public function generate($bits = 2048)
{
if (!is_int($bits)) {
throw new \InvalidArgumentException(sprintf("\$bits must be of type int, %s given", gettype($bits)));
}
if ($bits < 2048) {
throw new \InvalidArgumentException("Keys with fewer than 2048 bits are not allowed!");
}
$configFile = __DIR__ . "/../res/openssl.cnf";
if (class_exists("Phar") && !empty(Phar::running(true))) {
$configContent = file_get_contents($configFile);
$configFile = tempnam(sys_get_temp_dir(), "acme_openssl_");
file_put_contents($configFile, $configContent);
}
$res = openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_bits" => $bits, "config" => $configFile]);
$success = openssl_pkey_export($res, $privateKey, null, ["config" => $configFile]);
if (!$success) {
openssl_pkey_free($res);
throw new \RuntimeException("Key export failed!");
}
if (class_exists("Phar") && !empty(Phar::running(true)) && file_exists($configFile)) {
unlink($configFile);
}
$publicKey = openssl_pkey_get_details($res)["key"];
openssl_pkey_free($res);
// clear error buffer, because of minimalistic openssl.cnf
while (openssl_error_string() !== false) {
}
return new KeyPair($privateKey, $publicKey);
}