1{ 2 "version":"2.0", 3 "metadata":{ 4 "apiVersion":"2017-08-25", 5 "endpointPrefix":"signer", 6 "jsonVersion":"1.1", 7 "protocol":"rest-json", 8 "serviceAbbreviation":"signer", 9 "serviceFullName":"AWS Signer", 10 "serviceId":"signer", 11 "signatureVersion":"v4", 12 "signingName":"signer", 13 "uid":"signer-2017-08-25" 14 }, 15 "operations":{ 16 "AddProfilePermission":{ 17 "name":"AddProfilePermission", 18 "http":{ 19 "method":"POST", 20 "requestUri":"/signing-profiles/{profileName}/permissions" 21 }, 22 "input":{"shape":"AddProfilePermissionRequest"}, 23 "output":{"shape":"AddProfilePermissionResponse"}, 24 "errors":[ 25 {"shape":"ValidationException"}, 26 {"shape":"ResourceNotFoundException"}, 27 {"shape":"AccessDeniedException"}, 28 {"shape":"ServiceLimitExceededException"}, 29 {"shape":"ConflictException"}, 30 {"shape":"TooManyRequestsException"}, 31 {"shape":"InternalServiceErrorException"} 32 ], 33 "documentation":"<p>Adds cross-account permissions to a signing profile.</p>" 34 }, 35 "CancelSigningProfile":{ 36 "name":"CancelSigningProfile", 37 "http":{ 38 "method":"DELETE", 39 "requestUri":"/signing-profiles/{profileName}" 40 }, 41 "input":{"shape":"CancelSigningProfileRequest"}, 42 "errors":[ 43 {"shape":"ResourceNotFoundException"}, 44 {"shape":"AccessDeniedException"}, 45 {"shape":"TooManyRequestsException"}, 46 {"shape":"InternalServiceErrorException"} 47 ], 48 "documentation":"<p>Changes the state of an <code>ACTIVE</code> signing profile to <code>CANCELED</code>. A canceled profile is still viewable with the <code>ListSigningProfiles</code> operation, but it cannot perform new signing jobs, and is deleted two years after cancelation.</p>" 49 }, 50 "DescribeSigningJob":{ 51 "name":"DescribeSigningJob", 52 "http":{ 53 "method":"GET", 54 "requestUri":"/signing-jobs/{jobId}" 55 }, 56 "input":{"shape":"DescribeSigningJobRequest"}, 57 "output":{"shape":"DescribeSigningJobResponse"}, 58 "errors":[ 59 {"shape":"ResourceNotFoundException"}, 60 {"shape":"AccessDeniedException"}, 61 {"shape":"TooManyRequestsException"}, 62 {"shape":"InternalServiceErrorException"} 63 ], 64 "documentation":"<p>Returns information about a specific code signing job. You specify the job by using the <code>jobId</code> value that is returned by the <a>StartSigningJob</a> operation. </p>" 65 }, 66 "GetRevocationStatus":{ 67 "name":"GetRevocationStatus", 68 "http":{ 69 "method":"GET", 70 "requestUri":"/revocations" 71 }, 72 "input":{"shape":"GetRevocationStatusRequest"}, 73 "output":{"shape":"GetRevocationStatusResponse"}, 74 "errors":[ 75 {"shape":"ValidationException"}, 76 {"shape":"AccessDeniedException"}, 77 {"shape":"TooManyRequestsException"}, 78 {"shape":"InternalServiceErrorException"} 79 ], 80 "documentation":"<p>Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.</p>", 81 "endpoint":{"hostPrefix":"verification."} 82 }, 83 "GetSigningPlatform":{ 84 "name":"GetSigningPlatform", 85 "http":{ 86 "method":"GET", 87 "requestUri":"/signing-platforms/{platformId}" 88 }, 89 "input":{"shape":"GetSigningPlatformRequest"}, 90 "output":{"shape":"GetSigningPlatformResponse"}, 91 "errors":[ 92 {"shape":"ResourceNotFoundException"}, 93 {"shape":"AccessDeniedException"}, 94 {"shape":"TooManyRequestsException"}, 95 {"shape":"InternalServiceErrorException"} 96 ], 97 "documentation":"<p>Returns information on a specific signing platform.</p>" 98 }, 99 "GetSigningProfile":{ 100 "name":"GetSigningProfile", 101 "http":{ 102 "method":"GET", 103 "requestUri":"/signing-profiles/{profileName}" 104 }, 105 "input":{"shape":"GetSigningProfileRequest"}, 106 "output":{"shape":"GetSigningProfileResponse"}, 107 "errors":[ 108 {"shape":"ResourceNotFoundException"}, 109 {"shape":"AccessDeniedException"}, 110 {"shape":"TooManyRequestsException"}, 111 {"shape":"InternalServiceErrorException"} 112 ], 113 "documentation":"<p>Returns information on a specific signing profile.</p>" 114 }, 115 "ListProfilePermissions":{ 116 "name":"ListProfilePermissions", 117 "http":{ 118 "method":"GET", 119 "requestUri":"/signing-profiles/{profileName}/permissions" 120 }, 121 "input":{"shape":"ListProfilePermissionsRequest"}, 122 "output":{"shape":"ListProfilePermissionsResponse"}, 123 "errors":[ 124 {"shape":"ValidationException"}, 125 {"shape":"ResourceNotFoundException"}, 126 {"shape":"AccessDeniedException"}, 127 {"shape":"TooManyRequestsException"}, 128 {"shape":"InternalServiceErrorException"} 129 ], 130 "documentation":"<p>Lists the cross-account permissions associated with a signing profile.</p>" 131 }, 132 "ListSigningJobs":{ 133 "name":"ListSigningJobs", 134 "http":{ 135 "method":"GET", 136 "requestUri":"/signing-jobs" 137 }, 138 "input":{"shape":"ListSigningJobsRequest"}, 139 "output":{"shape":"ListSigningJobsResponse"}, 140 "errors":[ 141 {"shape":"ValidationException"}, 142 {"shape":"AccessDeniedException"}, 143 {"shape":"TooManyRequestsException"}, 144 {"shape":"InternalServiceErrorException"} 145 ], 146 "documentation":"<p>Lists all your signing jobs. You can use the <code>maxResults</code> parameter to limit the number of signing jobs that are returned in the response. If additional jobs remain to be listed, AWS Signer returns a <code>nextToken</code> value. Use this value in subsequent calls to <code>ListSigningJobs</code> to fetch the remaining values. You can continue calling <code>ListSigningJobs</code> with your <code>maxResults</code> parameter and with new values that Signer returns in the <code>nextToken</code> parameter until all of your signing jobs have been returned. </p>" 147 }, 148 "ListSigningPlatforms":{ 149 "name":"ListSigningPlatforms", 150 "http":{ 151 "method":"GET", 152 "requestUri":"/signing-platforms" 153 }, 154 "input":{"shape":"ListSigningPlatformsRequest"}, 155 "output":{"shape":"ListSigningPlatformsResponse"}, 156 "errors":[ 157 {"shape":"ValidationException"}, 158 {"shape":"AccessDeniedException"}, 159 {"shape":"TooManyRequestsException"}, 160 {"shape":"InternalServiceErrorException"} 161 ], 162 "documentation":"<p>Lists all signing platforms available in AWS Signer that match the request parameters. If additional jobs remain to be listed, Signer returns a <code>nextToken</code> value. Use this value in subsequent calls to <code>ListSigningJobs</code> to fetch the remaining values. You can continue calling <code>ListSigningJobs</code> with your <code>maxResults</code> parameter and with new values that Signer returns in the <code>nextToken</code> parameter until all of your signing jobs have been returned.</p>" 163 }, 164 "ListSigningProfiles":{ 165 "name":"ListSigningProfiles", 166 "http":{ 167 "method":"GET", 168 "requestUri":"/signing-profiles" 169 }, 170 "input":{"shape":"ListSigningProfilesRequest"}, 171 "output":{"shape":"ListSigningProfilesResponse"}, 172 "errors":[ 173 {"shape":"AccessDeniedException"}, 174 {"shape":"TooManyRequestsException"}, 175 {"shape":"InternalServiceErrorException"} 176 ], 177 "documentation":"<p>Lists all available signing profiles in your AWS account. Returns only profiles with an <code>ACTIVE</code> status unless the <code>includeCanceled</code> request field is set to <code>true</code>. If additional jobs remain to be listed, AWS Signer returns a <code>nextToken</code> value. Use this value in subsequent calls to <code>ListSigningJobs</code> to fetch the remaining values. You can continue calling <code>ListSigningJobs</code> with your <code>maxResults</code> parameter and with new values that Signer returns in the <code>nextToken</code> parameter until all of your signing jobs have been returned.</p>" 178 }, 179 "ListTagsForResource":{ 180 "name":"ListTagsForResource", 181 "http":{ 182 "method":"GET", 183 "requestUri":"/tags/{resourceArn}" 184 }, 185 "input":{"shape":"ListTagsForResourceRequest"}, 186 "output":{"shape":"ListTagsForResourceResponse"}, 187 "errors":[ 188 {"shape":"InternalServiceErrorException"}, 189 {"shape":"BadRequestException"}, 190 {"shape":"NotFoundException"}, 191 {"shape":"TooManyRequestsException"} 192 ], 193 "documentation":"<p>Returns a list of the tags associated with a signing profile resource.