# Copyright 2018 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

swagger: '2.0'
info:
  title: "Matrix Federation User Key Management API"
  version: "1.0.0"
host: localhost:8448
schemes:
  - https
basePath: /_matrix/federation/v1
consumes:
  - application/json
produces:
  - application/json
securityDefinitions:
  $ref: definitions/security.yaml
paths:
  "/user/keys/claim":
    post:
      summary: Claims one-time encryption keys for a user.
      description: |-
        Claims one-time keys for use in pre-key messages.
      operationId: claimUserEncryptionKeys
      security:
        - signedRequest: []
      parameters:
        - in: body
          name: body
          type: object
          required: true
          schema:
            type: object
            properties:
              one_time_keys:
                type: object
                description: |-
                  The keys to be claimed. A map from user ID, to a map from
                  device ID to algorithm name.
                additionalProperties:
                  type: object
                  additionalProperties:
                    type: string
                    description: algorithm
                    example: "signed_curve25519"
                example: {
                  "@alice:example.com": {
                    "JLAFKJWSCS": "signed_curve25519"
                  }
                }
            required:
              - one_time_keys
      responses:
        200:
          description: The claimed keys.
          schema:
            type: object
            properties:
              one_time_keys:
                type: object
                description: |-
                  One-time keys for the queried devices. A map from user ID, to a
                  map from devices to a map from ``<algorithm>:<key_id>`` to the key object.

                  See the Client-Server Key Algorithms section for more information on
                  the Key Object format.
                additionalProperties:
                  type: object
                  additionalProperties:
                    type:
                      - string
                      - type: object
                        title: KeyObject
                        properties:
                          key:
                            type: string
                            description: The key, encoded using unpadded base64.
                          signatures:
                            type: object
                            description: |-
                              Signature for the device. Mapped from user ID to signature object.
                            additionalProperties:
                              type: string
                        required: ['key', 'signatures']
                example: {
                  "@alice:example.com": {
                    "JLAFKJWSCS": {
                      "signed_curve25519:AAAAHg": {
                        "key": "zKbLg+NrIjpnagy+pIY6uPL4ZwEG2v+8F9lmgsnlZzs",
                        "signatures": {
                          "@alice:example.com": {
                            "ed25519:JLAFKJWSCS": "FLWxXqGbwrb8SM3Y795eB6OA8bwBcoMZFXBqnTn58AYWZSqiD45tlBVcDa2L7RwdKXebW/VzDlnfVJ+9jok1Bw"
                          }
                        }
                      }
                    }
                  }
                }
            required: ['one_time_keys']
  "/user/keys/query":
    post:
      summary: Download device identity keys.
      description: |-
        Returns the current devices and identity keys for the given users.
      operationId: queryUserEncryptionKeys
      security:
        - signedRequest: []
      parameters:
        - in: body
          name: body
          type: object
          required: true
          schema:
            type: object
            properties:
              device_keys:
                type: object
                description: |-
                  The keys to be downloaded. A map from user ID, to a list of
                  device IDs, or to an empty list to indicate all devices for the
                  corresponding user.
                additionalProperties:
                  type: array
                  items:
                    type: string
                    description: "Device ID"
                example: {
                  "@alice:example.com": []
                }
            required: ['device_keys']
      responses:
        200:
          description: The device information.
          schema:
            type: object
            properties:
              device_keys:
                type: object
                description: |-
                  Information on the queried devices. A map from user ID, to a
                  map from device ID to device information.  For each device,
                  the information returned will be the same as uploaded via
                  ``/keys/upload``, with the addition of an ``unsigned``
                  property.
                additionalProperties:
                  type: object
                  additionalProperties:
                    allOf:
                      - $ref: ../client-server/definitions/device_keys.yaml
                    properties:
                      unsigned:
                        title: UnsignedDeviceInfo
                        type: object
                        description: |-
                          Additional data added to the device key information
                          by intermediate servers, and not covered by the
                          signatures.
                        properties:
                          device_display_name:
                            type: string
                            description:
                              The display name which the user set on the device.
            required: ['device_keys']
          examples:
            application/json: {
              "device_keys": {
                "@alice:example.com": {
                  "JLAFKJWSCS": {
                    "user_id": "@alice:example.com",
                    "device_id": "JLAFKJWSCS",
                    "algorithms": [
                      "m.olm.v1.curve25519-aes-sha2",
                      "m.megolm.v1.aes-sha2"
                    ],
                    "keys": {
                      "curve25519:JLAFKJWSCS": "3C5BFWi2Y8MaVvjM8M22DBmh24PmgR0nPvJOIArzgyI",
                      "ed25519:JLAFKJWSCS": "lEuiRJBit0IG6nUf5pUzWTUEsRVVe/HJkoKuEww9ULI"
                    },
                    "signatures": {
                      "@alice:example.com": {
                        "ed25519:JLAFKJWSCS": "dSO80A01XiigH3uBiDVx/EjzaoycHcjq9lfQX0uWsqxl2giMIiSPR8a4d291W1ihKJL/a+myXS367WT6NAIcBA"
                      }
                    },
                    "unsigned": {
                      "device_display_name": "Alice's mobile phone"
                    }
                  }
                }
              }
            }