AWS Signer 2017-08-25
- Client: Aws\signer\signerClient
- Service ID: signer
- Version: 2017-08-25
This page describes the parameters and results for the operations of the AWS Signer (2017-08-25), and shows how to use the Aws\signer\signerClient object to call the described operations. This documentation is specific to the 2017-08-25 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- AddProfilePermission ( array $params = [] )
- Adds cross-account permissions to a signing profile.
- CancelSigningProfile ( array $params = [] )
- Changes the state of an ACTIVE signing profile to CANCELED.
- DescribeSigningJob ( array $params = [] )
- Returns information about a specific code signing job.
- GetRevocationStatus ( array $params = [] )
- Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.
- GetSigningPlatform ( array $params = [] )
- Returns information on a specific signing platform.
- GetSigningProfile ( array $params = [] )
- Returns information on a specific signing profile.
- ListProfilePermissions ( array $params = [] )
- Lists the cross-account permissions associated with a signing profile.
- ListSigningJobs ( array $params = [] )
- Lists all your signing jobs.
- ListSigningPlatforms ( array $params = [] )
- Lists all signing platforms available in AWS Signer that match the request parameters.
- ListSigningProfiles ( array $params = [] )
- Lists all available signing profiles in your AWS account.
- ListTagsForResource ( array $params = [] )
- Returns a list of the tags associated with a signing profile resource.
- PutSigningProfile ( array $params = [] )
- Creates a signing profile.
- RemoveProfilePermission ( array $params = [] )
- Removes cross-account permissions from a signing profile.
- RevokeSignature ( array $params = [] )
- Changes the state of a signing job to REVOKED.
- RevokeSigningProfile ( array $params = [] )
- Changes the state of a signing profile to REVOKED.
- SignPayload ( array $params = [] )
- Signs a binary payload and returns a signature envelope.
- StartSigningJob ( array $params = [] )
- Initiates a signing job to be performed on the code provided.
- TagResource ( array $params = [] )
- Adds one or more tags to a signing profile.
- UntagResource ( array $params = [] )
- Removes one or more tags from a signing profile.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Waiters
Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:
Waiter name | API Operation | Delay | Max Attempts |
---|---|---|---|
SuccessfulSigningJob | DescribeSigningJob | 20 | 25 |
Operations
AddProfilePermission
$result = $client->addProfilePermission
([/* ... */]); $promise = $client->addProfilePermissionAsync
([/* ... */]);
Adds cross-account permissions to a signing profile.
Parameter Syntax
$result = $client->addProfilePermission([ 'action' => '<string>', // REQUIRED 'principal' => '<string>', // REQUIRED 'profileName' => '<string>', // REQUIRED 'profileVersion' => '<string>', 'revisionId' => '<string>', 'statementId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- action
-
- Required: Yes
- Type: string
For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see Using cross-account signing with signing profiles in the AWS Signer Developer Guide.
You can designate the following actions to an account.
-
signer:StartSigningJob
. This action isn't supported for container image workflows. For details, see StartSigningJob. -
signer:SignPayload
. This action isn't supported for AWS Lambda workflows. For details, see SignPayload -
signer:GetSigningProfile
. For details, see GetSigningProfile. -
signer:RevokeSignature
. For details, see RevokeSignature.
- principal
-
- Required: Yes
- Type: string
The AWS principal receiving cross-account permissions. This may be an IAM role or another AWS account ID.
- profileName
-
- Required: Yes
- Type: string
The human-readable name of the signing profile.
- profileVersion
-
- Type: string
The version of the signing profile.
- revisionId
-
- Type: string
A unique identifier for the current profile revision.
- statementId
-
- Required: Yes
- Type: string
A unique identifier for the cross-account permission statement.
Result Syntax
[ 'revisionId' => '<string>', ]
Result Details
Members
- revisionId
-
- Type: string
A unique identifier for the current profile revision.
Errors
- ValidationException:
You signing certificate could not be validated.
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ServiceLimitExceededException:
The client is making a request that exceeds service limits.
- ConflictException:
The resource encountered a conflicting state.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
CancelSigningProfile
$result = $client->cancelSigningProfile
([/* ... */]); $promise = $client->cancelSigningProfileAsync
([/* ... */]);
Changes the state of an ACTIVE
signing profile to CANCELED
. A canceled profile is still viewable with the ListSigningProfiles
operation, but it cannot perform new signing jobs, and is deleted two years after cancelation.
Parameter Syntax
$result = $client->cancelSigningProfile([ 'profileName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- profileName
-
- Required: Yes
- Type: string
The name of the signing profile to be canceled.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
DescribeSigningJob
$result = $client->describeSigningJob
([/* ... */]); $promise = $client->describeSigningJobAsync
([/* ... */]);
Returns information about a specific code signing job. You specify the job by using the jobId
value that is returned by the StartSigningJob operation.
Parameter Syntax
$result = $client->describeSigningJob([ 'jobId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- jobId
-
- Required: Yes
- Type: string
The ID of the signing job on input.
