diff --git a/src/Client.php b/src/Client.php index ab9407f..44dcd1d 100644 --- a/src/Client.php +++ b/src/Client.php @@ -55,8 +55,8 @@ public function getAccount() * @throws exceptions\OrderException * @throws exceptions\RequestException */ - public function getOrder($domainInfo, $algorithm, $renew = FALSE) + public function getOrder($domainInfo, $algorithm, $renew = FALSE, $bits = 4096) { - return self::$runtime->getOrder($domainInfo, $algorithm, $renew); + return self::$runtime->getOrder($domainInfo, $algorithm, $renew, $bits); } } diff --git a/src/Runtime.php b/src/Runtime.php index 748ab6d..6505394 100644 --- a/src/Runtime.php +++ b/src/Runtime.php @@ -109,11 +109,11 @@ public function init() * @throws exceptions\OrderException * @throws exceptions\RequestException */ - public function getOrder($domainInfo, $algorithm, $renew) + public function getOrder($domainInfo, $algorithm, $renew, $bits = 4096) { if (!$this->order) { - $this->order = new OrderService($domainInfo, $algorithm, $renew); + $this->order = new OrderService($domainInfo, $algorithm, $renew, $bits); } return $this->order; diff --git a/src/constants/CommonConstant.php b/src/constants/CommonConstant.php index 7d65574..fa9d2b3 100644 --- a/src/constants/CommonConstant.php +++ b/src/constants/CommonConstant.php @@ -57,4 +57,28 @@ class CommonConstant * @var int */ const CHALLENGE_TYPE_DNS = 'dns-01'; + + /** + * Order status: pending + * @var string + */ + const ORDER_STATUS_PENDING = 'pending'; + + /** + * Order status: ready + * @var string + */ + const ORDER_STATUS_READY = 'ready'; + + /** + * Order status: valid + * @var string + */ + const ORDER_STATUS_VALID = 'valid'; + + /** + * Order status: processing + * @var string + */ + const ORDER_STATUS_PROCESSING = 'processing'; } diff --git a/src/helpers/OpenSSLHelper.php b/src/helpers/OpenSSLHelper.php index 49d89f9..4bc08ce 100644 --- a/src/helpers/OpenSSLHelper.php +++ b/src/helpers/OpenSSLHelper.php @@ -46,12 +46,12 @@ public static function generateECKeyPair() * @return array * @throws OpenSSLException */ - public static function generateKeyPair($type) + public static function generateKeyPair($type, $bits = 4096) { $configMap = [ CommonConstant::KEY_PAIR_TYPE_RSA => [ 'private_key_type' => OPENSSL_KEYTYPE_RSA, - 'private_key_bits' => 4096, + 'private_key_bits' => $bits, ], CommonConstant::KEY_PAIR_TYPE_EC => [ @@ -99,7 +99,7 @@ public static function generateKeyPair($type) * @param string $privateKey * @return mixed */ - public static function generateCSR($domainList, $dn, $privateKey) + public static function generateCSR($domainList, $dn, $privateKey, $bits = 4096) { $san = array_map( function($domain) { @@ -116,7 +116,7 @@ function($domain) { HOME = . RANDFILE = \$ENV::HOME/.rnd [ req ] - default_bits = 4096 + default_bits = ".$bits." default_keyfile = privkey.pem distinguished_name = req_distinguished_name req_extensions = v3_req @@ -138,6 +138,7 @@ function($domain) { [ 'config' => $opensslConfigFilePath, 'digest_alg' => 'sha256', + 'private_key_bits' => (int)$bits, ] ); diff --git a/src/services/OrderService.php b/src/services/OrderService.php index 39c6371..096d3a3 100644 --- a/src/services/OrderService.php +++ b/src/services/OrderService.php @@ -131,20 +131,25 @@ class OrderService */ private $_orderInfoPath; + /** + * Key length in bits. Default value is 4096 + * @var int + */ + private $_bits; + /** * OrderService constructor. * @param array $domainInfo * @param string $algorithm * @param bool $renew + * @param int $bits * @throws OrderException - * @throws \stonemax\acme2\exceptions\AccountException - * @throws \stonemax\acme2\exceptions\NonceException - * @throws \stonemax\acme2\exceptions\RequestException */ - public function __construct($domainInfo, $algorithm, $renew = FALSE) + public function __construct($domainInfo, $algorithm, $renew = FALSE, $bits = 4096) { $this->_algorithm = $algorithm; $this->_renew = boolval($renew); + $this->_bits = $bits; if ($this->_algorithm == CommonConstant::KEY_PAIR_TYPE_EC && version_compare(PHP_VERSION, '7.1.0') == -1) { @@ -374,7 +379,7 @@ public function getCertificateFile($csr = NULL) throw new OrderException("There are still some authorizations that are not valid."); } - if ($this->status == 'pending') + if ($this->status == CommonConstant::ORDER_STATUS_PENDING || $this->status == CommonConstant::ORDER_STATUS_READY) { if (!$csr) { @@ -384,7 +389,7 @@ public function getCertificateFile($csr = NULL) $this->finalizeOrder(CommonHelper::getCSRWithoutComment($csr)); } - while ($this->status != 'valid') + while ($this->status != CommonConstant::ORDER_STATUS_VALID) { sleep(3); @@ -433,7 +438,7 @@ public function getCertificateFile($csr = NULL) */ public function revokeCertificate($reason = 0) { - if ($this->status != 'valid') + if ($this->status != CommonConstant::ORDER_STATUS_VALID) { throw new OrderException("Revoke certificate failed because of invalid status({$this->status})"); } @@ -488,7 +493,7 @@ public function isAllAuthorizationValid() */ public function isOrderFinalized() { - return ($this->status == 'processing' || $this->status == 'valid'); + return ($this->status == CommonConstant::ORDER_STATUS_PROCESSING || $this->status == CommonConstant::ORDER_STATUS_VALID); } /** @@ -537,7 +542,7 @@ private function getAuthorizationList() * Get csr info, if the csr doesn't exist then create it * @return bool|string */ - private function getCSR() + public function getCSR() { if (!is_file($this->_csrPath)) { @@ -562,7 +567,8 @@ function($identifier) { $csr = OpenSSLHelper::generateCSR( $domainList, ['commonName' => CommonHelper::getCommonNameForCSR($domainList)], - $this->getPrivateKey() + $this->getPrivateKey(), + $this->_bits ); file_put_contents($this->_csrPath, $csr); @@ -591,7 +597,7 @@ private function getPrivateKey() */ private function createKeyPairFile() { - $keyPair = OpenSSLHelper::generateKeyPair($this->_algorithm); + $keyPair = OpenSSLHelper::generateKeyPair($this->_algorithm, $this->_bits); $result = file_put_contents($this->_privateKeyPath, $keyPair['privateKey']) && file_put_contents($this->_publicKeyPath, $keyPair['publicKey']);