POST API/GetObjects

Retrieves information that the caller can use in code signing.

Requirements

Setup: See Setting up your HSM Client application
Permissions: The caller must be a Key User who is assigned to this project.
Token scope: codesignclient

Headers

Content type: Content-Type:application/json.
Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters
Name	Description
EnvironmentFilter	(Optional) An array of comma separated HSM EnvironmentTypes. A single environment can contain up to three public and private keys and certificates. If an environment contains more than one keypair, the KeyContext identifies the purpose of the key: 0 = Certificate environment. A single certificate and keypair. 1 = GNU Privacy Guard (GPG) environment. Three keypairs (sign, encrypt, auth) and optional certificates. 2 = .Net Strongname environment. No certificate; RSA only. 3 = Cryptographic Service Provider (CSP). Two key pairs (sign and encrypt), certificates optional. Example: "EnvironmentFilter": [1,2]
Experimental	(Optional) Set to true to include objects that use experimental post-quantum keys.
IncludeArchived	(Optional) Show expired certificate chains: true: Include expired intermediate and root chains. false: Default. Omit certificate chains. Example: "IncludeArchived": true
IncludeChains	(Optional) Show trust chain of a certificate: true: Include intermediate and root chains. false: Default. Omit certificate chains. Example: "IncludeChains": true
KeyContext	(Optional) Show the purpose of the key: null authentication encryption signing Example: "KeyContext": "signing"
KeyId	(Optional) Show data by Certificate object identifier. Typically, this is the GUID of the Certificate Environment. Example: "KeyId": "{1160fe72-2318-49d3-8ac0-8fe54b4f5c95}"
LabelFilter	(Optional) An array of environment filter strings. Regex is allowed. Example: "LabelFilter": [ "Sample-Label-1" ]
ObjectTypeFilter	(Optional) An array of comma separated ObjectTypes: 1 = X. 509 Certificate 2 = Public key 3 = Private key 4 = Symmetric key Example: "ObjectTypeFilter": [1,4].

Returns

If there are no objects, this API call only returns Success:true. For more information, see the LibHSM documentation on your signing workstation:

Linux: file:///opt/venafi/codesign/html/index.html
macOS: file:///Library/Venafi/CodeSigning/html/index.html
Windows: file:///C:/Program Files/Venafi CodeSign Protect/SDK/html/index.html

Response description
Name	Description
Certificates	An array of HSM certificate objects. Each certificate corresponds to a key pair that is present on the HSM.
Pending	The creation status of Certificates, PrivateKeys, PublicKeys objects. true: The creation status of one or more objects is pending. false: The creation of all objects is complete.
PrivateKeys	An array of Private Key objects that are stored on the HSM.
PublicKeys	An array of Public Key object that are stored on the HSM.
Success	true: The request successfully completed.

Example: List keys and certificates that are present on an HSM

Request

POST https://test.venafi.example/vedhsm/API/GetObjects
Authorization:Bearer 4MyGeneratedBearerTknz==
{
    "EnvironmentFilter": [
       0
   ],
   "IncludeChains": true
}

Response

HTTP/1.1 200 OK
{
   "Certificates":[
      {
         "Authentication":false,
         "CreatedOn":"2022-05-04T15:15:47.0807044Z",
         "Encipherment":false,
         "EnvironmentType":0,
         "Handle":488,
         "Id":"U2FtcGxlLVByb2R1Y3Rpb24tRW52aXJvbm1lbnQ=",
         "KeyContext":null,
         "KeyId":"{dca07f7d-b407-479a-a37d-6b82e41cd3b3}",
         "Label":"Sample-Production-Environment",
         "ObjectType":1,
         "Signing":true,
         "Token":true,
         "CheckValue":"ZKzj",
         "EndDate":"20230504",
         "Issuer":"MGMxFTAT...",
         "StartDate":"20220504",
         "Subject":"MGMxFTAT...",
         "Trusted":true,
         "Value":"MIIFojCC..."
      }
   ],
   "Pending":true,
   "PrivateKeys":[
      {
         "Authentication":false,
         "CreatedOn":"2022-05-04T15:15:47.0807044Z",
         "Encipherment":false,
         "EnvironmentType":0,
         "Handle":484,
         "Id":"U2FtcGxlLVByb2R1Y3Rpb24tRW52aXJvbm1lbnQ=",
         "KeyContext":null,
         "KeyId":"{dca07f7d-b407-479a-a37d-6b82e41cd3b3}",
         "Label":"Sample-Production-Environment",
         "ObjectType":3,
         "Private":true,
         "Signing":true,
         "Token":true,
         "KeyType":0,
         "Decrypt":true,
         "Exponent":"AQAB",
         "Modulus":"7wZKLes1...",
         "Sign":true,
         "Unwrap":true
      }
   ],
   "PublicKeys":[
      {
         "Authentication":false,
         "CreatedOn":"2022-05-04T15:15:47.0807044Z",
         "Encipherment":false,
         "EnvironmentType":0,
         "Handle":0,
         "Id":"U2FtcGxlLVByb2R1Y3Rpb24tRW52aXJvbm1lbnQ=",
         "KeyContext":null,
         "KeyId":"{dca07f7d-b407-479a-a37d-6b82e41cd3b3}",
         "Label":"Sample-Production-Environment",
         "ObjectType":2,
         "Signing":true,
         "Token":true,
         "KeyType":0,
         "Bits":4096,
         "Encrypt":true,
         "Exponent":"AQAB",
         "Modulus":"7wZKLes1u...",
         "Verify":true,
         "Wrap":true
      }
   ],
   "Success":true
}