in packages/aws-rfdk/lib/lambdas/nodejs/x509-certificate/acm-handlers.ts [142:210]
protected async importAndStoreCertificate(args: {
readonly cert: string,
readonly certChain?: string,
readonly resourceTable: CompositeStringIndexTable,
readonly key: string,
readonly physicalId: string;
readonly tags: Array<{ Key: string, Value: string }>;
}): Promise<string> {
let certificateArn: string;
const certificate = Buffer.from(args.cert);
const certificateChain = args.certChain ? Buffer.from(args.certChain) : undefined;
const privateKey = Buffer.from(args.key);
const sortKey = crypto.createHash('md5').update(args.cert).digest('hex');
const existingItem = await args.resourceTable.getItem({
primaryKeyValue: args.physicalId,
sortKeyValue: sortKey,
});
if (existingItem) {
if (!existingItem.ARN) {
throw Error("Database Item missing 'ARN' attribute");
}
// Verify that the cert is in ACM
certificateArn = existingItem.ARN as string;
try {
await this.acmClient.send(new GetCertificateCommand({ CertificateArn: certificateArn }));
} catch(e) {
throw Error(`Database entry ${existingItem.ARN} could not be found in ACM: ${JSON.stringify(e)}`);
}
// Update the cert by performing an import again, with the new values.
const importCertRequest: ImportCertificateRequest = {
CertificateArn: certificateArn,
Certificate: certificate,
CertificateChain: certificateChain,
PrivateKey: privateKey,
Tags: args.tags,
};
await this.importCertificate(importCertRequest);
} else {
const importCertRequest: ImportCertificateRequest = {
Certificate: certificate,
CertificateChain: certificateChain,
PrivateKey: privateKey,
Tags: args.tags,
};
const resp = await this.importCertificate(importCertRequest);
if (!resp.CertificateArn) {
throw new Error(`CertificateArn was not properly populated after attempt to import ${args.cert}`);
}
certificateArn = resp.CertificateArn;
await args.resourceTable.putItem({
primaryKeyValue: args.physicalId,
sortKeyValue: sortKey,
attributes: {
ARN: certificateArn,
},
allow_overwrite: false,
});
}
return certificateArn;
}