update openapi docs for several endpoints, notably those with PQXDH changes

Co-authored-by: Katherine Yen <katherine@signal.org>

service/src/main/java/org/whispersystems/textsecuregcm/entities/ChangeNumberRequest.java

@@ -8,6 +8,7 @@ package org.whispersystems.textsecuregcm.entities;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
 import io.swagger.v3.oas.annotations.media.Schema;
 import java.util.ArrayList;
 import java.util.List;
@@ -27,8 +28,8 @@ public record ChangeNumberRequest(
         Must not be combined with `recoveryPassword`.""")
     String sessionId,
 
-    @Schema(description="""
-        The recovery password for the new phone number, if using a recovery password to authenticate this request.
+    @Schema(type="string", description="""
+        The base64-encoded recovery password for the new phone number, if using a recovery password to authenticate this request.
         Must not be combined with `sessionId`.""")
     @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class) byte[] recoveryPassword,
 
@@ -43,10 +44,11 @@ public record ChangeNumberRequest(
     @JsonDeserialize(using = IdentityKeyAdapter.Deserializer.class)
     @NotNull IdentityKey pniIdentityKey,
 
-    @Schema(description="""
+    @ArraySchema(
+        arraySchema=@Schema(description="""
         A list of synchronization messages to send to companion devices to supply the private keysManager
         associated with the new identity key and their new prekeys.
-        Exactly one message must be supplied for each enabled device other than the sending (primary) device.""")
+        Exactly one message must be supplied for each enabled device other than the sending (primary) device."""))
     @NotNull @Valid List<@NotNull @Valid IncomingMessage> deviceMessages,
 
     @Schema(description="""

service/src/main/java/org/whispersystems/textsecuregcm/entities/ECPreKey.java

@@ -7,13 +7,23 @@ package org.whispersystems.textsecuregcm.entities;
 
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import io.swagger.v3.oas.annotations.media.Schema;
 import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.whispersystems.textsecuregcm.util.ECPublicKeyAdapter;
 
-public record ECPreKey(long keyId,
-                       @JsonSerialize(using = ECPublicKeyAdapter.Serializer.class)
-                       @JsonDeserialize(using = ECPublicKeyAdapter.Deserializer.class)
-                       ECPublicKey publicKey) implements PreKey<ECPublicKey> {
+public record ECPreKey(
+    @Schema(description="""
+        An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
+        Should not be zero. Should be less than 2^24.
+        """)
+    long keyId,
+
+    @JsonSerialize(using = ECPublicKeyAdapter.Serializer.class)
+    @JsonDeserialize(using = ECPublicKeyAdapter.Deserializer.class)
+    @Schema(type="string", description="""
+        The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded.
+        """)
+    ECPublicKey publicKey) implements PreKey<ECPublicKey> {
 
   @Override
   public byte[] serializedPublicKey() {

service/src/main/java/org/whispersystems/textsecuregcm/entities/ECSignedPreKey.java

@@ -7,21 +7,33 @@ package org.whispersystems.textsecuregcm.entities;
 
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import io.swagger.v3.oas.annotations.media.Schema;
 import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
 import org.whispersystems.textsecuregcm.util.ECPublicKeyAdapter;
 import java.util.Arrays;
 import java.util.Objects;
 
-public record ECSignedPreKey(long keyId,
+public record ECSignedPreKey(
+    @Schema(description="""
+        An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
+        Should not be zero. Should be less than 2^24.
+        """)
+    long keyId,
 
-                             @JsonSerialize(using = ECPublicKeyAdapter.Serializer.class)
-                             @JsonDeserialize(using = ECPublicKeyAdapter.Deserializer.class)
-                             ECPublicKey publicKey,
+    @JsonSerialize(using = ECPublicKeyAdapter.Serializer.class)
+    @JsonDeserialize(using = ECPublicKeyAdapter.Deserializer.class)
+    @Schema(type="string", description="""
+        The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded.
+        """)
+    ECPublicKey publicKey,
 
