本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用 的簽署者範例 AWS CLI
下列程式碼範例示範如何使用 AWS Command Line Interface 搭配 Signer 來執行動作和實作常見案例。
*Actions* 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
**Topics**
+ [動作](#actions)
## 動作
### `cancel-signing-profile`
以下程式碼範例顯示如何使用 `cancel-signing-profile`。
**AWS CLI**
**刪除簽署設定檔**
下列`cancel-signing-profile`範例會從 AWS Signer 移除現有的簽署設定檔。
```
aws signer cancel-signing-profile \
--profile-name MyProfile1
```
此命令不會產生輸出。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CancelSigningProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/cancel-signing-profile.html)。
### `describe-signing-job`
以下程式碼範例顯示如何使用 `describe-signing-job`。
**AWS CLI**
**顯示簽署任務的詳細資訊**
下列 `describe-signing-job` 範例會顯示指定簽署任務的詳細資訊。
```
aws signer describe-signing-job \
--job-id 2065c468-73e2-4385-a6c9-0123456789abc
```
輸出:
```
{
"status": "Succeeded",
"completedAt": 1568412037,
"platformId": "AmazonFreeRTOS-Default",
"signingMaterial": {
"certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc"
},
"statusReason": "Signing Succeeded",
"jobId": "2065c468-73e2-4385-a6c9-0123456789abc",
"source": {
"s3": {
"version": "PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4",
"bucketName": "signer-source",
"key": "MyCode.rb"
}
},
"profileName": "MyProfile2",
"signedObject": {
"s3": {
"bucketName": "signer-destination",
"key": "signed-2065c468-73e2-4385-a6c9-0123456789abc"
}
},
"requestedBy": "arn:aws:iam::123456789012:user/maria",
"createdAt": 1568412036
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeSigningJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/describe-signing-job.html)。
### `get-signing-platform`
以下程式碼範例顯示如何使用 `get-signing-platform`。
**AWS CLI**
**顯示簽署平台的詳細資訊**
下列 `get-signing-platform` 範例會顯示指定簽署平台的詳細資訊。
```
aws signer get-signing-platform \
--platform-id AmazonFreeRTOS-TI-CC3220SF
```
輸出:
```
{
"category": "AWS",
"displayName": "Amazon FreeRTOS SHA1-RSA CC3220SF-Format",
"target": "SHA1-RSA-TISHA1",
"platformId": "AmazonFreeRTOS-TI-CC3220SF",
"signingConfiguration": {
"encryptionAlgorithmOptions": {
"defaultValue": "RSA",
"allowedValues": [
"RSA"
]
},
"hashAlgorithmOptions": {
"defaultValue": "SHA1",
"allowedValues": [
"SHA1"
]
}
},
"maxSizeInMB": 16,
"partner": "AmazonFreeRTOS",
"signingImageFormat": {
"defaultFormat": "JSONEmbedded",
"supportedFormats": [
"JSONEmbedded"
]
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetSigningPlatform](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/get-signing-platform.html)。
### `get-signing-profile`
以下程式碼範例顯示如何使用 `get-signing-profile`。
**AWS CLI**
**顯示簽署設定檔的詳細資訊**
下列 `get-signing-profile` 範例會顯示指定簽署設定檔的詳細資訊。
```
aws signer get-signing-profile \
--profile-name MyProfile3
```
輸出:
```
{
"platformId": "AmazonFreeRTOS-TI-CC3220SF",
"profileName": "MyProfile3",
"status": "Active",
"signingMaterial": {
"certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc"
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetSigningProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/get-signing-profile.html)。
### `list-signing-jobs`
以下程式碼範例顯示如何使用 `list-signing-jobs`。
**AWS CLI**
**列出所有簽署任務**
下列 `list-signing-jobs` 範例會顯示帳戶的所有簽署任務詳細資訊。
```
aws signer list-signing-jobs
```
在此範例中,會傳回兩個任務,一個成功,另一個失敗。
```
{
"jobs": [
{
"status": "Succeeded",
"signingMaterial": {
"certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc"
},
"jobId": "2065c468-73e2-4385-a6c9-0123456789abc",
"source": {
"s3": {
"version": "PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4",
"bucketName": "signer-source",
"key": "MyCode.rb"
}
},
"signedObject": {
"s3": {
"bucketName": "signer-destination",
"key": "signed-2065c468-73e2-4385-a6c9-0123456789abc"
}
},
"createdAt": 1568412036
},
{
"status": "Failed",
"source": {
"s3": {
"version": "PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4",
"bucketName": "signer-source",
"key": "MyOtherCode.rb"
}
},
"signingMaterial": {
"certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc"
},
"createdAt": 1568402690,
