constructor()

in lib/code-signing/code-signing-certificate.ts [104:147]

• 35 lines of code
• 6 McCabe index (conditional complexity)

  constructor(parent: Construct, id: string, props: CodeSigningCertificateProps) {
    super(parent, id);

    // The construct path of this construct with respect to the containing stack, without any leading /
    const stack = Stack.of(this);
    const baseName = props.baseName ?? `${stack.stackName}${this.node.path.substr(stack.node.path.length)}`;

    const privateKey = new RsaPrivateKeySecret(this, 'RSAPrivateKey', {
      removalPolicy: props.retainPrivateKey === false ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN,
      description: 'The PEM-encoded private key of the x509 Code-Signing Certificate',
      keySize: props.rsaKeySize || 2048,
      secretEncryptionKey: props.secretEncryptionKey,
      secretName: `${baseName}/RSAPrivateKey`,
    });

    this.credential = secretsManager.Secret.fromSecretAttributes(this, 'Credential', {
      encryptionKey: props.secretEncryptionKey,
      secretArn: privateKey.secretArn,
    });

    let certificate = props.pemCertificate;

    if (!certificate || props.forceCertificateSigningRequest) {
      const csr = privateKey.newCertificateSigningRequest('CertificateSigningRequest',
        props.distinguishedName,
        'critical,digitalSignature',
        'critical,codeSigning');

      new CfnOutput(this, 'CSR', {
        description: 'A PEM-encoded Certificate Signing Request for a Code-Signing Certificate',
        value: csr.pemRequest,
      });

      if (!certificate) {
        certificate = csr.selfSignedPemCertificate;
      }
    }

    this.principal = new ssm.StringParameter(this, 'Resource', {
      description: `A PEM-encoded Code-Signing Certificate (private key in ${privateKey.secretArn})`,
      parameterName: `/${baseName}/Certificate`,
      stringValue: certificate!,
    });
  }