</p>" 194 }, 195 "PutSigningProfile":{ 196 "name":"PutSigningProfile", 197 "http":{ 198 "method":"PUT", 199 "requestUri":"/signing-profiles/{profileName}" 200 }, 201 "input":{"shape":"PutSigningProfileRequest"}, 202 "output":{"shape":"PutSigningProfileResponse"}, 203 "errors":[ 204 {"shape":"ResourceNotFoundException"}, 205 {"shape":"AccessDeniedException"}, 206 {"shape":"ValidationException"}, 207 {"shape":"TooManyRequestsException"}, 208 {"shape":"InternalServiceErrorException"} 209 ], 210 "documentation":"<p>Creates a signing profile. A signing profile is a code-signing template that can be used to carry out a pre-defined signing job. </p>" 211 }, 212 "RemoveProfilePermission":{ 213 "name":"RemoveProfilePermission", 214 "http":{ 215 "method":"DELETE", 216 "requestUri":"/signing-profiles/{profileName}/permissions/{statementId}" 217 }, 218 "input":{"shape":"RemoveProfilePermissionRequest"}, 219 "output":{"shape":"RemoveProfilePermissionResponse"}, 220 "errors":[ 221 {"shape":"ValidationException"}, 222 {"shape":"ResourceNotFoundException"}, 223 {"shape":"AccessDeniedException"}, 224 {"shape":"ConflictException"}, 225 {"shape":"TooManyRequestsException"}, 226 {"shape":"InternalServiceErrorException"} 227 ], 228 "documentation":"<p>Removes cross-account permissions from a signing profile.</p>" 229 }, 230 "RevokeSignature":{ 231 "name":"RevokeSignature", 232 "http":{ 233 "method":"PUT", 234 "requestUri":"/signing-jobs/{jobId}/revoke" 235 }, 236 "input":{"shape":"RevokeSignatureRequest"}, 237 "errors":[ 238 {"shape":"ValidationException"}, 239 {"shape":"AccessDeniedException"}, 240 {"shape":"ResourceNotFoundException"}, 241 {"shape":"TooManyRequestsException"}, 242 {"shape":"InternalServiceErrorException"} 243 ], 244 "documentation":"<p>Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.</p>" 245 }, 246 "RevokeSigningProfile":{ 247 "name":"RevokeSigningProfile", 248 "http":{ 249 "method":"PUT", 250 "requestUri":"/signing-profiles/{profileName}/revoke" 251 }, 252 "input":{"shape":"RevokeSigningProfileRequest"}, 253 "errors":[ 254 {"shape":"ValidationException"}, 255 {"shape":"AccessDeniedException"}, 256 {"shape":"ResourceNotFoundException"}, 257 {"shape":"TooManyRequestsException"}, 258 {"shape":"InternalServiceErrorException"} 259 ], 260 "documentation":"<p>Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid.</p>" 261 }, 262 "SignPayload":{ 263 "name":"SignPayload", 264 "http":{ 265 "method":"POST", 266 "requestUri":"/signing-jobs/with-payload" 267 }, 268 "input":{"shape":"SignPayloadRequest"}, 269 "output":{"shape":"SignPayloadResponse"}, 270 "errors":[ 271 {"shape":"ValidationException"}, 272 {"shape":"ResourceNotFoundException"}, 273 {"shape":"AccessDeniedException"}, 274 {"shape":"TooManyRequestsException"}, 275 {"shape":"InternalServiceErrorException"} 276 ], 277 "documentation":"<p>Signs a binary payload and returns a signature envelope.</p>" 278 }, 279 "StartSigningJob":{ 280 "name":"StartSigningJob", 281 "http":{ 282 "method":"POST", 283 "requestUri":"/signing-jobs" 284 }, 285 "input":{"shape":"StartSigningJobRequest"}, 286 "output":{"shape":"StartSigningJobResponse"}, 287 "errors":[ 288 {"shape":"ValidationException"}, 289 {"shape":"ResourceNotFoundException"}, 290 {"shape":"AccessDeniedException"}, 291 {"shape":"ThrottlingException"}, 292 {"shape":"TooManyRequestsException"}, 293 {"shape":"InternalServiceErrorException"} 294 ], 295 "documentation":"<p>Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the <code>ListSigningJobs</code> operation for two years after they are performed. Note the following requirements: </p> <ul> <li> <p> You must create an Amazon S3 source bucket. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html\">Creating a Bucket</a> in the <i>Amazon S3 Getting Started Guide</i>. </p> </li> <li> <p>Your S3 source bucket must be version enabled.</p> </li> <li> <p>You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.</p> </li> <li> <p>You specify the name of the source and destination buckets when calling the <code>StartSigningJob</code> operation.</p> </li> <li> <p>You must also specify a request token that identifies your request to Signer.</p> </li> </ul> <p>You can call the <a>DescribeSigningJob</a> and the <a>ListSigningJobs</a> actions after you call <code>StartSigningJob</code>.</p> <p>For a Java example that shows how to use this action, see <a href=\"https://docs.aws.amazon.com/signer/latest/developerguide/api-startsigningjob.html\">StartSigningJob</a>.</p>" 296 }, 297 "TagResource":{ 298 "name":"TagResource", 299 "http":{ 300 "method":"POST", 301 "requestUri":"/tags/{resourceArn}" 302 }, 303 "input":{"shape":"TagResourceRequest"}, 304 "output":{"shape":"TagResourceResponse"}, 305 "errors":[ 306 {"shape":"InternalServiceErrorException"}, 307 {"shape":"BadRequestException"}, 308 {"shape":"NotFoundException"}, 309 {"shape":"TooManyRequestsException"} 310 ], 311 "documentation":"<p>Adds one or more tags to a signing profile. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. To specify the signing profile, use its Amazon Resource Name (ARN). To specify the tag, use a key-value pair.</p>" 312 }, 313 "UntagResource":{ 314 "name":"UntagResource", 315 "http":{ 316 "method":"DELETE", 317 "requestUri":"/tags/{resourceArn}" 318 }, 319 "input":{"shape":"UntagResourceRequest"}, 320 "output":{"shape":"UntagResourceResponse"}, 321 "errors":[ 322 {"shape":"InternalServiceErrorException"}, 323 {"shape":"BadRequestException"}, 324 {"shape":"NotFoundException"}, 325 {"shape":"TooManyRequestsException"} 326 ], 327 "documentation":"<p>Removes one or more tags from a signing profile. To remove the tags, specify a list of tag keys.</p>" 328 } 329 }, 330 "shapes":{ 331 "AccessDeniedException":{ 332 "type":"structure", 333 "members":{ 334 "message":{"shape":"ErrorMessage"}, 335 "code":{"shape":"ErrorCode"} 336 }, 337 "documentation":"<p>You do not have sufficient access to perform this action.</p>", 338 "error":{"httpStatusCode":403}, 339 "exception":true 340 }, 341 "AccountId":{ 342 "type":"string", 343 "max":12, 344 "min":12, 345 "pattern":"^[0-9]{12}$" 346 }, 347 "AddProfilePermissionRequest":{ 348 "type":"structure", 349 "required":[ 350 "action", 351 "principal", 352 "statementId", 353 "profileName" 354 ], 355 "members":{ 356 "profileName":{ 357 "shape":"ProfileName", 358 "documentation":"<p>The human-readable name of the signing profile.</p>", 359 "location":"uri", 360 "locationName":"profileName" 361 }, 362 "profileVersion":{ 363 "shape":"ProfileVersion", 364 "documentation":"<p>The version of the signing profile.</p>" 365 }, 366 "action":{ 367 "shape":"String", 368 "documentation":"<p>The AWS Signer action permitted as part of cross-account permissions.</p>" 369 }, 370 "principal":{ 371 "shape":"String", 372 "documentation":"<p>The AWS principal receiving cross-account permissions. This may be an IAM role or another AWS account ID.</p>" 373 }, 374 "revisionId":{ 375 "shape":"String", 376 "documentation":"<p>A unique identifier for the current profile revision.</p>" 377 }, 378 "statementId":{ 379 "shape":"String", 380 "documentation":"<p>A unique identifier for the cross-account permission statement.</p>" 381 } 382 } 383 }, 384 "AddProfilePermissionResponse":{ 385 "type":"structure", 386 "members":{ 387 "revisionId":{ 388 "shape":"String", 389 "documentation":"<p>A unique identifier for the current profile revision.</p>" 390 } 391 } 392 }, 393 "Arn":{ 394 "type":"string", 395 "max":2048, 396 "min":20 397 }, 398 "BadRequestException":{ 399 "type":"structure", 400 "members":{ 401 "message":{"shape":"ErrorMessage"}, 402 "code":{"shape":"ErrorCode"} 403 }, 404 "documentation":"<p>The request contains invalid parameters for the ARN or tags. This exception also occurs when you call a tagging API on a cancelled signing profile.</p>", 405 "error":{"httpStatusCode":400}, 406 "exception":true 407 }, 408 "Blob":{"type":"blob"}, 409 "BucketName":{"type":"string"}, 410 "CancelSigningProfileRequest":{ 411 "type":"structure", 412 "required":["profileName"], 413 "members":{ 414 "profileName":{ 415 "shape":"ProfileName", 416 "documentation":"<p>The name of the signing profile to be canceled.