本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
ImportCertificateAuthorityCertificate
下面的 Java 示例演示了如何使用該ImportCertificateAuthorityCertificate操作。
此操作能將簽署的私有 CA 憑證匯入 AWS 私有 CA。在呼叫此作業之前,您必須先呼叫CreateCertificateAuthority作業來建立私有憑證授權單位。然後,您必須呼叫GetCertificateAuthorityCsr作業來產生憑證簽署要求 (CSR)。將 CSR 帶到現場部署的 CA,並使用您的根憑證或次級憑證簽署。建立憑證鏈,並將簽署的憑證和憑證鏈複製到您的工作目錄。
package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.ImportCertificateAuthorityCertificateRequest; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.RequestInProgressException; import com.amazonaws.services.acmpca.model.MalformedCertificateException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import com.amazonaws.services.acmpca.model.ConcurrentModificationException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.CertificateMismatchException; import com.amazonaws.services.acmpca.model.RequestFailedException; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import java.util.Objects; public class ImportCertificateAuthorityCertificate { public static ByteBuffer stringToByteBuffer(final String string) { if (Objects.isNull(string)) { return null; } byte[] bytes = string.getBytes(StandardCharsets.UTF_8); return ByteBuffer.wrap(bytes); } public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create the request object and set the signed certificate, chain and CA ARN. ImportCertificateAuthorityCertificateRequest req = new ImportCertificateAuthorityCertificateRequest(); // Set the signed certificate. String strCertificate = "-----BEGIN CERTIFICATE-----\n" + "base64-encoded certificate\n" + "-----END CERTIFICATE-----\n"; ByteBuffer certByteBuffer = stringToByteBuffer(strCertificate); req.setCertificate(certByteBuffer); // Set the certificate chain. String strCertificateChain = "-----BEGIN CERTIFICATE-----\n" + "base64-encoded certificate\n" + "-----END CERTIFICATE-----\n"; ByteBuffer chainByteBuffer = stringToByteBuffer(strCertificateChain); req.setCertificateChain(chainByteBuffer); // Set the certificate authority ARN. req.withCertificateAuthorityArn("arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566"); // Import the certificate. try { client.importCertificateAuthorityCertificate(req); } catch (CertificateMismatchException ex) { throw ex; } catch (MalformedCertificateException ex) { throw ex; } catch (InvalidArnException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } catch (RequestInProgressException ex) { throw ex; } catch (ConcurrentModificationException ex) { throw ex; } catch (RequestFailedException ex) { throw ex; } } }
