From 0de13c474c23404656d9d9e28ff4913f85cb003b Mon Sep 17 00:00:00 2001
From: Russell Lewis <russelll@netflix.com>
Date: Fri, 13 Jul 2018 16:42:19 -0700
Subject: [PATCH] Allowing BLESS lambda to accept ed25519 keys, completing
 https://github.com/Netflix/bless/pull/71 .  Thanks @jnewbigin .

---
 bless/request/bless_request.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bless/request/bless_request.py b/bless/request/bless_request.py
index ad182a0..7712562 100644
--- a/bless/request/bless_request.py
+++ b/bless/request/bless_request.py
@@ -29,6 +29,7 @@
 # There doesn't seem to be any practical size limits of an SSH Certificate Principal (> 4096B allowed).
 PRINCIPAL_PATTERN = re.compile(r'[\d\w!"$%&\'()*+\-./:;<=>?@\[\\\]\^`{|}~]+\Z')
 VALID_SSH_RSA_PUBLIC_KEY_HEADER = "ssh-rsa AAAAB3NzaC1yc2"
+VALID_SSH_ED25519_PUBLIC_KEY_HEADER = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5"
 
 USERNAME_VALIDATION_OPTIONS = Enum('UserNameValidationOptions',
                                    'useradd '  # Allowable usernames per 'man 8 useradd'
@@ -79,7 +80,7 @@ def _validate_principal(principal):
 
 
 def validate_ssh_public_key(public_key):
-    if public_key.startswith(VALID_SSH_RSA_PUBLIC_KEY_HEADER):
+    if public_key.startswith(VALID_SSH_RSA_PUBLIC_KEY_HEADER) or public_key.startswith(VALID_SSH_ED25519_PUBLIC_KEY_HEADER):
         pass
     # todo other key types
     else: