Allow other key types in the configuration

kokizzu · Feb 9, 2023 · 8257b47 · 8257b47
1 parent 8473eac
commit 8257b47
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 10 deletions.
diff --git a/client.go b/client.go
@@ -32,7 +32,7 @@ func createClient(u SSLUser, dnsServers []string) (lego.Client, error) {
 	// create lego config
 	config := lego.NewConfig(&u)
 	config.CADirURL = c.DirectoryURL
-	config.Certificate.KeyType = certcrypto.RSA4096
+	config.Certificate.KeyType = certcrypto.KeyType(c.KeyType)
 
 	// Create a new client instance
 	client, err := lego.NewClient(config)

diff --git a/config.go b/config.go
@@ -15,18 +15,36 @@ import (
 	"time"
 )
 
+type KeyType string
+
+const (
+	EC256   = "P256"
+	EC384   = "P384"
+	RSA2048 = "2048"
+	RSA4096 = "4096"
+	RSA8192 = "8192"
+)
+
 var (
 	c *Config
 
-	errNoDirectoryURL = errors.New("simplecert: no directory url specified in config")
-	errNoMail         = errors.New("simplecert: no SSLEmail in config in config")
-	errNoDomains      = errors.New("simplecert: no domains specified in config")
-	errNoChallenge    = errors.New("simplecert: no challenge method specified in config")
-	errNoCacheDir     = errors.New("simplecert: no cache directory specified in config")
-
-	errNoRenewBefore   = errors.New("simplecert: no renew before value set in config")
-	errNoCheckInterval = errors.New("simplecert: no check interval set in config")
-	errNoCacheDirPerm  = errors.New("simplecert: no cache directory permission specified in config")
+	errNoDirectoryURL     = errors.New("simplecert: no directory url specified in config")
+	errNoMail             = errors.New("simplecert: no SSLEmail in config in config")
+	errNoDomains          = errors.New("simplecert: no domains specified in config")
+	errNoChallenge        = errors.New("simplecert: no challenge method specified in config")
+	errNoCacheDir         = errors.New("simplecert: no cache directory specified in config")
+	errNoRenewBefore      = errors.New("simplecert: no renew before value set in config")
+	errNoCheckInterval    = errors.New("simplecert: no check interval set in config")
+	errNoCacheDirPerm     = errors.New("simplecert: no cache directory permission specified in config")
+	errUnsupportedKeyType = errors.New("simplecert: unsupported key type specified in config")
+
+	supportedKeyTypes = map[string]bool{
+		EC256:   true,
+		EC384:   true,
+		RSA2048: true,
+		RSA4096: true,
+		RSA8192: true,
+	}
 )
 
 // Default contains a default configuration
@@ -46,6 +64,7 @@ var Default = &Config{
 	Local:         false,
 	UpdateHosts:   true,
 	DNSServers:    []string{},
+	KeyType:       RSA2048,
 }
 
 // Config allows configuration of simplecert
@@ -92,6 +111,9 @@ type Config struct {
 	// UpdateHosts adds the domains to /etc/hosts if running in local mode
 	UpdateHosts bool
 
+	// KeyType represents the key algorithm as well as the key size or curve to use.
+	KeyType string
+
 	// Handler funcs for graceful service shutdown and restoring
 	WillRenewCertificate     func()
 	DidRenewCertificate      func()
@@ -132,6 +154,10 @@ func CheckConfig(c *Config) error {
 		return errNoCacheDirPerm
 	}
 
+	if !supportedKeyTypes[c.KeyType] {
+		return errUnsupportedKeyType
+	}
+
 	if c.WillRenewCertificate == nil && (c.HTTPAddress != "" || c.TLSAddress != "") {
 		log.Println("[WARNING] no WillRenewCertificate handler specified, to handle graceful server shutdown!")
 	}