in source/packages/services/certificatevendor/src/certificates/certificates.service.ts [123:238]
public async getWithCsr(
deviceId: string,
csr: string,
previousCertificateId?: string,
acmpcaParameters?: ACMPCAParameters
): Promise<void> {
logger.debug(
`certificates.service getWithCsr: in: deviceId:${deviceId}, csr: ${csr}, previousCertificateId: ${previousCertificateId}, ACMPCAParameters: certInfo:${JSON.stringify(
acmpcaParameters
)}`
);
const response: CertificateResponseModel = {};
try {
ow(deviceId, 'deviceId', ow.string.nonEmpty);
ow(csr, ow.string.nonEmpty);
// ensure device is whitelisted
if ((await this.registry.isWhitelisted(deviceId)) !== true) {
throw new Error('DEVICE_NOT_WHITELISTED');
}
let caPem: string;
let certificate: string;
if (this.acmpcaEnabled) {
let caCertID: string;
let acmCaArn: string;
let certInfo: CertInfo;
if (acmpcaParameters) {
if (acmpcaParameters.awsiotCaAlias) {
acmpcaParameters.awsiotCaID =
process.env[`CA_${acmpcaParameters.awsiotCaAlias?.toUpperCase()}`];
ow(
acmpcaParameters.awsiotCaID,
ow.string.message('Invalid `awsiotCaAlias`.')
);
} else {
ow(
acmpcaParameters.awsiotCaID,
ow.string.message(
'Either `awsiotCaAlias` or `awsiotCaId` must be provided'
)
);
}
if (acmpcaParameters.acmpcaCaAlias) {
acmpcaParameters.acmpcaCaArn =
process.env[`PCA_${acmpcaParameters.acmpcaCaAlias?.toUpperCase()}`];
ow(
acmpcaParameters.acmpcaCaArn,
ow.string.message('Invalid `acmpcaCaAlias`.')
);
} else {
ow(
acmpcaParameters.acmpcaCaArn,
ow.string.message(
'Either `acmpcaCaAlias` or `acmpcaCaArn` must be provided.'
)
);
}
//prioritize requested parameters over parameters in installer
if (acmpcaParameters.acmpcaCaArn) {
acmCaArn = acmpcaParameters.acmpcaCaArn;
} else {
acmCaArn = this.acmpcaCaArn;
}
if (acmpcaParameters.awsiotCaID) {
caCertID = acmpcaParameters.awsiotCaID;
} else {
caCertID = this.caCertificateId;
}
if (acmpcaParameters.certInfo) {
certInfo = acmpcaParameters.certInfo;
} else {
certInfo = null;
}
} else {
acmCaArn = this.acmpcaCaArn;
caCertID = this.caCertificateId;
certInfo = null;
}
caPem = await this.getCaCertificate(caCertID);
certificate = await this.getACMCertificate(csr, acmCaArn, certInfo);
} else {
// create certificate from SSM parameter and csr
caPem = await this.getCaCertificate(this.caCertificateId);
certificate = await this.getSSMCertificate(csr, caPem, this.caCertificateId);
}
const certificateArn = await this.registerCertificate(caPem, certificate);
await this.attachCertificateToThing(certificateArn, deviceId);
await this.attachPolicyToCertificate(
certificateArn,
this.rotatedCertificatePolicy,
previousCertificateId
);
// update asset library status
await this.registry.updateAssetStatus(deviceId);
// send success to the device
response.certificate = certificate;
response.certificateId = certificateArn.split('/')[1];
await this.publishResponse(this.mqttGetSuccessTopic, deviceId, response);
} catch (err) {
logger.error(`certificates.service getWithCsr error:${err}`);
response.message = err.message;
await this.publishResponse(this.mqttGetFailureTopic, deviceId, response);
throw err;
}
logger.debug(`certificates.service getWithCsr exit: response:${JSON.stringify(response)}`);
}