{"files":{"SKILL.md":"---\nname: aws-signer\ndescription: \"AWS Signer API skill. Use when working with AWS Signer for signing-profiles, signing-jobs, revocations. Covers 19 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# AWS Signer\nAPI version: 2017-08-25\n\n## Auth\nAWS SigV4\n\n## Base URL\nNot specified.\n\n## Setup\n1. Configure auth: AWS SigV4\n2. GET /revocations -- retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.\n3. POST /signing-profiles/{profileName}/permissions -- create first permission\n\n## Endpoints\n19 endpoints across 5 groups. See references/api-spec.lap for full details.\n\n### Signing-profiles\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /signing-profiles/{profileName}/permissions | Adds cross-account permissions to a signing profile. |\n| DELETE | /signing-profiles/{profileName} | Changes the state of an ACTIVE signing profile to CANCELED. A canceled profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs, and is deleted two years after cancelation. |\n| GET | /signing-profiles/{profileName} | Returns information on a specific signing profile. |\n| GET | /signing-profiles/{profileName}/permissions | Lists the cross-account permissions associated with a signing profile. |\n| GET | /signing-profiles | Lists all available signing profiles in your AWS account. Returns only profiles with an ACTIVE status unless the includeCanceled request field is set to true. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned. |\n| PUT | /signing-profiles/{profileName} | Creates a signing profile. A signing profile is a code-signing template that can be used to carry out a pre-defined signing job. |\n| DELETE | /signing-profiles/{profileName}/permissions/{statementId} | Removes cross-account permissions from a signing profile. |\n| PUT | /signing-profiles/{profileName}/revoke | Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid. |\n\n### Signing-jobs\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /signing-jobs/{jobId} | Returns information about a specific code signing job. You specify the job by using the jobId value that is returned by the StartSigningJob operation. |\n| GET | /signing-jobs | Lists all your signing jobs. You can use the maxResults parameter to limit the number of signing jobs that are returned in the response. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned. |\n| PUT | /signing-jobs/{jobId}/revoke | Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid. |\n| POST | /signing-jobs/with-payload | Signs a binary payload and returns a signature envelope. |\n| POST | /signing-jobs | Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs operation for two years after they are performed. Note the following requirements:     You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the Amazon S3 Getting Started Guide.    Your S3 source bucket must be version enabled.   You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.   You specify the name of the source and destination buckets when calling the StartSigningJob operation.   You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.   You must also specify a request token that identifies your request to Signer.   You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob. For a Java example that shows how to use this action, see StartSigningJob. |\n\n### Revocations\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /revocations | Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate. |\n\n### Signing-platforms\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /signing-platforms/{platformId} | Returns information on a specific signing platform. |\n| GET | /signing-platforms | Lists all signing platforms available in AWS Signer that match the request parameters. If additional jobs remain to be listed, Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned. |\n\n### Tags\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /tags/{resourceArn} | Returns a list of the tags associated with a signing profile resource. |\n| POST | /tags/{resourceArn} | Adds one or more tags to a signing profile. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. To specify the signing profile, use its Amazon Resource Name (ARN). To specify the tag, use a key-value pair. |\n| DELETE | /tags/{resourceArn} | Removes one or more tags from a signing profile. To remove the tags, specify a list of tag keys. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Create a permission?\" -> POST /signing-profiles/{profileName}/permissions\n- \"Delete a signing-profile?\" -> DELETE /signing-profiles/{profileName}\n- \"Get signing-job details?\" -> GET /signing-jobs/{jobId}\n- \"List all revocations?\" -> GET /revocations\n- \"Get signing-platform details?\" -> GET /signing-platforms/{platformId}\n- \"Get signing-profile details?