-
Notifications
You must be signed in to change notification settings - Fork 227
/
acm-wrapper.ts
98 lines (90 loc) · 3.37 KB
/
acm-wrapper.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import {
CertificateStatus,
ACMClient,
CertificateSummary,
ListCertificatesCommand,
ListCertificatesCommandInput,
ListCertificatesCommandOutput
} from "@aws-sdk/client-acm";
import Globals from "../globals";
import DomainConfig = require("../models/domain-config");
import { getAWSPagedResults } from "../utils";
import Logging from "../logging";
const certStatuses = [
CertificateStatus.PENDING_VALIDATION,
CertificateStatus.ISSUED,
CertificateStatus.INACTIVE
];
class ACMWrapper {
public acm: ACMClient;
constructor (credentials: any, endpointType: string) {
const isEdge = endpointType === Globals.endpointTypes.edge;
this.acm = new ACMClient({
credentials,
region: isEdge ? Globals.defaultRegion : Globals.getRegion(),
retryStrategy: Globals.getRetryStrategy(),
requestHandler: Globals.getRequestHandler()
});
}
public async getCertArn (domain: DomainConfig): Promise<string> {
let certificateArn; // The arn of the selected certificate
let certificateName = domain.certificateName; // The certificate name
try {
const certificates = await getAWSPagedResults<CertificateSummary, ListCertificatesCommandInput, ListCertificatesCommandOutput>(
this.acm,
"CertificateSummaryList",
"NextToken",
"NextToken",
new ListCertificatesCommand({ CertificateStatuses: certStatuses })
);
// enhancement idea: weight the choice of cert so longer expires
// and RenewalEligibility = ELIGIBLE is more preferable
if (certificateName) {
certificateArn = this.getCertArnByCertName(certificates, certificateName);
} else {
certificateName = domain.givenDomainName;
certificateArn = ACMWrapper.getCertArnByDomainName(certificates, certificateName);
}
Logging.logInfo(`Found a certificate ARN: '${certificateArn}'`);
} catch (err) {
throw Error(`Could not search certificates in Certificate Manager.\n${err.message}`);
}
if (certificateArn == null) {
throw Error(`Could not find an in-date certificate for '${certificateName}'.`);
}
return certificateArn;
}
private getCertArnByCertName (certificates, certName): string {
const found = certificates.find((c) => c.DomainName === certName);
if (found) {
return found.CertificateArn;
}
return null;
}
private static getCertArnByDomainName (certificates, domainName): string {
// The more specific name will be the longest
let nameLength = 0;
let certificateArn;
for (const currCert of certificates) {
const allDomainsForCert = [
currCert.DomainName,
...(currCert.SubjectAlternativeNameSummaries || [])
];
for (const currCertDomain of allDomainsForCert) {
let certificateListName = currCertDomain;
// Looks for wild card and take it out when checking
if (certificateListName[0] === "*") {
certificateListName = certificateListName.substring(1);
}
// Looks to see if the name in the list is within the given domain
// Also checks if the name is more specific than previous ones
if (domainName.includes(certificateListName) && certificateListName.length > nameLength) {
nameLength = certificateListName.length;
certificateArn = currCert.CertificateArn;
}
}
}
return certificateArn;
}
}
export = ACMWrapper;