Result Syntax
[ 'completedAt' => <DateTime>, 'createdAt' => <DateTime>, 'jobId' => '<string>', 'jobInvoker' => '<string>', 'jobOwner' => '<string>', 'overrides' => [ 'signingConfiguration' => [ 'encryptionAlgorithm' => 'RSA|ECDSA', 'hashAlgorithm' => 'SHA1|SHA256', ], 'signingImageFormat' => 'JSON|JSONEmbedded|JSONDetached', ], 'platformDisplayName' => '<string>', 'platformId' => '<string>', 'profileName' => '<string>', 'profileVersion' => '<string>', 'requestedBy' => '<string>', 'revocationRecord' => [ 'reason' => '<string>', 'revokedAt' => <DateTime>, 'revokedBy' => '<string>', ], 'signatureExpiresAt' => <DateTime>, 'signedObject' => [ 's3' => [ 'bucketName' => '<string>', 'key' => '<string>', ], ], 'signingMaterial' => [ 'certificateArn' => '<string>', ], 'signingParameters' => ['<string>', ...], 'source' => [ 's3' => [ 'bucketName' => '<string>', 'key' => '<string>', 'version' => '<string>', ], ], 'status' => 'InProgress|Failed|Succeeded', 'statusReason' => '<string>', ]
Result Details
Members
- completedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Date and time that the signing job was completed.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Date and time that the signing job was created.
- jobId
-
- Type: string
The ID of the signing job on output.
- jobInvoker
-
- Type: string
The IAM entity that initiated the signing job.
- jobOwner
-
- Type: string
The AWS account ID of the job owner.
- overrides
-
- Type: SigningPlatformOverrides structure
A list of any overrides that were applied to the signing operation.
- platformDisplayName
-
- Type: string
A human-readable name for the signing platform associated with the signing job.
- platformId
-
- Type: string
The microcontroller platform to which your signed code image will be distributed.
- profileName
-
- Type: string
The name of the profile that initiated the signing operation.
- profileVersion
-
- Type: string
The version of the signing profile used to initiate the signing job.
- requestedBy
-
- Type: string
The IAM principal that requested the signing job.
- revocationRecord
-
- Type: SigningJobRevocationRecord structure
A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.
- signatureExpiresAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Thr expiration timestamp for the signature generated by the signing job.
- signedObject
-
- Type: SignedObject structure
Name of the S3 bucket where the signed code image is saved by AWS Signer.
- signingMaterial
-
- Type: SigningMaterial structure
The Amazon Resource Name (ARN) of your code signing certificate.
- signingParameters
-
- Type: Associative array of custom strings keys (SigningParameterKey) to strings
Map of user-assigned key-value pairs used during signing. These values contain any information that you specified for use in your signing job.
- source
-
- Type: Source structure
The object that contains the name of your S3 bucket or your raw code.
- status
-
- Type: string
Status of the signing job.
- statusReason
-
- Type: string
String value that contains the status reason.
Errors
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
GetRevocationStatus
$result = $client->getRevocationStatus
([/* ... */]); $promise = $client->getRevocationStatusAsync
([/* ... */]);
Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.
Parameter Syntax
$result = $client->getRevocationStatus([ 'certificateHashes' => ['<string>', ...], // REQUIRED 'jobArn' => '<string>', // REQUIRED 'platformId' => '<string>', // REQUIRED 'profileVersionArn' => '<string>', // REQUIRED 'signatureTimestamp' => <integer || string || DateTime>, // REQUIRED ]);
Parameter Details
Members
- certificateHashes
-
- Required: Yes
- Type: Array of strings
A list of composite signed hashes that identify certificates.
A certificate identifier consists of a subject certificate TBS hash (signed by the parent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root certificates are defined as their own CA.
The following example shows how to calculate a hash for this parameter using OpenSSL commands:
openssl asn1parse -in childCert.pem -strparse 4 -out childCert.tbs
openssl sha384 < childCert.tbs -binary > childCertTbsHash
openssl asn1parse -in parentCert.pem -strparse 4 -out parentCert.tbs
openssl sha384 < parentCert.tbs -binary > parentCertTbsHash xxd -p childCertTbsHash > certificateHash.hex xxd -p parentCertTbsHash >> certificateHash.hex
cat certificateHash.hex | tr -d '\n'
- jobArn
-
- Required: Yes
- Type: string
The ARN of a signing job.
- platformId
-
- Required: Yes
- Type: string
The ID of a signing platform.
- profileVersionArn
-
- Required: Yes
- Type: string
The version of a signing profile.
- signatureTimestamp
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp of the signature that validates the profile or job.
Result Syntax
[ 'revokedEntities' => ['<string>', ...], ]
Result Details
Members
- revokedEntities
-
- Type: Array of strings
A list of revoked entities (including zero or more of the signing profile ARN, signing job ARN, and certificate hashes) supplied as input to the API.
Errors
- ValidationException:
You signing certificate could not be validated.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
GetSigningPlatform
$result = $client->getSigningPlatform
([/* ... */]); $promise = $client->getSigningPlatformAsync
([/* ... */]);
Returns information on a specific signing platform.
Parameter Syntax
$result = $client->getSigningPlatform([ 'platformId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- platformId
-
- Required: Yes
- Type: string
The ID of the target signing platform.
Result Syntax
[ 'category' => 'AWSIoT', 'displayName' => '<string>', 'maxSizeInMB' => <integer>, 'partner' => '<string>', 'platformId' => '<string>', 'revocationSupported' => true || false, 'signingConfiguration' => [ 'encryptionAlgorithmOptions' => [ 'allowedValues' => ['<string>', ...], 'defaultValue' => 'RSA|ECDSA', ], 'hashAlgorithmOptions' => [ 'allowedValues' => ['<string>', ...], 'defaultValue' => 'SHA1|SHA256', ], ], 'signingImageFormat' => [ 'defaultFormat' => 'JSON|JSONEmbedded|JSONDetached', 'supportedFormats' => ['<string>', ...], ], 'target' => '<string>', ]
Result Details
Members
- category
-
- Type: string
The category type of the target signing platform.
