(MODULES-10765) Implement ecdsa-sha2-nistp384-cert-v01@openssh.com support

bastelfreak · bastelfreak · commit c33e9e02d837 · 2020-09-06T17:28:12.000+02:00
diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
@@ -64,7 +64,8 @@ module Puppet
 
       newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519',
                 :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com',
-                :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com'
+                :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com',
+                :'ecdsa-sha2-nistp384-cert-v01@openssh.com'
 
       aliasvalue(:dsa, :'ssh-dss')
       aliasvalue(:ed25519, :'ssh-ed25519')
@@ -167,7 +168,8 @@ def insync?(is)
             ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk|
             sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com|
             ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com|
-            ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x
+            ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|
+            ecdsa-sha2-nistp384-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x
     def self.keyline_regex
       REGEX
     end
diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb
@@ -91,7 +91,8 @@
         :'ssh-rsa-cert-v01@openssh.com',
         :'ssh-ed25519-cert-v01@openssh.com',
         :'ssh-dss-cert-v01@openssh.com',
-        :'ecdsa-sha2-nistp256-cert-v01@openssh.com'
+        :'ecdsa-sha2-nistp256-cert-v01@openssh.com',
+        :'ecdsa-sha2-nistp384-cert-v01@openssh.com'
       ].each do |keytype|
         it "supports #{keytype}" do
           described_class.new(name: 'whev', type: keytype, user: 'nobody')
@@ -166,6 +167,12 @@
       end
       # rubocop:enable Metrics/LineLength
 
+      # rubocop:disable Metrics/LineLength
+      it 'supports a valid ecdsa-sha2-nistp384-cert-v01@openssh.com key' do
+        expect { described_class.new(name: 'bastelfreakwashere', type: :'ecdsa-sha2-nistp384-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgh+/K6gv7WlwX9qVlKLH8Vurzo5xfc8/glVcT7auQOhIAAAAIbmlzdHAzODQAAABhBDouPHnR+OD4jfdqMbhFXTfB8vTjpZYLQSl0HxEXRAs8AgqDEZI1lJEVwdxtJUbczyu1Wj7wM45YpSpgUQVU38rmVkpxujqhhMMmqMWf87gnjm9oVLLFvJHdauKNnXjJQQAAAAAAAAAAAAAAAgAAABBob3N0LmV4YW1wbGUuY29tAAAAFAAAABBob3N0LmV4YW1wbGUuY29tAAAAAF8sWnQAAAAAYQw85wAAAAAAAAAAAAAAAAAAAIgAAAATZWNkc2Etc2hhMi1uaXN0cDM4NAAAAAhuaXN0cDM4NAAAAGEEOi48edH44PiN92oxuEVdN8Hy9OOllgtBKXQfERdECzwCCoMRkjWUkRXB3G0lRtzPK7VaPvAzjlilKmBRBVTfyuZWSnG6OqGEwyaoxZ/zuCeOb2hUssW8kd1q4o2deMlBAAAAgwAAABNlY2RzYS1zaGEyLW5pc3RwMzg0AAAAaAAAADBJccfmOaYjNVbqkx0X7cLpl53EzTAMdv9k159mBLYaepMnLYmhKx+LvfA5bAUTar4AAAAwSO7n770NIdhhMZjGio4GKDyKq2WW6QLRXleY6QcynBaQ90rkMVnt+jeIEs30h6F8') }.not_to raise_error # rubocop:disable Metrics/LineLength
+      end
+      # rubocop:enable Metrics/LineLength
+
       it "doesn't support whitespaces" do
         expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace})
       end
