本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
下面的例子演示了如何使用該ExportCertificate函數。函數會以 PKCS #8 格式匯出私有憑證授權單位 (CA) 所發行的私有憑證。(無論是發行或匯入的公用憑證,都無法匯ACM出。) 也會匯出憑證鏈和私密金鑰。在此範例中,金鑰的複雜密碼存放在本機檔案。
package com.amazonaws.samples;
import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.certificatemanager.AWSCertificateManagerClientBuilder;
import com.amazonaws.services.certificatemanager.AWSCertificateManager;
import com.amazonaws.services.certificatemanager.model.ExportCertificateRequest;
import com.amazonaws.services.certificatemanager.model.ExportCertificateResult;
import com.amazonaws.services.certificatemanager.model.InvalidArnException;
import com.amazonaws.services.certificatemanager.model.InvalidTagException;
import com.amazonaws.services.certificatemanager.model.ResourceNotFoundException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
public class ExportCertificate {
public static void main(String[] args) throws Exception {
// Retrieve your credentials from the C:\Users\name\.aws\credentials file in Windows
// or the ~/.aws/credentials in Linux.
AWSCredentials credentials = null;
try {
credentials = new ProfileCredentialsProvider().getCredentials();
}
catch (Exception ex) {
throw new AmazonClientException("Cannot load your credentials from file.", ex);
}
// Create a client.
AWSCertificateManager client = AWSCertificateManagerClientBuilder.standard()
.withRegion(Regions.your_region)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.build();
// Initialize a file descriptor for the passphrase file.
RandomAccessFile file_passphrase = null;
// Initialize a buffer for the passphrase.
ByteBuffer buf_passphrase = null;
// Create a file stream for reading the private key passphrase.
try {
file_passphrase = new RandomAccessFile("C:\\Temp\\password.txt", "r");
}
catch (IllegalArgumentException ex) {
throw ex;
}
catch (SecurityException ex) {
throw ex;
}
catch (FileNotFoundException ex) {
throw ex;
}
// Create a channel to map the file.
FileChannel channel_passphrase = file_passphrase.getChannel();
// Map the file to the buffer.
try {
buf_passphrase = channel_passphrase.map(FileChannel.MapMode.READ_ONLY, 0, channel_passphrase.size());
// Clean up after the file is mapped.
channel_passphrase.close();
file_passphrase.close();
}
catch (IOException ex)
{
throw ex;
}
// Create a request object.
ExportCertificateRequest req = new ExportCertificateRequest();
// Set the certificate ARN.
req.withCertificateArn("arn:aws:acm:region:account:"
+"certificate/M12345678-1234-1234-1234-123456789012");
// Set the passphrase.
req.withPassphrase(buf_passphrase);
// Export the certificate.
ExportCertificateResult result = null;
try {
result = client.exportCertificate(req);
}
catch(InvalidArnException ex)
{
throw ex;
}
catch (InvalidTagException ex)
{
throw ex;
}
catch (ResourceNotFoundException ex)
{
throw ex;
}
// Clear the buffer.
buf_passphrase.clear();
// Display the certificate and certificate chain.
String certificate = result.getCertificate();
System.out.println(certificate);
String certificate_chain = result.getCertificateChain();
System.out.println(certificate_chain);
// This example retrieves but does not display the private key.
String private_key = result.getPrivateKey();
}
}