mirror of
https://github.com/anikeen-com/yaac.git
synced 2026-03-18 16:16:08 +00:00
Add ability to set custom key length
This commit is contained in:
Rob Desilets
@@ -138,6 +138,11 @@ class Client
|
|||||||
$this->init();
|
$this->init();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getKeyLength(): int
|
||||||
|
{
|
||||||
|
return $config['key_length'] ?? 4096;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get an existing order by ID
|
* Get an existing order by ID
|
||||||
*
|
*
|
||||||
@@ -195,7 +200,7 @@ class Client
|
|||||||
foreach ($domains as $domain) {
|
foreach ($domains as $domain) {
|
||||||
$identifiers[] =
|
$identifiers[] =
|
||||||
[
|
[
|
||||||
'type' => 'dns',
|
'type' => 'dns',
|
||||||
'value' => $domain,
|
'value' => $domain,
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
@@ -316,7 +321,7 @@ class Client
|
|||||||
*/
|
*/
|
||||||
public function getCertificate(Order $order): Certificate
|
public function getCertificate(Order $order): Certificate
|
||||||
{
|
{
|
||||||
$privateKey = Helper::getNewKey();
|
$privateKey = Helper::getNewKey($this->getKeyLength());
|
||||||
$csr = Helper::getCsr($order->getDomains(), $privateKey);
|
$csr = Helper::getCsr($order->getDomains(), $privateKey);
|
||||||
$der = Helper::toDer($csr);
|
$der = Helper::toDer($csr);
|
||||||
|
|
||||||
@@ -389,8 +394,8 @@ class Client
|
|||||||
protected function getSelfTestClient()
|
protected function getSelfTestClient()
|
||||||
{
|
{
|
||||||
return new HttpClient([
|
return new HttpClient([
|
||||||
'verify' => false,
|
'verify' => false,
|
||||||
'timeout' => 10,
|
'timeout' => 10,
|
||||||
'connect_timeout' => 3,
|
'connect_timeout' => 3,
|
||||||
'allow_redirects' => true,
|
'allow_redirects' => true,
|
||||||
]);
|
]);
|
||||||
@@ -465,9 +470,9 @@ class Client
|
|||||||
protected function getSelfTestDNSClient()
|
protected function getSelfTestDNSClient()
|
||||||
{
|
{
|
||||||
return new HttpClient([
|
return new HttpClient([
|
||||||
'base_uri' => 'https://cloudflare-dns.com',
|
'base_uri' => 'https://cloudflare-dns.com',
|
||||||
'connect_timeout' => 10,
|
'connect_timeout' => 10,
|
||||||
'headers' => [
|
'headers' => [
|
||||||
'Accept' => 'application/dns-json',
|
'Accept' => 'application/dns-json',
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
@@ -493,7 +498,7 @@ class Client
|
|||||||
{
|
{
|
||||||
//Make sure a private key is in place
|
//Make sure a private key is in place
|
||||||
if ($this->getFilesystem()->has($this->getPath('account.pem')) === false) {
|
if ($this->getFilesystem()->has($this->getPath('account.pem')) === false) {
|
||||||
$this->getFilesystem()->write($this->getPath('account.pem'), Helper::getNewKey());
|
$this->getFilesystem()->write($this->getPath('account.pem'), Helper::getNewKey($this->getKeyLength()));
|
||||||
}
|
}
|
||||||
$privateKey = $this->getFilesystem()->read($this->getPath('account.pem'));
|
$privateKey = $this->getFilesystem()->read($this->getPath('account.pem'));
|
||||||
$privateKey = openssl_pkey_get_private($privateKey);
|
$privateKey = openssl_pkey_get_private($privateKey);
|
||||||
@@ -511,7 +516,7 @@ class Client
|
|||||||
$this->getUrl(self::DIRECTORY_NEW_ACCOUNT),
|
$this->getUrl(self::DIRECTORY_NEW_ACCOUNT),
|
||||||
$this->signPayloadJWK(
|
$this->signPayloadJWK(
|
||||||
[
|
[
|
||||||
'contact' => [
|
'contact' => [
|
||||||
'mailto:' . $this->getOption('username'),
|
'mailto:' . $this->getOption('username'),
|
||||||
],
|
],
|
||||||
'termsOfServiceAgreed' => true,
|
'termsOfServiceAgreed' => true,
|
||||||
@@ -532,9 +537,9 @@ class Client
|
|||||||
$userDirectory = preg_replace('/[^a-z0-9]+/', '-', strtolower($this->getOption('username')));
|