</p>", 417 "location":"uri", 418 "locationName":"profileName" 419 } 420 } 421 }, 422 "Category":{ 423 "type":"string", 424 "enum":["AWSIoT"] 425 }, 426 "CertificateArn":{"type":"string"}, 427 "CertificateHashes":{ 428 "type":"list", 429 "member":{"shape":"String"} 430 }, 431 "ClientRequestToken":{"type":"string"}, 432 "ConflictException":{ 433 "type":"structure", 434 "members":{ 435 "message":{"shape":"ErrorMessage"}, 436 "code":{"shape":"ErrorCode"} 437 }, 438 "documentation":"<p>The resource encountered a conflicting state.</p>", 439 "error":{"httpStatusCode":409}, 440 "exception":true 441 }, 442 "DescribeSigningJobRequest":{ 443 "type":"structure", 444 "required":["jobId"], 445 "members":{ 446 "jobId":{ 447 "shape":"JobId", 448 "documentation":"<p>The ID of the signing job on input.</p>", 449 "location":"uri", 450 "locationName":"jobId" 451 } 452 } 453 }, 454 "DescribeSigningJobResponse":{ 455 "type":"structure", 456 "members":{ 457 "jobId":{ 458 "shape":"JobId", 459 "documentation":"<p>The ID of the signing job on output.</p>" 460 }, 461 "source":{ 462 "shape":"Source", 463 "documentation":"<p>The object that contains the name of your S3 bucket or your raw code.</p>" 464 }, 465 "signingMaterial":{ 466 "shape":"SigningMaterial", 467 "documentation":"<p>The Amazon Resource Name (ARN) of your code signing certificate.</p>" 468 }, 469 "platformId":{ 470 "shape":"PlatformId", 471 "documentation":"<p>The microcontroller platform to which your signed code image will be distributed.</p>" 472 }, 473 "platformDisplayName":{ 474 "shape":"DisplayName", 475 "documentation":"<p>A human-readable name for the signing platform associated with the signing job.</p>" 476 }, 477 "profileName":{ 478 "shape":"ProfileName", 479 "documentation":"<p>The name of the profile that initiated the signing operation.</p>" 480 }, 481 "profileVersion":{ 482 "shape":"ProfileVersion", 483 "documentation":"<p>The version of the signing profile used to initiate the signing job.</p>" 484 }, 485 "overrides":{ 486 "shape":"SigningPlatformOverrides", 487 "documentation":"<p>A list of any overrides that were applied to the signing operation.</p>" 488 }, 489 "signingParameters":{ 490 "shape":"SigningParameters", 491 "documentation":"<p>Map of user-assigned key-value pairs used during signing. These values contain any information that you specified for use in your signing job. </p>" 492 }, 493 "createdAt":{ 494 "shape":"Timestamp", 495 "documentation":"<p>Date and time that the signing job was created.</p>" 496 }, 497 "completedAt":{ 498 "shape":"Timestamp", 499 "documentation":"<p>Date and time that the signing job was completed.</p>" 500 }, 501 "signatureExpiresAt":{ 502 "shape":"Timestamp", 503 "documentation":"<p>Thr expiration timestamp for the signature generated by the signing job.</p>" 504 }, 505 "requestedBy":{ 506 "shape":"RequestedBy", 507 "documentation":"<p>The IAM principal that requested the signing job.</p>" 508 }, 509 "status":{ 510 "shape":"SigningStatus", 511 "documentation":"<p>Status of the signing job.</p>" 512 }, 513 "statusReason":{ 514 "shape":"StatusReason", 515 "documentation":"<p>String value that contains the status reason.</p>" 516 }, 517 "revocationRecord":{ 518 "shape":"SigningJobRevocationRecord", 519 "documentation":"<p>A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.</p>" 520 }, 521 "signedObject":{ 522 "shape":"SignedObject", 523 "documentation":"<p>Name of the S3 bucket where the signed code image is saved by AWS Signer.</p>" 524 }, 525 "jobOwner":{ 526 "shape":"AccountId", 527 "documentation":"<p>The AWS account ID of the job owner.</p>" 528 }, 529 "jobInvoker":{ 530 "shape":"AccountId", 531 "documentation":"<p>The IAM entity that initiated the signing job.</p>" 532 } 533 } 534 }, 535 "Destination":{ 536 "type":"structure", 537 "members":{ 538 "s3":{ 539 "shape":"S3Destination", 540 "documentation":"<p>The <code>S3Destination</code> object.</p>" 541 } 542 }, 543 "documentation":"<p>Points to an <code>S3Destination</code> object that contains information about your S3 bucket.</p>" 544 }, 545 "DisplayName":{"type":"string"}, 546 "EncryptionAlgorithm":{ 547 "type":"string", 548 "enum":[ 549 "RSA", 550 "ECDSA" 551 ] 552 }, 553 "EncryptionAlgorithmOptions":{ 554 "type":"structure", 555 "required":[ 556 "allowedValues", 557 "defaultValue" 558 ], 559 "members":{ 560 "allowedValues":{ 561 "shape":"EncryptionAlgorithms", 562 "documentation":"<p>The set of accepted encryption algorithms that are allowed in a code-signing job.</p>" 563 }, 564 "defaultValue":{ 565 "shape":"EncryptionAlgorithm", 566 "documentation":"<p>The default encryption algorithm that is used by a code-signing job.</p>" 567 } 568 }, 569 "documentation":"<p>The encryption algorithm options that are available to a code-signing job.</p>" 570 }, 571 "EncryptionAlgorithms":{ 572 "type":"list", 573 "member":{"shape":"EncryptionAlgorithm"} 574 }, 575 "ErrorCode":{"type":"string"}, 576 "ErrorMessage":{"type":"string"}, 577 "GetRevocationStatusRequest":{ 578 "type":"structure", 579 "required":[ 580 "signatureTimestamp", 581 "platformId", 582 "profileVersionArn", 583 "jobArn", 584 "certificateHashes" 585 ], 586 "members":{ 587 "signatureTimestamp":{ 588 "shape":"Timestamp", 589 "documentation":"<p>The timestamp of the signature that validates the profile or job.</p>", 590 "location":"querystring", 591 "locationName":"signatureTimestamp" 592 }, 593 "platformId":{ 594 "shape":"PlatformId", 595 "documentation":"<p>The ID of a signing platform. </p>", 596 "location":"querystring", 597 "locationName":"platformId" 598 }, 599 "profileVersionArn":{ 600 "shape":"Arn", 601 "documentation":"<p>The version of a signing profile.</p>", 602 "location":"querystring", 603 "locationName":"profileVersionArn" 604 }, 605 "jobArn":{ 606 "shape":"Arn", 607 "documentation":"<p>The ARN of a signing job.</p>", 608 "location":"querystring", 609 "locationName":"jobArn" 610 }, 611 "certificateHashes":{ 612 "shape":"CertificateHashes", 613 "documentation":"<p>A list of composite signed hashes that identify certificates.</p> <p>A certificate identifier consists of a subject certificate TBS hash (signed by the parent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root certificates are defined as their own CA.</p> <p>The following example shows how to calculate a hash for this parameter using OpenSSL commands: </p> <p> <code>openssl asn1parse -in childCert.pem -strparse 4 -out childCert.tbs</code> </p> <p> <code>openssl sha384 < childCert.tbs -binary > childCertTbsHash</code> </p> <p> <code>openssl asn1parse -in parentCert.pem -strparse 4 -out parentCert.tbs</code> </p> <p> <code>openssl sha384 < parentCert.tbs -binary > parentCertTbsHash xxd -p childCertTbsHash > certificateHash.hex xxd -p parentCertTbsHash >> certificateHash.hex</code> </p> <p> <code>cat certificateHash.hex | tr -d '\\n'</code> </p>", 614 "location":"querystring", 615 "locationName":"certificateHashes" 616 } 617 } 618 }, 619 "GetRevocationStatusResponse":{ 620 "type":"structure", 621 "members":{ 622 "revokedEntities":{ 623 "shape":"RevokedEntities", 624 "documentation":"<p>A list of revoked entities (including zero or more of the signing profile ARN, signing job ARN, and certificate hashes) supplied as input to the API.</p>" 625 } 626 } 627 }, 628 "GetSigningPlatformRequest":{ 629 "type":"structure", 630 "required":["platformId"], 631 "members":{ 632 "platformId":{ 633 "shape":"PlatformId", 634 "documentation":"<p>The ID of the target signing platform.</p>", 635 "location":"uri", 636 "locationName":"platformId" 637 } 638 } 639 }, 640 "GetSigningPlatformResponse":{ 641 "type":"structure", 642 "members":{ 643 "platformId":{ 644 "shape":"PlatformId", 645 "documentation":"<p>The ID of the target signing platform.</p>" 646 }, 647 "displayName":{ 648 "shape":"DisplayName", 649 "documentation":"<p>The display name of the target signing platform.</p>" 650 }, 651 "partner":{ 652 "shape":"String", 653 "documentation":"<p>A list of partner entities that use the target signing platform.