@nordicsemiconductor/asset-tracker-cloud-aws
Version:
A reference implementation of a serverless backend for an IoT product developed using AWS CDK in TypeScript.
363 lines (362 loc) • 14.7 kB
JavaScript
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
try {
var info = gen[key](arg);
var value = info.value;
} catch (error) {
reject(error);
return;
}
if (info.done) {
resolve(value);
} else {
Promise.resolve(value).then(_next, _throw);
}
}
function _async_to_generator(fn) {
return function() {
var self = this, args = arguments;
return new Promise(function(resolve, reject) {
var gen = fn.apply(self, args);
function _next(value) {
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
}
function _throw(err) {
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
}
_next(undefined);
});
};
}
function _ts_generator(thisArg, body) {
var f, y, t, g, _ = {
label: 0,
sent: function() {
if (t[0] & 1) throw t[1];
return t[1];
},
trys: [],
ops: []
};
return g = {
next: verb(0),
"throw": verb(1),
"return": verb(2)
}, typeof Symbol === "function" && (g[Symbol.iterator] = function() {
return this;
}), g;
function verb(n) {
return function(v) {
return step([
n,
v
]);
};
}
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while(_)try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [
op[0] & 2,
t.value
];
switch(op[0]){
case 0:
case 1:
t = op;
break;
case 4:
_.label++;
return {
value: op[1],
done: false
};
case 5:
_.label++;
y = op[1];
op = [
0
];
continue;
case 7:
op = _.ops.pop();
_.trys.pop();
continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
_ = 0;
continue;
}
if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
_.label = op[1];
break;
}
if (op[0] === 6 && _.label < t[1]) {
_.label = t[1];
t = op;
break;
}
if (t && _.label < t[2]) {
_.label = t[2];
_.ops.push(op);
break;
}
if (t[2]) _.ops.pop();
_.trys.pop();
continue;
}
op = body.call(thisArg, _);
} catch (e) {
op = [
6,
e
];
y = 0;
} finally{
f = t = 0;
}
if (op[0] & 5) throw op[1];
return {
value: op[0] ? op[1] : void 0,
done: true
};
}
}
import { DescribeStacksCommand } from '@aws-sdk/client-cloudformation';
import { GetRegistrationCodeCommand, RegisterCACertificateCommand, UpdateEventConfigurationsCommand } from '@aws-sdk/client-iot';
import { toObject } from '@nordicsemiconductor/cloudformation-helpers';
import { randomUUID } from 'crypto';
import { copyFile, readFile, unlink } from 'fs/promises';
import path from 'path';
import run from '@bifravst/run';
import { caFileLocations } from './caFileLocations.js';
export var registerCA = function() {
var _ref = _async_to_generator(function(param) {
var iot, cf, certsDir, attributes, caCertificateFile, caCertificateKeyFile, tags, stack, log, debug, stackOutput, verifcationCertId, verificationKeyFile, verificationCertFile, csrFile, registrationCode, jitpTemplate, res, _, _1, _tmp, files;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
iot = param.iot, cf = param.cf, certsDir = param.certsDir, attributes = param.attributes, caCertificateFile = param.caCertificateFile, caCertificateKeyFile = param.caCertificateKeyFile, tags = param.tags, stack = param.stack, log = param.log, debug = param.debug;
return [
4,
cf.send(new DescribeStacksCommand({
StackName: stack
})).then(function() {
var _ref = _async_to_generator(function(param) {
var Stacks, _Stacks_;
return _ts_generator(this, function(_state) {
Stacks = param.Stacks;
if ((Stacks === null || Stacks === void 0 ? void 0 : Stacks.length) === 0 || (Stacks === null || Stacks === void 0 ? void 0 : (_Stacks_ = Stacks[0]) === null || _Stacks_ === void 0 ? void 0 : _Stacks_.Outputs) === undefined) {
