class EventsRealmVlobsUpdatedRepSchema(BaseRepSchema): event = fields.EnumCheckedConstant(APIEvent.REALM_VLOBS_UPDATED, required=True) realm_id = fields.UUID(required=True) checkpoint = fields.Integer(required=True) src_id = fields.UUID(required=True) src_version = fields.Integer(required=True)
class EventsRealmVlobsUpdatedRepSchema(BaseRepSchema): status = fields.CheckedConstant("ok", required=True) event = fields.CheckedConstant("realm.vlobs_updated", required=True) realm_id = fields.UUID(required=True) checkpoint = fields.Integer(required=True) src_id = fields.UUID(required=True) src_version = fields.Integer(required=True)
class EventsBeaconUpdatedRepSchema(BaseRepSchema): status = fields.CheckedConstant("ok", required=True) event = fields.CheckedConstant("beacon.updated", required=True) beacon_id = fields.UUID(required=True) index = fields.Integer(required=True) src_id = fields.UUID(required=True) src_version = fields.Integer(required=True)
class VlobCreateReqSchema(BaseReqSchema): realm_id = fields.UUID(required=True) encryption_revision = fields.Integer(required=True) vlob_id = fields.UUID(required=True) # If blob contains a signed message, it timestamp cannot be directly enforced # by the backend (given the message is probably also encrypted). # Hence the timestamp is passed in clear so backend can reject the message # if it considers the timestamp invalid. On top of that each client asking # for the message will receive the declared timestamp to check against # the actual timestamp within the message. timestamp = fields.DateTime(required=True) blob = fields.Bytes(required=True)
class PkiEnrollmentListItemSchema(BaseSchema): enrollment_id = fields.UUID(required=True) submitted_on = fields.DateTime(required=True) submitter_der_x509_certificate = fields.Bytes(required=True) submit_payload_signature = fields.Bytes(required=True) submit_payload = fields.Bytes( required=True) # Signature should be checked before loading
class HandshakeInvitedAnswerSchema(BaseSchema): handshake = fields.CheckedConstant("answer", required=True) type = fields.EnumCheckedConstant(HandshakeType.INVITED, required=True) client_api_version = ApiVersionField(required=True) organization_id = OrganizationIDField(required=True) invitation_type = InvitationTypeField(required=True) token = fields.UUID(required=True)
class RealmStartReencryptionMaintenanceReqSchema(BaseReqSchema): realm_id = fields.UUID(required=True) encryption_revision = fields.Integer(required=True) timestamp = fields.DateTime(required=True) per_participant_message = fields.Map(UserIDField(), fields.Bytes(required=True), required=True)
class SCHEMA_CLS(BaseSignedDataSchema): type = fields.CheckedConstant("realm_role_certificate", required=True) realm_id = fields.UUID(required=True) user_id = UserIDField(required=True) role = RealmRoleField(required=True, allow_none=True) @post_load def make_obj(self, data: Dict[str, Any]) -> "RealmRoleCertificateContent": data.pop("type") return RealmRoleCertificateContent(**data)
class PkiEnrollmentAcceptReqSchema(BaseReqSchema): enrollment_id = fields.UUID(required=True) accepter_der_x509_certificate = fields.Bytes(required=True) accept_payload_signature = fields.Bytes(required=True) accept_payload = fields.Bytes( required=True) # Signature should be checked before loading user_certificate = fields.Bytes(required=True) device_certificate = fields.Bytes(required=True) # Same certificates than above, but expurged of human_handle/device_label redacted_user_certificate = fields.Bytes(required=True) redacted_device_certificate = fields.Bytes(required=True)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("local_pending_enrollment", required=True) x509_certificate = fields.Nested(X509Certificate.SCHEMA_CLS, required=True) addr = BackendPkiEnrollmentAddrField(required=True) submitted_on = fields.DateTime(required=True) enrollment_id = fields.UUID(required=True) submit_payload = fields.Nested(PkiEnrollmentSubmitPayload.SCHEMA_CLS, required=True) encrypted_key = fields.Bytes(required=True) ciphertext = fields.Bytes(required=True) # An encrypted PendingDeviceKeys @post_load def make_obj(self, data): data.pop("type", None) return LocalPendingEnrollment(**data)