- displayName
-
- Type: string
The display name of the target signing platform.
- maxSizeInMB
-
- Type: int
The maximum size (in MB) of the payload that can be signed by the target platform.
- partner
-
- Type: string
A list of partner entities that use the target signing platform.
- platformId
-
- Type: string
The ID of the target signing platform.
- revocationSupported
-
- Type: boolean
A flag indicating whether signatures generated for the signing platform can be revoked.
- signingConfiguration
-
- Type: SigningConfiguration structure
A list of configurations applied to the target platform at signing.
- signingImageFormat
-
- Type: SigningImageFormat structure
The format of the target platform's signing image.
- target
-
- Type: string
The validation template that is used by the target signing platform.
Errors
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
GetSigningProfile
$result = $client->getSigningProfile
([/* ... */]); $promise = $client->getSigningProfileAsync
([/* ... */]);
Returns information on a specific signing profile.
Parameter Syntax
$result = $client->getSigningProfile([ 'profileName' => '<string>', // REQUIRED 'profileOwner' => '<string>', ]);
Parameter Details
Members
- profileName
-
- Required: Yes
- Type: string
The name of the target signing profile.
- profileOwner
-
- Type: string
The AWS account ID of the profile owner.
Result Syntax
[ 'arn' => '<string>', 'overrides' => [ 'signingConfiguration' => [ 'encryptionAlgorithm' => 'RSA|ECDSA', 'hashAlgorithm' => 'SHA1|SHA256', ], 'signingImageFormat' => 'JSON|JSONEmbedded|JSONDetached', ], 'platformDisplayName' => '<string>', 'platformId' => '<string>', 'profileName' => '<string>', 'profileVersion' => '<string>', 'profileVersionArn' => '<string>', 'revocationRecord' => [ 'revocationEffectiveFrom' => <DateTime>, 'revokedAt' => <DateTime>, 'revokedBy' => '<string>', ], 'signatureValidityPeriod' => [ 'type' => 'DAYS|MONTHS|YEARS', 'value' => <integer>, ], 'signingMaterial' => [ 'certificateArn' => '<string>', ], 'signingParameters' => ['<string>', ...], 'status' => 'Active|Canceled|Revoked', 'statusReason' => '<string>', 'tags' => ['<string>', ...], ]
Result Details
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) for the signing profile.
- overrides
-
- Type: SigningPlatformOverrides structure
A list of overrides applied by the target signing profile for signing operations.
- platformDisplayName
-
- Type: string
A human-readable name for the signing platform associated with the signing profile.
- platformId
-
- Type: string
The ID of the platform that is used by the target signing profile.
- profileName
-
- Type: string
The name of the target signing profile.
- profileVersion
-
- Type: string
The current version of the signing profile.
- profileVersionArn
-
- Type: string
The signing profile ARN, including the profile version.
- revocationRecord
-
- Type: SigningProfileRevocationRecord structure
Revocation information for a signing profile.
- signatureValidityPeriod
-
- Type: SignatureValidityPeriod structure
The validity period for a signing job.
- signingMaterial
-
- Type: SigningMaterial structure
The ARN of the certificate that the target profile uses for signing operations.
- signingParameters
-
- Type: Associative array of custom strings keys (SigningParameterKey) to strings
A map of key-value pairs for signing operations that is attached to the target signing profile.
- status
-
- Type: string
The status of the target signing profile.
- statusReason
-
- Type: string
Reason for the status of the target signing profile.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A list of tags associated with the signing profile.
Errors
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
ListProfilePermissions
$result = $client->listProfilePermissions
([/* ... */]); $promise = $client->listProfilePermissionsAsync
([/* ... */]);
Lists the cross-account permissions associated with a signing profile.
Parameter Syntax
$result = $client->listProfilePermissions([ 'nextToken' => '<string>', 'profileName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- nextToken
-
- Type: string
String for specifying the next set of paginated results.
- profileName
-
- Required: Yes
- Type: string
Name of the signing profile containing the cross-account permissions.
Result Syntax
[ 'nextToken' => '<string>', 'permissions' => [ [ 'action' => '<string>', 'principal' => '<string>', 'profileVersion' => '<string>', 'statementId' => '<string>', ], // ... ], 'policySizeBytes' => <integer>, 'revisionId' => '<string>', ]
Result Details
Members
- nextToken
-
- Type: string
String for specifying the next set of paginated results.
- permissions
-
- Type: Array of Permission structures
List of permissions associated with the Signing Profile.
- policySizeBytes
-
- Type: int
Total size of the policy associated with the Signing Profile in bytes.
- revisionId
-
- Type: string
The identifier for the current revision of profile permissions.
Errors
- ValidationException:
You signing certificate could not be validated.
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
ListSigningJobs
$result = $client->listSigningJobs
([/* ... */]); $promise = $client->listSigningJobsAsync
([/* ... */]);
Lists all your signing jobs. You can use the maxResults
parameter to limit the number of signing jobs that are returned in the response. If additional jobs remain to be listed, AWS Signer returns a nextToken
value. Use this value in subsequent calls to ListSigningJobs
to fetch the remaining values. You can continue calling ListSigningJobs
with your maxResults
parameter and with new values that Signer returns in the nextToken
parameter until all of your signing jobs have been returned.
