From ff31f5e10f3d957e7b121ee330f81a7a707c38b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Guerraz?= <francois@orographic.uk>
Date: Mon, 10 Sep 2018 15:52:02 +0200
Subject: [PATCH] Support ssh-ed25519 key format

---
 blessclient/client.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/blessclient/client.py b/blessclient/client.py
index 27b826f..0402c5a 100755
--- a/blessclient/client.py
+++ b/blessclient/client.py
@@ -559,7 +559,7 @@ def vault_bless(nocache, bless_config):
         public_key = f.read()
 
     # Only sign public keys in correct format.
-    if public_key[:8] != 'ssh-rsa ':
+    if not public_key.split(' ')[0] in ['ssh-rsa', 'ssh-ed25519']:
         raise Exception(
             'Refusing to bless {}. Probably not an identity file.'.format(identity_file))
 
@@ -595,7 +595,7 @@ def vault_bless(nocache, bless_config):
     logging.debug("Got back cert: {}".format(cert))
 
     # Error handling
-    if cert[:29] != 'ssh-rsa-cert-v01@openssh.com ':
+    if not cert.split(' ')[0] in ['ssh-rsa-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com']:
         error_msg = json.loads(cert)
         if ('errorType' in error_msg
             and error_msg['errorType'] == 'KMSAuthValidationError'