class UserClaimSchema(UnknownCheckedSchema):
type = fields.CheckedConstant("user_claim", required=True)
token = fields.String(required=True)
# Note claiming user also imply creating a first device
device_id = fields.DeviceID(required=True)
public_key = fields.PublicKey(required=True)
verify_key = fields.VerifyKey(required=True)
class APIV1_HandshakeAnonymousAnswerSchema(BaseSchema):
handshake = fields.CheckedConstant("answer", required=True)
type = fields.EnumCheckedConstant(APIV1_HandshakeType.ANONYMOUS, required=True)
client_api_version = ApiVersionField(required=True)
organization_id = OrganizationIDField(required=True)
# Cannot provide rvk during organization bootstrap
rvk = fields.VerifyKey(missing=None)
class OrganizationBootstrapReqSchema(BaseReqSchema):
bootstrap_token = fields.String(required=True)
root_verify_key = fields.VerifyKey(required=True)
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
redacted_user_certificate = fields.Bytes(required=True)
redacted_device_certificate = fields.Bytes(required=True)
class APIV1_OrganizationBootstrapReqSchema(BaseReqSchema):
bootstrap_token = fields.String(required=True)
root_verify_key = fields.VerifyKey(required=True)
user_certificate = fields.Bytes(required=True)
device_certificate = fields.Bytes(required=True)
# Same certificates than above, but expurged of human_handle/device_label
# Backward compatibility prevent those field to be required, however
# they should be considered so by recent version of Parsec (hence the
# `allow_none=False`).
# Hence only old version of Parsec will provide a payload with missing
# redacted fields. In such case we consider the non-redacted can also
# be used as redacted given the to-be-redacted fields have been introduce
# in later version of Parsec.
redacted_user_certificate = fields.Bytes(allow_none=False)
redacted_device_certificate = fields.Bytes(allow_none=False)
root_verify_key = fields.VerifyKey(required=True)
class APIV1_HandshakeAuthenticatedAnswerSchema(BaseSchema):
handshake = fields.CheckedConstant("answer", required=True)
type = fields.EnumCheckedConstant(APIV1_HandshakeType.AUTHENTICATED, required=True)
client_api_version = ApiVersionField(required=True)
organization_id = OrganizationIDField(required=True)
device_id = DeviceIDField(required=True)
rvk = fields.VerifyKey(required=True)
answer = fields.Bytes(required=True)
class SCHEMA_CLS(BaseSignedDataSchema):
type = fields.CheckedConstant("device_certificate", required=True)
device_id = DeviceIDField(required=True)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return DeviceCertificateContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("invite_device_data", required=True)
# Claimer ask for device_label, but greeter has final word on this
requested_device_label = fields.String(allow_none=True, missing=None)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return InviteDeviceData(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("device_claim", required=True)
token = fields.String(required=True)
device_id = DeviceIDField(required=True)
verify_key = fields.VerifyKey(required=True)
answer_public_key = fields.PublicKey(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return DeviceClaimContent(**data)
class SCHEMA_CLS(BaseSignedDataSchema):
type = fields.CheckedConstant("device_certificate", required=True)
device_id = DeviceIDField(required=True)
verify_key = fields.VerifyKey(required=True)
# Device label can be none in case of redacted certificate
device_label = fields.String(allow_none=True, missing=None)
@post_load
def make_obj(self, data):
data.pop("type")
return DeviceCertificateContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("invite_user_confirmation", required=True)
device_id = DeviceIDField(required=True)
device_label = fields.String(allow_none=True, missing=None)
human_handle = HumanHandleField(allow_none=True, missing=None)
profile = UserProfileField(required=True)
root_verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return InviteUserConfirmation(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("user_claim", required=True)
token = fields.String(required=True)
# Note claiming user also imply creating a first device
device_id = DeviceIDField(required=True)
public_key = fields.PublicKey(required=True)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data: Dict[str, Any]) -> "APIV1_UserClaimContent": # type: ignore[misc]
data.pop("type")
return APIV1_UserClaimContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("invite_user_data", required=True)
