From 8257b4754a9afa33769dd0d8b13dddd8d073b530 Mon Sep 17 00:00:00 2001
From: Jose Domenech Leal <jdomenechleal@twilio.com>
Date: Thu, 9 Feb 2023 11:03:53 +0000
Subject: [PATCH] Allow other key types in the configuration

---
 client.go |  2 +-
 config.go | 42 ++++++++++++++++++++++++++++++++++--------
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/client.go b/client.go
index 666a5a5..f9e34c9 100644
--- a/client.go
+++ b/client.go
@@ -32,7 +32,7 @@ func createClient(u SSLUser, dnsServers []string) (lego.Client, error) {
 	// create lego config
 	config := lego.NewConfig(&u)
 	config.CADirURL = c.DirectoryURL
-	config.Certificate.KeyType = certcrypto.RSA4096
+	config.Certificate.KeyType = certcrypto.KeyType(c.KeyType)
 
 	// Create a new client instance
 	client, err := lego.NewClient(config)
diff --git a/config.go b/config.go
index 14e60b0..65ec4a6 100644
--- a/config.go
+++ b/config.go
@@ -15,18 +15,36 @@ import (
 	"time"
 )
 
+type KeyType string
+
+const (
+	EC256   = "P256"
+	EC384   = "P384"
+	RSA2048 = "2048"
+	RSA4096 = "4096"
+	RSA8192 = "8192"
+)
+
 var (
 	c *Config
 
-	errNoDirectoryURL = errors.New("simplecert: no directory url specified in config")
-	errNoMail         = errors.New("simplecert: no SSLEmail in config in config")
-	errNoDomains      = errors.New("simplecert: no domains specified in config")
-	errNoChallenge    = errors.New("simplecert: no challenge method specified in config")
-	errNoCacheDir     = errors.New("simplecert: no cache directory specified in config")
+	errNoDirectoryURL     = errors.New("simplecert: no directory url specified in config")
+	errNoMail             = errors.New("simplecert: no SSLEmail in config in config")
+	errNoDomains          = errors.New("simplecert: no domains specified in config")
+	errNoChallenge        = errors.New("simplecert: no challenge method specified in config")
+	errNoCacheDir         = errors.New("simplecert: no cache directory specified in config")
+	errNoRenewBefore      = errors.New("simplecert: no renew before value set in config")
+	errNoCheckInterval    = errors.New("simplecert: no check interval set in config")
+	errNoCacheDirPerm     = errors.New("simplecert: no cache directory permission specified in config")
+	errUnsupportedKeyType = errors.New("simplecert: unsupported key type specified in config")
 
-	errNoRenewBefore   = errors.New("simplecert: no renew before value set in config")
-	errNoCheckInterval = errors.New("simplecert: no check interval set in config")
-	errNoCacheDirPerm  = errors.New("simplecert: no cache directory permission specified in config")
+	supportedKeyTypes = map[string]bool{
+		EC256:   true,
+		EC384:   true,
+		RSA2048: true,
+		RSA4096: true,
+		RSA8192: true,
+	}
 )
 
 // Default contains a default configuration
@@ -46,6 +64,7 @@ var Default = &Config{
 	Local:         false,
 	UpdateHosts:   true,
 	DNSServers:    []string{},
+	KeyType:       RSA2048,
 }
 
 // Config allows configuration of simplecert
@@ -92,6 +111,9 @@ type Config struct {
 	// UpdateHosts adds the domains to /etc/hosts if running in local mode
 	UpdateHosts bool
 
+	// KeyType represents the key algorithm as well as the key size or curve to use.
+	KeyType string
+
 	// Handler funcs for graceful service shutdown and restoring
 	WillRenewCertificate     func()
 	DidRenewCertificate      func()
@@ -132,6 +154,10 @@ func CheckConfig(c *Config) error {
 		return errNoCacheDirPerm
 	}
 
+	if !supportedKeyTypes[c.KeyType] {
+		return errUnsupportedKeyType
+	}
+
 	if c.WillRenewCertificate == nil && (c.HTTPAddress != "" || c.TLSAddress != "") {
 		log.Println("[WARNING] no WillRenewCertificate handler specified, to handle graceful server shutdown!")
 	}