stidantic 0.1.3__py3-none-any.whl → 0.2.1__py3-none-any.whl

stidantic/sco.py

@@ -1,32 +1,33 @@
 import ipaddress
-from datetime import datetime
-from annotated_types import Ge, Le
-from typing_extensions import Annotated, TypedDict
-from typing import Any, Literal, Self
+from typing import Annotated, Any, ClassVar, Literal, Self
 
+from annotated_types import Ge, Le
+from pydantic import Field
 from pydantic.functional_serializers import SerializeAsAny
-from pydantic.functional_validators import model_validator
+from pydantic.functional_validators import AfterValidator, model_validator
 from pydantic.types import JsonValue
-from pydantic import Field
+from typing_extensions import TypedDict
 
 from stidantic.types import (
     Extension,
+    Hashes,
+    Identifier,
+    StixBinary,
     StixCore,
     StixObservable,
-    StixBinary,
+    StixTimestamp,
     StixUrl,
-    Hashes,
-    Identifier,
 )
+from stidantic.validators import identifier_of_type
 from stidantic.vocab import (
     EncryptionAlgorithm,
     NetworkSocketAddressFamily,
     NetworkSocketType,
     WindowsIntegrityLevel,
+    WindowsRegistryDatatype,
     WindowsServiceStartType,
     WindowsServiceStatus,
     WindowsServiceType,
-    WindowsRegistryDatatype,
 )
 
 
@@ -59,6 +60,7 @@ class Artifact(StixObservable):
     # Specifies the decryption key for the encrypted binary data (either via payload_bin or url). For example,
     # this may be useful in cases of sharing malware samples, which are often encoded in an encrypted archive.
     decryption_key: str | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["hashes", "payload_bin"]
 
     @model_validator(mode="after")
     def at_least_one_of(self) -> Self:
@@ -75,9 +77,7 @@ class Artifact(StixObservable):
         The url property MUST NOT be present if payload_bin is provided.
         """
         if self.payload_bin and self.url:
-            raise ValueError(
-                "The url property MUST NOT be present if payload_bin is provided"
-            )
+            raise ValueError("The url property MUST NOT be present if payload_bin is provided")
         return self
 
     @model_validator(mode="after")
@@ -95,16 +95,9 @@ class Artifact(StixObservable):
         The decryption_key property MUST NOT be present when the encryption_algorithm property is absent.
         """
         if not self.encryption_algorithm and self.decryption_key:
-            raise ValueError(
-                "The decryption_key MUST NOT be present when the encryption_algorithm property is absent"
-            )
+            raise ValueError("The decryption_key MUST NOT be present when the encryption_algorithm property is absent")
         return self
 
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["hashes", "payload_bin"]
-        }
-
 
 # 6.2 Autonomous System
 class AutonomousSystem(StixObservable):
@@ -120,11 +113,7 @@ class AutonomousSystem(StixObservable):
     name: str | None = None
     # Specifies the name of the Regional Internet Registry (RIR) that assigned the number to the AS.
     rir: str | None = None
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["number"]
-        }
+    id_contributing_properties: ClassVar[list[str] | None] = ["number"]
 
 
 # 6.3 Directory Object
@@ -143,19 +132,22 @@ class Directory(StixObservable):
     # MUST be used instead.
     path_enc: str | None = None
     # Specifies the date/time the directory was created.
-    ctime: datetime | None = None
+    ctime: StixTimestamp | None = None
     # Specifies the date/time the directory was last written to/modified.
-    mtime: datetime | None = None
+    mtime: StixTimestamp | None = None
     # Specifies the date/time the directory was last accessed.
-    atime: datetime | None = None
+    atime: StixTimestamp | None = None
     # Specifies a list of references to other File and/or Directory objects contained within the directory.
-    # The objects referenced in this list MUST be of type file or directory.
-    contains_refs: list[Identifier] | None = None
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["path"]
-        }
+    contains_refs: (
+        list[
+            Annotated[
+                Identifier,
+                AfterValidator(identifier_of_type("file", "directory")),
+            ]
+        ]
+        | None
+    ) = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["path"]
 
