@cubist-labs/cubesigner-sdk 0.3.26 → 0.3.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/package.json +1 -1
- package/dist/cjs/src/client.d.ts +4 -4
- package/dist/cjs/src/index.js +7 -4
- package/dist/cjs/src/key.d.ts +35 -2
- package/dist/cjs/src/key.js +79 -5
- package/dist/cjs/src/org_event_processor.d.ts +57 -0
- package/dist/cjs/src/org_event_processor.js +137 -0
- package/dist/cjs/src/schema.d.ts +41 -24
- package/dist/cjs/src/schema.js +1 -1
- package/dist/cjs/src/util.d.ts +2 -0
- package/dist/cjs/src/util.js +1 -1
- package/dist/esm/package.json +1 -1
- package/dist/esm/src/client.d.ts +4 -4
- package/dist/esm/src/index.js +4 -4
- package/dist/esm/src/key.d.ts +35 -2
- package/dist/esm/src/key.js +79 -5
- package/dist/esm/src/org_event_processor.d.ts +57 -0
- package/dist/esm/src/org_event_processor.js +133 -0
- package/dist/esm/src/schema.d.ts +41 -24
- package/dist/esm/src/schema.js +1 -1
- package/dist/esm/src/util.d.ts +2 -0
- package/dist/esm/src/util.js +1 -1
- package/dist/package.json +36 -0
- package/dist/spec/env/beta.json +9 -0
- package/dist/spec/env/gamma.json +9 -0
- package/dist/spec/env/prod.json +9 -0
- package/dist/src/api.d.ts +634 -0
- package/dist/src/api.js +1309 -0
- package/dist/src/client.d.ts +575 -0
- package/dist/src/client.js +381 -0
- package/dist/src/env.d.ts +15 -0
- package/dist/src/env.js +35 -0
- package/dist/src/error.d.ts +29 -0
- package/dist/src/error.js +36 -0
- package/dist/src/events.d.ts +84 -0
- package/dist/src/events.js +195 -0
- package/dist/src/index.d.ts +207 -0
- package/dist/src/index.js +308 -0
- package/dist/src/key.d.ts +152 -0
- package/dist/src/key.js +242 -0
- package/dist/src/mfa.d.ts +94 -0
- package/dist/src/mfa.js +169 -0
- package/dist/src/org.d.ts +99 -0
- package/dist/src/org.js +95 -0
- package/dist/src/paginator.d.ts +76 -0
- package/dist/src/paginator.js +99 -0
- package/dist/src/response.d.ts +101 -0
- package/dist/src/response.js +164 -0
- package/dist/src/role.d.ts +283 -0
- package/dist/src/role.js +253 -0
- package/dist/src/schema.d.ts +6209 -0
- package/dist/src/schema.js +7 -0
- package/dist/src/schema_types.d.ts +113 -0
- package/dist/src/schema_types.js +3 -0
- package/dist/src/session/session_storage.d.ts +47 -0
- package/dist/src/session/session_storage.js +76 -0
- package/dist/src/session/signer_session_manager.d.ts +125 -0
- package/dist/src/session/signer_session_manager.js +239 -0
- package/dist/src/signer_session.d.ts +41 -0
- package/dist/src/signer_session.js +77 -0
- package/dist/src/user_export.d.ts +52 -0
- package/dist/src/user_export.js +129 -0
- package/dist/src/util.d.ts +61 -0
- package/dist/src/util.js +97 -0
- package/package.json +1 -1
- package/src/index.ts +3 -3
- package/src/key.ts +83 -4
- package/src/schema.ts +42 -25
- package/src/util.ts +3 -0
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
3
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
4
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
5
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
6
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
7
|
+
};
|
|
8
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
9
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
10
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
11
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
12
|
+
};
|
|
13
|
+
var _OrgEventProcessor_instances, _OrgEventProcessor_topicArn, _OrgEventProcessor_orgId, _OrgEventProcessor_cachedCertificates, _OrgEventProcessor_fetchAndValidateCertificate;
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.OrgEventProcessor = void 0;
|
|
16
|
+
const crypto_1 = require("crypto");
|
|
17
|
+
const _1 = require(".");
|
|
18
|
+
// URLs that are safe to retrieve certificates from
|
|
19
|
+
const SNS_CERTIFICATE_URL_HOSTS = ["sns.us-east-1.amazonaws.com"];
|
|
20
|
+
const SNS_CERTIFICATE_HOST = "sns.amazonaws.com";
|
|
21
|
+
/** A utility for processing org event messages */
|
|
22
|
+
class OrgEventProcessor {
|
|
23
|
+
/**
|
|
24
|
+
* Constructor.
|
|
25
|
+
* @param {string} orgId The org id
|
|
26
|
+
* @param {OrgEventProcessorOptions} options Additional options for the processor
|
|
27
|
+
*/
|
|
28
|
+
constructor(orgId, options) {
|
|
29
|
+
_OrgEventProcessor_instances.add(this);
|
|
30
|
+
_OrgEventProcessor_topicArn.set(this, void 0);
|
|
31
|
+
_OrgEventProcessor_orgId.set(this, void 0);
|
|
32
|
+
_OrgEventProcessor_cachedCertificates.set(this, void 0);
|
|
33
|
+
__classPrivateFieldSet(this, _OrgEventProcessor_topicArn, _1.envs[options?.env ?? "prod"].OrgEventsTopicArn, "f");
|
|
34
|
+
__classPrivateFieldSet(this, _OrgEventProcessor_orgId, orgId, "f");
|
|
35
|
+
__classPrivateFieldSet(this, _OrgEventProcessor_cachedCertificates, new Map(), "f");
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Checks an SNS message and its signature. Throws an error if the message
|
|
39
|
+
* invalid or the signature is invalid.
