Skip to main content

browser_protocol/webauthn/
mod.rs

1//! This domain allows configuring virtual authenticators to test the WebAuthn
2//! API.
3use serde::{Serialize, Deserialize};
4use serde_json::Value as JsonValue;
5
6
7pub type AuthenticatorId = String;
8
9
10#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
11pub enum AuthenticatorProtocol {
12    #[default]
13    U2f,
14    Ctap2,
15}
16
17
18#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
19pub enum Ctap2Version {
20    #[default]
21    Ctap20,
22    Ctap21,
23    Ctap22,
24}
25
26
27#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
28pub enum AuthenticatorTransport {
29    #[default]
30    Usb,
31    Nfc,
32    Ble,
33    Cable,
34    Internal,
35}
36
37
38#[derive(Debug, Clone, Serialize, Deserialize, Default)]
39#[serde(rename_all = "camelCase")]
40pub struct VirtualAuthenticatorOptions {
41
42    pub protocol: AuthenticatorProtocol,
43    /// Defaults to ctap2_0. Ignored if |protocol| == u2f.
44
45    #[serde(skip_serializing_if = "Option::is_none")]
46    pub ctap2Version: Option<Ctap2Version>,
47
48    pub transport: AuthenticatorTransport,
49    /// Defaults to false.
50
51    #[serde(skip_serializing_if = "Option::is_none")]
52    pub hasResidentKey: Option<bool>,
53    /// Defaults to false.
54
55    #[serde(skip_serializing_if = "Option::is_none")]
56    pub hasUserVerification: Option<bool>,
57    /// If set to true, the authenticator will support the largeBlob extension.
58    /// https://w3c.github.io/webauthn#largeBlob
59    /// Defaults to false.
60
61    #[serde(skip_serializing_if = "Option::is_none")]
62    pub hasLargeBlob: Option<bool>,
63    /// If set to true, the authenticator will support the credBlob extension.
64    /// https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-credBlob-extension
65    /// Defaults to false.
66
67    #[serde(skip_serializing_if = "Option::is_none")]
68    pub hasCredBlob: Option<bool>,
69    /// If set to true, the authenticator will support the minPinLength extension.
70    /// https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-minpinlength-extension
71    /// Defaults to false.
72
73    #[serde(skip_serializing_if = "Option::is_none")]
74    pub hasMinPinLength: Option<bool>,
75    /// If set to true, the authenticator will support the prf extension.
76    /// https://w3c.github.io/webauthn/#prf-extension
77    /// Defaults to false.
78
79    #[serde(skip_serializing_if = "Option::is_none")]
80    pub hasPrf: Option<bool>,
81    /// If set to true, the authenticator will support the hmac-secret extension.
82    /// https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-hmac-secret-extension
83    /// Defaults to false.
84
85    #[serde(skip_serializing_if = "Option::is_none")]
86    pub hasHmacSecret: Option<bool>,
87    /// If set to true, the authenticator will support the hmac-secret-mc extension.
88    /// https://fidoalliance.org/specs/fido-v2.2-rd-20241003/fido-client-to-authenticator-protocol-v2.2-rd-20241003.html#sctn-hmac-secret-make-cred-extension
89    /// Defaults to false.
90
91    #[serde(skip_serializing_if = "Option::is_none")]
92    pub hasHmacSecretMc: Option<bool>,
93    /// If set to true, tests of user presence will succeed immediately.
94    /// Otherwise, they will not be resolved. Defaults to true.
95
96    #[serde(skip_serializing_if = "Option::is_none")]
97    pub automaticPresenceSimulation: Option<bool>,
98    /// Sets whether User Verification succeeds or fails for an authenticator.
99    /// Defaults to false.
100
101    #[serde(skip_serializing_if = "Option::is_none")]
102    pub isUserVerified: Option<bool>,
103    /// Credentials created by this authenticator will have the backup
104    /// eligibility (BE) flag set to this value. Defaults to false.
105    /// https://w3c.github.io/webauthn/#sctn-credential-backup
106
107    #[serde(skip_serializing_if = "Option::is_none")]
108    pub defaultBackupEligibility: Option<bool>,
109    /// Credentials created by this authenticator will have the backup state
110    /// (BS) flag set to this value. Defaults to false.
