signer / Client / get_revocation_status

get_revocation_status#

signer.Client.get_revocation_status(**kwargs)#

Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.

Request Syntax

response = client.get_revocation_status(
    signatureTimestamp=datetime(2015, 1, 1),
    platformId='string',
    profileVersionArn='string',
    jobArn='string',
    certificateHashes=[
        'string',
    ]
)

Parameters:

signatureTimestamp (datetime) –
[REQUIRED]

The timestamp of the signature that validates the profile or job.
platformId (string) –
[REQUIRED]

The ID of a signing platform.
profileVersionArn (string) –
[REQUIRED]

The version of a signing profile.
jobArn (string) –
[REQUIRED]

The ARN of a signing job.
certificateHashes (list) –
[REQUIRED]

A list of composite signed hashes that identify certificates.

A certificate identifier consists of a subject certificate TBS hash (signed by the parent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root certificates are defined as their own CA.

The following example shows how to calculate a hash for this parameter using OpenSSL commands:

openssl asn1parse -in childCert.pem -strparse 4 -out childCert.tbs

openssl sha384 < childCert.tbs -binary > childCertTbsHash

openssl asn1parse -in parentCert.pem -strparse 4 -out parentCert.tbs

openssl sha384 < parentCert.tbs -binary > parentCertTbsHash xxd -p childCertTbsHash > certificateHash.hex xxd -p parentCertTbsHash >> certificateHash.hex

cat certificateHash.hex | tr -d '\n'
- (string) –

Return type:

dict

Returns:

Response Syntax

{
    'revokedEntities': [
        'string',
    ]
}

Response Structure

(dict) –
- revokedEntities (list) –
  
  A list of revoked entities (including zero or more of the signing profile ARN, signing job ARN, and certificate hashes) supplied as input to the API.
  - (string) –

get_revocation_status#

Request Syntax

Response Syntax

Response Structure

Exceptions