</p>" 654 }, 655 "target":{ 656 "shape":"String", 657 "documentation":"<p>The validation template that is used by the target signing platform.</p>" 658 }, 659 "category":{ 660 "shape":"Category", 661 "documentation":"<p>The category type of the target signing platform.</p>" 662 }, 663 "signingConfiguration":{ 664 "shape":"SigningConfiguration", 665 "documentation":"<p>A list of configurations applied to the target platform at signing.</p>" 666 }, 667 "signingImageFormat":{ 668 "shape":"SigningImageFormat", 669 "documentation":"<p>The format of the target platform's signing image.</p>" 670 }, 671 "maxSizeInMB":{ 672 "shape":"MaxSizeInMB", 673 "documentation":"<p>The maximum size (in MB) of the payload that can be signed by the target platform.</p>" 674 }, 675 "revocationSupported":{ 676 "shape":"bool", 677 "documentation":"<p>A flag indicating whether signatures generated for the signing platform can be revoked.</p>" 678 } 679 } 680 }, 681 "GetSigningProfileRequest":{ 682 "type":"structure", 683 "required":["profileName"], 684 "members":{ 685 "profileName":{ 686 "shape":"ProfileName", 687 "documentation":"<p>The name of the target signing profile.</p>", 688 "location":"uri", 689 "locationName":"profileName" 690 }, 691 "profileOwner":{ 692 "shape":"AccountId", 693 "documentation":"<p>The AWS account ID of the profile owner.</p>", 694 "location":"querystring", 695 "locationName":"profileOwner" 696 } 697 } 698 }, 699 "GetSigningProfileResponse":{ 700 "type":"structure", 701 "members":{ 702 "profileName":{ 703 "shape":"ProfileName", 704 "documentation":"<p>The name of the target signing profile.</p>" 705 }, 706 "profileVersion":{ 707 "shape":"ProfileVersion", 708 "documentation":"<p>The current version of the signing profile.</p>" 709 }, 710 "profileVersionArn":{ 711 "shape":"Arn", 712 "documentation":"<p>The signing profile ARN, including the profile version.</p>" 713 }, 714 "revocationRecord":{"shape":"SigningProfileRevocationRecord"}, 715 "signingMaterial":{ 716 "shape":"SigningMaterial", 717 "documentation":"<p>The ARN of the certificate that the target profile uses for signing operations.</p>" 718 }, 719 "platformId":{ 720 "shape":"PlatformId", 721 "documentation":"<p>The ID of the platform that is used by the target signing profile.</p>" 722 }, 723 "platformDisplayName":{ 724 "shape":"DisplayName", 725 "documentation":"<p>A human-readable name for the signing platform associated with the signing profile.</p>" 726 }, 727 "signatureValidityPeriod":{"shape":"SignatureValidityPeriod"}, 728 "overrides":{ 729 "shape":"SigningPlatformOverrides", 730 "documentation":"<p>A list of overrides applied by the target signing profile for signing operations.</p>" 731 }, 732 "signingParameters":{ 733 "shape":"SigningParameters", 734 "documentation":"<p>A map of key-value pairs for signing operations that is attached to the target signing profile.</p>" 735 }, 736 "status":{ 737 "shape":"SigningProfileStatus", 738 "documentation":"<p>The status of the target signing profile.</p>" 739 }, 740 "statusReason":{ 741 "shape":"String", 742 "documentation":"<p>Reason for the status of the target signing profile.</p>" 743 }, 744 "arn":{ 745 "shape":"string", 746 "documentation":"<p>The Amazon Resource Name (ARN) for the signing profile.</p>" 747 }, 748 "tags":{ 749 "shape":"TagMap", 750 "documentation":"<p>A list of tags associated with the signing profile.</p>" 751 } 752 } 753 }, 754 "HashAlgorithm":{ 755 "type":"string", 756 "enum":[ 757 "SHA1", 758 "SHA256" 759 ] 760 }, 761 "HashAlgorithmOptions":{ 762 "type":"structure", 763 "required":[ 764 "allowedValues", 765 "defaultValue" 766 ], 767 "members":{ 768 "allowedValues":{ 769 "shape":"HashAlgorithms", 770 "documentation":"<p>The set of accepted hash algorithms allowed in a code-signing job.</p>" 771 }, 772 "defaultValue":{ 773 "shape":"HashAlgorithm", 774 "documentation":"<p>The default hash algorithm that is used in a code-signing job.</p>" 775 } 776 }, 777 "documentation":"<p>The hash algorithms that are available to a code-signing job.</p>" 778 }, 779 "HashAlgorithms":{ 780 "type":"list", 781 "member":{"shape":"HashAlgorithm"} 782 }, 783 "ImageFormat":{ 784 "type":"string", 785 "enum":[ 786 "JSON", 787 "JSONEmbedded", 788 "JSONDetached" 789 ] 790 }, 791 "ImageFormats":{ 792 "type":"list", 793 "member":{"shape":"ImageFormat"} 794 }, 795 "Integer":{"type":"integer"}, 796 "InternalServiceErrorException":{ 797 "type":"structure", 798 "members":{ 799 "message":{"shape":"ErrorMessage"}, 800 "code":{"shape":"ErrorCode"} 801 }, 802 "documentation":"<p>An internal error occurred.</p>", 803 "error":{"httpStatusCode":500}, 804 "exception":true 805 }, 806 "JobId":{"type":"string"}, 807 "Key":{"type":"string"}, 808 "ListProfilePermissionsRequest":{ 809 "type":"structure", 810 "required":["profileName"], 811 "members":{ 812 "profileName":{ 813 "shape":"ProfileName", 814 "documentation":"<p>Name of the signing profile containing the cross-account permissions.</p>", 815 "location":"uri", 816 "locationName":"profileName" 817 }, 818 "nextToken":{ 819 "shape":"String", 820 "documentation":"<p>String for specifying the next set of paginated results.</p>", 821 "location":"querystring", 822 "locationName":"nextToken" 823 } 824 } 825 }, 826 "ListProfilePermissionsResponse":{ 827 "type":"structure", 828 "members":{ 829 "revisionId":{ 830 "shape":"String", 831 "documentation":"<p>The identifier for the current revision of profile permissions.</p>" 832 }, 833 "policySizeBytes":{ 834 "shape":"PolicySizeBytes", 835 "documentation":"<p>Total size of the policy associated with the Signing Profile in bytes.</p>" 836 }, 837 "permissions":{ 838 "shape":"Permissions", 839 "documentation":"<p>List of permissions associated with the Signing Profile.</p>" 840 }, 841 "nextToken":{ 842 "shape":"String", 843 "documentation":"<p>String for specifying the next set of paginated results.</p>" 844 } 845 } 846 }, 847 "ListSigningJobsRequest":{ 848 "type":"structure", 849 "members":{ 850 "status":{ 851 "shape":"SigningStatus", 852 "documentation":"<p>A status value with which to filter your results.</p>", 853 "location":"querystring", 854 "locationName":"status" 855 }, 856 "platformId":{ 857 "shape":"PlatformId", 858 "documentation":"<p>The ID of microcontroller platform that you specified for the distribution of your code image.</p>", 859 "location":"querystring", 860 "locationName":"platformId" 861 }, 862 "requestedBy":{ 863 "shape":"RequestedBy", 864 "documentation":"<p>The IAM principal that requested the signing job.</p>", 865 "location":"querystring", 866 "locationName":"requestedBy" 867 }, 868 "maxResults":{ 869 "shape":"MaxResults", 870 "documentation":"<p>Specifies the maximum number of items to return in the response. Use this parameter when paginating results. If additional items exist beyond the number you specify, the <code>nextToken</code> element is set in the response. Use the <code>nextToken</code> value in a subsequent request to retrieve additional items. </p>", 871 "location":"querystring", 872 "locationName":"maxResults" 873 }, 874 "nextToken":{ 875 "shape":"NextToken", 876 "documentation":"<p>String for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of <code>nextToken</code> from the response that you just received.</p>", 877 "location":"querystring", 878 "locationName":"nextToken" 879 }, 880 "isRevoked":{ 881 "shape":"bool", 882 "documentation":"<p>Filters results to return only signing jobs with revoked signatures.</p>", 883 "location":"querystring", 884 "locationName":"isRevoked" 885 }, 886 "signatureExpiresBefore":{ 887 "shape":"Timestamp", 888 "documentation":"<p>Filters results to return only signing jobs with signatures expiring before a specified timestamp.</p>", 889 "location":"querystring", 890 "locationName":"signatureExpiresBefore" 891 }, 892 "signatureExpiresAfter":{ 893 "shape":"Timestamp", 894 "documentation":"<p>Filters results to return only signing jobs with signatures expiring after a specified timestamp.