 
 # 6.4 Domain Name Object
@@ -174,14 +166,16 @@ class DomainName(StixObservable):
     # domain and sub-domain contained within the domain name MUST conform to [RFC5890].
     value: str
     # Specifies a list of references to one or more IP addresses or domain names that the domain name resolves to.
-    # The objects referenced in this list MUST be of type ipv4-addr or ipv6-addr or domain-name
-    # (for cases such as CNAME records).
-    resolves_to_refs: list[Identifier] | None = None
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["value"]
-        }
+    resolves_to_refs: (
+        list[
+            Annotated[
+                Identifier,
+                AfterValidator(identifier_of_type("ipv4-addr", "ipv6-addr", "domain-name")),
+            ]
+        ]
+        | None
+    ) = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["value"]
 
 
 # 6.5 Email Address Object
@@ -198,13 +192,8 @@ class EmailAddress(StixObservable):
     # This property corresponds to the display-name construction in section 3.4 of [RFC5322].
     display_name: str | None = None
     # Specifies the user account that the email address belongs to, as a reference to a User Account object.
-    # The object referenced in this property MUST be of type user-account.
-    belongs_to_ref: Identifier | None = None
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["value"]
-        }
+    belongs_to_ref: Annotated[Identifier, AfterValidator(identifier_of_type("user-account"))] | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["value"]
 
 
 # 6.6.2 Email MIME Component Type
@@ -223,11 +212,10 @@ class EmailMimeComponent(StixCore):
     body: str | None = None
     # Specifies the contents of non-textual MIME parts, that is those whose content_type does not start with text/,
     # as a reference to an Artifact object or File object.
-    # The object referenced in this property MUST be of type artifact or file.
     # For use cases where conveying the actual data contained in the MIME part is of primary importance,
     # artifact SHOULD be used. Otherwise, for use cases where conveying metadata about the file-like properties of the
     # MIME part is of primary importance, file SHOULD be used.
-    body_raw_ref: Identifier | None = None
+    body_raw_ref: Annotated[Identifier, AfterValidator(identifier_of_type("file", "artifact"))] | None = None
     # Specifies the value of the "Content-Type" header field of the MIME part.
     # Any additional "Content-Type" header field parameters such as charset SHOULD be included in this property.
     content_type: str | None = None
@@ -261,24 +249,24 @@ class EmailMessage(StixObservable):
     # Indicates whether the email body contains multiple MIME parts.
     is_multipart: bool
     # Specifies the date/time that the email message was sent.
-    date: datetime | None = None
+    date: StixTimestamp | None = None
     # Specifies the value of the "Content-Type" header of the email message.
     content_type: str | None = None
     # Specifies the value of the "From:" header of the email message.
     # The "From:" field specifies the author of the message, that is, the mailbox(es) of the person or system
     # responsible for the writing of the message.
-    from_ref: Identifier | None = None
+    from_ref: Annotated[Identifier, AfterValidator(identifier_of_type("email-addr"))] | None = None
     # Specifies the value of the "Sender" field of the email message.
     # The "Sender:" field specifies the mailbox of the agent responsible for the actual transmission of the message.
-    sender_ref: Identifier | None = None
+    sender_ref: Annotated[Identifier, AfterValidator(identifier_of_type("email-addr"))] | None = None
     # Specifies the mailboxes that are "To:" recipients of the email message.
-    to_refs: list[Identifier] | None = None
+    to_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("email-addr"))]] | None = None
     # Specifies the mailboxes that are "CC:" recipients of the email message.
-    cc_refs: list[Identifier] | None = None
+    cc_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("email-addr"))]] | None = None
     # Specifies the mailboxes that are "BCC:" recipients of the email message.
     # As per [RFC5322], the absence of this property should not be interpreted as semantically equivalent to an absent
     # BCC header on the message being characterized.
-    bcc_refs: list[Identifier] | None = None
+    bcc_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("email-addr"))]] | None = None
     # Specifies the Message-ID field of the email message.
     message_id: str | None = None
     # Specifies the subject of the email message.
@@ -297,8 +285,9 @@ class EmailMessage(StixObservable):
     # Specifies a list of the MIME parts that make up the email body.
     body_multipart: list[EmailMimeComponent] | None = None
     # Specifies the raw binary contents of the email message, including both the headers and body, as a reference
-    # to an Artifact object. The object referenced in this property MUST be of type artifact.
-    raw_email_ref: Identifier | None = None
+    # to an Artifact object.
+    raw_email_ref: Annotated[Identifier, AfterValidator(identifier_of_type("artifact"))] | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["from_ref", "subject", "body"]
 
