AWS Signer

2020/03/06 - AWS Signer - 5 updated api methods

Changes  This release enables signing image format override in PutSigningProfile requests, adding two more enum fields, JSONEmbedded and JSONDetached. This release also extends the length limit of SigningProfile name from 20 to 64.

DescribeSigningJob (updated) Link ¶
Changes (response)
{'overrides': {'signingImageFormat': 'JSON | JSONEmbedded | JSONDetached'}}

Returns information about a specific code signing job. You specify the job by using the jobId value that is returned by the StartSigningJob operation.

See also: AWS API Documentation

Request Syntax

client.describe_signing_job(
    jobId='string'
)
type jobId

string

param jobId

[REQUIRED]

The ID of the signing job on input.

rtype

dict

returns

Response Syntax

{
    'jobId': 'string',
    'source': {
        's3': {
            'bucketName': 'string',
            'key': 'string',
            'version': 'string'
        }
    },
    'signingMaterial': {
        'certificateArn': 'string'
    },
    'platformId': 'string',
    'profileName': 'string',
    'overrides': {
        'signingConfiguration': {
            'encryptionAlgorithm': 'RSA'|'ECDSA',
            'hashAlgorithm': 'SHA1'|'SHA256'
        },
        'signingImageFormat': 'JSON'|'JSONEmbedded'|'JSONDetached'
    },
    'signingParameters': {
        'string': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'completedAt': datetime(2015, 1, 1),
    'requestedBy': 'string',
    'status': 'InProgress'|'Failed'|'Succeeded',
    'statusReason': 'string',
    'signedObject': {
        's3': {
            'bucketName': 'string',
            'key': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • jobId (string) --

      The ID of the signing job on output.

    • source (dict) --

      The object that contains the name of your S3 bucket or your raw code.

      • s3 (dict) --

        The S3Source object.

        • bucketName (string) --

          Name of the S3 bucket.

        • key (string) --

          Key name of the bucket object that contains your unsigned code.

        • version (string) --

          Version of your source image in your version enabled S3 bucket.

    • signingMaterial (dict) --

      The Amazon Resource Name (ARN) of your code signing certificate.

      • certificateArn (string) --

        The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

    • platformId (string) --

      The microcontroller platform to which your signed code image will be distributed.

    • profileName (string) --

      The name of the profile that initiated the signing operation.

    • overrides (dict) --

      A list of any overrides that were applied to the signing operation.

      • signingConfiguration (dict) --

        A signing configuration that overrides the default encryption or hash algorithm of a signing job.

        • encryptionAlgorithm (string) --

          A specified override of the default encryption algorithm that is used in a code signing job.

        • hashAlgorithm (string) --

          A specified override of the default hash algorithm that is used in a code signing job.

      • signingImageFormat (string) --

        A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached . (A third format value, JSON , is reserved for future use.) With JSONEmbedded , the signing image has the payload embedded in it. With JSONDetached , the payload is not be embedded in the signing image.

    • signingParameters (dict) --

      Map of user-assigned key-value pairs used during signing. These values contain any information that you specified for use in your signing job.

      • (string) --

        • (string) --

    • createdAt (datetime) --

      Date and time that the signing job was created.

    • completedAt (datetime) --

      Date and time that the signing job was completed.

    • requestedBy (string) --

      The IAM principal that requested the signing job.

    • status (string) --

      Status of the signing job.

    • statusReason (string) --

      String value that contains the status reason.

    • signedObject (dict) --

      Name of the S3 bucket where the signed code image is saved by code signing.

      • s3 (dict) --

        The S3SignedObject .

        • bucketName (string) --

          Name of the S3 bucket.

        • key (string) --

          Key name that uniquely identifies a signed code image in your bucket.

GetSigningPlatform (updated) Link ¶
Changes (response)
{'signingImageFormat': {'defaultFormat': {'JSONEmbedded', 'JSONDetached'},
                        'supportedFormats': {'JSONEmbedded', 'JSONDetached'}}}

Returns information on a specific signing platform.

See also: AWS API Documentation

Request Syntax

client.get_signing_platform(
    platformId='string'
)
type platformId

string

param platformId

[REQUIRED]

The ID of the target signing platform.

rtype

dict

returns

Response Syntax

{
    'platformId': 'string',
    'displayName': 'string',
    'partner': 'string',
    'target': 'string',
    'category': 'AWSIoT',
    'signingConfiguration': {
        'encryptionAlgorithmOptions': {
            'allowedValues': [
                'RSA'|'ECDSA',
            ],
            'defaultValue': 'RSA'|'ECDSA'
        },
        'hashAlgorithmOptions': {
            'allowedValues': [
                'SHA1'|'SHA256',
            ],
            'defaultValue': 'SHA1'|'SHA256'
        }
    },
    'signingImageFormat': {
        'supportedFormats': [
            'JSON'|'JSONEmbedded'|'JSONDetached',
        ],
        'defaultFormat': 'JSON'|'JSONEmbedded'|'JSONDetached'
    },
    'maxSizeInMB': 123
}

Response Structure

  • (dict) --

    • platformId (string) --

      The ID of the target signing platform.