</p>", 895 "location":"querystring", 896 "locationName":"signatureExpiresAfter" 897 }, 898 "jobInvoker":{ 899 "shape":"AccountId", 900 "documentation":"<p>Filters results to return only signing jobs initiated by a specified IAM entity.</p>", 901 "location":"querystring", 902 "locationName":"jobInvoker" 903 } 904 } 905 }, 906 "ListSigningJobsResponse":{ 907 "type":"structure", 908 "members":{ 909 "jobs":{ 910 "shape":"SigningJobs", 911 "documentation":"<p>A list of your signing jobs.</p>" 912 }, 913 "nextToken":{ 914 "shape":"NextToken", 915 "documentation":"<p>String for specifying the next set of paginated results.</p>" 916 } 917 } 918 }, 919 "ListSigningPlatformsRequest":{ 920 "type":"structure", 921 "members":{ 922 "category":{ 923 "shape":"String", 924 "documentation":"<p>The category type of a signing platform.</p>", 925 "location":"querystring", 926 "locationName":"category" 927 }, 928 "partner":{ 929 "shape":"String", 930 "documentation":"<p>Any partner entities connected to a signing platform.</p>", 931 "location":"querystring", 932 "locationName":"partner" 933 }, 934 "target":{ 935 "shape":"String", 936 "documentation":"<p>The validation template that is used by the target signing platform.</p>", 937 "location":"querystring", 938 "locationName":"target" 939 }, 940 "maxResults":{ 941 "shape":"MaxResults", 942 "documentation":"<p>The maximum number of results to be returned by this operation.</p>", 943 "location":"querystring", 944 "locationName":"maxResults" 945 }, 946 "nextToken":{ 947 "shape":"String", 948 "documentation":"<p>Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of <code>nextToken</code> from the response that you just received.</p>", 949 "location":"querystring", 950 "locationName":"nextToken" 951 } 952 } 953 }, 954 "ListSigningPlatformsResponse":{ 955 "type":"structure", 956 "members":{ 957 "platforms":{ 958 "shape":"SigningPlatforms", 959 "documentation":"<p>A list of all platforms that match the request parameters.</p>" 960 }, 961 "nextToken":{ 962 "shape":"String", 963 "documentation":"<p>Value for specifying the next set of paginated results to return.</p>" 964 } 965 } 966 }, 967 "ListSigningProfilesRequest":{ 968 "type":"structure", 969 "members":{ 970 "includeCanceled":{ 971 "shape":"bool", 972 "documentation":"<p>Designates whether to include profiles with the status of <code>CANCELED</code>.</p>", 973 "location":"querystring", 974 "locationName":"includeCanceled" 975 }, 976 "maxResults":{ 977 "shape":"MaxResults", 978 "documentation":"<p>The maximum number of profiles to be returned.</p>", 979 "location":"querystring", 980 "locationName":"maxResults" 981 }, 982 "nextToken":{ 983 "shape":"NextToken", 984 "documentation":"<p>Value for specifying the next set of paginated results to return. After you receive a response with truncated results, use this parameter in a subsequent request. Set it to the value of <code>nextToken</code> from the response that you just received.</p>", 985 "location":"querystring", 986 "locationName":"nextToken" 987 }, 988 "platformId":{ 989 "shape":"PlatformId", 990 "documentation":"<p>Filters results to return only signing jobs initiated for a specified signing platform.</p>", 991 "location":"querystring", 992 "locationName":"platformId" 993 }, 994 "statuses":{ 995 "shape":"Statuses", 996 "documentation":"<p>Filters results to return only signing jobs with statuses in the specified list.</p>", 997 "location":"querystring", 998 "locationName":"statuses" 999 } 1000 } 1001 }, 1002 "ListSigningProfilesResponse":{ 1003 "type":"structure", 1004 "members":{ 1005 "profiles":{ 1006 "shape":"SigningProfiles", 1007 "documentation":"<p>A list of profiles that are available in the AWS account. This includes profiles with the status of <code>CANCELED</code> if the <code>includeCanceled</code> parameter is set to <code>true</code>.</p>" 1008 }, 1009 "nextToken":{ 1010 "shape":"NextToken", 1011 "documentation":"<p>Value for specifying the next set of paginated results to return.</p>" 1012 } 1013 } 1014 }, 1015 "ListTagsForResourceRequest":{ 1016 "type":"structure", 1017 "required":["resourceArn"], 1018 "members":{ 1019 "resourceArn":{ 1020 "shape":"String", 1021 "documentation":"<p>The Amazon Resource Name (ARN) for the signing profile.</p>", 1022 "location":"uri", 1023 "locationName":"resourceArn" 1024 } 1025 } 1026 }, 1027 "ListTagsForResourceResponse":{ 1028 "type":"structure", 1029 "members":{ 1030 "tags":{ 1031 "shape":"TagMap", 1032 "documentation":"<p>A list of tags associated with the signing profile.</p>" 1033 } 1034 } 1035 }, 1036 "MaxResults":{ 1037 "type":"integer", 1038 "box":true, 1039 "max":25, 1040 "min":1 1041 }, 1042 "MaxSizeInMB":{"type":"integer"}, 1043 "Metadata":{ 1044 "type":"map", 1045 "key":{"shape":"String"}, 1046 "value":{"shape":"String"} 1047 }, 1048 "NextToken":{"type":"string"}, 1049 "NotFoundException":{ 1050 "type":"structure", 1051 "members":{ 1052 "message":{"shape":"ErrorMessage"}, 1053 "code":{"shape":"ErrorCode"} 1054 }, 1055 "documentation":"<p>The signing profile was not found.</p>", 1056 "error":{"httpStatusCode":404}, 1057 "exception":true 1058 }, 1059 "Payload":{ 1060 "type":"blob", 1061 "max":4096, 1062 "min":1 1063 }, 1064 "Permission":{ 1065 "type":"structure", 1066 "members":{ 1067 "action":{ 1068 "shape":"String", 1069 "documentation":"<p>An AWS Signer action permitted as part of cross-account permissions.</p>" 1070 }, 1071 "principal":{ 1072 "shape":"String", 1073 "documentation":"<p>The AWS principal that has been granted a cross-account permission.</p>" 1074 }, 1075 "statementId":{ 1076 "shape":"String", 1077 "documentation":"<p>A unique identifier for a cross-account permission statement.</p>" 1078 }, 1079 "profileVersion":{ 1080 "shape":"ProfileVersion", 1081 "documentation":"<p>The signing profile version that a permission applies to.</p>" 1082 } 1083 }, 1084 "documentation":"<p>A cross-account permission for a signing profile.</p>" 1085 }, 1086 "Permissions":{ 1087 "type":"list", 1088 "member":{"shape":"Permission"} 1089 }, 1090 "PlatformId":{"type":"string"}, 1091 "PolicySizeBytes":{"type":"integer"}, 1092 "Prefix":{"type":"string"}, 1093 "ProfileName":{ 1094 "type":"string", 1095 "max":64, 1096 "min":2, 1097 "pattern":"^[a-zA-Z0-9_]{2,}" 1098 }, 1099 "ProfileVersion":{ 1100 "type":"string", 1101 "max":10, 1102 "min":10, 1103 "pattern":"^[a-zA-Z0-9]{10}$" 1104 }, 1105 "PutSigningProfileRequest":{ 1106 "type":"structure", 1107 "required":[ 1108 "profileName", 1109 "platformId" 1110 ], 1111 "members":{ 1112 "profileName":{ 1113 "shape":"ProfileName", 1114 "documentation":"<p>The name of the signing profile to be created.</p>", 1115 "location":"uri", 1116 "locationName":"profileName" 1117 }, 1118 "signingMaterial":{ 1119 "shape":"SigningMaterial", 1120 "documentation":"<p>The AWS Certificate Manager certificate that will be used to sign code with the new signing profile.</p>" 1121 }, 1122 "signatureValidityPeriod":{ 1123 "shape":"SignatureValidityPeriod", 1124 "documentation":"<p>The default validity period override for any signature generated using this signing profile. If unspecified, the default is 135 months.</p>" 1125 }, 1126 "platformId":{ 1127 "shape":"PlatformId", 1128 "documentation":"<p>The ID of the signing platform to be created.</p>" 1129 }, 1130 "overrides":{ 1131 "shape":"SigningPlatformOverrides", 1132 "documentation":"<p>A subfield of <code>platform</code>. This specifies any different configuration options that you want to apply to the chosen platform (such as a different <code>hash-algorithm</code> or <code>signing-algorithm</code>).</p>" 1133 }, 1134 "signingParameters":{ 1135 "shape":"SigningParameters", 1136 "documentation":"<p>Map of key-value pairs for signing. These can include any information that you want to use during signing.</p>" 1137 }, 1138 "tags":{ 1139 "shape":"TagMap", 1140 "documentation":"<p>Tags to be associated with the signing profile that is being created.</p>" 1141 } 1142 } 1143 }, 1144 "PutSigningProfileResponse":{ 1145 "type":"structure", 1146 "members":{ 1147 "arn":{ 1148 "shape":"string", 1149 "documentation":"<p>The Amazon Resource Name (ARN) of the signing profile created.