Parameter Syntax
$result = $client->listSigningJobs([ 'isRevoked' => true || false, 'jobInvoker' => '<string>', 'maxResults' => <integer>, 'nextToken' => '<string>', 'platformId' => '<string>', 'requestedBy' => '<string>', 'signatureExpiresAfter' => <integer || string || DateTime>, 'signatureExpiresBefore' => <integer || string || DateTime>, 'status' => 'InProgress|Failed|Succeeded', ]);
Parameter Details
Members
- isRevoked
-
- Type: boolean
Filters results to return only signing jobs with revoked signatures.
- jobInvoker
-
- Type: string
Filters results to return only signing jobs initiated by a specified IAM entity.
- maxResults
-
- Type: int
Specifies the maximum number of items to return in the response. Use this parameter when paginating results. If additional items exist beyond the number you specify, the
nextToken
element is set in the response. Use thenextToken
value in a subsequent request to retrieve additional items. - nextToken
-
- Type: string
String for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of
nextToken
from the response that you just received. - platformId
-
- Type: string
The ID of microcontroller platform that you specified for the distribution of your code image.
- requestedBy
-
- Type: string
The IAM principal that requested the signing job.
- signatureExpiresAfter
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Filters results to return only signing jobs with signatures expiring after a specified timestamp.
- signatureExpiresBefore
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Filters results to return only signing jobs with signatures expiring before a specified timestamp.
- status
-
- Type: string
A status value with which to filter your results.
Result Syntax
[ 'jobs' => [ [ 'createdAt' => <DateTime>, 'isRevoked' => true || false, 'jobId' => '<string>', 'jobInvoker' => '<string>', 'jobOwner' => '<string>', 'platformDisplayName' => '<string>', 'platformId' => '<string>', 'profileName' => '<string>', 'profileVersion' => '<string>', 'signatureExpiresAt' => <DateTime>, 'signedObject' => [ 's3' => [ 'bucketName' => '<string>', 'key' => '<string>', ], ], 'signingMaterial' => [ 'certificateArn' => '<string>', ], 'source' => [ 's3' => [ 'bucketName' => '<string>', 'key' => '<string>', 'version' => '<string>', ], ], 'status' => 'InProgress|Failed|Succeeded', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- jobs
-
- Type: Array of SigningJob structures
A list of your signing jobs.
- nextToken
-
- Type: string
String for specifying the next set of paginated results.
Errors
- ValidationException:
You signing certificate could not be validated.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
ListSigningPlatforms
$result = $client->listSigningPlatforms
([/* ... */]); $promise = $client->listSigningPlatformsAsync
([/* ... */]);
Lists all signing platforms available in AWS Signer that match the request parameters. If additional jobs remain to be listed, Signer returns a nextToken
value. Use this value in subsequent calls to ListSigningJobs
to fetch the remaining values. You can continue calling ListSigningJobs
with your maxResults
parameter and with new values that Signer returns in the nextToken
parameter until all of your signing jobs have been returned.
Parameter Syntax
$result = $client->listSigningPlatforms([ 'category' => '<string>', 'maxResults' => <integer>, 'nextToken' => '<string>', 'partner' => '<string>', 'target' => '<string>', ]);
Parameter Details
Members
- category
-
- Type: string
The category type of a signing platform.
- maxResults
-
- Type: int
The maximum number of results to be returned by this operation.
- nextToken
-
- Type: string
Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of
nextToken
from the response that you just received. - partner
-
- Type: string
Any partner entities connected to a signing platform.
- target
-
- Type: string
The validation template that is used by the target signing platform.
Result Syntax
[ 'nextToken' => '<string>', 'platforms' => [ [ 'category' => 'AWSIoT', 'displayName' => '<string>', 'maxSizeInMB' => <integer>, 'partner' => '<string>', 'platformId' => '<string>', 'revocationSupported' => true || false, 'signingConfiguration' => [ 'encryptionAlgorithmOptions' => [ 'allowedValues' => ['<string>', ...], 'defaultValue' => 'RSA|ECDSA', ], 'hashAlgorithmOptions' => [ 'allowedValues' => ['<string>', ...], 'defaultValue' => 'SHA1|SHA256', ], ], 'signingImageFormat' => [ 'defaultFormat' => 'JSON|JSONEmbedded|JSONDetached', 'supportedFormats' => ['<string>', ...], ], 'target' => '<string>', ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
Value for specifying the next set of paginated results to return.
- platforms
-
- Type: Array of SigningPlatform structures
A list of all platforms that match the request parameters.
Errors
- ValidationException:
You signing certificate could not be validated.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
ListSigningProfiles
$result = $client->listSigningProfiles
([/* ... */]); $promise = $client->listSigningProfilesAsync
([/* ... */]);
Lists all available signing profiles in your AWS account. Returns only profiles with an ACTIVE
status unless the includeCanceled
request field is set to true
. If additional jobs remain to be listed, AWS Signer returns a nextToken
value. Use this value in subsequent calls to ListSigningJobs
to fetch the remaining values. You can continue calling ListSigningJobs
with your maxResults
parameter and with new values that Signer returns in the nextToken
parameter until all of your signing jobs have been returned.