     @model_validator(mode="after")
     def validate_body(self) -> Self:
@@ -312,11 +301,6 @@ class EmailMessage(StixObservable):
             raise ValueError("body_multipart MUST NOT be used if is_multipart is false")
         return self
 
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["from_ref", "subject", "body"]
-        }
-
 
 # 6.7.2 Archive File Extension
 class ArchiveFileExtension(Extension):
@@ -327,8 +311,8 @@ class ArchiveFileExtension(Extension):
     """
 
     # This property specifies the files that are contained in the archive. It MUST contain references to one or more
-    # File objects. The objects referenced in this list MUST be of type file or directory.
-    contains_refs: list[Identifier]
+    # File objects.
+    contains_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("file", "directory"))]]
     # Specifies a comment included as part of the archive file.
     comment: str | None = None
 
@@ -547,7 +531,7 @@ class WindowsPEOptionalHeader(StixCore):
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         An object using the Windows PE Optional Header Type MUST contain at least one property from this type.
         """
@@ -584,7 +568,7 @@ class WindowsPEBinaryExtension(Extension):
     number_of_sections: Annotated[int, Ge(0)] | None = None
     # Specifies the time when the PE binary was created.
     # The timestamp value MUST be precise to the second.
-    time_date_stamp: datetime | None = None
+    time_date_stamp: StixTimestamp | None = None
     # Specifies the file offset of the COFF symbol table.
     pointer_to_symbol_table_hex: str | None = None
     # Specifies the number of entries in the symbol table of the PE binary, as a non-negative integer.
@@ -653,19 +637,25 @@ class File(StixObservable):
     # interoperability.
     mime_type: str | None = None
     # Specifies the date/time the file was created.
-    ctime: datetime | None = None
+    ctime: StixTimestamp | None = None
     # Specifies the date/time the file was last written to/modified.
-    mtime: datetime | None = None
+    mtime: StixTimestamp | None = None
     # Specifies the date/time the file was last accessed.
-    atime: datetime | None = None
+    atime: StixTimestamp | None = None
     # Specifies the parent directory of the file, as a reference to a Directory object.
-    parent_directory_ref: Identifier | None = None
+    parent_directory_ref: Annotated[Identifier, AfterValidator(identifier_of_type("directory"))] | None = None
     # Specifies a list of references to other Cyber-observable Objects contained within the file, such as another file
     # that is appended to the end of the file, or an IP address that is contained somewhere in the file.
     # This is intended for use cases other than those targeted by the Archive extension.
     contains_refs: list[Identifier] | None = None
     # Specifies the content of the file, represented as an Artifact object.
-    content_ref: Identifier | None = None
+    content_ref: Annotated[Identifier, AfterValidator(identifier_of_type("artifact"))] | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = [
+        "hashes",
+        "name",
+        "extensions",
+        "parent_directory_ref",
+    ]
 
     @model_validator(mode="after")
     def at_least_one_of(self) -> Self:
@@ -676,16 +666,6 @@ class File(StixObservable):
             raise ValueError("At least one of hashes or name must be present.")
         return self
 
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": [
-                "hashes",
-                "name",
-                "extensions",
-                "parent_directory_ref",
-            ]
-        }
-
 