</p>" 1150 }, 1151 "profileVersion":{ 1152 "shape":"ProfileVersion", 1153 "documentation":"<p>The version of the signing profile being created.</p>" 1154 }, 1155 "profileVersionArn":{ 1156 "shape":"Arn", 1157 "documentation":"<p>The signing profile ARN, including the profile version.</p>" 1158 } 1159 } 1160 }, 1161 "RemoveProfilePermissionRequest":{ 1162 "type":"structure", 1163 "required":[ 1164 "revisionId", 1165 "profileName", 1166 "statementId" 1167 ], 1168 "members":{ 1169 "profileName":{ 1170 "shape":"ProfileName", 1171 "documentation":"<p>A human-readable name for the signing profile with permissions to be removed.</p>", 1172 "location":"uri", 1173 "locationName":"profileName" 1174 }, 1175 "revisionId":{ 1176 "shape":"String", 1177 "documentation":"<p>An identifier for the current revision of the signing profile permissions.</p>", 1178 "location":"querystring", 1179 "locationName":"revisionId" 1180 }, 1181 "statementId":{ 1182 "shape":"String", 1183 "documentation":"<p>A unique identifier for the cross-account permissions statement.</p>", 1184 "location":"uri", 1185 "locationName":"statementId" 1186 } 1187 } 1188 }, 1189 "RemoveProfilePermissionResponse":{ 1190 "type":"structure", 1191 "members":{ 1192 "revisionId":{ 1193 "shape":"String", 1194 "documentation":"<p>An identifier for the current revision of the profile permissions.</p>" 1195 } 1196 } 1197 }, 1198 "RequestedBy":{"type":"string"}, 1199 "ResourceNotFoundException":{ 1200 "type":"structure", 1201 "members":{ 1202 "message":{"shape":"ErrorMessage"}, 1203 "code":{"shape":"ErrorCode"} 1204 }, 1205 "documentation":"<p>A specified resource could not be found.</p>", 1206 "error":{"httpStatusCode":404}, 1207 "exception":true 1208 }, 1209 "RevocationReasonString":{ 1210 "type":"string", 1211 "max":500, 1212 "min":1 1213 }, 1214 "RevokeSignatureRequest":{ 1215 "type":"structure", 1216 "required":[ 1217 "reason", 1218 "jobId" 1219 ], 1220 "members":{ 1221 "jobId":{ 1222 "shape":"JobId", 1223 "documentation":"<p>ID of the signing job to be revoked.</p>", 1224 "location":"uri", 1225 "locationName":"jobId" 1226 }, 1227 "jobOwner":{ 1228 "shape":"AccountId", 1229 "documentation":"<p>AWS account ID of the job owner.</p>" 1230 }, 1231 "reason":{ 1232 "shape":"RevocationReasonString", 1233 "documentation":"<p>The reason for revoking the signing job.</p>" 1234 } 1235 } 1236 }, 1237 "RevokeSigningProfileRequest":{ 1238 "type":"structure", 1239 "required":[ 1240 "profileVersion", 1241 "reason", 1242 "effectiveTime", 1243 "profileName" 1244 ], 1245 "members":{ 1246 "profileName":{ 1247 "shape":"ProfileName", 1248 "documentation":"<p>The name of the signing profile to be revoked.</p>", 1249 "location":"uri", 1250 "locationName":"profileName" 1251 }, 1252 "profileVersion":{ 1253 "shape":"ProfileVersion", 1254 "documentation":"<p>The version of the signing profile to be revoked.</p>" 1255 }, 1256 "reason":{ 1257 "shape":"RevocationReasonString", 1258 "documentation":"<p>The reason for revoking a signing profile.</p>" 1259 }, 1260 "effectiveTime":{ 1261 "shape":"Timestamp", 1262 "documentation":"<p>A timestamp for when revocation of a Signing Profile should become effective. Signatures generated using the signing profile after this timestamp are not trusted.</p>" 1263 } 1264 } 1265 }, 1266 "RevokedEntities":{ 1267 "type":"list", 1268 "member":{"shape":"String"} 1269 }, 1270 "S3Destination":{ 1271 "type":"structure", 1272 "members":{ 1273 "bucketName":{ 1274 "shape":"BucketName", 1275 "documentation":"<p>Name of the S3 bucket.</p>" 1276 }, 1277 "prefix":{ 1278 "shape":"Prefix", 1279 "documentation":"<p>An S3 prefix that you can use to limit responses to those that begin with the specified prefix.</p>" 1280 } 1281 }, 1282 "documentation":"<p>The name and prefix of the Amazon S3 bucket where AWS Signer saves your signed objects.</p>" 1283 }, 1284 "S3SignedObject":{ 1285 "type":"structure", 1286 "members":{ 1287 "bucketName":{ 1288 "shape":"BucketName", 1289 "documentation":"<p>Name of the S3 bucket.</p>" 1290 }, 1291 "key":{ 1292 "shape":"Key", 1293 "documentation":"<p>Key name that uniquely identifies a signed code image in your bucket.</p>" 1294 } 1295 }, 1296 "documentation":"<p>The Amazon S3 bucket name and key where Signer saved your signed code image.</p>" 1297 }, 1298 "S3Source":{ 1299 "type":"structure", 1300 "required":[ 1301 "bucketName", 1302 "key", 1303 "version" 1304 ], 1305 "members":{ 1306 "bucketName":{ 1307 "shape":"BucketName", 1308 "documentation":"<p>Name of the S3 bucket.</p>" 1309 }, 1310 "key":{ 1311 "shape":"Key", 1312 "documentation":"<p>Key name of the bucket object that contains your unsigned code.</p>" 1313 }, 1314 "version":{ 1315 "shape":"Version", 1316 "documentation":"<p>Version of your source image in your version enabled S3 bucket.</p>" 1317 } 1318 }, 1319 "documentation":"<p>Information about the Amazon S3 bucket where you saved your unsigned code.</p>" 1320 }, 1321 "ServiceLimitExceededException":{ 1322 "type":"structure", 1323 "members":{ 1324 "message":{"shape":"ErrorMessage"}, 1325 "code":{"shape":"ErrorCode"} 1326 }, 1327 "documentation":"<p>The client is making a request that exceeds service limits.</p>", 1328 "error":{"httpStatusCode":402}, 1329 "exception":true 1330 }, 1331 "SignPayloadRequest":{ 1332 "type":"structure", 1333 "required":[ 1334 "profileName", 1335 "payload", 1336 "payloadFormat" 1337 ], 1338 "members":{ 1339 "profileName":{ 1340 "shape":"ProfileName", 1341 "documentation":"<p>The name of the signing profile.</p>" 1342 }, 1343 "profileOwner":{ 1344 "shape":"AccountId", 1345 "documentation":"<p>The AWS account ID of the profile owner.</p>" 1346 }, 1347 "payload":{ 1348 "shape":"Payload", 1349 "documentation":"<p>Specifies the object digest (hash) to sign.</p>" 1350 }, 1351 "payloadFormat":{ 1352 "shape":"String", 1353 "documentation":"<p>Payload content type. The single valid type is <code>application/vnd.cncf.notary.payload.v1+json</code>.</p>" 1354 } 1355 } 1356 }, 1357 "SignPayloadResponse":{ 1358 "type":"structure", 1359 "members":{ 1360 "jobId":{ 1361 "shape":"JobId", 1362 "documentation":"<p>Unique identifier of the signing job.</p>" 1363 }, 1364 "jobOwner":{ 1365 "shape":"AccountId", 1366 "documentation":"<p>The AWS account ID of the job owner.</p>" 1367 }, 1368 "metadata":{ 1369 "shape":"Metadata", 1370 "documentation":"<p>Information including the signing profile ARN and the signing job ID.</p>" 1371 }, 1372 "signature":{ 1373 "shape":"Blob", 1374 "documentation":"<p>A cryptographic signature.</p>" 1375 } 1376 } 1377 }, 1378 "SignatureValidityPeriod":{ 1379 "type":"structure", 1380 "members":{ 1381 "value":{ 1382 "shape":"Integer", 1383 "documentation":"<p>The numerical value of the time unit for signature validity.</p>" 1384 }, 1385 "type":{ 1386 "shape":"ValidityType", 1387 "documentation":"<p>The time unit for signature validity.</p>" 1388 } 1389 }, 1390 "documentation":"<p>The validity period for a signing job.</p>" 1391 }, 1392 "SignedObject":{ 1393 "type":"structure", 1394 "members":{ 1395 "s3":{ 1396 "shape":"S3SignedObject", 1397 "documentation":"<p>The <code>S3SignedObject</code>.</p>" 1398 } 1399 }, 1400 "documentation":"<p>Points to an <code>S3SignedObject</code> object that contains information about your signed code image.</p>" 1401 }, 1402 "SigningConfiguration":{ 1403 "type":"structure", 1404 "required":[ 1405 "encryptionAlgorithmOptions", 1406 "hashAlgorithmOptions" 1407 ], 1408 "members":{ 1409 "encryptionAlgorithmOptions":{ 1410 "shape":"EncryptionAlgorithmOptions", 1411 "documentation":"<p>The encryption algorithm options that are available for a code-signing job.</p>" 1412 }, 1413 "hashAlgorithmOptions":{ 1414 "shape":"HashAlgorithmOptions", 1415 "documentation":"<p>The hash algorithm options that are available for a code-signing job.</p>" 1416 } 1417 }, 1418 "documentation":"<p>The configuration of a signing operation.</p>" 1419 }, 1420 "SigningConfigurationOverrides":{ 1421 "type":"structure", 1422 "members":{ 1423 "encryptionAlgorithm":{ 1424 "shape":"EncryptionAlgorithm", 1425 "documentation":"<p>A specified override of the default encryption algorithm that is used in a code-signing job.