We announced the upcoming end-of-support for AWS SDK for JavaScript v2.
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Class: AWS.Signer

Inherits:
AWS.Service show all
Identifier:
signer
API Version:
2017-08-25
Defined in:
(unknown)

Overview

Constructs a service interface object. Each API operation is exposed as a function on service.

Service Description

AWS Signer is a fully managed code-signing service to help you ensure the trust and integrity of your code.

Signer supports the following applications:

With code signing for AWS Lambda, you can sign AWS Lambda deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch, and AWS CloudTrail. In order to sign code, you create a signing profile and then use Signer to sign Lambda zip files in S3.

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code-signing certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

With Signer and the Notation CLI from the Notary
 Project, you can sign container images stored in a container registry such as Amazon Elastic Container Registry (ECR). The signatures are stored in the registry alongside the images, where they are available for verifying image authenticity and integrity.

For more information about Signer, see the AWS Signer Developer Guide.

Sending a Request Using Signer

var signer = new AWS.Signer();
signer.addProfilePermission(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Locking the API Version

In order to ensure that the Signer object uses this specific API, you can construct the object by passing the apiVersion option to the constructor:

var signer = new AWS.Signer({apiVersion: '2017-08-25'});

You can also set the API version globally in AWS.config.apiVersions using the signer service identifier:

AWS.config.apiVersions = {
  signer: '2017-08-25',
  // other service API versions
};

var signer = new AWS.Signer();

Version:

  • 2017-08-25

Waiter Resource States

This service supports a list of resource states that can be polled using the waitFor() method. The resource states are:

successfulSigningJob

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Service

apiVersions

Method Summary collapse

Methods inherited from AWS.Service

makeRequest, makeUnauthenticatedRequest, setupRequestListeners, defineService

Constructor Details

new AWS.Signer(options = {}) ⇒ Object

Constructs a service object. This object has one method for each API operation.

Examples:

Constructing a Signer object

var signer = new AWS.Signer({apiVersion: '2017-08-25'});

Options Hash (options):

  • params (map)

    An optional map of parameters to bind to every request sent by this service object. For more information on bound parameters, see "Working with Services" in the Getting Started Guide.

  • endpoint (String|AWS.Endpoint)

    The endpoint URI to send requests to. The default endpoint is built from the configured region. The endpoint should be a string like 'https://{service}.{region}.amazonaws.com' or an Endpoint object.

  • accessKeyId (String)

    your AWS access key ID.

  • secretAccessKey (String)

    your AWS secret access key.

  • sessionToken (AWS.Credentials)

    the optional AWS session token to sign requests with.

  • credentials (AWS.Credentials)

    the AWS credentials to sign requests with. You can either specify this object, or specify the accessKeyId and secretAccessKey options directly.

  • credentialProvider (AWS.CredentialProviderChain)

    the provider chain used to resolve credentials if no static credentials property is set.

  • region (String)

    the region to send service requests to. See AWS.Signer.region for more information.

  • maxRetries (Integer)

    the maximum amount of retries to attempt with a request. See AWS.Signer.maxRetries for more information.

  • maxRedirects (Integer)

    the maximum amount of redirects to follow with a request. See AWS.Signer.maxRedirects for more information.

  • sslEnabled (Boolean)

    whether to enable SSL for requests.

  • paramValidation (Boolean|map)

    whether input parameters should be validated against the operation description before sending the request. Defaults to true. Pass a map to enable any of the following specific validation features:

    • min [Boolean] — Validates that a value meets the min constraint. This is enabled by default when paramValidation is set to true.
    • max [Boolean] — Validates that a value meets the max constraint.
    • pattern [Boolean] — Validates that a string value matches a regular expression.
    • enum [Boolean] — Validates that a string value matches one of the allowable enum values.
  • computeChecksums (Boolean)

    whether to compute checksums for payload bodies when the service accepts it (currently supported in S3 only)

  • convertResponseTypes (Boolean)

    whether types are converted when parsing response data. Currently only supported for JSON based services. Turning this off may improve performance on large response payloads. Defaults to true.

  • correctClockSkew (Boolean)

    whether to apply a clock skew correction and retry requests that fail because of an skewed client clock. Defaults to false.

  • s3ForcePathStyle (Boolean)

    whether to force path style URLs for S3 objects.

  • s3BucketEndpoint (Boolean)

    whether the provided endpoint addresses an individual bucket (false if it addresses the root API endpoint). Note that setting this configuration option requires an endpoint to be provided explicitly to the service constructor.

  • s3DisableBodySigning (Boolean)

    whether S3 body signing should be disabled when using signature version v4. Body signing can only be disabled when using https. Defaults to true.

  • s3UsEast1RegionalEndpoint ('legacy'|'regional')

    when region is set to 'us-east-1', whether to send s3 request to global endpoints or 'us-east-1' regional endpoints. This config is only applicable to S3 client. Defaults to legacy

  • s3UseArnRegion (Boolean)

    whether to override the request region with the region inferred from requested resource's ARN. Only available for S3 buckets Defaults to true

  • retryDelayOptions (map)

    A set of options to configure the retry delay on retryable errors. Currently supported options are:

    • base [Integer] — The base number of milliseconds to use in the exponential backoff for operation retries. Defaults to 100 ms for all services except DynamoDB, where it defaults to 50ms.
    • customBackoff [function] — A custom function that accepts a retry count and error and returns the amount of time to delay in milliseconds. If the result is a non-zero negative value, no further retry attempts will be made. The base option will be ignored if this option is supplied. The function is only called for retryable errors.
  • httpOptions (map)