\" -> GET /signing-profiles/{profileName}\n- \"List all permissions?\" -> GET /signing-profiles/{profileName}/permissions\n- \"List all signing-jobs?\" -> GET /signing-jobs\n- \"List all signing-platforms?\" -> GET /signing-platforms\n- \"List all signing-profiles?\" -> GET /signing-profiles\n- \"Get tag details?\" -> GET /tags/{resourceArn}\n- \"Update a signing-profile?\" -> PUT /signing-profiles/{profileName}\n- \"Delete a permission?\" -> DELETE /signing-profiles/{profileName}/permissions/{statementId}\n- \"Create a with-payload?\" -> POST /signing-jobs/with-payload\n- \"Create a signing-job?\" -> POST /signing-jobs\n- \"Delete a tag?\" -> DELETE /tags/{resourceArn}\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api AWS Signer\n@version 2017-08-25\n@auth AWS SigV4\n@endpoints 19\n@toc signing-profiles(8), signing-jobs(5), revocations(1), signing-platforms(2), tags(3)\n\n@group signing-profiles\n@endpoint POST /signing-profiles/{profileName}/permissions\n@desc Adds cross-account permissions to a signing profile.\n@required {profileName: str, action: str, principal: str, statementId: str}\n@optional {profileVersion: str, revisionId: str}\n@returns(200) {revisionId: str?}\n\n@endpoint DELETE /signing-profiles/{profileName}\n@desc Changes the state of an ACTIVE signing profile to CANCELED. A canceled profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs, and is deleted two years after cancelation.\n@required {profileName: str}\n\n@endgroup\n\n@group signing-jobs\n@endpoint GET /signing-jobs/{jobId}\n@desc Returns information about a specific code signing job. You specify the job by using the jobId value that is returned by the StartSigningJob operation.\n@required {jobId: str}\n@returns(200) {jobId: str?, source: Source?{s3: S3Source?{bucketName: str, key: str, version: str}}, signingMaterial: SigningMaterial?{certificateArn: str}, platformId: str?, platformDisplayName: str?, profileName: str?, profileVersion: str?, overrides: SigningPlatformOverrides?{signingConfiguration: SigningConfigurationOverrides?{encryptionAlgorithm: str?, hashAlgorithm: str?}, signingImageFormat: str?}, signingParameters: map<str,str>?, createdAt: str(timestamp)?, completedAt: str(timestamp)?, signatureExpiresAt: str(timestamp)?, requestedBy: str?, status: str?, statusReason: str?, revocationRecord: SigningJobRevocationRecord?{reason: str?, revokedAt: str(timestamp)?, revokedBy: str?}, signedObject: SignedObject?{s3: S3SignedObject?{bucketName: str?, key: str?}}, jobOwner: str?, jobInvoker: str?}\n\n@endgroup\n\n@group revocations\n@endpoint GET /revocations\n@desc Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.\n@required {signatureTimestamp: str(timestamp), platformId: str, profileVersionArn: str, jobArn: str, certificateHashes: [str]}\n@returns(200) {revokedEntities: [str]?}\n\n@endgroup\n\n@group signing-platforms\n@endpoint GET /signing-platforms/{platformId}\n@desc Returns information on a specific signing platform.\n@required {platformId: str}\n@returns(200) {platformId: str?, displayName: str?, partner: str?, target: str?, category: str?, signingConfiguration: SigningConfiguration?{encryptionAlgorithmOptions: EncryptionAlgorithmOptions{allowedValues: [str], defaultValue: str}, hashAlgorithmOptions: HashAlgorithmOptions{allowedValues: [str], defaultValue: str}}, signingImageFormat: SigningImageFormat?{supportedFormats: [str], defaultFormat: str}, maxSizeInMB: int?, revocationSupported: bool?}\n\n@endgroup\n\n@group signing-profiles\n@endpoint GET /signing-profiles/{profileName}\n@desc Returns information on a specific signing profile.\n@required {profileName: str}\n@optional {profileOwner: str}\n@returns(200) {profileName: str?, profileVersion: str?, profileVersionArn: str?, revocationRecord: SigningProfileRevocationRecord?{revocationEffectiveFrom: str(timestamp)?, revokedAt: str(timestamp)?, revokedBy: str?}, signingMaterial: SigningMaterial?{certificateArn: str}, platformId: str?, platformDisplayName: str?, signatureValidityPeriod: SignatureValidityPeriod?{value: int?, type: str?}, overrides: SigningPlatformOverrides?{signingConfiguration: SigningConfigurationOverrides?{encryptionAlgorithm: str?, hashAlgorithm: str?}, signingImageFormat: str?}, signingParameters: map<str,str>?, status: str?, statusReason: str?, arn: str?, tags: map<str,str>?}\n\n@endpoint GET /signing-profiles/{profileName}/permissions\n@desc Lists the cross-account permissions associated with a signing profile.\n@required {profileName: str}\n@optional {nextToken: str}\n@returns(200) {revisionId: str?, policySizeBytes: int?, permissions: [Permission]?, nextToken: str?}\n\n@endgroup\n\n@group signing-jobs\n@endpoint GET /signing-jobs\n@desc Lists all your signing jobs. You can use the maxResults parameter to limit the number of signing jobs that are returned in the response. