Skip to main content

browser_protocol/webauthn/
mod.rs

1//! This domain allows configuring virtual authenticators to test the WebAuthn
2//! API.
3
4use serde::{Serialize, Deserialize};
5
6
7pub type AuthenticatorId = String;
8
9
10#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
11pub enum AuthenticatorProtocol {
12    #[default]
13    U2f,
14    Ctap2,
15}
16
17
18#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
19pub enum Ctap2Version {
20    #[default]
21    Ctap20,
22    Ctap21,
23    Ctap22,
24}
25
26
27#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
28pub enum AuthenticatorTransport {
29    #[default]
30    Usb,
31    Nfc,
32    Ble,
33    Cable,
34    Internal,
35}
36
37
38#[derive(Debug, Clone, Serialize, Deserialize, Default)]
39#[serde(rename_all = "camelCase")]
40pub struct VirtualAuthenticatorOptions {
41
42    pub protocol: AuthenticatorProtocol,
43    /// Defaults to ctap2_0. Ignored if |protocol| == u2f.
44
45    #[serde(skip_serializing_if = "Option::is_none")]
46    pub ctap2Version: Option<Ctap2Version>,
47
48    pub transport: AuthenticatorTransport,
49    /// Defaults to false.
50
51    #[serde(skip_serializing_if = "Option::is_none")]
52    pub hasResidentKey: Option<bool>,
53    /// Defaults to false.
54
55    #[serde(skip_serializing_if = "Option::is_none")]
56    pub hasUserVerification: Option<bool>,
57    /// If set to true, the authenticator will support the largeBlob extension.
58    /// <https://w3c.github.io/webauthn#largeBlob>
59    /// Defaults to false.
60
61    #[serde(skip_serializing_if = "Option::is_none")]
62    pub hasLargeBlob: Option<bool>,
63    /// If set to true, the authenticator will support the credBlob extension.
64    /// <https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-credBlob-extension>
65    /// Defaults to false.
66
67    #[serde(skip_serializing_if = "Option::is_none")]
68    pub hasCredBlob: Option<bool>,
69    /// If set to true, the authenticator will support the minPinLength extension.
70    /// <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-minpinlength-extension>
71    /// Defaults to false.
72
73    #[serde(skip_serializing_if = "Option::is_none")]
74    pub hasMinPinLength: Option<bool>,
75    /// If set to true, the authenticator will support the prf extension.
76    /// <https://w3c.github.io/webauthn/#prf-extension>
77    /// Defaults to false.
78
79    #[serde(skip_serializing_if = "Option::is_none")]
80    pub hasPrf: Option<bool>,
81    /// If set to true, the authenticator will support the hmac-secret extension.
82    /// <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-hmac-secret-extension>
83    /// Defaults to false.
84
85    #[serde(skip_serializing_if = "Option::is_none")]
86    pub hasHmacSecret: Option<bool>,
87    /// If set to true, the authenticator will support the hmac-secret-mc extension.
88    /// <https://fidoalliance.org/specs/fido-v2.2-rd-20241003/fido-client-to-authenticator-protocol-v2.2-rd-20241003.html#sctn-hmac-secret-make-cred-extension>
89    /// Defaults to false.
90
91    #[serde(skip_serializing_if = "Option::is_none")]
92    pub hasHmacSecretMc: Option<bool>,
93    /// If set to true, tests of user presence will succeed immediately.
94    /// Otherwise, they will not be resolved. Defaults to true.
95
96    #[serde(skip_serializing_if = "Option::is_none")]
97    pub automaticPresenceSimulation: Option<bool>,
98    /// Sets whether User Verification succeeds or fails for an authenticator.
99    /// Defaults to false.
100
101    #[serde(skip_serializing_if = "Option::is_none")]
102    pub isUserVerified: Option<bool>,
103    /// Credentials created by this authenticator will have the backup
104    /// eligibility (BE) flag set to this value. Defaults to false.
105    /// <https://w3c.github.io/webauthn/#sctn-credential-backup>
106
107    #[serde(skip_serializing_if = "Option::is_none")]
108    pub defaultBackupEligibility: Option<bool>,
109    /// Credentials created by this authenticator will have the backup state
110    /// (BS) flag set to this value. Defaults to false.