 # 6.8 IPv4 Address Object
 class IPv4Address(StixObservable):
@@ -699,14 +679,10 @@ class IPv4Address(StixObservable):
     value: ipaddress.IPv4Address | ipaddress.IPv4Network
     # Specifies a list of references to one or more Layer 2 Media Access Control (MAC) addresses that the IPv4
     # address resolves to.
-    resolves_to_refs: list[Identifier] | None = None
+    resolves_to_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("mac-addr"))]] | None = None
     # Specifies a list of references to one or more autonomous systems (AS) that the IPv4 address belongs to.
-    belongs_to_refs: list[Identifier] | None = None
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["value"]
-        }
+    belongs_to_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("autonomous-system"))]] | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["value"]
 
 
 # 6.9 IPv6 Address Object
@@ -721,14 +697,10 @@ class IPv6Address(StixObservable):
     value: ipaddress.IPv6Address | ipaddress.IPv6Network
     # Specifies a list of references to one or more Layer 2 Media Access Control (MAC) addresses that the IPv6
     # address resolves to.
-    resolves_to_refs: list[Identifier] | None = None
+    resolves_to_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("mac-addr"))]] | None = None
     # Specifies a list of references to one or more autonomous systems (AS) that the IPv6 address belongs to.
-    belongs_to_refs: list[Identifier] | None = None
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["value"]
-        }
+    belongs_to_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("autonomous-system"))]] | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["value"]
 
 
 # 6.10 MAC Address Object
@@ -743,11 +715,7 @@ class MACAddress(StixObservable):
     # include leading zeros for each octet.
     # TODO: check the following regex: ^([0-9a-f]{2}:){5}[0-9a-f]{2}$
     value: str
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["value"]
-        }
+    id_contributing_properties: ClassVar[list[str] | None] = ["value"]
 
 
 # 6.11 Mutex Object
@@ -759,11 +727,7 @@ class Mutex(StixObservable):
     type: Literal["mutex"] = "mutex"  # pyright: ignore[reportIncompatibleVariableOverride]
     # Specifies the name of the mutex object.
     name: str
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["name"]
-        }
+    id_contributing_properties: ClassVar[list[str] | None] = ["name"]
 
 
 # 6.12.2 HTTP Request Extension
@@ -788,7 +752,7 @@ class HTTPRequestExtension(Extension):
     # Specifies the length of the HTTP message body, if included, in bytes.
     message_body_length: int | None = None
     # Specifies the data contained in the HTTP message body, if included.
-    message_body_data_ref: Identifier | None = None
+    message_body_data_ref: Annotated[Identifier, AfterValidator(identifier_of_type("artifact"))] | None = None
 
