protected async importAndStoreCertificate()

in packages/aws-rfdk/lib/lambdas/nodejs/x509-certificate/acm-handlers.ts [142:210]


  protected async importAndStoreCertificate(args: {
    readonly cert: string,
    readonly certChain?: string,
    readonly resourceTable: CompositeStringIndexTable,
    readonly key: string,
    readonly physicalId: string;
    readonly tags: Array<{ Key: string, Value: string }>;
  }): Promise<string> {
    let certificateArn: string;

    const certificate = Buffer.from(args.cert);
    const certificateChain = args.certChain ? Buffer.from(args.certChain) : undefined;
    const privateKey = Buffer.from(args.key);

    const sortKey = crypto.createHash('md5').update(args.cert).digest('hex');
    const existingItem = await args.resourceTable.getItem({
      primaryKeyValue: args.physicalId,
      sortKeyValue: sortKey,
    });

    if (existingItem) {
      if (!existingItem.ARN) {
        throw Error("Database Item missing 'ARN' attribute");
      }

      // Verify that the cert is in ACM
      certificateArn = existingItem.ARN as string;
      try {
        await this.acmClient.send(new GetCertificateCommand({ CertificateArn: certificateArn }));
      } catch(e) {
        throw Error(`Database entry ${existingItem.ARN} could not be found in ACM: ${JSON.stringify(e)}`);
      }

      // Update the cert by performing an import again, with the new values.
      const importCertRequest: ImportCertificateRequest = {
        CertificateArn: certificateArn,
        Certificate: certificate,
        CertificateChain: certificateChain,
        PrivateKey: privateKey,
        Tags: args.tags,
      };
      await this.importCertificate(importCertRequest);
    } else {
      const importCertRequest: ImportCertificateRequest = {
        Certificate: certificate,
        CertificateChain: certificateChain,
        PrivateKey: privateKey,
        Tags: args.tags,
      };

      const resp = await this.importCertificate(importCertRequest);

      if (!resp.CertificateArn) {
        throw new Error(`CertificateArn was not properly populated after attempt to import ${args.cert}`);
      }
      certificateArn = resp.CertificateArn;

      await args.resourceTable.putItem({
        primaryKeyValue: args.physicalId,
        sortKeyValue: sortKey,
        attributes: {
          ARN: certificateArn,
        },
        allow_overwrite: false,
      });
    }

    return certificateArn;
  }