class PkiEnrollmentSubmitReqSchema(BaseReqSchema): enrollment_id = fields.UUID(required=True) # Existing enrollment with SUMBITTED status prevent submitting new # enrollment with similir x509 certificate unless force flag is set. force = fields.Boolean(required=True) submitter_der_x509_certificate = fields.Bytes(required=True) # Duplicated certificate email field. (The backend need to check if the email is used without loading the certificate) submitter_der_x509_certificate_email = fields.String(required=False, missing=None, allow_none=True) submit_payload_signature = fields.Bytes(required=True) submit_payload = fields.Bytes( required=True) # Signature should be checked before loading
class EventsRealmRolesUpdatedRepSchema(BaseRepSchema): event = fields.EnumCheckedConstant(APIEvent.REALM_ROLES_UPDATED, required=True) realm_id = fields.UUID(required=True) role = RealmRoleField(required=True, allow_none=True)
class VlobPollChangesRepSchema(BaseRepSchema): changes = fields.Map(fields.UUID(), fields.Integer(required=True), required=True) current_checkpoint = fields.Integer(required=True)
class PkiEnrollmentInfoReqSchema(BaseReqSchema): enrollment_id = fields.UUID(required=True)
class Invite1GreeterWaitPeerReqSchema(BaseReqSchema): token = fields.UUID(required=True) greeter_public_key = fields.PublicKey(required=True)
class EventsInviteStatusChangedRepSchema(BaseRepSchema): event = fields.EnumCheckedConstant(APIEvent.INVITE_STATUS_CHANGED, required=True) token = fields.UUID(required=True) invitation_status = InvitationStatusField(required=True)
class InviteDeleteReqSchema(BaseReqSchema): token = fields.UUID(required=True) reason = InvitationDeletedReasonField(required=True)
class InviteListItemUserSchema(BaseSchema): type = fields.EnumCheckedConstant(InvitationType.USER, required=True) token = fields.UUID(required=True) created_on = fields.DateTime(required=True) claimer_email = fields.String(required=True) status = InvitationStatusField(required=True)
class BlockReadReqSchema(BaseReqSchema): block_id = fields.UUID(required=True)
class Invite3bGreeterSignifyTrustReqSchema(BaseReqSchema): token = fields.UUID(required=True)
class Invite3aGreeterWaitPeerTrustReqSchema(BaseReqSchema): token = fields.UUID(required=True)
class Invite2bGreeterSendNonceReqSchema(BaseReqSchema): token = fields.UUID(required=True) greeter_nonce = fields.Bytes(required=True)
class Invite2aGreeterGetHashedNonceReqSchema(BaseReqSchema): token = fields.UUID(required=True)
class VlobPollChangesReqSchema(BaseReqSchema): realm_id = fields.UUID(required=True) last_checkpoint = fields.Integer(required=True)
class EventsRealmMaintenanceFinishedRepSchema(BaseRepSchema): event = fields.EnumCheckedConstant(APIEvent.REALM_MAINTENANCE_FINISHED, required=True) realm_id = fields.UUID(required=True) encryption_revision = fields.Integer(required=True)
class VlobListVersionsReqSchema(BaseReqSchema): vlob_id = fields.UUID(required=True)
class Invite4GreeterCommunicateReqSchema(BaseReqSchema): token = fields.UUID(required=True) payload = fields.Bytes(required=True)
class InviteListItemDeviceSchema(BaseSchema): type = fields.EnumCheckedConstant(InvitationType.DEVICE, required=True) token = fields.UUID(required=True) created_on = fields.DateTime(required=True) status = InvitationStatusField(required=True)
class BlockCreateReqSchema(BaseReqSchema): block_id = fields.UUID(required=True) realm_id = fields.UUID(required=True) block = fields.Bytes(required=True)
class InviteNewRepSchema(BaseRepSchema): token = fields.UUID(required=True)