serverless-domain-manager/dist/src/aws/acm-wrapper.js

Serverless plugin for managing custom domains with API Gateways.

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
const client_acm_1 = require("@aws-sdk/client-acm");
const globals_1 = __importDefault(require("../globals"));
const utils_1 = require("../utils");
const logging_1 = __importDefault(require("../logging"));
const certStatuses = [
    client_acm_1.CertificateStatus.PENDING_VALIDATION,
    client_acm_1.CertificateStatus.ISSUED,
    client_acm_1.CertificateStatus.INACTIVE
];
class ACMWrapper {
    constructor(credentials, endpointType) {
        const isEdge = endpointType === globals_1.default.endpointTypes.edge;
        this.acm = new client_acm_1.ACMClient({
            credentials,
            region: isEdge ? globals_1.default.defaultRegion : globals_1.default.getRegion(),
            retryStrategy: globals_1.default.getRetryStrategy(),
            requestHandler: globals_1.default.getRequestHandler(),
            endpoint: globals_1.default.getServiceEndpoint("acm")
        });
    }
    getCertArn(domain) {
        return __awaiter(this, void 0, void 0, function* () {
            let certificateArn; // The arn of the selected certificate
            let certificateName = domain.certificateName; // The certificate name
            try {
                const certificates = yield (0, utils_1.getAWSPagedResults)(this.acm, "CertificateSummaryList", "NextToken", "NextToken", new client_acm_1.ListCertificatesCommand({ CertificateStatuses: certStatuses }));
                // enhancement idea: weight the choice of cert so longer expires
                // and RenewalEligibility = ELIGIBLE is more preferable
                if (certificateName) {
                    certificateArn = this.getCertArnByCertName(certificates, certificateName);
                }
                else {
                    certificateName = domain.givenDomainName;
                    certificateArn = ACMWrapper.getCertArnByDomainName(certificates, certificateName);
                }
                logging_1.default.logInfo(`Found a certificate ARN: '${certificateArn}'`);
            }
            catch (err) {
                throw Error(`Could not search certificates in Certificate Manager.\n${err.message}`);
            }
            if (certificateArn == null) {
                let errorMessage = `Could not find an in-date certificate for '${certificateName}'.`;
                if (domain.endpointType === globals_1.default.endpointTypes.edge) {
                    errorMessage += ` The endpoint type '${globals_1.default.endpointTypes.edge}' is used. ` +
                        `Make sure the needed ACM certificate exists in the '${globals_1.default.defaultRegion}' region.`;
                }
                throw Error(errorMessage);
            }
            return certificateArn;
        });
    }
    getCertArnByCertName(certificates, certName) {
        const found = certificates.find((c) => c.DomainName === certName);
        if (found) {
            return found.CertificateArn;
        }
        return null;
    }
    static getCertArnByDomainName(certificates, domainName) {
        // The more specific name will be the longest
        let nameLength = 0;
        let certificateArn;
        for (const currCert of certificates) {
            const allDomainsForCert = [
                currCert.DomainName,
                ...(currCert.SubjectAlternativeNameSummaries || [])
            ];
            for (const currCertDomain of allDomainsForCert) {
                let certificateListName = currCertDomain;
                // Looks for wild card and take it out when checking
                if (certificateListName[0] === "*") {
                    certificateListName = certificateListName.substring(1);
                }
                // Looks to see if the name in the list is within the given domain
                // Also checks if the name is more specific than previous ones
                if (domainName.includes(certificateListName) && certificateListName.length > nameLength) {
                    nameLength = certificateListName.length;
                    certificateArn = currCert.CertificateArn;
                }
            }
        }
        return certificateArn;
    }
}
module.exports = ACMWrapper;