throw new Error("Stack ".concat(stack, " not found."));
}
return [
2,
toObject(Stacks[0].Outputs)
];
});
});
return function(_) {
return _ref.apply(this, arguments);
};
}())
];
case 1:
stackOutput = _state.sent();
verifcationCertId = randomUUID();
verificationKeyFile = path.join(certsDir, "".concat(verifcationCertId, ".key"));
verificationCertFile = path.join(certsDir, "".concat(verifcationCertId, ".pem"));
csrFile = path.join(certsDir, "".concat(verifcationCertId, ".csr"));
return [
4,
run({
command: 'openssl',
args: [
'genrsa',
'-out',
verificationKeyFile,
'2048'
],
log: {
debug: debug
}
})
];
case 2:
_state.sent();
return [
4,
iot.send(new GetRegistrationCodeCommand({})).then(function(param) {
var registrationCode = param.registrationCode;
return registrationCode;
})
];
case 3:
registrationCode = _state.sent();
log('CA Registration code', registrationCode);
return [
4,
run({
command: 'openssl',
args: [
'req',
'-new',
'-key',
verificationKeyFile,
'-out',
csrFile,
'-subj',
"/CN=".concat(registrationCode)
],
log: {
debug: debug
}
})
];
case 4:
_state.sent();
return [
4,
run({
command: 'openssl',
args: [
'x509',
'-req',
'-in',
csrFile,
'-CA',
caCertificateFile,
'-CAkey',
caCertificateKeyFile,
'-CAcreateserial',
'-out',
verificationCertFile,
'-days',
"1",
'-sha256'
],
log: {
debug: debug
}
})
];
case 5:
_state.sent();
return [
4,
iot.send(new UpdateEventConfigurationsCommand({
eventConfigurations: {
CA_CERTIFICATE: {
Enabled: true
},
CERTIFICATE: {
Enabled: true
}
}
}))
];
case 6:
_state.sent();
jitpTemplate = {
Parameters: {
'AWS::IoT::Certificate::CommonName': {
Type: 'String'
},
'AWS::IoT::Certificate::Id': {
Type: 'String'
}
},
Resources: {
thing: {
Type: 'AWS::IoT::Thing',
Properties: {
ThingName: {
Ref: 'AWS::IoT::Certificate::CommonName'
},
ThingGroups: [
stackOutput === null || stackOutput === void 0 ? void 0 : stackOutput.thingGroupName
]
}
},
cert: {
Type: 'AWS::IoT::Certificate',
Properties: {
CertificateId: {
Ref: 'AWS::IoT::Certificate::Id'
},
Status: 'ACTIVE'
}
}
}
};
if (attributes !== undefined) {
jitpTemplate.Resources.thing.Properties.AttributePayload = attributes;
}
_ = iot.send;
_1 = RegisterCACertificateCommand.bind;
_tmp = {};
return [
4,
readFile(caCertificateFile, 'utf-8')
];
case 7:
_tmp.caCertificate = _state.sent();
return [
4,
readFile(verificationCertFile, 'utf-8')
];
case 8:
return [
4,
_.apply(iot, [
new (_1.apply(RegisterCACertificateCommand, [
void 0,
(_tmp.verificationCertificate = _state.sent(), _tmp.allowAutoRegistration = true, _tmp.setAsActive = true, _tmp.registrationConfig = {
templateBody: JSON.stringify(jitpTemplate),
roleArn: stackOutput === null || stackOutput === void 0 ? void 0 : stackOutput.jitpRoleArn
}, _tmp.tags = tags !== null && tags !== void 0 ? tags : [], _tmp)
]))
])
];
case 9:
res = _state.sent();
if ((res === null || res === void 0 ? void 0 : res.certificateId) === undefined) {
throw new Error('Failed to register CA!');
}
log("Registered CA and enabled auto-registration to group ".concat(stackOutput === null || stackOutput === void 0 ? void 0 : stackOutput.thingGroupName));
files = caFileLocations({
certsDir: certsDir,
id: res.certificateId
});
return [
4,
Promise.all([
copyFile(caCertificateFile, files.cert),
copyFile(caCertificateKeyFile, files.key)
])
];
case 10:
_state.sent();
log("CA certificate location: ".concat(files.cert));
return [
4,
Promise.all([
unlink(verificationKeyFile),
unlink(verificationCertFile),
unlink(csrFile)
])
];
case 11:
_state.sent();
return [
2,
{
certificateId: res.certificateId
}
];
}
});
});
return function registerCA(_) {
return _ref.apply(this, arguments);
};
}();