    A set of options to pass to the low-level HTTP request. Currently supported options are:

    • proxy [String] — the URL to proxy requests through
    • agent [http.Agent, https.Agent] — the Agent object to perform HTTP requests with. Used for connection pooling. Defaults to the global agent (http.globalAgent) for non-SSL connections. Note that for SSL connections, a special Agent object is used in order to enable peer certificate verification. This feature is only available in the Node.js environment.
    • connectTimeout [Integer] — Sets the socket to timeout after failing to establish a connection with the server after connectTimeout milliseconds. This timeout has no effect once a socket connection has been established.
    • timeout [Integer] — Sets the socket to timeout after timeout milliseconds of inactivity on the socket. Defaults to two minutes (120000).
    • xhrAsync [Boolean] — Whether the SDK will send asynchronous HTTP requests. Used in the browser environment only. Set to false to send requests synchronously. Defaults to true (async on).
    • xhrWithCredentials [Boolean] — Sets the "withCredentials" property of an XMLHttpRequest object. Used in the browser environment only. Defaults to false.
  • apiVersion (String, Date)

    a String in YYYY-MM-DD format (or a date) that represents the latest possible API version that can be used in all services (unless overridden by apiVersions). Specify 'latest' to use the latest possible version.

  • apiVersions (map<String, String|Date>)

    a map of service identifiers (the lowercase service class name) with the API version to use when instantiating a service. Specify 'latest' for each individual that can use the latest available version.

  • logger (#write, #log)

    an object that responds to .write() (like a stream) or .log() (like the console object) in order to log information about requests

  • systemClockOffset (Number)

    an offset value in milliseconds to apply to all signing times. Use this to compensate for clock skew when your system may be out of sync with the service time. Note that this configuration option can only be applied to the global AWS.config object and cannot be overridden in service-specific configuration. Defaults to 0 milliseconds.

  • signatureVersion (String)

    the signature version to sign requests with (overriding the API configuration). Possible values are: 'v2', 'v3', 'v4'.

  • signatureCache (Boolean)

    whether the signature to sign requests with (overriding the API configuration) is cached. Only applies to the signature version 'v4'. Defaults to true.

  • dynamoDbCrc32 (Boolean)

    whether to validate the CRC32 checksum of HTTP response bodies returned by DynamoDB. Default: true.

  • useAccelerateEndpoint (Boolean)

    Whether to use the S3 Transfer Acceleration endpoint with the S3 service. Default: false.

  • clientSideMonitoring (Boolean)

    whether to collect and publish this client's performance metrics of all its API requests.

  • endpointDiscoveryEnabled (Boolean|undefined)

    whether to call operations with endpoints given by service dynamically. Setting this

  • endpointCacheSize (Number)

    the size of the global cache storing endpoints from endpoint discovery operations. Once endpoint cache is created, updating this setting cannot change existing cache size. Defaults to 1000

  • hostPrefixEnabled (Boolean)

    whether to marshal request parameters to the prefix of hostname. Defaults to true.

  • stsRegionalEndpoints ('legacy'|'regional')

    whether to send sts request to global endpoints or regional endpoints. Defaults to 'legacy'.

  • useFipsEndpoint (Boolean)

    Enables FIPS compatible endpoints. Defaults to false.

  • useDualstackEndpoint (Boolean)

    Enables IPv6 dualstack endpoint. Defaults to false.

Property Details

endpointAWS.Endpoint (readwrite)

Returns an Endpoint object representing the endpoint URL for service requests.

Returns:

  • (AWS.Endpoint)

    an Endpoint object representing the endpoint URL for service requests.

Method Details

addProfilePermission(params = {}, callback) ⇒ AWS.Request

Adds cross-account permissions to a signing profile.

Service Reference:

Examples:

Calling the addProfilePermission operation

var params = {
  action: 'STRING_VALUE', /* required */
  principal: 'STRING_VALUE', /* required */
  profileName: 'STRING_VALUE', /* required */
  statementId: 'STRING_VALUE', /* required */
  profileVersion: 'STRING_VALUE',
  revisionId: 'STRING_VALUE'
};
signer.addProfilePermission(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      The human-readable name of the signing profile.

    • profileVersion — (String)

      The version of the signing profile.

    • action — (String)

      For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see Using cross-account signing with signing profiles in the AWS Signer Developer Guide.

      You can designate the following actions to an account.

      • signer:StartSigningJob. This action isn't supported for container image workflows. For details, see StartSigningJob.

      • signer:SignPayload. This action isn't supported for AWS Lambda workflows. For details, see SignPayload

      • signer:GetSigningProfile. For details, see GetSigningProfile.

      • signer:RevokeSignature. For details, see RevokeSignature.

    • principal — (String)

      The AWS principal receiving cross-account permissions. This may be an IAM role or another AWS account ID.

    • revisionId — (String)

      A unique identifier for the current profile revision.

    • statementId — (String)

      A unique identifier for the cross-account permission statement.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • revisionId — (String)

        A unique identifier for the current profile revision.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

cancelSigningProfile(params = {}, callback) ⇒ AWS.Request

Changes the state of an ACTIVE signing profile to CANCELED. A canceled profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs, and is deleted two years after cancelation.

Service Reference:

Examples:

Calling the cancelSigningProfile operation

var params = {
  profileName: 'STRING_VALUE' /* required */
};
signer.cancelSigningProfile(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      The name of the signing profile to be canceled.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeSigningJob(params = {}, callback) ⇒ AWS.Request

Returns information about a specific code signing job. You specify the job by using the jobId value that is returned by the StartSigningJob operation.

