POST Codesign/CreateEnvironment

Adds a new signing environment to a project. The environment manages the way applications will be code signed. The environment only becomes active after a Code Signing Administrator approves the project.

Requirements

  • Permissions:  The caller must be a Code Signing Administrator, or a member of any role on the project that owns the environment.
  • Token scope:  Codesign:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

EnvironmentName

Specify DN or EnvironmentName. The name of the new environment you want to create.

Project

The project that will use this environment. To get these values, look in the UI or call POST Codesign/EnumerateProjects.

  • Dn: The Distinguished Name (DN) of the project, which identifies its location and name. For example, \\VED\\Code Signing\\Projects\\APIProjectDraft.

  • Guid: The project unique identifier. For example, {7ec6692c-c095-4afa-9515-e4dc3c01fd55}

    Where is the Project Guid

  • Id: The project ID.

CertificateEnvironment | AppleEnvironment | KeyPairEnvironment | DotNetEnvironment | CSPEnvironment | GPGEnvironment

See POST /vedsdk/codesign/CreateEnvironment for object description.

Returns

Response description

Name

Description

HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • [Environment object]:  One of the following objects that describes the environment you just created:

  • [Template object]. The corresponding values from one of these environment templates:

  • CNPattern: The template for naming certificates. Contains a regular expression that must match the Common Name (CN) of the certificate being imported. If a user attempts to import a certificate that does not match then the import will not be allowed.

  • CertificateSubject : The certificate name.

  • City: The valid City or Locality (L) field for the certificate Subject DN. The environment template can control this value. See Environment details

  • KeyAlgorithm: The Info Value pair has an Items array with allowable encryption algorithms for signing certificates. The environment template can control this value.

  • KeyAlgorithm: Acceptable encryption algorithms for signing certificates. Info: Suggests or locks this value as mandatory. Value: When value originated from the template, the Dirty flag is true. Also includes an Items array of acceptable values.

  • KeyStorageLocation: A set of acceptable key storage locations that originate from the environment template. See Environment details

  • Organization: A set of acceptable Organization (O) values from the environment template. See Environment details
  • OrganizationUnit: A set of acceptable Organization Unit (OU) values from the environment template. See Environment details

  • State: A set of acceptable State (ST) names. See Environment details

  • UserId:  A set of acceptable users. See Environment details

  • Country:  The Country (C) field for the certificate Subject DN. See Environment details

  • Result:  The Result code of this API call. For more information, see Sign Result Codes.

  • Success:  The result of this API call: A value of false indicates the request failed due to an Error. Otherwise, true.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

HTTP 500

For invalid requests, this call returns a HTTP 500 Unexpected Exception:

Error: The reason for the error.

Example: Create a signing environment for a project

Request

POST https://codesign.venafi.example/vedsdk/Codesign/CreateEnvironment
Authorization:Bearer 4MyGeneratedBearerTknz
{
   "EnvironmentName":"GPGEnv",
   "TemplateDN":"\\VED\\Code Signing\\Environment Templates\\GPG",
   "Guid":"{2a65619c-ac68-4ec0-850b-1b29b09941ed}",
   "Project":{
      "Dn":"\\VED\\Code Signing\\Projects\\Sample",
      "Guid":"{a26de394-3403-49e3-9164-6ebe8bf23560}",
      "Id":152516
   },
   "GPGTemplate":{ ...
      
   }
}

Response

HTTP/1.1 200 OK
{
   "GPGEnvironment":{
      "AllowUserKeyImport":true,
      "CustomFieldAttributes":{
         "Items":[
            
         ]
      },
      "Disabled":true,
      "Dn":"\\VED\\Code Signing\\Projects\\RESTProjectwithSignProject\\MyGpGEnvREST2",
      "Guid":"{d477fd95-d9b4-41e2-9553-5bfac336b418}",
      "IPAddressRestriction":{
         "Items":[
            
         ]
      },
      "Id":653,
      "KeyTimeConstraints":{
         "Items":[
            
         ]
      },
      "KeyUseFlowDN":"\\VED\\Code Signing\\Flows\\No Restrictions",
      "TemplateDN":"\\VED\\Code Signing\\Environment Templates\\GPG",
      "Type":"Code Signing GPG Environment",
      "AuthenticationKeyAlgorithm":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "AuthenticationKeyDN":"\\VED\\Policy\\Code Signing\\Certificates\\RESTProjectwithSignProject MyGpGEnvREST2 - Authentication Key",
      "Email":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "EncryptionKeyAlgorithm":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "EncryptionKeyDN":"\\VED\\Policy\\Code Signing\\Certificates\\RESTProjectwithSignProject MyGpGEnvREST2 - Encryption Key",
      "Expiration":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "GPGTemplate":{ ...

   },
   "Result":1,
   "Success":true
}