|
|
40
|
+
*
|
|
41
|
+
* @param {SnsMessage} message The SNS message to check
|
|
42
|
+
*/
|
|
43
|
+
async checkMessage(message) {
|
|
44
|
+
// Check the topic ARN
|
|
45
|
+
if (message.TopicArn !== __classPrivateFieldGet(this, _OrgEventProcessor_topicArn, "f")) {
|
|
46
|
+
throw new Error(`Expected topic ARN '${__classPrivateFieldGet(this, _OrgEventProcessor_topicArn, "f")}', found '${message.TopicArn}'`);
|
|
47
|
+
}
|
|
48
|
+
// Both subscription confirmations and org event messages should have no subject
|
|
49
|
+
if ("Subject" in message) {
|
|
50
|
+
throw new Error("Expected a message without a subject");
|
|
51
|
+
}
|
|
52
|
+
// The org events topic uses signature version 2 (SHA256)
|
|
53
|
+
if (message.SignatureVersion !== "2") {
|
|
54
|
+
throw new Error("Expected signature version 2");
|
|
55
|
+
}
|
|
56
|
+
// Retrieve the certificate and sanity check it
|
|
57
|
+
const certificate = await __classPrivateFieldGet(this, _OrgEventProcessor_instances, "m", _OrgEventProcessor_fetchAndValidateCertificate).call(this, new URL(message.SigningCertURL));
|
|
58
|
+
// Extract fields specific to subscription confirmations
|
|
59
|
+
const subscribeUrl = message.SubscribeURL;
|
|
60
|
+
const token = message.Token;
|
|
61
|
+
// Check the signature
|
|
62
|
+
const fields = ["Message", message.Message, "MessageId", message.MessageId]
|
|
63
|
+
.concat(subscribeUrl !== undefined ? ["SubscribeURL", subscribeUrl] : [])
|
|
64
|
+
.concat(["Timestamp", message.Timestamp])
|
|
65
|
+
.concat(token !== undefined ? ["Token", token] : [])
|
|
66
|
+
.concat(["TopicArn", message.TopicArn, "Type", message.Type]);
|
|
67
|
+
const verify = (0, crypto_1.createVerify)("RSA-SHA256");
|
|
68
|
+
verify.update(fields.join("\n") + "\n");
|
|
69
|
+
const isValid = verify.verify(certificate.publicKey, message.Signature, "base64");
|
|
70
|
+
if (!isValid) {
|
|
71
|
+
throw new Error("The org event has an invalid signature");
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Parse an org event and check its signature. Throws an error if the
|
|
76
|
+
* message is not a valid org event or the signature is invalid.
|
|
77
|
+
*
|
|
78
|
+
* @param {OrgEventMessage} message The org event message to check
|
|
79
|
+
* @return {OrgEventBase} The org event
|
|
80
|
+
*/
|
|
81
|
+
async parse(message) {
|
|
82
|
+
await this.checkMessage(message);
|
|
83
|
+
// Check that the event is for the expected org
|
|
84
|
+
const orgEvent = JSON.parse(message.Message);
|
|
85
|
+
if (orgEvent.org !== __classPrivateFieldGet(this, _OrgEventProcessor_orgId, "f")) {
|
|
86
|
+
throw new Error(`Expected org to be '${__classPrivateFieldGet(this, _OrgEventProcessor_orgId, "f")}', found '${orgEvent.org}'`);
|
|
87
|
+
}
|
|
88
|
+
return orgEvent;
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
exports.OrgEventProcessor = OrgEventProcessor;
|
|
92
|
+
_OrgEventProcessor_topicArn = new WeakMap(), _OrgEventProcessor_orgId = new WeakMap(), _OrgEventProcessor_cachedCertificates = new WeakMap(), _OrgEventProcessor_instances = new WeakSet(), _OrgEventProcessor_fetchAndValidateCertificate =
|
|
93
|
+
/**
|
|
94
|
+
* Fetches a certificate from a given URL or from the certificate cache.
|
|
95
|
+
* Throws an error if the URL does not correspond to an SNS certificate URL.
|
|
96
|
+
*
|
|
97
|
+
* Note: Ideally, this method would verify the certificate chain, but there
|
|
98
|
+
* is no obvious chain. Instead, this method only fetches certificates from
|
|
99
|
+
* a small set of allowlisted URLs.
|
|
100
|
+
*
|
|
101
|
+
* @param {URL} url The URL of the certificate
|
|
102
|
+
* @return {X509Certificate} The certificate
|
|
103
|
+
*/
|
|
104
|
+
