本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
ImportCertificateAuthorityCertificate
以下 Java 示例显示了如何使用该ImportCertificateAuthorityCertificate操作。
此操作可将您的已签名的私有 CA 证书导入到 Amazon 私有 CA 中。在调用此操作之前,必须先通过调用该CreateCertificateAuthority操作创建私有证书颁发机构。然后,您必须通过调用GetCertificateAuthorityCsr操作来生成证书签名请求 (CSR)。将该 CSR 放至本地 CA 并使用您的根或从属证书对其签名。创建证书链并将签名的证书和证书链复制到您的工作目录。
package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.ImportCertificateAuthorityCertificateRequest; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.RequestInProgressException; import com.amazonaws.services.acmpca.model.MalformedCertificateException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import com.amazonaws.services.acmpca.model.ConcurrentModificationException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.CertificateMismatchException; import com.amazonaws.services.acmpca.model.RequestFailedException; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import java.util.Objects; public class ImportCertificateAuthorityCertificate { public static ByteBuffer stringToByteBuffer(final String string) { if (Objects.isNull(string)) { return null; } byte[] bytes = string.getBytes(StandardCharsets.UTF_8); return ByteBuffer.wrap(bytes); } public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create the request object and set the signed certificate, chain and CA ARN. ImportCertificateAuthorityCertificateRequest req = new ImportCertificateAuthorityCertificateRequest(); // Set the signed certificate. String strCertificate = "-----BEGIN CERTIFICATE-----\n" + "base64-encoded certificate\n" + "-----END CERTIFICATE-----\n"; ByteBuffer certByteBuffer = stringToByteBuffer(strCertificate); req.setCertificate(certByteBuffer); // Set the certificate chain. String strCertificateChain = "-----BEGIN CERTIFICATE-----\n" + "base64-encoded certificate\n" + "-----END CERTIFICATE-----\n"; ByteBuffer chainByteBuffer = stringToByteBuffer(strCertificateChain); req.setCertificateChain(chainByteBuffer); // Set the certificate authority ARN. req.withCertificateAuthorityArn("arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566"); // Import the certificate. try { client.importCertificateAuthorityCertificate(req); } catch (CertificateMismatchException ex) { throw ex; } catch (MalformedCertificateException ex) { throw ex; } catch (InvalidArnException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } catch (RequestInProgressException ex) { throw ex; } catch (ConcurrentModificationException ex) { throw ex; } catch (RequestFailedException ex) { throw ex; } } }