signer

Table of Contents

• signer
  • Client
  • Paginators
  • Waiters

Client

class signer.Client

A low-level client representing AWS Signer:

import boto3

client = boto3.client('signer')

These are the available methods:

• can_paginate()
• cancel_signing_profile()
• describe_signing_job()
• generate_presigned_url()
• get_paginator()
• get_signing_platform()
• get_signing_profile()
• get_waiter()
• list_signing_jobs()
• list_signing_platforms()
• list_signing_profiles()
• put_signing_profile()
• start_signing_job()

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters

operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").

Returns

True if the operation can be paginated, False otherwise.

cancel_signing_profile(**kwargs)

Changes the state of an ACTIVE signing profile to CANCELED . A canceled profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs, and is deleted two years after cancelation.

See also: AWS API Documentation

Request Syntax

response = client.cancel_signing_profile(
    profileName='string'
)

Parameters

profileName (string) --

[REQUIRED]

The name of the signing profile to be canceled.

Returns

None

describe_signing_job(**kwargs)

Returns information about a specific code signing job. You specify the job by using the jobId value that is returned by the StartSigningJob operation.

See also: AWS API Documentation

Request Syntax

response = client.describe_signing_job(
    jobId='string'
)

Parameters

jobId (string) --

[REQUIRED]

The ID of the signing job on input.

Return type

dict

Returns

Response Syntax

{
    'jobId': 'string',
    'source': {
        's3': {
            'bucketName': 'string',
            'key': 'string',
            'version': 'string'
        }
    },
    'signingMaterial': {
        'certificateArn': 'string'
    },
    'platformId': 'string',
    'profileName': 'string',
    'overrides': {
        'signingConfiguration': {
            'encryptionAlgorithm': 'RSA'|'ECDSA',
            'hashAlgorithm': 'SHA1'|'SHA256'
        }
    },
    'signingParameters': {
        'string': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'completedAt': datetime(2015, 1, 1),
    'requestedBy': 'string',
    'status': 'InProgress'|'Failed'|'Succeeded',
    'statusReason': 'string',
    'signedObject': {
        's3': {
            'bucketName': 'string',
            'key': 'string'
        }
    }
}

Response Structure

• (dict) --
  • jobId (string) --

    The ID of the signing job on output.

  • source (dict) --

    The object that contains the name of your S3 bucket or your raw code.

    • s3 (dict) --

      The S3Source object.

      • bucketName (string) --

        Name of the S3 bucket.

      • key (string) --

        Key name of the bucket object that contains your unsigned code.

      • version (string) --

        Version of your source image in your version enabled S3 bucket.

  • signingMaterial (dict) --

    Amazon Resource Name (ARN) of your code signing certificate.

    • certificateArn (string) --

      The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

  • platformId (string) --

    The microcontroller platform to which your signed code image will be distributed.

  • profileName (string) --

    The name of the profile that initiated the signing operation.

  • overrides (dict) --

    A list of any overrides that were applied to the signing operation.

    • signingConfiguration (dict) --

      A signing configuration that overrides the default encryption or hash algorithm of a signing job.

      • encryptionAlgorithm (string) --

        A specified override of the default encryption algorithm that is used in an AWS Signer job.

      • hashAlgorithm (string) --

        A specified override of the default hash algorithm that is used in an AWS Signer job.

  • signingParameters (dict) --

    Map of user-assigned key-value pairs used during signing. These values contain any information that you specified for use in your signing job.

    • (string) --
      • (string) --
  • createdAt (datetime) --

    Date and time that the signing job was created.

  • completedAt (datetime) --

    Date and time that the signing job was completed.

  • requestedBy (string) --

    The IAM principal that requested the signing job.

  • status (string) --

    Status of the signing job.

  • statusReason (string) --

    String value that contains the status reason.

  • signedObject (dict) --

    Name of the S3 bucket where the signed code image is saved by AWS Signer.

    • s3 (dict) --

      The S3SignedObject .

      • bucketName (string) --

        Name of the S3 bucket.

      • key (string) --

        Key name that uniquely identifies a signed code image in your bucket.

generate_presigned_url(ClientMethod, Params=None, ExpiresIn=3600, HttpMethod=None)

Generate a presigned url given a client, its method, and arguments

Parameters

• ClientMethod (string) -- The client method to presign for
• Params (dict) -- The parameters normally passed to ClientMethod.
• ExpiresIn (int) -- The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds)
• HttpMethod (string) -- The http method to use on the generated url. By default, the http method is whatever is used in the method's model.