-                             @JsonSerialize(using = ByteArrayAdapter.Serializing.class)
-                             @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class)
-                             byte[] signature) implements SignedPreKey<ECPublicKey> {
+    @JsonSerialize(using = ByteArrayAdapter.Serializing.class)
+    @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class)
+    @Schema(type="string", description="""
+        The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded.
+        """)
+    byte[] signature) implements SignedPreKey<ECPublicKey> {
 
   @Override
   public byte[] serializedPublicKey() {

service/src/main/java/org/whispersystems/textsecuregcm/entities/KEMSignedPreKey.java

@@ -7,21 +7,34 @@ package org.whispersystems.textsecuregcm.entities;
 
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import io.swagger.v3.oas.annotations.media.Schema;
 import org.signal.libsignal.protocol.kem.KEMPublicKey;
 import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
 import org.whispersystems.textsecuregcm.util.KEMPublicKeyAdapter;
 import java.util.Arrays;
 import java.util.Objects;
 
-public record KEMSignedPreKey(long keyId,
+public record KEMSignedPreKey(
+    @Schema(description="""
+        An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up.
+        Should not be zero. Should be less than 2^24. The owner of this key must be able to determine from the key ID whether this represents
+        a single-use or last-resort key, but another party should *not* be able to tell.
+        """)
+    long keyId,
 
-                              @JsonSerialize(using = KEMPublicKeyAdapter.Serializer.class)
-                              @JsonDeserialize(using = KEMPublicKeyAdapter.Deserializer.class)
-                              KEMPublicKey publicKey,
+    @JsonSerialize(using = KEMPublicKeyAdapter.Serializer.class)
+    @JsonDeserialize(using = KEMPublicKeyAdapter.Deserializer.class)
+    @Schema(type="string", description="""
+        The public key, serialized in libsignal's Kyber1024 public key format and then base64-encoded.
+        """)
+    KEMPublicKey publicKey,
 
-                              @JsonSerialize(using = ByteArrayAdapter.Serializing.class)
-                              @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class)
-                              byte[] signature) implements SignedPreKey<KEMPublicKey> {
+    @JsonSerialize(using = ByteArrayAdapter.Serializing.class)
+    @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class)
+    @Schema(type="string", description="""
+        The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded.
+        """)
+    byte[] signature) implements SignedPreKey<KEMPublicKey> {
 
   @Override
   public byte[] serializedPublicKey() {

service/src/main/java/org/whispersystems/textsecuregcm/entities/PhoneNumberIdentityKeyDistributionRequest.java

@@ -6,6 +6,7 @@
 package org.whispersystems.textsecuregcm.entities;
 
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
 import io.swagger.v3.oas.annotations.media.Schema;
 import java.util.ArrayList;
 import java.util.List;
@@ -24,10 +25,12 @@ public record PhoneNumberIdentityKeyDistributionRequest(
     
     @NotNull
     @Valid
-    @Schema(description="""
-        A list of synchronization messages to send to companion devices to supply the private keysManager
-        associated with the new identity key and their new prekeys.
-        Exactly one message must be supplied for each enabled device other than the sending (primary) device.""")
+    @ArraySchema(
+        arraySchema=@Schema(description="""
+            A list of synchronization messages to send to companion devices to supply the private keys
+            associated with the new identity key and their new prekeys.
+            Exactly one message must be supplied for each enabled device other than the sending (primary) device.
+            """))
     List<@NotNull @Valid IncomingMessage> deviceMessages,
     
     @NotNull
@@ -47,7 +50,7 @@ public record PhoneNumberIdentityKeyDistributionRequest(
 
     @NotNull
     @Valid
-    @Schema(description="The new registration ID to use for the phone-number identity of each device")
+    @Schema(description="The new registration ID to use for the phone-number identity of each device, including this one.")
     Map<Long, Integer> pniRegistrationIds) {
 
   @AssertTrue