 
 # 6.12.3 ICMP Extension
@@ -897,19 +861,21 @@ class NetworkTraffic(StixObservable):
     # The corresponding dictionary values MUST contain the contents of the extension instance.
     extensions: NetworkTrafficExtensions | None = None  # pyright: ignore[reportIncompatibleVariableOverride]
     # Specifies the date/time the network traffic was initiated, if known.
-    start: datetime | None = None
+    start: StixTimestamp | None = None
     # Specifies the date/time the network traffic ended, if known.
-    end: datetime | None = None
+    end: StixTimestamp | None = None
     # Indicates whether the network traffic is still ongoing.
     is_active: bool | None = None
     # Specifies the source of the network traffic, as a reference to a Cyber-observable Object.
-    # The object referenced MUST be of type ipv4-addr, ipv6-addr, mac-addr, or domain-name
-    # (for cases where the IP address for a domain name is unknown).
-    src_ref: Identifier | None = None
+    src_ref: (
+        Annotated[Identifier, AfterValidator(identifier_of_type("ipv4-addr", "ipv6-addr", "mac-addr", "domain-name"))]
+        | None
+    ) = None
     # Specifies the destination of the network traffic, as a reference to a Cyber-observable Object.
-    # The object referenced MUST be of type ipv4-addr, ipv6-addr, mac-addr, or domain-name
-    # (for cases where the IP address for a domain name is unknown).
-    dst_ref: Identifier | None = None
+    dst_ref: (
+        Annotated[Identifier, AfterValidator(identifier_of_type("ipv4-addr", "ipv6-addr", "mac-addr", "domain-name"))]
+        | None
+    ) = None
     # Specifies the source port used in the network traffic, as an integer.
     src_port: Annotated[int, Ge(0), Le(65535)] | None = None
     # Specifies the destination port used in the network traffic, as an integer.
@@ -940,13 +906,31 @@ class NetworkTraffic(StixObservable):
     # as well as a valid IPFIX property.
     ipfix: dict[str, int | str] | None = None
     # Specifies the bytes sent from the source to the destination.
-    src_payload_ref: Identifier | None = None
+    src_payload_ref: Annotated[Identifier, AfterValidator(identifier_of_type("artifact"))] | None = None
     # Specifies the bytes sent from the destination to the source.
-    dst_payload_ref: Identifier | None = None
+    dst_payload_ref: Annotated[Identifier, AfterValidator(identifier_of_type("artifact"))] | None = None
     # Links to other network-traffic objects encapsulated by this network-traffic object.
-    encapsulates_refs: list[Identifier] | None = None
+    encapsulates_refs: (
+        list[
+            Annotated[
+                Identifier,
+                AfterValidator(identifier_of_type("network-traffic")),
+            ]
+        ]
+        | None
+    ) = None
     # Links to another network-traffic object which encapsulates this object.
-    encapsulated_by_ref: Identifier | None = None
+    encapsulated_by_ref: Annotated[Identifier, AfterValidator(identifier_of_type("network-traffic"))] | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = [
+        "start",
+        "end",
+        "src_ref",
+        "dst_ref",
+        "src_port",
+        "dst_port",
+        "protocols",
+        "extensions",
+    ]
 
     @model_validator(mode="after")
     def validate_end(self) -> Self:
@@ -956,9 +940,7 @@ class NetworkTraffic(StixObservable):
         If the is_active property is true, then the end property MUST NOT be included.
         """
         if self.is_active and self.end is not None:
-            raise ValueError(
-                "The end property MUST NOT be included if is_active is true"
-            )
+            raise ValueError("The end property MUST NOT be included if is_active is true")
         if self.start and self.end and self.start > self.end:
             raise ValueError("The end property MUST be greater than or equal to start")
         return self
@@ -973,20 +955,6 @@ class NetworkTraffic(StixObservable):
             raise ValueError("At least one of src_ref or dst_ref must be present")
         return self
 
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": [
-                "start",
-                "end",
-                "src_ref",
-                "dst_ref",
-                "src_port",
-                "dst_port",
-                "protocols",
-                "extensions",
-            ]
-        }
-
 