Returns

The presigned url

get_paginator(operation_name)

Create a paginator for an operation.

Parameters

operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").

Raises OperationNotPageableError

Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.

Return type

L{botocore.paginate.Paginator}

Returns

A paginator object.

get_signing_platform(**kwargs)

Returns information on a specific signing platform.

See also: AWS API Documentation

Request Syntax

response = client.get_signing_platform(
    platformId='string'
)

Parameters

platformId (string) --

[REQUIRED]

The ID of the target signing platform.

Return type

dict

Returns

Response Syntax

{
    'platformId': 'string',
    'displayName': 'string',
    'partner': 'string',
    'target': 'string',
    'category': 'AWSIoT',
    'signingConfiguration': {
        'encryptionAlgorithmOptions': {
            'allowedValues': [
                'RSA'|'ECDSA',
            ],
            'defaultValue': 'RSA'|'ECDSA'
        },
        'hashAlgorithmOptions': {
            'allowedValues': [
                'SHA1'|'SHA256',
            ],
            'defaultValue': 'SHA1'|'SHA256'
        }
    },
    'signingImageFormat': {
        'supportedFormats': [
            'JSON',
        ],
        'defaultFormat': 'JSON'
    },
    'maxSizeInMB': 123
}

Response Structure

• (dict) --
  • platformId (string) --

    The ID of the target signing platform.

  • displayName (string) --

    The display name of the target signing platform.

  • partner (string) --

    A list of partner entities that use the target signing platform.

  • target (string) --

    The validation template that is used by the target signing platform.

  • category (string) --

    The category type of the target signing platform.

  • signingConfiguration (dict) --

    A list of configurations applied to the target platform at signing.

    • encryptionAlgorithmOptions (dict) --

      The encryption algorithm options that are available for an AWS Signer job.

      • allowedValues (list) --

        The set of accepted encryption algorithms that are allowed in an AWS Signer job.

        • (string) --
      • defaultValue (string) --

        The default encryption algorithm that is used by an AWS Signer job.

    • hashAlgorithmOptions (dict) --

      The hash algorithm options that are available for an AWS Signer job.

      • allowedValues (list) --

        The set of accepted hash algorithms allowed in an AWS Signer job.

        • (string) --
      • defaultValue (string) --

        The default hash algorithm that is used in an AWS Signer job.

  • signingImageFormat (dict) --

    The format of the target platform's signing image.

    • supportedFormats (list) --

      The supported formats of an AWS Signer signing image.

      • (string) --
    • defaultFormat (string) --

      The default format of an AWS Signer signing image.

  • maxSizeInMB (integer) --

    The maximum size (in MB) of the payload that can be signed by the target platform.

get_signing_profile(**kwargs)

Returns information on a specific signing profile.

See also: AWS API Documentation

Request Syntax

response = client.get_signing_profile(
    profileName='string'
)

Parameters

profileName (string) --

[REQUIRED]

The name of the target signing profile.

Return type

dict

Returns

Response Syntax

{
    'profileName': 'string',
    'signingMaterial': {
        'certificateArn': 'string'
    },
    'platformId': 'string',
    'overrides': {
        'signingConfiguration': {
            'encryptionAlgorithm': 'RSA'|'ECDSA',
            'hashAlgorithm': 'SHA1'|'SHA256'
        }
    },
    'signingParameters': {
        'string': 'string'
    },
    'status': 'Active'|'Canceled'
}

Response Structure

• (dict) --
  • profileName (string) --

    The name of the target signing profile.

  • signingMaterial (dict) --

    The ARN of the certificate that the target profile uses for signing operations.

    • certificateArn (string) --

      The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

  • platformId (string) --

    The ID of the platform that is used by the target signing profile.

  • overrides (dict) --

    A list of overrides applied by the target signing profile for signing operations.

    • signingConfiguration (dict) --

      A signing configuration that overrides the default encryption or hash algorithm of a signing job.

      • encryptionAlgorithm (string) --

        A specified override of the default encryption algorithm that is used in an AWS Signer job.

      • hashAlgorithm (string) --

        A specified override of the default hash algorithm that is used in an AWS Signer job.