# Claimer ask for device_label/human_handle, but greeter has final word on this
requested_device_label = fields.String(allow_none=True, missing=None)
requested_human_handle = HumanHandleField(allow_none=True, missing=None)
# Note claiming user also imply creating a first device
public_key = fields.PublicKey(required=True)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data):
data.pop("type")
return InviteUserData(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("device_claim", required=True)
token = fields.String(required=True)
device_id = DeviceIDField(required=True)
verify_key = fields.VerifyKey(required=True)
answer_public_key = fields.PublicKey(required=True)
@post_load
def make_obj( # type: ignore[misc]
self, data: Dict[str, Any]
) -> "APIV1_DeviceClaimContent":
data.pop("type")
return APIV1_DeviceClaimContent(**data)
class SCHEMA_CLS(BaseSignedDataSchema):
# Override author field to allow for None value if signed by the root key
author = DeviceIDField(required=True, allow_none=True)
type = fields.CheckedConstant("device_certificate", required=True)
device_id = DeviceIDField(required=True)
# Device label can be none in case of redacted certificate
device_label = fields.String(allow_none=True, missing=None)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data: Dict[str, Any]) -> "DeviceCertificateContent":
data.pop("type")
return DeviceCertificateContent(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("pki_enrollment_submit_payload",
required=True)
verify_key = fields.VerifyKey(required=True)
public_key = fields.PublicKey(required=True)
requested_device_label = DeviceLabelField(required=True)
# No requested human handle given the accepter should use instead the
# information from the submitter's X509 certificate
@post_load
def make_obj(self, data: Dict[str,
Any]) -> "PkiEnrollmentSubmitPayload":
data.pop("type")
return PkiEnrollmentSubmitPayload(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("pki_enrollment_answer_payload",
required=True)
device_id = DeviceIDField(required=True)
device_label = DeviceLabelField(allow_none=True, required=True)
human_handle = HumanHandleField(allow_none=True, required=True)
profile = UserProfileField(required=True)
root_verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(self, data: Dict[str,
Any]) -> "PkiEnrollmentAcceptPayload":
data.pop("type")
return PkiEnrollmentAcceptPayload(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("invite_device_data", required=True)
# Claimer ask for device_label, but greeter has final word on this
requested_device_label = DeviceLabelField(required=True,
allow_none=True)
verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(
self,
data: Dict[str,
Any]) -> "InviteDeviceData": # type: ignore[misc]
data.pop("type")
return InviteDeviceData(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("invite_user_confirmation",
required=True)
device_id = DeviceIDField(required=True)
device_label = DeviceLabelField(required=True, allow_none=True)
human_handle = HumanHandleField(required=True, allow_none=True)
profile = UserProfileField(required=True)
root_verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj(
self, data: Dict[str, Any]
) -> "InviteUserConfirmation": # type: ignore[misc]
data.pop("type")
return InviteUserConfirmation(**data)
class SCHEMA_CLS(BaseSchema):
type = fields.CheckedConstant("invite_device_confirmation",
required=True)
device_id = DeviceIDField(required=True)
device_label = fields.String(allow_none=True, missing=None)
human_handle = HumanHandleField(allow_none=True, missing=None)
profile = UserProfileField(required=True)
private_key = fields.PrivateKey(required=True)
user_manifest_id = EntryIDField(required=True)
user_manifest_key = fields.SecretKey(required=True)
root_verify_key = fields.VerifyKey(required=True)
@post_load
def make_obj( # type: ignore[misc]
self, data: Dict[str, Any]) -> "InviteDeviceConfirmation":
data.pop("type")
return InviteDeviceConfirmation(**data)
class DeviceClaimSchema(UnknownCheckedSchema):
type = fields.CheckedConstant("device_claim", required=True)
token = fields.String(required=True)
device_id = fields.DeviceID(required=True)
verify_key = fields.VerifyKey(required=True)
answer_public_key = fields.PublicKey(required=True)
class HandshakeAnswerSchema(UnknownCheckedSchema):
handshake = fields.CheckedConstant("answer", required=True)
organization_id = fields.OrganizationID(required=True)
device_id = fields.DeviceID(allow_none=True, missing=None)
rvk = fields.VerifyKey(allow_none=True, missing=None)
answer = fields.Bytes(allow_none=True, missing=None)
