Enforce max number of SSH certificate principals (#8376)

* Enforce max number of SSH certificate principals

There is an undocumented limit for the maximum number of valid principals accepted by the openssh tooling, as seen at:
* https://github.com/openssh/openssh-portable/blob/27267642699342412964aa785b98afd69d952c88/sshkey.h#L108
* https://github.com/openssh/openssh-portable/blob/25c8a2bbcc10c493d27faea57c42a6bf13fa51f2/sshkey.c#L1801
* https://github.com/openssh/openssh-portable/blob/6180b0fa4f7996687678702806257e661fd5931e/ssh-keygen.c#L1833

This change enforces that same restriction as currently a SSH certificate can be generated that is invalid against the default sshd server. Consideration might be given for any non openssh servers that accept openssh certificates, if they exist and want to allow a greater number of principals.

Of note, the 256 limit is not found in the spec for SSH certificates as defined at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys. It instead seems to be arbitrarily chosen by the project as some limit was needed.

* Address formatting error.

* Comment on valid_prinicpals size limit plus test added.

---------

Co-authored-by: Jake <jake@vaultish.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/tests/hazmat/primitives/test_ssh.py b/tests/hazmat/primitives/test_ssh.py
index 672e08e08..c9f995b1f 100644
--- a/tests/hazmat/primitives/test_ssh.py
+++ b/tests/hazmat/primitives/test_ssh.py
@@ -1389,6 +1389,10 @@ class TestSSHCertificateBuilder:
             )
         with pytest.raises(TypeError):
             builder.valid_principals([])
+        with pytest.raises(ValueError):
+            builder.valid_principals(
+                [b"test"] * (ssh._SSHKEY_CERT_MAX_PRINCIPALS + 1)
+            )
         builder = builder.valid_principals([b"test"])
         with pytest.raises(ValueError):
             builder.valid_principals([b"test"])