(MODULES-10765) Implement ecdsa-sha2-nistp521-cert-v01@openssh.com support

2 files changed, 10 insertions, 3 deletions

diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index f34ef9c..9749e29 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
@@ -65,7 +65,7 @@ module Puppet
       newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519',
                 :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com',
                 :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com',
-                :'ecdsa-sha2-nistp384-cert-v01@openssh.com'
+                :'ecdsa-sha2-nistp384-cert-v01@openssh.com', :'ecdsa-sha2-nistp521-cert-v01@openssh.com'
 
       aliasvalue(:dsa, :'ssh-dss')
       aliasvalue(:ed25519, :'ssh-ed25519')
@@ -169,7 +169,7 @@ module Puppet
             sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com|
             ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com|
             ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|
-            ecdsa-sha2-nistp384-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x
+            ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x
     def self.keyline_regex
       REGEX
     end
diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb
index 14c65f7..37981a4 100644
--- a/spec/unit/type/ssh_authorized_key_spec.rb
+++ b/spec/unit/type/ssh_authorized_key_spec.rb
@@ -92,7 +92,8 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso
         :'ssh-ed25519-cert-v01@openssh.com',
         :'ssh-dss-cert-v01@openssh.com',
         :'ecdsa-sha2-nistp256-cert-v01@openssh.com',
-        :'ecdsa-sha2-nistp384-cert-v01@openssh.com'
+        :'ecdsa-sha2-nistp384-cert-v01@openssh.com',
+        :'ecdsa-sha2-nistp521-cert-v01@openssh.com'
       ].each do |keytype|
         it "supports #{keytype}" do
           described_class.new(name: 'whev', type: keytype, user: 'nobody')
@@ -173,6 +174,12 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso
       end
       # rubocop:enable Metrics/LineLength
 
+      # rubocop:disable Metrics/LineLength
+      it 'supports a valid ecdsa-sha2-nistp521-cert-v01@openssh.com key' do
+        expect { described_class.new(name: 'bastelfreakwashere', type: :'ecdsa-sha2-nistp521-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2xMe+Z9AuETNwM88pTDRpEtKbGRarajtZ5UaxSmmaQoAAAAIbmlzdHA1MjEAAACFBAFGg1vGsCq5kEzivd0s/kf0x5/TDzb0DwPzGz5YRsUtDlhT7+F7r2lVRvEEXCagc/UjTisIQ0kcG4IgMoI3VsaFEAHrBgF4whI/bhh6i+WzIHnT3NWkjqhdX+kLBXtlm+uFXyslmFlda4gGmjGeHvsDHgC2rN7cSuGh//3DBXtelkB+uQAAAAAAAAAAAAAAAgAAABBob3N0LmV4YW1wbGUuY29tAAAAFAAAABBob3N0LmV4YW1wbGUuY29tAAAAAF8sW9wAAAAAYQw+QgAAAAAAAAAAAAAAAAAAAKwAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQAAAIUEAUaDW8awKrmQTOK93Sz+R/THn9MPNvQPA/MbPlhGxS0OWFPv4XuvaVVG8QRcJqBz9SNOKwhDSRwbgiAygjdWxoUQAesGAXjCEj9uGHqL5bMgedPc1aSOqF1f6QsFe2Wb64VfKyWYWV1riAaaMZ4e+wMeALas3txK4aH//cMFe16WQH65AAAApwAAABNlY2RzYS1zaGEyLW5pc3RwNTIxAAAAjAAAAEIA92a8QL5J/EMxRaKh9fSysTaEyyN/3KesBC8tI1rwytKILtfrcAIGxXtDQF6eZ72BWUvu6aqHIM6pmIHlnpzsROgAAABCAJHPzoeANenL8ZdlEf0jz8aEiGlGt02Z+vzsajQakKclFL4P8Nm5fojR2Mo2C45CQfO+kfkRQM1UUfDrVZcPzN0S') }.not_to raise_error # rubocop:disable Metrics/LineLength
+      end
+      # rubocop:enable Metrics/LineLength
+
       it "doesn't support whitespaces" do
         expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace})
       end