"jobId": "74d9825e-22fc-4a0d-b962-0123456789abc"
}
]
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListSigningJobs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/list-signing-jobs.html)。
### `list-signing-platforms`
以下程式碼範例顯示如何使用 `list-signing-platforms`。
**AWS CLI**
**列出所有簽署平台**
下列 `list-signing-platforms` 範例會顯示所有可用簽署平台的詳細資訊。
```
aws signer list-signing-platforms
```
輸出:
```
{
"platforms": [
{
"category": "AWS",
"displayName": "AWS IoT Device Management SHA256-ECDSA ",
"target": "SHA256-ECDSA",
"platformId": "AWSIoTDeviceManagement-SHA256-ECDSA",
"signingConfiguration": {
"encryptionAlgorithmOptions": {
"defaultValue": "ECDSA",
"allowedValues": [
"ECDSA"
]
},
"hashAlgorithmOptions": {
"defaultValue": "SHA256",
"allowedValues": [
"SHA256"
]
}
},
"maxSizeInMB": 2048,
"partner": "AWSIoTDeviceManagement",
"signingImageFormat": {
"defaultFormat": "JSONDetached",
"supportedFormats": [
"JSONDetached"
]
}
},
{
"category": "AWS",
"displayName": "Amazon FreeRTOS SHA1-RSA CC3220SF-Format",
"target": "SHA1-RSA-TISHA1",
"platformId": "AmazonFreeRTOS-TI-CC3220SF",
"signingConfiguration": {
"encryptionAlgorithmOptions": {
"defaultValue": "RSA",
"allowedValues": [
"RSA"
]
},
"hashAlgorithmOptions": {
"defaultValue": "SHA1",
"allowedValues": [
"SHA1"
]
}
},
"maxSizeInMB": 16,
"partner": "AmazonFreeRTOS",
"signingImageFormat": {
"defaultFormat": "JSONEmbedded",
"supportedFormats": [
"JSONEmbedded"
]
}
},
{
"category": "AWS",
"displayName": "Amazon FreeRTOS SHA256-ECDSA",
"target": "SHA256-ECDSA",
"platformId": "AmazonFreeRTOS-Default",
"signingConfiguration": {
"encryptionAlgorithmOptions": {
"defaultValue": "ECDSA",
"allowedValues": [
"ECDSA"
]
},
"hashAlgorithmOptions": {
"defaultValue": "SHA256",
"allowedValues": [
"SHA256"
]
}
},
"maxSizeInMB": 16,
"partner": "AmazonFreeRTOS",
"signingImageFormat": {
"defaultFormat": "JSONEmbedded",
"supportedFormats": [
"JSONEmbedded"
]
}
}
]
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListSigningPlatforms](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/list-signing-platforms.html)。
### `list-signing-profiles`
以下程式碼範例顯示如何使用 `list-signing-profiles`。
**AWS CLI**
**列出所有簽署設定檔**
下列 `list-signing-profiles` 範例會顯示帳戶的所有簽署設定檔詳細資訊。
```
aws signer list-signing-profiles
```
輸出:
```
{
"profiles": [
{
"platformId": "AmazonFreeRTOS-TI-CC3220SF",
"profileName": "MyProfile4",
"status": "Active",
"signingMaterial": {
"certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc"
}
},
{
"platformId": "AWSIoTDeviceManagement-SHA256-ECDSA",
"profileName": "MyProfile5",
"status": "Active",
"signingMaterial": {
"certificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc"
}
}
]
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListSigningProfiles](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/list-signing-profiles.html)。
### `put-signing-profile`
以下程式碼範例顯示如何使用 `put-signing-profile`。
**AWS CLI**
**建立簽署描述檔**
下列 `put-signing-profile` 範例會使用指定的憑證和平台建立簽署設定檔。
```
aws signer put-signing-profile \
--profile-name MyProfile6 \
--signing-material certificateArn=arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc \
--platform AmazonFreeRTOS-TI-CC3220SF
```
輸出:
```
{
"arn": "arn:aws:signer:us-west-2:123456789012:/signing-profiles/MyProfile6"
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [PutSigningProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/put-signing-profile.html)。
### `start-signing-job`
以下程式碼範例顯示如何使用 `start-signing-job`。
**AWS CLI**
**啟動簽署任務**
下列 `start-signing-job` 範例會對在指定來源找到的程式碼啟動簽署任務。它使用指定的設定檔執行簽署,並將簽署的程式碼放在指定的目的地。
```
aws signer start-signing-job \
--source 's3={bucketName=signer-source,key=MyCode.rb,version=PNyFaUTgsQh5ZdMCcoCe6pT1gOpgB_M4}' \
--destination 's3={bucketName=signer-destination,prefix=signed-}' \
--profile-name MyProfile7
```
輸出是簽署任務的 ID。
```
{
"jobId": "2065c468-73e2-4385-a6c9-0123456789abc"
}
```
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [StartSigningJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/start-signing-job.html)。