Parameter Syntax
$result = $client->listSigningProfiles([ 'includeCanceled' => true || false, 'maxResults' => <integer>, 'nextToken' => '<string>', 'platformId' => '<string>', 'statuses' => ['<string>', ...], ]);
Parameter Details
Members
- includeCanceled
-
- Type: boolean
Designates whether to include profiles with the status of
CANCELED
. - maxResults
-
- Type: int
The maximum number of profiles to be returned.
- nextToken
-
- Type: string
Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of
nextToken
from the response that you just received. - platformId
-
- Type: string
Filters results to return only signing jobs initiated for a specified signing platform.
- statuses
-
- Type: Array of strings
Filters results to return only signing jobs with statuses in the specified list.
Result Syntax
[ 'nextToken' => '<string>', 'profiles' => [ [ 'arn' => '<string>', 'platformDisplayName' => '<string>', 'platformId' => '<string>', 'profileName' => '<string>', 'profileVersion' => '<string>', 'profileVersionArn' => '<string>', 'signatureValidityPeriod' => [ 'type' => 'DAYS|MONTHS|YEARS', 'value' => <integer>, ], 'signingMaterial' => [ 'certificateArn' => '<string>', ], 'signingParameters' => ['<string>', ...], 'status' => 'Active|Canceled|Revoked', 'tags' => ['<string>', ...], ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
Value for specifying the next set of paginated results to return.
- profiles
-
- Type: Array of SigningProfile structures
A list of profiles that are available in the AWS account. This includes profiles with the status of
CANCELED
if theincludeCanceled
parameter is set totrue
.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Returns a list of the tags associated with a signing profile resource.
Parameter Syntax
$result = $client->listTagsForResource([ 'resourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the signing profile.
Result Syntax
[ 'tags' => ['<string>', ...], ]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A list of tags associated with the signing profile.
Errors
- InternalServiceErrorException:
An internal error occurred.
- BadRequestException:
The request contains invalid parameters for the ARN or tags. This exception also occurs when you call a tagging API on a cancelled signing profile.
- NotFoundException:
The signing profile was not found.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.
PutSigningProfile
$result = $client->putSigningProfile
([/* ... */]); $promise = $client->putSigningProfileAsync
([/* ... */]);
Creates a signing profile. A signing profile is a code-signing template that can be used to carry out a pre-defined signing job.
Parameter Syntax
$result = $client->putSigningProfile([ 'overrides' => [ 'signingConfiguration' => [ 'encryptionAlgorithm' => 'RSA|ECDSA', 'hashAlgorithm' => 'SHA1|SHA256', ], 'signingImageFormat' => 'JSON|JSONEmbedded|JSONDetached', ], 'platformId' => '<string>', // REQUIRED 'profileName' => '<string>', // REQUIRED 'signatureValidityPeriod' => [ 'type' => 'DAYS|MONTHS|YEARS', 'value' => <integer>, ], 'signingMaterial' => [ 'certificateArn' => '<string>', // REQUIRED ], 'signingParameters' => ['<string>', ...], 'tags' => ['<string>', ...], ]);
Parameter Details
Members
- overrides
-
- Type: SigningPlatformOverrides structure
A subfield of
platform
. This specifies any different configuration options that you want to apply to the chosen platform (such as a differenthash-algorithm
orsigning-algorithm
). - platformId
-
- Required: Yes
- Type: string
The ID of the signing platform to be created.
- profileName
-
- Required: Yes
- Type: string
The name of the signing profile to be created.
- signatureValidityPeriod
-
- Type: SignatureValidityPeriod structure
The default validity period override for any signature generated using this signing profile. If unspecified, the default is 135 months.
- signingMaterial
-
- Type: SigningMaterial structure
The AWS Certificate Manager certificate that will be used to sign code with the new signing profile.
- signingParameters
-
- Type: Associative array of custom strings keys (SigningParameterKey) to strings
Map of key-value pairs for signing. These can include any information that you want to use during signing.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
Tags to be associated with the signing profile that is being created.
Result Syntax
[ 'arn' => '<string>', 'profileVersion' => '<string>', 'profileVersionArn' => '<string>', ]
Result Details
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the signing profile created.
- profileVersion
-
- Type: string
The version of the signing profile being created.
- profileVersionArn
-
- Type: string
The signing profile ARN, including the profile version.
Errors
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ValidationException:
You signing certificate could not be validated.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
RemoveProfilePermission
$result = $client->removeProfilePermission
([/* ... */]); $promise = $client->removeProfilePermissionAsync
([/* ... */]);
Removes cross-account permissions from a signing profile.
Parameter Syntax
$result = $client->removeProfilePermission([ 'profileName' => '<string>', // REQUIRED 'revisionId' => '<string>', // REQUIRED 'statementId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- profileName
-
- Required: Yes
- Type: string
A human-readable name for the signing profile with permissions to be removed.
- revisionId
-
- Required: Yes
- Type: string
An identifier for the current revision of the signing profile permissions.
- statementId
-
- Required: Yes
- Type: string
A unique identifier for the cross-account permissions statement.
Result Syntax
[ 'revisionId' => '<string>', ]
Result Details
Members
- revisionId
-
- Type: string
An identifier for the current revision of the profile permissions.
Errors
- ValidationException:
You signing certificate could not be validated.
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
The resource encountered a conflicting state.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
RevokeSignature
$result = $client->revokeSignature
([/* ... */]); $promise = $client->revokeSignatureAsync
([/* ... */]);
Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.
