continue

sasa1977 · Jun 29, 2024 · 0ae1442 · 0ae1442
1 parent b1c42ea
commit 0ae1442
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 12 deletions.
diff --git a/lib/site_encrypt.ex b/lib/site_encrypt.ex
@@ -119,11 +119,6 @@ defmodule SiteEncrypt do
       default: :info,
       doc: "Logger level for info messages."
     ],
-    key_size: [
-      type: :pos_integer,
-      default: 4096,
-      doc: "The size used for generating private RSA keys."
-    ],
     key_alg: [
       type: {:in, [:rsa, :ec]},
       default: :ec,
@@ -134,6 +129,16 @@ defmodule SiteEncrypt do
       - `:ec` - Use ECDSA for key generation. This option provides better performance and security with smaller key sizes compared to RSA. This is the default option.
       """
     ],
+    key_size: [
+      type: :pos_integer,
+      default: 4096,
+      doc: "The size used for generating private RSA keys."
+    ],
+    key_curve: [
+      type: {:in, ["P-256", "P-384"]},
+      default: "P-384",
+      doc: "The curve used for generating private ECDSA keys."
+    ],
     mode: [
       type: {:in, [:auto, :manual]},
       default: :auto,

diff --git a/lib/site_encrypt/acme/client.ex b/lib/site_encrypt/acme/client.ex
@@ -51,8 +51,8 @@ defmodule SiteEncrypt.Acme.Client do
     JOSE.JWK.generate_key({:rsa, key_size})
   end
 
-  defp generate_key(%{key_alg: :ec}) do
-    JOSE.JWK.generate_key({:ec, "P-256"})
+  defp generate_key(%{key_alg: :ec, key_curve: key_curve}) do
+    JOSE.JWK.generate_key({:ec, key_curve})
   end
 
   defp start_session(directory_url, account_key, session_opts) do

diff --git a/lib/site_encrypt/acme/client/api.ex b/lib/site_encrypt/acme/client/api.ex
@@ -253,7 +253,7 @@ defmodule SiteEncrypt.Acme.Client.API do
   defp jws_body(session, url, id_field, payload) do
     protected =
       Map.merge(
-        %{"alg" => jws_alg(session.account_key), "nonce" => session.nonce, "url" => url},
+        %{"alg" => jwk_to_alg(session.account_key), "nonce" => session.nonce, "url" => url},
         id_map(id_field, session)
       )
 
@@ -269,10 +269,13 @@ defmodule SiteEncrypt.Acme.Client.API do
 
   defp id_map(:kid, session), do: %{"kid" => session.kid}
 
-  defp jws_alg(%JOSE.JWK{kty: kty}) do
-    case elem(kty, 0) do
-      :jose_jwk_kty_rsa -> "RS256"
-      :jose_jwk_kty_ec -> "ES256"
+  defp jwk_to_alg(jwk) do
+    {_modules, public_map} = JOSE.JWK.to_public_map(jwk)
+
+    case public_map do
+      %{"kty" => "RSA"} -> "RS256"
+      %{"kty" => "EC", "crv" => "P-256"} -> "ES256"
+      %{"kty" => "EC", "crv" => "P-384"} -> "ES384"
     end
   end