    • displayName (string) --

      The display name of the target signing platform.

    • partner (string) --

      A list of partner entities that use the target signing platform.

    • target (string) --

      The validation template that is used by the target signing platform.

    • category (string) --

      The category type of the target signing platform.

    • signingConfiguration (dict) --

      A list of configurations applied to the target platform at signing.

      • encryptionAlgorithmOptions (dict) --

        The encryption algorithm options that are available for a code signing job.

        • allowedValues (list) --

          The set of accepted encryption algorithms that are allowed in a code signing job.

          • (string) --

        • defaultValue (string) --

          The default encryption algorithm that is used by a code signing job.

      • hashAlgorithmOptions (dict) --

        The hash algorithm options that are available for a code signing job.

        • allowedValues (list) --

          The set of accepted hash algorithms allowed in a code signing job.

          • (string) --

        • defaultValue (string) --

          The default hash algorithm that is used in a code signing job.

    • signingImageFormat (dict) --

      The format of the target platform's signing image.

      • supportedFormats (list) --

        The supported formats of a code signing image.

        • (string) --

      • defaultFormat (string) --

        The default format of a code signing image.

    • maxSizeInMB (integer) --

      The maximum size (in MB) of the payload that can be signed by the target platform.

GetSigningProfile (updated) Link ¶
Changes (response)
{'overrides': {'signingImageFormat': 'JSON | JSONEmbedded | JSONDetached'}}

Returns information on a specific signing profile.

See also: AWS API Documentation

Request Syntax

client.get_signing_profile(
    profileName='string'
)
type profileName

string

param profileName

[REQUIRED]

The name of the target signing profile.

rtype

dict

returns

Response Syntax

{
    'profileName': 'string',
    'signingMaterial': {
        'certificateArn': 'string'
    },
    'platformId': 'string',
    'overrides': {
        'signingConfiguration': {
            'encryptionAlgorithm': 'RSA'|'ECDSA',
            'hashAlgorithm': 'SHA1'|'SHA256'
        },
        'signingImageFormat': 'JSON'|'JSONEmbedded'|'JSONDetached'
    },
    'signingParameters': {
        'string': 'string'
    },
    'status': 'Active'|'Canceled',
    'arn': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • profileName (string) --

      The name of the target signing profile.

    • signingMaterial (dict) --

      The ARN of the certificate that the target profile uses for signing operations.

      • certificateArn (string) --

        The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

    • platformId (string) --

      The ID of the platform that is used by the target signing profile.

    • overrides (dict) --

      A list of overrides applied by the target signing profile for signing operations.

      • signingConfiguration (dict) --

        A signing configuration that overrides the default encryption or hash algorithm of a signing job.

        • encryptionAlgorithm (string) --

          A specified override of the default encryption algorithm that is used in a code signing job.

        • hashAlgorithm (string) --

          A specified override of the default hash algorithm that is used in a code signing job.

      • signingImageFormat (string) --

        A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached . (A third format value, JSON , is reserved for future use.) With JSONEmbedded , the signing image has the payload embedded in it. With JSONDetached , the payload is not be embedded in the signing image.

    • signingParameters (dict) --

      A map of key-value pairs for signing operations that is attached to the target signing profile.

      • (string) --

        • (string) --

    • status (string) --

      The status of the target signing profile.

    • arn (string) --

      The Amazon Resource Name (ARN) for the signing profile.

    • tags (dict) --

      A list of tags associated with the signing profile.

      • (string) --

        • (string) --

ListSigningPlatforms (updated) Link ¶
Changes (response)
{'platforms': {'signingImageFormat': {'defaultFormat': {'JSONDetached',
                                                        'JSONEmbedded'},
                                      'supportedFormats': {'JSONDetached',
                                                           'JSONEmbedded'}}}}

Lists all signing platforms available in code signing that match the request parameters. If additional jobs remain to be listed, code signing returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that code signing returns in the nextToken parameter until all of your signing jobs have been returned.