  • signingParameters (dict) --

    A map of key-value pairs for signing operations that is attached to the target signing profile.

    • (string) --
      • (string) --
  • status (string) --

    The status of the target signing profile.

get_waiter(waiter_name)

Returns an object that can wait for some condition.

Parameters

waiter_name (str) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.

Returns

The specified waiter object.

Return type

botocore.waiter.Waiter

list_signing_jobs(**kwargs)

Lists all your signing jobs. You can use the maxResults parameter to limit the number of signing jobs that are returned in the response. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that AWS Signer returns in the nextToken parameter until all of your signing jobs have been returned.

See also: AWS API Documentation

Request Syntax

response = client.list_signing_jobs(
    status='InProgress'|'Failed'|'Succeeded',
    platformId='string',
    requestedBy='string',
    maxResults=123,
    nextToken='string'
)

Parameters

• status (string) -- A status value with which to filter your results.
• platformId (string) -- The ID of microcontroller platform that you specified for the distribution of your code image.
• requestedBy (string) -- The IAM principal that requested the signing job.
• maxResults (integer) -- Specifies the maximum number of items to return in the response. Use this parameter when paginating results. If additional items exist beyond the number you specify, the nextToken element is set in the response. Use the nextToken value in a subsequent request to retrieve additional items.
• nextToken (string) -- String for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of nextToken from the response that you just received.

Return type

dict

Returns

Response Syntax

{
    'jobs': [
        {
            'jobId': 'string',
            'source': {
                's3': {
                    'bucketName': 'string',
                    'key': 'string',
                    'version': 'string'
                }
            },
            'signedObject': {
                's3': {
                    'bucketName': 'string',
                    'key': 'string'
                }
            },
            'signingMaterial': {
                'certificateArn': 'string'
            },
            'createdAt': datetime(2015, 1, 1),
            'status': 'InProgress'|'Failed'|'Succeeded'
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • jobs (list) --

    A list of your signing jobs.

    • (dict) --

      Contains information about a signing job.

      • jobId (string) --

        The ID of the signing job.

      • source (dict) --

        A Source that contains information about a signing job's code image source.

        • s3 (dict) --

          The S3Source object.

          • bucketName (string) --

            Name of the S3 bucket.

          • key (string) --

            Key name of the bucket object that contains your unsigned code.

          • version (string) --

            Version of your source image in your version enabled S3 bucket.

      • signedObject (dict) --

        A SignedObject structure that contains information about a signing job's signed code image.

        • s3 (dict) --

          The S3SignedObject .

          • bucketName (string) --

            Name of the S3 bucket.

          • key (string) --

            Key name that uniquely identifies a signed code image in your bucket.

      • signingMaterial (dict) --

        A SigningMaterial object that contains the Amazon Resource Name (ARN) of the certificate used for the signing job.

        • certificateArn (string) --

          The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

      • createdAt (datetime) --

        The date and time that the signing job was created.

      • status (string) --

        The status of the signing job.

  • nextToken (string) --

    String for specifying the next set of paginated results.

list_signing_platforms(**kwargs)

Lists all signing platforms available in AWS Signer that match the request parameters. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that AWS Signer returns in the nextToken parameter until all of your signing jobs have been returned.

See also: AWS API Documentation

Request Syntax

response = client.list_signing_platforms(
    category='string',
    partner='string',
    target='string',
    maxResults=123,
    nextToken='string'
)

Parameters

• category (string) -- The category type of a signing platform.
• partner (string) -- Any partner entities connected to a signing platform.
• target (string) -- The validation template that is used by the target signing platform.
• maxResults (integer) -- The maximum number of results to be returned by this operation.
• nextToken (string) -- Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of nextToken from the response that you just received.

Return type

dict

Returns

Response Syntax

{
    'platforms': [
        {
            'platformId': 'string',
            'displayName': 'string',
            'partner': 'string',
            'target': 'string',
            'category': 'AWSIoT',
            'signingConfiguration': {
                'encryptionAlgorithmOptions': {
                    'allowedValues': [
                        'RSA'|'ECDSA',
                    ],
                    'defaultValue': 'RSA'|'ECDSA'
                },
                'hashAlgorithmOptions': {
                    'allowedValues': [
                        'SHA1'|'SHA256',
                    ],
                    'defaultValue': 'SHA1'|'SHA256'
                }
            },
            'signingImageFormat': {
                'supportedFormats': [
                    'JSON',
                ],
                'defaultFormat': 'JSON'
            },
            'maxSizeInMB': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • platforms (list) --

    A list of all platforms that match the request parameters.