111    /// https://w3c.github.io/webauthn/#sctn-credential-backup
112
113    #[serde(skip_serializing_if = "Option::is_none")]
114    pub defaultBackupState: Option<bool>,
115}
116
117
118#[derive(Debug, Clone, Serialize, Deserialize, Default)]
119#[serde(rename_all = "camelCase")]
120pub struct Credential {
121
122    pub credentialId: String,
123
124    pub isResidentCredential: bool,
125    /// Relying Party ID the credential is scoped to. Must be set when adding a
126    /// credential.
127
128    #[serde(skip_serializing_if = "Option::is_none")]
129    pub rpId: Option<String>,
130    /// The ECDSA P-256 private key in PKCS#8 format. (Encoded as a base64 string when passed over JSON)
131
132    pub privateKey: String,
133    /// An opaque byte sequence with a maximum size of 64 bytes mapping the
134    /// credential to a specific user. (Encoded as a base64 string when passed over JSON)
135
136    #[serde(skip_serializing_if = "Option::is_none")]
137    pub userHandle: Option<String>,
138    /// Signature counter. This is incremented by one for each successful
139    /// assertion.
140    /// See https://w3c.github.io/webauthn/#signature-counter
141
142    pub signCount: u64,
143    /// The large blob associated with the credential.
144    /// See https://w3c.github.io/webauthn/#sctn-large-blob-extension (Encoded as a base64 string when passed over JSON)
145
146    #[serde(skip_serializing_if = "Option::is_none")]
147    pub largeBlob: Option<String>,
148    /// Assertions returned by this credential will have the backup eligibility
149    /// (BE) flag set to this value. Defaults to the authenticator's
150    /// defaultBackupEligibility value.
151
152    #[serde(skip_serializing_if = "Option::is_none")]
153    pub backupEligibility: Option<bool>,
154    /// Assertions returned by this credential will have the backup state (BS)
155    /// flag set to this value. Defaults to the authenticator's
156    /// defaultBackupState value.
157
158    #[serde(skip_serializing_if = "Option::is_none")]
159    pub backupState: Option<bool>,
160    /// The credential's user.name property. Equivalent to empty if not set.
161    /// https://w3c.github.io/webauthn/#dom-publickeycredentialentity-name
162
163    #[serde(skip_serializing_if = "Option::is_none")]
164    pub userName: Option<String>,
165    /// The credential's user.displayName property. Equivalent to empty if
166    /// not set.
167    /// https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-displayname
168
169    #[serde(skip_serializing_if = "Option::is_none")]
170    pub userDisplayName: Option<String>,
171}
172
173/// Enable the WebAuthn domain and start intercepting credential storage and
174/// retrieval with a virtual authenticator.
175
176#[derive(Debug, Clone, Serialize, Deserialize, Default)]
177#[serde(rename_all = "camelCase")]
178pub struct EnableParams {
179    /// Whether to enable the WebAuthn user interface. Enabling the UI is
180    /// recommended for debugging and demo purposes, as it is closer to the real
181    /// experience. Disabling the UI is recommended for automated testing.
182    /// Supported at the embedder's discretion if UI is available.
183    /// Defaults to false.
184
185    #[serde(skip_serializing_if = "Option::is_none")]
186    pub enableUI: Option<bool>,
187}
188
189impl EnableParams { pub const METHOD: &'static str = "WebAuthn.enable"; }
190
191impl crate::CdpCommand for EnableParams {
192    const METHOD: &'static str = "WebAuthn.enable";
193    type Response = crate::EmptyReturns;
194}
195
196#[derive(Debug, Clone, Serialize, Deserialize, Default)]
197pub struct DisableParams {}
198
199impl DisableParams { pub const METHOD: &'static str = "WebAuthn.disable"; }
200
201impl crate::CdpCommand for DisableParams {
202    const METHOD: &'static str = "WebAuthn.disable";
203    type Response = crate::EmptyReturns;
204}
205
206/// Creates and adds a virtual authenticator.
207
208#[derive(Debug, Clone, Serialize, Deserialize, Default)]
209#[serde(rename_all = "camelCase")]
210pub struct AddVirtualAuthenticatorParams {
211
212    pub options: VirtualAuthenticatorOptions,
213}
214
215/// Creates and adds a virtual authenticator.
