class UserClaimSchema(UnknownCheckedSchema): type = fields.CheckedConstant("user_claim", required=True) token = fields.String(required=True) # Note claiming user also imply creating a first device device_id = fields.DeviceID(required=True) public_key = fields.PublicKey(required=True) verify_key = fields.VerifyKey(required=True)
class APIV1_HandshakeAnonymousAnswerSchema(BaseSchema): handshake = fields.CheckedConstant("answer", required=True) type = fields.EnumCheckedConstant(APIV1_HandshakeType.ANONYMOUS, required=True) client_api_version = ApiVersionField(required=True) organization_id = OrganizationIDField(required=True) # Cannot provide rvk during organization bootstrap rvk = fields.VerifyKey(missing=None)
class OrganizationBootstrapReqSchema(BaseReqSchema): bootstrap_token = fields.String(required=True) root_verify_key = fields.VerifyKey(required=True) user_certificate = fields.Bytes(required=True) device_certificate = fields.Bytes(required=True) redacted_user_certificate = fields.Bytes(required=True) redacted_device_certificate = fields.Bytes(required=True)
class APIV1_OrganizationBootstrapReqSchema(BaseReqSchema): bootstrap_token = fields.String(required=True) root_verify_key = fields.VerifyKey(required=True) user_certificate = fields.Bytes(required=True) device_certificate = fields.Bytes(required=True) # Same certificates than above, but expurged of human_handle/device_label # Backward compatibility prevent those field to be required, however # they should be considered so by recent version of Parsec (hence the # `allow_none=False`). # Hence only old version of Parsec will provide a payload with missing # redacted fields. In such case we consider the non-redacted can also # be used as redacted given the to-be-redacted fields have been introduce # in later version of Parsec. redacted_user_certificate = fields.Bytes(allow_none=False) redacted_device_certificate = fields.Bytes(allow_none=False) root_verify_key = fields.VerifyKey(required=True)
class APIV1_HandshakeAuthenticatedAnswerSchema(BaseSchema): handshake = fields.CheckedConstant("answer", required=True) type = fields.EnumCheckedConstant(APIV1_HandshakeType.AUTHENTICATED, required=True) client_api_version = ApiVersionField(required=True) organization_id = OrganizationIDField(required=True) device_id = DeviceIDField(required=True) rvk = fields.VerifyKey(required=True) answer = fields.Bytes(required=True)
class SCHEMA_CLS(BaseSignedDataSchema): type = fields.CheckedConstant("device_certificate", required=True) device_id = DeviceIDField(required=True) verify_key = fields.VerifyKey(required=True) @post_load def make_obj(self, data): data.pop("type") return DeviceCertificateContent(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("invite_device_data", required=True) # Claimer ask for device_label, but greeter has final word on this requested_device_label = fields.String(allow_none=True, missing=None) verify_key = fields.VerifyKey(required=True) @post_load def make_obj(self, data): data.pop("type") return InviteDeviceData(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("device_claim", required=True) token = fields.String(required=True) device_id = DeviceIDField(required=True) verify_key = fields.VerifyKey(required=True) answer_public_key = fields.PublicKey(required=True) @post_load def make_obj(self, data): data.pop("type") return DeviceClaimContent(**data)
class SCHEMA_CLS(BaseSignedDataSchema): type = fields.CheckedConstant("device_certificate", required=True) device_id = DeviceIDField(required=True) verify_key = fields.VerifyKey(required=True) # Device label can be none in case of redacted certificate device_label = fields.String(allow_none=True, missing=None) @post_load def make_obj(self, data): data.pop("type") return DeviceCertificateContent(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("invite_user_confirmation", required=True) device_id = DeviceIDField(required=True) device_label = fields.String(allow_none=True, missing=None) human_handle = HumanHandleField(allow_none=True, missing=None) profile = UserProfileField(required=True) root_verify_key = fields.VerifyKey(required=True) @post_load def make_obj(self, data): data.pop("type") return InviteUserConfirmation(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("user_claim", required=True) token = fields.String(required=True) # Note claiming user also imply creating a first device device_id = DeviceIDField(required=True) public_key = fields.PublicKey(required=True) verify_key = fields.VerifyKey(required=True) @post_load def make_obj(self, data: Dict[str, Any]) -> "APIV1_UserClaimContent": # type: ignore[misc] data.pop("type") return APIV1_UserClaimContent(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("invite_user_data", required=True) # Claimer