Parameter Syntax
$result = $client->revokeSignature([ 'jobId' => '<string>', // REQUIRED 'jobOwner' => '<string>', 'reason' => '<string>', // REQUIRED ]);
Parameter Details
Members
- jobId
-
- Required: Yes
- Type: string
ID of the signing job to be revoked.
- jobOwner
-
- Type: string
AWS account ID of the job owner.
- reason
-
- Required: Yes
- Type: string
The reason for revoking the signing job.
Result Syntax
[]
Result Details
Errors
- ValidationException:
You signing certificate could not be validated.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ResourceNotFoundException:
A specified resource could not be found.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
RevokeSigningProfile
$result = $client->revokeSigningProfile
([/* ... */]); $promise = $client->revokeSigningProfileAsync
([/* ... */]);
Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid.
Parameter Syntax
$result = $client->revokeSigningProfile([ 'effectiveTime' => <integer || string || DateTime>, // REQUIRED 'profileName' => '<string>', // REQUIRED 'profileVersion' => '<string>', // REQUIRED 'reason' => '<string>', // REQUIRED ]);
Parameter Details
Members
- effectiveTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp for when revocation of a Signing Profile should become effective. Signatures generated using the signing profile after this timestamp are not trusted.
- profileName
-
- Required: Yes
- Type: string
The name of the signing profile to be revoked.
- profileVersion
-
- Required: Yes
- Type: string
The version of the signing profile to be revoked.
- reason
-
- Required: Yes
- Type: string
The reason for revoking a signing profile.
Result Syntax
[]
Result Details
Errors
- ValidationException:
You signing certificate could not be validated.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ResourceNotFoundException:
A specified resource could not be found.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
SignPayload
$result = $client->signPayload
([/* ... */]); $promise = $client->signPayloadAsync
([/* ... */]);
Signs a binary payload and returns a signature envelope.
Parameter Syntax
$result = $client->signPayload([ 'payload' => <string || resource || Psr\Http\Message\StreamInterface>, // REQUIRED 'payloadFormat' => '<string>', // REQUIRED 'profileName' => '<string>', // REQUIRED 'profileOwner' => '<string>', ]);
Parameter Details
Members
- payload
-
- Required: Yes
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
Specifies the object digest (hash) to sign.
- payloadFormat
-
- Required: Yes
- Type: string
Payload content type. The single valid type is
application/vnd.cncf.notary.payload.v1+json
. - profileName
-
- Required: Yes
- Type: string
The name of the signing profile.
- profileOwner
-
- Type: string
The AWS account ID of the profile owner.
Result Syntax
[ 'jobId' => '<string>', 'jobOwner' => '<string>', 'metadata' => ['<string>', ...], 'signature' => <string || resource || Psr\Http\Message\StreamInterface>, ]
Result Details
Members
- jobId
-
- Type: string
Unique identifier of the signing job.
- jobOwner
-
- Type: string
The AWS account ID of the job owner.
- metadata
-
- Type: Associative array of custom strings keys (String) to strings
Information including the signing profile ARN and the signing job ID.
- signature
-
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
A cryptographic signature.
Errors
- ValidationException:
You signing certificate could not be validated.
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
StartSigningJob
$result = $client->startSigningJob
([/* ... */]); $promise = $client->startSigningJobAsync
([/* ... */]);
Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs
operation for two years after they are performed. Note the following requirements:
-
You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the Amazon S3 Getting Started Guide.
-
Your S3 source bucket must be version enabled.
-
You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.
-
You specify the name of the source and destination buckets when calling the
StartSigningJob
operation. -
You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.
-
You must also specify a request token that identifies your request to Signer.
You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob
.
For a Java example that shows how to use this action, see StartSigningJob.
Parameter Syntax
$result = $client->startSigningJob([ 'clientRequestToken' => '<string>', // REQUIRED 'destination' => [ // REQUIRED 's3' => [ 'bucketName' => '<string>', 'prefix' => '<string>', ], ], 'profileName' => '<string>', // REQUIRED 'profileOwner' => '<string>', 'source' => [ // REQUIRED 's3' => [ 'bucketName' => '<string>', // REQUIRED 'key' => '<string>', // REQUIRED 'version' => '<string>', // REQUIRED ], ], ]);
Parameter Details
Members
- clientRequestToken
-
- Required: Yes
- Type: string
String that identifies the signing request. All calls after the first that use this token return the same response as the first call.
- destination
-
- Required: Yes
- Type: Destination structure
The S3 bucket in which to save your signed object. The destination contains the name of your bucket and an optional prefix.
- profileName
-
- Required: Yes
- Type: string
The name of the signing profile.
- profileOwner
-
- Type: string
The AWS account ID of the signing profile owner.
- source
-
- Required: Yes
- Type: Source structure
The S3 bucket that contains the object to sign or a BLOB that contains your raw code.
Result Syntax
[ 'jobId' => '<string>', 'jobOwner' => '<string>', ]
Result Details
Members
- jobId
-
- Type: string
The ID of your signing job.
- jobOwner
-
- Type: string
The AWS account ID of the signing job owner.
Errors
- ValidationException:
You signing certificate could not be validated.
- ResourceNotFoundException:
A specified resource could not be found.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
Instead of this error,
TooManyRequestsException
should be used.- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.- InternalServiceErrorException:
An internal error occurred.