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.\n@optional {status: str, platformId: str, requestedBy: str, maxResults: int, nextToken: str, isRevoked: bool, signatureExpiresBefore: str(timestamp), signatureExpiresAfter: str(timestamp), jobInvoker: str}\n@returns(200) {jobs: [SigningJob]?, nextToken: str?}\n\n@endgroup\n\n@group signing-platforms\n@endpoint GET /signing-platforms\n@desc Lists all signing platforms available in AWS Signer that match the request parameters. If additional jobs remain to be listed, Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.\n@optional {category: str, partner: str, target: str, maxResults: int, nextToken: str}\n@returns(200) {platforms: [SigningPlatform]?, nextToken: str?}\n\n@endgroup\n\n@group signing-profiles\n@endpoint GET /signing-profiles\n@desc Lists all available signing profiles in your AWS account. Returns only profiles with an ACTIVE status unless the includeCanceled request field is set to true. If additional jobs remain to be listed, AWS Signer returns a nextToken value. Use this value in subsequent calls to ListSigningJobs to fetch the remaining values. You can continue calling ListSigningJobs with your maxResults parameter and with new values that Signer returns in the nextToken parameter until all of your signing jobs have been returned.\n@optional {includeCanceled: bool, maxResults: int, nextToken: str, platformId: str, statuses: [str]}\n@returns(200) {profiles: [SigningProfile]?, nextToken: str?}\n\n@endgroup\n\n@group tags\n@endpoint GET /tags/{resourceArn}\n@desc Returns a list of the tags associated with a signing profile resource.\n@required {resourceArn: str}\n@returns(200) {tags: map<str,str>?}\n\n@endgroup\n\n@group signing-profiles\n@endpoint PUT /signing-profiles/{profileName}\n@desc Creates a signing profile. A signing profile is a code-signing template that can be used to carry out a pre-defined signing job.\n@required {profileName: str, platformId: str}\n@optional {signingMaterial: SigningMaterial, signatureValidityPeriod: SignatureValidityPeriod, overrides: SigningPlatformOverrides, signingParameters: map<str,str>, tags: map<str,str>}\n@returns(200) {arn: str?, profileVersion: str?, profileVersionArn: str?}\n\n@endpoint DELETE /signing-profiles/{profileName}/permissions/{statementId}\n@desc Removes cross-account permissions from a signing profile.\n@required {profileName: str, revisionId: str, statementId: str}\n@returns(200) {revisionId: str?}\n\n@endgroup\n\n@group signing-jobs\n@endpoint PUT /signing-jobs/{jobId}/revoke\n@desc Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.\n@required {jobId: str, reason: str}\n@optional {jobOwner: str}\n\n@endgroup\n\n@group signing-profiles\n@endpoint PUT /signing-profiles/{profileName}/revoke\n@desc Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid.\n@required {profileName: str, profileVersion: str, reason: str, effectiveTime: str(timestamp)}\n\n@endgroup\n\n@group signing-jobs\n@endpoint POST /signing-jobs/with-payload\n@desc Signs a binary payload and returns a signature envelope.\n@required {profileName: str, payload: bytes, payloadFormat: str}\n@optional {profileOwner: str}\n@returns(200) {jobId: str?, jobOwner: str?, metadata: map<str,str>?, signature: bytes?}\n\n@endpoint POST /signing-jobs\n@desc Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs operation for two years after they are performed. Note the following requirements:     You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the Amazon S3 Getting Started Guide.    Your S3 source bucket must be version enabled.   You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.   You specify the name of the source and destination buckets when calling the StartSigningJob operation.   You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.   You must also specify a request token that identifies your request to Signer.   You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob. For a Java example that shows how to use this action, see StartSigningJob.\n@required {source: Source, destination: Destination, profileName: str, clientRequestToken: str}\n@optional {profileOwner: str}\n@returns(200) {jobId: str?, jobOwner: str?}\n\n@endgroup\n\n@group tags\n@endpoint POST /tags/{resourceArn}\n@desc Adds one or more tags to a signing profile. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. To specify the signing profile, use its Amazon Resource Name (ARN). To specify the tag, use a key-value pair.\n@required {resourceArn: str, tags: map<str,str>}\n\n@endpoint DELETE /tags/{resourceArn}\n@desc Removes one or more tags from a signing profile. To remove the tags, specify a list of tag keys.\n@required {resourceArn: str, tagKeys: [str]}\n\n@endgroup\n\n@end\n"}}