$userDirectory = preg_replace('/[^a-z0-9]+/', '-', strtolower($this->getOption('username')));
|
||||||
|
|
||||||
return $this->getOption(
|
return $this->getOption(
|
||||||
'basePath',
|
'basePath',
|
||||||
'le'
|
'le'
|
||||||
) . DIRECTORY_SEPARATOR . $userDirectory . ($path === null ? '' : DIRECTORY_SEPARATOR . $path);
|
) . DIRECTORY_SEPARATOR . $userDirectory . ($path === null ? '' : DIRECTORY_SEPARATOR . $path);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -590,7 +595,7 @@ class Client
|
|||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
$response = $this->getHttpClient()->request($method, $url, [
|
$response = $this->getHttpClient()->request($method, $url, [
|
||||||
'json' => $payload,
|
'json' => $payload,
|
||||||
'headers' => [
|
'headers' => [
|
||||||
'Content-Type' => 'application/jose+json',
|
'Content-Type' => 'application/jose+json',
|
||||||
]
|
]
|
||||||
@@ -650,9 +655,9 @@ class Client
|
|||||||
protected function getJWKHeader(): array
|
protected function getJWKHeader(): array
|
||||||
{
|
{
|
||||||
return [
|
return [
|
||||||
'e' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['e']),
|
'e' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['e']),
|
||||||
'kty' => 'RSA',
|
'kty' => 'RSA',
|
||||||
'n' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['n']),
|
'n' => Helper::toSafeString(Helper::getKeyDetails($this->getAccountKey())['rsa']['n']),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -671,10 +676,10 @@ class Client
|
|||||||
$this->nonce = $response->getHeaderLine('replay-nonce');
|
$this->nonce = $response->getHeaderLine('replay-nonce');
|
||||||
}
|
}
|
||||||
return [
|
return [
|
||||||
'alg' => 'RS256',
|
'alg' => 'RS256',
|
||||||
'jwk' => $this->getJWKHeader(),
|
'jwk' => $this->getJWKHeader(),
|
||||||
'nonce' => $this->nonce,
|
'nonce' => $this->nonce,
|
||||||
'url' => $url
|
'url' => $url
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -691,10 +696,10 @@ class Client
|
|||||||
$nonce = $response->getHeaderLine('replay-nonce');
|
$nonce = $response->getHeaderLine('replay-nonce');
|
||||||
|
|
||||||
return [
|
return [
|
||||||
"alg" => "RS256",
|
"alg" => "RS256",
|
||||||
"kid" => $this->account->getAccountURL(),
|
"kid" => $this->account->getAccountURL(),
|
||||||
"nonce" => $nonce,
|
"nonce" => $nonce,
|
||||||
"url" => $url
|
"url" => $url
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -720,7 +725,7 @@ class Client
|
|||||||
|
|
||||||
return [
|
return [
|
||||||
'protected' => $protected,
|
'protected' => $protected,
|
||||||
'payload' => $payload,
|
'payload' => $payload,
|
||||||
'signature' => Helper::toSafeString($signature),
|
'signature' => Helper::toSafeString($signature),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
@@ -746,7 +751,7 @@ class Client
|
|||||||
|
|
||||||
return [
|
return [
|
||||||
'protected' => $protected,
|
'protected' => $protected,
|
||||||
'payload' => $payload,
|
'payload' => $payload,
|
||||||
'signature' => Helper::toSafeString($signature),
|
'signature' => Helper::toSafeString($signature),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -51,11 +51,11 @@ class Helper
|
|||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
public static function getNewKey(): string
|
public static function getNewKey(int $keyLength): string
|
||||||
{
|
{
|
||||||
|
|
||||||
$key = openssl_pkey_new([
|
$key = openssl_pkey_new([
|
||||||
'private_key_bits' => 2048,
|
'private_key_bits' => $keyLength,
|
||||||
'private_key_type' => OPENSSL_KEYTYPE_RSA,
|
'private_key_type' => OPENSSL_KEYTYPE_RSA,
|
||||||
]);
|
]);
|
||||||
openssl_pkey_export($key, $pem);
|
openssl_pkey_export($key, $pem);
|
||||||
|
|||||||
Reference in New Issue
Block a user