 # 6.13.2 Windows Process Extension
 class WindowsProcessExtension(Extension):
@@ -1018,7 +986,7 @@ class WindowsProcessExtension(Extension):
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         An object using the Windows Process Extension MUST contain at least one property from this extension.
         """
@@ -1050,7 +1018,7 @@ class WindowsServiceExtension(Extension):
     # Specifies the start options defined for the service.
     start_type: WindowsServiceStartType | None = None
     # Specifies the DLLs loaded by the service, as a reference to one or more File objects.
-    service_dll_refs: list[Identifier] | None = None
+    service_dll_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("file"))]] | None = None
     # Specifies the type of the service.
     service_type: WindowsServiceType | None = None
     # Specifies the current status of the service.
@@ -1058,7 +1026,7 @@ class WindowsServiceExtension(Extension):
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         As all properties of this extension are optional, at least one of the properties defined below MUST be
         included when using this extension.
@@ -1101,7 +1069,7 @@ class Process(StixObservable):
     # Specifies the Process ID, or PID, of the process.
     pid: int | None = None
     # Specifies the date/time at which the process was created.
-    created_time: datetime | None = None
+    created_time: StixTimestamp | None = None
     # Specifies the current working directory of the process.
     cwd: str | None = None
     # Specifies the full command line used in executing the process, including the process name (which may be
@@ -1113,20 +1081,28 @@ class Process(StixObservable):
     environment_variables: dict[str, str] | None = None
     # Specifies the list of network connections opened by the process, as a reference to one or more
     # Network Traffic objects.
-    opened_connection_refs: list[Identifier] | None = None
+    opened_connection_refs: (
+        list[
+            Annotated[
+                Identifier,
+                AfterValidator(identifier_of_type("network-traffic")),
+            ]
+        ]
+        | None
+    ) = None
     # Specifies the user that created the process, as a reference to a User Account object.
-    creator_user_ref: Identifier | None = None
+    creator_user_ref: Annotated[Identifier, AfterValidator(identifier_of_type("user-account"))] | None = None
     # Specifies the executable binary that was executed as the process image, as a reference to a File object.
-    image_ref: Identifier | None = None
+    image_ref: Annotated[Identifier, AfterValidator(identifier_of_type("file"))] | None = None
     # Specifies the other process that spawned (i.e. is the parent of) this one, as a reference to a Process object.
-    parent_ref: Identifier | None = None
+    parent_ref: Annotated[Identifier, AfterValidator(identifier_of_type("process"))] | None = None
     # Specifies the other processes that were spawned by (i.e. children of) this process, as a reference to one
     # or more other Process objects.
-    child_refs: list[Identifier] | None = None
+    child_refs: list[Annotated[Identifier, AfterValidator(identifier_of_type("process"))]] | None = None
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         A Process object MUST contain at least one property (other than type)
         from this object (or one of its extensions).
@@ -1163,11 +1139,7 @@ class Software(StixObservable):
     vendor: str | None = None
     # Specifies the version of the software.
     version: str | None = None
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["name", "cpe", "swid", "vendor", "version"]
-        }
+    id_contributing_properties: ClassVar[list[str] | None] = ["name", "cpe", "swid", "vendor", "version"]
 
 
 # 6.15 URL Object
@@ -1180,11 +1152,7 @@ class URL(StixObservable):
     # Specifies the value of the URL. The value of this property MUST conform to [RFC3986], more specifically
     # section 1.1.3 with reference to the definition for "Uniform Resource Locator".
     value: StixUrl
-
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["value"]
-        }
+    id_contributing_properties: ClassVar[list[str] | None] = ["value"]
 
 
 # 6.16.2 UNIX Account Extension
@@ -1207,7 +1175,7 @@ class UnixAccountExtension(Extension):
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         An object using the UNIX Account Extension MUST contain at least one property from this extension.
         """
@@ -1271,19 +1239,20 @@ class UserAccount(StixObservable):
     # Specifies if the account is disabled.
     is_disabled: bool | None = None
     # Specifies when the account was created.
-    account_created: datetime | None = None
+    account_created: StixTimestamp | None = None
     # Specifies the expiration date of the account.
-    account_expires: datetime | None = None
+    account_expires: StixTimestamp | None = None
     # Specifies when the account credential was last changed.
-    credential_last_changed: datetime | None = None
+    credential_last_changed: StixTimestamp | None = None
     # Specifies when the account was first accessed.
-    account_first_login: datetime | None = None
+    account_first_login: StixTimestamp | None = None
     # Specifies when the account was last accessed.
-    account_last_login: datetime | None = None
+    account_last_login: StixTimestamp | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["account_type", "user_id", "account_login"]
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         As all properties of this object are optional, at least one of the properties defined below
         MUST be included when using this object.
@@ -1295,11 +1264,6 @@ class UserAccount(StixObservable):
             raise ValueError("At least one property must be present")
         raise TypeError("Input data must be a dictionary")
 
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["account_type", "user_id", "account_login"]
-        }
-
 