</p>" 1426 }, 1427 "hashAlgorithm":{ 1428 "shape":"HashAlgorithm", 1429 "documentation":"<p>A specified override of the default hash algorithm that is used in a code-signing job.</p>" 1430 } 1431 }, 1432 "documentation":"<p>A signing configuration that overrides the default encryption or hash algorithm of a signing job.</p>" 1433 }, 1434 "SigningImageFormat":{ 1435 "type":"structure", 1436 "required":[ 1437 "supportedFormats", 1438 "defaultFormat" 1439 ], 1440 "members":{ 1441 "supportedFormats":{ 1442 "shape":"ImageFormats", 1443 "documentation":"<p>The supported formats of a signing image.</p>" 1444 }, 1445 "defaultFormat":{ 1446 "shape":"ImageFormat", 1447 "documentation":"<p>The default format of a signing image.</p>" 1448 } 1449 }, 1450 "documentation":"<p>The image format of a AWS Signer platform or profile.</p>" 1451 }, 1452 "SigningJob":{ 1453 "type":"structure", 1454 "members":{ 1455 "jobId":{ 1456 "shape":"JobId", 1457 "documentation":"<p>The ID of the signing job.</p>" 1458 }, 1459 "source":{ 1460 "shape":"Source", 1461 "documentation":"<p>A <code>Source</code> that contains information about a signing job's code image source.</p>" 1462 }, 1463 "signedObject":{ 1464 "shape":"SignedObject", 1465 "documentation":"<p>A <code>SignedObject</code> structure that contains information about a signing job's signed code image.</p>" 1466 }, 1467 "signingMaterial":{ 1468 "shape":"SigningMaterial", 1469 "documentation":"<p>A <code>SigningMaterial</code> object that contains the Amazon Resource Name (ARN) of the certificate used for the signing job.</p>" 1470 }, 1471 "createdAt":{ 1472 "shape":"Timestamp", 1473 "documentation":"<p>The date and time that the signing job was created.</p>" 1474 }, 1475 "status":{ 1476 "shape":"SigningStatus", 1477 "documentation":"<p>The status of the signing job.</p>" 1478 }, 1479 "isRevoked":{ 1480 "shape":"bool", 1481 "documentation":"<p>Indicates whether the signing job is revoked.</p>" 1482 }, 1483 "profileName":{ 1484 "shape":"ProfileName", 1485 "documentation":"<p>The name of the signing profile that created a signing job.</p>" 1486 }, 1487 "profileVersion":{ 1488 "shape":"ProfileVersion", 1489 "documentation":"<p>The version of the signing profile that created a signing job.</p>" 1490 }, 1491 "platformId":{ 1492 "shape":"PlatformId", 1493 "documentation":"<p>The unique identifier for a signing platform.</p>" 1494 }, 1495 "platformDisplayName":{ 1496 "shape":"DisplayName", 1497 "documentation":"<p>The name of a signing platform.</p>" 1498 }, 1499 "signatureExpiresAt":{ 1500 "shape":"Timestamp", 1501 "documentation":"<p>The time when the signature of a signing job expires.</p>" 1502 }, 1503 "jobOwner":{ 1504 "shape":"AccountId", 1505 "documentation":"<p>The AWS account ID of the job owner.</p>" 1506 }, 1507 "jobInvoker":{ 1508 "shape":"AccountId", 1509 "documentation":"<p>The AWS account ID of the job invoker.</p>" 1510 } 1511 }, 1512 "documentation":"<p>Contains information about a signing job.</p>" 1513 }, 1514 "SigningJobRevocationRecord":{ 1515 "type":"structure", 1516 "members":{ 1517 "reason":{ 1518 "shape":"String", 1519 "documentation":"<p>A caller-supplied reason for revocation.</p>" 1520 }, 1521 "revokedAt":{ 1522 "shape":"Timestamp", 1523 "documentation":"<p>The time of revocation.</p>" 1524 }, 1525 "revokedBy":{ 1526 "shape":"String", 1527 "documentation":"<p>The identity of the revoker.</p>" 1528 } 1529 }, 1530 "documentation":"<p>Revocation information for a signing job.</p>" 1531 }, 1532 "SigningJobs":{ 1533 "type":"list", 1534 "member":{"shape":"SigningJob"} 1535 }, 1536 "SigningMaterial":{ 1537 "type":"structure", 1538 "required":["certificateArn"], 1539 "members":{ 1540 "certificateArn":{ 1541 "shape":"CertificateArn", 1542 "documentation":"<p>The Amazon Resource Name (ARN) of the certificates that is used to sign your code.</p>" 1543 } 1544 }, 1545 "documentation":"<p>The ACM certificate that is used to sign your code.</p>" 1546 }, 1547 "SigningParameterKey":{"type":"string"}, 1548 "SigningParameterValue":{"type":"string"}, 1549 "SigningParameters":{ 1550 "type":"map", 1551 "key":{"shape":"SigningParameterKey"}, 1552 "value":{"shape":"SigningParameterValue"} 1553 }, 1554 "SigningPlatform":{ 1555 "type":"structure", 1556 "members":{ 1557 "platformId":{ 1558 "shape":"String", 1559 "documentation":"<p>The ID of a signing platform.</p>" 1560 }, 1561 "displayName":{ 1562 "shape":"String", 1563 "documentation":"<p>The display name of a signing platform.</p>" 1564 }, 1565 "partner":{ 1566 "shape":"String", 1567 "documentation":"<p>Any partner entities linked to a signing platform.</p>" 1568 }, 1569 "target":{ 1570 "shape":"String", 1571 "documentation":"<p>The types of targets that can be signed by a signing platform.</p>" 1572 }, 1573 "category":{ 1574 "shape":"Category", 1575 "documentation":"<p>The category of a signing platform.</p>" 1576 }, 1577 "signingConfiguration":{ 1578 "shape":"SigningConfiguration", 1579 "documentation":"<p>The configuration of a signing platform. This includes the designated hash algorithm and encryption algorithm of a signing platform.</p>" 1580 }, 1581 "signingImageFormat":{"shape":"SigningImageFormat"}, 1582 "maxSizeInMB":{ 1583 "shape":"MaxSizeInMB", 1584 "documentation":"<p>The maximum size (in MB) of code that can be signed by a signing platform.</p>" 1585 }, 1586 "revocationSupported":{ 1587 "shape":"bool", 1588 "documentation":"<p>Indicates whether revocation is supported for the platform.</p>" 1589 } 1590 }, 1591 "documentation":"<p>Contains information about the signing configurations and parameters that are used to perform a code-signing job.</p>" 1592 }, 1593 "SigningPlatformOverrides":{ 1594 "type":"structure", 1595 "members":{ 1596 "signingConfiguration":{ 1597 "shape":"SigningConfigurationOverrides", 1598 "documentation":"<p>A signing configuration that overrides the default encryption or hash algorithm of a signing job.</p>" 1599 }, 1600 "signingImageFormat":{ 1601 "shape":"ImageFormat", 1602 "documentation":"<p>A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, <code>JSONEmbedded</code> or <code>JSONDetached</code>. (A third format value, <code>JSON</code>, is reserved for future use.) With <code>JSONEmbedded</code>, the signing image has the payload embedded in it. With <code>JSONDetached</code>, the payload is not be embedded in the signing image.</p>" 1603 } 1604 }, 1605 "documentation":"<p>Any overrides that are applied to the signing configuration of a signing platform.</p>" 1606 }, 1607 "SigningPlatforms":{ 1608 "type":"list", 1609 "member":{"shape":"SigningPlatform"} 1610 }, 1611 "SigningProfile":{ 1612 "type":"structure", 1613 "members":{ 1614 "profileName":{ 1615 "shape":"ProfileName", 1616 "documentation":"<p>The name of the signing profile.</p>" 1617 }, 1618 "profileVersion":{ 1619 "shape":"ProfileVersion", 1620 "documentation":"<p>The version of a signing profile.</p>" 1621 }, 1622 "profileVersionArn":{ 1623 "shape":"Arn", 1624 "documentation":"<p>The ARN of a signing profile, including the profile version.</p>" 1625 }, 1626 "signingMaterial":{ 1627 "shape":"SigningMaterial", 1628 "documentation":"<p>The ACM certificate that is available for use by a signing profile.</p>" 1629 }, 1630 "signatureValidityPeriod":{ 1631 "shape":"SignatureValidityPeriod", 1632 "documentation":"<p>The validity period for a signing job created using this signing profile.</p>" 1633 }, 1634 "platformId":{ 1635 "shape":"PlatformId", 1636 "documentation":"<p>The ID of a platform that is available for use by a signing profile.</p>" 1637 }, 1638 "platformDisplayName":{ 1639 "shape":"DisplayName", 1640 "documentation":"<p>The name of the signing platform.</p>" 1641 }, 1642 "signingParameters":{ 1643 "shape":"SigningParameters", 1644 "documentation":"<p>The parameters that are available for use by a Signer user.</p>" 1645 }, 1646 "status":{ 1647 "shape":"SigningProfileStatus", 1648 "documentation":"<p>The status of a signing profile.</p>" 1649 }, 1650 "arn":{ 1651 "shape":"string", 1652 "documentation":"<p>The Amazon Resource Name (ARN) for the signing profile.