Service Reference:

Examples:

Calling the describeSigningJob operation

var params = {
  jobId: 'STRING_VALUE' /* required */
};
signer.describeSigningJob(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • jobId — (String)

      The ID of the signing job on input.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • jobId — (String)

        The ID of the signing job on output.

      • source — (map)

        The object that contains the name of your S3 bucket or your raw code.

        • s3 — (map)

          The S3Source object.

          • bucketNamerequired — (String)

            Name of the S3 bucket.

          • keyrequired — (String)

            Key name of the bucket object that contains your unsigned code.

          • versionrequired — (String)

            Version of your source image in your version enabled S3 bucket.

      • signingMaterial — (map)

        The Amazon Resource Name (ARN) of your code signing certificate.

        • certificateArnrequired — (String)

          The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

      • platformId — (String)

        The microcontroller platform to which your signed code image will be distributed.

      • platformDisplayName — (String)

        A human-readable name for the signing platform associated with the signing job.

      • profileName — (String)

        The name of the profile that initiated the signing operation.

      • profileVersion — (String)

        The version of the signing profile used to initiate the signing job.

      • overrides — (map)

        A list of any overrides that were applied to the signing operation.

        • signingConfiguration — (map)

          A signing configuration that overrides the default encryption or hash algorithm of a signing job.

          • encryptionAlgorithm — (String)

            A specified override of the default encryption algorithm that is used in a code-signing job.

            Possible values include:
            • "RSA"
            • "ECDSA"
          • hashAlgorithm — (String)

            A specified override of the default hash algorithm that is used in a code-signing job.

            Possible values include:
            • "SHA1"
            • "SHA256"
        • signingImageFormat — (String)

          A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached. (A third format value, JSON, is reserved for future use.) With JSONEmbedded, the signing image has the payload embedded in it. With JSONDetached, the payload is not be embedded in the signing image.

          Possible values include:
          • "JSON"
          • "JSONEmbedded"
          • "JSONDetached"
      • signingParameters — (map<String>)

        Map of user-assigned key-value pairs used during signing. These values contain any information that you specified for use in your signing job.

      • createdAt — (Date)

        Date and time that the signing job was created.

      • completedAt — (Date)

        Date and time that the signing job was completed.

      • signatureExpiresAt — (Date)

        Thr expiration timestamp for the signature generated by the signing job.

      • requestedBy — (String)

        The IAM principal that requested the signing job.

      • status — (String)

        Status of the signing job.

        Possible values include:
        • "InProgress"
        • "Failed"
        • "Succeeded"
      • statusReason — (String)

        String value that contains the status reason.

      • revocationRecord — (map)

        A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.

        • reason — (String)

          A caller-supplied reason for revocation.

        • revokedAt — (Date)

          The time of revocation.

        • revokedBy — (String)

          The identity of the revoker.

      • signedObject — (map)

        Name of the S3 bucket where the signed code image is saved by AWS Signer.

        • s3 — (map)

          The S3SignedObject.

          • bucketName — (String)

            Name of the S3 bucket.

          • key — (String)

            Key name that uniquely identifies a signed code image in your bucket.

      • jobOwner — (String)

        The AWS account ID of the job owner.

      • jobInvoker — (String)

        The IAM entity that initiated the signing job.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

Waiter Resource States:

getRevocationStatus(params = {}, callback) ⇒ AWS.Request

Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.

Service Reference:

Examples:

Calling the getRevocationStatus operation

var params = {
  certificateHashes: [ /* required */
    'STRING_VALUE',
    /* more items */
  ],
  jobArn: 'STRING_VALUE', /* required */
  platformId: 'STRING_VALUE', /* required */
  profileVersionArn: 'STRING_VALUE', /* required */
  signatureTimestamp: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789 /* required */
};
signer.getRevocationStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • signatureTimestamp — (Date)

      The timestamp of the signature that validates the profile or job.

    • platformId — (String)

      The ID of a signing platform.

    • profileVersionArn — (String)

      The version of a signing profile.

    • jobArn — (String)

      The ARN of a signing job.

    • certificateHashes — (Array<String>)

      A list of composite signed hashes that identify certificates.

      A certificate identifier consists of a subject certificate TBS hash (signed by the parent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root certificates are defined as their own CA.

      The following example shows how to calculate a hash for this parameter using OpenSSL commands:

      openssl asn1parse -in childCert.pem -strparse 4 -out childCert.tbs

      openssl sha384 < childCert.tbs -binary > childCertTbsHash

      openssl asn1parse -in parentCert.pem -strparse 4 -out parentCert.tbs

      openssl sha384 < parentCert.tbs -binary > parentCertTbsHash xxd -p childCertTbsHash > certificateHash.hex xxd -p parentCertTbsHash >> certificateHash.hex

      cat certificateHash.hex | tr -d '\n'

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • revokedEntities — (Array<String>)

        A list of revoked entities (including zero or more of the signing profile ARN, signing job ARN, and certificate hashes) supplied as input to the API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getSigningPlatform(params = {}, callback) ⇒ AWS.Request

Returns information on a specific signing platform.

Service Reference:

Examples:

Calling the getSigningPlatform operation

var params = {
  platformId: 'STRING_VALUE' /* required */
};
signer.getSigningPlatform(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • platformId — (String)

      The ID of the target signing platform.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • platformId — (String)

        The ID of the target signing platform.

      • displayName — (String)

        The display name of the target signing platform.

      • partner — (String)

        A list of partner entities that use the target signing platform.

      • target — (String)

        The validation template that is used by the target signing platform.