    • (dict) --

      Contains information about the signing configurations and parameters that is used to perform an AWS Signer job.

      • platformId (string) --

        The ID of an AWS Signer platform.

      • displayName (string) --

        The display name of an AWS Signer platform.

      • partner (string) --

        Any partner entities linked to an AWS Signer platform.

      • target (string) --

        The types of targets that can be signed by an AWS Signer platform.

      • category (string) --

        The category of an AWS Signer platform.

      • signingConfiguration (dict) --

        The configuration of an AWS Signer platform. This includes the designated hash algorithm and encryption algorithm of a signing platform.

        • encryptionAlgorithmOptions (dict) --

          The encryption algorithm options that are available for an AWS Signer job.

          • allowedValues (list) --

            The set of accepted encryption algorithms that are allowed in an AWS Signer job.

            • (string) --

          • defaultValue (string) --

            The default encryption algorithm that is used by an AWS Signer job.

        • hashAlgorithmOptions (dict) --

          The hash algorithm options that are available for an AWS Signer job.

          • allowedValues (list) --

            The set of accepted hash algorithms allowed in an AWS Signer job.

            • (string) --

          • defaultValue (string) --

            The default hash algorithm that is used in an AWS Signer job.

      • signingImageFormat (dict) --

        The signing image format that is used by an AWS Signer platform.

        • supportedFormats (list) --

          The supported formats of an AWS Signer signing image.

          • (string) --

        • defaultFormat (string) --

          The default format of an AWS Signer signing image.

      • maxSizeInMB (integer) --

        The maximum size (in MB) of code that can be signed by a AWS Signer platform.

  • nextToken (string) --

    Value for specifying the next set of paginated results to return.

list_signing_profiles(**kwargs)

Lists all available signing profiles in your AWS account. Returns only profiles with an ACTIVE status unless the includeCanceled request field is set to true . If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that AWS Signer returns in the nextToken parameter until all of your signing jobs have been returned.

See also: AWS API Documentation

Request Syntax

response = client.list_signing_profiles(
    includeCanceled=True|False,
    maxResults=123,
    nextToken='string'
)

Parameters

• includeCanceled (boolean) -- Designates whether to include profiles with the status of CANCELED .
• maxResults (integer) -- The maximum number of profiles to be returned.
• nextToken (string) -- Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of nextToken from the response that you just received.

Return type

dict

Returns

Response Syntax

{
    'profiles': [
        {
            'profileName': 'string',
            'signingMaterial': {
                'certificateArn': 'string'
            },
            'platformId': 'string',
            'signingParameters': {
                'string': 'string'
            },
            'status': 'Active'|'Canceled'
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • profiles (list) --

    A list of profiles that are available in the AWS account. This includes profiles with the status of CANCELED if the includeCanceled parameter is set to true .

    • (dict) --

      Contains information about the ACM certificates and AWS Signer configuration parameters that can be used by a given AWS Signer user.

      • profileName (string) --

        The name of the AWS Signer profile.

      • signingMaterial (dict) --

        The ACM certificate that is available for use by a signing profile.

        • certificateArn (string) --

          The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

      • platformId (string) --

        The ID of a platform that is available for use by a signing profile.

      • signingParameters (dict) --

        The parameters that are available for use by an AWS Signer user.

        • (string) --
          • (string) --

      • status (string) --

        The status of an AWS Signer profile.

  • nextToken (string) --

    Value for specifying the next set of paginated results to return.

put_signing_profile(**kwargs)

Creates a signing profile. A signing profile is an AWS Signer template that can be used to carry out a pre-defined signing job. For more information, see http://docs.aws.amazon.com/signer/latest/developerguide/gs-profile.html

See also: AWS API Documentation

Request Syntax

response = client.put_signing_profile(
    profileName='string',
    signingMaterial={
        'certificateArn': 'string'
    },
    platformId='string',
    overrides={
        'signingConfiguration': {
            'encryptionAlgorithm': 'RSA'|'ECDSA',
            'hashAlgorithm': 'SHA1'|'SHA256'
        }
    },
    signingParameters={
        'string': 'string'
    }
)

Parameters

• profileName (string) --

  [REQUIRED]

  The name of the signing profile to be created.

