Merge branch 'RM-3194_key_shares_split' into 'SID'

RM-3194: Separate key-capsules and key-shares openapi yaml files

See merge request cdoc2/cdoc2-openapi!2

Author: taistotr

README.md

@@ -44,6 +44,7 @@ So defining single Maven package repo from `open-eid` is enough for pulling cdoc
 Test that `settings.xml` is properly configured:
 ```bash
 mvn dependency::get -Dartifact=ee.cyber.cdoc2.openapi:cdoc2-key-capsules-openapi:2.1.0:yaml
+mvn dependency::get -Dartifact=ee.cyber.cdoc2.openapi:cdoc2-key-shares-openapi:1.0.0:yaml
 ```
 
 Optionally specifying 
@@ -58,11 +59,18 @@ Or from Maven pom.xml:
             <version>2.1.0</version>
             <type>yaml</type>
         </dependency>
+        <dependency>
+            <groupId>ee.cyber.cdoc2.openapi</groupId>
+            <artifactId>cdoc2-key-shares-openapi</artifactId>
+            <version>1.0.0</version>
+        <type>yaml</type>
+        </dependency>
 ```
 
 Copy into project directory:
 ```bash
 mvn dependency::copy -Dartifact=ee.cyber.cdoc2.openapi:cdoc2-key-capsules-openapi:2.1.0:yaml -DoutputDirectory=./target/openapi
+mvn dependency::copy -Dartifact=ee.cyber.cdoc2.openapi:cdoc2-key-shares-openapi:1.0.0:yaml -DoutputDirectory=./target/openapi
 ```
 
 ### Usage from Java Maven projects for code generation
@@ -101,6 +109,8 @@ where `project.distributionManagement.repository.id` is `<id>` under `<server>`
 In most cases, this parameter will be required for authentication.
 
 Or use maven deploy:deploy-file directly to deploy single file:
+
+cdoc2-key-capsules:
 ```
 mvn deploy:deploy-file \
 -DrepositoryId=github \
@@ -112,13 +122,32 @@ mvn deploy:deploy-file \
 -DartifactId=cdoc2-key-capsules-openapi \
 -Dmaven.deploy.file.skip=false
 ```
+
+cdoc2-key-shares:
+```
+mvn deploy:deploy-file \
+-DrepositoryId=github \
+-Durl=https://maven.pkg.github.com/open-eid/cdoc2-openapi \
+-Dfile=cdoc2-openapi/cdoc2-key-shares-openapi.yaml \
+-Dversion=1.0.0 \
+-Dpackaging=yaml \
+-DgroupId=ee.cyber.cdoc2.openapi \
+-DartifactId=cdoc2-key-shares-openapi \
+-Dmaven.deploy.file.skip=false
+```
 Refer: https://maven.apache.org/plugins/maven-deploy-plugin/deploy-file-mojo.html
 
 ## Delete OpenApi package from local Maven repository
+cdoc2-key-capsules:
 ```
 mvn dependency:purge-local-repository -DmanualInclude=ee.cyber.cdoc2.openapi:cdoc2-key-capsules-openapi
 ```
 
+cdoc2-key-shares:
+```
+mvn dependency:purge-local-repository -DmanualInclude=ee.cyber.cdoc2.openapi:cdoc2-key-shares-openapi
+```
+
 
 
 

cdoc2-key-capsules-openapi.yaml

@@ -3,7 +3,7 @@ info:
   contact:
     url: http://ria.ee
   title: cdoc2-key-capsules
-  version: sid2.1.0
+  version: 2.1.0
   description: API for exchanging CDOC2 ephemeral key material in key capsules
 servers:
   - url: 'https://localhost:8443'
@@ -49,6 +49,7 @@ paths:
       operationId: getCapsuleByTransactionId
       security:
         - mutualTLS: []
+
   /key-capsules:
     post:
       summary: Add Key Capsule
@@ -83,110 +84,6 @@ paths:
       tags:
         - cdoc2-key-capsules
 
-  '/key-shares/{shareId}':
-    get:
-      summary: Get key share for shareId
-      description: Get key share for shareId
-      tags:
-        - cdoc2-key-shares
-      parameters:
-        - name: shareId
-          in: path
-          schema:
-            type: string
-            minLength: 18
-            maxLength: 34
-          required: true
-        - name: X-Auth-Ticket
-          in: header
-          schema:
-            type: string
-            format: byte
-          required: true
-          description: |
-            [Auth ticket](https://gitlab.cyber.ee/id/ee-ria/ria_tender_test_assignment_2023/-/blob/master/exercise-2.3-authentication-multi-server/multi-server-auth-protocol.md?ref_type=heads#cdoc2-autentimispiletid)
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/KeyShare'
-        '400':