      • category — (String)

        The category type of the target signing platform.

        Possible values include:
        • "AWSIoT"
      • signingConfiguration — (map)

        A list of configurations applied to the target platform at signing.

        • encryptionAlgorithmOptionsrequired — (map)

          The encryption algorithm options that are available for a code-signing job.

          • allowedValuesrequired — (Array<String>)

            The set of accepted encryption algorithms that are allowed in a code-signing job.

          • defaultValuerequired — (String)

            The default encryption algorithm that is used by a code-signing job.

            Possible values include:
            • "RSA"
            • "ECDSA"
        • hashAlgorithmOptionsrequired — (map)

          The hash algorithm options that are available for a code-signing job.

          • allowedValuesrequired — (Array<String>)

            The set of accepted hash algorithms allowed in a code-signing job.

          • defaultValuerequired — (String)

            The default hash algorithm that is used in a code-signing job.

            Possible values include:
            • "SHA1"
            • "SHA256"
      • signingImageFormat — (map)

        The format of the target platform's signing image.

        • supportedFormatsrequired — (Array<String>)

          The supported formats of a signing image.

        • defaultFormatrequired — (String)

          The default format of a signing image.

          Possible values include:
          • "JSON"
          • "JSONEmbedded"
          • "JSONDetached"
      • maxSizeInMB — (Integer)

        The maximum size (in MB) of the payload that can be signed by the target platform.

      • revocationSupported — (Boolean)

        A flag indicating whether signatures generated for the signing platform can be revoked.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getSigningProfile(params = {}, callback) ⇒ AWS.Request

Returns information on a specific signing profile.

Service Reference:

Examples:

Calling the getSigningProfile operation

var params = {
  profileName: 'STRING_VALUE', /* required */
  profileOwner: 'STRING_VALUE'
};
signer.getSigningProfile(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      The name of the target signing profile.

    • profileOwner — (String)

      The AWS account ID of the profile owner.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • profileName — (String)

        The name of the target signing profile.

      • profileVersion — (String)

        The current version of the signing profile.

      • profileVersionArn — (String)

        The signing profile ARN, including the profile version.

      • revocationRecord — (map)

        Revocation information for a signing profile.

        • revocationEffectiveFrom — (Date)

          The time when revocation becomes effective.

        • revokedAt — (Date)

          The time when the signing profile was revoked.

        • revokedBy — (String)

          The identity of the revoker.

      • signingMaterial — (map)

        The ARN of the certificate that the target profile uses for signing operations.

        • certificateArnrequired — (String)

          The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

      • platformId — (String)

        The ID of the platform that is used by the target signing profile.

      • platformDisplayName — (String)

        A human-readable name for the signing platform associated with the signing profile.

      • signatureValidityPeriod — (map)

        The validity period for a signing job.

        • value — (Integer)

          The numerical value of the time unit for signature validity.

        • type — (String)

          The time unit for signature validity.

          Possible values include:
          • "DAYS"
          • "MONTHS"
          • "YEARS"
      • overrides — (map)

        A list of overrides applied by the target signing profile for signing operations.

        • signingConfiguration — (map)

          A signing configuration that overrides the default encryption or hash algorithm of a signing job.

          • encryptionAlgorithm — (String)

            A specified override of the default encryption algorithm that is used in a code-signing job.

            Possible values include:
            • "RSA"
            • "ECDSA"
          • hashAlgorithm — (String)

            A specified override of the default hash algorithm that is used in a code-signing job.

            Possible values include:
            • "SHA1"
            • "SHA256"
        • signingImageFormat — (String)

          A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached. (A third format value, JSON, is reserved for future use.) With JSONEmbedded, the signing image has the payload embedded in it. With JSONDetached, the payload is not be embedded in the signing image.

          Possible values include:
          • "JSON"
          • "JSONEmbedded"
          • "JSONDetached"
      • signingParameters — (map<String>)

        A map of key-value pairs for signing operations that is attached to the target signing profile.

      • status — (String)

        The status of the target signing profile.

        Possible values include:
        • "Active"
        • "Canceled"
        • "Revoked"
      • statusReason — (String)

        Reason for the status of the target signing profile.

      • arn — (String)

        The Amazon Resource Name (ARN) for the signing profile.

      • tags — (map<String>)

        A list of tags associated with the signing profile.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listProfilePermissions(params = {}, callback) ⇒ AWS.Request

Lists the cross-account permissions associated with a signing profile.

Service Reference:

Examples:

Calling the listProfilePermissions operation

var params = {
  profileName: 'STRING_VALUE', /* required */
  nextToken: 'STRING_VALUE'
};
signer.listProfilePermissions(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      Name of the signing profile containing the cross-account permissions.

    • nextToken — (String)

      String for specifying the next set of paginated results.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • revisionId — (String)

        The identifier for the current revision of profile permissions.

      • policySizeBytes — (Integer)

        Total size of the policy associated with the Signing Profile in bytes.

      • permissions — (Array<map>)

        List of permissions associated with the Signing Profile.

        • action — (String)

          An AWS Signer action permitted as part of cross-account permissions.

        • principal — (String)

          The AWS principal that has been granted a cross-account permission.

        • statementId — (String)

          A unique identifier for a cross-account permission statement.

        • profileVersion — (String)

          The signing profile version that a permission applies to.

      • nextToken — (String)

        String for specifying the next set of paginated results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listSigningJobs(params = {}, callback) ⇒ AWS.Request

Lists all your signing jobs. You can use the maxResults parameter to limit the number of signing jobs that are returned in the response. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.