TagResource
$result = $client->tagResource
([/* ... */]); $promise = $client->tagResourceAsync
([/* ... */]);
Adds one or more tags to a signing profile. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. To specify the signing profile, use its Amazon Resource Name (ARN). To specify the tag, use a key-value pair.
Parameter Syntax
$result = $client->tagResource([ 'resourceArn' => '<string>', // REQUIRED 'tags' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the signing profile.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
One or more tags to be associated with the signing profile.
Result Syntax
[]
Result Details
Errors
- InternalServiceErrorException:
An internal error occurred.
- BadRequestException:
The request contains invalid parameters for the ARN or tags. This exception also occurs when you call a tagging API on a cancelled signing profile.
- NotFoundException:
The signing profile was not found.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.
UntagResource
$result = $client->untagResource
([/* ... */]); $promise = $client->untagResourceAsync
([/* ... */]);
Removes one or more tags from a signing profile. To remove the tags, specify a list of tag keys.
Parameter Syntax
$result = $client->untagResource([ 'resourceArn' => '<string>', // REQUIRED 'tagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the signing profile.
- tagKeys
-
- Required: Yes
- Type: Array of strings
A list of tag keys to be removed from the signing profile.
Result Syntax
[]
Result Details
Errors
- InternalServiceErrorException:
An internal error occurred.
- BadRequestException:
The request contains invalid parameters for the ARN or tags. This exception also occurs when you call a tagging API on a cancelled signing profile.
- NotFoundException:
The signing profile was not found.
- TooManyRequestsException:
The allowed number of job-signing requests has been exceeded.
This error supersedes the error
ThrottlingException
.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
Members
- code
-
- Type: string
- message
-
- Type: string
BadRequestException
Description
The request contains invalid parameters for the ARN or tags. This exception also occurs when you call a tagging API on a cancelled signing profile.
Members
- code
-
- Type: string
- message
-
- Type: string
ConflictException
Description
The resource encountered a conflicting state.
Members
- code
-
- Type: string
- message
-
- Type: string
Destination
Description
Points to an S3Destination
object that contains information about your S3 bucket.
Members
- s3
-
- Type: S3Destination structure
The
S3Destination
object.
EncryptionAlgorithmOptions
Description
The encryption algorithm options that are available to a code-signing job.
Members
- allowedValues
-
- Required: Yes
- Type: Array of strings
The set of accepted encryption algorithms that are allowed in a code-signing job.
- defaultValue
-
- Required: Yes
- Type: string
The default encryption algorithm that is used by a code-signing job.
HashAlgorithmOptions
Description
The hash algorithms that are available to a code-signing job.
Members
- allowedValues
-
- Required: Yes
- Type: Array of strings
The set of accepted hash algorithms allowed in a code-signing job.
- defaultValue
-
- Required: Yes
- Type: string
The default hash algorithm that is used in a code-signing job.
InternalServiceErrorException
Description
An internal error occurred.
Members
- code
-
- Type: string
- message
-
- Type: string
NotFoundException
Description
The signing profile was not found.
Members
- code
-
- Type: string
- message
-
- Type: string
Permission
Description
A cross-account permission for a signing profile.
Members
- action
-
- Type: string
An AWS Signer action permitted as part of cross-account permissions.
- principal
-
- Type: string
The AWS principal that has been granted a cross-account permission.
- profileVersion
-
- Type: string
The signing profile version that a permission applies to.
- statementId
-
- Type: string
A unique identifier for a cross-account permission statement.
ResourceNotFoundException
Description
A specified resource could not be found.
Members
- code
-
- Type: string
- message
-
- Type: string
S3Destination
Description
The name and prefix of the Amazon S3 bucket where AWS Signer saves your signed objects.
Members
- bucketName
-
- Type: string
Name of the S3 bucket.
- prefix
-
- Type: string
An S3 prefix that you can use to limit responses to those that begin with the specified prefix.
S3SignedObject
Description
The Amazon S3 bucket name and key where Signer saved your signed code image.
Members
- bucketName
-
- Type: string
Name of the S3 bucket.
- key
-
- Type: string
Key name that uniquely identifies a signed code image in your bucket.
S3Source
Description
Information about the Amazon S3 bucket where you saved your unsigned code.
Members
- bucketName
-
- Required: Yes
- Type: string
Name of the S3 bucket.
- key
-
- Required: Yes
- Type: string
Key name of the bucket object that contains your unsigned code.
- version
-
- Required: Yes
- Type: string
Version of your source image in your version enabled S3 bucket.
ServiceLimitExceededException
Description
The client is making a request that exceeds service limits.
Members
- code
-
- Type: string
- message
-
- Type: string
SignatureValidityPeriod
Description
The validity period for a signing job.
Members
- type
-
- Type: string
The time unit for signature validity.
- value
-
- Type: int
The numerical value of the time unit for signature validity.
SignedObject
Description
Points to an S3SignedObject
object that contains information about your signed code image.
Members
- s3
-
- Type: S3SignedObject structure
The
S3SignedObject
.
SigningConfiguration
Description
The configuration of a signing operation.
Members
- encryptionAlgorithmOptions
-
- Required: Yes
- Type: EncryptionAlgorithmOptions structure
The encryption algorithm options that are available for a code-signing job.
- hashAlgorithmOptions
-
- Required: Yes
- Type: HashAlgorithmOptions structure
The hash algorithm options that are available for a code-signing job.