 # 6.17.2 Windows Registry Value Type
 class WindowsRegistryValueType(StixCore):
@@ -1317,7 +1281,7 @@ class WindowsRegistryValueType(StixCore):
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         As all properties of this object are optional, at least one of the properties defined below
         MUST be included when using this object.
@@ -1344,16 +1308,16 @@ class WindowsRegistryKey(StixObservable):
     # fully expanded and not truncated; e.g., HKEY_LOCAL_MACHINE must be used instead of HKLM.
     values: list[WindowsRegistryValueType] | None = None
     # Specifies the last date/time that the registry key was modified.
-    modified_time: datetime | None = None
+    modified_time: StixTimestamp | None = None
     # Specifies a reference to the user account that created the registry key.
-    # The object referenced in this property MUST be of type user-account.
-    creator_user_ref: Identifier | None = None
+    creator_user_ref: Annotated[Identifier, AfterValidator(identifier_of_type("user-account"))] | None = None
     # Specifies the number of subkeys contained under the registry key.
     number_of_subkeys: int | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["key", "values"]
 
     @model_validator(mode="before")
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         As all properties of this object are optional, at least one of the properties defined below
         MUST be included when using this object.
@@ -1365,11 +1329,6 @@ class WindowsRegistryKey(StixObservable):
             raise ValueError("At least one property must be present")
         raise TypeError("Input data must be a dictionary")
 
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["key", "values"]
-        }
-
 
 # 6.18.2 X.509 v3 Extensions Type
 class X509v3ExtensionsType(Extension):
@@ -1420,10 +1379,10 @@ class X509v3ExtensionsType(Extension):
     inhibit_any_policy: str | None = None
     # Specifies the date on which the validity period begins for the private key, if it is different from the
     # validity period of the certificate.
-    private_key_usage_period_not_before: datetime | None = None
+    private_key_usage_period_not_before: StixTimestamp | None = None
     # Specifies the date on which the validity period ends for the private key, if it is different from the
     # validity period of the certificate.
-    private_key_usage_period_not_after: datetime | None = None
+    private_key_usage_period_not_after: StixTimestamp | None = None
     # Specifies a sequence of one or more policy information terms, each of which consists of an object identifier
     # (OID) and optional qualifiers. Also equivalent to the object ID (OID) value of 2.5.29.32.
     certificate_policies: str | None = None
@@ -1433,7 +1392,7 @@ class X509v3ExtensionsType(Extension):
     policy_mappings: str | None = None
 
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         An object using the X.509 v3 Extensions type MUST contain at least one property from this type.
         """
@@ -1467,9 +1426,9 @@ class X509Certificate(StixObservable):
     # Specifies the name of the Certificate Authority that issued the certificate.
     issuer: str | None = None
     # Specifies the date on which the certificate validity period begins.
-    validity_not_before: datetime | None = None
+    validity_not_before: StixTimestamp | None = None
     # Specifies the date on which the certificate validity period ends.
-    validity_not_after: datetime | None = None
+    validity_not_after: StixTimestamp | None = None
     # Specifies the name of the entity associated with the public key stored in the subject public key field of the
     # certificate.
     subject: str | None = None
@@ -1481,9 +1440,10 @@ class X509Certificate(StixObservable):
     subject_public_key_exponent: int | None = None
     # Specifies any standard X.509 v3 extensions that may be used in the certificate.
     x509_v3_extensions: X509v3ExtensionsType | None = None
+    id_contributing_properties: ClassVar[list[str] | None] = ["hashes", "serial_number"]
 
     @classmethod
-    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny]
+    def at_least_one(cls, data: Any) -> Any:  # pyright: ignore[reportExplicitAny, reportAny] # noqa: ANN401
         """
         An X.509 Certificate object MUST contain at least one object specific property (other than type)
         from this object.
@@ -1495,11 +1455,6 @@ class X509Certificate(StixObservable):
             raise ValueError("At least one property must be present")
         raise TypeError("Input data must be a dictionary")
 
-    class Config:
-        json_schema_extra: dict[str, list[str]] = {
-            "id_contributing_properties": ["hashes", "serial_number"]
-        }
-
 
 SCOs = Annotated[
     (