See also: AWS API Documentation

Request Syntax

client.list_signing_platforms(
    category='string',
    partner='string',
    target='string',
    maxResults=123,
    nextToken='string'
)
type category

string

param category

The category type of a signing platform.

type partner

string

param partner

Any partner entities connected to a signing platform.

type target

string

param target

The validation template that is used by the target signing platform.

type maxResults

integer

param maxResults

The maximum number of results to be returned by this operation.

type nextToken

string

param nextToken

Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of nextToken from the response that you just received.

rtype

dict

returns

Response Syntax

{
    'platforms': [
        {
            'platformId': 'string',
            'displayName': 'string',
            'partner': 'string',
            'target': 'string',
            'category': 'AWSIoT',
            'signingConfiguration': {
                'encryptionAlgorithmOptions': {
                    'allowedValues': [
                        'RSA'|'ECDSA',
                    ],
                    'defaultValue': 'RSA'|'ECDSA'
                },
                'hashAlgorithmOptions': {
                    'allowedValues': [
                        'SHA1'|'SHA256',
                    ],
                    'defaultValue': 'SHA1'|'SHA256'
                }
            },
            'signingImageFormat': {
                'supportedFormats': [
                    'JSON'|'JSONEmbedded'|'JSONDetached',
                ],
                'defaultFormat': 'JSON'|'JSONEmbedded'|'JSONDetached'
            },
            'maxSizeInMB': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • platforms (list) --

      A list of all platforms that match the request parameters.

      • (dict) --

        Contains information about the signing configurations and parameters that are used to perform a code signing job.

        • platformId (string) --

          The ID of a code signing; platform.

        • displayName (string) --

          The display name of a code signing platform.

        • partner (string) --

          Any partner entities linked to a code signing platform.

        • target (string) --

          The types of targets that can be signed by a code signing platform.

        • category (string) --

          The category of a code signing platform.

        • signingConfiguration (dict) --

          The configuration of a code signing platform. This includes the designated hash algorithm and encryption algorithm of a signing platform.

          • encryptionAlgorithmOptions (dict) --

            The encryption algorithm options that are available for a code signing job.

            • allowedValues (list) --

              The set of accepted encryption algorithms that are allowed in a code signing job.

              • (string) --

            • defaultValue (string) --

              The default encryption algorithm that is used by a code signing job.

          • hashAlgorithmOptions (dict) --

            The hash algorithm options that are available for a code signing job.

            • allowedValues (list) --

              The set of accepted hash algorithms allowed in a code signing job.

              • (string) --

            • defaultValue (string) --

              The default hash algorithm that is used in a code signing job.

        • signingImageFormat (dict) --

          The image format of a code signing platform or profile.

          • supportedFormats (list) --

            The supported formats of a code signing image.

            • (string) --

          • defaultFormat (string) --

            The default format of a code signing image.

        • maxSizeInMB (integer) --

          The maximum size (in MB) of code that can be signed by a code signing platform.

    • nextToken (string) --

      Value for specifying the next set of paginated results to return.

PutSigningProfile (updated) Link ¶
Changes (request)
{'overrides': {'signingImageFormat': 'JSON | JSONEmbedded | JSONDetached'}}

Creates a signing profile. A signing profile is a code signing template that can be used to carry out a pre-defined signing job. For more information, see http://docs.aws.amazon.com/signer/latest/developerguide/gs-profile.html

See also: AWS API Documentation

Request Syntax

client.put_signing_profile(
    profileName='string',
    signingMaterial={
        'certificateArn': 'string'
    },
    platformId='string',
    overrides={
        'signingConfiguration': {
            'encryptionAlgorithm': 'RSA'|'ECDSA',
            'hashAlgorithm': 'SHA1'|'SHA256'
        },
        'signingImageFormat': 'JSON'|'JSONEmbedded'|'JSONDetached'
    },
    signingParameters={
        'string': 'string'
    },
    tags={
        'string': 'string'
    }
)
type profileName

string

param profileName

[REQUIRED]

The name of the signing profile to be created.

type signingMaterial

dict

param signingMaterial

[REQUIRED]

The AWS Certificate Manager certificate that will be used to sign code with the new signing profile.

  • certificateArn (string) -- [REQUIRED]

    The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

type platformId

string

param platformId

[REQUIRED]

The ID of the signing platform to be created.

type overrides

dict

param overrides

A subfield of platform . This specifies any different configuration options that you want to apply to the chosen platform (such as a different hash-algorithm or signing-algorithm ).

  • signingConfiguration (dict) --

    A signing configuration that overrides the default encryption or hash algorithm of a signing job.

    • encryptionAlgorithm (string) --

      A specified override of the default encryption algorithm that is used in a code signing job.

    • hashAlgorithm (string) --

      A specified override of the default hash algorithm that is used in a code signing job.

  • signingImageFormat (string) --

    A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached . (A third format value, JSON , is reserved for future use.) With JSONEmbedded , the signing image has the payload embedded in it. With JSONDetached , the payload is not be embedded in the signing image.

type signingParameters

dict

param signingParameters

Map of key-value pairs for signing. These can include any information that you want to use during signing.

  • (string) --

    • (string) --

type tags

dict

param tags

Tags to be associated with the signing profile that is being created.

  • (string) --

    • (string) --

rtype

dict

returns

Response Syntax

{
    'arn': 'string'
}

Response Structure

  • (dict) --

    • arn (string) --

      The Amazon Resource Name (ARN) of the signing profile created.