class APIV1_OrganizationBootstrapReqSchema(BaseReqSchema): bootstrap_token = fields.String(required=True) root_verify_key = fields.VerifyKey(required=True) user_certificate = fields.Bytes(required=True) device_certificate = fields.Bytes(required=True) # Same certificates than above, but expurged of human_handle/device_label # Backward compatibility prevent those field to be required, however # they should be considered so by recent version of Parsec (hence the # `allow_none=False`). # Hence only old version of Parsec will provide a payload with missing # redacted fields. In such case we consider the non-redacted can also # be used as redacted given the to-be-redacted fields have been introduce # in later version of Parsec. redacted_user_certificate = fields.Bytes(allow_none=False) redacted_device_certificate = fields.Bytes(allow_none=False) root_verify_key = fields.VerifyKey(required=True)
class RealmStartReencryptionMaintenanceReqSchema(BaseReqSchema): realm_id = fields.UUID(required=True) encryption_revision = fields.Integer(required=True) timestamp = fields.DateTime(required=True) per_participant_message = fields.Map(UserIDField(), fields.Bytes(required=True), required=True)
class DeviceFileSchema(BaseSchema): type = fields.CheckedConstant("password", required=True) salt = fields.Bytes(required=True) ciphertext = fields.Bytes(required=True) # Since human_handle/device_label has been introduced, device_id is # redacted (i.e. user_id and device_name are 2 random uuids), hence # those fields have been added to the device file so the login page in # the GUI can use them to provide useful information. human_handle = HumanHandleField(allow_none=True, missing=None) device_label = fields.String(allow_none=True, missing=None) # Store device and organization ID in the device file # For legacy versions, this information is available in the file name device_id = DeviceIDField(allow_none=True, missing=None) organization_id = OrganizationIDField(allow_none=True, missing=None) root_verify_key_hash = fields.String(allow_none=True, missing=None)
class APIV1_HandshakeAuthenticatedAnswerSchema(BaseSchema): handshake = fields.CheckedConstant("answer", required=True) type = fields.EnumCheckedConstant(APIV1_HandshakeType.AUTHENTICATED, required=True) client_api_version = ApiVersionField(required=True) organization_id = OrganizationIDField(required=True) device_id = DeviceIDField(required=True) rvk = fields.VerifyKey(required=True) answer = fields.Bytes(required=True)
class VlobCreateReqSchema(BaseReqSchema): realm_id = fields.UUID(required=True) encryption_revision = fields.Integer(required=True) vlob_id = fields.UUID(required=True) # If blob contains a signed message, it timestamp cannot be directly enforced # by the backend (given the message is probably also encrypted). # Hence the timestamp is passed in clear so backend can reject the message # if it considers the timestamp invalid. On top of that each client asking # for the message will receive the declared timestamp to check against # the actual timestamp within the message. timestamp = fields.DateTime(required=True) blob = fields.Bytes(required=True)
class Invite4GreeterCommunicateReqSchema(BaseReqSchema): token = fields.UUID(required=True) payload = fields.Bytes(required=True)
class VlobReadRepSchema(BaseRepSchema): version = fields.Integer(required=True, validate=_validate_version) blob = fields.Bytes(required=True) author = DeviceIDField(required=True) timestamp = fields.DateTime(required=True)
class ReencryptionBatchEntrySchema(BaseSchema): vlob_id = fields.UUID(required=True) version = fields.Integer(required=True, validate=validate.Range(min=0)) blob = fields.Bytes(required=True)
class APIV1_UserInviteRepSchema(BaseRepSchema): encrypted_claim = fields.Bytes(required=True)
class TrustchainSchema(BaseSchema): devices = fields.List(fields.Bytes(required=True)) users = fields.List(fields.Bytes(required=True)) revoked_users = fields.List(fields.Bytes(required=True))
class APIV1_DeviceCreateReqSchema(BaseReqSchema): device_certificate = fields.Bytes(required=True) encrypted_answer = fields.Bytes(required=True)
class UserRevokeReqSchema(BaseReqSchema): revoked_user_certificate = fields.Bytes(required=True)
class HandshakeChallengeSchema(BaseSchema): handshake = fields.CheckedConstant("challenge", required=True) challenge = fields.Bytes(required=True) supported_api_versions = fields.List(ApiVersionField(), required=True)
class Schema(BaseSchema): data = fields.Bytes()
class Invite4ClaimerCommunicateRepSchema(BaseRepSchema): payload = fields.Bytes(required=True)
class APIV1_UserCreateReqSchema(BaseReqSchema): user_certificate = fields.Bytes(required=True) device_certificate = fields.Bytes(required=True)
class UserCreateReqSchema(BaseReqSchema): user_certificate = fields.Bytes(required=True) device_certificate = fields.Bytes(required=True) # Same certificates than above, but expurged of human_handle/device_label redacted_user_certificate = fields.Bytes(required=True) redacted_device_certificate = fields.Bytes(required=True)
class RealmCreateReqSchema(BaseReqSchema): role_certificate = fields.Bytes(required=True)
class APIV1_DeviceClaimReqSchema(BaseReqSchema): invited_device_id = DeviceIDField(required=True) encrypted_claim = fields.Bytes(required=True)
class RealmGetRoleCertificatesRepSchema(BaseRepSchema): certificates = fields.List(fields.Bytes(required=True), required=True)
class DeviceCreateReqSchema(BaseReqSchema): device_certificate = fields.Bytes(required=True) # Same certificate than above, but expurged of device_label redacted_device_certificate = fields.Bytes(required=True)
class RealmUpdateRolesReqSchema(BaseReqSchema): role_certificate = fields.Bytes(required=True) recipient_message = fields.Bytes(required=True, allow_none=True)
class UserGetRepSchema(BaseRepSchema): user_certificate = fields.Bytes(required=True) revoked_user_certificate = fields.Bytes(required=True, allow_none=True) device_certificates = fields.List(fields.Bytes(required=True), required=True) trustchain = fields.Nested(TrustchainSchema, required=True)
class BlockReadRepSchema(BaseRepSchema): block = fields.Bytes(required=True)
class APIV1_UserGetInvitationCreatorRepSchema(BaseRepSchema): device_certificate = fields.Bytes(required=True) user_certificate = fields.Bytes(required=True) trustchain = fields.Nested(TrustchainSchema, required=True)
class BlockCreateReqSchema(BaseReqSchema): block_id = fields.UUID(required=True) realm_id = fields.UUID(required=True) block = fields.Bytes(required=True)
class MessageSchema(BaseSchema): count = fields.Integer(required=True) sender = DeviceIDField(required=True) timestamp = fields.DateTime(required=True) body = fields.Bytes(required=True)
class APIV1_UserClaimReqSchema(BaseReqSchema): invited_user_id = UserIDField(required=True) encrypted_claim = fields.Bytes(required=True)
class VlobUpdateReqSchema(BaseReqSchema): encryption_revision = fields.Integer(required=True) vlob_id = fields.UUID(required=True) timestamp = fields.DateTime(required=True) version = fields.Integer(required=True, validate=_validate_version) blob = fields.Bytes(required=True)
class Invite2bClaimerSendNonceReqSchema(BaseReqSchema): claimer_nonce = fields.Bytes(required=True)