</p>" 1653 }, 1654 "tags":{ 1655 "shape":"TagMap", 1656 "documentation":"<p>A list of tags associated with the signing profile.</p>" 1657 } 1658 }, 1659 "documentation":"<p>Contains information about the ACM certificates and signing configuration parameters that can be used by a given code signing user.</p>" 1660 }, 1661 "SigningProfileRevocationRecord":{ 1662 "type":"structure", 1663 "members":{ 1664 "revocationEffectiveFrom":{ 1665 "shape":"Timestamp", 1666 "documentation":"<p>The time when revocation becomes effective.</p>" 1667 }, 1668 "revokedAt":{ 1669 "shape":"Timestamp", 1670 "documentation":"<p>The time when the signing profile was revoked.</p>" 1671 }, 1672 "revokedBy":{ 1673 "shape":"String", 1674 "documentation":"<p>The identity of the revoker.</p>" 1675 } 1676 }, 1677 "documentation":"<p>Revocation information for a signing profile.</p>" 1678 }, 1679 "SigningProfileStatus":{ 1680 "type":"string", 1681 "enum":[ 1682 "Active", 1683 "Canceled", 1684 "Revoked" 1685 ] 1686 }, 1687 "SigningProfiles":{ 1688 "type":"list", 1689 "member":{"shape":"SigningProfile"} 1690 }, 1691 "SigningStatus":{ 1692 "type":"string", 1693 "enum":[ 1694 "InProgress", 1695 "Failed", 1696 "Succeeded" 1697 ] 1698 }, 1699 "Source":{ 1700 "type":"structure", 1701 "members":{ 1702 "s3":{ 1703 "shape":"S3Source", 1704 "documentation":"<p>The <code>S3Source</code> object.</p>" 1705 } 1706 }, 1707 "documentation":"<p>An <code>S3Source</code> object that contains information about the S3 bucket where you saved your unsigned code.</p>" 1708 }, 1709 "StartSigningJobRequest":{ 1710 "type":"structure", 1711 "required":[ 1712 "source", 1713 "destination", 1714 "profileName", 1715 "clientRequestToken" 1716 ], 1717 "members":{ 1718 "source":{ 1719 "shape":"Source", 1720 "documentation":"<p>The S3 bucket that contains the object to sign or a BLOB that contains your raw code.</p>" 1721 }, 1722 "destination":{ 1723 "shape":"Destination", 1724 "documentation":"<p>The S3 bucket in which to save your signed object. The destination contains the name of your bucket and an optional prefix.</p>" 1725 }, 1726 "profileName":{ 1727 "shape":"ProfileName", 1728 "documentation":"<p>The name of the signing profile.</p>" 1729 }, 1730 "clientRequestToken":{ 1731 "shape":"ClientRequestToken", 1732 "documentation":"<p>String that identifies the signing request. All calls after the first that use this token return the same response as the first call.</p>", 1733 "idempotencyToken":true 1734 }, 1735 "profileOwner":{ 1736 "shape":"AccountId", 1737 "documentation":"<p>The AWS account ID of the signing profile owner.</p>" 1738 } 1739 } 1740 }, 1741 "StartSigningJobResponse":{ 1742 "type":"structure", 1743 "members":{ 1744 "jobId":{ 1745 "shape":"JobId", 1746 "documentation":"<p>The ID of your signing job.</p>" 1747 }, 1748 "jobOwner":{ 1749 "shape":"AccountId", 1750 "documentation":"<p>The AWS account ID of the signing job owner.</p>" 1751 } 1752 } 1753 }, 1754 "StatusReason":{"type":"string"}, 1755 "Statuses":{ 1756 "type":"list", 1757 "member":{"shape":"SigningProfileStatus"} 1758 }, 1759 "String":{"type":"string"}, 1760 "TagKey":{ 1761 "type":"string", 1762 "max":128, 1763 "min":1, 1764 "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$" 1765 }, 1766 "TagKeyList":{ 1767 "type":"list", 1768 "member":{"shape":"TagKey"}, 1769 "max":200, 1770 "min":1 1771 }, 1772 "TagMap":{ 1773 "type":"map", 1774 "key":{"shape":"TagKey"}, 1775 "value":{"shape":"TagValue"}, 1776 "max":200, 1777 "min":1 1778 }, 1779 "TagResourceRequest":{ 1780 "type":"structure", 1781 "required":[ 1782 "resourceArn", 1783 "tags" 1784 ], 1785 "members":{ 1786 "resourceArn":{ 1787 "shape":"String", 1788 "documentation":"<p>The Amazon Resource Name (ARN) for the signing profile.</p>", 1789 "location":"uri", 1790 "locationName":"resourceArn" 1791 }, 1792 "tags":{ 1793 "shape":"TagMap", 1794 "documentation":"<p>One or more tags to be associated with the signing profile.</p>" 1795 } 1796 } 1797 }, 1798 "TagResourceResponse":{ 1799 "type":"structure", 1800 "members":{ 1801 } 1802 }, 1803 "TagValue":{ 1804 "type":"string", 1805 "max":256 1806 }, 1807 "ThrottlingException":{ 1808 "type":"structure", 1809 "members":{ 1810 "message":{"shape":"ErrorMessage"}, 1811 "code":{"shape":"ErrorCode"} 1812 }, 1813 "documentation":"<p>The request was denied due to request throttling.</p> <p>Instead of this error, <code>TooManyRequestsException</code> should be used.</p>", 1814 "deprecated":true, 1815 "deprecatedMessage":"Instead of this error, TooManyRequestsException should be used.", 1816 "error":{"httpStatusCode":429}, 1817 "exception":true 1818 }, 1819 "Timestamp":{"type":"timestamp"}, 1820 "TooManyRequestsException":{ 1821 "type":"structure", 1822 "members":{ 1823 "message":{"shape":"ErrorMessage"}, 1824 "code":{"shape":"ErrorCode"} 1825 }, 1826 "documentation":"<p>The allowed number of job-signing requests has been exceeded.</p> <p>This error supersedes the error <code>ThrottlingException</code>.</p>", 1827 "error":{"httpStatusCode":429}, 1828 "exception":true 1829 }, 1830 "UntagResourceRequest":{ 1831 "type":"structure", 1832 "required":[ 1833 "resourceArn", 1834 "tagKeys" 1835 ], 1836 "members":{ 1837 "resourceArn":{ 1838 "shape":"String", 1839 "documentation":"<p>The Amazon Resource Name (ARN) for the signing profile.</p>", 1840 "location":"uri", 1841 "locationName":"resourceArn" 1842 }, 1843 "tagKeys":{ 1844 "shape":"TagKeyList", 1845 "documentation":"<p>A list of tag keys to be removed from the signing profile.</p>", 1846 "location":"querystring", 1847 "locationName":"tagKeys" 1848 } 1849 } 1850 }, 1851 "UntagResourceResponse":{ 1852 "type":"structure", 1853 "members":{ 1854 } 1855 }, 1856 "ValidationException":{ 1857 "type":"structure", 1858 "members":{ 1859 "message":{"shape":"ErrorMessage"}, 1860 "code":{"shape":"ErrorCode"} 1861 }, 1862 "documentation":"<p>You signing certificate could not be validated.</p>", 1863 "error":{"httpStatusCode":400}, 1864 "exception":true 1865 }, 1866 "ValidityType":{ 1867 "type":"string", 1868 "enum":[ 1869 "DAYS", 1870 "MONTHS", 1871 "YEARS" 1872 ] 1873 }, 1874 "Version":{"type":"string"}, 1875 "bool":{"type":"boolean"}, 1876 "string":{"type":"string"} 1877 }, 1878 "documentation":"<p>AWS Signer is a fully managed code-signing service to help you ensure the trust and integrity of your code. </p> <p>Signer supports the following applications:</p> <p>With code signing for AWS Lambda, you can sign <a href=\"http://docs.aws.amazon.com/lambda/latest/dg/\">AWS Lambda</a> deployment packages. Integrated support is provided for <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/gsg/\">Amazon S3</a>, <a href=\"http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/\">Amazon CloudWatch</a>, and <a href=\"http://docs.aws.amazon.com/awscloudtrail/latest/userguide/\">AWS CloudTrail</a>. In order to sign code, you create a signing profile and then use Signer to sign Lambda zip files in S3. </p> <p>With code signing for IoT, you can sign code for any IoT device that is supported by AWS. IoT code signing is available for <a href=\"http://docs.aws.amazon.com/freertos/latest/userguide/\">Amazon FreeRTOS</a> and <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/\">AWS IoT Device Management</a>, and is integrated with <a href=\"http://docs.aws.amazon.com/acm/latest/userguide/\">AWS Certificate Manager (ACM)</a>. In order to sign code, you import a third-party code-signing certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p> <p>With Signer and the Notation CLI from the <a href=\"https://notaryproject.dev/\">Notary
 Project</a>, you can sign container images stored in a container registry such as Amazon Elastic Container Registry (ECR). The signatures are stored in the registry alongside the images, where they are available for verifying image authenticity and integrity.</p> <p>For more information about Signer, see the <a href=\"https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html\">AWS Signer Developer Guide</a>.</p>" 1879} 1880