Remove hardcoded algo name for certificate string (#5)

Co-authored-by: Justin Holmes <jholmes@cloudflare.com>

sshcert.go

@@ -164,7 +164,12 @@ func (c *CA) SetName(name string) {
 // String will output the SSH certificate in a format that can be used
 // with an ssh client.
 func (c *Cert) String() string {
-	return fmt.Sprintf("%s %s", ssh.CertAlgoECDSA256v01, base64.StdEncoding.EncodeToString(c.Certificate.Marshal()))
+	return fmt.Sprintf("%s %s", c.Type(), base64.StdEncoding.EncodeToString(c.Certificate.Marshal()))
+}
+
+// Type returns the certificate's algorithm name.
+func (c *Cert) Type() string {
+	return c.Certificate.Type()
 }
 
 // NewSigningArguments will create a default SigningArguments type with the

sshcert_test.go

@@ -65,14 +65,27 @@ func ExampleParsePublicKey() {
 }
 
 func TestSignCert(t *testing.T) {
-	ca, _ := NewCA()
-	pubBytes, _ := ioutil.ReadFile("testfiles/testkeys.pub")
-	pub, _ := ParsePublicKey(string(pubBytes))
-	signArgs := NewSigningArguments([]string{"root"})
+	tests := []struct {
+		algo     string
+		fileName string
+	}{
+		{algo: "ecdsa-sha2-nistp256-cert-v01@openssh.com", fileName: "testkeys.pub"},
+		{algo: "ssh-ed25519-cert-v01@openssh.com", fileName: "ed25519_test_key.pub"},
+	}
 
-	_, err := ca.SignCert(pub, signArgs)
-	if err != nil {
-		t.Fatalf("Could not sign cert: %s", err)
+	for _, tc := range tests {
+		ca, _ := NewCA()
+		pubBytes, _ := ioutil.ReadFile(fmt.Sprintf("testfiles/%s", tc.fileName))
+		pub, _ := ParsePublicKey(string(pubBytes))
+		signArgs := NewSigningArguments([]string{"root"})
+
+		c, err := ca.SignCert(pub, signArgs)
+		if err != nil {
+			t.Fatalf("Could not sign cert: %s", err)
+		}
+		if c.Type() != tc.algo {
+			t.Fatalf("Certificate and public key type do not match: %s != %s", c.Type(), tc.algo)
+		}
 	}
 }
 

testfiles/ed25519_test_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf48cHMj3/Vlbq69mHh4vSyRyBnwjWkYlH4BBWegNIa