async function _OrgEventProcessor_fetchAndValidateCertificate(url) {
|
|
105
|
+
const currTime = new Date().getTime();
|
|
106
|
+
const cachedCertificate = __classPrivateFieldGet(this, _OrgEventProcessor_cachedCertificates, "f").get(url);
|
|
107
|
+
if (cachedCertificate && currTime < new Date(cachedCertificate.validTo).getTime()) {
|
|
108
|
+
return cachedCertificate;
|
|
109
|
+
}
|
|
110
|
+
// Only fetch certificates from HTTPS URLs
|
|
111
|
+
if (url.protocol !== "https:") {
|
|
112
|
+
throw new Error("Expected signing certificate URL to use HTTPS");
|
|
113
|
+
}
|
|
114
|
+
// Only fetch certificate URLs for SNS
|
|
115
|
+
if (SNS_CERTIFICATE_URL_HOSTS.indexOf(url.host) === -1) {
|
|
116
|
+
throw new Error("Expected signing certificate URL for SNS in us-east-1");
|
|
117
|
+
}
|
|
118
|
+
const response = await fetch(url);
|
|
119
|
+
if (!response.ok) {
|
|
120
|
+
throw new Error(`Unable to download certificate. Status: ${response.status}`);
|
|
121
|
+
}
|
|
122
|
+
const blob = await response.blob();
|
|
123
|
+
const certificate = new crypto_1.X509Certificate(await blob.text());
|
|
124
|
+
if (!certificate.checkHost(SNS_CERTIFICATE_HOST)) {
|
|
125
|
+
throw new Error(`Expected certificate to be for '${SNS_CERTIFICATE_HOST}'`);
|
|
126
|
+
}
|
|
127
|
+
// Check validity times
|
|
128
|
+
if (currTime < new Date(certificate.validFrom).getTime()) {
|
|
129
|
+
throw new Error("Certificate not valid yet");
|
|
130
|
+
}
|
|
131
|
+
if (new Date(certificate.validTo).getTime() < currTime) {
|
|
132
|
+
throw new Error("Certificate expired");
|
|
133
|
+
}
|
|
134
|
+
__classPrivateFieldGet(this, _OrgEventProcessor_cachedCertificates, "f").set(url, certificate);
|
|
135
|
+
return certificate;
|
|
136
|
+
};
|
|
137
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3JnX2V2ZW50X3Byb2Nlc3Nvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcmdfZXZlbnRfcHJvY2Vzc29yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQUF1RDtBQUN2RCx3QkFBc0M7QUFFdEMsbURBQW1EO0FBQ25ELE1BQU0seUJBQXlCLEdBQUcsQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0FBRWxFLE1BQU0sb0JBQW9CLEdBQUcsbUJBQW1CLENBQUM7QUFzQ2pELGtEQUFrRDtBQUNsRCxNQUFhLGlCQUFpQjtJQUs1Qjs7OztPQUlHO0lBQ0gsWUFBWSxLQUFhLEVBQUUsT0FBa0M7O1FBVHBELDhDQUFrQjtRQUNsQiwyQ0FBZTtRQUN4Qix3REFBK0M7UUFRN0MsdUJBQUEsSUFBSSwrQkFBYSxPQUFJLENBQUMsT0FBTyxFQUFFLEdBQUcsSUFBSSxNQUFNLENBQUMsQ0FBQyxpQkFBaUIsTUFBQSxDQUFDO1FBQ2hFLHVCQUFBLElBQUksNEJBQVUsS0FBSyxNQUFBLENBQUM7UUFDcEIsdUJBQUEsSUFBSSx5Q0FBdUIsSUFBSSxHQUFHLEVBQUUsTUFBQSxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBbUI7UUFDcEMsc0JBQXNCO1FBQ3RCLElBQUksT0FBTyxDQUFDLFFBQVEsS0FBSyx1QkFBQSxJQUFJLG1DQUFVLEVBQUUsQ0FBQztZQUN4QyxNQUFNLElBQUksS0FBSyxDQUFDLHVCQUF1Qix1QkFBQSxJQUFJLG1DQUFVLGFBQWEsT0FBTyxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUM7UUFDekYsQ0FBQztRQUVELGdGQUFnRjtRQUNoRixJQUFJLFNBQVMsSUFBSSxPQUFPLEVBQUUsQ0FBQztZQUN6QixNQUFNLElBQUksS0FBSyxDQUFDLHNDQUFzQyxDQUFDLENBQUM7UUFDMUQsQ0FBQztRQUVELHlEQUF5RDtRQUN6RCxJQUFJLE9BQU8sQ0FBQyxnQkFBZ0IsS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNyQyxNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUM7UUFDbEQsQ0FBQztRQUVELCtDQUErQztRQUMvQyxNQUFNLFdBQVcsR0FBRyxNQUFNLHVCQUFBLElBQUksb0ZBQTZCLE1BQWpDLElBQUksRUFBOEIsSUFBSSxHQUFHLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxDQUFDLENBQUM7UUFFN0Ysd0RBQXdEO1FBQ3hELE1BQU0sWUFBWSxHQUFJLE9BQTJDLENBQUMsWUFBWSxDQUFDO1FBQy9FLE1BQU0sS0FBSyxHQUFJLE9BQTJDLENBQUMsS0FBSyxDQUFDO1FBRWpFLHNCQUFzQjtRQUN0QixNQUFNLE1BQU0sR0FBRyxDQUFDLFNBQVMsRUFBRSxPQUFPLENBQUMsT0FBTyxFQUFFLFdBQVcsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDO2FBQ3hFLE1BQU0sQ0FBQyxZQUFZLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLGNBQWMsRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO2FBQ3hFLE1BQU0sQ0FBQyxDQUFDLFdBQVcsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7YUFDeEMsTUFBTSxDQUFDLEtBQUssS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7YUFDbkQsTUFBTSxDQUFDLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQ2hFLE1BQU0sTUFBTSxHQUFHLElBQUEscUJBQVksRUFBQyxZQUFZLENBQUMsQ0FBQztRQUMxQyxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLENBQUM7UUFDeEMsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxTQUFTLEVBQUUsUUFBUSxDQUFDLENBQUM7UUFDbEYsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO1FBQzVELENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUF3QjtRQUNsQyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFakMsK0NBQStDO1FBQy9DLE1BQU0sUUFBUSxHQUFpQixJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMzRCxJQUFJLFFBQVEsQ0FBQyxHQUFHLEtBQUssdUJBQUEsSUFBSSxnQ0FBTyxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsdUJBQUEsSUFBSSxnQ0FBTyxhQUFhLFFBQVEsQ0FBQyxHQUFHLEdBQUcsQ0FBQyxDQUFDO1FBQ2xGLENBQUM7UUFFRCxPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0NBbURGO0FBL0hELDhDQStIQzs7QUFqREM7Ozs7Ozs7Ozs7R0FVRztBQUNILEtBQUsseURBQThCLEdBQVE7SUFDekMsTUFBTSxRQUFRLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUN0QyxNQUFNLGlCQUFpQixHQUFHLHVCQUFBLElBQUksNkNBQW9CLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzVELElBQUksaUJBQWlCLElBQUksUUFBUSxHQUFHLElBQUksSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7UUFDbEYsT0FBTyxpQkFBaUIsQ0FBQztJQUMzQixDQUFDO0lBRUQsMENBQTBDO0lBQzFDLElBQUksR0FBRyxDQUFDLFFBQVEsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUM5QixNQUFNLElBQUksS0FBSyxDQUFDLCtDQUErQyxDQUFDLENBQUM7SUFDbkUsQ0FBQztJQUVELHNDQUFzQztJQUN0QyxJQUFJLHlCQUF5QixDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUN2RCxNQUFNLElBQUksS0FBSyxDQUFDLHVEQUF1RCxDQUFDLENBQUM7SUFDM0UsQ0FBQztJQUVELE1BQU0sUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2xDLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLEtBQUssQ0FBQywyQ0FBMkMsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7SUFDaEYsQ0FBQztJQUNELE1BQU0sSUFBSSxHQUFHLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ25DLE1BQU0sV0FBVyxHQUFHLElBQUksd0JBQWUsQ0FBQyxNQUFNLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQzNELElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLG9CQUFvQixDQUFDLEVBQUUsQ0FBQztRQUNqRCxNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxvQkFBb0IsR0FBRyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUVELHVCQUF1QjtJQUN2QixJQUFJLFFBQVEsR0FBRyxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztRQUN6RCxNQUFNLElBQUksS0FBSyxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUNELElBQUksSUFBSSxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxHQUFHLFFBQVEsRUFBRSxDQUFDO1FBQ3ZELE1BQU0sSUFBSSxLQUFLLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQsdUJBQUEsSUFBSSw2Q0FBb0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQy9DLE9BQU8sV0FBVyxDQUFDO0FBQ3JCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBYNTA5Q2VydGlmaWNhdGUsIGNyZWF0ZVZlcmlmeSB9IGZyb20gXCJjcnlwdG9cIjtcbmltcG9ydCB7IEVudmlyb25tZW50LCBlbnZzIH0gZnJvbSBcIi5cIjtcblxuLy8gVVJMcyB0aGF0IGFyZSBzYWZlIHRvIHJldHJpZXZlIGNlcnRpZmljYXRlcyBmcm9tXG5jb25zdCBTTlNfQ0VSVElGSUNBVEVfVVJMX0hPU1RTID0gW1wic25zLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXCJdO1xuXG5jb25zdCBTTlNfQ0VSVElGSUNBVEVfSE9TVCA9IFwic25zLmFtYXpvbmF3cy5jb21cIjtcblxuLyoqIFRoZSBjb21tb24gZmllbGRzIG9mIFNOUyBtZXNzYWdlcyAqL1xuZXhwb3J0IGludGVyZmFjZSBTbnNNZXNzYWdlIHtcbiAgVHlwZTogc3RyaW5nO1xuICBNZXNzYWdlSWQ6IHN0cmluZztcbiAgVG9waWNBcm46IHN0cmluZztcbiAgTWVzc2FnZTogc3RyaW5nO1xuICBUaW1lc3RhbXA6IHN0cmluZztcbiAgU2lnbmF0dXJlVmVyc2lvbjogc3RyaW5nO1xuICBTaWduYXR1cmU6IHN0cmluZztcbiAgU2lnbmluZ0NlcnRVUkw6IHN0cmluZztcbn1cblxuLyoqIFRoZSBmb3JtYXQgb2YgYSBzdWJzY3JpcHRpb24gY29uZmlybWF0aW9uIHNlbnQgYnkgU05TICovXG5leHBvcnQgaW50ZXJmYWNlIFN1YnNjcmlwdGlvbkNvbmZpcm1hdGlvbk1lc3NhZ2UgZXh0ZW5kcyBTbnNNZXNzYWdlIHtcbiAgVG9rZW46IHN0cmluZztcbiAgU3Vic2NyaWJlVVJMOiBzdHJpbmc7XG59XG5cbi8qKiBDb21tb24gZmllbGRzIGZvciBhbiBvcmcgZXZlbnQgKi9cbmV4cG9ydCBpbnRlcmZhY2UgT3JnRXZlbnRCYXNlIHtcbiAgb3JnOiBzdHJpbmc7XG4gIHV0Y190aW1lc3RhbXA6IG51bWJlcjtcbiAgb3JnX2V2ZW50OiBzdHJpbmc7XG59XG5cbi8qKiBUaGUgZm9ybWF0IG9mIGFuIGV2ZW50IG1lc3NhZ2Ugc2VudCBieSBTTlMgKi9cbmV4cG9ydCBpbnRlcmZhY2UgT3JnRXZlbnRNZXNzYWdlIGV4dGVuZHMgU25zTWVzc2FnZSB7XG4gIFN1YmplY3Q/OiBzdHJpbmc7XG4gIFVuc3Vic2NyaWJlVVJMOiBzdHJpbmc7XG59XG5cbi8qKiBPcHRpb25zIGZvciB0aGUgcHJvY2Vzc29yICovXG5leHBvcnQgaW50ZXJmYWNlIE9yZ0V2ZW50UHJvY2Vzc29yT3B0aW9ucyB7XG4gIGVudjogRW52aXJvbm1lbnQ7XG59XG5cbi8qKiBBIHV0aWxpdHkgZm9yIHByb2Nlc3Npbmcgb3JnIGV2ZW50IG1lc3NhZ2VzICovXG5leHBvcnQgY2xhc3MgT3JnRXZlbnRQcm9jZXNzb3Ige1xuICByZWFkb25seSAjdG9waWNBcm46IHN0cmluZztcbiAgcmVhZG9ubHkgI29yZ0lkOiBzdHJpbmc7XG4gICNjYWNoZWRDZXJ0aWZpY2F0ZXM6IE1hcDxVUkwsIFg1MDlDZXJ0aWZpY2F0ZT47XG5cbiAgLyoqXG4gICAqIENvbnN0cnVjdG9yLlxuICAgKiBAcGFyYW0ge3N0cmluZ30gb3JnSWQgVGhlIG9yZyBpZFxuICAgKiBAcGFyYW0ge09yZ0V2ZW50UHJvY2Vzc29yT3B0aW9uc30gb3B0aW9ucyBBZGRpdGlvbmFsIG9wdGlvbnMgZm9yIHRoZSBwcm9jZXNzb3JcbiAgICovXG4gIGNvbnN0cnVjdG9yKG9yZ0lkOiBzdHJpbmcsIG9wdGlvbnM/OiBPcmdFdmVudFByb2Nlc3Nvck9wdGlvbnMpIHtcbiAgICB0aGlzLiN0b3BpY0FybiA9IGVudnNbb3B0aW9ucz8uZW52ID8/IFwicHJvZFwiXS5PcmdFdmVudHNUb3BpY0FybjtcbiAgICB0aGlzLiNvcmdJZCA9IG9yZ0lkO1xuICAgIHRoaXMuI2NhY2hlZENlcnRpZmljYXRlcyA9IG5ldyBNYXAoKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDaGVja3MgYW4gU05TIG1lc3NhZ2UgYW5kIGl0cyBzaWduYXR1cmUuIFRocm93cyBhbiBlcnJvciBpZiB0aGUgbWVzc2FnZVxuICAgKiBpbnZhbGlkIG9yIHRoZSBzaWduYXR1cmUgaXMgaW52YWxpZC5cbiAgICpcbiAgICogQHBhcmFtIHtTbnNNZXNzYWdlfSBtZXNzYWdlIFRoZSBTTlMgbWVzc2FnZSB0byBjaGVja1xuICAgKi9cbiAgYXN5bmMgY2hlY2tNZXNzYWdlKG1lc3NhZ2U6IFNuc01lc3NhZ2UpIHtcbiAgICAvLyBDaGVjayB0aGUgdG9waWMgQVJOXG4gICAgaWYgKG1lc3NhZ2UuVG9waWNBcm4gIT09IHRoaXMuI3RvcGljQXJuKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYEV4cGVjdGVkIHRvcGljIEFSTiAnJHt0aGlzLiN0b3BpY0Fybn0nLCBmb3VuZCAnJHttZXNzYWdlLlRvcGljQXJufSdgKTtcbiAgICB9XG5cbiAgICAvLyBCb3RoIHN1YnNjcmlwdGlvbiBjb25maXJtYXRpb25zIGFuZCBvcmcgZXZlbnQgbWVzc2FnZXMgc2hvdWxkIGhhdmUgbm8gc3ViamVjdFxuICAgIGlmIChcIlN1YmplY3RcIiBpbiBtZXNzYWdlKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXCJFeHBlY3RlZCBhIG1lc3NhZ2Ugd2l0aG91dCBhIHN1YmplY3RcIik7XG4gICAgfVxuXG4gICAgLy8gVGhlIG9yZyBldmVudHMgdG9waWMgdXNlcyBzaWduYXR1cmUgdmVyc2lvbiAyIChTSEEyNTYpXG4gICAgaWYgKG1lc3NhZ2UuU2lnbmF0dXJlVmVyc2lvbiAhPT0gXCIyXCIpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIkV4cGVjdGVkIHNpZ25hdHVyZSB2ZXJzaW9uIDJcIik7XG4gICAgfVxuXG4gICAgLy8gUmV0cmlldmUgdGhlIGNlcnRpZmljYXRlIGFuZCBzYW5pdHkgY2hlY2sgaXRcbiAgICBjb25zdCBjZXJ0aWZpY2F0ZSA9IGF3YWl0IHRoaXMuI2ZldGNoQW5kVmFsaWRhdGVDZXJ0aWZpY2F0ZShuZXcgVVJMKG1lc3NhZ2UuU2lnbmluZ0NlcnRVUkwpKTtcblxuICAgIC8vIEV4dHJhY3QgZmllbGRzIHNwZWNpZmljIHRvIHN1YnNjcmlwdGlvbiBjb25maXJtYXRpb25zXG4gICAgY29uc3Qgc3Vic2NyaWJlVXJsID0gKG1lc3NhZ2UgYXMgU3Vic2NyaXB0aW9uQ29uZmlybWF0aW9uTWVzc2FnZSkuU3Vic2NyaWJlVVJMO1xuICAgIGNvbnN0IHRva2VuID0gKG1lc3NhZ2UgYXMgU3Vic2NyaXB0aW9uQ29uZmlybWF0aW9uTWVzc2FnZSkuVG9rZW47XG5cbiAgICAvLyBDaGVjayB0aGUgc2lnbmF0dXJlXG4gICAgY29uc3QgZmllbGRzID0gW1wiTWVzc2FnZVwiLCBtZXNzYWdlLk1lc3NhZ2UsIFwiTWVzc2FnZUlkXCIsIG1lc3NhZ2UuTWVzc2FnZUlkXVxuICAgICAgLmNvbmNhdChzdWJzY3JpYmVVcmwgIT09IHVuZGVmaW5lZCA/IFtcIlN1YnNjcmliZVVSTFwiLCBzdWJzY3JpYmVVcmxdIDogW10pXG4gICAgICAuY29uY2F0KFtcIlRpbWVzdGFtcFwiLCBtZXNzYWdlLlRpbWVzdGFtcF0pXG4gICAgICAuY29uY2F0KHRva2VuICE9PSB1bmRlZmluZWQgPyBbXCJUb2tlblwiLCB0b2tlbl0gOiBbXSlcbiAgICAgIC5jb25jYXQoW1wiVG9waWNBcm5cIiwgbWVzc2FnZS5Ub3BpY0FybiwgXCJUeXBlXCIsIG1lc3NhZ2UuVHlwZV0pO1xuICAgIGNvbnN0IHZlcmlmeSA9IGNyZWF0ZVZlcmlmeShcIlJTQS1TSEEyNTZcIik7XG4gICAgdmVyaWZ5LnVwZGF0ZShmaWVsZHMuam9pbihcIlxcblwiKSArIFwiXFxuXCIpO1xuICAgIGNvbnN0IGlzVmFsaWQgPSB2ZXJpZnkudmVyaWZ5KGNlcnRpZmljYXRlLnB1YmxpY0tleSwgbWVzc2FnZS5TaWduYXR1cmUsIFwiYmFzZTY0XCIpO1xuICAgIGlmICghaXNWYWxpZCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFwiVGhlIG9yZyBldmVudCBoYXMgYW4gaW52YWxpZCBzaWduYXR1cmVcIik7XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIFBhcnNlIGFuIG9yZyBldmVudCBhbmQgY2hlY2sgaXRzIHNpZ25hdHVyZS4gVGhyb3dzIGFuIGVycm9yIGlmIHRoZVxuICAgKiBtZXNzYWdlIGlzIG5vdCBhIHZhbGlkIG9yZyBldmVudCBvciB0aGUgc2lnbmF0dXJlIGlzIGludmFsaWQuXG4gICAqXG4gICAqIEBwYXJhbSB7T3JnRXZlbnRNZXNzYWdlfSBtZXNzYWdlIFRoZSBvcmcgZXZlbnQgbWVzc2FnZSB0byBjaGVja1xuICAgKiBAcmV0dXJuIHtPcmdFdmVudEJhc2V9IFRoZSBvcmcgZXZlbnRcbiAgICovXG4gIGFzeW5jIHBhcnNlKG1lc3NhZ2U6IE9yZ0V2ZW50TWVzc2FnZSk6IFByb21pc2U8T3JnRXZlbnRCYXNlPiB7XG4gICAgYXdhaXQgdGhpcy5jaGVja01lc3NhZ2UobWVzc2FnZSk7XG5cbiAgICAvLyBDaGVjayB0aGF0IHRoZSBldmVudCBpcyBmb3IgdGhlIGV4cGVjdGVkIG9yZ1xuICAgIGNvbnN0IG9yZ0V2ZW50OiBPcmdFdmVudEJhc2UgPSBKU09OLnBhcnNlKG1lc3NhZ2UuTWVzc2FnZSk7XG4gICAgaWYgKG9yZ0V2ZW50Lm9yZyAhPT0gdGhpcy4jb3JnSWQpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgRXhwZWN0ZWQgb3JnIHRvIGJlICcke3RoaXMuI29yZ0lkfScsIGZvdW5kICcke29yZ0V2ZW50Lm9yZ30nYCk7XG4gICAgfVxuXG4gICAgcmV0dXJuIG9yZ0V2ZW50O1xuICB9XG5cbiAgLyoqXG4gICAqIEZldGNoZXMgYSBjZXJ0aWZpY2F0ZSBmcm9tIGEgZ2l2ZW4gVVJMIG9yIGZyb20gdGhlIGNlcnRpZmljYXRlIGNhY2hlLlxuICAgKiBUaHJvd3MgYW4gZXJyb3IgaWYgdGhlIFVSTCBkb2VzIG5vdCBjb3JyZXNwb25kIHRvIGFuIFNOUyBjZXJ0aWZpY2F0ZSBVUkwuXG4gICAqXG4gICAqIE5vdGU6IElkZWFsbHksIHRoaXMgbWV0aG9kIHdvdWxkIHZlcmlmeSB0aGUgY2VydGlmaWNhdGUgY2hhaW4sIGJ1dCB0aGVyZVxuICAgKiBpcyBubyBvYnZpb3VzIGNoYWluLiBJbnN0ZWFkLCB0aGlzIG1ldGhvZCBvbmx5IGZldGNoZXMgY2VydGlmaWNhdGVzIGZyb21cbiAgICogYSBzbWFsbCBzZXQgb2YgYWxsb3dsaXN0ZWQgVVJMcy5cbiAgICpcbiAgICogQHBhcmFtIHtVUkx9IHVybCBUaGUgVVJMIG9mIHRoZSBjZXJ0aWZpY2F0ZVxuICAgKiBAcmV0dXJuIHtYNTA5Q2VydGlmaWNhdGV9IFRoZSBjZXJ0aWZpY2F0ZVxuICAgKi9cbiAgYXN5bmMgI2ZldGNoQW5kVmFsaWRhdGVDZXJ0aWZpY2F0ZSh1cmw6IFVSTCk6IFByb21pc2U8WDUwOUNlcnRpZmljYXRlPiB7XG4gICAgY29uc3QgY3VyclRpbWUgPSBuZXcgRGF0ZSgpLmdldFRpbWUoKTtcbiAgICBjb25zdCBjYWNoZWRDZXJ0aWZpY2F0ZSA9IHRoaXMuI2NhY2hlZENlcnRpZmljYXRlcy5nZXQodXJsKTtcbiAgICBpZiAoY2FjaGVkQ2VydGlmaWNhdGUgJiYgY3VyclRpbWUgPCBuZXcgRGF0ZShjYWNoZWRDZXJ0aWZpY2F0ZS52YWxpZFRvKS5nZXRUaW1lKCkpIHtcbiAgICAgIHJldHVybiBjYWNoZWRDZXJ0aWZpY2F0ZTtcbiAgICB9XG5cbiAgICAvLyBPbmx5IGZldGNoIGNlcnRpZmljYXRlcyBmcm9tIEhUVFBTIFVSTHNcbiAgICBpZiAodXJsLnByb3RvY29sICE9PSBcImh0dHBzOlwiKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXCJFeHBlY3RlZCBzaWduaW5nIGNlcnRpZmljYXRlIFVSTCB0byB1c2UgSFRUUFNcIik7XG4gICAgfVxuXG4gICAgLy8gT25seSBmZXRjaCBjZXJ0aWZpY2F0ZSBVUkxzIGZvciBTTlNcbiAgICBpZiAoU05TX0NFUlRJRklDQVRFX1VSTF9IT1NUUy5pbmRleE9mKHVybC5ob3N0KSA9PT0gLTEpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIkV4cGVjdGVkIHNpZ25pbmcgY2VydGlmaWNhdGUgVVJMIGZvciBTTlMgaW4gdXMtZWFzdC0xXCIpO1xuICAgIH1cblxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgZmV0Y2godXJsKTtcbiAgICBpZiAoIXJlc3BvbnNlLm9rKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYFVuYWJsZSB0byBkb3dubG9hZCBjZXJ0aWZpY2F0ZS4gU3RhdHVzOiAke3Jlc3BvbnNlLnN0YXR1c31gKTtcbiAgICB9XG4gICAgY29uc3QgYmxvYiA9IGF3YWl0IHJlc3BvbnNlLmJsb2IoKTtcbiAgICBjb25zdCBjZXJ0aWZpY2F0ZSA9IG5ldyBYNTA5Q2VydGlmaWNhdGUoYXdhaXQgYmxvYi50ZXh0KCkpO1xuICAgIGlmICghY2VydGlmaWNhdGUuY2hlY2tIb3N0KFNOU19DRVJUSUZJQ0FURV9IT1NUKSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBFeHBlY3RlZCBjZXJ0aWZpY2F0ZSB0byBiZSBmb3IgJyR7U05TX0NFUlRJRklDQVRFX0hPU1R9J2ApO1xuICAgIH1cblxuICAgIC8vIENoZWNrIHZhbGlkaXR5IHRpbWVzXG4gICAgaWYgKGN1cnJUaW1lIDwgbmV3IERhdGUoY2VydGlmaWNhdGUudmFsaWRGcm9tKS5nZXRUaW1lKCkpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIkNlcnRpZmljYXRlIG5vdCB2YWxpZCB5ZXRcIik7XG4gICAgfVxuICAgIGlmIChuZXcgRGF0ZShjZXJ0aWZpY2F0ZS52YWxpZFRvKS5nZXRUaW1lKCkgPCBjdXJyVGltZSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFwiQ2VydGlmaWNhdGUgZXhwaXJlZFwiKTtcbiAgICB9XG5cbiAgICB0aGlzLiNjYWNoZWRDZXJ0aWZpY2F0ZXMuc2V0KHVybCwgY2VydGlmaWNhdGUpO1xuICAgIHJldHVybiBjZXJ0aWZpY2F0ZTtcbiAgfVxufVxuIl19
