Add optional configuration for key length.

src/Client.php

@@ -49,14 +49,15 @@ public function getAccount()
      * @param array $domainInfo
      * @param string $algorithm
      * @param bool $renew
+     * @param int $bits
      * @return services\OrderService
      * @throws exceptions\AccountException
      * @throws exceptions\NonceException
      * @throws exceptions\OrderException
      * @throws exceptions\RequestException
      */
-    public function getOrder($domainInfo, $algorithm, $renew = FALSE)
+    public function getOrder($domainInfo, $algorithm, $renew = FALSE, $bits = 2048)
     {
-        return self::$runtime->getOrder($domainInfo, $algorithm, $renew);
+        return self::$runtime->getOrder($domainInfo, $algorithm, $renew, $bits);
     }
 }

src/Runtime.php

@@ -103,17 +103,18 @@ public function init()
      * @param array $domainInfo
      * @param string $algorithm
      * @param bool $renew
+     * @param int $bits
      * @return OrderService
      * @throws exceptions\AccountException
      * @throws exceptions\NonceException
      * @throws exceptions\OrderException
      * @throws exceptions\RequestException
      */
-    public function getOrder($domainInfo, $algorithm, $renew)
+    public function getOrder($domainInfo, $algorithm, $renew, $bits = 2048)
     {
         if (!$this->order)
         {
-            $this->order = new OrderService($domainInfo, $algorithm, $renew);
+            $this->order = new OrderService($domainInfo, $algorithm, $renew, $bits);
         }
 
         return $this->order;

src/helpers/OpenSSLHelper.php

@@ -46,12 +46,12 @@ public static function generateECKeyPair()
      * @return array
      * @throws OpenSSLException
      */
-    public static function generateKeyPair($type)
+    public static function generateKeyPair($type, $bits = 2048)
     {
         $configMap = [
             CommonConstant::KEY_PAIR_TYPE_RSA => [
                 'private_key_type' => OPENSSL_KEYTYPE_RSA,
-                'private_key_bits' => 4096,
+                'private_key_bits' => $bits,
             ],
 
             CommonConstant::KEY_PAIR_TYPE_EC => [
@@ -99,7 +99,7 @@ public static function generateKeyPair($type)
      * @param string $privateKey
      * @return mixed
      */
-    public static function generateCSR($domainList, $dn, $privateKey)
+    public static function generateCSR($domainList, $dn, $privateKey, $bits = 2048)
     {
         $san = array_map(
             function($domain) {
@@ -116,7 +116,7 @@ function($domain) {
             HOME = .
             RANDFILE = \$ENV::HOME/.rnd
             [ req ]
-            default_bits = 4096
+            default_bits = ".$bits."
             default_keyfile = privkey.pem
             distinguished_name = req_distinguished_name
             req_extensions = v3_req
@@ -138,6 +138,7 @@ function($domain) {
             [
                 'config' => $opensslConfigFilePath,
                 'digest_alg' => 'sha256',
+                'private_key_bits' => (int)$bits,
             ]
         );
 

src/services/OrderService.php

@@ -131,20 +131,28 @@ class OrderService
      */
     private $_orderInfoPath;
 
+    /**
+     * Key length in bits. Default value is 2048
+     * @var int
+     */
+    private $_bits;
+
     /**
      * OrderService constructor.
      * @param array $domainInfo
      * @param string $algorithm
      * @param bool $renew
+     * @param int $bits
      * @throws OrderException
      * @throws \stonemax\acme2\exceptions\AccountException
      * @throws \stonemax\acme2\exceptions\NonceException
      * @throws \stonemax\acme2\exceptions\RequestException
      */
-    public function __construct($domainInfo, $algorithm, $renew = FALSE)
+    public function __construct($domainInfo, $algorithm, $renew = FALSE, $bits = 2048)
     {
         $this->_algorithm = $algorithm;
         $this->_renew = boolval($renew);
+        $this->_bits = $bits;
 
         if ($this->_algorithm == CommonConstant::KEY_PAIR_TYPE_EC && version_compare(PHP_VERSION, '7.1.0') == -1)
         {
@@ -579,7 +587,8 @@ function($identifier) {
         $csr = OpenSSLHelper::generateCSR(
             $domainList,
             ['commonName' => CommonHelper::getCommonNameForCSR($domainList)],
-            $this->getPrivateKey()
+            $this->getPrivateKey(),
+            $this->_bits
         );
 
         file_put_contents($this->_csrPath, $csr);
@@ -608,7 +617,7 @@ private function getPrivateKey()
      */
     private function createKeyPairFile()
     {
-        $keyPair = OpenSSLHelper::generateKeyPair($this->_algorithm);
+        $keyPair = OpenSSLHelper::generateKeyPair($this->_algorithm, $this->_bits);
 
         $result = file_put_contents($this->_privateKeyPath, $keyPair['privateKey'])
             && file_put_contents($this->_publicKeyPath, $keyPair['publicKey']);