Add optional key length to OpenSSLHelper

src/Client.php

@@ -55,8 +55,8 @@ public function getAccount()
      * @throws exceptions\OrderException
      * @throws exceptions\RequestException
      */
-    public function getOrder($domainInfo, $algorithm, $renew = FALSE)
+    public function getOrder($domainInfo, $algorithm, $renew = FALSE, $bits = 4096)
     {
-        return self::$runtime->getOrder($domainInfo, $algorithm, $renew);
+        return self::$runtime->getOrder($domainInfo, $algorithm, $renew, $bits);
     }
 }

src/Runtime.php

@@ -109,11 +109,11 @@ public function init()
      * @throws exceptions\OrderException
      * @throws exceptions\RequestException
      */
-    public function getOrder($domainInfo, $algorithm, $renew)
+    public function getOrder($domainInfo, $algorithm, $renew, $bits = 4096)
     {
         if (!$this->order)
         {
-            $this->order = new OrderService($domainInfo, $algorithm, $renew);
+            $this->order = new OrderService($domainInfo, $algorithm, $renew, $bits);
         }
 
         return $this->order;

src/constants/CommonConstant.php

@@ -57,4 +57,28 @@ class CommonConstant
      * @var int
      */
     const CHALLENGE_TYPE_DNS = 'dns-01';
+
+    /**
+     * Order status: pending
+     * @var string
+     */
+    const ORDER_STATUS_PENDING = 'pending';
+
+    /**
+     * Order status: ready
+     * @var string
+     */
+    const ORDER_STATUS_READY = 'ready';
+
+    /**
+     * Order status: valid
+     * @var string
+     */
+    const ORDER_STATUS_VALID = 'valid';
+
+    /**
+     * Order status: processing
+     * @var string
+     */
+    const ORDER_STATUS_PROCESSING = 'processing';
 }

src/helpers/OpenSSLHelper.php

@@ -46,12 +46,12 @@ public static function generateECKeyPair()
      * @return array
      * @throws OpenSSLException
      */
-    public static function generateKeyPair($type)
+    public static function generateKeyPair($type, $bits = 4096)
     {
         $configMap = [
             CommonConstant::KEY_PAIR_TYPE_RSA => [
                 'private_key_type' => OPENSSL_KEYTYPE_RSA,
-                'private_key_bits' => 4096,
+                'private_key_bits' => $bits,
             ],
 
             CommonConstant::KEY_PAIR_TYPE_EC => [
@@ -99,7 +99,7 @@ public static function generateKeyPair($type)
      * @param string $privateKey
      * @return mixed
      */
-    public static function generateCSR($domainList, $dn, $privateKey)
+    public static function generateCSR($domainList, $dn, $privateKey, $bits = 4096)
     {
         $san = array_map(
             function($domain) {
@@ -116,7 +116,7 @@ function($domain) {
             HOME = .
             RANDFILE = \$ENV::HOME/.rnd
             [ req ]
-            default_bits = 4096
+            default_bits = ".$bits."
             default_keyfile = privkey.pem
             distinguished_name = req_distinguished_name
             req_extensions = v3_req
@@ -138,6 +138,7 @@ function($domain) {
             [
                 'config' => $opensslConfigFilePath,
                 'digest_alg' => 'sha256',
+                'private_key_bits' => (int)$bits,
             ]
         );
 

src/services/OrderService.php

@@ -131,20 +131,25 @@ class OrderService
      */
     private $_orderInfoPath;
 
+    /**
+     * Key length in bits. Default value is 4096
+     * @var int
+     */
+    private $_bits;
+
     /**
      * OrderService constructor.
      * @param array $domainInfo
      * @param string $algorithm
      * @param bool $renew
+     * @param int $bits
      * @throws OrderException
-     * @throws \stonemax\acme2\exceptions\AccountException
-     * @throws \stonemax\acme2\exceptions\NonceException
-     * @throws \stonemax\acme2\exceptions\RequestException
      */
-    public function __construct($domainInfo, $algorithm, $renew = FALSE)
+    public function __construct($domainInfo, $algorithm, $renew = FALSE, $bits = 4096)
     {
         $this->_algorithm = $algorithm;
         $this->_renew = boolval($renew);
+        $this->_bits = $bits;
 
         if ($this->_algorithm == CommonConstant::KEY_PAIR_TYPE_EC && version_compare(PHP_VERSION, '7.1.0') == -1)
         {
@@ -374,7 +379,7 @@ public function getCertificateFile($csr = NULL)
             throw new OrderException("There are still some authorizations that are not valid.");
         }
 
-        if ($this->status == 'pending')
+        if ($this->status == CommonConstant::ORDER_STATUS_PENDING || $this->status == CommonConstant::ORDER_STATUS_READY)
         {
             if (!$csr)
             {
@@ -384,7 +389,7 @@ public function getCertificateFile($csr = NULL)
             $this->finalizeOrder(CommonHelper::getCSRWithoutComment($csr));
         }
 
-        while ($this->status != 'valid')
+        while ($this->status != CommonConstant::ORDER_STATUS_VALID)
         {
             sleep(3);
 
@@ -433,7 +438,7 @@ public function getCertificateFile($csr = NULL)
      */
     public function revokeCertificate($reason = 0)
     {
-        if ($this->status != 'valid')
+        if ($this->status != CommonConstant::ORDER_STATUS_VALID)
         {
             throw new OrderException("Revoke certificate failed because of invalid status({$this->status})");
         }
@@ -488,7 +493,7 @@ public function isAllAuthorizationValid()
      */
     public function isOrderFinalized()
     {
-        return ($this->status == 'processing' || $this->status == 'valid');
+        return ($this->status == CommonConstant::ORDER_STATUS_PROCESSING || $this->status == CommonConstant::ORDER_STATUS_VALID);
     }
 
     /**
@@ -537,7 +542,7 @@ private function getAuthorizationList()
      * Get csr info, if the csr doesn't exist then create it
      * @return bool|string
      */
-    private function getCSR()
+    public function getCSR()
     {
         if (!is_file($this->_csrPath))
         {
@@ -562,7 +567,8 @@ function($identifier) {
         $csr = OpenSSLHelper::generateCSR(
             $domainList,
             ['commonName' => CommonHelper::getCommonNameForCSR($domainList)],
-            $this->getPrivateKey()
+            $this->getPrivateKey(),
+            $this->_bits
         );
 
         file_put_contents($this->_csrPath, $csr);
@@ -591,7 +597,7 @@ private function getPrivateKey()
      */
     private function createKeyPairFile()
     {
-        $keyPair = OpenSSLHelper::generateKeyPair($this->_algorithm);
+        $keyPair = OpenSSLHelper::generateKeyPair($this->_algorithm, $this->_bits);
 
         $result = file_put_contents($this->_privateKeyPath, $keyPair['privateKey'])
             && file_put_contents($this->_publicKeyPath, $keyPair['publicKey']);