|
package/dist/cjs/src/schema.d.ts
CHANGED
|
@@ -184,7 +184,11 @@ export interface paths {
|
|
|
184
184
|
* Update Key
|
|
185
185
|
* @description Update Key
|
|
186
186
|
*
|
|
187
|
-
* Enable or disable a key. The user must be the owner of the key or
|
|
187
|
+
* Enable or disable a key. The user must be the owner of the key or
|
|
188
|
+
* organization to perform this action.
|
|
189
|
+
*
|
|
190
|
+
* For each requested update, the session must have the corresponding 'manage:key:update:_' scope;
|
|
191
|
+
* if no updates are requested, the session must have 'manage:key:get'.
|
|
188
192
|
*/
|
|
189
193
|
patch: operations["updateKey"];
|
|
190
194
|
};
|
|
@@ -1005,7 +1009,7 @@ export interface components {
|
|
|
1005
1009
|
/** @enum {string} */
|
|
1006
1010
|
BadGatewayErrorCode: "OAuthProviderError";
|
|
1007
1011
|
/** @enum {string} */
|
|
1008
|
-
BadRequestErrorCode: "GenericBadRequest" | "InvalidBody" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyRedundantRule" | "InvalidCreateKeyCount" | "OrgInviteExistingUser" | "OrgNameTaken" | "RoleNameTaken" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "
|
|
1012
|
+
BadRequestErrorCode: "GenericBadRequest" | "InvalidBody" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyRedundantRule" | "InvalidCreateKeyCount" | "OrgInviteExistingUser" | "OrgNameTaken" | "RoleNameTaken" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "UserExportInProgress" | "RoleNotFound" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "UserNotFound" | "PolicyRuleKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "InvalidOrgPolicyRepeatedRule" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "ThirdPartyUserAlreadyExists" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter";
|
|
1009
1013
|
/**
|
|
1010
1014
|
* @example {
|
|
1011
1015
|
* "message_base64": "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTYK"
|
|
@@ -1093,6 +1097,22 @@ export interface components {
|
|
|
1093
1097
|
/** @description Session ID */
|
|
1094
1098
|
session_id: string;
|
|
1095
1099
|
};
|
|
1100
|
+
/** @description Fields that are common to different types of resources such as keys */
|
|
1101
|
+
CommonFields: {
|
|
1102
|
+
created?: components["schemas"]["EpochDateTime"] | null;
|
|
1103
|
+
last_modified?: components["schemas"]["EpochDateTime"] | null;
|
|
1104
|
+
/**
|
|
1105
|
+
* @description User-defined metadata. When rendering (e.g., in the browser) you should treat
|
|
1106
|
+
* it as untrusted user data (and avoid injecting metadata into HTML directly) if
|
|
1107
|
+
* untrusted users can create/update keys (or their metadata).
|
|
1108
|
+
*/
|
|
1109
|
+
metadata?: unknown;
|
|
1110
|
+
/**
|
|
1111
|
+
* Format: int64
|
|
1112
|
+
* @description Version of this object
|
|
1113
|
+
*/
|
|
1114
|
+
version?: number;
|
|
1115
|
+
};
|
|
1096
1116
|
ConfiguredMfa: {
|
|
1097
1117
|
/** @enum {string} */
|
|
1098
1118
|
type: "totp";
|
|
@@ -1106,10 +1126,10 @@ export interface components {
|
|
|
1106
1126
|
};
|
|
1107
1127
|
CreateAndUpdateKeyProperties: {
|
|
1108
1128
|
/**
|
|
1109
|
-
* @description Set this key's metadata.
|
|
1110
|
-
*
|
|
1129
|
+
* @description Set this key's metadata. If this value is `null`, the metadata is erased. If the field is
|
|
1130
|
+
* missing, the metadata remains unchanged.
|
|
1111
1131
|
*/
|
|
1112
|
-
metadata?:
|
|
1132
|
+
metadata?: unknown;
|
|
1113
1133
|
/**
|
|
1114
1134
|
* @description Specify a user other than themselves to be the (potentially new) owner of the key.