Service Reference:

Examples:

Calling the listSigningJobs operation

var params = {
  isRevoked: true || false,
  jobInvoker: 'STRING_VALUE',
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  platformId: 'STRING_VALUE',
  requestedBy: 'STRING_VALUE',
  signatureExpiresAfter: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
  signatureExpiresBefore: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
  status: InProgress | Failed | Succeeded
};
signer.listSigningJobs(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • status — (String)

      A status value with which to filter your results.

      Possible values include:
      • "InProgress"
      • "Failed"
      • "Succeeded"
    • platformId — (String)

      The ID of microcontroller platform that you specified for the distribution of your code image.

    • requestedBy — (String)

      The IAM principal that requested the signing job.

    • maxResults — (Integer)

      Specifies the maximum number of items to return in the response. Use this parameter when paginating results. If additional items exist beyond the number you specify, the nextToken element is set in the response. Use the nextToken value in a subsequent request to retrieve additional items.

    • nextToken — (String)

      String for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of nextToken from the response that you just received.

    • isRevoked — (Boolean)

      Filters results to return only signing jobs with revoked signatures.

    • signatureExpiresBefore — (Date)

      Filters results to return only signing jobs with signatures expiring before a specified timestamp.

    • signatureExpiresAfter — (Date)

      Filters results to return only signing jobs with signatures expiring after a specified timestamp.

    • jobInvoker — (String)

      Filters results to return only signing jobs initiated by a specified IAM entity.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • jobs — (Array<map>)

        A list of your signing jobs.

        • jobId — (String)

          The ID of the signing job.

        • source — (map)

          A Source that contains information about a signing job's code image source.

          • s3 — (map)

            The S3Source object.

            • bucketNamerequired — (String)

              Name of the S3 bucket.

            • keyrequired — (String)

              Key name of the bucket object that contains your unsigned code.

            • versionrequired — (String)

              Version of your source image in your version enabled S3 bucket.

        • signedObject — (map)

          A SignedObject structure that contains information about a signing job's signed code image.

          • s3 — (map)

            The S3SignedObject.

            • bucketName — (String)

              Name of the S3 bucket.

            • key — (String)

              Key name that uniquely identifies a signed code image in your bucket.

        • signingMaterial — (map)

          A SigningMaterial object that contains the Amazon Resource Name (ARN) of the certificate used for the signing job.

          • certificateArnrequired — (String)

            The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

        • createdAt — (Date)

          The date and time that the signing job was created.

        • status — (String)

          The status of the signing job.

          Possible values include:
          • "InProgress"
          • "Failed"
          • "Succeeded"
        • isRevoked — (Boolean)

          Indicates whether the signing job is revoked.

        • profileName — (String)

          The name of the signing profile that created a signing job.

        • profileVersion — (String)

          The version of the signing profile that created a signing job.

        • platformId — (String)

          The unique identifier for a signing platform.

        • platformDisplayName — (String)

          The name of a signing platform.

        • signatureExpiresAt — (Date)

          The time when the signature of a signing job expires.

        • jobOwner — (String)

          The AWS account ID of the job owner.

        • jobInvoker — (String)

          The AWS account ID of the job invoker.

      • nextToken — (String)

        String for specifying the next set of paginated results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listSigningPlatforms(params = {}, callback) ⇒ AWS.Request

Lists all signing platforms available in AWS Signer that match the request parameters. If additional jobs remain to be listed, Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.

Service Reference:

Examples:

Calling the listSigningPlatforms operation

var params = {
  category: 'STRING_VALUE',
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  partner: 'STRING_VALUE',
  target: 'STRING_VALUE'
};
signer.listSigningPlatforms(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • category — (String)

      The category type of a signing platform.

    • partner — (String)

      Any partner entities connected to a signing platform.

    • target — (String)

      The validation template that is used by the target signing platform.

    • maxResults — (Integer)

      The maximum number of results to be returned by this operation.

    • nextToken — (String)

      Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of nextToken from the response that you just received.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • platforms — (Array<map>)

        A list of all platforms that match the request parameters.

        • platformId — (String)

          The ID of a signing platform.

        • displayName — (String)

          The display name of a signing platform.

        • partner — (String)

          Any partner entities linked to a signing platform.

        • target — (String)

          The types of targets that can be signed by a signing platform.

        • category — (String)

          The category of a signing platform.

          Possible values include:
          • "AWSIoT"
        • signingConfiguration — (map)

          The configuration of a signing platform. This includes the designated hash algorithm and encryption algorithm of a signing platform.

          • encryptionAlgorithmOptionsrequired — (map)

            The encryption algorithm options that are available for a code-signing job.

            • allowedValuesrequired — (Array<String>)

              The set of accepted encryption algorithms that are allowed in a code-signing job.

            • defaultValuerequired — (String)

              The default encryption algorithm that is used by a code-signing job.

              Possible values include:
              • "RSA"
              • "ECDSA"
          • hashAlgorithmOptionsrequired — (map)

            The hash algorithm options that are available for a code-signing job.

            • allowedValuesrequired — (Array<String>)

              The set of accepted hash algorithms allowed in a code-signing job.

            • defaultValuerequired — (String)

              The default hash algorithm that is used in a code-signing job.

              Possible values include:
              • "SHA1"
              • "SHA256"
        • signingImageFormat — (map)

          The image format of a AWS Signer platform or profile.

          • supportedFormatsrequired — (Array<String>)

            The supported formats of a signing image.

          • defaultFormatrequired — (String)

            The default format of a signing image.