-          description: 'Bad request. Client error.'
-        '401':
-          description: 'Unauthorized. No correct auth headers'
-        '404':
-          description: 'Not Found. 404 is also returned, when recipient id in record does not match user id in auth-ticket'
-      operationId: getKeyShareByShareId
-      security:
-        - basicAuth: []
-
-  '/key-shares':
-    post:
-      summary: Add Key Share
-      description: Save a key share and generate share id using secure random. Generated share is returned in Location header
-      operationId: createKeyShare
-      responses:
-        '201':
-          description: Created
-          headers:
-            Location:
-              schema:
-                type: string
-                example: /key-shares/SS0123456789ABCDEF
-              description: 'URI of created resource. ShareId can be extracted from URI as it follows pattern /key-shares/{shareId}'
-        '400':
-          description: 'Bad request. Client error.'
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/KeyShare'
-      security:
-        - basicAuth: []
-      tags:
-        - cdoc2-key-shares
-
-  '/key-shares/{shareId}/nonce':
-    post:
-      description: |
-        Create server nonce for authentication signature.
-      operationId: createNonce
-      parameters:
-        - name: shareId
-          in: path
-          schema:
-            type: string
-            minLength: 18
-            maxLength: 34
-          required: true
-      responses:
-        '200':
-          description: Created
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NonceResponse'
-        '400':
-          description: 'Bad request. Client error.'
-        '403':
-          description: 'Authentication failed'
-        '404':
-          description: 'Not Found. (shareId)'
-      requestBody:
-        required: false
-        content:
-          application/json:
-            schema: #empty request body
-              type: object
-              nullable: true
-      security:
-        - basicAuth: []
-      tags:
-        - cdoc2-key-shares
-
 components:
   schemas:
     Capsule:
@@ -221,56 +118,12 @@ components:
         - recipient_id
         - ephemeral_key_material
         - capsule_type
-
-    KeyShare:
-      title: Key Share
-      type: object
-      properties:
-        share:
-          type: string
-          format: byte
-          minLength: 32
-          maxLength: 128
-          description: Key Share. Binary format is yet to be defined [#RM-55912](https://rm-int.cyber.ee/ito/issues/55912)
-        recipient:
-          type: string
-          minLength: 12
-          maxLength: 32
-          description: |
-            Recipient who can download this share. ETSI319412-1. Example "etsi/PNOEE-48010010101". 
-            In future might support other formats 
-            [etsi/:semantics-identifier](https://github.com/SK-EID/smart-id-documentation/blob/v2/README.md#2322-etsisemantics-identifier)
-      required:
-        - share
-        - recipient
-
-    NonceResponse:
-      title: Nonce response
-      type: object
-      properties:
-        nonce:
-          type: string
-          format: byte
-          minLength: 12
-          maxLength: 16
-          description: 'server nonce for subsequent authentication'
-      required:
-        - nonce
-
   securitySchemes:
     mutualTLS:
       # since mutualTLS is not supported by OAS 3.0.x, then define it as http basic auth. MutualTLS must be implemented
       # manually anyway
       #type: mutualTLS
       type: http
       scheme: basic
-    bearerAuth: # for /key-shares endpoints, long-term token
-      type: http
-      scheme: bearer
-    basicAuth: # temporary solution for initial functionality of /key-shares endpoints
-      type: http
-      scheme: basic
-
 tags:
   - name: cdoc2-key-capsules
-  - name: cdoc2-key-shares