package com.amazonaws.acmpcakms.examples; import com.amazonaws.services.acmpca.model.*; import com.amazonaws.regions.Regions; import org.bouncycastle.jce.provider.BouncyCastleProvider; import java.nio.charset.StandardCharsets; import java.security.Security; import java.io.FileWriter; import java.io.*; public class Runner { static { Security.addProvider(new BouncyCastleProvider()); } public static void main(final String[] args) throws Exception { String ROOT_COMMON_NAME = null; String END_ENTITY_COMMON_NAME = null; String CMK_ALIAS = null; String REGION_OPTION = null; Regions region = null; BufferedReader in=new BufferedReader(new InputStreamReader(System.in)); while (ROOT_COMMON_NAME==null) { System.out.println("Please provide the private CA root common name:"); ROOT_COMMON_NAME = in.readLine(); } while (END_ENTITY_COMMON_NAME==null) { System.out.println("Please provide the end entity common name:"); END_ENTITY_COMMON_NAME = in.readLine(); } while (CMK_ALIAS==null) { System.out.println("Please provide the alias for KMS Customer Master Key:"); CMK_ALIAS = in.readLine(); } while (REGION_OPTION==null || region==null) { System.out.println("Please select the AWS Region to deploy KMS Customer Master Key and Private CA:"); System.out.println("[1] => us east 1"); System.out.println("[2] => us east 2"); System.out.println("[3] => us west 1"); System.out.println("[4] => us west 2"); System.out.println("[5] => eu west 1"); System.out.println("[6] => eu west 2"); System.out.println("[7] => eu west 3"); System.out.println("[8] => eu north 1"); System.out.println("[9] => eu central 1"); System.out.println("[10] => ca central 1"); REGION_OPTION = in.readLine(); int selection = Integer.parseInt(REGION_OPTION); switch(selection) { case 1: region = Regions.US_EAST_1; break; case 2: region = Regions.US_EAST_2; break; case 3: region = Regions.US_WEST_1; break; case 4: region = Regions.US_WEST_2; break; case 5: region = Regions.EU_WEST_1; break; case 6: region = Regions.EU_WEST_2; break; case 7: region = Regions.EU_WEST_3; break; case 8: region = Regions.EU_NORTH_1; break; case 9: region = Regions.EU_CENTRAL_1; break; case 10: region = Regions.CA_CENTRAL_1; break; default: region = Regions.US_EAST_1; } } /* Creating a CA hierarcy in ACM Private CA. This CA hiearchy consistant of a Root and subordinate CA */ System.out.println("Creating a CA hierarchy\n"); PrivateCA rootPrivateCA = PrivateCA.builder() .withCommonName(ROOT_COMMON_NAME) .withType(CertificateAuthorityType.ROOT) .withRegion(region) .getOrCreate(); /* Creating a asymmetric key pair using AWS KMS */ System.out.println(); System.out.println("Creating a asymmetric key pair using AWS KMS\n"); AsymmetricCMK codeSigningCMK = AsymmetricCMK.builder() .withAlias(CMK_ALIAS) .withRegion(region) .getOrCreate(); /* Creating a asymmetric key pair using AWS KMS */ System.out.println(); System.out.println("Creating a CSR(Certificate signing request) for creating a code signing certificate\n"); String codeSigningCSR = codeSigningCMK.generateCSR(END_ENTITY_COMMON_NAME); /* Issuing the code signing certificate from ACM Private CA */ System.out.println(); System.out.println("Issuing a code signing certificate from ACM Private CA\n"); GetCertificateResult codeSigningCertificate = rootPrivateCA.issueCodeSigningCertificate(codeSigningCSR); FileWriter myWriter = new FileWriter("myappcodesigningcertificate.pem"); myWriter.write(codeSigningCertificate.getCertificate()); myWriter.close(); } }