            Possible values include:
            • "JSON"
            • "JSONEmbedded"
            • "JSONDetached"
        • maxSizeInMB — (Integer)

          The maximum size (in MB) of code that can be signed by a signing platform.

        • revocationSupported — (Boolean)

          Indicates whether revocation is supported for the platform.

      • nextToken — (String)

        Value for specifying the next set of paginated results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listSigningProfiles(params = {}, callback) ⇒ AWS.Request

Lists all available signing profiles in your AWS account. Returns only profiles with an ACTIVE status unless the includeCanceled request field is set to true. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.

Service Reference:

Examples:

Calling the listSigningProfiles operation

var params = {
  includeCanceled: true || false,
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE',
  platformId: 'STRING_VALUE',
  statuses: [
    Active | Canceled | Revoked,
    /* more items */
  ]
};
signer.listSigningProfiles(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • includeCanceled — (Boolean)

      Designates whether to include profiles with the status of CANCELED.

    • maxResults — (Integer)

      The maximum number of profiles to be returned.

    • nextToken — (String)

      Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of nextToken from the response that you just received.

    • platformId — (String)

      Filters results to return only signing jobs initiated for a specified signing platform.

    • statuses — (Array<String>)

      Filters results to return only signing jobs with statuses in the specified list.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • profiles — (Array<map>)

        A list of profiles that are available in the AWS account. This includes profiles with the status of CANCELED if the includeCanceled parameter is set to true.

        • profileName — (String)

          The name of the signing profile.

        • profileVersion — (String)

          The version of a signing profile.

        • profileVersionArn — (String)

          The ARN of a signing profile, including the profile version.

        • signingMaterial — (map)

          The ACM certificate that is available for use by a signing profile.

          • certificateArnrequired — (String)

            The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

        • signatureValidityPeriod — (map)

          The validity period for a signing job created using this signing profile.

          • value — (Integer)

            The numerical value of the time unit for signature validity.

          • type — (String)

            The time unit for signature validity.

            Possible values include:
            • "DAYS"
            • "MONTHS"
            • "YEARS"
        • platformId — (String)

          The ID of a platform that is available for use by a signing profile.

        • platformDisplayName — (String)

          The name of the signing platform.

        • signingParameters — (map<String>)

          The parameters that are available for use by a Signer user.

        • status — (String)

          The status of a signing profile.

          Possible values include:
          • "Active"
          • "Canceled"
          • "Revoked"
        • arn — (String)

          The Amazon Resource Name (ARN) for the signing profile.

        • tags — (map<String>)

          A list of tags associated with the signing profile.

      • nextToken — (String)

        Value for specifying the next set of paginated results to return.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listTagsForResource(params = {}, callback) ⇒ AWS.Request

Returns a list of the tags associated with a signing profile resource.

Service Reference:

Examples:

Calling the listTagsForResource operation

var params = {
  resourceArn: 'STRING_VALUE' /* required */
};
signer.listTagsForResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) for the signing profile.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • tags — (map<String>)

        A list of tags associated with the signing profile.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putSigningProfile(params = {}, callback) ⇒ AWS.Request

Creates a signing profile. A signing profile is a code-signing template that can be used to carry out a pre-defined signing job.

Service Reference:

Examples:

Calling the putSigningProfile operation

var params = {
  platformId: 'STRING_VALUE', /* required */
  profileName: 'STRING_VALUE', /* required */
  overrides: {
    signingConfiguration: {
      encryptionAlgorithm: RSA | ECDSA,
      hashAlgorithm: SHA1 | SHA256
    },
    signingImageFormat: JSON | JSONEmbedded | JSONDetached
  },
  signatureValidityPeriod: {
    type: DAYS | MONTHS | YEARS,
    value: 'NUMBER_VALUE'
  },
  signingMaterial: {
    certificateArn: 'STRING_VALUE' /* required */
  },
  signingParameters: {
    '<SigningParameterKey>': 'STRING_VALUE',
    /* '<SigningParameterKey>': ... */
  },
  tags: {
    '<TagKey>': 'STRING_VALUE',
    /* '<TagKey>': ... */
  }
};
signer.putSigningProfile(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      The name of the signing profile to be created.

    • signingMaterial — (map)

      The AWS Certificate Manager certificate that will be used to sign code with the new signing profile.

      • certificateArnrequired — (String)

        The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

    • signatureValidityPeriod — (map)

      The default validity period override for any signature generated using this signing profile. If unspecified, the default is 135 months.

      • value — (Integer)

        The numerical value of the time unit for signature validity.

      • type — (String)

        The time unit for signature validity.

        Possible values include:
        • "DAYS"
        • "MONTHS"
        • "YEARS"
    • platformId — (String)

      The ID of the signing platform to be created.

    • overrides — (map)

      A subfield of platform. This specifies any different configuration options that you want to apply to the chosen platform (such as a different hash-algorithm or signing-algorithm).

      • signingConfiguration — (map)

        A signing configuration that overrides the default encryption or hash algorithm of a signing job.

        • encryptionAlgorithm — (String)

          A specified override of the default encryption algorithm that is used in a code-signing job.

          Possible values include:
          • "RSA"
          • "ECDSA"
        • hashAlgorithm — (String)

          A specified override of the default hash algorithm that is used in a code-signing job.

          Possible values include:
          • "SHA1"
          • "SHA256"
      • signingImageFormat — (String)

        A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached. (A third format value, JSON, is reserved for future use.) With JSONEmbedded, the signing image has the payload embedded in it. With JSONDetached, the payload is not be embedded in the signing image.

