Add ability to set custom key length

2026-03-13 13:46:10 +00:00 · 2022-02-10 15:05:18 -06:00
parent c25ba7fab9
commit bd83867dcf
2 changed files with 29 additions and 24 deletions
--- a/src/Client.php
+++ b/src/Client.php
@@ -138,6 +138,11 @@ class Client
        $this->init();
    }

+    public function getKeyLength(): int
+    {
+        return $config['key_length'] ?? 4096;
+    }
+
    /**
     * Get an existing order by ID
     *
@@ -195,7 +200,7 @@ class Client
        foreach ($domains as $domain) {
            $identifiers[] =
                [
-                    'type'  => 'dns',
+                    'type' => 'dns',
                    'value' => $domain,
                ];
        }
@@ -316,7 +321,7 @@ class Client
     */
    public function getCertificate(Order $order): Certificate
    {
-        $privateKey = Helper::getNewKey();
+        $privateKey = Helper::getNewKey($this->getKeyLength());
        $csr = Helper::getCsr($order->getDomains(), $privateKey);
        $der = Helper::toDer($csr);

@@ -389,8 +394,8 @@ class Client
    protected function getSelfTestClient()
    {
        return new HttpClient([
-            'verify'          => false,
-            'timeout'         => 10,
+            'verify' => false,
+            'timeout' => 10,
            'connect_timeout' => 3,
            'allow_redirects' => true,
        ]);
@@ -465,9 +470,9 @@ class Client
    protected function getSelfTestDNSClient()
    {
        return new HttpClient([
-            'base_uri'        => 'https://cloudflare-dns.com',
+            'base_uri' => 'https://cloudflare-dns.com',
            'connect_timeout' => 10,
-            'headers'         => [
+            'headers' => [
                'Accept' => 'application/dns-json',
            ],
        ]);
@@ -493,7 +498,7 @@ class Client
    {
        //Make sure a private key is in place
        if ($this->getFilesystem()->has($this->getPath('account.pem')) === false) {
-            $this->getFilesystem()->write($this->getPath('account.pem'), Helper::getNewKey());
+            $this->getFilesystem()->write($this->getPath('account.pem'), Helper::getNewKey($this->getKeyLength()));
        }
        $privateKey = $this->getFilesystem()->read($this->getPath('account.pem'));
        $privateKey = openssl_pkey_get_private($privateKey);
@@ -511,7 +516,7 @@ class Client
            $this->getUrl(self::DIRECTORY_NEW_ACCOUNT),
            $this->signPayloadJWK(
                [
-                    'contact'              => [
+                    'contact' => [
                        'mailto:' . $this->getOption('username'),
                    ],
                    'termsOfServiceAgreed' => true,
@@ -532,9 +537,9 @@ class Client
        $userDirectory = preg_replace('/[^a-z0-9]+/', '-', strtolower($this->getOption('username')));

        return $this->getOption(
-            'basePath',
-            'le'
-        ) . DIRECTORY_SEPARATOR . $userDirectory . ($path === null ? '' : DIRECTORY_SEPARATOR . $path);
+                'basePath',
+                'le'
+            ) . DIRECTORY_SEPARATOR . $userDirectory . ($path === null ? '' : DIRECTORY_SEPARATOR . $path);
    }

    /**
@@ -590,7 +595,7 @@ class Client
    {
        try {
            $response = $this->getHttpClient()->request($method, $url, [
-                'json'    => $payload,
+                'json' => $payload,
                'headers' => [
                    'Content-Type' => 'application/jose+json',
                ]
@@ -650,9 +655,9 @@ class Client
    protected function getJWKHeader(): array
    {
        return [
-            'e'   => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['e']),
+            'e' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['e']),
            'kty' => 'RSA',
-            'n'   => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['n']),
+            'n' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['n']),
        ];
    }

@@ -671,10 +676,10 @@ class Client
            $this->nonce = $response->getHeaderLine('replay-nonce');
        }
        return [
-            'alg'   => 'RS256',
-            'jwk'   => $this->getJWKHeader(),
+            'alg' => 'RS256',
+            'jwk' => $this->getJWKHeader(),
            'nonce' => $this->nonce,
-            'url'   => $url
+            'url' => $url
        ];
    }

@@ -691,10 +696,10 @@ class Client
        $nonce = $response->getHeaderLine('replay-nonce');

        return [
-            "alg"   => "RS256",
-            "kid"   => $this->account->getAccountURL(),
+            "alg" => "RS256",
+            "kid" => $this->account->getAccountURL(),
            "nonce" => $nonce,
-            "url"   => $url
+            "url" => $url
        ];
    }

@@ -720,7 +725,7 @@ class Client

        return [
            'protected' => $protected,
-            'payload'   => $payload,
+            'payload' => $payload,
            'signature' => Helper::toSafeString($signature),
        ];
    }
@@ -746,7 +751,7 @@ class Client

        return [
            'protected' => $protected,
-            'payload'   => $payload,
+            'payload' => $payload,
            'signature' => Helper::toSafeString($signature),
        ];
    }
--- a/src/Helper.php
+++ b/src/Helper.php
@@ -51,11 +51,11 @@ class Helper
     *
     * @return string
     */
-    public static function getNewKey(): string
+    public static function getNewKey(int $keyLength): string
    {

        $key = openssl_pkey_new([
-            'private_key_bits' => 2048,
+            'private_key_bits' => $keyLength,
            'private_key_type' => OPENSSL_KEYTYPE_RSA,
        ]);
        openssl_pkey_export($key, $pem);