Code Signing Get Policy Key Data

The "code-signing-get-policy-key-data" API enables users to retrieve detailed information about TSA configuration, hashing algorithms, and mapped keys for specific code signing policies.

Before you begin

  • Ensure that the certificate has been enrolled and mapped to the signing policy.

Request Structure

Endpoint: /code-signing-get-policy-key-data
Type: GET
Sample URL: https://<IP/HostName/TenantName>:<GWPORT>/avxapi/code-signing-get-policy-key-data?gwsource=external&filterType=hashBasedSigning

To understand the elements of the sample URL, click here.
Content-Type: application/json
Table 1. Input Parameter
Name Description
Token

String

(header)		 (Mandatory) Use token retrieved from login API.

Example: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJwbGF0Zm9y bSIsImF1ZCI6ImF2eCIsImNsaWVudElkIjoiOTcwNzRlNDEtOGFmOS00NTZkLTlhNjQtZjB jNGJiOTA4MDQ4IiwiaXNzIjoiYXZ4IiwiZXhwIjoxNjUwMzY5MzY3LCJncmFudCB0eXBlIj oiY2xpZW50X2NyZWRlbnRpYWxzIn0.HZnkuUEjXIeqJWqpqi NWFHqIDI7GYf4cWx 6VwbjGD_0
sessionId

String

(header)		 (Mandatory) After successfully logging in, a unique identifier assigned to a user's session after successful authentication. The session ID remains valid until it expires. The session ID is a string value.

Example: "ce7f1a14-2bf9-4e4a-89a8-bc780a255813"
username

String

(header)		 (Mandatory) AppViewX login username, represented as a string value.

Example: "User"
password

String

(header)		 (Mandatory) AppViewX login username, represented as a string value.

Example: "AppViewX@123"
gwsource

String

(query)		 (Mandatory) Source from which the request is triggered. The values can be:
  • web
  • external

Type: String
filterType

String

(query)		 (Optional) Enter the criteria for filtering policies and key data to ensure precise and relevant data retrieval.
  • --
  • hashBasedSigning
  • fileBasedSigning

Response Structure

  • Status Code: 200 OK
  • Message: null
  • Headers:
    • Content-Type: application/json
Table 2. Response Parameters
Name Description
response Contains the response attributes for the get policy request.
message Success message or failure description in case of error.
appStatusCode Application specific status code for the response. Will be non-null for failure response.
tags More info in case of failure response.

Status Codes

HTTP Code appStatusCode Response Message
200 OK - null
400 Bad Request VALIDATION_ERROR_0004 Input fields does not comply with the validation criteria. Please recheck the input payload::[Filter Type can only be fileBasedSigning/hashBasedSigning]
400 Bad Request AVX_GW_001 Invalid Request. Please contact AppViewX Support.

Sample Request/Response

Use Case

This API is designed to retrieve detailed information about TSA configuration, hashing algorithms, and mapped keys for specific code signing policies.

Request URL
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/code-signing-get-policy-key-data?gwsource=external&filterType=hashBasedSigning
Request Payload 
NA
Sample Response for Hash Based Policy and Key Data 
{
  "response": {
    "policyKeysData": {
      "HashBasedPolicy": {
        "signingKeys": [
          "AppViewXCertificate=0F:63:61:90:16:F5:5D:0B:BA:87:46:89:6C:F2:BC:4B"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.globalsign.com/tsa/r6advanced1"
        ]
      },
      "HashBasedSigning_Policy_Windows": {
        "signingKeys": [
          "CertCodeSigningEJBCA_UploadCert_RSA4096HSM.appviewx.com=37:9B:BE:A2:DE:81:E6:37:68:21:5B:BE:78:6C:F9:38:00:02:D6:21"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.digicert.com"
        ],
        "fileTypes": null
      }
    },
    "totalCount": 0
  }
}
Sample Response for File Based Policy and Key Data 
{
  "response": {
    "policyKeysData": {
      "Signing_Policy_Upload_Cert_File_Jar": {
        "signingKeys": [
          "CertCodeSigningEJBCA_UploadCert_RSA4096HSM.appviewx.com=37:9B:BE:A2:DE:81:E6:37:68:21:5B:BE:78:6C:F9:38:00:02:D6:21"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.entrust.net/TSS/RFC3161sha2TS"
        ],
        "fileTypes": [
          "JAR"
        ]
      },
      "FileBasedPolicy": {
        "signingKeys": [
          "AppViewXCertificate=0F:63:61:90:16:F5:5D:0B:BA:87:46:89:6C:F2:BC:4B"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.digicert.com"
        ],
        "fileTypes": [
          "JAR",
          "PS1",
          "EXE",
          "JS"
        ]
      }
    },
    "totalCount": 0
  }
}
Sample Response for All Policies Key Data
{
  "response": {
    "policyKeysData": {
      "HashBasedPolicy": {
        "signingKeys": [
          "AppViewXCertificate=0F:63:61:90:16:F5:5D:0B:BA:87:46:89:6C:F2:BC:4B"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.globalsign.com/tsa/r6advanced1"
        ]
      },
      "HashBasedSigning_Policy_Windows": {
        "signingKeys": [
          "CertCodeSigningEJBCA_UploadCert_RSA4096HSM.appviewx.com=37:9B:BE:A2:DE:81:E6:37:68:21:5B:BE:78:6C:F9:38:00:02:D6:21"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.digicert.com"
        ],
        "fileTypes": null
      },
      "Signing_Policy_Upload_Cert_File_Jar": {
        "signingKeys": [
          "CertCodeSigningEJBCA_UploadCert_RSA4096HSM.appviewx.com=37:9B:BE:A2:DE:81:E6:37:68:21:5B:BE:78:6C:F9:38:00:02:D6:21"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.entrust.net/TSS/RFC3161sha2TS"
        ],
        "fileTypes": [
          "JAR"
        ]
      },
      "FileBasedPolicy": {
        "signingKeys": [
          "AppViewXCertificate=0F:63:61:90:16:F5:5D:0B:BA:87:46:89:6C:F2:BC:4B"
        ],
        "signingHashAlgorithm": [
          "SHA-256"
        ],
        "timeStampingURL": [
          "http://timestamp.digicert.com"
        ],
        "fileTypes": [
          "JAR",
          "PS1",
          "EXE",
          "JS"
        ]
      }
    },
    "totalCount": 0
  }
}

What's Next

Reference

Understanding the sample URL:
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.