package com.amazonaws.acmpcakms.examples;
import com.amazonaws.services.acmpca.model.*;
import com.amazonaws.regions.Regions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.io.FileWriter;
import java.io.*;
public class Runner {
static {
Security.addProvider(new BouncyCastleProvider());
}
public static void main(final String[] args) throws Exception {
String ROOT_COMMON_NAME = null;
String END_ENTITY_COMMON_NAME = null;
String CMK_ALIAS = null;
String REGION_OPTION = null;
Regions region = null;
BufferedReader in=new BufferedReader(new InputStreamReader(System.in));
while (ROOT_COMMON_NAME==null) {
System.out.println("Please provide the private CA root common name:");
ROOT_COMMON_NAME = in.readLine();
}
while (END_ENTITY_COMMON_NAME==null) {
System.out.println("Please provide the end entity common name:");
END_ENTITY_COMMON_NAME = in.readLine();
}
while (CMK_ALIAS==null) {
System.out.println("Please provide the alias for KMS Customer Master Key:");
CMK_ALIAS = in.readLine();
}
while (REGION_OPTION==null || region==null) {
System.out.println("Please select the AWS Region to deploy KMS Customer Master Key and Private CA:");
System.out.println("[1] => us east 1");
System.out.println("[2] => us east 2");
System.out.println("[3] => us west 1");
System.out.println("[4] => us west 2");
System.out.println("[5] => eu west 1");
System.out.println("[6] => eu west 2");
System.out.println("[7] => eu west 3");
System.out.println("[8] => eu north 1");
System.out.println("[9] => eu central 1");
System.out.println("[10] => ca central 1");
REGION_OPTION = in.readLine();
int selection = Integer.parseInt(REGION_OPTION);
switch(selection) {
case 1:
region = Regions.US_EAST_1;
break;
case 2:
region = Regions.US_EAST_2;
break;
case 3:
region = Regions.US_WEST_1;
break;
case 4:
region = Regions.US_WEST_2;
break;
case 5:
region = Regions.EU_WEST_1;
break;
case 6:
region = Regions.EU_WEST_2;
break;
case 7:
region = Regions.EU_WEST_3;
break;
case 8:
region = Regions.EU_NORTH_1;
break;
case 9:
region = Regions.EU_CENTRAL_1;
break;
case 10:
region = Regions.CA_CENTRAL_1;
break;
default:
region = Regions.US_EAST_1;
}
}
/* Creating a CA hierarcy in ACM Private CA. This CA hiearchy consistant of a Root and subordinate CA */
System.out.println("Creating a CA hierarchy\n");
PrivateCA rootPrivateCA = PrivateCA.builder()
.withCommonName(ROOT_COMMON_NAME)
.withType(CertificateAuthorityType.ROOT)
.withRegion(region)
.getOrCreate();
/* Creating a asymmetric key pair using AWS KMS */
System.out.println();
System.out.println("Creating a asymmetric key pair using AWS KMS\n");
AsymmetricCMK codeSigningCMK = AsymmetricCMK.builder()
.withAlias(CMK_ALIAS)
.withRegion(region)
.getOrCreate();
/* Creating a asymmetric key pair using AWS KMS */
System.out.println();
System.out.println("Creating a CSR(Certificate signing request) for creating a code signing certificate\n");
String codeSigningCSR = codeSigningCMK.generateCSR(END_ENTITY_COMMON_NAME);
/* Issuing the code signing certificate from ACM Private CA */
System.out.println();
System.out.println("Issuing a code signing certificate from ACM Private CA\n");
GetCertificateResult codeSigningCertificate = rootPrivateCA.issueCodeSigningCertificate(codeSigningCSR);
FileWriter myWriter = new FileWriter("myappcodesigningcertificate.pem");
myWriter.write(codeSigningCertificate.getCertificate());
myWriter.close();
}
}