SigningConfigurationOverrides
Description
A signing configuration that overrides the default encryption or hash algorithm of a signing job.
Members
- encryptionAlgorithm
-
- Type: string
A specified override of the default encryption algorithm that is used in a code-signing job.
- hashAlgorithm
-
- Type: string
A specified override of the default hash algorithm that is used in a code-signing job.
SigningImageFormat
Description
The image format of a AWS Signer platform or profile.
Members
- defaultFormat
-
- Required: Yes
- Type: string
The default format of a signing image.
- supportedFormats
-
- Required: Yes
- Type: Array of strings
The supported formats of a signing image.
SigningJob
Description
Contains information about a signing job.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the signing job was created.
- isRevoked
-
- Type: boolean
Indicates whether the signing job is revoked.
- jobId
-
- Type: string
The ID of the signing job.
- jobInvoker
-
- Type: string
The AWS account ID of the job invoker.
- jobOwner
-
- Type: string
The AWS account ID of the job owner.
- platformDisplayName
-
- Type: string
The name of a signing platform.
- platformId
-
- Type: string
The unique identifier for a signing platform.
- profileName
-
- Type: string
The name of the signing profile that created a signing job.
- profileVersion
-
- Type: string
The version of the signing profile that created a signing job.
- signatureExpiresAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the signature of a signing job expires.
- signedObject
-
- Type: SignedObject structure
A
SignedObject
structure that contains information about a signing job's signed code image. - signingMaterial
-
- Type: SigningMaterial structure
A
SigningMaterial
object that contains the Amazon Resource Name (ARN) of the certificate used for the signing job. - source
-
- Type: Source structure
A
Source
that contains information about a signing job's code image source. - status
-
- Type: string
The status of the signing job.
SigningJobRevocationRecord
Description
Revocation information for a signing job.
Members
- reason
-
- Type: string
A caller-supplied reason for revocation.
- revokedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time of revocation.
- revokedBy
-
- Type: string
The identity of the revoker.
SigningMaterial
Description
The ACM certificate that is used to sign your code.
Members
- certificateArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the certificates that is used to sign your code.
SigningPlatform
Description
Contains information about the signing configurations and parameters that are used to perform a code-signing job.
Members
- category
-
- Type: string
The category of a signing platform.
- displayName
-
- Type: string
The display name of a signing platform.
- maxSizeInMB
-
- Type: int
The maximum size (in MB) of code that can be signed by a signing platform.
- partner
-
- Type: string
Any partner entities linked to a signing platform.
- platformId
-
- Type: string
The ID of a signing platform.
- revocationSupported
-
- Type: boolean
Indicates whether revocation is supported for the platform.
- signingConfiguration
-
- Type: SigningConfiguration structure
The configuration of a signing platform. This includes the designated hash algorithm and encryption algorithm of a signing platform.
- signingImageFormat
-
- Type: SigningImageFormat structure
The image format of a AWS Signer platform or profile.
- target
-
- Type: string
The types of targets that can be signed by a signing platform.
SigningPlatformOverrides
Description
Any overrides that are applied to the signing configuration of a signing platform.
Members
- signingConfiguration
-
- Type: SigningConfigurationOverrides structure
A signing configuration that overrides the default encryption or hash algorithm of a signing job.
- signingImageFormat
-
- Type: string
A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats,
JSONEmbedded
orJSONDetached
. (A third format value,JSON
, is reserved for future use.) WithJSONEmbedded
, the signing image has the payload embedded in it. WithJSONDetached
, the payload is not be embedded in the signing image.
SigningProfile
Description
Contains information about the ACM certificates and signing configuration parameters that can be used by a given code signing user.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) for the signing profile.
- platformDisplayName
-
- Type: string
The name of the signing platform.
- platformId
-
- Type: string
The ID of a platform that is available for use by a signing profile.
- profileName
-
- Type: string
The name of the signing profile.
- profileVersion
-
- Type: string
The version of a signing profile.
- profileVersionArn
-
- Type: string
The ARN of a signing profile, including the profile version.
- signatureValidityPeriod
-
- Type: SignatureValidityPeriod structure
The validity period for a signing job created using this signing profile.
- signingMaterial
-
- Type: SigningMaterial structure
The ACM certificate that is available for use by a signing profile.
- signingParameters
-
- Type: Associative array of custom strings keys (SigningParameterKey) to strings
The parameters that are available for use by a Signer user.
- status
-
- Type: string
The status of a signing profile.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A list of tags associated with the signing profile.
SigningProfileRevocationRecord
Description
Revocation information for a signing profile.
Members
- revocationEffectiveFrom
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when revocation becomes effective.
- revokedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the signing profile was revoked.
- revokedBy
-
- Type: string
The identity of the revoker.
Source
Description
An S3Source
object that contains information about the S3 bucket where you saved your unsigned code.
Members
- s3
-
- Type: S3Source structure
The
S3Source
object.
ThrottlingException
Description
The request was denied due to request throttling.
Instead of this error, TooManyRequestsException
should be used.
Members
- code
-
- Type: string
- message
-
- Type: string
TooManyRequestsException
Description
The allowed number of job-signing requests has been exceeded.
This error supersedes the error ThrottlingException
.
Members
- code
-
- Type: string
- message
-
- Type: string
ValidationException
Description
You signing certificate could not be validated.
Members
- code
-
- Type: string
- message
-
- Type: string