POST Codesign/ExportSignArchive

Exports code signing archive entries and returns them in CSV format after input filters get applied. To retrieve an unfiltered list of archive entries, use GET Codesign/ExportSignArchive.

Requirements

  • Permissions: The caller must be a Master Admin, System Auditor, Code Signing Administrator, or Code Signing Auditor.
  • Token scope:  Codesign:Manage

Headers

Parameters

Input parameters

Name

Description

ArchiveFilter

The following keys can be passed in the ArchiveFilter object. Results must match all of the values passed. See the example section below for complete syntax.

The percent character % can be used as a wildcard in any string. It must be added at the beginning and end of the filtering string (for partial match), for example "ApplicationHash": "AD63AF5%".

Key name Description and request example
ApplicationHash

String

The hash of the application used to sign.

ArchiveEntryId

Integer

Table number for the archive. Passing this value will return a specific event.

Artifact

String

The hash or token of the binary. This hash is what was signed during the code signing operation.

AuthenticatedUserName

String

The user ID of the user that signed.

AuthenticatedUser

String

The prefixed universal UUID of the user that signed. Use POST Identity/Browse to look up the prefixed universal for an identity.

ClientInterface

Integer

The signing client interface used to sign. The following integers are valid:

  • 0: Unknown interface

  • 1: PKCS11Config Interface

  • 2: CSPConfig Interface

  • 3: GPGConfig Interface

  • 4: TKDriverConfig Interface

  • 5: VenaifiSCD Interface

  • 6: Venafi Code Signing Token Driver Interface

ClientLibraryLocation

String

Client library location in the file system.
ClientLibraryName

String

The client library used to sign.

ClientLibraryVersion

String

The version of the library used to sign.

ClientMechanism

Integer

The mechanism used before hashing the data to send for signing.

Command

String

The command that was used to sign, if the command was sent during signing.

EnvironementId

Integer

ID of the environment object.
EnvironementIds

Array of integers

Array of environment objects IDs.
EnvironmentDNs

Array of strings

List of DNs for multiple Code Signing Environments.

EnvironmentDN

String

DN of the Code Signing Environment.

EventType

String

The type of the event in the signing archive.

Request example: "EventType":"SigningSuccessful"

EventTypeId

Integer

Log event ID in hex format.

ExecutableLocation

Srting

File system location of the executable used to sign.

Executable

String

Name of the executable that was used to sign.

FlowDN

String

DN of the Flow used.

FlowId

Integer

ID of the Flow object.

FreeTextFilter

String

Free text filter for filtering using multiple fields.

Grouping

Integer

A numerical representation of the thumbprint of the Request Identifier Fields used on the signing request.

A value of 0 will be shown if the process didn't complete its Flow or failed another constraint gate (such as IP address restrictions or time constraints).

IPAddress

String

IP address of the system used to sign.

IsSigningArchiveSettingsChange

Boolean

Filter for signing archive settings changes (for example, enable/disable archive events).

IsSigningFailure

Boolean

Filter for all statuses that are considered signing failures.

IsSigningSystemError

Boolean

Filter for all status errors that are not considered user violations.

IsSigningViolation

Boolean

Filter for all status errors that are considered user violations.

KeyType

String

Key type used to sign.

KeyVaultId

Integer

SecretStore Vault ID of the signing private key.

Request example: "KeyVaultId": 91275

Machine

String

Name of the system used to sign.

Mechanism

Integer

The Mechanism ID that represents the encryption algorithm for the signing operation.

Platform

String

Operating system of the machined used to sign.
ProjectDNs

Array of strings

List of DNs for multiple Code Signing Projects.

ProjectDN

String

DN of the Code Signing Project.

ProjectId

Integer

ID of the project object.
ProjectIds

Array of integers

Array of project object IDs.
RemoteAccount

String

Account of the user executing the signing command on the signing workstation.

TimestampAfter

String

All entries with a timestamp prior to the provided timestamp will be excluded from the response.

TimestampBefore

String

All entries with a timestamp earlier than the provided timestamp will be excluded from the response.

PageSize

(Required) Integer specifying the number of results to be included in each page of the response. If no value is passed, the request will succeed, but no archive entries will be returned.

Page

The page to return. Default is 1.

Returns

For value requests, POST ExportSignArchive returns the matching archive entries in CSV format.

Example

Request archive entries that used signtool.exe from IP 192.168.5.128

POST /vedsdk/codesign/ExportSignArchive HTTP/1.1
Host: tpp.server.url
Content-Type: application/json
Authorization: ••••••
Content-Length: 143

{
  "PageSize": 100,
  "Page": 1,
  "ArchiveFilter": {
    "Executable": "signtool.exe",
    "IPAddress": "192.168.5.128"
    }
}

Request archive entries that used the "Production" environment from the "Sample" project.

POST /vedsdk/codesign/ExportSignArchive HTTP/1.1
Host: 192.168.1.230
Content-Type: application/json
Authorization: ••••••
Content-Length: 157

{
  "PageSize": 100,
  "Page": 1,
  "ArchiveFilter": {
    "EnvironmentDN":"\\VED\\Code Signing\\Projects\\Sample\\Prod",
    "ProjectDN": "\\VED\\Code Signing\\Projects\\Sample"
    }
}