216
217#[derive(Debug, Clone, Serialize, Deserialize, Default)]
218#[serde(rename_all = "camelCase")]
219pub struct AddVirtualAuthenticatorReturns {
220
221    pub authenticatorId: AuthenticatorId,
222}
223
224impl AddVirtualAuthenticatorParams { pub const METHOD: &'static str = "WebAuthn.addVirtualAuthenticator"; }
225
226impl crate::CdpCommand for AddVirtualAuthenticatorParams {
227    const METHOD: &'static str = "WebAuthn.addVirtualAuthenticator";
228    type Response = AddVirtualAuthenticatorReturns;
229}
230
231/// Resets parameters isBogusSignature, isBadUV, isBadUP to false if they are not present.
232
233#[derive(Debug, Clone, Serialize, Deserialize, Default)]
234#[serde(rename_all = "camelCase")]
235pub struct SetResponseOverrideBitsParams {
236
237    pub authenticatorId: AuthenticatorId,
238    /// If isBogusSignature is set, overrides the signature in the authenticator response to be zero.
239    /// Defaults to false.
240
241    #[serde(skip_serializing_if = "Option::is_none")]
242    pub isBogusSignature: Option<bool>,
243    /// If isBadUV is set, overrides the UV bit in the flags in the authenticator response to
244    /// be zero. Defaults to false.
245
246    #[serde(skip_serializing_if = "Option::is_none")]
247    pub isBadUV: Option<bool>,
248    /// If isBadUP is set, overrides the UP bit in the flags in the authenticator response to
249    /// be zero. Defaults to false.
250
251    #[serde(skip_serializing_if = "Option::is_none")]
252    pub isBadUP: Option<bool>,
253}
254
255impl SetResponseOverrideBitsParams { pub const METHOD: &'static str = "WebAuthn.setResponseOverrideBits"; }
256
257impl crate::CdpCommand for SetResponseOverrideBitsParams {
258    const METHOD: &'static str = "WebAuthn.setResponseOverrideBits";
259    type Response = crate::EmptyReturns;
260}
261
262/// Removes the given authenticator.
263
264#[derive(Debug, Clone, Serialize, Deserialize, Default)]
265#[serde(rename_all = "camelCase")]
266pub struct RemoveVirtualAuthenticatorParams {
267
268    pub authenticatorId: AuthenticatorId,
269}
270
271impl RemoveVirtualAuthenticatorParams { pub const METHOD: &'static str = "WebAuthn.removeVirtualAuthenticator"; }
272
273impl crate::CdpCommand for RemoveVirtualAuthenticatorParams {
274    const METHOD: &'static str = "WebAuthn.removeVirtualAuthenticator";
275    type Response = crate::EmptyReturns;
276}
277
278/// Adds the credential to the specified authenticator.
279
280#[derive(Debug, Clone, Serialize, Deserialize, Default)]
281#[serde(rename_all = "camelCase")]
282pub struct AddCredentialParams {
283
284    pub authenticatorId: AuthenticatorId,
285
286    pub credential: Credential,
287}
288
289impl AddCredentialParams { pub const METHOD: &'static str = "WebAuthn.addCredential"; }
290
291impl crate::CdpCommand for AddCredentialParams {
292    const METHOD: &'static str = "WebAuthn.addCredential";
293    type Response = crate::EmptyReturns;
294}
295
296/// Returns a single credential stored in the given virtual authenticator that
297/// matches the credential ID.
298
299#[derive(Debug, Clone, Serialize, Deserialize, Default)]
300#[serde(rename_all = "camelCase")]
301pub struct GetCredentialParams {
302
303    pub authenticatorId: AuthenticatorId,
304
305    pub credentialId: String,
306}
307
308/// Returns a single credential stored in the given virtual authenticator that
309/// matches the credential ID.
310
311#[derive(Debug, Clone, Serialize, Deserialize, Default)]
312#[serde(rename_all = "camelCase")]
313pub struct GetCredentialReturns {
314
315    pub credential: Credential,
316}
317
318impl GetCredentialParams { pub const METHOD: &'static str = "WebAuthn.getCredential"; }
319
320impl crate::CdpCommand for GetCredentialParams {
321    const METHOD: &'static str = "WebAuthn.getCredential";
322    type Response = GetCredentialReturns;
323}
324
325/// Returns all the credentials stored in the given virtual authenticator.
326
327#[derive(Debug, Clone, Serialize, Deserialize, Default)]
328#[serde(rename_all = "camelCase")]
329pub struct GetCredentialsParams {
330
331    pub authenticatorId: AuthenticatorId,
332}
333
334/// Returns all the credentials stored in the given virtual authenticator.
