import { Command as $Command } from "@smithy/core/client"; import type { MetadataBearer as __MetadataBearer } from "@smithy/types"; import type { CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CognitoIdentityProviderClient"; import type { GetSigningCertificateRequest, GetSigningCertificateResponse } from "../models/models_0"; /** * @public */ export type { __MetadataBearer }; export { $Command }; /** * @public * * The input for {@link GetSigningCertificateCommand}. */ export interface GetSigningCertificateCommandInput extends GetSigningCertificateRequest { } /** * @public * * The output of {@link GetSigningCertificateCommand}. */ export interface GetSigningCertificateCommandOutput extends GetSigningCertificateResponse, __MetadataBearer { } declare const GetSigningCertificateCommand_base: { new (input: GetSigningCertificateCommandInput): import("@smithy/core/client").CommandImpl; new (input: GetSigningCertificateCommandInput): import("@smithy/core/client").CommandImpl; getEndpointParameterInstructions(): { [x: string]: unknown; }; }; /** *

Given a user pool ID, returns the signing certificate for SAML 2.0 federation.

*

Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and * assigns a new signing certificate annually. This renewal process returns a new value in * the response to GetSigningCertificate, but doesn't invalidate the original * certificate.

*

For more information, see Signing SAML requests.

* *

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must * grant yourself the corresponding IAM permission in a policy.

*

* Learn more *

* *
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { CognitoIdentityProviderClient, GetSigningCertificateCommand } from "@aws-sdk/client-cognito-identity-provider"; // ES Modules import * // const { CognitoIdentityProviderClient, GetSigningCertificateCommand } = require("@aws-sdk/client-cognito-identity-provider"); // CommonJS import * // import type { CognitoIdentityProviderClientConfig } from "@aws-sdk/client-cognito-identity-provider"; * const config = {}; // type is CognitoIdentityProviderClientConfig * const client = new CognitoIdentityProviderClient(config); * const input = { // GetSigningCertificateRequest * UserPoolId: "STRING_VALUE", // required * }; * const command = new GetSigningCertificateCommand(input); * const response = await client.send(command); * // { // GetSigningCertificateResponse * // Certificate: "STRING_VALUE", * // }; * * ``` * * @param GetSigningCertificateCommandInput - {@link GetSigningCertificateCommandInput} * @returns {@link GetSigningCertificateCommandOutput} * @see {@link GetSigningCertificateCommandInput} for command's `input` shape. * @see {@link GetSigningCertificateCommandOutput} for command's `response` shape. * @see {@link CognitoIdentityProviderClientResolvedConfig | config} for CognitoIdentityProviderClient's `config` shape. * * @throws {@link InternalErrorException} (server fault) *

This exception is thrown when Amazon Cognito encounters an internal error.

* * @throws {@link InvalidParameterException} (client fault) *

This exception is thrown when the Amazon Cognito service encounters an invalid * parameter.

* * @throws {@link OperationNotEnabledException} (client fault) *

This exception is thrown when an operation is not available in the current region or for the current user pool configuration. This can occur when attempting to perform operations that are not supported in secondary replica regions.

* * @throws {@link ResourceNotFoundException} (client fault) *

This exception is thrown when the Amazon Cognito service can't find the requested * resource.

* * @throws {@link CognitoIdentityProviderServiceException} *

Base exception class for all service exceptions from CognitoIdentityProvider service.

* * * @public */ export declare class GetSigningCertificateCommand extends GetSigningCertificateCommand_base { /** @internal type navigation helper, not in runtime. */ protected static __types: { api: { input: GetSigningCertificateRequest; output: GetSigningCertificateResponse; }; sdk: { input: GetSigningCertificateCommandInput; output: GetSigningCertificateCommandOutput; }; }; }