111    /// <https://w3c.github.io/webauthn/#sctn-credential-backup>
112
113    #[serde(skip_serializing_if = "Option::is_none")]
114    pub defaultBackupState: Option<bool>,
115}
116
117
118#[derive(Debug, Clone, Serialize, Deserialize, Default)]
119#[serde(rename_all = "camelCase")]
120pub struct Credential {
121
122    pub credentialId: String,
123
124    pub isResidentCredential: bool,
125    /// Relying Party ID the credential is scoped to. Must be set when adding a
126    /// credential.
127
128    #[serde(skip_serializing_if = "Option::is_none")]
129    pub rpId: Option<String>,
130    /// The ECDSA P-256 private key in PKCS#8 format. (Encoded as a base64 string when passed over JSON)
131
132    pub privateKey: String,
133    /// An opaque byte sequence with a maximum size of 64 bytes mapping the
134    /// credential to a specific user. (Encoded as a base64 string when passed over JSON)
135
136    #[serde(skip_serializing_if = "Option::is_none")]
137    pub userHandle: Option<String>,
138    /// Signature counter. This is incremented by one for each successful
139    /// assertion.
140    /// See <https://w3c.github.io/webauthn/#signature-counter>
141
142    pub signCount: u64,
143    /// The large blob associated with the credential.
144    /// See <https://w3c.github.io/webauthn/#sctn-large-blob-extension> (Encoded as a base64 string when passed over JSON)
145
146    #[serde(skip_serializing_if = "Option::is_none")]
147    pub largeBlob: Option<String>,
148    /// Assertions returned by this credential will have the backup eligibility
149    /// (BE) flag set to this value. Defaults to the authenticator's
150    /// defaultBackupEligibility value.
151
152    #[serde(skip_serializing_if = "Option::is_none")]
153    pub backupEligibility: Option<bool>,
154    /// Assertions returned by this credential will have the backup state (BS)
155    /// flag set to this value. Defaults to the authenticator's
156    /// defaultBackupState value.
157
158    #[serde(skip_serializing_if = "Option::is_none")]
159    pub backupState: Option<bool>,
160    /// The credential's user.name property. Equivalent to empty if not set.
161    /// <https://w3c.github.io/webauthn/#dom-publickeycredentialentity-name>
162
163    #[serde(skip_serializing_if = "Option::is_none")]
164    pub userName: Option<String>,
165    /// The credential's user.displayName property. Equivalent to empty if
166    /// not set.
167    /// <https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-displayname>
168
169    #[serde(skip_serializing_if = "Option::is_none")]
170    pub userDisplayName: Option<String>,
171}
172
173/// Enable the WebAuthn domain and start intercepting credential storage and
174/// retrieval with a virtual authenticator.
175
176#[derive(Debug, Clone, Serialize, Deserialize, Default)]
177#[serde(rename_all = "camelCase")]
178pub struct EnableParams {
179    /// Whether to enable the WebAuthn user interface. Enabling the UI is
180    /// recommended for debugging and demo purposes, as it is closer to the real
181    /// experience. Disabling the UI is recommended for automated testing.
182    /// Supported at the embedder's discretion if UI is available.
183    /// Defaults to false.
184
185    #[serde(skip_serializing_if = "Option::is_none")]
186    pub enableUI: Option<bool>,
187}
188
189/// Creates and adds a virtual authenticator.
190
191#[derive(Debug, Clone, Serialize, Deserialize, Default)]
192#[serde(rename_all = "camelCase")]
193pub struct AddVirtualAuthenticatorParams {
194
195    pub options: VirtualAuthenticatorOptions,
196}
197
198/// Creates and adds a virtual authenticator.
199
200#[derive(Debug, Clone, Serialize, Deserialize, Default)]
201#[serde(rename_all = "camelCase")]
202pub struct AddVirtualAuthenticatorReturns {
203
204    pub authenticatorId: AuthenticatorId,
205}
206
207/// Resets parameters isBogusSignature, isBadUV, isBadUP to false if they are not present.
208
209#[derive(Debug, Clone, Serialize, Deserialize, Default)]
210#[serde(rename_all = "camelCase")]
211pub struct SetResponseOverrideBitsParams {
212
213    pub authenticatorId: AuthenticatorId,
214    /// If isBogusSignature is set, overrides the signature in the authenticator response to be zero.
215    /// Defaults to false.
216
217    #[serde(skip_serializing_if = "Option::is_none")]
218    pub isBogusSignature: Option<bool>,
219    /// If isBadUV is set, overrides the UV bit in the flags in the authenticator response to
220    /// be zero. Defaults to false.
