Code Signing for AWS IoT
Developer Guide


The following example shows how to use the StartSigningJob operation. You must call StartSigningJob before you call any other code signing API operation. StartSigningJob returns a jobId value that you can use when calling DescribeSigningJob operation.

In order to use the StartSigningJob operation, make sure that the designated user's IAM policy includes Amazon S3 permissions. See Define an IAM Policy" for an example.

package com.amazonaws.samples; import; import; import; import; import; import; import; import; import; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import; import; import; import; import; import com.amazonaws.AmazonClientException; /** * This sample demonstrates how to use the StartSigningJob operation in the * code signing service. * * Input Parameters: * * source - Structure that contains the following: * - Name of the Amazon S3 bucket to which you copied your * code image * - Name of the file that contains your code image * - Amazon S3 version number of your file * destination - Structure that contains the following: * - Name of the Amazon S3 bucket that code signing can use for * your signed code * - Optional Amazon S3 bucket prefix * signingmaterial - Amazon Resource Name (ARN) of the certificate to use for signing * signingparameters - Map of custom key-value pairs that you want to use for signing * platform - The microcontroller platform * */ public class StartSigningJob { public static void main(String[] args) throws Exception{ // Define variables. String certArn = "arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012"; String bucketSrc = "Source-Bucket-Name"; String key = "Code-Image-File"; String bucketDest = "Destination-Bucket-Name"; SigningMaterial material = new SigningMaterial().withCertificateArn(certArn); S3Source s3src = new S3Source() .withBucketName(bucketSrc) .withKey(key) .withVersion("W.OIrIFmjIFeuNXOaBJzPee66.wRg4GR"); Source src = new Source().withS3(s3src); S3Destination s3Dest = new S3Destination().withBucketName(bucketDest); Destination dest = new Destination().withS3(s3Dest); String platform = "Platform"; // Retrieve your credentials from the C:\Users\name\.aws\credentials file in // Windows or the ~/.aws/credentials in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider().getCredentials(); } catch (Exception ex) { throw new AmazonClientException("Cannot load your credentials from file.", ex); } // Specify the endpoint and region. EndpointConfiguration endpoint = new EndpointConfiguration("https://endpoint","region"); // Create a client. AWSSigner client = AWSSignerClient.builder() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a request object. StartSigningJobRequest req = new StartSigningJobRequest() .withSource(src) .withDestination(dest) .withSigningMaterial(material) .withPlatform(platform); // Create a result object. StartSigningJobResult result = null; try { result = client.startSigningJob(req); } catch (ValidationException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } catch (AccessDeniedException ex) { throw ex; } catch (ThrottlingException ex) { throw ex; } catch (InternalServiceErrorException ex) { throw ex; } // Display the job ID. System.out.println("Job ID: " + result.getJobId()); } }