in data-prepper-plugins/common/src/main/java/com/amazon/dataprepper/plugins/certificate/acm/ACMCertificateProvider.java [73:107]
public Certificate getCertificate() {
ExportCertificateResult exportCertificateResult = null;
long timeSlept = 0L;
// The private key from ACM is encrypted. Passphrase is the privateKey password that will be used to decrypt the
// private key. If it's not provided, generate a random password. The configured passphrase can
// be used to decrypt the private key manually using openssl commands for any inspection or debugging.
final String pkPassphrase = Optional.ofNullable(passphrase).orElse(generatePassphrase(PASSPHRASE_CHAR_COUNT));
while (exportCertificateResult == null && timeSlept < totalTimeout) {
try {
final ExportCertificateRequest exportCertificateRequest = new ExportCertificateRequest()
.withCertificateArn(acmArn)
.withPassphrase(ByteBuffer.wrap(pkPassphrase.getBytes()));
exportCertificateResult = awsCertificateManager.exportCertificate(exportCertificateRequest);
} catch (final RequestInProgressException ex) {
try {
Thread.sleep(SLEEP_INTERVAL);
} catch (InterruptedException iex) {
throw new RuntimeException(iex);
}
} catch (final ResourceNotFoundException | InvalidArnException ex) {
LOG.error("Exception retrieving the certificate with arn: {}", acmArn, ex);
throw ex;
}
timeSlept += SLEEP_INTERVAL;
}
if (exportCertificateResult != null) {
final String decryptedPrivateKey = getDecryptedPrivateKey(exportCertificateResult.getPrivateKey(), pkPassphrase);
return new Certificate(exportCertificateResult.getCertificate(), decryptedPrivateKey);
} else {
throw new IllegalStateException(String.format("Exception retrieving certificate results. Time spent retrieving certificate is" +
" %d ms and total time out set is %d ms.", timeSlept, totalTimeout));
}
}