
+	if strings.HasSuffix(v.key, ".pub") {
+		v.key = strings.Trim(v.key, ".pub")
+	}
+
+	keyFile, err := ioutil.ReadFile(v.key)
 	if err != nil {
-		log.Fatalf("Error reading pem file: %s", err)
+		return nil, fmt.Errorf("Error reading private key: %s", err)
 	}
-	block, _ := pem.Decode(pemData)
+
+	block, _ := pem.Decode(keyFile)
 	if block == nil || block.Type != "RSA PRIVATE KEY" {
-		return fmt.Errorf("No valid PEM (private key) data found")
+		return nil, fmt.Errorf("No valid PEM (private key) data found")
 	}
-	var pemOut []byte
+
 	if x509.IsEncryptedPEMBlock(block) {
 		fmt.Print("Enter key password: ")
 		keyPassword, err := terminal.ReadPassword(int(syscall.Stdin))
 		if err != nil {
-			return err
+			return nil, err
 		}
-		pemOut, err = x509.DecryptPEMBlock(block, keyPassword)
+		fmt.Println()
+		block.Bytes, err = x509.DecryptPEMBlock(block, keyPassword)
 		if err != nil {
-			return err
+			return nil, err
 		}
-	} else {
-		pemOut = block.Bytes
 	}
-	privateKey, err := x509.ParsePKCS1PrivateKey(pemOut)
+
+	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	ciphertext := make([]byte, hex.DecodedLen(len(parts[1])))
 	_, err = hex.Decode(ciphertext, parts[1])
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	v.password, err = rsa.DecryptOAEP(sha256.New(), rand.Reader, privateKey, ciphertext, []byte(""))
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	ciphertext = make([]byte, hex.DecodedLen(len(parts[2])))
 	_, err = hex.Decode(ciphertext, parts[2])
 	if err != nil {
-		return err
+		return nil, err
 	}
+
 	data, err := v.Decrypt(ciphertext)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	fmt.Printf("\n%s", data)
-	return nil
+	return data, nil
 }