[v10.0/forgejo] fix: native parsing of ssh certificate key (#6954)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/6953 - In the case of parsing an public SSH certificate key, use the underlying key type instead of the certificate type. This means `ed25519-cert-v01` would be seen as `ed25519` type and thus correctly parsed. Certificates do not change the keysize or otherwise parsing of the key. - Add unit test. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6954 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-09-07 09:42:12 +00:00 · 2025-02-15 17:28:48 +00:00 · 2025-02-15 17:28:48 +00:00 · cc8a05f693
commit cc8a05f693
parent 0fe56e6059
2 changed files with 7 additions and 1 deletions
--- a/models/asymkey/ssh_key_parse.go
+++ b/models/asymkey/ssh_key_parse.go
@ -219,8 +219,13 @@ func SSHNativeParsePublicKey(keyLine string) (string, int, error) {
 		return "", 0, fmt.Errorf("ParsePublicKey: %w", err)
 	}

+	pkeyType := pkey.Type()
+	if certPkey, ok := pkey.(*ssh.Certificate); ok {
+		pkeyType = certPkey.Key.Type()
+	}
+
 	// The ssh library can parse the key, so next we find out what key exactly we have.
-	switch pkey.Type() {
+	switch pkeyType {
 	case ssh.KeyAlgoDSA:
 		rawPub := struct {
 			Name       string