private static async generateSigned()

in packages/aws-rfdk/lib/lambdas/nodejs/lib/x509-certs/certificate.ts [119:162]

• 37 lines of code
• 1 McCabe index (conditional complexity)

  private static async generateSigned(
    tmpDir: string,
    subject: DistinguishedName,
    passphrase: string,
    certValidFor: number,
    signingCertificate: Certificate,
  ): Promise<[string, string, string]> {
    const signingCertFile = path.join(tmpDir, 'signing.crt');
    const signingKeyFile = path.join(tmpDir, 'signing.key');
    const caChain = signingCertificate.cert + signingCertificate.certChain;
    await writeAsciiFile(signingCertFile, caChain);
    await writeAsciiFile(signingKeyFile, signingCertificate.key);

    const csrFile: string = path.join(tmpDir, 'cert.csr');
    const crtFile: string = path.join(tmpDir, 'cert.crt');
    const keyFile: string = path.join(tmpDir, 'cert.key');

    const certSigningRequest =
            'openssl req ' +
            '-passout env:CERT_PASSPHRASE ' +
            '-newkey rsa:2048 ' +
            `-days ${certValidFor} ` +
            `-out ${csrFile} -keyout ${keyFile} ` +
            `-subj ${subject.toString()}`;
    const crtCreate =
            'openssl x509 -sha256 -req ' +
            '-passin env:SIGNING_PASSPHRASE ' +
            `-days ${certValidFor} ` +
            `-in ${csrFile} ` +
            `-CA ${signingCertFile} -CAkey ${signingKeyFile} -CAcreateserial ` +
            `-out ${crtFile}`;

    console.debug(`Running: ${certSigningRequest}`);
    await exec(certSigningRequest, { env: { CERT_PASSPHRASE: passphrase, PATH: process.env.PATH }});
    console.debug(`Running: ${crtCreate}`);
    await exec(crtCreate, { env: { PATH: process.env.PATH, SIGNING_PASSPHRASE: signingCertificate.passphrase }});

    const cert: string = await readAsciiFile(crtFile);
    const key: string = await readAsciiFile(keyFile);

    // Return the certificate, private key, and certificate chain. The certificate chain is the signing certificate
    // prepended to its own certificate chain.
    return [cert, key, caChain];
  }