From bd83867dcf0f6d6fb696718784d75184f4e88385 Mon Sep 17 00:00:00 2001 From: Rob Desilets Date: Thu, 10 Feb 2022 15:05:18 -0600 Subject: [PATCH] Add ability to set custom key length --- src/Client.php | 49 +++++++++++++++++++++++++++---------------------- src/Helper.php | 4 ++-- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/src/Client.php b/src/Client.php index c422732..0942c62 100644 --- a/src/Client.php +++ b/src/Client.php @@ -138,6 +138,11 @@ class Client $this->init(); } + public function getKeyLength(): int + { + return $config['key_length'] ?? 4096; + } + /** * Get an existing order by ID * @@ -195,7 +200,7 @@ class Client foreach ($domains as $domain) { $identifiers[] = [ - 'type' => 'dns', + 'type' => 'dns', 'value' => $domain, ]; } @@ -316,7 +321,7 @@ class Client */ public function getCertificate(Order $order): Certificate { - $privateKey = Helper::getNewKey(); + $privateKey = Helper::getNewKey($this->getKeyLength()); $csr = Helper::getCsr($order->getDomains(), $privateKey); $der = Helper::toDer($csr); @@ -389,8 +394,8 @@ class Client protected function getSelfTestClient() { return new HttpClient([ - 'verify' => false, - 'timeout' => 10, + 'verify' => false, + 'timeout' => 10, 'connect_timeout' => 3, 'allow_redirects' => true, ]); @@ -465,9 +470,9 @@ class Client protected function getSelfTestDNSClient() { return new HttpClient([ - 'base_uri' => 'https://cloudflare-dns.com', + 'base_uri' => 'https://cloudflare-dns.com', 'connect_timeout' => 10, - 'headers' => [ + 'headers' => [ 'Accept' => 'application/dns-json', ], ]); @@ -493,7 +498,7 @@ class Client { //Make sure a private key is in place if ($this->getFilesystem()->has($this->getPath('account.pem')) === false) { - $this->getFilesystem()->write($this->getPath('account.pem'), Helper::getNewKey()); + $this->getFilesystem()->write($this->getPath('account.pem'), Helper::getNewKey($this->getKeyLength())); } $privateKey = $this->getFilesystem()->read($this->getPath('account.pem')); $privateKey = openssl_pkey_get_private($privateKey); @@ -511,7 +516,7 @@ class Client $this->getUrl(self::DIRECTORY_NEW_ACCOUNT), $this->signPayloadJWK( [ - 'contact' => [ + 'contact' => [ 'mailto:' . $this->getOption('username'), ], 'termsOfServiceAgreed' => true, @@ -532,9 +537,9 @@ class Client $userDirectory = preg_replace('/[^a-z0-9]+/', '-', strtolower($this->getOption('username'))); return $this->getOption( - 'basePath', - 'le' - ) . DIRECTORY_SEPARATOR . $userDirectory . ($path === null ? '' : DIRECTORY_SEPARATOR . $path); + 'basePath', + 'le' + ) . DIRECTORY_SEPARATOR . $userDirectory . ($path === null ? '' : DIRECTORY_SEPARATOR . $path); } /** @@ -590,7 +595,7 @@ class Client { try { $response = $this->getHttpClient()->request($method, $url, [ - 'json' => $payload, + 'json' => $payload, 'headers' => [ 'Content-Type' => 'application/jose+json', ] @@ -650,9 +655,9 @@ class Client protected function getJWKHeader(): array { return [ - 'e' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['e']), + 'e' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['e']), 'kty' => 'RSA', - 'n' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['n']), + 'n' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['n']), ]; } @@ -671,10 +676,10 @@ class Client $this->nonce = $response->getHeaderLine('replay-nonce'); } return [ - 'alg' => 'RS256', - 'jwk' => $this->getJWKHeader(), + 'alg' => 'RS256', + 'jwk' => $this->getJWKHeader(), 'nonce' => $this->nonce, - 'url' => $url + 'url' => $url ]; } @@ -691,10 +696,10 @@ class Client $nonce = $response->getHeaderLine('replay-nonce'); return [ - "alg" => "RS256", - "kid" => $this->account->getAccountURL(), + "alg" => "RS256", + "kid" => $this->account->getAccountURL(), "nonce" => $nonce, - "url" => $url + "url" => $url ]; } @@ -720,7 +725,7 @@ class Client return [ 'protected' => $protected, - 'payload' => $payload, + 'payload' => $payload, 'signature' => Helper::toSafeString($signature), ]; } @@ -746,7 +751,7 @@ class Client return [ 'protected' => $protected, - 'payload' => $payload, + 'payload' => $payload, 'signature' => Helper::toSafeString($signature), ]; } diff --git a/src/Helper.php b/src/Helper.php index 81166b5..eb5f821 100644 --- a/src/Helper.php +++ b/src/Helper.php @@ -51,11 +51,11 @@ class Helper * * @return string */ - public static function getNewKey(): string + public static function getNewKey(int $keyLength): string { $key = openssl_pkey_new([ - 'private_key_bits' => 2048, + 'private_key_bits' => $keyLength, 'private_key_type' => OPENSSL_KEYTYPE_RSA, ]); openssl_pkey_export($key, $pem);