335
336#[derive(Debug, Clone, Serialize, Deserialize, Default)]
337#[serde(rename_all = "camelCase")]
338pub struct GetCredentialsReturns {
339
340    pub credentials: Vec<Credential>,
341}
342
343impl GetCredentialsParams { pub const METHOD: &'static str = "WebAuthn.getCredentials"; }
344
345impl crate::CdpCommand for GetCredentialsParams {
346    const METHOD: &'static str = "WebAuthn.getCredentials";
347    type Response = GetCredentialsReturns;
348}
349
350/// Removes a credential from the authenticator.
351
352#[derive(Debug, Clone, Serialize, Deserialize, Default)]
353#[serde(rename_all = "camelCase")]
354pub struct RemoveCredentialParams {
355
356    pub authenticatorId: AuthenticatorId,
357
358    pub credentialId: String,
359}
360
361impl RemoveCredentialParams { pub const METHOD: &'static str = "WebAuthn.removeCredential"; }
362
363impl crate::CdpCommand for RemoveCredentialParams {
364    const METHOD: &'static str = "WebAuthn.removeCredential";
365    type Response = crate::EmptyReturns;
366}
367
368/// Clears all the credentials from the specified device.
369
370#[derive(Debug, Clone, Serialize, Deserialize, Default)]
371#[serde(rename_all = "camelCase")]
372pub struct ClearCredentialsParams {
373
374    pub authenticatorId: AuthenticatorId,
375}
376
377impl ClearCredentialsParams { pub const METHOD: &'static str = "WebAuthn.clearCredentials"; }
378
379impl crate::CdpCommand for ClearCredentialsParams {
380    const METHOD: &'static str = "WebAuthn.clearCredentials";
381    type Response = crate::EmptyReturns;
382}
383
384/// Sets whether User Verification succeeds or fails for an authenticator.
385/// The default is true.
386
387#[derive(Debug, Clone, Serialize, Deserialize, Default)]
388#[serde(rename_all = "camelCase")]
389pub struct SetUserVerifiedParams {
390
391    pub authenticatorId: AuthenticatorId,
392
393    pub isUserVerified: bool,
394}
395
396impl SetUserVerifiedParams { pub const METHOD: &'static str = "WebAuthn.setUserVerified"; }
397
398impl crate::CdpCommand for SetUserVerifiedParams {
399    const METHOD: &'static str = "WebAuthn.setUserVerified";
400    type Response = crate::EmptyReturns;
401}
402
403/// Sets whether tests of user presence will succeed immediately (if true) or fail to resolve (if false) for an authenticator.
404/// The default is true.
405
406#[derive(Debug, Clone, Serialize, Deserialize, Default)]
407#[serde(rename_all = "camelCase")]
408pub struct SetAutomaticPresenceSimulationParams {
409
410    pub authenticatorId: AuthenticatorId,
411
412    pub enabled: bool,
413}
414
415impl SetAutomaticPresenceSimulationParams { pub const METHOD: &'static str = "WebAuthn.setAutomaticPresenceSimulation"; }
416
417impl crate::CdpCommand for SetAutomaticPresenceSimulationParams {
418    const METHOD: &'static str = "WebAuthn.setAutomaticPresenceSimulation";
419    type Response = crate::EmptyReturns;
420}
421
422/// Allows setting credential properties.
423/// https://w3c.github.io/webauthn/#sctn-automation-set-credential-properties
424
425#[derive(Debug, Clone, Serialize, Deserialize, Default)]
426#[serde(rename_all = "camelCase")]
427pub struct SetCredentialPropertiesParams {
428
429    pub authenticatorId: AuthenticatorId,
430
431    pub credentialId: String,
432
433    #[serde(skip_serializing_if = "Option::is_none")]
434    pub backupEligibility: Option<bool>,
435
436    #[serde(skip_serializing_if = "Option::is_none")]
437    pub backupState: Option<bool>,
438}
439
440impl SetCredentialPropertiesParams { pub const METHOD: &'static str = "WebAuthn.setCredentialProperties"; }
441
442impl crate::CdpCommand for SetCredentialPropertiesParams {
443    const METHOD: &'static str = "WebAuthn.setCredentialProperties";
444    type Response = crate::EmptyReturns;
445}