ask for device_label/human_handle, but greeter has final word on this requested_device_label = fields.String(allow_none=True, missing=None) requested_human_handle = HumanHandleField(allow_none=True, missing=None) # Note claiming user also imply creating a first device public_key = fields.PublicKey(required=True) verify_key = fields.VerifyKey(required=True) @post_load def make_obj(self, data): data.pop("type") return InviteUserData(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("device_claim", required=True) token = fields.String(required=True) device_id = DeviceIDField(required=True) verify_key = fields.VerifyKey(required=True) answer_public_key = fields.PublicKey(required=True) @post_load def make_obj( # type: ignore[misc] self, data: Dict[str, Any] ) -> "APIV1_DeviceClaimContent": data.pop("type") return APIV1_DeviceClaimContent(**data)
class SCHEMA_CLS(BaseSignedDataSchema): # Override author field to allow for None value if signed by the root key author = DeviceIDField(required=True, allow_none=True) type = fields.CheckedConstant("device_certificate", required=True) device_id = DeviceIDField(required=True) # Device label can be none in case of redacted certificate device_label = fields.String(allow_none=True, missing=None) verify_key = fields.VerifyKey(required=True) @post_load def make_obj(self, data: Dict[str, Any]) -> "DeviceCertificateContent": data.pop("type") return DeviceCertificateContent(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("pki_enrollment_submit_payload", required=True) verify_key = fields.VerifyKey(required=True) public_key = fields.PublicKey(required=True) requested_device_label = DeviceLabelField(required=True) # No requested human handle given the accepter should use instead the # information from the submitter's X509 certificate @post_load def make_obj(self, data: Dict[str, Any]) -> "PkiEnrollmentSubmitPayload": data.pop("type") return PkiEnrollmentSubmitPayload(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("pki_enrollment_answer_payload", required=True) device_id = DeviceIDField(required=True) device_label = DeviceLabelField(allow_none=True, required=True) human_handle = HumanHandleField(allow_none=True, required=True) profile = UserProfileField(required=True) root_verify_key = fields.VerifyKey(required=True) @post_load def make_obj(self, data: Dict[str, Any]) -> "PkiEnrollmentAcceptPayload": data.pop("type") return PkiEnrollmentAcceptPayload(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("invite_device_data", required=True) # Claimer ask for device_label, but greeter has final word on this requested_device_label = DeviceLabelField(required=True, allow_none=True) verify_key = fields.VerifyKey(required=True) @post_load def make_obj( self, data: Dict[str, Any]) -> "InviteDeviceData": # type: ignore[misc] data.pop("type") return InviteDeviceData(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("invite_user_confirmation", required=True) device_id = DeviceIDField(required=True) device_label = DeviceLabelField(required=True, allow_none=True) human_handle = HumanHandleField(required=True, allow_none=True) profile = UserProfileField(required=True) root_verify_key = fields.VerifyKey(required=True) @post_load def make_obj( self, data: Dict[str, Any] ) -> "InviteUserConfirmation": # type: ignore[misc] data.pop("type") return InviteUserConfirmation(**data)
class SCHEMA_CLS(BaseSchema): type = fields.CheckedConstant("invite_device_confirmation", required=True) device_id = DeviceIDField(required=True) device_label = fields.String(allow_none=True, missing=None) human_handle = HumanHandleField(allow_none=True, missing=None) profile = UserProfileField(required=True) private_key = fields.PrivateKey(required=True) user_manifest_id = EntryIDField(required=True) user_manifest_key = fields.SecretKey(required=True) root_verify_key = fields.VerifyKey(required=True) @post_load def make_obj( # type: ignore[misc] self, data: Dict[str, Any]) -> "InviteDeviceConfirmation": data.pop("type") return InviteDeviceConfirmation(**data)
class DeviceClaimSchema(UnknownCheckedSchema): type = fields.CheckedConstant("device_claim", required=True) token = fields.String(required=True) device_id = fields.DeviceID(required=True) verify_key = fields.VerifyKey(required=True) answer_public_key = fields.PublicKey(required=True)
class HandshakeAnswerSchema(UnknownCheckedSchema): handshake = fields.CheckedConstant("answer", required=True) organization_id = fields.OrganizationID(required=True) device_id = fields.DeviceID(allow_none=True, missing=None) rvk = fields.VerifyKey(allow_none=True, missing=None) answer = fields.Bytes(allow_none=True, missing=None)