|
|
1115
1135
|
* The specified owner must be an existing user who is a member of the same org.
|
|
@@ -1854,7 +1874,7 @@ export interface components {
|
|
|
1854
1874
|
*/
|
|
1855
1875
|
role_id: string;
|
|
1856
1876
|
};
|
|
1857
|
-
KeyInfo: {
|
|
1877
|
+
KeyInfo: components["schemas"]["CommonFields"] & {
|
|
1858
1878
|
derivation_info?: components["schemas"]["KeyDerivationInfo"] | null;
|
|
1859
1879
|
/** @description Whether the key is enabled (only enabled keys may be used for signing) */
|
|
1860
1880
|
enabled: boolean;
|
|
@@ -1870,12 +1890,6 @@ export interface components {
|
|
|
1870
1890
|
* @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
|
|
1871
1891
|
*/
|
|
1872
1892
|
material_id: string;
|
|
1873
|
-
/**
|
|
1874
|
-
* @description User-defined metadata. When rendering (e.g., in the browser) you should treat
|
|
1875
|
-
* it as untrusted user data (and avoid injecting metadata into HTML directly) if
|
|
1876
|
-
* untrusted users can create/update keys (or their metadata).
|
|
1877
|
-
*/
|
|
1878
|
-
metadata?: string;
|
|
1879
1893
|
/**
|
|
1880
1894
|
* @description Owner of the key
|
|
1881
1895
|
* @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
|
|
@@ -2895,6 +2909,11 @@ export interface components {
|
|
|
2895
2909
|
* Once disabled, a key cannot be used for signing.
|
|
2896
2910
|
*/
|
|
2897
2911
|
enabled?: boolean | null;
|
|
2912
|
+
/**
|
|
2913
|
+
* Format: int64
|
|
2914
|
+
* @description If set, updating the metadata only succeeds if the version matches this value.
|
|
2915
|
+
*/
|
|
2916
|
+
version?: number | null;
|
|
2898
2917
|
};
|
|
2899
2918
|
UpdateOrgRequest: {
|
|
2900
2919
|
/** @description If set, update this org's `enabled` field to this value. */
|
|
@@ -3152,10 +3171,10 @@ export interface components {
|
|
|
3152
3171
|
};
|
|
3153
3172
|
UserInOrgInfo: {
|
|
3154
3173
|
/**
|
|
3155
|
-
* @description The user's email
|
|
3174
|
+
* @description The user's email (optional)
|
|
3156
3175
|
* @example alice@example.com
|
|
3157
3176
|
*/
|
|
3158
|
-
email
|
|
3177
|
+
email?: string | null;
|
|
3159
3178
|
/**
|
|
3160
3179
|
* @description The id of the user
|
|
3161
3180
|
* @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
|
|
@@ -3185,7 +3204,7 @@ export interface components {
|
|
|
3185
3204
|
* @description Optional email
|
|
3186
3205
|
* @example alice@example.com
|
|
3187
3206
|
*/
|
|
3188
|
-
email
|
|
3207
|
+
email?: string | null;
|
|
3189
3208
|
/** @description All multi-factor authentication methods configured for this user */
|
|
3190
3209
|
mfa: components["schemas"]["ConfiguredMfa"][];
|
|
3191
3210
|
/** @description MFA policy, applies before logging in and other sensitive operations */
|
|
@@ -3450,7 +3469,7 @@ export interface components {
|
|
|
3450
3469
|
};
|
|
3451
3470
|
KeyInfo: {
|
|
3452
3471
|
content: {
|
|
3453
|
-
"application/json": {
|
|
3472
|
+
"application/json": components["schemas"]["CommonFields"] & {
|
|
3454
3473
|
derivation_info?: components["schemas"]["KeyDerivationInfo"] | null;
|
|
3455
3474
|
/** @description Whether the key is enabled (only enabled keys may be used for signing) */
|
|
3456
3475
|
enabled: boolean;
|
|
@@ -3466,12 +3485,6 @@ export interface components {
|
|
|
3466
3485
|
* @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
|
|
3467
3486
|
*/
|
|
3468
3487
|
material_id: string;
|
|
3469
|
-
/**
|
|
3470
|
-
* @description User-defined metadata. When rendering (e.g., in the browser) you should treat
|
|
3471
|
-
* it as untrusted user data (and avoid injecting metadata into HTML directly) if
|
|
3472
|
-
* untrusted users can create/update keys (or their metadata).
|
|
3473
|
-
*/
|
|
3474
|
-
metadata?: string;
|
|
3475
3488
|
/**
|
|
3476
3489
|
* @description Owner of the key
|
|
3477
3490
|
* @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
|
|
@@ -4020,7 +4033,7 @@ export interface components {
|
|
|
4020
4033
|
* @description Optional email
|
|
4021
4034
|
* @example alice@example.com
|
|
4022
4035
|
*/
|
|
4023
|
-
email
|
|
4036
|
+
email?: string | null;
|
|
4024
4037
|
/** @description All multi-factor authentication methods configured for this user */
|
|
4025
4038
|
mfa: components["schemas"]["ConfiguredMfa"][];
|
|
4026
4039
|
/** @description MFA policy, applies before logging in and other sensitive operations */
|
|
@@ -4633,7 +4646,11 @@ export interface operations {
|
|
|
4633
4646
|
* Update Key
|
|
4634
4647
|
* @description Update Key
|
|
4635
4648
|
*
|
|
4636
|
-
* Enable or disable a key. The user must be the owner of the key or
|
|
4649
|
+
* Enable or disable a key. The user must be the owner of the key or
|
|
4650
|
+
* organization to perform this action.
|
|
4651
|
+
*
|
|
4652
|
+
* For each requested update, the session must have the corresponding 'manage:key:update:_' scope;
|
|
4653
|
+
* if no updates are requested, the session must have 'manage:key:get'.
|
|
4637
4654
|
*/
|
|
4638
4655
|
updateKey: {
|
|
4639
4656
|
parameters: {
|