• signingMaterial (dict) --

  [REQUIRED]

  The AWS Certificate Manager certificate that will be used to sign code with the new signing profile.

  • certificateArn (string) -- [REQUIRED]

    The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

• platformId (string) --

  [REQUIRED]

  The ID of the signing profile to be created.

• overrides (dict) --

  A subfield of platform . This specifies any different configuration options that you want to apply to the chosen platform (such as a different hash-algorithm or signing-algorithm ).

  • signingConfiguration (dict) --

    A signing configuration that overrides the default encryption or hash algorithm of a signing job.

    • encryptionAlgorithm (string) --

      A specified override of the default encryption algorithm that is used in an AWS Signer job.

    • hashAlgorithm (string) --

      A specified override of the default hash algorithm that is used in an AWS Signer job.

• signingParameters (dict) --

  Map of key-value pairs for signing. These can include any information that you want to use during signing.

  • (string) --
    • (string) --

Return type

dict

Returns

Response Syntax

{
    'arn': 'string'
}

Response Structure

• (dict) --

  • arn (string) --

    The Amazon Resource Name (ARN) of the signing profile created.

start_signing_job(**kwargs)

Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs operation for two years after they are performed. Note the following requirements:

• You must create an Amazon S3 source bucket. For more information, see Create a Bucket in the Amazon S3 Getting Started Guide .
• Your S3 source bucket must be version enabled.
• You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.
• You specify the name of the source and destination buckets when calling the StartSigningJob operation.
• You must also specify a request token that identifies your request to AWS Signer.

You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob .

For a Java example that shows how to use this action, see http://docs.aws.amazon.com/acm/latest/userguide/

See also: AWS API Documentation

Request Syntax

response = client.start_signing_job(
    source={
        's3': {
            'bucketName': 'string',
            'key': 'string',
            'version': 'string'
        }
    },
    destination={
        's3': {
            'bucketName': 'string',
            'prefix': 'string'
        }
    },
    profileName='string',
    clientRequestToken='string'
)

Parameters

• source (dict) --

  [REQUIRED]

  The S3 bucket that contains the object to sign or a BLOB that contains your raw code.

  • s3 (dict) --

    The S3Source object.

    • bucketName (string) -- [REQUIRED]

      Name of the S3 bucket.

    • key (string) -- [REQUIRED]

      Key name of the bucket object that contains your unsigned code.

    • version (string) -- [REQUIRED]

      Version of your source image in your version enabled S3 bucket.

• destination (dict) --

  [REQUIRED]

  The S3 bucket in which to save your signed object. The destination contains the name of your bucket and an optional prefix.

  • s3 (dict) --

    The S3Destination object.

    • bucketName (string) --

      Name of the S3 bucket.

    • prefix (string) --

      An Amazon S3 prefix that you can use to limit responses to those that begin with the specified prefix.

• profileName (string) -- The name of the signing profile.
• clientRequestToken (string) --

  [REQUIRED]

  String that identifies the signing request. All calls after the first that use this token return the same response as the first call.

  This field is autopopulated if not provided.

Return type

dict

Returns

Response Syntax

{
    'jobId': 'string'
}

Response Structure

• (dict) --

  • jobId (string) --

    The ID of your signing job.

Paginators

The available paginators are:

Waiters

The available waiters are:

• signer.Waiter.SuccessfulSigningJob

class signer.Waiter.SuccessfulSigningJob

waiter = client.get_waiter('successful_signing_job')

wait(**kwargs)

Polls signer.Client.describe_signing_job() every 20 seconds until a successful state is reached. An error is returned after 25 failed checks.

See also: AWS API Documentation

Request Syntax

waiter.wait(
    jobId='string',
    WaiterConfig={
        'Delay': 123,
        'MaxAttempts': 123
    }
)

Parameters

• jobId (string) --

  [REQUIRED]

  The ID of the signing job on input.

• WaiterConfig (dict) --

  A dictionary that provides parameters to control waiting behavior.

  • Delay (integer) --

    The amount of time in seconds to wait between attempts. Default: 20

  • MaxAttempts (integer) --

    The maximum number of attempts to be made. Default: 25

Returns

None