Merge pull request #22 from JDLK7/feat/key-types

Allow other key types
2026-06-28 13:50:07 +00:00 · 2023-02-10 10:51:14 +01:00
parent 8473eac28d 8257b4754a
commit 9db448f322
2 changed files with 35 additions and 9 deletions
--- a/client.go
+++ b/client.go
@@ -32,7 +32,7 @@ func createClient(u SSLUser, dnsServers []string) (lego.Client, error) {
 	// create lego config
 	config := lego.NewConfig(&u)
 	config.CADirURL = c.DirectoryURL
-	config.Certificate.KeyType = certcrypto.RSA4096
+	config.Certificate.KeyType = certcrypto.KeyType(c.KeyType)

 	// Create a new client instance
 	client, err := lego.NewClient(config)
--- a/config.go
+++ b/config.go
@@ -15,18 +15,36 @@ import (
 	"time"
 )

+type KeyType string
+
+const (
+	EC256   = "P256"
+	EC384   = "P384"
+	RSA2048 = "2048"
+	RSA4096 = "4096"
+	RSA8192 = "8192"
+)
+
 var (
 	c *Config

-	errNoDirectoryURL = errors.New("simplecert: no directory url specified in config")
-	errNoMail         = errors.New("simplecert: no SSLEmail in config in config")
-	errNoDomains      = errors.New("simplecert: no domains specified in config")
-	errNoChallenge    = errors.New("simplecert: no challenge method specified in config")
-	errNoCacheDir     = errors.New("simplecert: no cache directory specified in config")
+	errNoDirectoryURL     = errors.New("simplecert: no directory url specified in config")
+	errNoMail             = errors.New("simplecert: no SSLEmail in config in config")
+	errNoDomains          = errors.New("simplecert: no domains specified in config")
+	errNoChallenge        = errors.New("simplecert: no challenge method specified in config")
+	errNoCacheDir         = errors.New("simplecert: no cache directory specified in config")
+	errNoRenewBefore      = errors.New("simplecert: no renew before value set in config")
+	errNoCheckInterval    = errors.New("simplecert: no check interval set in config")
+	errNoCacheDirPerm     = errors.New("simplecert: no cache directory permission specified in config")
+	errUnsupportedKeyType = errors.New("simplecert: unsupported key type specified in config")

-	errNoRenewBefore   = errors.New("simplecert: no renew before value set in config")
-	errNoCheckInterval = errors.New("simplecert: no check interval set in config")
-	errNoCacheDirPerm  = errors.New("simplecert: no cache directory permission specified in config")
+	supportedKeyTypes = map[string]bool{
+		EC256:   true,
+		EC384:   true,
+		RSA2048: true,
+		RSA4096: true,
+		RSA8192: true,
+	}
 )

 // Default contains a default configuration
@@ -46,6 +64,7 @@ var Default = &Config{
 	Local:         false,
 	UpdateHosts:   true,
 	DNSServers:    []string{},
+	KeyType:       RSA2048,
 }

 // Config allows configuration of simplecert
@@ -92,6 +111,9 @@ type Config struct {
 	// UpdateHosts adds the domains to /etc/hosts if running in local mode
 	UpdateHosts bool

+	// KeyType represents the key algorithm as well as the key size or curve to use.
+	KeyType string
+
 	// Handler funcs for graceful service shutdown and restoring
 	WillRenewCertificate     func()
 	DidRenewCertificate      func()
@@ -132,6 +154,10 @@ func CheckConfig(c *Config) error {
 		return errNoCacheDirPerm
 	}

+	if !supportedKeyTypes[c.KeyType] {
+		return errUnsupportedKeyType
+	}
+
 	if c.WillRenewCertificate == nil && (c.HTTPAddress != "" || c.TLSAddress != "") {
 		log.Println("[WARNING] no WillRenewCertificate handler specified, to handle graceful server shutdown!")
 	}