in lib/code-signing/certificate-signing-request.ts [50:96]
constructor(parent: Construct, id: string, props: CertificateSigningRequestProps) {
super(parent, id);
const codeLocation = path.resolve(__dirname, '..', 'custom-resource-handlers', 'bin', 'certificate-signing-request');
const customResource = new lambda.SingletonFunction(this, 'ResourceHandler', {
uuid: '541F6782-6DCF-49A7-8C5A-67715ADD9E4C',
lambdaPurpose: 'CreateCSR',
description: 'Creates a Certificate Signing Request document for an x509 certificate',
runtime: lambda.Runtime.NODEJS_12_X,
handler: 'index.handler',
code: new lambda.AssetCode(codeLocation),
timeout: Duration.seconds(300),
// add the layer that contains the OpenSSL CLI binary
layers: [new lambda.LayerVersion(this, 'OpenSslCliLayer', {
code: lambda.Code.fromAsset(path.join(__dirname, '..', 'custom-resource-handlers', 'layers', 'openssl-cli-layer.zip')),
})],
});
const csr = new cfn.CustomResource(this, 'Resource', {
provider: cfn.CustomResourceProvider.lambda(customResource),
resourceType: 'Custom::CertificateSigningRequest',
properties: {
resourceVersion: hashFileOrDirectory(codeLocation),
// Private key
privateKeySecretId: props.privateKey.secretArn,
// Distinguished name
dnCommonName: props.dn.commonName,
dnCountry: props.dn.country,
dnStateOrProvince: props.dn.stateOrProvince,
dnLocality: props.dn.locality,
dnOrganizationName: props.dn.organizationName,
dnOrganizationalUnitName: props.dn.organizationalUnitName,
dnEmailAddress: props.dn.emailAddress,
// Key Usage
extendedKeyUsage: props.extendedKeyUsage || '',
keyUsage: props.keyUsage,
},
});
if (customResource.role) {
// Make sure the permissions are all good before proceeding
csr.node.addDependency(customResource.role);
props.privateKey.grantGetSecretValue(customResource.role);
}
this.pemRequest = csr.getAtt('CSR').toString();
this.selfSignedPemCertificate = csr.getAtt('SelfSignedCertificate').toString();
}