221
222    #[serde(skip_serializing_if = "Option::is_none")]
223    pub isBadUV: Option<bool>,
224    /// If isBadUP is set, overrides the UP bit in the flags in the authenticator response to
225    /// be zero. Defaults to false.
226
227    #[serde(skip_serializing_if = "Option::is_none")]
228    pub isBadUP: Option<bool>,
229}
230
231/// Removes the given authenticator.
232
233#[derive(Debug, Clone, Serialize, Deserialize, Default)]
234#[serde(rename_all = "camelCase")]
235pub struct RemoveVirtualAuthenticatorParams {
236
237    pub authenticatorId: AuthenticatorId,
238}
239
240/// Adds the credential to the specified authenticator.
241
242#[derive(Debug, Clone, Serialize, Deserialize, Default)]
243#[serde(rename_all = "camelCase")]
244pub struct AddCredentialParams {
245
246    pub authenticatorId: AuthenticatorId,
247
248    pub credential: Credential,
249}
250
251/// Returns a single credential stored in the given virtual authenticator that
252/// matches the credential ID.
253
254#[derive(Debug, Clone, Serialize, Deserialize, Default)]
255#[serde(rename_all = "camelCase")]
256pub struct GetCredentialParams {
257
258    pub authenticatorId: AuthenticatorId,
259
260    pub credentialId: String,
261}
262
263/// Returns a single credential stored in the given virtual authenticator that
264/// matches the credential ID.
265
266#[derive(Debug, Clone, Serialize, Deserialize, Default)]
267#[serde(rename_all = "camelCase")]
268pub struct GetCredentialReturns {
269
270    pub credential: Credential,
271}
272
273/// Returns all the credentials stored in the given virtual authenticator.
274
275#[derive(Debug, Clone, Serialize, Deserialize, Default)]
276#[serde(rename_all = "camelCase")]
277pub struct GetCredentialsParams {
278
279    pub authenticatorId: AuthenticatorId,
280}
281
282/// Returns all the credentials stored in the given virtual authenticator.
283
284#[derive(Debug, Clone, Serialize, Deserialize, Default)]
285#[serde(rename_all = "camelCase")]
286pub struct GetCredentialsReturns {
287
288    pub credentials: Vec<Credential>,
289}
290
291/// Removes a credential from the authenticator.
292
293#[derive(Debug, Clone, Serialize, Deserialize, Default)]
294#[serde(rename_all = "camelCase")]
295pub struct RemoveCredentialParams {
296
297    pub authenticatorId: AuthenticatorId,
298
299    pub credentialId: String,
300}
301
302/// Clears all the credentials from the specified device.
303
304#[derive(Debug, Clone, Serialize, Deserialize, Default)]
305#[serde(rename_all = "camelCase")]
306pub struct ClearCredentialsParams {
307
308    pub authenticatorId: AuthenticatorId,
309}
310
311/// Sets whether User Verification succeeds or fails for an authenticator.
312/// The default is true.
313
314#[derive(Debug, Clone, Serialize, Deserialize, Default)]
315#[serde(rename_all = "camelCase")]
316pub struct SetUserVerifiedParams {
317
318    pub authenticatorId: AuthenticatorId,
319
320    pub isUserVerified: bool,
321}
322
323/// Sets whether tests of user presence will succeed immediately (if true) or fail to resolve (if false) for an authenticator.
324/// The default is true.
325
326#[derive(Debug, Clone, Serialize, Deserialize, Default)]
327#[serde(rename_all = "camelCase")]
328pub struct SetAutomaticPresenceSimulationParams {
329
330    pub authenticatorId: AuthenticatorId,
331
332    pub enabled: bool,
333}
334
335/// Allows setting credential properties.
336/// <https://w3c.github.io/webauthn/#sctn-automation-set-credential-properties>
337
338#[derive(Debug, Clone, Serialize, Deserialize, Default)]
339#[serde(rename_all = "camelCase")]
340pub struct SetCredentialPropertiesParams {
341
342    pub authenticatorId: AuthenticatorId,
343
344    pub credentialId: String,
345
346    #[serde(skip_serializing_if = "Option::is_none")]
347    pub backupEligibility: Option<bool>,
348
349    #[serde(skip_serializing_if = "Option::is_none")]
350    pub backupState: Option<bool>,
351}