        Possible values include:
        • "JSON"
        • "JSONEmbedded"
        • "JSONDetached"
    • signingParameters — (map<String>)

      Map of key-value pairs for signing. These can include any information that you want to use during signing.

    • tags — (map<String>)

      Tags to be associated with the signing profile that is being created.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • arn — (String)

        The Amazon Resource Name (ARN) of the signing profile created.

      • profileVersion — (String)

        The version of the signing profile being created.

      • profileVersionArn — (String)

        The signing profile ARN, including the profile version.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

removeProfilePermission(params = {}, callback) ⇒ AWS.Request

Removes cross-account permissions from a signing profile.

Service Reference:

Examples:

Calling the removeProfilePermission operation

var params = {
  profileName: 'STRING_VALUE', /* required */
  revisionId: 'STRING_VALUE', /* required */
  statementId: 'STRING_VALUE' /* required */
};
signer.removeProfilePermission(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      A human-readable name for the signing profile with permissions to be removed.

    • revisionId — (String)

      An identifier for the current revision of the signing profile permissions.

    • statementId — (String)

      A unique identifier for the cross-account permissions statement.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • revisionId — (String)

        An identifier for the current revision of the profile permissions.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

revokeSignature(params = {}, callback) ⇒ AWS.Request

Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.

Service Reference:

Examples:

Calling the revokeSignature operation

var params = {
  jobId: 'STRING_VALUE', /* required */
  reason: 'STRING_VALUE', /* required */
  jobOwner: 'STRING_VALUE'
};
signer.revokeSignature(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • jobId — (String)

      ID of the signing job to be revoked.

    • jobOwner — (String)

      AWS account ID of the job owner.

    • reason — (String)

      The reason for revoking the signing job.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

revokeSigningProfile(params = {}, callback) ⇒ AWS.Request

Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid.

Service Reference:

Examples:

Calling the revokeSigningProfile operation

var params = {
  effectiveTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, /* required */
  profileName: 'STRING_VALUE', /* required */
  profileVersion: 'STRING_VALUE', /* required */
  reason: 'STRING_VALUE' /* required */
};
signer.revokeSigningProfile(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      The name of the signing profile to be revoked.

    • profileVersion — (String)

      The version of the signing profile to be revoked.

    • reason — (String)

      The reason for revoking a signing profile.

    • effectiveTime — (Date)

      A timestamp for when revocation of a Signing Profile should become effective. Signatures generated using the signing profile after this timestamp are not trusted.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

signPayload(params = {}, callback) ⇒ AWS.Request

Signs a binary payload and returns a signature envelope.

Service Reference:

Examples:

Calling the signPayload operation

var params = {
  payload: Buffer.from('...') || 'STRING_VALUE' /* Strings will be Base-64 encoded on your behalf */, /* required */
  payloadFormat: 'STRING_VALUE', /* required */
  profileName: 'STRING_VALUE', /* required */
  profileOwner: 'STRING_VALUE'
};
signer.signPayload(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • profileName — (String)

      The name of the signing profile.

    • profileOwner — (String)

      The AWS account ID of the profile owner.

    • payload — (Buffer, Typed Array, Blob, String)

      Specifies the object digest (hash) to sign.

    • payloadFormat — (String)

      Payload content type. The single valid type is application/vnd.cncf.notary.payload.v1+json.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • jobId — (String)

        Unique identifier of the signing job.

      • jobOwner — (String)

        The AWS account ID of the job owner.

      • metadata — (map<String>)

        Information including the signing profile ARN and the signing job ID.

      • signature — (Buffer(Node.js), Typed Array(Browser))

        A cryptographic signature.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

startSigningJob(params = {}, callback) ⇒ AWS.Request

Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs operation for two years after they are performed. Note the following requirements:

  • You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the Amazon S3 Getting Started Guide.

  • Your S3 source bucket must be version enabled.

  • You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.

  • You specify the name of the source and destination buckets when calling the StartSigningJob operation.

  • You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.

  • You must also specify a request token that identifies your request to Signer.

You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob.

For a Java example that shows how to use this action, see StartSigningJob.

Service Reference:

Examples:

Calling the startSigningJob operation

var params = {
  clientRequestToken: 'STRING_VALUE', /* required */
  destination: { /* required */
    s3: {
      bucketName: 'STRING_VALUE',
      prefix: 'STRING_VALUE'
    }
  },
  profileName: 'STRING_VALUE', /* required */
  source: { /* required */
    s3: {
      bucketName: 'STRING_VALUE', /* required */
      key: 'STRING_VALUE', /* required */
      version: 'STRING_VALUE' /* required */
    }
  },
  profileOwner: 'STRING_VALUE'
};
signer.startSigningJob(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • source — (map)

      The S3 bucket that contains the object to sign or a BLOB that contains your raw code.

      • s3 — (map)

        The S3Source object.

        • bucketNamerequired — (String)

          Name of the S3 bucket.

        • keyrequired — (String)

          Key name of the bucket object that contains your unsigned code.

        • versionrequired — (String)

          Version of your source image in your version enabled S3 bucket.

    • destination — (map)

      The S3 bucket in which to save your signed object. The destination contains the name of your bucket and an optional prefix.

      • s3 — (map)

        The S3Destination object.

        • bucketName — (String)

          Name of the S3 bucket.

        • prefix — (String)

          An S3 prefix that you can use to limit responses to those that begin with the specified prefix.

    • profileName — (String)

      The name of the signing profile.

    • clientRequestToken — (String)

      String that identifies the signing request. All calls after the first that use this token return the same response as the first call.

