class APIV1_OrganizationBootstrapReqSchema(BaseReqSchema):
bootstrap_token = fields.String(required=True)
root_verify_key = fields.VerifyKey(required=True)
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
# Same certificates than above, but expurged of human_handle/device_label
# Backward compatibility prevent those field to be required, however
# they should be considered so by recent version of Parsec (hence the
# `allow_none=False`).
# Hence only old version of Parsec will provide a payload with missing
# redacted fields. In such case we consider the non-redacted can also
# be used as redacted given the to-be-redacted fields have been introduce
# in later version of Parsec.
redacted_user_certificate = fields.Bytes(allow_none=False)
redacted_device_certificate = fields.Bytes(allow_none=False)
root_verify_key = fields.VerifyKey(required=True)
class RealmStartReencryptionMaintenanceReqSchema(BaseReqSchema):
realm_id = fields.UUID(required=True)
encryption_revision = fields.Integer(required=True)
timestamp = fields.DateTime(required=True)
per_participant_message = fields.Map(UserIDField(),
fields.Bytes(required=True),
required=True)
class DeviceFileSchema(BaseSchema):
type = fields.CheckedConstant("password", required=True)
salt = fields.Bytes(required=True)
ciphertext = fields.Bytes(required=True)
# Since human_handle/device_label has been introduced, device_id is
# redacted (i.e. user_id and device_name are 2 random uuids), hence
# those fields have been added to the device file so the login page in
# the GUI can use them to provide useful information.
human_handle = HumanHandleField(allow_none=True, missing=None)
device_label = fields.String(allow_none=True, missing=None)
# Store device and organization ID in the device file
# For legacy versions, this information is available in the file name
device_id = DeviceIDField(allow_none=True, missing=None)
organization_id = OrganizationIDField(allow_none=True, missing=None)
root_verify_key_hash = fields.String(allow_none=True, missing=None)
class APIV1_HandshakeAuthenticatedAnswerSchema(BaseSchema):
handshake = fields.CheckedConstant("answer", required=True)
type = fields.EnumCheckedConstant(APIV1_HandshakeType.AUTHENTICATED, required=True)
client_api_version = ApiVersionField(required=True)
organization_id = OrganizationIDField(required=True)
device_id = DeviceIDField(required=True)
rvk = fields.VerifyKey(required=True)
answer = fields.Bytes(required=True)
class VlobCreateReqSchema(BaseReqSchema):
realm_id = fields.UUID(required=True)
encryption_revision = fields.Integer(required=True)
vlob_id = fields.UUID(required=True)
# If blob contains a signed message, it timestamp cannot be directly enforced
# by the backend (given the message is probably also encrypted).
# Hence the timestamp is passed in clear so backend can reject the message
# if it considers the timestamp invalid. On top of that each client asking
# for the message will receive the declared timestamp to check against
# the actual timestamp within the message.
timestamp = fields.DateTime(required=True)
blob = fields.Bytes(required=True)
class Invite4GreeterCommunicateReqSchema(BaseReqSchema):
token = fields.UUID(required=True)
payload = fields.Bytes(required=True)
class VlobReadRepSchema(BaseRepSchema):
version = fields.Integer(required=True, validate=_validate_version)
blob = fields.Bytes(required=True)
author = DeviceIDField(required=True)
timestamp = fields.DateTime(required=True)
class ReencryptionBatchEntrySchema(BaseSchema):
vlob_id = fields.UUID(required=True)
version = fields.Integer(required=True, validate=validate.Range(min=0))
blob = fields.Bytes(required=True)
class APIV1_UserInviteRepSchema(BaseRepSchema):
encrypted_claim = fields.Bytes(required=True)
class TrustchainSchema(BaseSchema):
devices = fields.List(fields.Bytes(required=True))
users = fields.List(fields.Bytes(required=True))
revoked_users = fields.List(fields.Bytes(required=True))
class APIV1_DeviceCreateReqSchema(BaseReqSchema):
device_certificate = fields.Bytes(required=True)
encrypted_answer = fields.Bytes(required=True)
class UserRevokeReqSchema(BaseReqSchema):
revoked_user_certificate = fields.Bytes(required=True)
class HandshakeChallengeSchema(BaseSchema):
handshake = fields.CheckedConstant("challenge", required=True)
challenge = fields.Bytes(required=True)
supported_api_versions = fields.List(ApiVersionField(), required=True)
class Schema(BaseSchema):
data = fields.Bytes()
class Invite4ClaimerCommunicateRepSchema(BaseRepSchema):
payload = fields.Bytes(required=True)
class APIV1_UserCreateReqSchema(BaseReqSchema):
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
class UserCreateReqSchema(BaseReqSchema):
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
# Same certificates than above, but expurged of human_handle/device_label
redacted_user_certificate = fields.Bytes(required=True)
redacted_device_certificate = fields.Bytes(required=True)
class RealmCreateReqSchema(BaseReqSchema):
role_certificate = fields.Bytes(required=True)
class APIV1_DeviceClaimReqSchema(BaseReqSchema):
invited_device_id = DeviceIDField(required=True)
encrypted_claim = fields.Bytes(required=True)
class RealmGetRoleCertificatesRepSchema(BaseRepSchema):
certificates = fields.List(fields.Bytes(required=True), required=True)
class DeviceCreateReqSchema(BaseReqSchema):
device_certificate = fields.Bytes(required=True)
# Same certificate than above, but expurged of device_label
redacted_device_certificate = fields.Bytes(required=True)
class RealmUpdateRolesReqSchema(BaseReqSchema):
role_certificate = fields.Bytes(required=True)
recipient_message = fields.Bytes(required=True, allow_none=True)
class UserGetRepSchema(BaseRepSchema):
user_certificate = fields.Bytes(required=True)
revoked_user_certificate = fields.Bytes(required=True, allow_none=True)
device_certificates = fields.List(fields.Bytes(required=True), required=True)
trustchain = fields.Nested(TrustchainSchema, required=True)
class BlockReadRepSchema(BaseRepSchema):
block = fields.Bytes(required=True)
class APIV1_UserGetInvitationCreatorRepSchema(BaseRepSchema):
device_certificate = fields.Bytes(required=True)
user_certificate = fields.Bytes(required=True)
trustchain = fields.Nested(TrustchainSchema, required=True)
class BlockCreateReqSchema(BaseReqSchema):
block_id = fields.UUID(required=True)
realm_id = fields.UUID(required=True)
block = fields.Bytes(required=True)
class MessageSchema(BaseSchema):
count = fields.Integer(required=True)
sender = DeviceIDField(required=True)
timestamp = fields.DateTime(required=True)
body = fields.Bytes(required=True)
class APIV1_UserClaimReqSchema(BaseReqSchema):
invited_user_id = UserIDField(required=True)
encrypted_claim = fields.Bytes(required=True)
class VlobUpdateReqSchema(BaseReqSchema):
encryption_revision = fields.Integer(required=True)
vlob_id = fields.UUID(required=True)
timestamp = fields.DateTime(required=True)
version = fields.Integer(required=True, validate=_validate_version)
blob = fields.Bytes(required=True)
class Invite2bClaimerSendNonceReqSchema(BaseReqSchema):
claimer_nonce = fields.Bytes(required=True)