      If a token is not provided, the SDK will use a version 4 UUID.
    • profileOwner — (String)

      The AWS account ID of the signing profile owner.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • jobId — (String)

        The ID of your signing job.

      • jobOwner — (String)

        The AWS account ID of the signing job owner.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

tagResource(params = {}, callback) ⇒ AWS.Request

Adds one or more tags to a signing profile. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. To specify the signing profile, use its Amazon Resource Name (ARN). To specify the tag, use a key-value pair.

Service Reference:

Examples:

Calling the tagResource operation

var params = {
  resourceArn: 'STRING_VALUE', /* required */
  tags: { /* required */
    '<TagKey>': 'STRING_VALUE',
    /* '<TagKey>': ... */
  }
};
signer.tagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) for the signing profile.

    • tags — (map<String>)

      One or more tags to be associated with the signing profile.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

untagResource(params = {}, callback) ⇒ AWS.Request

Removes one or more tags from a signing profile. To remove the tags, specify a list of tag keys.

Service Reference:

Examples:

Calling the untagResource operation

var params = {
  resourceArn: 'STRING_VALUE', /* required */
  tagKeys: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
signer.untagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) for the signing profile.

    • tagKeys — (Array<String>)

      A list of tag keys to be removed from the signing profile.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

waitFor(state, params = {}, callback) ⇒ AWS.Request

Waits for a given Signer resource. The final callback or 'complete' event will be fired only when the resource is either in its final state or the waiter has timed out and stopped polling for the final state.

Examples:

Waiting for the successfulSigningJob state

var params = {
  jobId: 'STRING_VALUE' /* required */
};
signer.waitFor('successfulSigningJob', params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • state (String)

    the resource state to wait for. Available states for this service are listed in "Waiter Resource States" below.

  • params (map) (defaults to: {})

    a list of parameters for the given state. See each waiter resource state for required parameters.

Callback (callback):

  • function(err, data) { ... }

    Callback containing error and data information. See the respective resource state for the expected error or data information.

    If the waiter times out its requests, it will return a ResourceNotReady error.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

Waiter Resource States:

Waiter Resource Details

signer.waitFor('successfulSigningJob', params = {}, [callback]) ⇒ AWS.Request

Waits for the successfulSigningJob state by periodically calling the underlying Signer.describeSigningJob() operation every 20 seconds (at most 25 times).

Examples:

Waiting for the successfulSigningJob state

var params = {
  jobId: 'STRING_VALUE' /* required */
};
signer.waitFor('successfulSigningJob', params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object)
    • jobId — (String)

      The ID of the signing job on input.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • jobId — (String)

        The ID of the signing job on output.

      • source — (map)

        The object that contains the name of your S3 bucket or your raw code.

        • s3 — (map)

          The S3Source object.

          • bucketNamerequired — (String)

            Name of the S3 bucket.

          • keyrequired — (String)

            Key name of the bucket object that contains your unsigned code.

          • versionrequired — (String)

            Version of your source image in your version enabled S3 bucket.

      • signingMaterial — (map)

        The Amazon Resource Name (ARN) of your code signing certificate.

        • certificateArnrequired — (String)

          The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

      • platformId — (String)

        The microcontroller platform to which your signed code image will be distributed.

      • platformDisplayName — (String)

        A human-readable name for the signing platform associated with the signing job.

      • profileName — (String)

        The name of the profile that initiated the signing operation.

      • profileVersion — (String)

        The version of the signing profile used to initiate the signing job.

      • overrides — (map)

        A list of any overrides that were applied to the signing operation.

        • signingConfiguration — (map)

          A signing configuration that overrides the default encryption or hash algorithm of a signing job.

          • encryptionAlgorithm — (String)

            A specified override of the default encryption algorithm that is used in a code-signing job.

            Possible values include:
            • "RSA"
            • "ECDSA"
          • hashAlgorithm — (String)

            A specified override of the default hash algorithm that is used in a code-signing job.

            Possible values include:
            • "SHA1"
            • "SHA256"
        • signingImageFormat — (String)

          A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached. (A third format value, JSON, is reserved for future use.) With JSONEmbedded, the signing image has the payload embedded in it. With JSONDetached, the payload is not be embedded in the signing image.

          Possible values include:
          • "JSON"
          • "JSONEmbedded"
          • "JSONDetached"
      • signingParameters — (map<String>)

        Map of user-assigned key-value pairs used during signing. These values contain any information that you specified for use in your signing job.

      • createdAt — (Date)

        Date and time that the signing job was created.

      • completedAt — (Date)

        Date and time that the signing job was completed.

      • signatureExpiresAt — (Date)

        Thr expiration timestamp for the signature generated by the signing job.

      • requestedBy — (String)

        The IAM principal that requested the signing job.

      • status — (String)

        Status of the signing job.

        Possible values include:
        • "InProgress"
        • "Failed"
        • "Succeeded"
      • statusReason — (String)

        String value that contains the status reason.

      • revocationRecord — (map)

        A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.

        • reason — (String)

          A caller-supplied reason for revocation.

        • revokedAt — (Date)

          The time of revocation.

        • revokedBy — (String)

          The identity of the revoker.

      • signedObject — (map)

        Name of the S3 bucket where the signed code image is saved by AWS Signer.

        • s3 — (map)

          The S3SignedObject.

          • bucketName — (String)

            Name of the S3 bucket.

          • key — (String)

            Key name that uniquely identifies a signed code image in your bucket.

      • jobOwner — (String)

        The AWS account ID of the job owner.

      • jobInvoker — (String)

        The IAM entity that initiated the signing job.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

See Also: